1. 背景
钉钉云中采用白名单机制,禁止服务器访问白名单以外的ip地址,如果需要访问二方或者三方接口,需要添加白名单,然而只能添加IP,不允许添加域名,可以用rinetd解决,可以转发443端口数据。
2. 安装
apt-get install rinetd
3. 配置
配置文件在/etc/rinetd.conf,比较简单,不做说明了。
#
# this is the configuration file for rinetd, the internet redirection server
#
# you may specify global allow and deny rules here
# only ip addresses are matched, hostnames cannot be specified here
# the wildcards you may use are * and ?
#
# allow 192.168.2.*
# deny 192.168.2.1?
#
# forwarding rules come here
#
# you may specify allow and deny rules after a specific forwarding rule
# to apply to only that forwarding rule
#
# bindadress bindport connectaddress connectport
# logging information
logfile /var/log/rinetd.log
# uncomment the following line if you want web-server style logfile format
# logcommon
# 0.0.0.0 88 open.ys7.com 80
0.0.0.0 88 api.weixin.qq.com 443
这里有一点需要注意,代理443后,原来访问地址为https://api.weixin.qq.com,将变为https://123.123.123:88,这样访问会报主机不信任问题,阿里云可做 云解析DNS/PrivateZone,
也可以做ssl忽略,java代码如下:
@Configuration
public class IgnoreSSLRestConfig {
/**
* 配置忽略 SSL证书的 resttemplate
*/
@Bean
public RestTemplate restTemplate() {
RestTemplate restTemplate = new RestTemplate(getFactory());
return restTemplate;
}
@Bean
public HttpComponentsClientHttpRequestFactory getFactory() {
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory();
TrustStrategy acceptingTrustStrategy = (x509Certificates, authType) -> true;
try {
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
CloseableHttpClient httpClient = httpClientBuilder
.setSSLContext(sslContext)
.setSSLHostnameVerifier(new NoopHostnameVerifier()).build();
factory.setHttpClient(httpClient);
return factory;
} catch (Exception e) {
throw new YzbException(e.getMessage(), e);
}
}
}
4. 启动
/etc/init.d/rinetd start