nginx代理sftp

最近需要使用一个sftp协议的代理服务器，查了一下nginx1.9之后已经支持了，尝试一下：

The ngx_stream_core_module module is available since version 1.9.0. This module is not built by default, it should be enabled with the --with-stream configuration parameter.

nginx从1.9.0版本开始，新增了ngx_stream_core_module模块。默认编译的时候该模块并未编译进去，需要编译的时候添加--with-stream，使其支持stream代理。

[root@baseline opt]# mkdir nginx
[root@baseline opt]# cd nginx/
[root@baseline nginx]# wget http://nginx.org/download/nginx-1.10.3.tar.gz
--2019-04-10 13:38:06--  http://nginx.org/download/nginx-1.10.3.tar.gz
正在解析主机 nginx.org (nginx.org)... 2001:1af8:4060:a004:21::e3, 62.210.92.35, 95.211.80.227
正在连接 nginx.org (nginx.org)|2001:1af8:4060:a004:21::e3|:80... 已连接。
已发出 HTTP 请求，正在等待回应... 200 OK
长度：911509 (890K) [application/octet-stream]
正在保存至: “nginx-1.10.3.tar.gz”

100%[================================================================================================================================>] 911,509      357KB/s 用时 2.5s   

2019-04-10 13:38:09 (357 KB/s) - 已保存 “nginx-1.10.3.tar.gz” [911509/911509])

[root@baseline nginx]# tar -xvf nginx-1.10.3.tar.gz
......

  [root@baseline nginx]# cd nginx-1.10.3/
  [root@baseline nginx-1.10.3]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-stream --with-stream_ssl_module

编译检查，我这没有缺失（如果有缺，却失什么装什么）

  [root@baseline nginx-1.10.3]#make

　　......

    make[1]: 离开目录“/opt/nginx/nginx-1.10.3”

　　#安装

  [root@baseline nginx-1.10.3]#make install

  [root@baseline nginx-1.10.3]# cd /usr/local/nginx/

　　##启动nginx

  [root@baseline nginx]# ./sbin/nginx

　　我在我的window装了一个freeSSHd  作为sftp服务器。配置如下：

然后启动

 配置好sftp之后，测试一下：

[root@baseline nginx]# sftp -P 21  mysftp@192.168.1.180 
The authenticity of host '[192.168.1.180]:21 ([192.168.1.180]:21)' can't be established.
RSA key fingerprint is SHA256:iM1dwfz+JzZrvmiYbmH3tS3F8ad1wutYxFWtnv8BWu8.
RSA key fingerprint is MD5:5b:1f:b4:99:1c:b4:4d:24:05:a5:16:79:4d:68:3b:7f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.1.180]:21' (RSA) to the list of known hosts.
mysftp@192.168.1.180's password: 
Permission denied, please try again.
mysftp@192.168.1.180's password: 
Connected to 192.168.1.180.
sftp> ls

之后修改nginx配置文件 nginx.conf：

在http节点上添加紫色代码：

events {
    worker_connections  1024;
}
stream { 
    upstream sftp { 
    hash $remote_addr consistent; 
    server 192.168.1.180:21 max_fails=3 fail_timeout=60s; 
    }
    server { 
        listen 90; #端口可以自己定义
        proxy_connect_timeout 60s; 
        proxy_timeout  30s; 
        proxy_pass sftp; 
    } 
}

http {
。。。。。。。。。

上述代码意思：nginx 在90端口监听 tcp 并转发请求到upstream 为sftp的主机即 192.168.1.180:21 

修改之后  nginx -s reload 一下

再试：

[root@baseline nginx]# sftp -P 90  mysftp@192.168.1.19
The authenticity of host '[192.168.1.19]:90 ([192.168.1.19]:90)' can't be established.
RSA key fingerprint is SHA256:iM1dwfz+JzZrvmiYbmH3tS3F8ad1wutYxFWtnv8BWu8.
RSA key fingerprint is MD5:5b:1f:b4:99:1c:b4:4d:24:05:a5:16:79:4d:68:3b:7f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.1.19]:90' (RSA) to the list of known hosts.
mysftp@192.168.1.19's password: 
Connected to 192.168.1.19.
sftp> ls
ccc.txt          ccd.txt          confirmPlat.py   file

ok