无法在公共IP Oracle Compute Cloud上访问VPS NodeJS服务器 [英] VPS NodeJS server not accessible on public IP Oracle Compute Cloud

问题描述

我正在尝试通过Ubuntu 18.04在Oracle Cloud Compute VPS(永久免费)上建立我的nodejs网站.(在这种情况下，这是一台Oracle服务器似乎非常重要).我可以卷曲localhost(然后它返回HTML)，但是我无法通过PC上的公共ip访问它.

要在端口80的sudo上变通，我应用了:

  sudo apt-get安装libcap2-binsudo setcap'cap_net_bind_service = + ep'`哪个节点` 

它确实在内部运行:

  pm2启动bin/www│ID│名称│模式│↺│状态│CPU│记忆│├────┼────────────────┼──────┼────────┼│0│www│前叉│496│在线│0％│15.5mb | 

pm2日志不返回错误.

sudo netstat -tulpn |grep 80 返回:

  tcp6 0 0 ::: 80 ::: * LISTEN 26444/node/opt/por 

如果您想哦，不，它可以在ipv6上运行，则应在nodejs中添加listen(port，"0.0.0.0")"，我尝试过，然后它在下面返回此值，并且仍然具有相同的问题:

  tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 26487/node/opt/por 

curl localhost 返回我的主页html.问题是通过我的计算机浏览器中的公共ip访问它，因此问题出在Oracle制造的防火墙中.

我发现Oracle已经设置了一些iptables规则.有人只是说:禁用所有这些，但是我发现这样做有一定的安全风险.因此，我只想打开我需要的端口(端口80).因此，我尝试了几乎所有我能找到的命令(下面的命令以及我不记得的更多命令).

  sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPTsudo iptables -A输出-p tcp --sport 80 -j接受iptables -I输入5 -i ens3 -p tcp --dport 80 -m状态-状态NEW，已建立-j接受sudo netfilter持久保存 

我当前的iptables在以下位置可见:须藤iptables -L -n -v

尝试在您的网站运行时再次浏览您的公共IP，它可以正常工作！

有关此内容的更多信息，以及我在哪里找到的，请参见:

https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm#Default

https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securityrules.htm#stateful

I am trying to get my nodejs website up on the Oracle Cloud Compute VPS (forever free) with Ubuntu 18.04. (That it is an Oracle server seems to be very important in this case). I can curl localhost (then it returns the HTML), but I cannot access it via the public ip from my pc.

To work around sudo for port 80, I applied:

sudo apt-get install libcap2-bin
sudo setcap 'cap_net_bind_service=+ep' `which node`

It does run internally:

pm2 start bin/www

│ id │ name               │ mode     │ ↺    │ status    │ cpu      │ memory   │
├────┼────────────────────┼──────────┼──────┼───────────┼──────────┼──────────┤
│ 0  │ www                │ fork     │ 496  │ online    │ 0%       │ 15.5mb   |

pm2 log returns no errors.

sudo netstat -tulpn | grep 80 returns:

tcp6       0      0 :::80                   :::*                    LISTEN      26444/node /opt/por

In case you're thinking "oh no it runs on ipv6, you should add listen(port, "0.0.0.0") in nodejs", I tried, then it returns this below, and still has the same problem:

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      26487/node /opt/por

curl localhost returns my homepage html. Accessing it via the public ip in my computers browser is the problem, so the problem is somewhere in the firewall that Oracle made.

I have found Oracle has set up some iptables rules. Some people just say: disable all of them, but I find that a bit risky for security. Therefore, I want to open just the port I need (port 80). So I tried almost every command I could find to do that (the ones below and many more I cannot remember).

sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
sudo iptables -A OUTPUT -p tcp  --sport 80 -j ACCEPT
iptables -I INPUT 5 -i ens3 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

sudo netfilter-persistent save

My current iptables are visible at: sudo iptables -L -n -v https://pastebin.com/ibqWUqjA

The NAT iptables are visible at: sudo iptables -t nat -L -n -v https://pastebin.com/QGxdTsJ1

I must say, I am no expert on networking. I just know how to set up a basic NodeJs server on a non Oracle Cloud server (my raspberry pie at home, with configurations in my modem). So I have not dealt with iptables and advanced cloud environments to such extent. I tried to read in on the iptables topic by watching videos, and the oracle environment on: https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingpublicIPs.htm However, I must say it is quite an information overload. On the link it says:

• The instance must be in a public subnet. (check)
• The instance must have a public IP address. (also check)
• The instance's VCN must have an internet gateway.(A what? I can't figure out how to check this or do this. Even after more reading.)
• The public subnet must have route tables and security lists configured accordingly. (I guess I tried??)

One stackoverflow post I found with exactly the same problem says: "I’m using oracle cloud. I’ll look into firewall settings outside of the server. ... Thank you. The issue was the firewall setting of the oracle server itself. Issue resolved" (Nodejs on linux not accessible outside Server) But he does not say where :(. I searched a lot for it, but cannot find an option.

Can someone point me in the right direction?

解决方案

There was indeed another spot where the firewall needed to be opened outside of the terminal.

• Go to Compute > Instances
• Click on your Instance name. You will see a detailed page describing a lot of properties.
• Click on the subnet.
• Click on Default Security List for vcn-...
• Add Ingress Rules

Add the following rules:

Try to surf to your public IP again while your site is running, and it works!

For reading more on this, and to see where I found it, see:

https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm#Default

https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securityrules.htm#stateful

这篇关于无法在公共IP Oracle Compute Cloud上访问VPS NodeJS服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！