只是在nginx作为https,内部网络仍然是采用的http,配置server
map $http_x_forwarded_for $clientRealip {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
#配置https
server {
listen 443;
server_name one.domain.cn;
ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/hehe.pem;
ssl_certificate_key cert/hehe.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $clientRealip; # $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#配置一般的域名
server {
listen 80;
server_name tow.domain.cn; #为frp的控制台绑定一个域名,这样你就可以用http:// tow.domain.cn访问你的控制台了
location / {
proxy_pass http://127.0.0.1:8888; #此处的6443就是你安装frp时设置的dashboard_port端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $clientRealip; # $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#配置通用的域名
server {
listen 80;
server_name *.domain.cn; #将所有的domain.cn子域名都绑定,这样就不用客户端填写一个你设置一个了,这样你可以用http://lisi-route.domain.cn或http://zhangsan-route.domain.cn访问你的穿透服务了。
location / {
proxy_pass http://127.0.0.1:8080; #此处的7080就是你安装frp时设置的vhost_http_port端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $clientRealip; # $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
值得注意的是nginx只写下面这个会报错的
proxy_pass http://127.0.0.1:8080;
必须加上这些才行,什么意思我还要去看看
map $http_x_forwarded_for $clientRealip {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
...
proxy_set_header Host $host;
proxy_set_header X-Real-IP $clientRealip; # $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
网友评论