Petro1990
/
rProxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

фикс: v1.3.2 - устранение 403 Forbidden через использование LAN IP роутера для NDM Auth

This commit is contained in:
Petro1990 2026-03-13 19:28:38 +03:00
parent 4f4dda06a2
commit 32bc5a1494
1 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
rproxy
View File

@ -3,7 +3,7 @@
# Публикация локальных сервисов через SSH-туннели + nginx на VPS # Публикация локальных сервисов через SSH-туннели + nginx на VPS
# http://5.104.75.50:3000/Petro1990/rProxy # http://5.104.75.50:3000/Petro1990/rProxy
VERSION="1.3.1" VERSION="1.3.2"
CONF_DIR="/opt/etc/rproxy" CONF_DIR="/opt/etc/rproxy"
CONF_FILE="$CONF_DIR/rproxy.conf" CONF_FILE="$CONF_DIR/rproxy.conf"
SERVICES_DIR="$CONF_DIR/services" SERVICES_DIR="$CONF_DIR/services"
@ -176,6 +176,19 @@ next_free_port() {
done done
} }
get_router_ip() {
# Метод 1: Через ndmq (Keenetic Bridge0)
local ip=$(ndmq -p "show interface Bridge0" -path "address" 2>/dev/null)
[ -n "$ip" ] && echo "$ip" && return
# Метод 2: Через ip addr (Entware/Keenetic)
ip=$(ip addr show br0 2>/dev/null | grep 'inet ' | awk '{print $2}' | cut -d/ -f1 | head -n1)
[ -n "$ip" ] && echo "$ip" && return
# Запасной вариант
echo "192.168.1.1"
}
next_free_ext_port() { next_free_ext_port() {
local port=$BASE_EXT_PORT local port=$BASE_EXT_PORT
while true; do while true; do
@ -492,7 +505,9 @@ do_add_interactive() {
# Конфигурация авторизации # Конфигурация авторизации
local auth_config="" local auth_config=""
local router_ip="127.0.0.1"
if [ "$use_ndm_auth" = "yes" ]; then if [ "$use_ndm_auth" = "yes" ]; then
router_ip=$(get_router_ip)
local auth_port=$((tunnel_port + 1)) local auth_port=$((tunnel_port + 1))
auth_config=" auth_config="
location /rproxy_auth { location /rproxy_auth {
@ -502,10 +517,10 @@ do_add_interactive() {
proxy_set_header Content-Length \"\"; proxy_set_header Content-Length \"\";
proxy_set_header Authorization \$http_authorization; proxy_set_header Authorization \$http_authorization;
# Стелс-режим для авторизации # Стелс-режим для авторизации (используем LAN IP роутера)
proxy_set_header Host \"$stealth_host\"; proxy_set_header Host \"$router_ip\";
proxy_set_header Origin \"http://$stealth_host\"; proxy_set_header Origin \"http://$router_ip\";
proxy_set_header Referer \"http://$stealth_host/\"; proxy_set_header Referer \"http://$router_ip/\";
} }
" "
fi fi
@ -618,6 +633,7 @@ SVC_EXT_PORT="$ext_port"
SVC_DOMAIN="$domain" SVC_DOMAIN="$domain"
SVC_SSL="$use_ssl" SVC_SSL="$use_ssl"
SVC_NDM_AUTH="$use_ndm_auth" SVC_NDM_AUTH="$use_ndm_auth"
SVC_ROUTER_IP="$router_ip"
SVC_ENABLED="yes" SVC_ENABLED="yes"
EOF EOF
@ -1052,7 +1068,7 @@ do_start_service() {
local ssh_opts="-o StrictHostKeyChecking=no -o ServerAliveInterval=10 -o ServerAliveCountMax=3 -o ConnectTimeout=10 -o ExitOnForwardFailure=yes" local ssh_opts="-o StrictHostKeyChecking=no -o ServerAliveInterval=10 -o ServerAliveCountMax=3 -o ConnectTimeout=10 -o ExitOnForwardFailure=yes"
local tunnel_args="-R 0.0.0.0:$SVC_TUNNEL_PORT:$SVC_TARGET_HOST:$SVC_TARGET_PORT" local tunnel_args="-R 0.0.0.0:$SVC_TUNNEL_PORT:$SVC_TARGET_HOST:$SVC_TARGET_PORT"
[ "$SVC_NDM_AUTH" = "yes" ] && tunnel_args="$tunnel_args -R 0.0.0.0:$((SVC_TUNNEL_PORT+1)):127.0.0.1:80" [ "$SVC_NDM_AUTH" = "yes" ] && tunnel_args="$tunnel_args -R 0.0.0.0:$((SVC_TUNNEL_PORT+1)):${SVC_ROUTER_IP:-127.0.0.1}:80"
if [ "$VPS_AUTH" = "password" ]; then if [ "$VPS_AUTH" = "password" ]; then
AUTOSSH_GATETIME=0 sshpass -p "$VPS_PASS" autossh -M 0 -f -N \ AUTOSSH_GATETIME=0 sshpass -p "$VPS_PASS" autossh -M 0 -f -N \