CentOS8.1 部署.net core 3.1 環境，涉及 aspnetcore-runtime、防火牆、selinux設置、nginx

#注冊微軟產品倉庫 列表 https://packages.microsoft.com/config/centos
rpm -Uvh https://packages.microsoft.com/config/centos/8/packages-microsoft-prod.rpm
#搜索
yum search aspnetcore-runtime*
#安裝
yum install -y aspnetcore-runtime-3.1.x86_64

-- -----------------------------------------------------------------------------
#yum remove aspnet*
#查看安裝nginx
rpm -qa | grep nginx
#安裝nginx
yum install -y nginx
#啟動nginx
systemctl start nginx

#nginx 配置目錄 /etc/nginx/ 有問題查看日志

-- -----------------------------------------------------------------------------

#防火牆
firewall-cmd --zone=public --list-ports
firewall-cmd --zone=public --add-port=8888/tcp --permanent
firewall-cmd --zone=public --add-port=5555/tcp --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload

#查詢firewall-cmd --zone=public --query-port=3306/tcp
#關閉 firewall-cmd --zone=public --remove-port=80/tcp --permanent

-- -----------------------------------------------------------------------------
#查看 selinux 狀態
getenforce
#1. enforcing：強制模式。違反 SELinux 規則的行為將被阻止並記錄到日志中。
#2. permissive：寬容模式。違反 SELinux 規則的行為只會記錄到日志中。一般為調試用。
#3. disabled：關閉 SELinux。

#1、臨時關閉selinux
#setenforce 0 ##設置SELinux 成為permissive模式
#setenforce 1 ##設置SELinux 成為enforcing模式
#2、永久關閉selinux,
#修改/etc/selinux/config 文件
#將SELINUX=enforcing改為SELINUX=disabled

-- -----------------------------------------------------------------------------
#selinx 啟用端口
#selinx設置 selinux默認只允許80,81,443,8008,8009,8443,9000用作HTTP端口使用
#安裝一個tab鍵補齊二級命令功能工具bash-completion
yum -y install bash-completion

#安裝 semanage
#查找 semanage 命令是哪個軟件包提供此命令
yum provides semanage

#安裝
yum install policycoreutils-python-utils-2.9-3.el8.noarch

#查看下http允許訪問的端口：
semanage port -l | grep http_port_t
#查看 端口占用情況
semanage port -l | grep 8888

#將需要使用的端口 8888 加入到端口列表中：
semanage port -a -t http_port_t -p tcp 8888
semanage port -a -t http_port_t -p tcp 5555

-- ----------------------------------------------------
#nginx 配置文件 端口轉發
server {
listen 8888;
server_name localhost;

location / {
proxy_pass http://localhost:5555;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

#nginx做端口轉發時如報以下錯誤
2020/03/24 01:56:45 [crit] 2672#0: *1 connect() to 127.0.0.1:5555 failed (13: Permission denied) while connecting to upstream, client: 192.168.0.104, server: localhost, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:5555/", host: "192.168.0.105:8888"

2020/03/24 01:56:45 [crit] 2672#0: *1 connect() to [::1]:5555 failed (13: Permission denied) while connecting to upstream, client: 192.168.0.104, server: localhost, request: "GET / HTTP/1.1", upstream: "http://[::1]:5555/", host: "192.168.0.105:8888"

2020/03/24 01:56:45 [error] 2672#0: *1 no live upstreams while connecting to upstream, client: 192.168.0.104, server: localhost, request: "GET /favicon.ico HTTP/1.1", upstream: "http://localhost/favicon.ico", host: "192.168.0.105:8888", referrer: "http://192.168.0.105:8888/"

則設置如下

setsebool -P httpd_can_network_connect 1
#setsebool 設置說明
https://www.cnblogs.com/pengyunjing/p/10663135.html

-- --------------------------------------------------------
以上 可以通過IP:8888或IP:5555訪問