nginx反向代理SSH和远程桌面连接

     今天在实施一个项目过程中，防火墙厂家已经配置SSH和远程桌面连接的映射关系，为了网络更安全将采取在系统centos 7.9 安装nginx反向代理SSH和远程桌面连接的办法，现将实现过程记录如下：

一、安装nginx（省略）

二、查看./nginx -V

[root@node1 nginx]# cd /usr/local/nginx/
[root@node1 nginx]# ls
client_body_temp  conf  fastcgi_temp  html  logs  proxy_temp  sbin  scgi_temp  uwsgi_temp
[root@node1 nginx]# cd sbin
[root@node1 sbin]# ls
nginx
[root@node1 sbin]# ./nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
configure arguments: --with-stream   ###是否出现--with-stream
[root@node1 sbin]#

三、如果没有出现--with-stream按照下面操作，再次查看./nginx -V

iVsom-releases.linux-7.5.v1.0.0-0014.bin  openssl-1.1.0h         pcre-8.38.tar.gz
nginx-1.18.0                              openssl-1.1.0h.tar.gz  zlib-1.2.11
nginx-1.18.0.tar.gz                       pcre-8.38              zlib-1.2.11.tar.gz
[root@node1 nginx]# cd nginx-1.18.0
[root@node1 nginx-1.18.0]# ls
auto  CHANGES  CHANGES.ru  conf  configure  contrib  html  LICENSE  Makefile  man  objs  README  src
[root@node1 nginx-1.18.0]# ./configure --with-stream
[root@node1 nginx-1.18.0]#make
[root@node1 nginx-1.18.0]#make install

四、按照下面编辑配置文件nginx.conf

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
        accept_mutex on;
}

#ssh代理和mstsc远程桌面代理

stream {

#ssh代理

upstream ssh-proxy{

server 192.168.10.16:55555;

}

server {

listen 22222;

proxy_pass ssh-proxy;

}

#mstsc远程桌面代理

upstream mstsc{

server 192.168.10.22:3389;

}

server {

listen 33389;

proxy_pass mstsc;

}

}


http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       8088;
        server_name 11.115.247.170;
#       server_name 61.184.198.38;
        #server_name 192.172.5.254;


        location / {
            #root   html;
            #index  index.html index.htm;
                        proxy_pass http://11.115.247.161:8088;
                        proxy_redirect off;
                        proxy_set_header Host $host;
                        proxy_set_header X-real-ip $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header Host $host:$server_port;
                        client_max_body_size 50m;
        }


        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

        server {
        listen       6935;
        server_name 11.115.247.170;


        location / {
            #root   html;
            #index  index.html index.htm;
                        proxy_pass http://11.115.247.169:6935;
                        proxy_redirect off;
                        proxy_set_header Host $host;
                        proxy_set_header X-real-ip $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header Host $host:$server_port;
                        client_max_body_size 35m;
        }


        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}