< SSH
论如何创建一套完整的反向代理
创建用户
最好两边都搞上这种没权限的用户
sudo useradd -m -s /usr/sbin/nologin proxyuser # 当然可以先默认使用bash,之后再调整
反代命令
这个自己整好就行
ssh -NR 11451:0.0.0.0:19198 -p 25565 -i <ssh-key> proxyuser@<IP>
系统服务
单个端口
/etc/systemd/systemd/ssh-proxy
[Unit] Description=Reverse SSH Tunnel for Reverse Proxy After=network.target [Service] ExecStart=/usr/bin/ssh proxy Restart=always User=moteproxy RestartSec=5 [Install] WantedBy=multi-user.target
端口模板
/etc/systemd/system/ssh-proxy@
[Unit] Description=SFTP Tunnel %i After=network.target [Service] User=yourusername ExecStart=/usr/bin/ssh -N -R 0.0.0.0:%i:127.0.0.1:%i proxy Restart=always RestartSec=5 [Install] WantedBy=multi-user.target
ssh 配置
因为感觉不稳定,最后换上了高级的ssh over ssl
Host proxy HostName 0.0.0.0 User proxyuser IdentityFile ~/.ssh/proxy-key ProxyCommand openssl s_client -quiet -servername o.ssh -connect ip:port ServerAliveInterval 60 ServerAliveCountMax 2 TCPKeepAlive yes RemoteForward 0.0.0.0:11451 127.0.0.1:25565
心跳
# debian/ubuntu sudo apt install netcat-openbsd
#!/bin/bash # Define the remote host and port REMOTE_HOST="example.com" REMOTE_PORT=9090 LOCAL_PORT=8080 USER="user" # Check if the remote port is open nc -z $REMOTE_HOST $REMOTE_PORT if [ $? -ne 0 ]; then echo "Tunnel is down, restart it" systemctl restart moteproxy else echo "Tunnel is working fine" fi