阿里云 自动设置安全组IP
为了安全,阿里云的服务器有安全组可以设置,比如3389 21 端口,这些端口不需要对普通用户开放,只需要对管理员开放,那么如果本地IP变了,那就需要先获取自己的IP,再登录阿里云的控制台进行设置,这样很麻烦。我看到了阿里云有API,于是写了一个自动替换安全组IP的代码。代码如下
public static function createClient($accessKeyId, $accessKeySecret){ $config = new Config([ // 您的AccessKey ID "accessKeyId" => $accessKeyId, // 您的AccessKey Secret "accessKeySecret" => $accessKeySecret ]); // 访问的域名 $config->endpoint = "ecs-cn-hangzhou.aliyuncs.com"; return new Ecs($config); } public static function main(){ $client = self::createClient(self::accessKeyId(),self::accessKeySecret()); $describeSecurityGroupAttributeRequest = new DescribeSecurityGroupAttributeRequest([ "securityGroupId" => self::securityGroupId(), "regionId" => self::regionId() ]); $result = $client->describeSecurityGroupAttribute($describeSecurityGroupAttributeRequest); foreach($result->body->permissions->permission as $data){ if($data->portRange == self::portRange()){ $revokeSecurityGroupRequest = new RevokeSecurityGroupRequest([ "regionId" => self::regionId(), "securityGroupId" => self::securityGroupId(), "portRange" => self::portRange(), "ipProtocol" => self::ipProtocol(), "sourceCidrIp" => "".$data->sourceCidrIp."" ]); $client->revokeSecurityGroup($revokeSecurityGroupRequest); } } $authorizeSecurityGroupRequest = new AuthorizeSecurityGroupRequest([ "securityGroupId" => self::securityGroupId(), "ipProtocol" => self::ipProtocol(), "portRange" => self::portRange(), "sourceCidrIp" => self::get_client_ip(), "regionId" => self::regionId(), "description" => "".date("Y.m.d")."" ]); // 复制代码运行请自行打印 API 的返回值 $client->authorizeSecurityGroup($authorizeSecurityGroupRequest); return self::get_client_ip(); } public static function get_client_ip($type = 0){ $type = $type ? 1 : 0; static $ip = null; if (null !== $ip) { return $ip[$type]; } if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); $pos = array_search('unknown', $arr); if (false !== $pos) { unset($arr[$pos]); } $ip = trim($arr[0]); } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (isset($_SERVER['REMOTE_ADDR'])) { $ip = $_SERVER['REMOTE_ADDR']; } // IP地址合法验证 $long = sprintf("%u", ip2long($ip)); $ip = $long ? array($ip, $long) : array('0.0.0.0', 0); return $ip[$type]; }
流程如下:先查询指定端口的IP,也就是以前插入的IP,然后删除这些IP,最后重新加当前的IP到安全组。