Supermicro IPMI/BMC nginx proxy
需要安装一个openresty或者nginx, 版本大于1.15.10
编译安装参考http://www.kvm.la/1043.html , openresty二进制包版本较低没有更新, 建议编译安装一份.
首先把IPMI的IP丢进一个ip.list的文件里面, 一行一个IP.
#/bin/bash i=1000 #vnc start port b=2000 # hextoip() { hex=$1; printf "%d." 0x${hex:0:2}; printf "%d." 0x${hex:2:2}; printf "%d." 0x${hex:4:2}; printf "%d" 0x${hex:6:2}; } #gethostip -x 10.0.12.1 stream_route_map=/etc/nginx/stream.route.map.conf http_route_map=/etc/nginx/http.route.map.conf echo " default 0;" > $stream_route_map echo " default 0;" > $http_route_map for IP in `cat /root/ipmi/ip.list | uniq -c |awk '{ print $2 }'`; do i=`expr $i + 1` ; b=`expr $b + 1` ; HEXIP=`gethostip -x $IP | tr 'A-Z' 'a-z'` ; echo " ~*($IP|$i|$b|$HEXIP)$ IP<$IP>|VNC<$i>|BMC<$b>|HEX<$HEXIP>;" >>$http_route_map; echo " ~*($b|$i)$ $IP;" >> $stream_route_map done nginx -s reload
nginx配置文件部分, 建议用include引用.
stream字段下内容stream.conf
stream { map $server_port $ipmihost { include stream.route.map.conf; } server { listen 0.0.0.0:1000-1200 reuseport; proxy_connect_timeout 5s; proxy_timeout 20s; proxy_pass $ipmihost:5900; } server { listen 2000-2200 udp reuseport; listen 2000-2200 reuseport; proxy_connect_timeout 5s; proxy_timeout 20s; proxy_pass $ipmihost:623; } }
http字段下的ipmi_proxy.conf
map $http_user_agent $limit_bots { default 0; ~*(google|bing|yandex|msnbot) 1; ~*(AltaVista|Googlebot|Slurp|BlackWidow|Bot|ChinaClaw|Custo|DISCo|Download|Demon|eCatch|EirGrabber|EmailSiphon|EmailWolf|SuperHTTP|Surfbot|WebWhacker) 1; ~*(Express|WebPictures|ExtractorPro|EyeNetIE|FlashGet|GetRight|GetWeb!|Go!Zilla|Go-Ahead-Got-It|GrabNet|Grafula|HMView|Go!Zilla|Go-Ahead-Got-It) 1; ~*(rafula|HMView|HTTrack|Stripper|Sucker|Indy|InterGET|Ninja|JetCar|Spider|larbin|LeechFTP|Downloader|tool|Navroad|NearSite|NetAnts|tAkeOut|WWWOFFLE) 1; ~*(GrabNet|NetSpider|Vampire|NetZIP|Octopus|Offline|PageGrabber|Foto|pavuk|pcBrowser|RealDownload|ReGet|SiteSnagger|SmartDownload|SuperBot|WebSpider) 1; ~*(Teleport|VoidEYE|Collector|WebAuto|WebCopier|WebFetch|WebGo|WebLeacher|WebReaper|WebSauger|eXtractor|Quester|WebStripper|WebZIP|Wget|Widow|Zeus) 1; ~*(Twengabot|htmlparser|libwww|Python|perl|urllib|scan|Curl|email|PycURL|Pyth|PyQ|WebCollector|WebCopy|webcraw) 1; } map $HOSTKEY $VALUE {include http.route.map.conf;} server { listen 80; listen 443 ssl; server_name ~^(.*?)\.(.*?).XXX.XXX$ ; ssl_certificate ssl/server.crt; ssl_certificate_key ssl/server.key; include ssl.conf; access_log /var/log/nginx.bmc.log; if ($limit_bots = 1) { return 403; } if ( $IPMIhost = 0) { echo 'not found!'; } if ( $http_host ~* "(.*?)\.bmc.(.*?)$" ) { set $HOSTKEY $1; } if ( $VALUE ~* "IP<(.*?)>\|VNC<(.*?)>\|BMC<(.*?)>\|HEX<(.*?)>$" ) { set $IPMIhost $1; set $ipmivnc $2; set $ipmiws $3; set $hexip $4; set $target_IP $1; } location / { add_header X-Frame-Options SAMEORIGIN; proxy_set_header Accept-Encoding ""; proxy_redirect $scheme://$IPMIhost/ /; proxy_store off; proxy_read_timeout 300s; proxy_pass $scheme://$IPMIhost; proxy_set_header Host $host; proxy_buffering off;proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; sub_filter '5900</' '$ipmivnc</'; # VNC port sub_filter '623</' '$ipmiws</'; #SuperMicro sub_filter '7578</' '$ipmivnc</'; #AMI VNC port sub_filter '5120</' '$ipmiws</'; #AMI iso port sub_filter '$IPMIhost</' '$host</'; sub_filter '//$IPMIhost:' '//$host:'; #filter jnlp codebase sub_filter_once off; sub_filter_types application/x-java-jnlp-file; } }
目前只测试了SuperMicro X9 X10系列, noVNC和JAVA IPMI等基础功能都可以正常使用.
准备工作:
ip.list文件和list.sh文件放一个目录,也可以自己重新修改设定.
需要一个泛解析域名 *.bmc.XXX.XXX , nginx配置里面把XXX.XXX改成自己的域名.
当前只对vnc和RMCP端口做了处理, 其他的特殊端口没有做.
============================================
idrac系列需要向后端发送gzip压缩才能用,否则会返回404, 但即使开了gzip能打开页面也会一些请求超时出现504
用stream直接4层转发,idrac可以正常使用,但基本要占用一个独立IP, 后续有空再继续研究.
proxy_set_header Accept-Encoding "gzip";
Hi!
Could you check in on X11 platform? I am trying to use it on X11 and it doesn't work =(