Fatal编程技术网
  • linux/
  • Linux 如何设置iptables以允许Spring Boot应用程序的web流量?

Linux 如何设置iptables以允许Spring Boot应用程序的web流量?

linux spring-boot

Linux 如何设置iptables以允许Spring Boot应用程序的web流量?,linux,spring-boot,vps,iptables,Linux,Spring Boot,Vps,Iptables,我正试图在Arvixe的VPS Lite上托管我的Spring Boot应用程序。没有CPanel,只有命令行 当我启动我的Spring Boot应用程序并导航到服务器的IP地址时,我看到错误连接错误 这是我的iptables配置。我按照这里找到的步骤走 以下是上面创建的策略 Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere

我正试图在Arvixe的VPS Lite上托管我的Spring Boot应用程序。没有CPanel,只有命令行

当我启动我的Spring Boot应用程序并导航到服务器的IP地址时,我看到错误连接错误

这是我的iptables配置。我按照这里找到的步骤走

以下是上面创建的策略

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ssh state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:https state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:http state ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            udp spt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http limit: avg 25/min burst 100
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:http state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:https state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ssh state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http state NEW,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
在iptables配置中,您正在打开端口80和443,但spring引导应用程序默认在端口8080上启动。所以你有两个选择:

  • 通过将
    --server.port=80
    添加到启动参数或在application.properties中设置
    server.port=80
    来启动端口80上的应用程序列表。这将起作用,但您必须以
    root
    身份启动应用程序,因为它试图绑定到已知的端口。我不推荐这个
  • 使用iptables将外部端口80重定向到端口8080,方法是在iptables配置中添加如下行

    iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

    • iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080