frps 和 nginx 在同一台机器,假设ip=192.168.166.17
1. frps服务器端配置
测试时,frps服务器跟nginx在同一台机器(192.168.166.17),理论上可以不在同一台机器,nginx可以代理http请求,发给frps服务端。
frps.ini
# frps.ini
[common]
bind_port = 7000
vhost_http_port = 8080
启动frps
./frps -c http.ini
2. nginx设置tls负责接受连接解密https,转发到后端 给 frps,frps转给frpc,frpc转给最终业务服务器
[root@localhost tstnginx]# cat conf/nginx.conf
user nobody nobody;
worker_processes 2;
error_log /opt/frps-https-server/tstnginx/logs/error.log;
pid /opt/frps-https-server/tstnginx/nginx.pid;
events {
use epoll;
worker_connections 10240;
}
http {
include mime.types;
add_header X-Frame-Options SAMEORIGIN;
default_type application/octet-stream;
log_format main '$remote_addr $connection/$connection_requests $remote_user [$time_local] $request_length "$request" $status '
'"$request_time/$upstream_response_time" "$body_bytes_sent/$content_length" "$http_x_forwarded_for" $upstream_addr '
'"$http_referer" "$http_user_agent"';
sendfile on;
server_tokens off;
keepalive_timeout 1800;
keepalive_requests 99999;
client_max_body_size 8000m;
gzip on;
gzip_http_version 1.0;
gzip_comp_level 6;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript application/json;
gzip_disable msie6;
aio threads;
include /opt/frps-https-server/tstnginx/conf/conf.d/*.conf;
}
[root@localhost tstnginx]# cat conf/conf.d/ngx_ap.conf
server {
listen 8443;
server_name 192.168.166.17;
access_log /opt/frps-https-server/tstnginx/logs/access_1.log main;
aio threads;
ssl on;
ssl_certificate /opt/frps-https-server/tstnginx/server-crt/server.crt;
ssl_certificate_key /opt/frps-https-server/tstnginx/server-crt/server.key;
ssl_session_cache shared:SSL:250m;
ssl_session_timeout 30m;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_pass http://127.0.0.1:8080; #会访问frpc代理的后端服务器 / 接口
}
location /vpre {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_pass http://127.0.0.1:8080/vpre; #会访问frpc代理的后端服务器 /vpre 接口
}
}
3. 启动nginx
[root@localhost tstnginx]# sbin/fnginx -p /opt/frps-https-server/tstnginx/
4. 启动frpc和后端服务
假设frpc客户端+后端服务在 192.168.166.11 服务器。
配置 frpc 客户端连接 frps 服务端。
# frpc.ini
[common]
server_addr = 192.168.166.17
server_port = 7000
[web]
type = http
local_port = 8080
custom_domains = www.myhttp.com
5. 166.11 启动http服务,因为nginx已经代理https加解密,此服务无需加https
6. 输入地址访问内网被代理服务
https://www.myhttp.com:8443/vpre
访问前,当前主机dns解析需要加入映射 192.168.166.17
www.myhttp.com
7. 数据流说明
这里可以看到访问的是166.17nginx,但是实际访问的服务是166.11上面的http服务.
数据流逻辑: nginx —> frps —> frpc —> http
版权声明:本文为andylau00j原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。