用 frp 做内网穿透,把内网的服务器开放到外网。 博主配置成功的网站:http://ip.isays.cn
其实只要给 nginx 增加一个简单的配置,就可以将某个域名的流量转发给 frp 了,还可以通过泛解析来映射不同的网站。
我的目的很简单,我简单描述下:
我在内网搭建的centos7 建了一个网站 本地访问ip是:10.0.0.182:999
我现在想要用这个域名zww.isays.cn 实现外网访问这个网站,不用加端口
配置 内网frpc客户端:
[common]
server_addr = frps服务端IP
server_port = 7000
token = isays.cn
protocol = kcp
log_file = ./frpc.log
log_level = info
log_max_days = 3[zww]
type = http
local_ip = 10.0.0.182
local_port = 999
subdomain = zww
server_addr = frps服务端IP
server_port = 7000
token = isays.cn
protocol = kcp
log_file = ./frpc.log
log_level = info
log_max_days = 3[zww]
type = http
local_ip = 10.0.0.182
local_port = 999
subdomain = zww
配置 nginx:
我的路径是:/www/server/nginx/conf/nginx.conf
在nginx.conf中http{ }里添加以下参数
server
{
listen 80;
listen 443 ssl;
server_name *.isays.cn; #我这里是泛域名解析 你们不需要泛域名可以这样填:zww.isays.cn#SSL-START SSL相关配置
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/nginx/conf/vhost/isays.cn.cer;#替换自己的证书路径
ssl_certificate_key /www/server/nginx/conf/vhost/isays.cn.key;#替换自己的证书路径
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;#SSL-END
location /
{
proxy_pass http://127.0.0.1:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;expires 12h;
}
#PROXY-END
}
{
listen 80;
listen 443 ssl;
server_name *.isays.cn; #我这里是泛域名解析 你们不需要泛域名可以这样填:zww.isays.cn#SSL-START SSL相关配置
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/nginx/conf/vhost/isays.cn.cer;#替换自己的证书路径
ssl_certificate_key /www/server/nginx/conf/vhost/isays.cn.key;#替换自己的证书路径
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;#SSL-END
location /
{
proxy_pass http://127.0.0.1:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;expires 12h;
}
#PROXY-END
}
设置完去重启nginx
这样就实现了,内网所有在*.isays.cn 下面的网站 不加端口访问,而且还是加密的HTTPS
内网不需要配置任何SSL证书。
PS:如果只想反代80端口配置如下:
server
{
listen 80;
server_name *.isays.cn;
location /
{
proxy_pass http://127.0.0.1:8090;#后面的端口是你frps服务端的http端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
expires 12h;
}
#PROXY-END
}
{
listen 80;
server_name *.isays.cn;
location /
{
proxy_pass http://127.0.0.1:8090;#后面的端口是你frps服务端的http端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
expires 12h;
}
#PROXY-END
}
最新评论