修改 0.0.0.0/0为交换机的网段

瑶喜 · 瑶喜 · commit 2312731a8b05 · 2025-12-19T11:29:31.000+08:00
diff --git a/solution/tech-solution/ecs-deploy-deepsite-application/main.tf b/solution/tech-solution/ecs-deploy-deepsite-application/main.tf
@@ -39,7 +39,9 @@ resource "alicloud_security_group_rule" "allow_tcp_8080" {
   port_range        = "8080/8080"
   priority          = 1
   security_group_id = alicloud_security_group.security_group.id
-  cidr_ip           = "0.0.0.0/0"
+  cidr_ip           = "192.168.0.0/24"
+  # 如需允许从公网访问ECS，请将cidr_ip修改为0.0.0.0/0
+  # cidr_ip           = "0.0.0.0/0"
 }
 
 # 安全组入站规则（允许 TCP 80 端口 - 可选，用于 Nginx 部署生成的网页）
@@ -51,7 +53,9 @@ resource "alicloud_security_group_rule" "allow_tcp_80" {
   port_range        = "80/80"
   priority          = 1
   security_group_id = alicloud_security_group.security_group.id
-  cidr_ip           = "0.0.0.0/0"
+  cidr_ip           = "192.168.0.0/24"
+  # 如需允许从公网访问ECS，请将cidr_ip修改为0.0.0.0/0
+  # cidr_ip           = "0.0.0.0/0"
 }
 
 # 安全组入站规则（允许 TCP 443 端口 - 可选，用于 HTTPS 访问）
@@ -63,7 +67,9 @@ resource "alicloud_security_group_rule" "allow_tcp_443" {
   port_range        = "443/443"
   priority          = 1
   security_group_id = alicloud_security_group.security_group.id
-  cidr_ip           = "0.0.0.0/0"
+  cidr_ip           = "192.168.0.0/24"
+  # 如需允许从公网访问ECS，请将cidr_ip修改为0.0.0.0/0
+  # cidr_ip           = "0.0.0.0/0"
 }
 
 # ECS实例资源
