CentOS8.1 部署.net core 3.1 环境，涉及 aspnetcore-runtime、防火墙、selinux设置、nginx

#注册微软产品仓库 列表 https://packages.microsoft.com/config/centos

rpm -Uvh https://packages.microsoft.com/config/centos/8/packages-microsoft-prod.rpm

#搜索

yum search aspnetcore-runtime*

#安装

yum install -y aspnetcore-runtime-3.1.x86_64

-- -----------------------------------------------------------------------------

#yum remove aspnet*

#查看安装nginx

rpm -qa | grep nginx

#安装nginx

yum install -y nginx

#启动nginx

systemctl start nginx

#nginx 配置目录 /etc/nginx/ 有问题查看日志

-- -----------------------------------------------------------------------------

#防火墙

firewall-cmd --zone=public --list-ports

firewall-cmd --zone=public --add-port=8888/tcp --permanent

firewall-cmd --zone=public --add-port=5555/tcp --permanent

firewall-cmd --zone=public --add-port=80/tcp --permanent

firewall-cmd --reload

#查询firewall-cmd --zone=public --query-port=3306/tcp

#关闭 firewall-cmd --zone=public --remove-port=80/tcp --permanent

-- -----------------------------------------------------------------------------

#查看 selinux 状态

getenforce

#1. enforcing：强制模式。违反 SELinux 规则的行为将被阻止并记录到日志中。

#2. permissive：宽容模式。违反 SELinux 规则的行为只会记录到日志中。一般为调试用。

#3. disabled：关闭 SELinux。

#1、临时关闭selinux

#setenforce 0 ##设置SELinux 成为permissive模式

#setenforce 1 ##设置SELinux 成为enforcing模式

#2、永久关闭selinux,

#修改/etc/selinux/config 文件

#将SELINUX=enforcing改为SELINUX=disabled

-- -----------------------------------------------------------------------------

#selinx 启用端口

#selinx设置 selinux默认只允许80,81,443,8008,8009,8443,9000用作HTTP端口使用

#安装一个tab键补齐二级命令功能工具bash-completion

yum -y install bash-completion

#安装 semanage

#查找 semanage 命令是哪个软件包提供此命令

yum provides semanage

#安装

yum install policycoreutils-python-utils-2.9-3.el8.noarch

#查看下http允许访问的端口：

semanage port -l | grep http_port_t

#查看 端口占用情况

semanage port -l | grep 8888

#将需要使用的端口 8888 加入到端口列表中：

semanage port -a -t http_port_t -p tcp 8888

semanage port -a -t http_port_t -p tcp 5555

-- ----------------------------------------------------

#nginx 配置文件 端口转发

server {

listen 8888;

server_name localhost;

location / {

proxy_pass http://localhost:5555;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection keep-alive;

proxy_set_header Host $host;

proxy_cache_bypass $http_upgrade;

}

}

#nginx做端口转发时如报以下错误

2020/03/24 01:56:45 [crit] 2672#0: *1 connect() to 127.0.0.1:5555 failed (13: Permission denied) while connecting to upstream, client: 192.168.0.104, server: localhost, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5555/", host: "192.168.0.105:8888"

2020/03/24 01:56:45 [crit] 2672#0: *1 connect() to [::1]:5555 failed (13: Permission denied) while connecting to upstream, client: 192.168.0.104, server: localhost, request: "GET / HTTP/1.1", upstream: "http://[::1]:5555/", host: "192.168.0.105:8888"

2020/03/24 01:56:45 [error] 2672#0: *1 no live upstreams while connecting to upstream, client: 192.168.0.104, server: localhost, request: "GET /favicon.ico HTTP/1.1", upstream: "http://localhost/favicon.ico", host: "192.168.0.105:8888", referrer: "http://192.168.0.105:8888/"

则设置如下

setsebool -P httpd_can_network_connect 1

#setsebool 设置说明

https://www.cnblogs.com/pengyunjing/p/10663135.html

-- --------------------------------------------------------

以上 可以通过IP:8888或IP:5555访问