{"id":5033,"date":"2020-04-30T16:07:08","date_gmt":"2020-04-30T09:07:08","guid":{"rendered":"https:\/\/tino.vn\/?post_type=ht_kb&p=5033"},"modified":"2020-05-27T15:36:42","modified_gmt":"2020-05-27T08:36:42","slug":"huong-dan-mo-cong-port-tren-centos-7-8","status":"publish","type":"ht_kb","link":"https:\/\/tino.vn\/blog\/docs\/huong-dan-mo-cong-port-tren-centos-7-8\/","title":{"rendered":"H\u01b0\u1edbng d\u1eabn m\u1edf c\u1ed5ng (port) tr\u00ean CentOS 7\/8"},"content":{"rendered":"

M\u00ecnh c\u00f3 m\u1ed9t m\u00e1y ch\u1ee7\u00a0CentOS 7, tr\u00ean m\u00e1y ch\u1ee7 c\u00e0i d\u1ecbch v\u1ee5\u00a0Apache Web Server\u00a0v\u00e0 l\u1eafng nghe tr\u00ean c\u1ed5ng 80. Nh\u01b0ng khi c\u00e0i \u0111\u1eb7t xong th\u00ec kh\u00f4ng th\u1ec3 truy c\u1eadp \u0111\u01b0\u1ee3c c\u1ed5ng 80 th\u00f4ng qua domain v\u00e0 \u0111\u1ecba ch\u1ec9 IP c\u1ee7a m\u00e1y ch\u1ee7. (\u00c1p d\u1ee5ng \u0111\u01b0\u1ee3c c\u1ea3 v\u1edbi CentOS 8)<\/p>\n

Nguy\u00ean nh\u00e2n l\u00e0 do\u00a0t\u01b0\u1eddng l\u1eeda\u00a0(Firewall) tr\u00ean CentOS 7\/8 m\u1eb7c \u0111\u1ecbnh block port 80 tr\u00ean server. V\u00ec v\u1eady nhi\u1ec7m v\u1ee5 c\u1ee7a ch\u00fang ta l\u00e0\u00a0m\u1edf port tr\u00ean server\u00a0\u0111\u1ec3 c\u00f3 th\u1ec3 truy c\u1eadp t\u1edbi d\u1ecbch v\u1ee5 Web.<\/p>\n

M\u1edf c\u1ed5ng (port) tr\u00ean CentOS 7\/8<\/h2>\n

T\u01b0\u1edfng l\u1eeda tr\u00ean CentOS 7\/8 gi\u1edd \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd b\u1eb1ng c\u00f4ng c\u1ee5\u00a0firewall-cmd, n\u00ean \u0111\u1ec3 m\u1edf port s\u1eed d\u1ee5ng command sau v\u1edbi quy\u1ec1n c\u1ee7a t\u00e0i kho\u1ea3n root.<\/p>\n

\u2013 Ki\u1ec3m tra zone n\u00e0o c\u1ee7a t\u01b0\u1eddng l\u1eeda \u0111ang \u0111\u01b0\u1ee3c active<\/p>\n

\n
#Ki\u1ec3m tra zone n\u00e0o c\u1ee7a t\u01b0\u1eddng l\u1eeda \u0111ang \u0111\u01b0\u1ee3c active\r\nfirewall-cmd --get-active-zones<\/pre>\n
 <\/p>\n<\/div>\n
\"\"<\/p>\n
\u2013 M\u1edf c\u1ed5ng (VD: 80) tr\u00ean zone \u0111ang active (Public Zone)<\/p>\n
\n
firewall-cmd --zone=public --add-port=80\/tcp --permanent<\/pre>\n
 <\/p>\n<\/div>\n
\u2013 Sau \u0111\u00f3 \u0111\u1ec3 lu\u1eadt m\u1edbi c\u00f3 hi\u1ec7u l\u1ef1c c\u1ea7n reload l\u1ea1i t\u01b0\u1eddng l\u1eeda b\u1eb1ng command sau:<\/p>\n
\n
firewall-cmd --reload<\/pre>\n
 <\/p>\n<\/div>\n
\"\"<\/p>\n
\u0110\u1ec3 ki\u1ec3m tra vi\u1ec7c m\u1edf port \u0111\u00e3 th\u00e0nh c\u00f4ng hay ch\u01b0a, truy c\u1eadp tr\u1ef1c ti\u1ebfp b\u1eb1ng domain ho\u1eb7c \u0111\u1ecba ch\u1ec9 IP c\u1ee7a Server \u0111\u1ec3 xem m\u00e1y ch\u1ee7 web \u0111\u00e3 ho\u1ea1t \u0111\u1ed9ng ch\u01b0a.<\/p>\n
M\u1edf c\u1ed5ng tr\u00ean CentOS 7\/8 ch\u1ec9 cho IP nh\u1ea5t \u0111\u1ecbnh.<\/h2>\n
V\u1edbi c\u00e1ch tr\u00ean ai c\u0169ng c\u00f3 th\u1ec3 truy c\u1eadp t\u1edbi server c\u1ee7a b\u1ea1n, nh\u01b0ng n\u1ebfu b\u1ea1n mu\u1ed1n t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt th\u00ec b\u1ea1n c\u00f3 th\u1ec3 ch\u1ec9 c\u1ea7n thi\u1ebft l\u1eadp cho 1 \u0111\u1ecba ch\u1ec9 IP ho\u1eb7c 1 d\u1ea3i IP nh\u1ea5t \u0111\u1ecbnh \u0111\u01b0\u1ee3c ph\u00e9p truy c\u1eadp.<\/p>\n
\n
firewall-cmd --permanent --zone=public --add-rich-rule='\r\nrule family=\"ipv4\"\r\nsource address=\"1.2.3.4\/32\"\r\nport protocol=\"tcp\" port=\"80\" accept'<\/pre>\n
 <\/p>\n<\/div>\n
Ho\u1eb7c s\u1eeda tr\u1ef1c ti\u1ebfp file config c\u1ee7a firewall \u1edf \u0111\u1ecba ch\u1ec9:\u00a0\/etc\/firewalld\/zones\/public<\/span>.xml<\/strong><\/p>\n
\n
<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<zone>\r\n<short>Public<\/short>\r\n<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.<\/description>\r\n<service name=\"dhcpv6-client\"\/>\r\n<service name=\"ssh\"\/>\r\n<rule family=\"ipv4\">\r\n<source address=\"1.2.3.4\"\/>\r\n<port protocol=\"tcp\" port=\"80\"\/>\r\n<accept\/>\r\n<\/rule>\r\n<rule family=\"ipv4\">\r\n<source address=\"1.2.3.5\"\/>\r\n<port protocol=\"tcp\" port=\"80\"\/>\r\n<accept\/>\r\n<\/rule>\r\n<\/zone><\/pre>\n
 <\/p>\n<\/div>\n
V\u00e0 nh\u1edb l\u00e0 ph\u1ea3i reload l\u1ea1i firewall \u0111\u1ec3 \u00e1p d\u1ee5ng lu\u1eadt m\u1edbi<\/p>\n
\n
firewall-cmd --reload<\/pre>\n
 <\/p>\n<\/div>\n
\u0110\u1ec3 m\u1edf c\u1ed5ng cho Windows Server, c\u00e1c b\u1ea1n vui l\u00f2ng tham kh\u1ea3o b\u00e0i vi\u1ebft n\u00e0y:\u00a0H\u01b0\u1edbng d\u1eabn m\u1edf c\u1ed5ng (open port) tr\u00ean Windows Server<\/p>\n","protected":false},"excerpt":{"rendered":"
M\u00ecnh c\u00f3 m\u1ed9t m\u00e1y ch\u1ee7\u00a0CentOS 7, tr\u00ean m\u00e1y ch\u1ee7 c\u00e0i d\u1ecbch v\u1ee5\u00a0Apache Web Server\u00a0v\u00e0 l\u1eafng nghe tr\u00ean c\u1ed5ng 80. Nh\u01b0ng khi c\u00e0i \u0111\u1eb7t xong th\u00ec kh\u00f4ng th\u1ec3 truy c\u1eadp \u0111\u01b0\u1ee3c c\u1ed5ng 80 th\u00f4ng qua domain v\u00e0 \u0111\u1ecba ch\u1ec9 IP c\u1ee7a m\u00e1y ch\u1ee7. (\u00c1p d\u1ee5ng \u0111\u01b0\u1ee3c c\u1ea3 v\u1edbi CentOS 8) Nguy\u00ean nh\u00e2n l\u00e0 do\u00a0t\u01b0\u1eddng l\u1eeda\u00a0(Firewall) tr\u00ean […]<\/p>\n","protected":false},"author":4,"featured_media":16424,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"footnotes":""},"tags":[],"ht_kb_category":[17],"class_list":["post-5033","ht_kb","type-ht_kb","status-publish","format-standard","has-post-thumbnail","hentry","ht_kb_category-huong-dan-ve-cloud-vps"],"_links":{"self":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/ht_kb\/5033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/ht_kb"}],"about":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/comments?post=5033"}],"version-history":[{"count":0,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/ht_kb\/5033\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/media\/16424"}],"wp:attachment":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/media?parent=5033"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/tags?post=5033"},{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/ht_kb_category?post=5033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}