The server program developed by the author recently is deployed on Alibaba Cloud’s ECS cloud server. Some application configuration files need to set listening ports (such as Tomcat’s 8080, 443 ports, etc.), although they are opened through the “firewall” of the CentOs 7 system . After knowing the corresponding port number, I still cannot access the application corresponding to the port number. Later, I learned that it is necessary to set the "security group rules" of the cloud server and open the corresponding port permissions, so that the interface of the server can be truly opened.
Set Alibaba Cloud server security group rules to open ports
CentOs 7 firewall open port
1. Set Alibaba Cloud server security group rules to open ports
Alibaba Cloud official explanation : A security group is a virtual firewall used to set up network access control for a single or multiple cloud servers. It is an important means of network security isolation and is used to divide security domains in the cloud. The instance corresponding to each cloud server belongs to at least one security group, which needs to be specified when it is created.
The specific steps to open the port of Alibaba Cloud server:
Step 1: After logging in to the official website of Alibaba Cloud, go to the home page of the cloud product workbench
Step 2: Click "Cloud Server ECS" in Figure 1 to enter the home page of Cloud Server ECS
Step 3: Click "i-2ze4ef9xk9hkxafq58d9" in Figure 2 to enter the instance details page
Step 4: Click "Configure Security Group Rules" in Figure 3 to enter the security group list where the instance "i-2ze4ef9xk9hkxafq58d9" is located
"Security Group List" : Users can create multiple security groups, see "Create Security Group" in the figure below. Then click "Add Security Group" in Figure 4 "Configure Security Group Rules", select the newly created security group in the pop-up menu, and click "Configure Rules".
Step 5: Click "Configuration Rules" in Figure 4 to enter the configuration page, click [Manually Add], add the port number, and click Save.
Two, CentOs 7 firewall open port
1. View the listening port and process information:
netstat -ntlp
You can see the ports that are being monitored by processes such as tomcat/java, nginx, redis, and mysql. These interfaces need to be enabled through the Alibaba Cloud security group and firewall at the same time to take effect. The screenshot is as follows:
2. Take opening port 80 as an example:
Open port: firewall-cmd --zone=public --add-port=80/tcp --permanent
Restart the firewall: systemctl restart firewalld.service
View the information of the opened ports:
firewall-cmd --list-ports
3. Firewall common commands:
Check the status of the firewall, running means it is running:
firewall-cmd --state
stop order
systemctl stop firewalld.service
start command
systemctl start firewalld.service
restart command
systemctl restart firewalld.service
3. Conclusion
If you are a user of some popular cloud servers (such as Alibaba Cloud or Tencent Cloud) on the market, and you still cannot connect to the port normally even though the system "firewall" has opened the relevant ports, you need to first think about whether you have passed the The "Security Group Configuration Rules" provided by the cloud server have opened ports to avoid accidentally falling into the pit... ^_^