今天在实施一个项目过程中,防火墙厂家已经配置SSH和远程桌面连接的映射关系,为了网络更安全将采取在系统centos 7.9 安装nginx反向代理SSH和远程桌面连接的办法,现将实现过程记录如下:
一、安装nginx(省略)
二、查看./nginx -V
[root@node1 nginx]# cd /usr/local/nginx/
[root@node1 nginx]# ls
client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
[root@node1 nginx]# cd sbin
[root@node1 sbin]# ls
nginx
[root@node1 sbin]# ./nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
configure arguments: --with-stream ###是否出现--with-stream
[root@node1 sbin]#
三、如果没有出现--with-stream按照下面操作,再次查看./nginx -V
iVsom-releases.linux-7.5.v1.0.0-0014.bin openssl-1.1.0h pcre-8.38.tar.gz
nginx-1.18.0 openssl-1.1.0h.tar.gz zlib-1.2.11
nginx-1.18.0.tar.gz pcre-8.38 zlib-1.2.11.tar.gz
[root@node1 nginx]# cd nginx-1.18.0
[root@node1 nginx-1.18.0]# ls
auto CHANGES CHANGES.ru conf configure contrib html LICENSE Makefile man objs README src
[root@node1 nginx-1.18.0]# ./configure --with-stream
[root@node1 nginx-1.18.0]#make
[root@node1 nginx-1.18.0]#make install
四、按照下面编辑配置文件nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
accept_mutex on;
}
#ssh代理和mstsc远程桌面代理
stream {
#ssh代理
upstream ssh-proxy{
server 192.168.10.16:55555;
}
server {
listen 22222;
proxy_pass ssh-proxy;
}
#mstsc远程桌面代理
upstream mstsc{
server 192.168.10.22:3389;
}
server {
listen 33389;
proxy_pass mstsc;
}
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#gzip on;
server {
listen 8088;
server_name 11.115.247.170;
# server_name 61.184.198.38;
#server_name 192.172.5.254;
location / {
#root html;
#index index.html index.htm;
proxy_pass http://11.115.247.161:8088;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
client_max_body_size 50m;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 6935;
server_name 11.115.247.170;
location / {
#root html;
#index index.html index.htm;
proxy_pass http://11.115.247.169:6935;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
client_max_body_size 35m;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}