ssr 通过nginx转发端口

1:Nginx安装

yum install -y epel-release && yum install -y nginx

2:运行Nginx

yum install -y epel-release && yum install -y nginx

2.1:设置Nginx转发配置文件

mkdir /etc/nginx/tcp.d/
vi /etc/nginx/tcp.d/zf.conf

然后输入转发配置：

stream{
    upstream tcpssh {
               server  IP(域名):端口;  
    }
    server{
        listen NAT/VPS外部端口;
        listen NAT/VPS外部端口 udp;
        proxy_pass tcpssh;
    }
}

2.2 在Nginx添加strem目录

cd /etc/nginx/
vi nginx.conf

在配置文件中添加以下内容：

# tcp/ip proxy
include /etc/nginx/tcp.d/*.conf;

或采用echo命令

echo "include /etc/nginx/tcp.d/*.conf;" >> /etc/nginx.conf

3：用 nginx -t 检查配置
输出
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
3.1 关闭防火墙并禁止开机启动启动防火墙

systemctl stop firewalld.service
systemctl disable firewalld.service

4：设置开机启动nginx

systemctl enable nginx && systemctl start nginx

5:查看Nginx运行状态

ss -ntlp| grep -i nginx

6重启Nginx

systemctl restart nginx
service nginx restart

6.1：禁止selinux

sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config
setenforce 0

6.2 若是动态DDNS_NAT/VDS请用定时任务进行更新
执行 crontab -e命令

0 */12 * * * systemctl restart nginx

7：检查防火墙状态并开放端口

firewall-cmd --state

输出running
请运处以下命令放行端口：

firewall-cmd --permanent --add-port=nginx配置的端口号/tcp
fireawll-cmd --reload

1.启动防火墙

systemctl enable firewalld && systemctl start firewalld

2.删除之前放行过的端口（如果配置过）：

firewall-cmd --permanent --remove-port=端口/tcp

3.仅允许国内ip连接该服务器：

firewall-cmd --permanent --add-source=国内ip/32
fireawll-cmd --reload