Frp 内网穿透配置总结

• 总体流程就是用nginx将三个服务8080，8888，32400配置https证书分别代理到三个端口：443，8443，9443
  再用frpc连接到frps将443，8443，9443上的服务穿透到外网，以下以百度的域名和ip为例:
• 服务器端（frps.ini）

[common]
bind_port = 7000
vhost_http_port = 80
vhost_https_port = 443

• 客户端（frpc）

[common]
server_addr = 14.215.177.38
server_port = 7000

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000

[web]
type = https
local_port = 443
custom_domains = www.baidu.com

[webmovie]
type = https
local_port = 8443
custom_domains = movie.baidu.com

[webpanel]
type = https
local_port = 9443
custom_domains = panel.baidu.com

• frpc端nginx转发

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        include /etc/nginx/default.d/*.conf;

        location / {
            # 将80所有请求端口转发到8080端口
            proxy_pass http://localhost:8080;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }


 server {
       # 在443端口监听
        listen       443 ssl http2;
        server_name  www.micocube.cn;

        ssl_certificate "/cert/1_baidu.com_bundle.crt";
        ssl_certificate_key "/cert/2_baidu.com.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        location / {
                add_header           Front-End-Https    on;
                add_header  Cache-Control "public, must-revalidate";
                add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
                # 代理8080端口
                proxy_pass  http://localhost:8080;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }



     server {
        # 在8443 端口监听
        listen       8443 ssl http2;
        server_name  movie.micocube.cn;

        ssl_certificate "/cert/1_movie.baidu.com_bundle.crt";
        ssl_certificate_key "/cert/2_movie.baidu.com.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        location / {
                add_header           Front-End-Https    on;
                add_header  Cache-Control "public, must-revalidate";
                add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
                # 代理32400端口
                proxy_pass  http://localhost:32400;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

     server {
        # 在9443端口监听
        listen       9443 ssl http2;
        server_name  panel.micocube.cn;

        ssl_certificate "/cert/1_panel.baidu.com_bundle.crt";
        ssl_certificate_key "/cert/2_panel.baidu.com.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        location / {
                add_header           Front-End-Https    on;
                add_header  Cache-Control "public, must-revalidate";
                add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
                # 代理8888端口
                proxy_pass  http://localhost:8888;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

}