极客观点
项目管理
HarmonyOS
同样的阿里云环境的两台服务器
A:
[root@izwz93tphuqvc71uly4gr2F ~]# wget https://jingyan.baidu.com/article/7908e85c725159af481ad2f7.html
--2018-03-13 16:18:43-- https://jingyan.baidu.com/article/7908e85c725159af481ad2f7.html
Resolving jingyan.baidu.com (jingyan.baidu.com)... 220.181.164.104, 106.39.162.97
Connecting to jingyan.baidu.com (jingyan.baidu.com)|220.181.164.104|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘7908e85c725159af481ad2f7.html’
[ <=> ] 109,472 680KB/s in 0.2s
2018-03-13 16:18:43 (680 KB/s) - ‘7908e85c725159af481ad2f7.html’ saved [109472]
B:
[root@AY140220152843902sdg46ZsG ~]# wget https://jingyan.baidu.com/article/7908e85c725159af481ad2f7.html
--2018-03-13 16:24:01-- https://jingyan.baidu.com/article/7908e85c725159af481ad2f7.html
Resolving jingyan.baidu.com... 220.181.164.104, 106.39.162.97
Connecting to jingyan.baidu.com|220.181.164.104|:443... failed: Connection timed out.
Connecting to jingyan.baidu.com|106.39.162.97|:443... failed: Connection timed out.
Retrying.
--2018-03-13 16:26:08-- (try: 2) https://jingyan.baidu.com/article/7908e85c725159af481ad2f7.html
Connecting to jingyan.baidu.com|220.181.164.104|:443... failed: Connection timed out.
Connecting to jingyan.baidu.com|106.39.162.97|:443... failed: Connection timed out.
Retrying.
--2018-03-13 16:28:16-- (try: 3) https://jingyan.baidu.com/article/7908e85c725159af481ad2f7.html
Connecting to jingyan.baidu.com|220.181.164.104|:443... failed: Connection timed out.
Connecting to jingyan.baidu.com|106.39.162.97|:443...
简而言之就是,凡需要请求443,就会出现问题。
请求例如wget http://www.acfun.cn是顺利执行的。
于是我查了一下B的openssl
[root@AY140220152843902sdg46ZsG ~]# openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Wed Mar 22 21:43:28 UTC 2017虽然版本很久,但是根据built on来看,是有更新的吧。
顺便附上iptables,我唯一能想到可能关联的。
[root@AY140220152843902d46Z ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere state NEW,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:domain state ESTABLISHED
ACCEPT udp -- anywhere anywhere udp spt:domain state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:webcache state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:urd state ESTABLISHED
ACCEPT udp -- anywhere anywhere udp spt:ntp state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:mysql state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https state
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:urd state NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:ntp state NEW,ESTABLISHED
按说这个应与http的一样才对, state后面也要有
NEW, ESTABLISHED