Shulou(Shulou.com)06/02 Report--

Preface

When we dock with third parties, we will inevitably encounter the problem of whitelist restrictions, resulting in our local development environment is limited, can not call the interface. It is difficult to complete the entire business process.

Analyze the following scenarios:

For example, a third party has a machine whose IP is 1.1.1.1 port 8080.

Formal environment is 1.1.1.1:8080/pro/api

The test environment is 1.1.1.1:8080/test/api

But the third party's machine does not allow any IP to be called. They only allow you to add one machine to the whitelist.

For example, a machine you have online IP is 2.2.2.2 has been added to the whitelist, this is no problem.

But you want to do developers to call their test environment's API, only to find that it can't be called, and you can't write code to debug on 2.2.2.2.

Solution

Springboard service

If 1.1.1.1 cannot be called directly, then let 2.2.2.2 write a service as a springboard, that is, send our request to 2.2.2.2, and then 2.2.2.2 pass it to 1.1.1.1 intact.

Nginx forwarding

This will be much easier than the springboard service. Just 2.2.2.2 enable nginx

Listen 8080 location / test/api/ {proxy_pass 1.1.1.1 proxy_pass 8080;}

Port mapping

Whether it's a springboard service or nginx retweet, we have more to do. So we have to think of another way of thinking. Is 2.2.2.2 whether this machine can forward it for me, just as an intermediary. That is, I asked for 2.2.2.2, and actually I asked for 1.1.1.1, which is actually 1.1.1.1. That is, port mapping. The above two scenarios are only used in http. What if it's another protocol, such as sftp (ssh) ftp. This is the only solution that can do it.

Vi / etc/sysctl.conf is enabled to allow port forwarding. Net.ipv4.ip_forward = 1 (CentOS7 is added in / usr/lib/sysctl.d/50-default.conf) iptables-t nat-A PREROUTING-p tcp-d 2.2.2.2-- dport 8080-j DNAT-- to-destination 1.1.1.1 iptables-t nat-A POSTROUTING-p tcp-s 1.1.1.1-- sport 8080-j SNAT-to-source 2.2.2.2Rich 8080 forward reception

2.2.2.2 8080 forward to 1.1.1.1 8080 (other market Baidu, can also achieve local machine port forwarding)

Service iptables save Save Settings service iptables restart restart Firewall

Summary

Anyway, learn more about Linux, and sometimes you can use Linux knowledge to solve business problems.

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.