如何解决服务器80端口被运营商封掉问题-如何解决无公网ip如何假设web服务器(作者：技术方案组长-

如何解决服务器80端口被运营商封掉问题如何解决无公网ip如何假设web服务器一.拓扑图二.原理假设:国内web服务器service2的web端口是990国外服务器service1开启了80端口.通过架设虚拟局域网将国内web服务器990端口映射转发到国外服务器80端口上达到访问国内web服务器上的网站且不需要输入端口访问.利用openvpn将service1和service2组建成一个虚拟局域网.虚拟局域网ip需要固定.所以openvpn必须分配给service1虚拟ip是固定的.将service2上的web服务器监听分配给它的虚拟ip.同时service1必须开启80端口,并且开启路由转发功能.当客户端访service1的80端口时.service1就通过路由转发功能将请求包通过虚拟虚拟局域网80端口发送给service2的web端口990上.service2获取到请求后将web数据在通过内网ip的990端口路由转发给service1的80端口上.然后提交给客户端.这样用户访问的就是国内服务器上的网站.解决了服务器无公网ip和运营商未开启80端口如何将网站强制通过80端口发布出去.也同时解决了无固定公网ip的问题Service1和service2的请求速度取决于两者间的网络环境.建议service1和service2使用的是骨干节点网络.且必须是光纤。三.操作步骤（service1和service2以linux系统为主。因为稳定，且设置生效不用重启服务器）1.在service2上架设web服务。#yuminstallhttpdmysql-servermysqlphpphp-mysql–y/安装服务apache和数据库服务及php/#servicehttpdrestart/启动apache服务/#servicemysqldrestart/mysql服务/#chkconfighttpdon/设置apache开机启动/#chkconfigmysqldon/设置mysql开启启动/#vim/etc/httpd/conf/httpd.conf/配置apache/将监听端口修改成990，并保存退出#servicehttpdrestart/启动apache服务/测试：在浏览器中输入网址加端口号看是否架设成功，出现下面内容就说明架设成功。2.在service1上架设openvpn服务器端。#rpm-ivh–yinstallopenvpn/安装服务/#cp-R/usr/share/doc/openvpn-2.2.2/easy-rsa/etc/openvpn#cd/etc/openvpn/easy-rsa/2.0#chmod+x*/先将easy-rsa脚本copy到/etc/openvpn，并添加可执行权限：/#cd/etc/openvpn/easy-rsa/2.0#ln-sopenssl-1.0.0.cnfopenssl.cnf/然后使用easy-rsa的脚本产生证书/#vimvars编辑所需的参数再调用之，也可以默认参数#sourcevars注意：下面这个命令在第一次安装时可以运行，以后在添加客户端时千万别运行，这个命令会清除所有已经生成的证书密钥。#./clean-all/清理所有/#./build-ca/生成服务器端ca证书/Generatinga1024bitRSAprivatekey............++++++..................++++++writingnewprivatekeyto'ca.key'-----Youareabouttobeaskedtoenterinformationthatwillbeincorporatedintoyourcertificaterequest.WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.TherearequiteafewfieldsbutyoucanleavesomeblankForsomefieldstherewillbeadefaultvalue,Ifyouenter'.',thefieldwillbeleftblank.-----CountryName(2lettercode)[CN]:StateorProvinceName(fullname)[SH]:LocalityName(eg,city)[PD]:OrganizationName(eg,company)[zyfmaster]:OrganizationalUnitName(eg,section)[]:zyfmasterCommonName(eg,yournameoryourserver'shostname)[zyfmasterCA]:serverName[]:EmailAddress[905407204@qq.com]:#./build-key-serverserver/生成服务器端密钥key,后面这个server就是服务器名，可以自定义。/Generatinga1024bitRSAprivatekey.......................................++++++.......++++++writingnewprivatekeyto'server.key'-----Youareabouttobeaskedtoenterinformationthatwillbeincorporatedintoyourcertificaterequest.WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.TherearequiteafewfieldsbutyoucanleavesomeblankForsomefieldstherewillbeadefaultvalue,Ifyouenter'.',thefieldwillbeleftblank.-----CountryName(2lettercode)[CN]:StateorProvinceName(fullname)[SH]:LocalityName(eg,city)[PD]:OrganizationName(eg,company)[zyfmaster]:OrganizationalUnitName(eg,section)[]:zyfmasterCommonName(eg,yournameoryourserver'shostname)[server]:serverName[]:EmailAddress[905407204@qq.com]:Pleaseenterthefollowing'extra'attributestobesentwithyourcertificaterequestAchallengepassword[]:abcd1234Anoptionalcompanyname[]:zyfmasterUsingconfigurationfrom/etc/openvpn/2.0/openssl.cnfCheckthattherequestmatchesthesignatureSignatureokTheSubject'sDistinguishedNameisasfollowscountryName:PRINTABLE:'CN'#可以默认也可以根据实际情况填写stateOrProvinceName:PRINTABLE:'SH'#可以默认也可以根据实际情况填写localityName:PRINTABLE:'PD'#可以默认也可以根据实际情况填写organizationName:PRINTABLE:'zyfmaster'#可以默认也可以根据实际情况填写organizationalUnitName:PRINTABLE:'zyfmaster'#可以默认也可以根据实际情况填写commonName:PRINTABLE:'server'#可以默认也可以根据实际情况填写emailAddress:IA5STRING:'905407204@qq.com'#可以默认也可以根据实际情况填写CertificateistobecertifieduntilDec204:14:342022GMT(3650days)Signthecertificate?[y/n]:y#这里注意一定要选择y，否则证书生成的是空证书1outof1certificaterequestscertified,commit?[y/n]y#这里注意一定要选择y否则证书生成的是空证书Writeoutdatabasewith1newentriesDataBaseUpdated/服务器端证书生成成功/#./build-keyclient1/生成客户端key后面这个client1就是客户端名，可以自定义/Generatinga1024bitRSAprivatekey............++++++........................................................++++++writingnewprivatekeyto'client1.key'-----Youareabouttobeaskedtoenterinformationthatwillbeincorporatedintoyourcertificaterequest.WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.TherearequiteafewfieldsbutyoucanleavesomeblankForsomefieldstherewillbeadefaultvalue,Ifyouenter'.',thefieldwillbeleftblank.-----CountryName(2lettercode)[CN]:StateorProvinceName(fullname)[SH]:LocalityName(eg,city)[PD]:OrganizationName(eg,company)[zyfmaster]:OrganizationalUnitName(eg,section)[]:zyfmasterCommonName(eg,yournameoryourserver'shostname)[client1]:client1#重要:每个不同的client生成的证书,名字必须不同.Name[]:EmailAddress[905407204@qq.com]:Pleaseenterthefollowing'extra'attributestobesentwithyourcertificaterequestAchallengepassword[]:abcd1234Anoptionalcompanyname[]:zyfmasterUsingconfigurationfrom/etc/openvpn/2.0/openssl.cnfCheckthattherequestmatchesthesignatureSignatureokTheSubject'sDistinguishedNameisasfollowscountryName:PRINTABLE:'CN'stateOrProvinceName:PRINTABLE:'SH'#可以默认也可以根据实际情况填写localityName:PRINTABLE:'PD'#可以默认也可以根据实际情况填写organizationName:PRINTABLE:'zyfmaster'#可以默认也可以根据实际情况填写organizationalUnitName:PRINTABLE:'