为什么Web Deploy Agent Service会侦听端口80和8172 [英] Why does the Web Deploy Agent Service listen on port 80 and 8172
问题描述
在四个Win Server 2008 R2框中,我们安装了MS Deploy。它侦听端口80和8172,它会引起网络上所有其他材料的疑问,这些材料是关于在IIS 7上运行时如何不需要更改端口80默认值。
<我无法理解。为什么使用BOTH端口?我无法按照说明将其移至8172,因为它已经在那里注册了一些东西。
它导致两个问题:1)我想要的额外攻击面关闭2)它使我们的负载均衡器不会检测IIS何时停止并且客户从MsDepSvc获得404!
这太愚蠢了。
我想想我已经解决了这个问题。
有两个Web部署在世界上。一个安装了Web管理服务(WMSvc),人们称之为Web Deploy,并通过Visual Studio通过:8172 / msdeploy.axd使用它,然后是Web Deploy,这是您允许从公共互联网发布的额外内容。
这一次,我和我的同事以及我在不同公司工作过的人都不必要地安装了Web Deploy,然后甚至没有使用它。 / p>
这是我的理论。现在我将去禁用MsDepSvc并查看它是否成立。
更新1 - 这是不正确的。排序。
在新服务器上,认为Web Deploy内置于WMSvc,我一直从msdeploy.exe获取404.7错误,直到我安装Web部署 - 因为一个名叫理查德的好伙伴说Web部署使用WMSvc注册处理程序。
哈!因此,部署本身不是WMSvc的一部分。在安装Web Deploy之后,您最终会得到两个部署处理程序,一个在WMSvc中,另一个在专用Windows服务MsDepSvc中,您可以禁用MsDepSvc以防止它吸入端口80并欺骗负载均衡器以使服务器运行正常什么时候下来!
On four Win Server 2008 R2 boxes, we have MS Deploy installed. It listens on port 80 and 8172 which throws into doubt all the other material out there on the web about how there's no need to change the port 80 default when running on IIS 7.
I can't understand it. Why is it using BOTH ports? I can't follow the instructions to move it to 8172 since it has something already registered there.
There are two problems it causes: 1) an extra attack surface I want to close 2) it keeps our load-balancer from detecting when IIS is stopped and customers get 404s from MsDepSvc!
It's so stupid.
I think I have worked this out.
There are two Web Deploys in the world. One that is installed with Web Management Service (WMSvc) and people call it Web Deploy anyway and use it via Visual Studio via :8172/msdeploy.axd and then there's Web Deploy, the extra thing you install to allow publishing from the public internet.
All this time, me and my colleagues and people I've worked with at different companies, have all been needlessly installing Web Deploy and then, not even using it.
That's my theory. And now I will go and disable MsDepSvc and see if it holds.
Update 1 - This is incorrect. Sort of.
On a new server, thinking that Web Deploy is built-in to WMSvc, I kept getting 404.7 errors from msdeploy.exe until I installed Web Deploy - because a nice fella named Richard said "Web Deploy registers a handler with WMSvc".
Ha! So deployment is not natively a part of WMSvc. And after installing Web Deploy, you end up with two deployment handlers, one in WMSvc and the other a dedicated Windows Service MsDepSvc and you can disable the MsDepSvc to prevent it sucking on port 80 and fooling your load-balancer into thinking the server is up when its down!
Getting a 404 from WMSvc via MSDeploy.exe
这篇关于为什么Web Deploy Agent Service会侦听端口80和8172的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
