网络结构:
A 设备 192.168.1.100
B 设备 192.168.1.200 192.168.99.200 WIN 10
C 设备 192.168.99.230
A 可以访问 B,B可以访问C, C可以访问B
需要实现:A 访问C 和C访问A
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
server_names_hash_bucket_size 128;
client_header_buffer_size 64k;
large_client_header_buffers 4 128k;
keepalive_requests 10000;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
proxy_intercept_errors on;
proxy_ignore_client_abort on;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive 可以支持一般http请求
'websocket' upgrade; #如果为websocket 则n为upgrade可升级的。
}
# 以上是默认配置
server {
# C访问A 的9099 端口,在B上开启端口并转向A的该端口
# C访问地址:192.168.99.200:9099-->192.168.1.100:9099
listen 9099 default_server;
server_name _;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;#此处配置 上面定义的变量
proxy_set_header Connection $connection_upgrade;
proxy_pass http://192.168.1.100:9099/;
}
}
server {
# A访问C 的9088 端口,在B上开启端口并转向C的该端口
# A访问地址:192.168.1.200:9088-->192.168.99.230:9088
listen 9088 default_server;
server_name _;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;#此处配置 上面定义的变量
proxy_set_header Connection $connection_upgrade;
proxy_pass http://192.168.99.230:9088/;
}
}
server {
# 代理ssh 端口,改sshd配置,/etc/ssh/sshd_config,将GatewayPorts设置为yes
# C访问地址:192.168.99.200:22-->192.168.1.100:22
listen 22;
server_name im;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;#此处配置 上面定义的变量
proxy_set_header Connection $connection_upgrade;
proxy_pass http://192.168.1.100:22/;
}
}
server {
# A 访问 C的9077 端口,在B上开启端口并转向C 的该端口,此端口为signalR协议
# A访问地址:192.168.1.200:9077-->192.168.99.230:9077
listen 9077 default_server;
server_name _;
location / {
proxy_pass http://192.168.99.230:9077/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_http_version 1.1; #必须项 signalR协议
}
}
}
stream{
# 硬盘录像机转发,假设A是硬盘录像机,C需要访问A
# C访问路径 192.168.99.200:8000 -->192.168.1.100:8000
upstream tcp{
server 192.168.1.100:8000; #硬盘录像机地址
}
server{
listen 8000; #本机监听端口
proxy_pass tcp;
}
upstream tcp1{
server 192.168.1.100:554; #硬盘录像机地址
}
server{
listen 554; #本机监听端口
proxy_pass tcp1;
}
}
stream{
# 普通摄像头,假设A是摄像头,C需要访问A
upstream tcp{
server 192.168.1.100:8000; #摄像头地址
}
server{
listen 8000; #本机监听端口
proxy_pass tcp;
}
}