dhruv
e0e9f4979f
Firewall + idempotent reload Opened all required ports in ufw and validated with nginx -t + reload (no downtime). Split-DNS for local reachability Updated /etc/hosts so id/relay/github.generalinfinity.cloud resolve to the proxy IP on that box, ensuring clients hit the proxy internally.
29 lines
1.3 KiB
Plaintext
29 lines
1.3 KiB
Plaintext
# 1) Write combined RustDesk L4 proxies
|
|
sudo tee /etc/nginx/streams-enabled/rustdesk.conf >/dev/null <<'EOF'
|
|
# --- hbbs (ID) defaults ---
|
|
server { listen 21115; proxy_pass 192.168.1.202:21115; proxy_timeout 10m; }
|
|
server { listen 21116; proxy_pass 192.168.1.202:21116; proxy_timeout 10m; }
|
|
server { listen 21116 udp reuseport; proxy_pass 192.168.1.202:21116; proxy_timeout 10m; }
|
|
|
|
# --- hbbr (relay) default ---
|
|
server { listen 21117; proxy_pass 192.168.1.202:21117; proxy_timeout 10m; }
|
|
|
|
# --- your custom extras (keep if you use them) ---
|
|
server { listen 21118; proxy_pass 192.168.1.202:21118; proxy_timeout 10m; }
|
|
server { listen 21119; proxy_pass 192.168.1.202:21119; proxy_timeout 10m; }
|
|
EOF
|
|
|
|
# 2) Open firewall for all needed ports
|
|
sudo ufw allow 21115/tcp 21116/tcp 21116/udp 21117/tcp 21118/tcp 21119/tcp
|
|
|
|
# 3) Reload nginx
|
|
sudo nginx -t && sudo systemctl reload nginx
|
|
|
|
# 4) Verify listeners on THIS box (should list all ports above)
|
|
sudo ss -tulpen | grep -E ':(21115|21116|21117|21118|21119)\b' || echo "no listeners"
|
|
|
|
# 5) Quick path checks from proxy -> backend
|
|
nc -vz 192.168.1.202 21116 || true
|
|
nc -vz 192.168.1.202 21117 || true
|
|
nc -uvz 192.168.1.202 21116 || true
|