关于 frp+nginx实现内网穿透+共用端口
首先 frps 和 frpc 对比
[common]
bind_addr = 0.0.0.0
#bind_port frp链接的端口 首先必须在安全组开放端口,其次,访问时 客户端要和服务端一致
bind_port = 7000
#vhost_http_port :是自定义的 与客户端无关 如果定义为8000,首先必须在安全组开放端口,其次,访问时 要加端口8000 ,80默认不写
vhost_http_port = 80
vhost_https_port = 443
dashboard_port = 7500
dashboard_pwd = admin
[web01]
type = http
auth_token = admin
custom_domains = www.rjgcs.xyz
==================================
[common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
#要和frps ip保持一致
server_addr = 39.105.212.161
#frps的链接端口7000
server_port = 7000
# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
[web01]
type = http
local_ip = 127.0.0.1
local_port = 80
auth_token = admin
#通过frps 域名 + 自定义访问端口(frps配置文件中的自定义端口)穿透到frpc中对应的 web01 ,并映射到frpc 127.0.0.1 80端口 ,然后根据后缀本地跳转对应的tomcat
custom_domains = www.rjgcs.xyz
============
再看nginx
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 50M;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
listen 80;
#server_name www.rjgcs.xyz;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
//下面是https的部分
server {
listen 80;#这里是http的80端口
server_name www.rjgcs.xyz;
location /rzhy/ {
proxy_pass http://127.0.0.1:8081/rzhy/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors on;
}
location /mrjc/ {
proxy_pass http://127.0.0.1:8083/mrjc/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors on;
}
}
server {
listen 443;#外网和内网都用443
server_name www.rjgcs.xyz;#外网服务的域名
ssl on;
ssl_certificate cert/www.rjgcs.xyz.pem;#这里是证书 这里的nginx也要安装证书 多个tomcat可以共用一个域名,以项目后缀区分
ssl_certificate_key cert/www.rjgcs.xyz.key;#这里是证书
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /rzhy/ { #也可以多个项目共用一个tomcat 就不需要改8443了
proxy_pass https://127.0.0.1:18443/rzhy/;#根据请求后缀 跳转 这里两个tomcat分别改为 18443 ,28443
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors on;
}
location /mrjc/ {
proxy_pass https://127.0.0.1:28443/mrjc/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors on;
}
}
}
更多推荐
所有评论(0)