1. 背景
使用https将本地的HomeAssistant服务转发到公网上,实现远程https和无端口访问。当然也可以转发任意其他服务。
阿里云ECS Ubuntu 16.04 分配有公网IP <A.B.C.D> //有公网IP的服务器均可
本地树莓派在局域网内运行HomeAssistant <192.168.1.233:8123>
2. 安装配置FRPS
在ECS上执行:
cd ~
mkdir software
cd software
wget https://github.com/fatedier/frp/releases/download/v0.22.0/frp_0.22.0_linux_amd64.tar.gz
tar -xzvf frp_0.22.0_linux_amd64.tar.gz
mv frp_0.22.0_linux_amd64.tar.gz frps
cd frps
nano frps.ini
frps.ini 文件配置:
[common]
bind_addr = 0.0.0.0
bind_port = 7000
vhost_http_port = 7080
vhost_https_port = 7443
dashboard_port = 7500
dashboard_user = your_account
dashboard_pwd = your_pwd
authentication_timeout = 900
token = your_token
frps开机自动启动:(引用:FRP自启动)
cd ~
apt install supervisor
cd /etc/supervisor/conf.d
nano frps.conf
frps.conf文件内容:
[program:frp]
command = /root/niji/frps/frps -c /root/niji/frps/frps.ini
autostart = true
# 重启supervisor
systemctl restart supervisor
# 查看supervisor运行状态
supervisorctl status
3. 安装配置FRPC
在本地运行HomeAssistant的树莓派上执行:
cd ~
mkdir software
cd software
wget https://github.com/fatedier/frp/releases/download/v0.22.0/frp_0.22.0_linux_amd64.tar.gz
tar -xzvf frp_0.22.0_linux_amd64.tar.gz
mv frp_0.22.0_linux_amd64.tar.gz frpc
cd frpc
nano frpc.ini
frps.ini 文件配置:
[common]
server_addr = <A.B.C.D>
server_port = 7000
token = your_token
[homeassistant]
type = tcp
local_ip = 127.0.0.1
local_port = 8123
remote_port = 9000
custom_domains = your_website.com //自己的域名,并且解析到ECS的公网IP
4. 安装配置NGINX
在ECS上执行:
cd ~
cd software
apt update
apt upgrade
apt install nginx
#NGINX开机启动
systemctl enable nginx
#NGINX的配置文件在/etc/nginx下
cd /etc/nginx
cd sites-enabled
#新建一个配置文件,文件名可以为网站的域名
touch your_website.com
nano your_website.com
在阿里云申请域名ssl证书:(可参考:为阿里云域名配置免费SSL支持https加密访问简单教程 - 代码小飞龙 - 博客园)
your_website.com文件的配置:
server {
listen 80;
server_name your_website.com;
location / {
rewrite ^ https://your_website.com$request_uri? permanent;
}
}
server {
listen 443;
server_name your_website.com;
ssl on;
ssl_certificate cert/your_website.com.pem;
ssl_certificate_key cert/your_website.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
proxy_set_header X-Forwarded-For $remote_addr;
location /api/websocket {
#端口写的和frpc.ini中一致
proxy_pass http://127.0.0.1:9000/api/websocket;
proxy_read_timeout 60s;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'Upgrade';
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_buffering off;
proxy_pass http://127.0.0.1:9000;
}
}
#检查NGINX配置文件是否正确
nginx -t
#加载NGINX配置文件
nginx -s reload
网友评论