¶þ¡¢×éÍøÍØÆË
Èý¡¢¿ÉÄÜÔÒò
1¡¢control-plane²»ÈݵǼÉèÖÃ����£¬ACL¹ýÂËÏÞ¶È����£¬VTYÏß³ÌÕ¼Âú
2¡¢NGINX¹ý³ÌÃÔʧ
ËÄ¡¢´¦Öò½Öè
²½Öè1¡¢ÅŲéµÇ¼²ÎÊýÉèÖ㨵ØÖ·¡¢¶Ë¿Ú£©
1¡¢µÇ¼µØÖ·ÃýÎó
a. consoleÏߵǼÄܹ»²é¿´½Ó¿ÚµØÖ·����£¬¾ßÌåºÅÁîΪshow ip interface brief
ÈçÉÏÄ¿Ç°2¿ÚΪÄÚÍø¿Ú����£¬7¿ÚΪ±íÍø¿ÚµØÖ·����£¬Äܹ»Í¨¹ýÕâÁ½¸ö½Ó¿ÚµÇ¼É豸����£¬±íÍøÓû§Ö»ÄÜͨ¹ý±íÍø¿ÚµØÖ·µÇ¼É豸
2¡¢µÇ¼¶Ë¿ÚÃýÎó
ºÅÁîÐÐÄܹ»Í¨¹ýshow web-serviceÈ·¶¨µÇ¼¶Ë¿Ú
HttpsµÄ¶Ë±êÓïĬÈÏÊÇ4430����£¬±ØÒªÅú¸ÄÖ»ÄÜÔÚºÅÁîÐÐÏÂÅú¸Ä����£¬¾ßÌåºÅÁîΪ£ºip http secure-port ¶Ë¿Ú
Åú¸ÄºóÄܹ»Ê¹ÓÃж˿ڵǼhttps
²½Öè2¡¢ÅŲéÉ豸ÉÏ°²È«ÏÞ¶È����£¬²»ÈݵǼ����£¬ACL¹ýÂË
1¡¢±¾µØ·À¹¥»÷ÉèÖò»ÈÝwebµÇ¼µÇ¼µÈ²Ù×÷
¡¾±¸×¢¡¿
¶Ô±¨ºÅÁîΪ£º
control-plane
security deny lan-web-----²»ÈÝÄÚÍøwebµÇ¼É豸
security deny wan-web-----²»ÈݱíÍøwebµÇ¼É豸
2¡¢ ÔÚ½Ó¿ÚŲÓûòip session filterŲÓõÄACLûÓзÅͨ¶ÔÓ¦µÄ¶Ë¿Ú»òIP
a. ½Ó¿Ú½Ó¼ûÁбíϵÄŲÓÃ����£¬±ØÒª²é³ACLÓÐûÓзÅͨ¶ÔÓ¦µÄ¶Ë¿Ú»òIP
b. Ip session filter Á÷¹ýÂ˲Ù×÷����£¬È«¾ÖŲÓÃ����£¬È«¾ÖÉúЧ����£¬±ØÒª²é³ACLÓÐûÓзÅͨ¶ÔÓ¦µÄ¶Ë¿Ú»òIP
c¡¢Line vtyÏÂŲÓõÄACLûÓзÅͨ¶ÔÓ¦µÄÍø¶Î½Ó¼ûÉ豸����£¬µ¼ÖÂÎÞ·¨telnet
ËùŲÓõÄACL161±ØÒª·ÅͨµÇ¼É豸µÄ¶Ë¿Ú»òIPµØÖ·
¾ßÌåõ辶£º°²È«—ACL½Ó¼ûÁбí
ÅäÖÃÍê����£¬ºÅÁîÐжÔӦϷ¢µÄºÅÁîÈçÏ£º
²½Öè3¡¢ÅŲéÓ³É䵼ֵǼ¶Ë¿Ú±»Õ¼ÓÃ
¾ßÌåÅäÖÃÈçÏ£º
ÄÚÍø·þÎñÆ÷Ó³ÉäʱӳÉäµ½É豸µÇ¼¶Ë¿ÚºÃ±È˵80¡¢4430����£¬»òÕßÊÇÅäÖÃÁËÕû»úÓ³ÉäÓ³Éäµ½½Ó¿ÚÉÏ����£¬µ¼ÖÂÉ豸µÇ¼¶Ë¿Ú±»Õ¼ÓÃ����£¬»áµ¼ÖÂÉ豸ÎÞ·¨µÇ¼����£¬
1¡¢¶Ë¿ÚÓ³ÉäÅäÖÃ
¶Ô±¨ºÅÁîÈçÏ£ºip nat inside source static tcp 192.168.1.10 80 172.18.161.111 80
2.¡¢Õû»úÓ³ÉäÅäÖÃ
¶Ô±¨ºÅÁîÈçÏ£ºip nat inside source static 192.168.1.10 172.18.161.111 permit-inside
¡¾½â¾ö²½Öè¡¿£º½«±íÍøÓ³Éä¶Ë¿Ú80»òÕß4430Ó³ÉäΪ1080»òÕß14430µÈ¶Ë¿Ú����£¬Ô¤·À¶Ë¿ÚÕ¼ÓÃÎÊÌâ�����¡£
²½Öè4¡¢ÅŲé¶àÌõ±íÍøÏßµÄÇé¿öÏÂûÓпªÆôÔ´½øÔ´³ö
¶àÌõ±íÍøÏßµÄÇé¿öÏÂûÓпªÆôÔ´½øÔ´³ö����£¬µ¼Ö±íÍø½Ó¼ûµ½É豸µÄÊý¾ÝÁ÷³öÏÖ´Ó½Ó¿Ú7½øÀ´µ«ÊÇ´Ó½Ó¿Ú6³öÈ¥ÁË�����¡£
ËùÒÔÔÚ±íÍø¿Ú±ØÒª¿ªÆôÔ´½øÔ´³ö����£¬¾ßÌåõ辶ÈçÏ£ºÍøÂç—½Ó¿ÚÅäÖ׶ÔÓ¦½Ó¿ÚϹ´Ñ¡Ô´½øÔ´³ö
¶ÔÓ¦µÄºÅÁîÈçÏ£º
²½Öè5¡¢ÅŲé·þÎñÊÇ·ñÆôÓûòÕßÊÇ·ñ´æÔÚweb°ü
1¡¢µÇ¼·þÎñûÓпªÆô����£¬¾ßÌåºÅÁîΪ£ºweb·þÎñÊÇ·ñ¿ªÆôshow web-service
2¡¢²é¿´¶Ë¿ÚÊÇ·ñÕý³£¼àÌý
£¨1£©Show tcp connect ����£¬LISTEN´ú±í¼àÌý״̬ÊôÓÚÕý³£×´Ì¬
Show cpu | in nginx ����£¬NGINX¹ý³ÌÕ¼ÓýÏÓ×����£¬ÊôÓÚÕý³£¾°Ïó
δ·âshell³¡¾°Ï£º
Run-system-shell
ps aux | grep nginx
·âshell³¡¾°ÏÂ����£¬²é¿´¹ý³Ì
Debug support
execute diagnose-cmd ps –ef nginx
£¨2£©Èô¹ý³Ì²»´æÔÚ����£¬±ØÒª³ÁÆô¹ý³Ì¿´ÏÂÊÇ·ñÕý³£
Run-system-shell
/etc/rc.d/init.d/nginx start ³ÁÆônginx¹ý³Ì
/etc/rc.d/init.d/lnsp start ³ÁÆôphp¹ý³Ì
·âshell³¡¾°ÏÂ
Debug su
execute diagnose-cmd process nginx stop
execute diagnose-cmd process nginx start
£¨3£©ÈônginxµÄ¹ý³Ìcpu¸ß
µ¼ÖÂwebµÇ¼²»ÉÏ����£¬tcp connectÏÔʾÐÂÏνӶ¼syn_rev����£¬×¥°üÏÔʾegûÓлذü
½â¾ö²½Ö裺
1. show cpu | in nginx È·¶¨nginx½ø·¨Ê½ÁкÅ
2. ɱµô¹ý³Ì����£¬²»Ó°ÏìÆäËûʹÓÃ����£¬Ö»Ó°Ïìweb
debug su
execute diagnose-cmd kill ÐòÁкÅ
3. Kill¹ý³Ìºó����£¬±ØÒªÊÖ¶¯³ÁÆô¹ý³Ì
½â¾ö¹æ»®£º
1. Ôö³¤ÆÌÅÅ·À»¤����£¬Ö»ÔÊÐíÖÎÀíÔ±µÇ¼web
2. µÍ·åÆÚÏÂÔØ×îа汾�����¡£
Îå¡¢ÐÅÏ¢ÍøÂç
sh ver
sh run
sh web-service
sh cpu | in nginx
sh int usage
sh ver all
sh tcp connect
sh memory
sh cpu | ex 0.00
sh log rev
show int usage
sh envir
sh ip fpm sta
debug su
execute diagnose-cmd fdisk
execute diagnose-cmd mount
exit
Áù¡¢×ܽáÓ뽨Òé
1¡¢ÐÂÉ豸µÄĬÈϵǼ½Ó¿ÚΪGI0/0½Ó¿Ú����£¬ÖÎÀíµØַΪ192.168.1.1����£¬µçÄÔ±ØÒªÉèÖÃÒ»ÑùÍø¶ÎÄÜÁ¦µÇ¼�����¡£
2¡¢É豸ĬÈϲ»ÈÝwan¿ÚµÇ¼����£¬±ØÒª°ÑÎÈ�����¡£
3¡¢ÈôÊDzé³WEBÖ°Äܶ¼Õý³£����£¬ÒÀÈ»ÎÞ·¨µÇ¼����£¬Äܹ»²Î¿¼ÉÏÊö²½Öè³ÁÆôweb¹ý³Ì²âÊÔÏÂ�����¡£
¡¾²¹³ä¡¿Èçδ½â¾ö»ò±ØÒªÏàʶ¸ü¶àÏêÇé����£¬¿Éµã»÷ÊÛºóÉÁµçÍýøÐÐÕ÷ѯ
°ä²¼¹¦·ò£º2024-06-07
µã»÷Á¿£º1092
