前言:
frp通常用来做内网映射,支持tcp/http等,常见做法,在公网服务器搭建frps(service),在内网本地机子搭建frpc(client),流量通过访问公网ip+端口(绑定的frps),经过frps转发到fprc客户端,同时frpc还可以再指向别的机子。
泛域名 使用.acme.sh 生成let's Encrypt免费的ssl证书
1、frps服务端配置(公网服务器)
sudo vim /etc/frp/frps.ini
[common]
bind_addr = 0.0.0.0
bind_port = 15369 #服务端的frps ,客户端需要连接绑定这个端口
log_file = /tmp/frps.log
log_level = trace
log_max_days = 3
vhost_http_port=8090 #nginx代理到这个端口指向frp
vhost_https_port=4430
2、frpc客户端配置(内网本地机子)
sudo vim /etc/frp/frpc.ini
[common]
server_addr = #公网服务器ip
server_port = 15369
[wx-page_htts2http]
type = http
custom_domains = #nginx配置的域名(泛域名)*.baidu.com
local_ip = 192.168.1.7
local_port = 32778
3、此时配置完连通可以用http访问,如果需要访问https需要在公网服务器加上nginx配置
sudo vim /etc/nginx/conf.d/frp.conf
server {
listen 443 ssl;
server_name *.baidu.com;
underscores_in_headers on;
ssl_certificate /root/.acme.sh/baidu.com/fullchain.cer;
ssl_certificate_key /root/.acme.sh/baidu.com/baidu.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSV1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
add_header X-Cache $upstream_cache_status;expires 12h;
location / {
proxy_redirect off;
proxy_set_header Host $host;
#proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Url-Scheme $scheme;
#以下三行配置wss
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8090;
access_log /var/log/nginx/frps.access.log;
error_log /var/log/nginx/frps.error.log;
}
}