Connect intranet devices with nginx agent

Original link:current page


These days I search for a solution to connect the RPi at home with ssh, but the ADSL is not with publish IP.
First I had try the “ngrok”, but it works with serious network delay, and is not working on my RPi.
There are many tutorial on the net but most of them are complex or not working, I have to try by myself.
At last, it works.

What to Do

Make the PC connect to the RPi with ssh.


  • an internet-enabled Raspbian RPi
  • an Internet-enabled PC.
  • a Aliyun Ubuntu16.04LTS Server(with fixed public IP)


What you should know and redefine

name Description
server_ip the public ip of server
server_domain the domain of server
pi_user username to log in RPi
pi_passwd password to log in RPi
server_user username to log in aliyun
server_passwd password to log in aliyun
server_port port to connect RPi and Aliyun
ssh_port port to connect PC and Aliyun

The server_ip, server_domain, users, passwords and ports in this wiki must be replace by yourself.
For example, replace “server_port” with 12345, and replace ssh_port with “10000” and so on.

This system is to be the data transfer station, must have a public IP(serverip) or domain(serverdomain).
Now, install the nginx, you can download the source code and compile it, or just use apt-get(yum for centos) to install, I choose the last one

$ sudo apt-get install nginx

after completion, the nginx is ready, if you compile the source by yourself, remember add the flag “--with-stream” when make.
Configure the nginx

$ sudo vim /etc/nginx/nginx.conf

add the lines at the end of file

stream {
	upstream ssh {
		server max_fails=3 fail_timeout=10s;
	server {
		listen ssh_port;
		proxy_connect_timeout 5s;
		proxy_timeout 720h;
		proxy_pass ssh;

save and quit editor. restart service nginx

$ sudo service nginx restart

The server is ready now.

Simply you can just input

ssh -vnNT -R server_port:localhost:22 server_name@server_ip

then it will ask you to input the server_passwd, input it and you can see the log message

debug1: Remote connections from LOCALHOST:server_port forwarded to local address localhost:22
debug1: Requesting
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype want_reply 0
debug1: Remote: Forwarding listen address "localhost" overridden by server GatewayPorts
debug1: remote forward success for: listen server_port, connect localhost:22
debug1: All remote forwarding requests processed

that message above means it success.
if you get “remote forward failed for: listen…” message or no log message, you should check the server configuration, as well as the Aliyun security strategy(add rule to allow the server_port in).

If you need to run the command when RPi power on, refer to:Run a Program On Your Raspberry Pi At Startup

Connect to the RPi when you need

ssh pi_user@server_domain -p ssh_port

  • Last modified: 2019/08/23 12:16