nginx反向代理frps frpc穿透

Post author:xfxia
Post published:2023年7月22日
Post category:其他

frps 和 nginx 在同一台机器，假设ip=192.168.166.17

1. frps服务器端配置

测试时，frps服务器跟nginx在同一台机器(192.168.166.17)，理论上可以不在同一台机器，nginx可以代理http请求，发给frps服务端。

frps.ini

  # frps.ini
  [common]
  bind_port = 7000
  vhost_http_port = 8080

启动frps

./frps -c http.ini

2. nginx设置tls负责接受连接解密https，转发到后端给 frps，frps转给frpc，frpc转给最终业务服务器

[root@localhost tstnginx]# cat conf/nginx.conf
user  nobody nobody;
worker_processes 2;

error_log  /opt/frps-https-server/tstnginx/logs/error.log;
pid        /opt/frps-https-server/tstnginx/nginx.pid;

events {
    use epoll;
    worker_connections  10240;
}

http {
    include       mime.types;
    add_header X-Frame-Options SAMEORIGIN;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr $connection/$connection_requests $remote_user [$time_local] $request_length "$request" $status '
                      '"$request_time/$upstream_response_time" "$body_bytes_sent/$content_length" "$http_x_forwarded_for" $upstream_addr '
                      '"$http_referer" "$http_user_agent"';

    sendfile        on;
    server_tokens off;
    keepalive_timeout  1800;
    keepalive_requests 99999;
    client_max_body_size 8000m;
    gzip  on;
    gzip_http_version 1.0;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript application/json;
    gzip_disable msie6;
    aio threads;
    
    include /opt/frps-https-server/tstnginx/conf/conf.d/*.conf;
}

[root@localhost tstnginx]# cat conf/conf.d/ngx_ap.conf 
server {
	listen      8443;
	server_name 192.168.166.17;
	access_log  /opt/frps-https-server/tstnginx/logs/access_1.log  main;
	aio threads;
	ssl on;
	ssl_certificate       /opt/frps-https-server/tstnginx/server-crt/server.crt;
	ssl_certificate_key   /opt/frps-https-server/tstnginx/server-crt/server.key;
	ssl_session_cache    shared:SSL:250m;
	ssl_session_timeout  30m; 

   location / {
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Scheme  $scheme;
           proxy_pass http://127.0.0.1:8080; #会访问frpc代理的后端服务器 / 接口
      }
    location /vpre {
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Scheme  $scheme;
           proxy_pass http://127.0.0.1:8080/vpre; #会访问frpc代理的后端服务器 /vpre 接口
      }
}

3. 启动nginx

[root@localhost tstnginx]# sbin/fnginx -p /opt/frps-https-server/tstnginx/

4. 启动frpc和后端服务

假设frpc客户端+后端服务在 192.168.166.11 服务器。

配置 frpc 客户端连接 frps 服务端。

# frpc.ini
[common]
server_addr = 192.168.166.17
server_port = 7000

[web]
type = http
local_port = 8080
custom_domains = www.myhttp.com

5. 166.11 启动http服务，因为nginx已经代理https加解密，此服务无需加https

6. 输入地址访问内网被代理服务

https://www.myhttp.com:8443/vpre

访问前，当前主机dns解析需要加入映射 192.168.166.17

www.myhttp.com

在这里插入图片描述

7. 数据流说明

这里可以看到访问的是166.17nginx,但是实际访问的服务是166.11上面的http服务.

数据流逻辑: nginx —> frps —> frpc —> http

原文链接：https://blog.csdn.net/andylau00j/article/details/86579658