首先是我的架构,我使用购买的云服搭建frp服务器(例如为124.1.1.1)来穿透家里的内网环境。域名是在花生壳购买的,然后配置子域名后添加A记录指向我的云服务器的ip,云服务器的ip会穿透我的内网的设备。
使用ip直接访问是可以正常访问的,无论http还是https。但是如果用子域名(例如frp.writeor…)访问则会报非法阻断。但好像仅限于http协议,https使用域名是可以访问的。
解决办法是在frp服务器上安装nginx,将内网的http服务转变为https服务。
例如:在外网使用域名访问https://frp.writeor… ,请求到frp服务器则会将外网的https转换为http后转发给内网的http服务。具体nginx的配置等我有空去服务器上down下来
- 配置如下:
# For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 4096; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { listen 7401 ssl; server_name frp.writeor.top; ssl_certificate /etc/nginx/certificate.crt; ssl_certificate_key /etc/nginx/private.key; location / { proxy_pass http://127.0.0.1:7400/; #proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 7501 ssl; server_name frp.writeor.top; ssl_certificate /etc/nginx/certificate.crt; ssl_certificate_key /etc/nginx/private.key; location / { proxy_pass http://127.0.0.1:7500/; #proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 7861 ssl; server_name frp.writeor.top; ssl_certificate /etc/nginx/certificate.crt; ssl_certificate_key /etc/nginx/private.key; location / { proxy_pass http://127.0.0.1:7860/; } } server { listen 5245 ssl; server_name frp.writeor.top; ssl_certificate /etc/nginx/certificate.crt; ssl_certificate_key /etc/nginx/private.key; location / { proxy_pass http://127.0.0.1:5244/; #proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 5701 ssl; server_name frp.writeor.top; ssl_certificate /etc/nginx/certificate.crt; ssl_certificate_key /etc/nginx/private.key; location / { proxy_pass http://127.0.0.1:5700/; #proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } # Settings for a TLS enabled server. # # server { # listen 443 ssl http2; # listen [::]:443 ssl http2; # server_name _; # root /usr/share/nginx/html; # # ssl_certificate "/etc/pki/nginx/server.crt"; # ssl_certificate_key "/etc/pki/nginx/private/server.key"; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 10m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # # # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # # error_page 404 /404.html; # location = /40x.html { # } # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # } # } }server { listen 7401 ssl; server_name frp.writeor.top; ssl_certificate /etc/nginx/certificate.crt; ssl_certificate_key /etc/nginx/private.key; location / { proxy_pass http://127.0.0.1:7400/; #proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
比如上面这段,就是在外网访问https://ip地址 : 7401 则流量会跳转到内网的http://127.0.0.1:7400/;
