一般背景:
我有一台带有多个 LXD 容器的服务器,并且在顶部有一个 HAPROXY,用于根据给定的 url 将流量重定向到良好的容器。
指向的容器是gitlab。
主服务器
端口 22 已开放
server# iptables -L -n |grep 22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
server# netstat -plnt | grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2536/sshd
tcp6 0 0 :::22 :::* LISTEN 2536/sshd
Gitlab 服务器配置
gitlab# cat /etc/hosts
127.0.0.1 gitlab.pub-domain.com gitlab
127.0.0.1 localhost
127.0.1.1 s-302-gitlab # machine name
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
gitlab# cat /etc/resolv.conf
search pub-domain.com
search priv-domain.ovh
nameserver 8.8.8.8
# netstat -tulpn | grep 22
tcp 0 0 127.0.0.1:9229 0.0.0.0:* LISTEN 583/gitlab-workhors
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5094/sshd
tcp6 0 0 :::22 :::* LISTEN 5094/ssh
对所有数据进行 ping
在 gitlab 容器中启动并运行:
gitlab# # ssh -T https://[email protected]
https://[email protected]'s password:
gitlab# ssh -T https://[email protected]
https://[email protected]'s password:
现在转到另一台机器(为了简单起见,我们假设是服务器)并 ping :
server# ping pub-domain.com
PING pub-domain.com (31.7.xx.yy) 56(84) bytes of data.
64 bytes from 31.7.xx.yy (31.7.xx.yy): icmp_seq=1 ttl=64 time=0.588 ms
--- pub-domain.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
server# ping gitlab.pub-domain.com
PING pub-domain.com (31.7.xx.yy) 56(84) bytes of data.
64 bytes from 31.7.xx.yy (31.7.xx.yy): icmp_seq=1 ttl=64 time=0.588 ms
--- pub-domain.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
SSH
server# ssh git@s-302-gitlab
ssh: connect to host s-302-gitlab port 22: Connection refused
server# ssh -T https://[email protected]
ssh: connect to host gitlab.pub-domain.com port 22: Connection refused
server# ssh -T [email protected]
The authenticity of host '192.168.3.200 (192.168.3.200)' can't be established.
ECDSA key fingerprint is SHA256:Pe2vY/8GyG3o6ZkDErTN8Ko+k9veJA9S4wnHvQXSYJk.
Are you sure you want to continue connecting (yes/no)?
知道为什么我只能使用 IP 而不能使用域/URL 进行连接吗?
回复评论
# dig +short s-302-gitlab
# dig +short gitlab.pub-domain.com
pub-domain.com.
31.7.xx.yy
谢谢,