我在用主旋律用于 Django 应用上的错误报告。我的应用在装有 Ubuntu 15.10 的服务器上运行,并使用 UFW 来确保防火墙安全。
不幸的是,防火墙还阻止 opbeat 将错误报告从我的服务器发送到他们的云。Opbeat 的支持人员告诉我他们的接口通过哪个端口连接,我允许从该端口进行所有传入和传出流量。
此外,我允许了他们当前 IP 地址的流量。由于他们使用 AWS,因此他们拥有动态 IP,因此这只是一个临时解决方案。但是,即使允许当前 IP,防火墙仍然不允许错误消息通过。
还有谁使用过 opbeat 和 ufw 并且有解决方案吗?
谢谢!
编辑
以下是按要求输出的结果sudo ufw status verbose。我已将其截断以删除与 opbeat 无关的任何 IP。此外,supervisor/gunicorn 在端口 9000 上运行我的应用程序,并且我在端口 8081 上为该应用程序设置了 varnish 缓存。这些是非标准的,因此值得一提。
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
80/tcp (Nginx HTTP) ALLOW IN Anywhere
443/tcp (Nginx HTTPS) ALLOW IN Anywhere
52.22.203.50 ALLOW IN Anywhere
52.22.0.0/16 ALLOW IN Anywhere
Anywhere ALLOW IN 52.22.0.0/16
54.165.0.0/16 ALLOW IN Anywhere
Anywhere ALLOW IN 54.165.0.0/16
Anywhere ALLOW IN 54.165.156.121
54.165.156.121 ALLOW IN Anywhere
52.4.105.210 ALLOW IN Anywhere
Anywhere ALLOW IN 52.4.105.210
8081 ALLOW IN Anywhere
Anywhere ALLOW IN 52.4.0.0/16
52.4.0.0/16 ALLOW IN Anywhere
Anywhere ALLOW IN 52.4.105.0/24
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
80/tcp (Nginx HTTP (v6)) ALLOW IN Anywhere (v6)
443/tcp (Nginx HTTPS (v6)) ALLOW IN Anywhere (v6)
8081 (v6) ALLOW IN Anywhere (v6)
52.22.203.0/24 DENY OUT Anywhere
443 ALLOW OUT Anywhere
80 ALLOW OUT Anywhere
445 ALLOW OUT Anywhere
8010 ALLOW OUT Anywhere
465 ALLOW OUT Anywhere
22 ALLOW OUT Anywhere
9000 ALLOW OUT Anywhere
8081 ALLOW OUT Anywhere
443 (v6) ALLOW OUT Anywhere (v6)
80 (v6) ALLOW OUT Anywhere (v6)
445 (v6) ALLOW OUT Anywhere (v6)
8010 (v6) ALLOW OUT Anywhere (v6)
465 (v6) ALLOW OUT Anywhere (v6)
22 (v6) ALLOW OUT Anywhere (v6)
9000 (v6) ALLOW OUT Anywhere (v6)
8081 (v6) ALLOW OUT Anywhere (v6)
答案1
您有一个拒绝 52.22 的规则,可能会阻止发往 opbeat 的出站流量。我建议删除该拒绝规则。