From 4f4dda06a2ab38ad84c5d32c913fbdc9bcef04df Mon Sep 17 00:00:00 2001
From: Petro1990 <petrolobanok@gmail.com>
Date: Fri, 13 Mar 2026 19:24:18 +0300
Subject: [PATCH] =?UTF-8?q?=D1=84=D0=B8=D0=BA=D1=81:=20v1.3.1=20-=20=D1=83?=
 =?UTF-8?q?=D1=81=D1=82=D1=80=D0=B0=D0=BD=D0=B5=D0=BD=D0=B8=D0=B5=20504=20?=
 =?UTF-8?q?Gateway=20Time-out=20=D0=B8=20403=20Forbidden,=20=D1=83=D0=BB?=
 =?UTF-8?q?=D1=83=D1=87=D1=88=D0=B5=D0=BD=D0=B8=D0=B5=20=D1=81=D1=82=D0=B0?=
 =?UTF-8?q?=D0=B1=D0=B8=D0=BB=D1=8C=D0=BD=D0=BE=D1=81=D1=82=D0=B8=20SSH?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 rproxy | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/rproxy b/rproxy
index 65afdc5..a15428f 100644
--- a/rproxy
+++ b/rproxy
@@ -3,7 +3,7 @@
 # Публикация локальных сервисов через SSH-туннели + nginx на VPS
 # http://5.104.75.50:3000/Petro1990/rProxy
 
-VERSION="1.3.0"
+VERSION="1.3.1"
 CONF_DIR="/opt/etc/rproxy"
 CONF_FILE="$CONF_DIR/rproxy.conf"
 SERVICES_DIR="$CONF_DIR/services"
@@ -501,6 +501,11 @@ do_add_interactive() {
         proxy_pass_request_body off;
         proxy_set_header Content-Length \"\";
         proxy_set_header Authorization \$http_authorization;
+
+        # Стелс-режим для авторизации
+        proxy_set_header Host \"$stealth_host\";
+        proxy_set_header Origin \"http://$stealth_host\";
+        proxy_set_header Referer \"http://$stealth_host/\";
     }
     "
     fi
@@ -1041,7 +1046,11 @@ do_start_service() {
     local pid_file
     pid_file=$(get_pid_file "$name")
 
-    local ssh_opts="-o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes"
+    msg "Синхронизация с VPS (очистка портов)..."
+    ssh_cmd "fuser -k $SVC_TUNNEL_PORT/tcp >/dev/null 2>&1 || true"
+    [ "$SVC_NDM_AUTH" = "yes" ] && ssh_cmd "fuser -k $((SVC_TUNNEL_PORT+1))/tcp >/dev/null 2>&1 || true"
+
+    local ssh_opts="-o StrictHostKeyChecking=no -o ServerAliveInterval=10 -o ServerAliveCountMax=3 -o ConnectTimeout=10 -o ExitOnForwardFailure=yes"
     local tunnel_args="-R 0.0.0.0:$SVC_TUNNEL_PORT:$SVC_TARGET_HOST:$SVC_TARGET_PORT"
     [ "$SVC_NDM_AUTH" = "yes" ] && tunnel_args="$tunnel_args -R 0.0.0.0:$((SVC_TUNNEL_PORT+1)):127.0.0.1:80"
 
@@ -1262,6 +1271,11 @@ EOF
         grep -q 'sites-enabled' /etc/nginx/nginx.conf || sed -i '/http {/a\    include /etc/nginx/sites-enabled/*.conf;' /etc/nginx/nginx.conf
         command -v certbot >/dev/null 2>&1 || (apt-get update -qq && apt-get install -y -qq certbot python3-certbot-nginx || yum install -y certbot python3-certbot-nginx)
         systemctl enable nginx && systemctl start nginx
+        
+        # Оптимизация SSH на стороне сервера для туннелей
+        grep -q 'ClientAliveInterval' /etc/ssh/sshd_config || echo 'ClientAliveInterval 30' >> /etc/ssh/sshd_config
+        grep -q 'ClientAliveCountMax' /etc/ssh/sshd_config || echo 'ClientAliveCountMax 2' >> /etc/ssh/sshd_config
+        systemctl restart ssh
     "
     pause
 }