Supermicro IPMI/BMC nginx proxy
需要安装一个openresty或者nginx, 版本大于1.15.10
编译安装参考http://www.kvm.la/1043.html , openresty二进制包版本较低没有更新, 建议编译安装一份.
首先把IPMI的IP丢进一个ip.list的文件里面, 一行一个IP.
#/bin/bash
i=1000 #vnc start port
b=2000
# hextoip() { hex=$1; printf "%d." 0x${hex:0:2}; printf "%d." 0x${hex:2:2}; printf "%d." 0x${hex:4:2}; printf "%d" 0x${hex:6:2}; }
#gethostip -x 10.0.12.1
stream_route_map=/etc/nginx/stream.route.map.conf
http_route_map=/etc/nginx/http.route.map.conf
echo " default 0;" > $stream_route_map
echo " default 0;" > $http_route_map
for IP in `cat /root/ipmi/ip.list | uniq -c |awk '{ print $2 }'`;
do
i=`expr $i + 1` ;
b=`expr $b + 1` ;
HEXIP=`gethostip -x $IP | tr 'A-Z' 'a-z'` ;
echo " ~*($IP|$i|$b|$HEXIP)$ IP<$IP>|VNC<$i>|BMC<$b>|HEX<$HEXIP>;" >>$http_route_map;
echo " ~*($b|$i)$ $IP;" >> $stream_route_map
done
nginx -s reloadnginx配置文件部分, 建议用include引用.
stream字段下内容stream.conf
stream {
map $server_port $ipmihost { include stream.route.map.conf; }
server {
listen 0.0.0.0:1000-1200 reuseport;
proxy_connect_timeout 5s;
proxy_timeout 20s;
proxy_pass $ipmihost:5900;
}
server {
listen 2000-2200 udp reuseport;
listen 2000-2200 reuseport;
proxy_connect_timeout 5s;
proxy_timeout 20s;
proxy_pass $ipmihost:623;
}
}http字段下的ipmi_proxy.conf
map $http_user_agent $limit_bots {
default 0;
~*(google|bing|yandex|msnbot) 1;
~*(AltaVista|Googlebot|Slurp|BlackWidow|Bot|ChinaClaw|Custo|DISCo|Download|Demon|eCatch|EirGrabber|EmailSiphon|EmailWolf|SuperHTTP|Surfbot|WebWhacker) 1;
~*(Express|WebPictures|ExtractorPro|EyeNetIE|FlashGet|GetRight|GetWeb!|Go!Zilla|Go-Ahead-Got-It|GrabNet|Grafula|HMView|Go!Zilla|Go-Ahead-Got-It) 1;
~*(rafula|HMView|HTTrack|Stripper|Sucker|Indy|InterGET|Ninja|JetCar|Spider|larbin|LeechFTP|Downloader|tool|Navroad|NearSite|NetAnts|tAkeOut|WWWOFFLE) 1;
~*(GrabNet|NetSpider|Vampire|NetZIP|Octopus|Offline|PageGrabber|Foto|pavuk|pcBrowser|RealDownload|ReGet|SiteSnagger|SmartDownload|SuperBot|WebSpider) 1;
~*(Teleport|VoidEYE|Collector|WebAuto|WebCopier|WebFetch|WebGo|WebLeacher|WebReaper|WebSauger|eXtractor|Quester|WebStripper|WebZIP|Wget|Widow|Zeus) 1;
~*(Twengabot|htmlparser|libwww|Python|perl|urllib|scan|Curl|email|PycURL|Pyth|PyQ|WebCollector|WebCopy|webcraw) 1;
}
map $HOSTKEY $VALUE {include http.route.map.conf;}
server {
listen 80;
listen 443 ssl;
server_name ~^(.*?)\.(.*?).XXX.XXX$ ;
ssl_certificate ssl/server.crt;
ssl_certificate_key ssl/server.key;
include ssl.conf;
access_log /var/log/nginx.bmc.log;
if ($limit_bots = 1) { return 403; }
if ( $IPMIhost = 0) { echo 'not found!'; }
if ( $http_host ~* "(.*?)\.bmc.(.*?)$" ) { set $HOSTKEY $1; }
if ( $VALUE ~* "IP<(.*?)>\|VNC<(.*?)>\|BMC<(.*?)>\|HEX<(.*?)>$" ) {
set $IPMIhost $1;
set $ipmivnc $2;
set $ipmiws $3;
set $hexip $4;
set $target_IP $1;
}
location / {
add_header X-Frame-Options SAMEORIGIN;
proxy_set_header Accept-Encoding "";
proxy_redirect $scheme://$IPMIhost/ /;
proxy_store off;
proxy_read_timeout 300s;
proxy_pass $scheme://$IPMIhost;
proxy_set_header Host $host;
proxy_buffering off;proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
sub_filter '5900</' '$ipmivnc</'; # VNC port
sub_filter '623</' '$ipmiws</'; #SuperMicro
sub_filter '7578</' '$ipmivnc</'; #AMI VNC port
sub_filter '5120</' '$ipmiws</'; #AMI iso port
sub_filter '$IPMIhost</' '$host</';
sub_filter '//$IPMIhost:' '//$host:'; #filter jnlp codebase
sub_filter_once off;
sub_filter_types application/x-java-jnlp-file;
}
}目前只测试了SuperMicro X9 X10系列, noVNC和JAVA IPMI等基础功能都可以正常使用.
准备工作:
ip.list文件和list.sh文件放一个目录,也可以自己重新修改设定.
需要一个泛解析域名 *.bmc.XXX.XXX , nginx配置里面把XXX.XXX改成自己的域名.
当前只对vnc和RMCP端口做了处理, 其他的特殊端口没有做.
============================================
idrac系列需要向后端发送gzip压缩才能用,否则会返回404, 但即使开了gzip能打开页面也会一些请求超时出现504
用stream直接4层转发,idrac可以正常使用,但基本要占用一个独立IP, 后续有空再继续研究.
proxy_set_header Accept-Encoding "gzip";
Hi!
Could you check in on X11 platform? I am trying to use it on X11 and it doesn't work =(