TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-11-03 15:00:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

Linux下自动添加端口到Firewalld

Browse Source
This commit is contained in:
GoEdgeLab
2022-04-19 19:35:50 +08:00
parent 682240a202
commit e9521a3cf9
3 changed files with 63 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
internal/nodes/api_node.go
View File

@@ -349,10 +349,18 @@ func (this *APINode) listenPorts(apiNode *models.APINode) (isListening bool) {
remotelogs.Error("API_NODE", "decode http config: "+err.Error()) remotelogs.Error("API_NODE", "decode http config: "+err.Error())
return return
} }
var ports = []int{}
isListening = false isListening = false
if httpConfig != nil && httpConfig.IsOn && len(httpConfig.Listen) > 0 { if httpConfig != nil && httpConfig.IsOn && len(httpConfig.Listen) > 0 {
for _, listen := range httpConfig.Listen { for _, listen := range httpConfig.Listen {
for _, addr := range listen.Addresses() { for _, addr := range listen.Addresses() {
// 收集Port
_, port, _ := net.SplitHostPort(addr)
var portInt = types.Int(port)
if portInt > 0 && !lists.ContainsInt(ports, portInt) {
ports = append(ports, portInt)
}
listener, err := net.Listen("tcp", addr) listener, err := net.Listen("tcp", addr)
if err != nil { if err != nil {
remotelogs.Error("API_NODE", "listening '"+addr+"' failed: "+err.Error()+", we will try to listen port only") remotelogs.Error("API_NODE", "listening '"+addr+"' failed: "+err.Error()+", we will try to listen port only")
@@ -401,6 +409,13 @@ func (this *APINode) listenPorts(apiNode *models.APINode) (isListening bool) {
for _, listen := range httpsConfig.Listen { for _, listen := range httpsConfig.Listen {
for _, addr := range listen.Addresses() { for _, addr := range listen.Addresses() {
// 收集Port
_, port, _ := net.SplitHostPort(addr)
var portInt = types.Int(port)
if portInt > 0 && !lists.ContainsInt(ports, portInt) {
ports = append(ports, portInt)
}
listener, err := net.Listen("tcp", addr) listener, err := net.Listen("tcp", addr)
if err != nil { if err != nil {
remotelogs.Error("API_NODE", "listening '"+addr+"' failed: "+err.Error()+", we will try to listen port only") remotelogs.Error("API_NODE", "listening '"+addr+"' failed: "+err.Error()+", we will try to listen port only")
@@ -440,6 +455,13 @@ func (this *APINode) listenPorts(apiNode *models.APINode) (isListening bool) {
if restHTTPConfig != nil && restHTTPConfig.IsOn && len(restHTTPConfig.Listen) > 0 { if restHTTPConfig != nil && restHTTPConfig.IsOn && len(restHTTPConfig.Listen) > 0 {
for _, listen := range restHTTPConfig.Listen { for _, listen := range restHTTPConfig.Listen {
for _, addr := range listen.Addresses() { for _, addr := range listen.Addresses() {
// 收集Port
_, port, _ := net.SplitHostPort(addr)
var portInt = types.Int(port)
if portInt > 0 && !lists.ContainsInt(ports, portInt) {
ports = append(ports, portInt)
}
listener, err := net.Listen("tcp", addr) listener, err := net.Listen("tcp", addr)
if err != nil { if err != nil {
remotelogs.Error("API_NODE", "listening REST 'http://"+addr+"' failed: "+err.Error()) remotelogs.Error("API_NODE", "listening REST 'http://"+addr+"' failed: "+err.Error())
@@ -473,6 +495,13 @@ func (this *APINode) listenPorts(apiNode *models.APINode) (isListening bool) {
len(restHTTPSConfig.SSLPolicy.Certs) > 0 { len(restHTTPSConfig.SSLPolicy.Certs) > 0 {
for _, listen := range restHTTPSConfig.Listen { for _, listen := range restHTTPSConfig.Listen {
for _, addr := range listen.Addresses() { for _, addr := range listen.Addresses() {
// 收集Port
_, port, _ := net.SplitHostPort(addr)
var portInt = types.Int(port)
if portInt > 0 && !lists.ContainsInt(ports, portInt) {
ports = append(ports, portInt)
}
listener, err := net.Listen("tcp", addr) listener, err := net.Listen("tcp", addr)
if err != nil { if err != nil {
remotelogs.Error("API_NODE", "listening REST 'https://"+addr+"' failed: "+err.Error()) remotelogs.Error("API_NODE", "listening REST 'https://"+addr+"' failed: "+err.Error())
@@ -500,6 +529,11 @@ func (this *APINode) listenPorts(apiNode *models.APINode) (isListening bool) {
} }
} }
// add to local firewall
if len(ports) > 0 {
utils.AddPortsToFirewall(ports)
}
return return
} }

2
internal/setup/sql.go
View File

File diff suppressed because one or more lines are too long

28
internal/utils/firewall.go Normal file
View File

@@ -0,0 +1,28 @@
// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
package utils
import (
"github.com/TeaOSLab/EdgeAPI/internal/remotelogs"
"github.com/iwind/TeaGo/types"
"os/exec"
"runtime"
)
func AddPortsToFirewall(ports []int) {
for _, port := range ports {
// Linux
if runtime.GOOS == "linux" {
// firewalld
firewallCmd, _ := exec.LookPath("firewall-cmd")
if len(firewallCmd) > 0 {
err := exec.Command(firewallCmd, "--add-port="+types.String(port)+"/tcp").Run()
if err == nil {
remotelogs.Println("API_NODE", "add port '"+types.String(port)+"' to firewalld")
_ = exec.Command(firewallCmd, "--add-port="+types.String(port)+"/tcp", "--permanent").Run()
}
}
}
}
}