frp穿透和ssl续期 · 万能Web开发文档笔记

# frp穿透和ssl续期 ## frp配置http和https,支持在通过域名访问本地服务,是开发小程序,app,公众号必备,能节省上传到服务器时间 - 准备工作阿里云服务器一台,环境是centos或debian,已安装php环境,比如宝塔 nginx端口默认用了80,https默认是443 已备案顶级域名一个,已解析二级域名如: api.shanliwawa.top 假如服务器公网IP 9.9.9.9 本地客户端win10系统,运行php环境,端口80,服务器Apache+php,注意nginx会出错解析不了. - 下载frp 官方 <https://github.com/fatedier/frp/releases> ,下载很慢,可以用wget命令从阿里云下载然后传回本地,速度超快,我下载的百度云链接：<https://pan.baidu.com/s/1y93ICGadhURKkT0Mz4vX3A> 提取码：a1dv 服务器端选择 64位linux frp\_0.33.0\_linux\_amd64.tar.gz 客户端选windows64位 frp\_0.33.0\_windows\_amd64.zip - 服务器服务器端只需要两个文件frps和frps.ini 解压到根目录下 frp文件夹通过cd进入frp,进入目录执行,注意权限改为777 进入目录 `cd /frp` 启动命令 `nohup ./frps -c ./frps.ini &` **服务器端管理地址 <http://9.9.9.9:7500> 默认账号密码admin** frps.ini 配置如下,4443是通信端口,客户端也必须相同,8081是服务器端口,因为80被nginx占用了,我们要用服务器端nginx反向代理,代理配置如下 ``` <pre class="calibre14">``` [common] #通信端口 bind_port = 4443 #http vhost_http_port = 8081 #https vhost_https_port = 8082 #泛解析,可以解析 *.api.shanliwawa.top subdomain_host =api.shanliwawa.top #服务器面板配置账号密码 dashboard_port = 7500 dashboard_user = admin dashboard_pwd = admin ``` ``` - nginx配置,反向代理配置,同一个服务器可以代理https和http只需要加两个server即可 ``` <pre class="calibre14">``` server { listen 80; server_name *.api.shanliwawa.top; location / { proxy_pass http://127.0.0.1:8081; proxy_set_header Host $host:80; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_hide_header X-Powered-By; } } server { listen 443 ssl http2; server_name we7.api.shanliwawa.top; if ($server_port !~ 443){ rewrite ^(/.*)$ https://$host$1 permanent; } ssl_certificate /www/server/panel/vhost/cert/api.shanliwawa.top/fullchain.pem; ssl_certificate_key /www/server/panel/vhost/cert/api.shanliwawa.top/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; error_page 497 https://$host$request_uri; location / { proxy_ssl_server_name on; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_pass https://we7.api.shanliwawa.top:8082; } } ``` ``` - 客户端配置解压到D盘frp下,通过cd 进入到frp,只需要frpc和frpc.ini,配置如下,9.9.9.9是我的阿里云IP,4443和上边对应,启动命令: frpc -c frpc.ini 软件不能关闭,关闭就不能访问了 **客户端管理地址 <http://127.0.0.1:7400> 账号密码admin** ``` <pre class="calibre14">``` [common] server_addr = 9.9.9.9 server_port = 4443 #adminUI admin_addr = 127.0.0.1 admin_port = 7400 admin_user = admin admin_pwd = admin [web1] type = http local_ip = 127.0.0.1 local_port = 80 subdomain = home [web2] type = https local_ip = 127.0.0.1 local_port = 443 subdomain =we7 ``` ``` - 启动vbs脚本 ``` <pre class="calibre14">``` dim objShell set objShell=wscript.createObject("WScript.Shell") msgbox "启动frpc.exe进程成功" iReturnCode=objShell.Run("C:\app\frp\frpc.exe -c C:\app\frp\frpc.ini",0,TRUE) ``` ``` - 关闭vbs脚本 ``` <pre class="calibre14">``` CreateObject("WScript.Shell").Run "taskkill /f /im frpc.exe", 0 msgbox "关闭frpc.exe进程成功" ``` ``` ## ssl配置 1. 登录 <https://www.sslforfree.com>,点击续期,中间一个,下载验证文件,放到本地,然后通过http方式访问; 2. 此时需要关闭本地服务器强制SSL,以及转发服务器配置文件第一个; 3. 剪切掉,然后保存,验证文件,然后下载得到三个文件; 4. 将ca\_bundle.crt复制到certificate.crt,得到两个证书;然后放到本地apache服务器; 5. 最后还需要将两个证书,部署到宝塔服务器ssl,主要是修改服务器配置文件,参考上边配置;