正文
这里主要记录一下Liunx使用中碰到的问题和常用的操作。
开放端口
在web项目部署中,会碰到80端口被其他进程占用的情况,我们需要给当前服务项目配置其他端口,如8055, 但这个端口并未对外网开放,如何操作呢?
lsof命令
lsof命令可以查看当前登录的 Linux 系统中打开的端口。
lsof -i -P -n
- i:如果没有指定IP地址,这个选项选择列出所有网络文件
- P:禁止将端口号转换为端口名称, 如 3306 转为 MySQL
- n:禁止IP转换为hostname,缺省是不加上
-n参数
输出大段如下内容:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
php 612 root 3u IPv4 312026551 0t0 TCP 192.168.0.109:55286->192.168.0.109:3306 (ESTABLISHED)
php 612 root 5u IPv4 245868058 0t0 TCP *:8204 (LISTEN)
rpcbind 928 rpc 6u IPv4 31247 0t0 UDP *:111
rpcbind 928 rpc 7u IPv4 31248 0t0 UDP *:678
rpcbind 928 rpc 8u IPv4 31249 0t0 TCP *:111 (LISTEN)
rpcbind 928 rpc 9u IPv6 31250 0t0 UDP *:111
rpcbind 928 rpc 10u IPv6 31251 0t0 UDP *:678
rpcbind 928 rpc 11u IPv6 31252 0t0 TCP *:111 (LISTEN)
avahi-dae 987 avahi 12u IPv4 35979 0t0 UDP *:5353
avahi-dae 987 avahi 13u IPv4 35980 0t0 UDP *:37759
cupsd 1419 root 10u IPv6 20011 0t0 TCP [::1]:631 (LISTEN)
cupsd 1419 root 11u IPv4 20012 0t0 TCP 127.0.0.1:631 (LISTEN)
sshd 1425 root 3u IPv4 34418 0t0 TCP *:22 (LISTEN)
sshd 1425 root 4u IPv6 34420 0t0 TCP *:22 (LISTEN)
sh 1580 git 5u IPv4 229197458 0t0 TCP 192.168.0.109:59598->39.101.181.62:9999 (ESTABLISHED)
cat 1587 git 0u IPv4 229197458 0t0 TCP 192.168.0.109:59598->39.101.181.62:9999 (ESTABLISHED)
cat 1587 git 5u IPv4 229197458 0t0 TCP 192.168.0.109:59598->39.101.181.62:9999 (ESTABLISHED)
sh 1588 git 5u IPv4 229197458 0t0 TCP 192.168.0.109:59598->39.101.181.62:9999 (ESTABLISHED)
chronyd 1834 chrony 5u IPv4 209455 0t0 UDP 127.0.0.1:323
chronyd 1834 chrony 6u IPv6 209456 0t0 UDP [::1]:323
只查看监听中的端口:
> lsof -i -P -n | grep LISTEN
输出大段如下内容:
php 612 root 5u IPv4 245868058 0t0 TCP *:8204 (LISTEN)
rpcbind 928 rpc 8u IPv4 31249 0t0 TCP *:111 (LISTEN)
rpcbind 928 rpc 11u IPv6 31252 0t0 TCP *:111 (LISTEN)
cupsd 1419 root 10u IPv6 20011 0t0 TCP [::1]:631 (LISTEN)
cupsd 1419 root 11u IPv4 20012 0t0 TCP 127.0.0.1:631 (LISTEN)
sshd 1425 root 3u IPv4 34418 0t0 TCP *:22 (LISTEN)
sshd 1425 root 4u IPv6 34420 0t0 TCP *:22 (LISTEN)
redis-ser 1996 redis 6u IPv4 49235 0t0 TCP 127.0.0.1:6379 (LISTEN)
redis-ser 1996 redis 7u IPv4 49236 0t0 TCP 192.168.0.109:6379 (LISTEN)
nginx 2002 root 6u IPv4 11910 0t0 TCP *:443 (LISTEN)
nginx 2002 root 7u IPv4 11911 0t0 TCP *:19999 (LISTEN)
nginx 2004 nobody 6u IPv4 11910 0t0 TCP *:443 (LISTEN)
nginx 2004 nobody 7u IPv4 11911 0t0 TCP *:19999 (LISTEN)
master 2579 root 13u IPv4 12001 0t0 TCP 127.0.0.1:25 (LISTEN)
master 2579 root 14u IPv6 12002 0t0 TCP [::1]:25 (LISTEN)
dnsmasq 2692 nobody 6u IPv4 50475 0t0 TCP 192.168.122.1:53 (LISTEN)
lsof -i -P
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
php 612 root 3u IPv4 312026551 0t0 TCP localhost.localdomain:55286->localhost.localdomain:3306 (ESTABLISHED)
php 612 root 5u IPv4 245868058 0t0 TCP *:8204 (LISTEN)
rpcbind 928 rpc 6u IPv4 31247 0t0 UDP *:111
rpcbind 928 rpc 7u IPv4 31248 0t0 UDP *:678
rpcbind 928 rpc 8u IPv4 31249 0t0 TCP *:111 (LISTEN)
rpcbind 928 rpc 9u IPv6 31250 0t0 UDP *:111
rpcbind 928 rpc 10u IPv6 31251 0t0 UDP *:678
rpcbind 928 rpc 11u IPv6 31252 0t0 TCP *:111 (LISTEN)
avahi-dae 987 avahi 12u IPv4 35979 0t0 UDP *:5353
avahi-dae 987 avahi 13u IPv4 35980 0t0 UDP *:37759
cupsd 1419 root 10u IPv6 20011 0t0 TCP localhost:631 (LISTEN)
cupsd 1419 root 11u IPv4 20012 0t0 TCP localhost:631 (LISTEN)
sshd 1425 root 3u IPv4 34418 0t0 TCP *:22 (LISTEN)
sshd 1425 root 4u IPv6 34420 0t0 TCP *:22 (LISTEN)
sh 1580 git 5u IPv4 229197458 0t0 TCP localhost.localdomain:59598->39.101.181.62:9999 (ESTABLISHED)
lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
php 612 root 3u IPv4 312026551 0t0 TCP localhost.localdomain:55286->localhost.localdomain:mysql (ESTABLISHED)
php 612 root 5u IPv4 245868058 0t0 TCP *:lm-perfworks (LISTEN)
postgres 879 gitlab-psql 6u IPv6 62137 0t0 UDP localhost:39348->localhost:39348
rpcbind 928 rpc 6u IPv4 31247 0t0 UDP *:sunrpc
rpcbind 928 rpc 7u IPv4 31248 0t0 UDP *:ggf-ncp
rpcbind 928 rpc 8u IPv4 31249 0t0 TCP *:sunrpc (LISTEN)
rpcbind 928 rpc 9u IPv6 31250 0t0 UDP *:sunrpc
rpcbind 928 rpc 10u IPv6 31251 0t0 UDP *:ggf-ncp
rpcbind 928 rpc 11u IPv6 31252 0t0 TCP *:sunrpc (LISTEN)
avahi-dae 987 avahi 12u IPv4 35979 0t0 UDP *:mdns
avahi-dae 987 avahi 13u IPv4 35980 0t0 UDP *:37759
cupsd 1419 root 10u IPv6 20011 0t0 TCP localhost:ipp (LISTEN)
cupsd 1419 root 11u IPv4 20012 0t0 TCP localhost:ipp (LISTEN)
sshd 1425 root 3u IPv4 34418 0t0 TCP *:ssh (LISTEN)
sshd 1425 root 4u IPv6 34420 0t0 TCP *:ssh (LISTEN)
sh 1580 git 5u IPv4 229197458 0t0 TCP localhost.localdomain:59598->39.101.181.62:distinct (ESTABLISHED)
netcat命令
nc (Netcat) 是一个命令行实用程序,它使用 TCP 和 UDP 协议通过网络在计算机之间读取和写入数据。 使用 netcat 命令可以检查任何服务器上的端口。
lsof 命令,登录系统并拥有 sudo 访问权限,比 nc 命令快。
nc 命令具有无需登录即可扫描端口的灵活性,但当扫描远程主机时因为需要网络交互会很慢。
查看端口
查看具体端口是否打开:
[root@localhost wwwroot]# lsof -i:8055
[root@localhost wwwroot]#
[root@localhost wwwroot]# lsof -i:8056
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 10467 www 72u IPv4 310541153 0t0 TCP *:senomix04 (LISTEN)
nginx 10469 www 72u IPv4 310541153 0t0 TCP *:senomix04 (LISTEN)
[root@localhost wwwroot]#
[root@localhost wwwroot]#
[root@localhost wwwroot]# lsof -i:8056 -P -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 10467 www 72u IPv4 310541153 0t0 TCP *:8056 (LISTEN)
nginx 10469 www 72u IPv4 310541153 0t0 TCP *:8056 (LISTEN)
[root@localhost wwwroot]#
当前所有已经使用的端口情况:
netstat -nultp
[root@localhost wwwroot]# netstat -nultp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 11997/memcached
tcp 0 0 192.168.0.109:6379 0.0.0.0:* LISTEN 1996/redis-server 1
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1996/redis-server 1
tcp 0 0 0.0.0.0:8204 0.0.0.0:* LISTEN 612/WorkerMan: work
tcp 0 0 0.0.0.0:9388 0.0.0.0:* LISTEN 30993/docker-proxy
tcp 0 0 0.0.0.0:44300 0.0.0.0:* LISTEN 30969/docker-proxy
tcp 0 0 127.0.0.1:9100 0.0.0.0:* LISTEN 10889/node_exporter
tcp 0 0 127.0.0.1:9229 0.0.0.0:* LISTEN 10888/gitlab-workho
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 928/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 10467/nginx: worker
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 10890/puma 5.6.2 (u
tcp 0 0 127.0.0.1:9168 0.0.0.0:* LISTEN 10868/ruby
tcp 0 0 127.0.0.1:8082 0.0.0.0:* LISTEN 11131/sidekiq_expor
tcp 0 0 0.0.0.0:30003 0.0.0.0:* LISTEN 20666/WorkerMan: wo
tcp 0 0 0.0.0.0:8787 0.0.0.0:* LISTEN 7178/WorkerMan: mas
tcp 0 0 127.0.0.1:9236 0.0.0.0:* LISTEN 10960/gitaly
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 2692/dnsmasq
tcp 0 0 127.0.0.1:8150 0.0.0.0:* LISTEN 10885/gitlab-kas
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1425/sshd
tcp 0 0 0.0.0.0:8056 0.0.0.0:* LISTEN 10467/nginx: worker
tcp 0 0 0.0.0.0:8887 0.0.0.0:* LISTEN 11447/WorkerMan: ma
tcp 0 0 127.0.0.1:8151 0.0.0.0:* LISTEN 10885/gitlab-kas
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1419/cupsd
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 24958/python3
tcp 0 0 0.0.0.0:888 0.0.0.0:* LISTEN 10467/nginx: worker
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 10882/grafana-serve
tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 10886/nginx: master
tcp 0 0 0.0.0.0:89 0.0.0.0:* LISTEN 10467/nginx: worker
tcp 0 0 0.0.0.0:8889 0.0.0.0:* LISTEN 9667/WorkerMan: mas
tcp 0 0 127.0.0.1:8153 0.0.0.0:* LISTEN 10885/gitlab-kas
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2579/master
tcp 0 0 127.0.0.1:8154 0.0.0.0:* LISTEN 10885/gitlab-kas
tcp 0 0 0.0.0.0:3131 0.0.0.0:* LISTEN 7178/WorkerMan: mas
tcp 0 0 127.0.0.1:8155 0.0.0.0:* LISTEN 10885/gitlab-kas
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2002/nginx: master
tcp 0 0 0.0.0.0:3132 0.0.0.0:* LISTEN 11447/WorkerMan: ma
tcp 0 0 127.0.0.1:8092 0.0.0.0:* LISTEN 11129/sidekiq 6.4.0
tcp 0 0 0.0.0.0:8060 0.0.0.0:* LISTEN 10886/nginx: master
tcp 0 0 0.0.0.0:19999 0.0.0.0:* LISTEN 2002/nginx: master
tcp 0 0 0.0.0.0:3232 0.0.0.0:* LISTEN 7190/WorkerMan: wor
tcp 0 0 0.0.0.0:3233 0.0.0.0:* LISTEN 11465/WorkerMan: wo
tcp 0 0 127.0.0.1:9121 0.0.0.0:* LISTEN 10865/redis_exporte
tcp 0 0 0.0.0.0:20002 0.0.0.0:* LISTEN 10181/php
tcp 0 0 127.0.0.1:9090 0.0.0.0:* LISTEN 30528/prometheus
tcp 0 0 0.0.0.0:31234 0.0.0.0:* LISTEN 10467/nginx: worker
tcp 0 0 127.0.0.1:9187 0.0.0.0:* LISTEN 10881/postgres_expo
tcp 0 0 0.0.0.0:7813 0.0.0.0:* LISTEN 10467/nginx: worker
tcp 0 0 127.0.0.1:9093 0.0.0.0:* LISTEN 10878/alertmanager
tcp 0 0 0.0.0.0:33066 0.0.0.0:* LISTEN 30602/docker-proxy
tcp6 0 0 :::9388 :::* LISTEN 31001/docker-proxy
tcp6 0 0 :::44300 :::* LISTEN 30976/docker-proxy
tcp6 0 0 :::111 :::* LISTEN 928/rpcbind
tcp6 0 0 ::1:9168 :::* LISTEN 10868/ruby
tcp6 0 0 :::22 :::* LISTEN 1425/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1419/cupsd
tcp6 0 0 :::8088 :::* LISTEN 12284/java
tcp6 0 0 ::1:25 :::* LISTEN 2579/master
tcp6 0 0 127.0.0.1:8190 :::* LISTEN 12284/java
tcp6 0 0 :::9094 :::* LISTEN 10878/alertmanager
tcp6 0 0 :::3306 :::* LISTEN 25884/mysqld
tcp6 0 0 :::33066 :::* LISTEN 30608/docker-proxy
udp 0 0 127.0.0.1:11211 0.0.0.0:* 11997/memcached
udp 0 0 0.0.0.0:30001 0.0.0.0:* 7216/WorkerMan: mas
udp 0 0 0.0.0.0:30001 0.0.0.0:* 7185/WorkerMan: wor
udp 0 0 0.0.0.0:30001 0.0.0.0:* 7184/WorkerMan: wor
udp 0 0 192.168.122.1:53 0.0.0.0:* 2692/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 2692/dnsmasq
udp 0 0 0.0.0.0:68 0.0.0.0:* 18644/dhclient
udp 0 0 0.0.0.0:111 0.0.0.0:* 928/rpcbind
udp 0 0 127.0.0.1:323 0.0.0.0:* 1834/chronyd
udp 0 0 0.0.0.0:678 0.0.0.0:* 928/rpcbind
udp 0 0 0.0.0.0:37759 0.0.0.0:* 987/avahi-daemon: r
udp 0 0 0.0.0.0:5353 0.0.0.0:* 987/avahi-daemon: r
udp 0 0 0.0.0.0:8203 0.0.0.0:* 4201/WorkerMan: wor
udp 0 0 0.0.0.0:8203 0.0.0.0:* 19613/WorkerMan: wo
udp6 0 0 :::111 :::* 928/rpcbind
udp6 0 0 ::1:323 :::* 1834/chronyd
udp6 0 0 :::678 :::* 928/rpcbind
udp6 0 0 :::9094 :::* 10878/alertmanager
[root@localhost wwwroot]#
查看端口是否被占用:
[root@localhost wwwroot]# netstat -anlp | grep :8055
[root@localhost wwwroot]#
[root@localhost wwwroot]# netstat -anlp | grep :8056
tcp 0 0 0.0.0.0:8056 0.0.0.0:* LISTEN 10467/nginx: worker
[root@localhost wwwroot]#
不被占用的情况下,配置Nginx监听该端口。
开放端口
查看所有端口列表:
firewall-cmd --zone=public --list-ports
[root@localhost wwwroot]# firewall-cmd --zone=public --list-ports
3000/tcp 5432/tcp 88/tcp 3306/tcp 443/tcp 80/tcp 20/tcp 21/tcp 22/tcp 8888/tcp 39000-40000/tcp 8103/tcp 8103/udp 30001/udp 8787/tcp 8787/udp 6379/tcp 6379/udp 3131/tcp 3131/udp 3232/tcp 3232/udp 80/udp 8888/udp 88/udp 9033/tcp 9033/udp 9758/tcp 9758/udp 9306/tcp 9306/udp 9701/tcp 9701/udp 888/tcp 9936/tcp 9936/udp 31234/tcp 31234/udp 8088/tcp 8088/udp 8087/tcp 8087/udp 30002-30003/tcp 30002-30003/udp 20002-20005/tcp 20002-20005/udp 8203/tcp 8203/udp 8887/tcp 8887/udp 3132/tcp 3132/udp 9388/tcp 9388/udp 30011/tcp 30011/udp 8204/tcp 8204/udp 89/tcp 89/udp 8090/tcp 8055/tcp
[root@localhost wwwroot]#
查看端口状态
firewall-cmd --zone=public --query-port=8055/tcp
如果是no-表示关闭,yes-表示开启:
[root@localhost wwwroot]# firewall-cmd --zone=public --query-port=8055/tcp
no
[root@localhost wwwroot]#
开放端口访问:
firewall-cmd --zone=public --add-port=8055/tcp --permanent
重新加载防火墙,然后查看端口是否打开即可:
firewall-cmd --reload
参考资料
linux开放外部端口访问 https://blog.csdn.net/uuqaz/article/details/124404766