Detailed explanation of adding security group rules to Alibaba Cloud Server (graphic tutorial)

Overview of Alibaba Cloud Security Group

Sharing of Alibaba Cloud Server Security Group Setting Rules, Tutorial on How to Set Up Port Release in Alibaba Cloud Server Security Group

When purchasing an Alibaba Cloud ECS server, Alibaba Cloud will require customers to set up a security group. If not, Alibaba Cloud will specify a default security group. So, what is this security group? As the name suggests, it is set up for server security. A security group is actually a virtual firewall that allows users to filter visitors to the corresponding server based on ports and IP addresses, thereby forming a security domain on the cloud.

Many friends purchased Alibaba Cloud servers and found that they could not connect to them after installing certain services. There was no error message, and they finally found that it was the security group's fault. If you have a similar situation, you may want to check whether the security group has released the port.

Default security group when purchasing

Users who are unaware of security groups often find that they cannot access websites normally when deploying them on newly purchased servers. This is because when you purchase an Alibaba Cloud ECS server, the Alibaba Cloud default security group only allows access to three ports: ICMP protocol, SSH port 22, and RDP port 3389. Ports 80 or 443 for accessing websites are not allowed.

If website access is required, users need to select http port 80 and https port 443 when purchasing an ECS server.

Configure security groups after purchase

So how do you change the security group configuration after purchasing? Let's take this server as an example to show how to open http port 80.

First, you need to find the corresponding ecs server instance in the Alibaba Cloud console. Click Manage for this instance to enter the instance details interface, then enter the security group for this instance, and then click Configure Rules.

We have seen the default three rules, we click Add Security Group Rule.

Now this server is in a dedicated network, so the network card type here is intranet. If you are using a classic network server, you also need to select the external network inbound direction to set it up.

For protocol type, we choose custom TCP;

Port range: Here you are required to fill in a range, so we need to write 80/80.

Authorization object, here we want to allow everyone to access, so we have to write 0.0.0.0/0

Priority, fill in a number from 1 to 100. The smaller the number, the higher the priority.

Click OK and port 80 in our security group is now open. In addition to the above scenarios, security groups are also used to set up intranet intercommunication to intercept specific IPs and ports, allowing only specific IPs to log in to the server, or only allowing read access to a specific IP on the public network.

Common default ports

• 22: SSH (secure login), SCP (file transfer), port number redirection
• 21: Common ports for FTP (file transfer) protocol proxy servers
• 39000/40000: Common ports for FTP passive mode
• 80/8080/3128/8081/9098: Commonly used port numbers for HTTP proxy servers
• 443: HTTPS (securely transferring web pages) server, the default port number is 443/tcp 443/udp
• 1080: Common port number of SOCKS proxy protocol server
• 23: Telnet (unsecure text transmission)
• 69(udp): TFTP (Trivial File Transfer Protocol)
• 25: SMTP Simple Mail Transfer Protocol (E-mail), default port number
• 110: POP3 Post Office Protocol (E-mail)
• 9080: Webshpere application
• 9090: webshpere management tool
• 3389: Windows RDP remote login
• 1521: Oracle Database
• 3306: MySQL
• 11211:MEMCACHED
• 5432: PostgreSQL
• 1433: MS SQL
• 6379: Redis
• 8888: Initial port of Pagoda panel
• 888: Pagoda panel phpmysql port
  

Detailed description of security group configuration rules

Release a TCP port

Taking Alibaba Cloud International Edition as an example, Alibaba Cloud International Edition does not seem to have a classic network, and the network cards are all intranet IPs, so the security group is also simpler. In the ECS cloud server, go to Management - Network and Security - Security Group - Configure rules.

The following figure demonstrates releasing a TCP 8989 port. Generally, select Custom TCP as the type, fill in 8989/8989 as the port range, and fill in 0.0.0.0/0 as the authorized object. If you are not sure, you can just fill in the form according to the picture.

Allow a range of ports (8080 to 9000)

If you need to release a port range, for example, all ports between 8080 and 9000 need to be released, just fill in 8080/9000 in the port range. The domestic version of Alibaba Cloud's classic network security group is similar. The domestic version of the network card type needs to select the public network access direction.

Open all ports? (Not recommended)

If there is no firewall installed on the server, it is very dangerous to allow all ports to be opened. Please operate with caution. Select All for the protocol type and keep the others unchanged.

Precautions

Port range: Required. If you add a port, such as port 8080, 8080/8080

If you add a range of ports, such as ports 8080 to 9000, 8080/9000

Authorization object: the IP address that is allowed to access
Allow all IPs to access the server 0.0.0.0/0

Allow a single IP to access the server

Allow a single IP segment to access the server

Add multiple IP addresses to access the server, separate the IP addresses with commas (,)

You can also add multiple authorized IPs for the same port number

Summarize

Currently, not only Alibaba Cloud has security groups, but a large number of servers abroad have also launched security group functions. Security groups are actually very simple, but they are easily overlooked.

If your service cannot be used normally, you generally need to check whether the service is started, whether the firewall in the server is open, the security group, etc.

Original URL: http://tencent.yundashi168.com/331.html

This is the end of this article on how to add security group rules to Alibaba Cloud servers (graphic tutorial). For more information about how to add security group rules to Alibaba Cloud, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!