分类:Network Security

nginx scrapyd访问认证 – address already in use

sudo netstat -ntpl,sudo netstat -tulpn两个命令:

(boss) [chen@VM_0_3_centos conf.d]$ sudo netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      5013/nginx: worker  
tcp        0      0 0.0.0.0:6801            0.0.0.0:*               LISTEN      5013/nginx: worker  
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      22677/sshd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1310/master         
tcp6       0      0 :::80                   :::*                    LISTEN      5013/nginx: worker  
tcp6       0      0 ::1:25                  :::*                    LISTEN      1310/master         
tcp6       0      0 :::9000                 :::*                    LISTEN      29245/dockerd       
tcp6       0      0 :::2377                 :::*                    LISTEN      29245/dockerd       
tcp6       0      0 :::7946                 :::*                    LISTEN      29245/dockerd

(boss) [chen@VM_0_3_centos conf.d]$ sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:6800          0.0.0.0:*               LISTEN      5237/python         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      22677/sshd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1310/master         
tcp6       0      0 ::1:25                  :::*                    LISTEN      1310/master         
tcp6       0      0 :::9000                 :::*                    LISTEN      29245/dockerd       
tcp6       0      0 :::2377                 :::*                    LISTEN      29245/dockerd       
tcp6       0      0 :::7946                 :::*                    LISTEN      29245/dockerd       
udp        0      0 0.0.0.0:4789            0.0.0.0:*                           -                   
udp        0      0 0.0.0.0:68              0.0.0.0:*                           927/dhclient        
udp        0      0 172.16.0.3:123          0.0.0.0:*                           4636/ntpd           
udp        0      0 127.0.0.1:123           0.0.0.0:*                           4636/ntpd           
udp        0      0 0.0.0.0:514             0.0.0.0:*                           27343/rsyslogd      
udp6       0      0 :::7946                 :::*                                29245/dockerd       
udp6       0      0 fe80::5054:ff:fe36::123 :::*                                4636/ntpd           
udp6       0      0 ::1:123                 :::*                                4636/ntpd           
udp6       0      0 :::514                  :::*                                27343/rsyslogd

技术问题还是stackoverflow靠谱:https://stackoverflow.com/questions/42303401/nginx-will-not-start-address-already-in-use

scrapyd访问认证nginx反向代理:

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
    server {
        listen 6801;
        server_name localhost;
        #charset koi8-r;
        #access_log logs/host.access.log main;
        location / {
            proxy_pass http://127.0.0.1:6800/;
            auth_basic "Restricted";
            auth_basic_user_file /etc/nginx/conf.d/pswdScrapyd;
        }

    
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#        location = /404.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#        location = /50x.html {
#        }
#    }

}

scrapyd.conf需要加入:

[deploy]
url = http://127.0.0.1:6801/
project = jingdong
username = user
password = password

这里的用户名密码是htpasswd生成的,比如sudo htpasswd -c password user

centos一键安装denyhosts

denyhosts手动安装比较繁琐,我自己安装过几次还需要经常查看History。这里放个非常方便的一键脚本吧,以前用Lnmp建过博客网站,lnmp包里就有这些工具,非常好用。这年头无聊的人太多了,说不准哪天你的服务器就被别人暴力破解了。

wget http://soft.vpser.net/lnmp/lnmp1.4beta.tar.gz && tar zxf lnmp1.4beta.tar.gz && cd lnmp1.4/tools/
工具箱内容:
backup.sh  check502.sh  cut_nginx_logs.sh  denyhosts_removeip.sh  denyhosts.sh  fail2ban.sh  remove_disable_function.sh  remove_open_basedir_restriction.sh  reset_mysql_root_password.sh