Windows服务器一般是使用RDP(RemoteDesktop)来进行远程控制,默认的端口号是3389,不过有时候因为安全的原因,我们希望关闭3389换用其他端口。
总结下,有以下几种方式,以默认端口3389修改成8933为例:
[推荐]注册表修改RDP的标准端口
打开注册表编辑器:开始-运行-输入regedit
依次找到如下Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
找到PortNumber,双击或者右键点击修改
修改你想要修改的端口号(十进制),就可以了(注意需要重启服务器生效)
使用WindowsServer自带的端口转发功能
利用端口转发,将来自3389的请求转发给本机的127.0.0.1的8933端口
以管理员身份打开命令提示符,输入如下命令:
netsh interface portproxy add v4tov4 listenport=8933 connectport=23389 connectaddress=127.0.0.1
netsh interface portproxy add v4tov4 listenport=8933 connectport=23389 connectaddress=127.0.0.1
netsh interface portproxy add v4tov4 listenport=8933 connectport=23389 connectaddress=127.0.0.1
利用nginx端口转发
nginx下,可以将来自新端口(8933)的RPP协议的TCP流量转发给本机的3389,配置文件示例如下:
nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events
{
worker_connections 1024;
}
stream
{
upstream mstsc
{
server 127.0.0.1:3389;
}
server
{
listen 8933;
proxy_pass mstsc;
}
}
http
{
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream mstsc
{
server 127.0.0.1:3389;
}
server
{
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location /
{
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html
{
root html;
}
}
}
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events
{
worker_connections 1024;
}
stream
{
upstream mstsc
{
server 127.0.0.1:3389;
}
server
{
listen 8933;
proxy_pass mstsc;
}
}
http
{
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream mstsc
{
server 127.0.0.1:3389;
}
server
{
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location /
{
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html
{
root html;
}
}
}
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events
{
worker_connections 1024;
}
stream
{
upstream mstsc
{
server 127.0.0.1:3389;
}
server
{
listen 8933;
proxy_pass mstsc;
}
}
http
{
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream mstsc
{
server 127.0.0.1:3389;
}
server
{
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location /
{
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html
{
root html;
}
}
}
注意事项
- 使用端口转发和nginx转发的方式,原来3389还是再用的,所以防火墙的规则还是要考虑的。例如允许内网白名单访问3389等等;
- 另外还要考虑开机启动的问题,要在开机的时候自动执行端口转发脚本,或者自动启动nginx
文章评论