Linux 如何设置iptables以允许Spring Boot应用程序的web流量?
我正试图在Arvixe的VPS Lite上托管我的Spring Boot应用程序。没有CPanel,只有命令行 当我启动我的Spring Boot应用程序并导航到服务器的IP地址时,我看到错误连接错误 这是我的iptables配置。我按照这里找到的步骤走 以下是上面创建的策略Linux 如何设置iptables以允许Spring Boot应用程序的web流量?,linux,spring-boot,vps,iptables,Linux,Spring Boot,Vps,Iptables,我正试图在Arvixe的VPS Lite上托管我的Spring Boot应用程序。没有CPanel,只有命令行 当我启动我的Spring Boot应用程序并导航到服务器的IP地址时,我看到错误连接错误 这是我的iptables配置。我按照这里找到的步骤走 以下是上面创建的策略 Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:https state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http limit: avg 25/min burst 100
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:https state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:domain
在iptables配置中,您正在打开端口80和443,但spring引导应用程序默认在端口8080上启动。所以你有两个选择:
--server.port=80
添加到启动参数或在application.properties中设置server.port=80
来启动端口80上的应用程序列表。这将起作用,但您必须以root
身份启动应用程序,因为它试图绑定到已知的端口。我不推荐这个iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080