🔥码云GVP开源项目 12k star Uniapp+ElementUI 功能强大 支持多语言、二开方便! 广告
# frp穿透和ssl续期 ## frp配置http和https,支持在通过域名访问本地服务,是开发小程序,app,公众号必备,能节省上传到服务器时间 - 准备工作 阿里云服务器一台,环境是centos或debian,已安装php环境,比如宝塔 nginx端口默认用了80,https默认是443 已备案顶级域名一个,已解析二级域名如: api.shanliwawa.top 假如服务器公网IP 9.9.9.9 本地客户端win10系统,运行php环境,端口80,服务器Apache+php,注意nginx会出错解析不了. - 下载frp 官方 <https://github.com/fatedier/frp/releases> ,下载很慢,可以用wget命令从阿里云下载然后传回本地,速度超快,我下载的百度云链接:<https://pan.baidu.com/s/1y93ICGadhURKkT0Mz4vX3A> 提取码:a1dv 服务器端选择 64位linux frp\_0.33.0\_linux\_amd64.tar.gz 客户端选windows64位 frp\_0.33.0\_windows\_amd64.zip - 服务器 服务器端只需要两个文件frps和frps.ini 解压到根目录下 frp文件夹 通过cd进入frp,进入目录执行,注意权限改为777 进入目录 `cd /frp` 启动命令 `nohup ./frps -c ./frps.ini &` **服务器端管理地址 <http://9.9.9.9:7500> 默认账号密码admin** frps.ini 配置如下,4443是通信端口,客户端也必须相同,8081是服务器端口,因为80被nginx占用了,我们要用服务器端nginx反向代理,代理配置如下 ``` <pre class="calibre14">``` <span class="token2">[</span>common<span class="token2">]</span> #通信端口 bind_port <span class="token">=</span> <span class="token3">4443</span> #http vhost_http_port <span class="token">=</span> <span class="token3">8081</span> #https vhost_https_port <span class="token">=</span> <span class="token3">8082</span> #泛解析<span class="token2">,</span>可以解析 <span class="token">*</span><span class="token2">.</span>api<span class="token2">.</span>shanliwawa<span class="token2">.</span>top subdomain_host <span class="token">=</span>api<span class="token2">.</span>shanliwawa<span class="token2">.</span>top #服务器面板配置账号密码 dashboard_port <span class="token">=</span> <span class="token3">7500</span> dashboard_user <span class="token">=</span> admin dashboard_pwd <span class="token">=</span> admin ``` ``` - nginx配置,反向代理配置,同一个服务器可以代理https和http只需要加两个server即可 ``` <pre class="calibre14">``` server <span class="token2">{</span> listen <span class="token3">80</span><span class="token2">;</span> server_name <span class="token">*</span><span class="token2">.</span>api<span class="token2">.</span>shanliwawa<span class="token2">.</span>top<span class="token2">;</span> location <span class="token">/</span> <span class="token2">{</span> proxy_pass http<span class="token2">:</span><span class="token">/</span><span class="token">/</span><span class="token3">127.0</span><span class="token3">.0</span><span class="token3">.1</span><span class="token2">:</span><span class="token3">8081</span><span class="token2">;</span> proxy_set_header Host $host<span class="token2">:</span><span class="token3">80</span><span class="token2">;</span> proxy_set_header X<span class="token">-</span>Real<span class="token">-</span>IP $remote_addr<span class="token2">;</span> proxy_set_header X<span class="token">-</span>Forwarded<span class="token">-</span>For $proxy_add_x_forwarded_for<span class="token2">;</span> proxy_hide_header X<span class="token">-</span>Powered<span class="token">-</span>By<span class="token2">;</span> <span class="token2">}</span> <span class="token2">}</span> server <span class="token2">{</span> listen <span class="token3">443</span> ssl http2<span class="token2">;</span> server_name we7<span class="token2">.</span>api<span class="token2">.</span>shanliwawa<span class="token2">.</span>top<span class="token2">;</span> <span class="token5">if</span> <span class="token2">(</span>$server_port <span class="token">!</span><span class="token">~</span> <span class="token3">443</span><span class="token2">)</span><span class="token2">{</span> rewrite <span class="token">^</span><span class="token2">(</span><span class="token">/</span><span class="token2">.</span><span class="token">*</span><span class="token2">)</span>$ https<span class="token2">:</span><span class="token">/</span><span class="token">/</span>$host$<span class="token3">1</span> permanent<span class="token2">;</span> <span class="token2">}</span> ssl_certificate <span class="token">/</span>www<span class="token">/</span>server<span class="token">/</span>panel<span class="token">/</span>vhost<span class="token">/</span>cert<span class="token">/</span>api<span class="token2">.</span>shanliwawa<span class="token2">.</span>top<span class="token">/</span>fullchain<span class="token2">.</span>pem<span class="token2">;</span> ssl_certificate_key <span class="token">/</span>www<span class="token">/</span>server<span class="token">/</span>panel<span class="token">/</span>vhost<span class="token">/</span>cert<span class="token">/</span>api<span class="token2">.</span>shanliwawa<span class="token2">.</span>top<span class="token">/</span>privkey<span class="token2">.</span>pem<span class="token2">;</span> ssl_protocols TLSv1 TLSv1<span class="token2">.</span><span class="token3">1</span> TLSv1<span class="token2">.</span><span class="token3">2</span> TLSv1<span class="token2">.</span><span class="token3">3</span><span class="token2">;</span> ssl_ciphers ECDHE<span class="token">-</span>RSA<span class="token">-</span>AES128<span class="token">-</span>GCM<span class="token">-</span>SHA256<span class="token2">:</span>HIGH<span class="token2">:</span><span class="token">!</span>aNULL<span class="token2">:</span><span class="token">!</span>MD5<span class="token2">:</span><span class="token">!</span>RC4<span class="token2">:</span><span class="token">!</span>DHE<span class="token2">;</span> ssl_prefer_server_ciphers on<span class="token2">;</span> ssl_session_cache shared<span class="token2">:</span>SSL<span class="token2">:</span><span class="token3">10</span>m<span class="token2">;</span> ssl_session_timeout <span class="token3">10</span>m<span class="token2">;</span> error_page <span class="token3">497</span> https<span class="token2">:</span><span class="token">/</span><span class="token">/</span>$host$request_uri<span class="token2">;</span> location <span class="token">/</span> <span class="token2">{</span> proxy_ssl_server_name on<span class="token2">;</span> proxy_set_header X<span class="token">-</span>Real<span class="token">-</span>IP $remote_addr<span class="token2">;</span> proxy_set_header X<span class="token">-</span>Forwarded<span class="token">-</span>For $proxy_add_x_forwarded_for<span class="token2">;</span> proxy_set_header X<span class="token">-</span>Forwarded<span class="token">-</span>Proto $scheme<span class="token2">;</span> proxy_set_header Host $host<span class="token2">;</span> proxy_pass https<span class="token2">:</span><span class="token">/</span><span class="token">/</span>we7<span class="token2">.</span>api<span class="token2">.</span>shanliwawa<span class="token2">.</span>top<span class="token2">:</span><span class="token3">8082</span><span class="token2">;</span> <span class="token2">}</span> <span class="token2">}</span> ``` ``` - 客户端配置 解压到D盘frp下,通过cd 进入到frp,只需要frpc和frpc.ini,配置如下,9.9.9.9是我的阿里云IP,4443和上边对应,启动命令: frpc -c frpc.ini 软件不能关闭,关闭就不能访问了 **客户端管理地址 <http://127.0.0.1:7400> 账号密码admin** ``` <pre class="calibre14">``` <span class="token2">[</span>common<span class="token2">]</span> server_addr <span class="token">=</span> <span class="token3">9.9</span><span class="token3">.9</span><span class="token3">.9</span> server_port <span class="token">=</span> <span class="token3">4443</span> #adminUI admin_addr <span class="token">=</span> <span class="token3">127.0</span><span class="token3">.0</span><span class="token3">.1</span> admin_port <span class="token">=</span> <span class="token3">7400</span> admin_user <span class="token">=</span> admin admin_pwd <span class="token">=</span> admin <span class="token2">[</span>web1<span class="token2">]</span> type <span class="token">=</span> http local_ip <span class="token">=</span> <span class="token3">127.0</span><span class="token3">.0</span><span class="token3">.1</span> local_port <span class="token">=</span> <span class="token3">80</span> subdomain <span class="token">=</span> home <span class="token2">[</span>web2<span class="token2">]</span> type <span class="token">=</span> https local_ip <span class="token">=</span> <span class="token3">127.0</span><span class="token3">.0</span><span class="token3">.1</span> local_port <span class="token">=</span> <span class="token3">443</span> subdomain <span class="token">=</span>we7 ``` ``` - 启动vbs脚本 ``` <pre class="calibre14">``` dim objShell set objShell<span class="token">=</span>wscript<span class="token2">.</span><span class="token1">createObject</span><span class="token2">(</span><span class="token4">"WScript.Shell"</span><span class="token2">)</span> msgbox <span class="token4">"启动frpc.exe进程成功"</span> iReturnCode<span class="token">=</span>objShell<span class="token2">.</span><span class="token1">Run</span><span class="token2">(</span><span class="token4">"C:\app\frp\frpc.exe -c C:\app\frp\frpc.ini"</span><span class="token2">,</span><span class="token3">0</span><span class="token2">,</span>TRUE<span class="token2">)</span> ``` ``` - 关闭vbs脚本 ``` <pre class="calibre14">``` <span class="token1">CreateObject</span><span class="token2">(</span><span class="token4">"WScript.Shell"</span><span class="token2">)</span><span class="token2">.</span>Run <span class="token4">"taskkill /f /im frpc.exe"</span><span class="token2">,</span> <span class="token3">0</span> msgbox <span class="token4">"关闭frpc.exe进程成功"</span> ``` ``` ## ssl配置 1. 登录 <https://www.sslforfree.com>,点击续期,中间一个,下载验证文件,放到本地,然后通过http方式访问; 2. 此时需要关闭本地服务器强制SSL,以及转发服务器配置文件第一个; 3. 剪切掉,然后保存,验证文件,然后下载得到三个文件; 4. 将ca\_bundle.crt复制到certificate.crt,得到两个证书;然后放到本地apache服务器; 5. 最后还需要将两个证书,部署到宝塔服务器ssl,主要是修改服务器配置文件,参考上边配置;