今天在实施一个项目过程中,防火墙厂家已经配置SSH和远程桌面连接的映射关系,为了网络更安全将采取在系统centos 7.9 安装nginx反向代理SSH和远程桌面连接的办法,现将实现过程记录如下:
一、安装nginx(省略)
二、查看./nginx -V
[root@node1 nginx]# cd /usr/local/nginx/
[root@node1 nginx]# ls
client_body_temp  conf  fastcgi_temp  html  logs  proxy_temp  sbin  scgi_temp  uwsgi_temp
[root@node1 nginx]# cd sbin
[root@node1 sbin]# ls
nginx
[root@node1 sbin]# ./nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
configure arguments: --with-stream   ###是否出现--with-stream
[root@node1 sbin]#三、如果没有出现--with-stream按照下面操作,再次查看./nginx -V
iVsom-releases.linux-7.5.v1.0.0-0014.bin  openssl-1.1.0h         pcre-8.38.tar.gz
nginx-1.18.0                              openssl-1.1.0h.tar.gz  zlib-1.2.11
nginx-1.18.0.tar.gz                       pcre-8.38              zlib-1.2.11.tar.gz
[root@node1 nginx]# cd nginx-1.18.0
[root@node1 nginx-1.18.0]# ls
auto  CHANGES  CHANGES.ru  conf  configure  contrib  html  LICENSE  Makefile  man  objs  README  src
[root@node1 nginx-1.18.0]# ./configure --with-stream
[root@node1 nginx-1.18.0]#make
[root@node1 nginx-1.18.0]#make install四、按照下面编辑配置文件nginx.conf
#user  nobody;
worker_processes  1;
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;
events {
    worker_connections  1024;
        accept_mutex on;
}
#ssh代理和mstsc远程桌面代理
stream {
#ssh代理
upstream ssh-proxy{
server 192.168.10.16:55555;
}
server {
listen 22222;
proxy_pass ssh-proxy;
}
#mstsc远程桌面代理
upstream mstsc{
server 192.168.10.22:3389;
}
server {
listen 33389;
proxy_pass mstsc;
}
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    #gzip  on;
    server {
        listen       8088;
        server_name 11.115.247.170;
#       server_name 61.184.198.38;
        #server_name 192.172.5.254;
        location / {
            #root   html;
            #index  index.html index.htm;
                        proxy_pass http://11.115.247.161:8088;
                        proxy_redirect off;
                        proxy_set_header Host $host;
                        proxy_set_header X-real-ip $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header Host $host:$server_port;
                        client_max_body_size 50m;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
        server {
        listen       6935;
        server_name 11.115.247.170;
        location / {
            #root   html;
            #index  index.html index.htm;
                        proxy_pass http://11.115.247.169:6935;
                        proxy_redirect off;
                        proxy_set_header Host $host;
                        proxy_set_header X-real-ip $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header Host $host:$server_port;
                        client_max_body_size 35m;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;
    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
}








