使用frp进行内网http/https代理

获取

官方项目地址：https://github.com/fatedier/frp

www.hewei.work A 记录配置公网ip x.x.x.x

服务端安全组放开80 443 7000端口

服务端配置（x.x.x.x）

[common]

bind_port = 7000

vhost_http_port = 80

vhost_https_port = 443

token = hyc

[http_web]

type = http

custom_domains = www.hewei.work

[https_web]

type = https

custom_domains = www.hewei.work

开机启动

配置systemctl来控制，服务端运行

vim新建文件并写入配置内容

vim /usr/lib/systemd/system/frp.service

写入以下内容，注意上文移动放置的路径和此处有关。这里是启动的服务端。

[Unit]

Description=The nginx HTTP and reverse proxy server

After=network.target remote-fs.target nss-lookup.target

[Service]

Type=simple

ExecStart=/usr/local/frp/frps -c /usr/local/frp/frps.ini

KillSignal=SIGQUIT

TimeoutStopSec=5

KillMode=process

PrivateTmp=true

StandardOutput=syslog

StandardError=inherit

[Install]

WantedBy=multi-user.target

重新加载服务的配置文件

systemctl daemon-reload

启动/停止/重启，查看状态，设置开机自启/关闭开机自启

systemctl start frp

systemctl status frp

systemctl enable frp

systemctl disable frp

客户端配置（172.118.59.84）

[common]

server_addr = x.x.x.x

server_port = 7000

token= hyc

[http_web]

type = http

local_ip = 172.118.59.84

local_port = 8000

custom_domains = www.hewei.work

[https_web]

type = https

local_ip = 172.118.59.84

local_port = 4433

custom_domains = www.hewei.work

后台启动客户端

nohup ./frpc -c ./frpc.ini &

访问

http://www.hewei.work/

https://www.hewei.work/

配置nginx

server {

        listen      80;

        #listen      [::]:80;

        listen      443 ssl http2;

        #listen      [::]:443 ssl http2;

        server_name  www.hewei.work,www.kivvipos.com;

        root        /usr/share/nginx/html;

        # Settings for a TLS enabled server.

        if ($server_port !~ 443){

            rewrite ^(/.*)$ https://$host$1 permanent;

        }

        proxy_connect_timeout 180;

        proxy_send_timeout 180;

        proxy_read_timeout 180;

        proxy_set_header Host $host;

        proxy_set_header X-Forwarder-For $remote_addr;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection "Upgrade";

        ssl_certificate "/etc/nginx/hewei.work_nginx/hewei.work_bundle.crt";

        ssl_certificate_key "/etc/nginx/hewei.work_nginx/hewei.work.key";

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

        ssl_session_cache shared:SSL:1m;

        ssl_session_timeout  10m;

        ssl_ciphers HIGH:!aNULL:!MD5;

        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;

        location / {

            #proxy_pass http://www.hewei.work;

            proxy_pass http://127.0.0.1:8080/;

        }

        error_page 404 /404.html;

        location = /404.html {

        }

        error_page 500 502 503 504 /50x.html;

        location = /50x.html {

        }

    }

注意项：

参考：

https://developer.aliyun.com/article/853534?spm=ding_open_doc.document.0.0.14bc722fV6pBDC

https://zhuanlan.zhihu.com/p/371234742

http://blog.zhaojishun.cn/articles/2021/03/26/1616753494067.html