似乎无法在Ubuntu EC2实例上打开端口8787或3939，但可以打开22和80 [英] Can't seem to open port 8787 or 3939 on an Ubuntu EC2 instance but 22 and 80 opens fine

问题描述

我已阅读此答案但是对于我的一生，我无法弄清楚这一点.

I've read through this answer but for the life of me, I can't figure out this one out.

我有一个运行RStudio服务器和RStudio Connect的Ubuntu 18 EC2实例，均使用默认配置并分别侦听端口8787和3939.

I have an Ubuntu 18 EC2 instance running RStudio Server and RStudio Connect, both using default configuration and listening on ports 8787 and 3939 respectively.

这是我的配置文件:

ubuntu@EC2:~$ cat /etc/rstudio/rserver.conf
# Server Configuration File
#
#

ubuntu@EC2:~$ sudo cat /etc/rstudio-connect/rstudio-connect.gcfg
; RStudio Connect configuration file

[Server]
; SenderEmail is an email address used by RStudio Connect to send outbound
; email. The system will not be able to send administrative email until this
; setting is configured.
;   
; SenderEmail = account@company.com
SenderEmail = 

; Address is a public URL for this RStudio Connect server. Must be configured
; to enable features like including links to your content in emails. If
; Connect is deployed behind an HTTP proxy, this should be the URL for Connect
; in terms of that proxy.
;   
; Address = https://rstudio-connect.company.com
Address =

[HTTP]
; RStudio Connect will listen on this network address for HTTP connections.
Listen = :3939

[Authentication]
; Specifies the type of user authentication.
Provider = password

这是我尝试过的:

1. 为安全性组中的端口8787、3939和所有TCP端口创建了入站规则.

1. Created inbound rules for ports 8787, 3939 and all TCP ports in my security group.

检查了实例所在的子网的网络ACL

Checked the Network ACL for the subnet the instance is on

确保rstudio-server和rstudio-connect可以在所有接口上运行并且在所有接口上运行，而不仅仅是本地主机

Ensured that rstudio-server and rstudio-connect are running and listening on all interfaces and not just localhost

ubuntu@EC2:~$ netstat -ltpn
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8787            0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::8787                 :::*                    LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -                   
tcp6       0      0 :::3939                 :::*                    LISTEN      -

1. 检查ufw是否未激活

ubuntu@EC2:~$ sudo ufw status
Status: inactive

1. 为端口8787创建了iptables规则

ubuntu@EC2:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8787

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

我仍然无法从外部访问端口8787或3939.但是，我可以使用Lynx在主机上访问它们.

I still can't access port 8787 or 3939 externally. However I can access them both on the host using Lynx.

如果我更改RStudio服务器的配置以改为使用端口80，则可以从外部访问它，但不适用于端口8787或3939.

If I change RStudio Server's configuration to have it use port 80 instead, I can access it externally but it doesn't work for ports 8787 or 3939.

任何想法为何以及如何解决?

Any ideas why and how to fix this?

推荐答案

我自己想出了答案.我的配置绝对没有错.打开我的安全组中的所有TCP端口可能有点过大，而且完全没有必要，所以不要这样做.

I just figured out the answer myself. There was absolutely nothing wrong with my configuration. Opening up all the TCP ports in my security group was a bit overkill maybe and entirely unnecessary, so don't do that.

问题在于，我连接的公司网络阻止了某些非标准端口上到外部主机的出站流量.

如果您和我在同一条船上，并且需要在同一EC2实例上托管2个服务，但不知道您的组织不可用/阻止了哪些端口，则可以使用 portquiz.net 来解决它

If you're in the same boat as me and need to host 2 services on the same EC2 instance but don't know which ports are unavailable/blocked by your organization then you could use nmap and portquiz.net to figure it out.

nmap是端口扫描程序，而 portquiz.net 是一种服务，用于侦听所有TCP端口上的连接.您可以使用nmap在您要使用的一系列TCP端口上扫描主机，并查看哪些端口显示为打开状态

nmap is a port scanner and portquiz.net is a service that listens for connections on all TCP ports. You could scan the host using nmap over a range of TCP ports you're interested in using and see which ports show up as open

nmap -v -p0-8000 portquiz.net
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-02 16:47 IST
Initiating Ping Scan at 16:47
Scanning portquiz.net (5.196.70.86) [2 ports]
Completed Ping Scan at 16:47, 0.13s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:47
Completed Parallel DNS resolution of 1 host. at 16:47, 0.14s elapsed
Initiating Connect Scan at 16:47
Scanning portquiz.net (5.196.70.86) [8001 ports]
Discovered open port 22/tcp on 5.196.70.86
Discovered open port 80/tcp on 5.196.70.86
Discovered open port 443/tcp on 5.196.70.86
Discovered open port 21/tcp on 5.196.70.86
Discovered open port 4080/tcp on 5.196.70.86
Completed Connect Scan at 16:48, 84.98s elapsed (8001 total ports)
Nmap scan report for portquiz.net (5.196.70.86)
Host is up (0.13s latency).
rDNS record for 5.196.70.86: electron.positon.org
Not shown: 7996 filtered ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
4080/tcp open  lorica-in

在这里，我已打开 4080 和 80 ，这意味着公司防火墙不会阻止到这些端口的出站流量.将RStudio服务器和RStudio Connect配置为分别在端口80和4080上侦听之后，我现在可以从外部访问这两种服务.

Here, I have 4080 and 80 open so that means the corporate firewall isn't blocking outbound traffic to these ports. After configuring RStudio Server and RStudio Connect to listen on ports 80 and 4080 respectively, I'm now able to access both services externally.

这篇关于似乎无法在Ubuntu EC2实例上打开端口8787或3939，但可以打开22和80的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！