比例道

月に1回更新します

proxytunnel使い方

linux

proxytunnelの使い方をメモ

以下を参考にした.

http://mark.koli.ch/configuring-apache-to-support-ssh-through-an-http-web-proxy-with-proxytunnel

[クライアント側]

  1. proxytunnel-1.9.0を解凍
  2. make
  3. make install
  4. vi ~/.ssh/config

Host myserver

Hostname myserver.net

ProxyCommand /usr/local/bin/proxytunnel -p koetai.proxy.net:port -r myserver.net:443 -d 192.168.xx.xx:22 -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)"

[サーバー側]

  1. vi httpd.conf
## Load the required modules.
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so

Listen 443

<VirtualHost *:443>

  ServerName myserver:443
  DocumentRoot /some/path/maybe/not/required
  ServerAdmin admin@example.com

  ## Only ever allow incoming HTTP CONNECT requests.
  ## Explicitly deny other request types like GET, POST, etc.
  ## This tells Apache to return a 403 Forbidden if this virtual
  ## host receives anything other than an HTTP CONNECT.
  RewriteEngine On
  RewriteCond %{REQUEST_METHOD} !^CONNECT [NC]
  RewriteRule ^/(.*)$ - [F,L]

  ## Setup proxying between myserver:443 and mysshserver:22

  ProxyRequests On
  ProxyBadHeader Ignore
  ProxyVia Full

  ## IMPORTANT: The AllowCONNECT directive specifies a list
  ## of port numbers to which the proxy CONNECT method may
  ## connect.  For security, only allow CONNECT requests
  ## bound for port 22.
  AllowCONNECT 22

  ## IMPORTANT: By default, deny everyone.  If you don't do this
  ## others will be able to connect to port 22 on any host.
  <Proxy *>
    Order deny,allow
    Deny from all
  </Proxy>

## Now, only allow CONNECT requests bound for kolich.com
 ## Should be replaced with yoursshserver.com or the hostname
 ## of whatever SSH server you're trying to connect to. Note
 ## that ProxyMatch takes a regular expression, so you can do
 ## things like (kolich\.com|anothersshserver\.com) if you want
 ## to allow connections to multiple destinations.
 <ProxyMatch (dom\.iobb\.net|192.168.88.1)>
 Order allow,deny
 Allow from all
 </ProxyMatch>

## Logging, always a good idea.
 LogLevel warn
 ErrorLog logs/yyc-proxy_error_log
 CustomLog logs/yyc-proxy_request_log combined
</VirtualHost>