From 22dfec1398e2fc3f74cbb2730b4795d0cfb48a6a Mon Sep 17 00:00:00 2001 From: Petro1990 Date: Fri, 13 Mar 2026 19:17:53 +0300 Subject: [PATCH] =?UTF-8?q?=D0=BE=D0=B1=D0=BD=D0=BE=D0=B2=D0=BB=D0=B5?= =?UTF-8?q?=D0=BD=D0=B8=D0=B5:=20v1.3.0=20-=20=D1=81=D0=BA=D0=B2=D0=BE?= =?UTF-8?q?=D0=B7=D0=BD=D0=B0=D1=8F=20=D0=B0=D0=B2=D1=82=D0=BE=D1=80=D0=B8?= =?UTF-8?q?=D0=B7=D0=B0=D1=86=D0=B8=D1=8F=20=D1=87=D0=B5=D1=80=D0=B5=D0=B7?= =?UTF-8?q?=20=D0=BF=D0=B0=D1=80=D0=BE=D0=BB=D1=8C=20=D1=80=D0=BE=D1=83?= =?UTF-8?q?=D1=82=D0=B5=D1=80=D0=B0=20(NDM=20Auth=20Integration)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- rproxy | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/rproxy b/rproxy index 429e23e..65afdc5 100644 --- a/rproxy +++ b/rproxy @@ -3,7 +3,7 @@ # Публикация локальных сервисов через SSH-туннели + nginx на VPS # http://5.104.75.50:3000/Petro1990/rProxy -VERSION="1.2.4" +VERSION="1.3.0" CONF_DIR="/opt/etc/rproxy" CONF_FILE="$CONF_DIR/rproxy.conf" SERVICES_DIR="$CONF_DIR/services" @@ -473,6 +473,12 @@ do_add_interactive() { printf " ${BOLD}Туннель:${NC} порт $tunnel_port\n" [ -n "$domain" ] && printf " ${BOLD}Домен:${NC} $domain\n" printf " ${BOLD}Внешний порт:${NC} $ext_port\n" + prompt "Защитить сервис паролем от роутера? (д/н) [н]: " + local use_ndm_auth="no" + case "$REPLY" in + д|Д|y|Y|да|yes) use_ndm_auth="yes" ;; + esac + draw_separator prompt "Всё верно? Добавить сервис? (д/н) [д]: " @@ -484,6 +490,21 @@ do_add_interactive() { local stealth_host="$t_host" [ "$t_port" != "80" ] && stealth_host="$t_host:$t_port" + # Конфигурация авторизации + local auth_config="" + if [ "$use_ndm_auth" = "yes" ]; then + local auth_port=$((tunnel_port + 1)) + auth_config=" + location /rproxy_auth { + internal; + proxy_pass http://127.0.0.1:$auth_port/rci/system/hostname; + proxy_pass_request_body off; + proxy_set_header Content-Length \"\"; + proxy_set_header Authorization \$http_authorization; + } + " + fi + # Генерация конфига nginx local tmp="/tmp/rproxy_$name.conf" if [ -n "$domain" ]; then @@ -499,6 +520,7 @@ server { proxy_busy_buffers_size 256k; location / { + $( [ "$use_ndm_auth" = "yes" ] && echo "auth_request /rproxy_auth;" ) proxy_pass http://127.0.0.1:$tunnel_port; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; @@ -524,6 +546,7 @@ server { proxy_send_timeout 60s; proxy_read_timeout 60s; } + $auth_config } NGINXEOF else @@ -538,6 +561,7 @@ server { proxy_busy_buffers_size 256k; location / { + $( [ "$use_ndm_auth" = "yes" ] && echo "auth_request /rproxy_auth;" ) proxy_pass http://127.0.0.1:$tunnel_port; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; @@ -563,6 +587,7 @@ server { proxy_send_timeout 60s; proxy_read_timeout 60s; } + $auth_config } NGINXEOF fi @@ -587,6 +612,7 @@ SVC_TUNNEL_PORT="$tunnel_port" SVC_EXT_PORT="$ext_port" SVC_DOMAIN="$domain" SVC_SSL="$use_ssl" +SVC_NDM_AUTH="$use_ndm_auth" SVC_ENABLED="yes" EOF @@ -1016,19 +1042,21 @@ do_start_service() { pid_file=$(get_pid_file "$name") local ssh_opts="-o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes" + local tunnel_args="-R 0.0.0.0:$SVC_TUNNEL_PORT:$SVC_TARGET_HOST:$SVC_TARGET_PORT" + [ "$SVC_NDM_AUTH" = "yes" ] && tunnel_args="$tunnel_args -R 0.0.0.0:$((SVC_TUNNEL_PORT+1)):127.0.0.1:80" if [ "$VPS_AUTH" = "password" ]; then AUTOSSH_GATETIME=0 sshpass -p "$VPS_PASS" autossh -M 0 -f -N \ $ssh_opts \ -p "$VPS_PORT" \ - -R "0.0.0.0:$SVC_TUNNEL_PORT:$SVC_TARGET_HOST:$SVC_TARGET_PORT" \ + $tunnel_args \ "$VPS_USER@$VPS_HOST" & else AUTOSSH_GATETIME=0 autossh -M 0 -f -N \ $ssh_opts \ -i "$SSH_KEY" \ -p "$VPS_PORT" \ - -R "0.0.0.0:$SVC_TUNNEL_PORT:$SVC_TARGET_HOST:$SVC_TARGET_PORT" \ + $tunnel_args \ "$VPS_USER@$VPS_HOST" & fi