{"id":1116,"date":"2016-03-02T13:17:02","date_gmt":"2016-03-02T04:17:02","guid":{"rendered":"https:\/\/happypanter.wordpress.com\/?p=1115"},"modified":"2016-03-02T13:17:02","modified_gmt":"2016-03-02T04:17:02","slug":"debian%e3%81%a7proxytunnel","status":"publish","type":"post","link":"http:\/\/hireido.blogsite.org\/wptiger\/archives\/1116","title":{"rendered":"debian\u3067proxytunnel"},"content":{"rendered":"<p>\u4ee5\u524dCentOS\u3067\u306e<a href=\"https:\/\/happypanter.wordpress.com\/2014\/07\/30\/proxytunnel%e4%bd%bf%e3%81%84%e6%96%b9\/\" target=\"_blank\">proxytunnel\u4f7f\u3044\u65b9<\/a>\u3092\u66f8\u3044\u305f\u304c\uff0c\u4eca\u56de\u306fdebian\u4e0a\u306eapache\u306bproxytunnel\u53d7\u4fe1\u3092\u6e96\u5099\u3057\u305f\uff0eCentOS\u3068\u306f\u3044\u308d\u3044\u308d\u9055\u3063\u3066\u3044\u308b\uff0e<\/p>\n<p>\/etc\/apache2\/site-enabled\/000-default-ssl\u3092\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u7de8\u96c6<\/p>\n<hr \/>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&lt;IfModule mod_ssl.c&gt;<\/p>\n<p># for proxytunnel<\/p>\n<p>&lt;VirtualHost *:443&gt;<\/p>\n<p>ServerName hoge.hoge.net:443<br \/>\nDocumentRoot &#8220;\/var\/www&#8221;<br \/>\nServerAdmin watashi@localhost<\/p>\n<p>SSLCertificateFile \/etc\/ssl\/certs\/ssl-cert-snakeoil.pem<br \/>\nSSLCertificateKeyFile \/etc\/ssl\/private\/ssl-cert-snakeoil.key<\/p>\n<p>## Only ever allow incoming HTTP CONNECT requests.<br \/>\n## Explicitly deny other request types like GET, POST, etc.<br \/>\n## This tells Apache to return a 403 Forbidden if this virtual<br \/>\n## host receives anything other than an HTTP CONNECT.<br \/>\nRewriteEngine On<br \/>\nRewriteCond %{REQUEST_METHOD} !^CONNECT [NC]<br \/>\nRewriteRule ^\/(.*)$ &#8211; [F,L]<\/p>\n<p>## Setup proxying between youwebserver:8443 and yoursshserver:22<\/p>\n<p>ProxyRequests On<br \/>\nProxyBadHeader Ignore<br \/>\nProxyVia Full<\/p>\n<p>## IMPORTANT: The AllowCONNECT directive specifies a list<br \/>\n## of port numbers to which the proxy CONNECT method may<br \/>\n## connect. For security, only allow CONNECT requests<br \/>\n## bound for port 22.<br \/>\nAllowCONNECT 22<\/p>\n<p>## IMPORTANT: By default, deny everyone. If you don&#8217;t do this<br \/>\n## others will be able to connect to port 22 on any host.<br \/>\n&lt;Proxy *&gt;<br \/>\nOrder deny,allow<br \/>\nDeny from all<br \/>\n&lt;\/Proxy&gt;<br \/>\n## Now, only allow CONNECT requests bound for kolich.com<br \/>\n## Should be replaced with yoursshserver.com or the hostname<br \/>\n## of whatever SSH server you&#8217;re trying to connect to. Note<br \/>\n## that ProxyMatch takes a regular expression, so you can do<br \/>\n## things like (kolich.com|anothersshserver.com) if you want<br \/>\n## to allow connections to multiple destinations.<br \/>\n&lt;ProxyMatch (hoge.hoge.net|hoka.hoka.jp|192.168.xx.1)&gt;<br \/>\nOrder allow,deny<br \/>\nAllow from all<br \/>\n&lt;\/ProxyMatch&gt;<\/p>\n<p>## Logging, always a good idea.<br \/>\nLogLevel warn<br \/>\nErrorLog \/var\/log\/apache2\/tun-proxy_error_log<br \/>\nCustomLog \/var\/log\/apache2\/tun-proxy_request_log combined<\/p>\n<p>&lt;\/VirtualHost&gt;<br \/>\n&lt;\/IfModule&gt;<\/p>\n<hr \/>\n<p>&nbsp;<\/p>\n<p>\/etc\/apache2\/mods-enabled\u306b\u4ee5\u4e0b\u306e\u30b7\u30f3\u30dc\u30ea\u30c3\u30af\u30ea\u30f3\u30af\u3092\u4f5c\u6210<\/p>\n<p>proxy.conf<br \/>\nproxy.load<br \/>\nproxy_connect.load<br \/>\nProxy_http.load<br \/>\nrewrite.load<\/p>\n<p>&nbsp;<\/p>\n<p>\u3053\u308c\u3067CentOS\u3068\u540c\u3058\u3088\u3046\u306bproxytunnel\u304c\u4f7f\u3048\u308b\u3088\u3046\u306b\u306a\u308b\uff0e\u3082\u3057\u304b\u3057\u305f\u3089\uff0c\u4e0d\u8981\u306a\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u6307\u5b9a\u3057\u3066\u3044\u308b\u304b\u3082\u3057\u308c\u306a\u3044\u304c\uff0c\u305d\u308c\u306f\u52d8\u5f01\u3057\u3066\u307b\u3057\u3044\uff0eapache\u306b\u8a73\u3057\u3044\u8a33\u3058\u3083\u3042\u306a\u3044\u306e\u3067\uff0e<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4ee5\u524dCentOS\u3067\u306eproxytunnel\u4f7f\u3044\u65b9\u3092\u66f8\u3044\u305f\u304c\uff0c\u4eca\u56de\u306fdebian\u4e0a\u306eapache\u306bproxytunnel\u53d7\u4fe1\u3092\u6e96\u5099\u3057\u305f\uff0eCentOS\u3068\u306f\u3044\u308d\u3044\u308d\u9055\u3063\u3066\u3044\u308b\uff0e \/etc\/apache2\/site-enabled\/000-default-ssl\u3092\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u7de8\u96c6 &#038;nb [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[15],"_links":{"self":[{"href":"http:\/\/hireido.blogsite.org\/wptiger\/wp-json\/wp\/v2\/posts\/1116"}],"collection":[{"href":"http:\/\/hireido.blogsite.org\/wptiger\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/hireido.blogsite.org\/wptiger\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/hireido.blogsite.org\/wptiger\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/hireido.blogsite.org\/wptiger\/wp-json\/wp\/v2\/comments?post=1116"}],"version-history":[{"count":0,"href":"http:\/\/hireido.blogsite.org\/wptiger\/wp-json\/wp\/v2\/posts\/1116\/revisions"}],"wp:attachment":[{"href":"http:\/\/hireido.blogsite.org\/wptiger\/wp-json\/wp\/v2\/media?parent=1116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/hireido.blogsite.org\/wptiger\/wp-json\/wp\/v2\/categories?post=1116"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/hireido.blogsite.org\/wptiger\/wp-json\/wp\/v2\/tags?post=1116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}