2018-08-24 frp+nginx 反向代理https

只是在nginx作为https,内部网络仍然是采用的http,配置server

map $http_x_forwarded_for $clientRealip {
   "" $remote_addr;
   ~^(?P[0-9\.]+),?.*$  $firstAddr;
}

 #配置https
server {
    listen 443;
    server_name one.domain.cn;
    ssl on;
    root html;
    index index.html index.htm;
    ssl_certificate   cert/hehe.pem;
    ssl_certificate_key  cert/hehe.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $clientRealip;  # $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

#配置一般的域名    
server {
       listen 80;
       server_name tow.domain.cn;  #为frp的控制台绑定一个域名，这样你就可以用http:// tow.domain.cn访问你的控制台了
       location / {
           proxy_pass http://127.0.0.1:8888;  #此处的6443就是你安装frp时设置的dashboard_port端口
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $clientRealip;  # $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
}

#配置通用的域名    
server {
       listen 80;
       server_name *.domain.cn; #将所有的domain.cn子域名都绑定，这样就不用客户端填写一个你设置一个了，这样你可以用http://lisi-route.domain.cn或http://zhangsan-route.domain.cn访问你的穿透服务了。
       location / {
           proxy_pass http://127.0.0.1:8080; #此处的7080就是你安装frp时设置的vhost_http_port端口
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $clientRealip;  # $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
}

值得注意的是nginx只写下面这个会报错的

  proxy_pass http://127.0.0.1:8080;

必须加上这些才行,什么意思我还要去看看

map $http_x_forwarded_for $clientRealip {
   "" $remote_addr;
   ~^(?P[0-9\.]+),?.*$  $firstAddr;
}
...
proxy_set_header Host $host;
proxy_set_header X-Real-IP $clientRealip;  # $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;