在四个 Win Server 2008 R2 机器上,我们安装了 MS Deploy.它侦听端口 80 和 8172,这使网络上的所有其他材料都怀疑在 IIS 7 上运行时如何无需更改端口 80 默认值.
On four Win Server 2008 R2 boxes, we have MS Deploy installed. It listens on port 80 and 8172 which throws into doubt all the other material out there on the web about how there's no need to change the port 80 default when running on IIS 7.
我无法理解.为什么它同时使用两个端口?我无法按照说明将其移至 8172,因为它已经在那里注册了一些东西.
I can't understand it. Why is it using BOTH ports? I can't follow the instructions to move it to 8172 since it has something already registered there.
它会导致两个问题:1) 我想关闭一个额外的攻击面 2) 它使我们的负载平衡器无法检测到 IIS 何时停止并且客户从 MsDepSvc 获得 404!
There are two problems it causes: 1) an extra attack surface I want to close 2) it keeps our load-balancer from detecting when IIS is stopped and customers get 404s from MsDepSvc!
太傻了.
推荐答案我认为我已经解决了.
世界上有两个 Web 部署.与 Web 管理服务 (WMSvc) 一起安装的一个,人们将其称为 Web Deploy,并通过 Visual Studio 通过 :8172/msdeploy.axd 使用它,然后是 Web Deploy,这是您安装的额外内容,允许从公共 Internet 发布.
There are two Web Deploys in the world. One that is installed with Web Management Service (WMSvc) and people call it Web Deploy anyway and use it via Visual Studio via :8172/msdeploy.axd and then there's Web Deploy, the extra thing you install to allow publishing from the public internet.
一直以来,我和我的同事以及在不同公司共事过的人都在不必要地安装 Web Deploy,然后甚至没有使用它.
All this time, me and my colleagues and people I've worked with at different companies, have all been needlessly installing Web Deploy and then, not even using it.
这是我的理论.现在我将去禁用 MsDepSvc,看看它是否成立.
That's my theory. And now I will go and disable MsDepSvc and see if it holds.
更新 1 - 这是不正确的.有点.
在一台新服务器上,我认为 Web Deploy 是 WMSvc 内置的,在我安装 Web Deploy 之前,我一直从 msdeploy.exe 收到 404.7 错误 - 因为一个名叫 Richard 的好人说Web Deploy 向 WMSvc 注册了一个处理程序".
On a new server, thinking that Web Deploy is built-in to WMSvc, I kept getting 404.7 errors from msdeploy.exe until I installed Web Deploy - because a nice fella named Richard said "Web Deploy registers a handler with WMSvc".
哈!因此,部署本身并不是 WMSvc 的一部分.在安装 Web Deploy 之后,您最终会得到两个部署处理程序,一个在 WMSvc 中,另一个在专用的 Windows 服务 MsDepSvc 中,您可以禁用 MsDepSvc 以防止它占用端口 80 并欺骗您的负载均衡器以为服务器已启动当它倒下时!
Ha! So deployment is not natively a part of WMSvc. And after installing Web Deploy, you end up with two deployment handlers, one in WMSvc and the other a dedicated Windows Service MsDepSvc and you can disable the MsDepSvc to prevent it sucking on port 80 and fooling your load-balancer into thinking the server is up when its down!
通过 MSDeploy.exe 从 WMSvc 获取 404
更多推荐
为什么 Web Deploy Agent Service 监听 80 和 8172 端口
发布评论