虽然CF的tunnel可以很方便把内部网络的服务映射到外部,但也仅限适合转换为WEB相关的服务。如果把主机的Systemd的服务,集中到API来管理会有什么效果呢?那rdp:3389或者sshd:22就可以很方便的按需启用和关闭了。
大致过程,通过argo暴露一个内网端口,再用nginx监听这个端口,通过不同路径反代不同的服务,把系统的服务做成一个api网页管理。
- argo 的config.yml
$home/.cloudflared/config.yml
tunnel: <tunnel-Id>
credentials-file: /root/.cloudflared/<tunnel-Id>.json
ingress:
- hostname: sub.doman.com
service: http://127.0.0.1:8888
no-tls-verify: true
- service: http_status:404
- nginx 的conf , 其中 sysd 为服务管理API
server {
listen 8888;
# General requests
location / {
proxy_pass https://192.168.1.250:443;
proxy_ssl_verify off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# VNC/WebSocket Proxy
location /vnc {
proxy_pass http://192.168.1.251:6901;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite ^/vnc(/.*)$ $1 break;
}
# Systemd service management
location /sysd/ {
proxy_pass http://192.168.1.252:5003/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#rewrite ^/sysd(/.*)$ $1 break;
rewrite ^/sysd/(.*)$ /$1 break; # Fix this line
}
}
- API服务
Controller
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace SystemdManager.Controllers
{
[Authorize]
[ApiController]
[Route("api/[controller]")]
public class ServiceController : ControllerBase
{
private readonly SystemdServiceManager _systemdServiceManager;
public ServiceController(SystemdServiceManager systemdServiceManager)
{
_systemdServiceManager = systemdServiceManager;
}
[HttpGet("list")]
public IActionResult ListServices()
{
var services = _systemdServiceManager.ListServices();
return Ok(services);
}
[HttpPost("start")]
public IActionResult StartService(string serviceName)
{
if (string.IsNullOrEmpty(serviceName))
{
return BadRequest("The serviceName field is required.");
}
var result = _systemdServiceManager.StartService(serviceName);
return Ok(result);
}
[HttpPost("stop")]
public IActionResult StopService( string serviceName)
{
if (string.IsNullOrEmpty(serviceName))
{
return BadRequest("The serviceName field is required.");
}
var result = _systemdServiceManager.StopService(serviceName);
return Ok(result);
}
[HttpPost("restart")]
public IActionResult RestartService( string serviceName)
{
if (string.IsNullOrEmpty(serviceName))
{
return BadRequest("The serviceName field is required.");
}
var result = _systemdServiceManager.RestartService(serviceName);
return Ok(result);
}
// 获取服务的日志
[HttpGet("logs")]
public IActionResult logs(string serviceName)
{
var result = _systemdServiceManager.GetServiceLogs(serviceName);
return Ok(result);
}
}
}
- WEB管理界面
前端:简单登录后,就可以跳转到argo绑定的域名来管理系统服务的界面了。
