rinetd 端口转发 ssl转发

1. 背景

钉钉云中采用白名单机制,禁止服务器访问白名单以外的ip地址,如果需要访问二方或者三方接口,需要添加白名单,然而只能添加IP,不允许添加域名,可以用rinetd解决,可以转发443端口数据。

2. 安装

apt-get install rinetd

3. 配置

配置文件在/etc/rinetd.conf,比较简单,不做说明了。

#
# this is the configuration file for rinetd, the internet redirection server
#
# you may specify global allow and deny rules here
# only ip addresses are matched, hostnames cannot be specified here
# the wildcards you may use are * and ?
#
# allow 192.168.2.*
# deny 192.168.2.1?


#
# forwarding rules come here
#
# you may specify allow and deny rules after a specific forwarding rule
# to apply to only that forwarding rule
#
# bindadress    bindport  connectaddress  connectport


# logging information
logfile /var/log/rinetd.log

# uncomment the following line if you want web-server style logfile format
# logcommon
# 0.0.0.0 88 open.ys7.com 80
0.0.0.0 88 api.weixin.qq.com 443

这里有一点需要注意,代理443后,原来访问地址为https://api.weixin.qq.com,将变为https://123.123.123:88,这样访问会报主机不信任问题,阿里云可做 云解析DNS/PrivateZone,
也可以做ssl忽略,java代码如下:

@Configuration
public class IgnoreSSLRestConfig {
     
    /**
     * 配置忽略 SSL证书的 resttemplate
     */

    @Bean
    public RestTemplate restTemplate() {
     
        RestTemplate restTemplate = new RestTemplate(getFactory());
        return restTemplate;
    }

    @Bean
    public HttpComponentsClientHttpRequestFactory getFactory() {
     
        HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory();
        TrustStrategy acceptingTrustStrategy = (x509Certificates, authType) -> true;
        try {
     
            SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
            HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
            CloseableHttpClient httpClient = httpClientBuilder
                    .setSSLContext(sslContext)
                    .setSSLHostnameVerifier(new NoopHostnameVerifier()).build();
            factory.setHttpClient(httpClient);
            return factory;
        } catch (Exception e) {
     
            throw new YzbException(e.getMessage(), e);
        }
    }
}

4. 启动

/etc/init.d/rinetd start

你可能感兴趣的:(部署配置,https,http,nginx,linux)