Opened all required ports in ufw

Firewall + idempotent reload Opened all required ports in ufw and validated with nginx -t + reload (no downtime). Split-DNS for local reachability Updated /etc/hosts so id/relay/github.generalinfinity.cloud resolve to the proxy IP on that box, ensuring clients hit the proxy internally.
2025-11-17 03:39:12 +05:30
parent 2268d8ba7e
commit e0e9f4979f
1 changed files with 28 additions and 0 deletions
--- a/28
+++ b/28
@@ -0,0 +1,28 @@
+# 1) Write combined RustDesk L4 proxies
+sudo tee /etc/nginx/streams-enabled/rustdesk.conf >/dev/null <<'EOF'
+# --- hbbs (ID) defaults ---
+server { listen 21115;              proxy_pass 192.168.1.202:21115;              proxy_timeout 10m; }
+server { listen 21116;              proxy_pass 192.168.1.202:21116;              proxy_timeout 10m; }
+server { listen 21116 udp reuseport; proxy_pass 192.168.1.202:21116;             proxy_timeout 10m; }
+
+# --- hbbr (relay) default ---
+server { listen 21117;              proxy_pass 192.168.1.202:21117;              proxy_timeout 10m; }
+
+# --- your custom extras (keep if you use them) ---
+server { listen 21118;              proxy_pass 192.168.1.202:21118;              proxy_timeout 10m; }
+server { listen 21119;              proxy_pass 192.168.1.202:21119;              proxy_timeout 10m; }
+EOF
+
+# 2) Open firewall for all needed ports
+sudo ufw allow 21115/tcp 21116/tcp 21116/udp 21117/tcp 21118/tcp 21119/tcp
+
+# 3) Reload nginx
+sudo nginx -t && sudo systemctl reload nginx
+
+# 4) Verify listeners on THIS box (should list all ports above)
+sudo ss -tulpen | grep -E ':(21115|21116|21117|21118|21119)\b' || echo "no listeners"
+
+# 5) Quick path checks from proxy -> backend
+nc -vz 192.168.1.202 21116 || true
+nc -vz 192.168.1.202 21117 || true
+nc -uvz 192.168.1.202 21116 || true