фикс: v1.3.1 - устранение 504 Gateway Time-out и 403 Forbidden, улучшение стабильности SSH

2026-03-13 19:24:18 +03:00 · 2026-03-13 19:24:18 +03:00 · 4f4dda06a2
parent 22dfec1398
commit 4f4dda06a2
1 changed files with 16 additions and 2 deletions
--- a/18
+++ b/18
@ -3,7 +3,7 @@
 # Публикация локальных сервисов через SSH-туннели + nginx на VPS
 # http://5.104.75.50:3000/Petro1990/rProxy

-VERSION="1.3.0"
+VERSION="1.3.1"
 CONF_DIR="/opt/etc/rproxy"
 CONF_FILE="$CONF_DIR/rproxy.conf"
 SERVICES_DIR="$CONF_DIR/services"
@ -501,6 +501,11 @@ do_add_interactive() {
        proxy_pass_request_body off;
        proxy_set_header Content-Length \"\";
        proxy_set_header Authorization \$http_authorization;
+
+        # Стелс-режим для авторизации
+        proxy_set_header Host \"$stealth_host\";
+        proxy_set_header Origin \"http://$stealth_host\";
+        proxy_set_header Referer \"http://$stealth_host/\";
    }
    "
    fi
@ -1041,7 +1046,11 @@ do_start_service() {
    local pid_file
    pid_file=$(get_pid_file "$name")

-    local ssh_opts="-o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes"
+    msg "Синхронизация с VPS (очистка портов)..."
+    ssh_cmd "fuser -k $SVC_TUNNEL_PORT/tcp >/dev/null 2>&1 || true"
+    [ "$SVC_NDM_AUTH" = "yes" ] && ssh_cmd "fuser -k $((SVC_TUNNEL_PORT+1))/tcp >/dev/null 2>&1 || true"
+
+    local ssh_opts="-o StrictHostKeyChecking=no -o ServerAliveInterval=10 -o ServerAliveCountMax=3 -o ConnectTimeout=10 -o ExitOnForwardFailure=yes"
    local tunnel_args="-R 0.0.0.0:$SVC_TUNNEL_PORT:$SVC_TARGET_HOST:$SVC_TARGET_PORT"
    [ "$SVC_NDM_AUTH" = "yes" ] && tunnel_args="$tunnel_args -R 0.0.0.0:$((SVC_TUNNEL_PORT+1)):127.0.0.1:80"

@ -1262,6 +1271,11 @@ EOF
        grep -q 'sites-enabled' /etc/nginx/nginx.conf || sed -i '/http {/a\    include /etc/nginx/sites-enabled/*.conf;' /etc/nginx/nginx.conf
        command -v certbot >/dev/null 2>&1 || (apt-get update -qq && apt-get install -y -qq certbot python3-certbot-nginx || yum install -y certbot python3-certbot-nginx)
        systemctl enable nginx && systemctl start nginx
+        
+        # Оптимизация SSH на стороне сервера для туннелей
+        grep -q 'ClientAliveInterval' /etc/ssh/sshd_config || echo 'ClientAliveInterval 30' >> /etc/ssh/sshd_config
+        grep -q 'ClientAliveCountMax' /etc/ssh/sshd_config || echo 'ClientAliveCountMax 2' >> /etc/ssh/sshd_config
+        systemctl restart ssh
    "
    pause
 }