- 总体流程就是用nginx将三个服务8080,8888,32400配置https证书分别代理到三个端口:443,8443,9443
再用frpc连接到frps将443,8443,9443上的服务穿透到外网,以下以百度的域名和ip为例:
- 服务器端(frps.ini)
[common]
bind_port = 7000
vhost_http_port = 80
vhost_https_port = 443
[common]
server_addr = 14.215.177.38
server_port = 7000
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
[web]
type = https
local_port = 443
custom_domains = www.baidu.com
[webmovie]
type = https
local_port = 8443
custom_domains = movie.baidu.com
[webpanel]
type = https
local_port = 9443
custom_domains = panel.baidu.com
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
# 将80所有请求端口转发到8080端口
proxy_pass http://localhost:8080;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
# 在443端口监听
listen 443 ssl http2;
server_name www.micocube.cn;
ssl_certificate "/cert/1_baidu.com_bundle.crt";
ssl_certificate_key "/cert/2_baidu.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
add_header Front-End-Https on;
add_header Cache-Control "public, must-revalidate";
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
# 代理8080端口
proxy_pass http://localhost:8080;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
# 在8443 端口监听
listen 8443 ssl http2;
server_name movie.micocube.cn;
ssl_certificate "/cert/1_movie.baidu.com_bundle.crt";
ssl_certificate_key "/cert/2_movie.baidu.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
add_header Front-End-Https on;
add_header Cache-Control "public, must-revalidate";
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
# 代理32400端口
proxy_pass http://localhost:32400;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
# 在9443端口监听
listen 9443 ssl http2;
server_name panel.micocube.cn;
ssl_certificate "/cert/1_panel.baidu.com_bundle.crt";
ssl_certificate_key "/cert/2_panel.baidu.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
add_header Front-End-Https on;
add_header Cache-Control "public, must-revalidate";
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
# 代理8888端口
proxy_pass http://localhost:8888;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
网友评论