如何解决服务器80端口被运营商封掉问题如何解决无公网ip如何假设web服务器(作者：技术方案组长-鸣鸣)

合集下载

1、下载文档前请自行甄别文档内容的完整性，平台不提供额外的编辑、内容补充、找答案等附加服务。
2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
3、如文档侵犯您的权益，请联系客服反馈,我们会尽快为您处理(人工客服工作时间：9:00-18:30)。

如何解决服务器80端口被运营商封掉问题
如何解决无公网ip如何假设web服务器
一.拓扑图
二.原理
假设:国内web服务器service2的web端口是990 国外服务器service1开启了80端口.
通过架设虚拟局域网将国内web服务器990端口映射转发到国外服务器80端口上达到访问国内web服务器上的网站且不需要输入端口访问.
利用openvpn将service1和service2组建成一个虚拟局域网.虚拟局域网ip需要固定.所以openvpn必须分配给service1虚拟ip是固定的. 将service2上的web服务器监听分配给它的虚拟ip.同时service1必须开启80端口,并且开启路由转发功能.当客户端访service1的80端口时.service1就通过路由转发功能将请求包通过虚拟虚拟局域网80端口发送给service2的web端口990上.service2获取到请求后将web数据在通过内网ip的990端口路由转发给service1的80端口上.然后提交给客户端.这样用户访问的就是国内服务器上的网站.解决了服务器无公网ip和运营商未开启80端口如何将网站强制通过80端口发布出去.也同时解决了无固定公网ip的问题
Service1和service2的请求速度取决于两者间的网络环境.建议service1和service2使用的是骨干节点网络.且
必须是光纤。

三.操作步骤（service1和service2以linux系统为主。

因为稳定，且设置生效不用重启服务器）
1.在service2上架设web服务。

# yum install httpd mysql-server mysql php php-mysql –y /安装服务apache和数据库服务及php/
# service httpd restart /启动apache服务/
# service mysqld restart /mysql服务/
# chkconfig httpd on /设置apache开机启动/
# chkconfig mysqld on /设置mysql开启启动/
# vim /etc/httpd/conf/httpd.conf /配置apache/
将监听端口修改成990，并保存退出
# service httpd restart /启动apache服务/
测试：
在浏览器中输入网址加端口号看是否架设成功，出现下面内容就说明架设成功。

2.在service1上架设openvpn服务器端。

# rpm -ivh http://apt.sw.be/redhat/el6/en/i386/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.i686.rpm # yum –y install openvpn
/安装服务/
# cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa /etc/openvpn
# cd /etc/openvpn/easy-rsa/2.0
# chmod +x *
/先将easy-rsa脚本copy到/etc/openvpn，并添加可执行权限：/
# cd /etc/openvpn/easy-rsa/2.0
# ln -s f f
/然后使用easy-rsa的脚本产生证书/
# vim vars
编辑所需的参数再调用之，也可以默认参数
# source vars
/清理所有/
# ./build-ca
/生成服务器端ca证书/
Generating a 1024 bit RSA private key
............++++++
..................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [SH]:
Locality Name (eg, city) [PD]:
Organization Name (eg, company) [zyfmaster]:
Organizational Unit Name (eg, section) []:zyfmaster
Common Name (eg, your name or your server's hostname) [zyfmaster CA]:server Name []:
Email Address [905407204@]:
# ./build-key-server server
/生成服务器端密钥key, 后面这个server 就是服务器名，可以自定义。

/
Generating a 1024 bit RSA private key .......................................++++++
.......++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [SH]:
Locality Name (eg, city) [PD]:
Organization Name (eg, company) [zyfmaster]:
Organizational Unit Name (eg, section) []:zyfmaster
Common Name (eg, your name or your server's hostname) [server]:server
Name []:
Email Address [905407204@]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:abcd1234
An optional company name []:zyfmaster
Using configuration from /etc/openvpn/2.0/f
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN' #可以默认也可以根据实际情况填写
stateOrProvinceName :PRINTABLE:'SH' #可以默认也可以根据实际情况填写
localityName :PRINTABLE:'PD' #可以默认也可以根据实际情况填写
organizationName :PRINTABLE:'zyfmaster' #可以默认也可以根据实际情况填写
organizationalUnitName:PRINTABLE:'zyfmaster' #可以默认也可以根据实际情况填写
commonName :PRINTABLE:'server' #可以默认也可以根据实际情况填写
emailAddress :IA5STRING:'905407204@' #可以默认也可以根据实际情况填写
Certificate is to be certified until Dec 2 04:14:34 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
#这里注意一定要选择y，否则证书生成的是空证书
1 out of 1 certificate requests certified, commit? [y/n]y #这里注意一定要选择y否则证书生成的是空证书
Write out database with 1 new entries
Data Base Updated
/服务器端证书生成成功/
# ./build-key client1
/生成客户端key后面这个client1就是客户端名，可以自定义/
Generating a 1024 bit RSA private key
............++++++ ........................................................++++++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [SH]:
Locality Name (eg, city) [PD]:
Organization Name (eg, company) [zyfmaster]:
Organizational Unit Name (eg, section) []:zyfmaster
Common Name (eg, your name or your server's hostname) [client1]:client1 #重要: 每个不同的client 生成的证书, 名字必须不同.
Name []:
Email Address [905407204@]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:abcd1234
An optional company name []:zyfmaster
Using configuration from /etc/openvpn/2.0/f
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'SH' #可以默认也可以根据实际情况填写
localityName :PRINTABLE:'PD' #可以默认也可以根据实际情况填写
organizationName :PRINTABLE:'zyfmaster' #可以默认也可以根据实际情况填写organizationalUnitName:PRINTABLE:'zyfmaster' #可以默认也可以根据实际情况填写
commonName :PRINTABLE:'client1' #可以默认也可以根据实际情况填写
emailAddress :IA5STRING:'905407204@' #可以默认也可以根据实际情况填写
Certificate is to be certified until Dec 2 04:15:50 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
/这里注意一定要选择y，否则证书生成的是空证书/
1 out of 1 certificate requests certified, commit? [y/n]y
/这里注意一定要选择y，否则证书生成的是空证书/
Write out database with 1 new entries
Data Base Updated
/客户端证书生成成功/
# ./build-key client2
# ./build-key client3
/以此类推建立其他客户端key/
# ./build-dh
/生成Diffie Hellman参数（这里等待一段时间。

等待时长和你服务器性能决定）/
# tar zcvf yskeys.tar.gz keys/*
/将keys 下的所有文件打包下载到本地(可以通过winscp,http,ftp等等……)/
# cp -r /usr/share/doc/openvpn-2.2.2/sample-config-files/server.conf /etc/openvpn/ # vim /etc/openvpn/server.conf
/创建服务端配置文件，并修改service.conf配置文件/
;local a.b.c.d
改成：
local 192.168.2.3
port 1194 （根据自己实际情况修改）
proto udp （根据自己实际情况修改）
dev tun （根据自己实际情况修改）
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
改成
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt （根据自己存放证书位置修改）cert /etc/openvpn/easy-rsa/2.0/keys/server.crt （根据自己存放证书位置修改）key /etc/openvpn/easy-rsa/2.0/keys/server.key # This file should be kept secret
（根据自己存放证书位置修改）
dh dh1024.pem
改成
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem （根据自己存放证书位置修改）server 10.8.0.0 255.255.255.0
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
改成
;push "route 192.168.10.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
;push "redirect-gateway def1 bypass-dhcp"
改成
push "redirect-gateway def1"
;push "dhcp-option DNS 208.67.222.222" ;push "dhcp-option DNS 208.67.220.220" 改成
push "dhcp-option DNS 114.114.114.114" push "dhcp-option DNS 114.114.115.115"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
改成
log openvpn.log
verb 3
# service openvpn restart
/启动服务/
#ifconfig
这样就是成功了。

# sed -i '/net.ipv4.ip_forward/s/0/1/g' /etc/sysctl.conf
# sysctl -w net.ipv4.ip_forward=1
/开启路由转发功能/
#iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source 192.168.0.64 # /etc/init.d/iptables save
# service iptables restart
/设置防火墙规则/
3.在service2上架设openvpn客户端。

测试：
http://192.168.2.3。

如何解决服务器80端口被运营商封掉问题 如何解决无公网ip如何假设web服务器(作者：技术方案组长-鸣鸣)

如何解决服务器80端口被运营商封掉问题如何解决无公网ip如何假设web服务器(作者：技术方案组长-鸣鸣)