¶þ¡¢×éÍøÍØÆË
Èý¡¢¿ÉÄÜÔµ¹ÊÔÓÉ
1¡¢control-planeեȡµÇ¼ÉèÖÃ�£¬ACL¹ýÂËÏÞÖÆ�£¬VTYÏß³ÌÕ¼Âú
2¡¢NGINXÀú³Ìɥʧ
ËÄ¡¢´¦Öóͷ£°ì·¨
°ì·¨1¡¢ÅŲéµÇ¼²ÎÊýÉèÖ㨵ØÖ·¡¢¶Ë¿Ú£©
1¡¢µÇ¼µØÖ·¹ýʧ
a. consoleÏߵǼ¿ÉÒÔÉó²é½Ó¿ÚµØÖ·�£¬ÏêϸÏÂÁîΪshow ip interface brief
ÈçÉÏÏÖÔÚ2¿ÚΪÄÚÍø¿Ú�£¬7¿ÚΪÍâÍø¿ÚµØÖ·�£¬¿ÉÒÔͨ¹ýÕâÁ½¸ö½Ó¿ÚµÇ¼װ±¸�£¬ÍâÍøÓû§Ö»ÄÜͨ¹ýÍâÍø¿ÚµØÖ·µÇ¼װ±¸
2¡¢µÇ¼¶Ë¿Ú¹ýʧ
ÏÂÁîÐпÉÒÔͨ¹ýshow web-serviceÈ·¶¨µÇ¼¶Ë¿Ú
HttpsµÄ¶Ë¿ÚºÅĬÈÏÊÇ4430�£¬ÐèÒªÐÞ¸ÄÖ»ÄÜÔÚÏÂÁîÐÐÏÂÐÞ¸Ä�£¬ÏêϸÏÂÁîΪ£ºip http secure-port ¶Ë¿Ú
Ð޸ĺó¿ÉÒÔʹÓÃж˿ڵǼhttps
°ì·¨2¡¢ÅŲé×°±¸ÉÏÇå¾²ÏÞÖÆ�£¬Õ¥È¡µÇ¼�£¬ACL¹ýÂË
1¡¢ÍâµØ·À¹¥»÷ÉèÖÃեȡwebµÇ¼µÇ¼µÈ²Ù×÷
¡¾±¸×¢¡¿
¶ÔÓ¦ÏÂÁîΪ£º
control-plane
security deny lan-web-----եȡÄÚÍøwebµÇ¼װ±¸
security deny wan-web-----եȡÍâÍøwebµÇ¼װ±¸
2¡¢ ÔÚ½Ó¿ÚŲÓûòip session filterŲÓõÄACLûÓзÅͨ¶ÔÓ¦µÄ¶Ë¿Ú»òIP
a. ½Ó¿Ú»á¼ûÁбíϵÄŲÓÃ�£¬ÐèÒª¼ì²éACLÓÐûÓзÅͨ¶ÔÓ¦µÄ¶Ë¿Ú»òIP
b. Ip session filter Á÷¹ýÂ˲Ù×÷�£¬È«¾ÖŲÓÃ�£¬È«¾ÖÉúЧ�£¬ÐèÒª¼ì²éACLÓÐûÓзÅͨ¶ÔÓ¦µÄ¶Ë¿Ú»òIP
c¡¢Line vtyÏÂŲÓõÄACLûÓзÅͨ¶ÔÓ¦µÄÍø¶Î»á¼û×°±¸�£¬µ¼ÖÂÎÞ·¨telnet
ËùŲÓõÄACL161ÐèÒª·ÅͨµÇ¼װ±¸µÄ¶Ë¿Ú»òIPµØÖ·
Ïêϸ·¾¶£ºÇå¾²—ACL»á¼ûÁбí
ÉèÖÃÍê�£¬ÏÂÁîÐжÔӦϷ¢µÄÏÂÁîÈçÏ£º
°ì·¨3¡¢ÅŲéÓ³É䵼ֵǼ¶Ë¿Ú±»Õ¼ÓÃ
ÏêϸÉèÖÃÈçÏ£º
ÄÚÍø·þÎñÆ÷Ó³ÉäʱӳÉäµ½×°±¸µÇ¼¶Ë¿ÚºÃ±È˵80¡¢4430�£¬»òÕßÊÇÉèÖÃÁËÕû»úÓ³ÉäÓ³Éäµ½½Ó¿ÚÉÏ�£¬µ¼ÖÂ×°±¸µÇ¼¶Ë¿Ú±»Õ¼ÓÃ�£¬»áµ¼ÖÂ×°±¸ÎÞ·¨µÇ¼�£¬
1¡¢¶Ë¿ÚÓ³ÉäÉèÖÃ
¶ÔÓ¦ÏÂÁîÈçÏ£ºip nat inside source static tcp 192.168.1.10 80 172.18.161.111 80
2.¡¢Õû»úÓ³ÉäÉèÖÃ
¶ÔÓ¦ÏÂÁîÈçÏ£ºip nat inside source static 192.168.1.10 172.18.161.111 permit-inside
¡¾½â¾öÒªÁì¡¿£º½«ÍâÍøÓ³Éä¶Ë¿Ú80»òÕß4430Ó³ÉäΪ1080»òÕß14430µÈ¶Ë¿Ú�£¬×èÖ¹¶Ë¿ÚÕ¼ÓÃÎÊÌâ���¡£
°ì·¨4¡¢ÅŲé¶àÌõÍâÍøÏßµÄÇéÐÎÏÂûÓпªÆôÔ´½øÔ´³ö
¶àÌõÍâÍøÏßµÄÇéÐÎÏÂûÓпªÆôÔ´½øÔ´³ö�£¬µ¼ÖÂÍâÍø»á¼ûµ½×°±¸µÄÊý¾ÝÁ÷·ºÆð´Ó½Ó¿Ú7½øÀ´¿ÉÊÇ´Ó½Ó¿Ú6³öÈ¥ÁË���¡£
ÒÔÊÇÔÚÍâÍø¿ÚÐèÒª¿ªÆôÔ´½øÔ´³ö�£¬Ïêϸ·¾¶ÈçÏ£ºÍøÂç—½Ó¿ÚÉèÖ׶ÔÓ¦½Ó¿ÚϹ´Ñ¡Ô´½øÔ´³ö
¶ÔÓ¦µÄÏÂÁîÈçÏ£º
°ì·¨5¡¢ÅŲé·þÎñÊÇ·ñÆôÓûòÕßÊÇ·ñ±£´æweb°ü
1¡¢µÇ¼·þÎñûÓпªÆô�£¬ÏêϸÏÂÁîΪ£ºweb·þÎñÊÇ·ñ¿ªÆôshow web-service
2¡¢Éó²é¶Ë¿ÚÊÇ·ñÕý³£¼àÌý
£¨1£©Show tcp connect �£¬LISTEN´ú±í¼àÌý״̬ÊôÓÚÕý³£×´Ì¬
Show cpu | in nginx �£¬NGINXÀú³ÌÕ¼ÓýÏС�£¬ÊôÓÚÕý³£Õ÷Ïó
δ·âshell³¡¾°Ï£º
Run-system-shell
ps aux | grep nginx
·âshell³¡¾°ÏÂ�£¬Éó²éÀú³Ì
Debug support
execute diagnose-cmd ps –ef nginx
£¨2£©ÈôÀú³Ì²»±£´æ�£¬ÐèÒªÖØÆôÀú³Ì¿´ÏÂÊÇ·ñÕý³£
Run-system-shell
/etc/rc.d/init.d/nginx start ÖØÆônginxÀú³Ì
/etc/rc.d/init.d/lnsp start ÖØÆôphpÀú³Ì
·âshell³¡¾°ÏÂ
Debug su
execute diagnose-cmd process nginx stop
execute diagnose-cmd process nginx start
£¨3£©ÈônginxµÄÀú³Ìcpu¸ß
µ¼ÖÂwebµÇ¼²»ÉÏ�£¬tcp connectÏÔʾÐÂÅþÁ¬¶¼syn_rev�£¬×¥°üÏÔʾegûÓлذü
½â¾öÒªÁ죺
1. show cpu | in nginx È·¶¨nginx½ø³ÌÐòÁкÅ
2. ɱµôÀú³Ì�£¬²»Ó°ÏìÆäËûʹÓÃ�£¬Ö»Ó°Ïìweb
debug su
execute diagnose-cmd kill ÐòÁкÅ
3. KillÀú³Ìºó�£¬ÐèÒªÊÖ¶¯ÖØÆôÀú³Ì
½â¾ö¼Æ»®£º
1. ÔöÌí°²ÅÅ·À»¤�£¬Ö»ÔÊÐí¹ÜÀíÔ±µÇ¼web
2. µÍ·åÆÚÏÂÔØ×îа汾���¡£
Îå¡¢ÐÅÏ¢ÍøÂç
sh ver
sh run
sh web-service
sh cpu | in nginx
sh int usage
sh ver all
sh tcp connect
sh memory
sh cpu | ex 0.00
sh log rev
show int usage
sh envir
sh ip fpm sta
debug su
execute diagnose-cmd fdisk
execute diagnose-cmd mount
exit
Áù¡¢×ܽáÓ뽨Òé
1¡¢ÐÂ×°±¸µÄĬÈϵǼ½Ó¿ÚΪGI0/0½Ó¿Ú�£¬¹ÜÀíµØַΪ192.168.1.1�£¬µçÄÔÐèÒªÉèÖÃÏàͬÍø¶Î²Å»ªµÇ¼���¡£
2¡¢×°±¸Ä¬ÈÏեȡwan¿ÚµÇ¼�£¬ÐèҪעÖØ���¡£
3¡¢ÈôÊǼì²éWEB¹¦Ð§¶¼Õý³£�£¬ÈÔÈ»ÎÞ·¨µÇ¼�£¬¿ÉÒԲο¼ÉÏÊö°ì·¨ÖØÆôwebÀú³Ì²âÊÔÏÂ���¡£
¡¾Ôö²¹¡¿Èçδ½â¾ö»òÐèÒªÏàʶ¸ü¶àÏêÇé�£¬¿Éµã»÷ÊÛºóÉÁµçÍþÙÐÐ×Éѯ
Ðû²¼Ê±¼ä£º2024-06-07
µã»÷Á¿£º1092
