前言:
frp通常用于内部网映射,并支持tcp/http等。 常见做法是,在公共网络的服务器上构建FRPS (服务),在内部网的本地计算机上构建frpc (客户端),流量访问公共网络的ip端口) 同时,frpc也可以指向另一个frpc
通用域名使用. acme.sh生成let's Encrypt的免费ssl证书
1、frps服务端配置(公网服务器)
sudo vim /etc/frp/frps.ini
[ common ] bind _ addr=0.0.0.0bind _ port=15369 #服务器端frps,客户端为此端口log _ file=/tmp/frps.loglog
sudo vim /etc/frp/frpc.ini
[common]server_addr=#公共服务器IP server _ port=15369 [ wx-page _ HTT S2 http ] type=http custom _ domains=# nginx部署的域名. Baidu.com local _ IP=192.168.1.7 local _ port=327783,此时配置连接即可通过http访问,需要访问https
SDO vim/etc/nginx/conf.d/FRP.conf
服务器{ listen 443 SSL; server_name *.baidu.com; underscores_in_headers on; SSL _ certificate/root/. acme.sh/Baidu.com/full chain.cer; SSL _ certificate _ key/root/. acme.sh/Baidu.com/Baidu.com.key; ssl_session_timeout 5m; SSL _ protocolstlsv1tlsv 1.1 tlsv 1.2; SSL _ ciphersecdhe-RSA-AE s128-GCM-sha 2563360 ECD he : ecdh : AES 3360 high : 空: aNULL: MD5: ADH: RC4; ssl_prefer_server_ciphers on; add _ headerx-cache $ upstream _ cache _ status; expires 12h; 位置/{ proxy _ redirect off; proxy_set_header Host $host; # proxy _ set _ header host $ http _ host; proxy _ set _ headerx-real-IP $ remote _ addr; proxy _ set _ headerx-forwarded-for $ proxy _ add _ x _ forwarded _ for; proxy _ set _ headerx -前向- proto $ scheme; proxy _ set _ headerx -前向-协议$方案; proxy _ set _ headerx-URL -方案$方案; WSS proxy _ http _版本1.1; proxy _ set _ header upgrade $ http _ upgrade; proxy _ set _ header connection ' upgrade '; proxy _ pass http://127.0.0.1:8090; access _ log/var/log/nginx/frps.access.log; error _ log/var/log/nginx/frps.error.log; }