frp配置http和https,支持在通过域名访问本地服务,是开发小程序,app,公众号必备,能节省上传到服务器时间

  • 准备工作
    阿里云服务器一台,环境是centos或debian,已安装php环境,比如宝塔
    nginx端口默认用了80,https默认是443
    已备案顶级域名一个,已解析二级域名如: api.shanliwawa.top
    假如服务器公网IP 9.9.9.9
    本地客户端win10系统,运行php环境,端口80,服务器Apache+php,注意nginx会出错解析不了.
  • 下载frp
    官方 https://github.com/fatedier/frp/releases ,下载很慢,可以用wget命令从阿里云下载然后传回本地,速度超快,我下载的百度云链接:https://pan.baidu.com/s/1y93ICGadhURKkT0Mz4vX3A
    提取码:a1dv
    服务器端选择 64位linux frp_0.33.0_linux_amd64.tar.gz
    客户端选windows64位 frp_0.33.0_windows_amd64.zip
  • 服务器
    服务器端只需要两个文件frps和frps.ini
    解压到根目录下 frp文件夹 通过cd进入frp,进入目录执行,注意权限改为777
    进入目录 cd /frp
    启动命令 nohup ./frps -c ./frps.ini &
    查看端口 ps -aux|grep frp| grep -v grep
    服务器端管理地址 http://9.9.9.9:7500 默认账号密码admin
    frps.ini 配置如下,4443是通信端口,客户端也必须相同,8081是服务器端口,因为80被nginx占用了,我们要用服务器端nginx反向代理,代理配置如下
    [common]
#通信端口
bind_port = 4443
#http
vhost_http_port = 8081
#https
vhost_https_port = 8082
#泛解析,可以解析  *.api.shanliwawa.top
subdomain_host =api.shanliwawa.top
#服务器面板配置账号密码
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin
  • nginx配置,反向代理配置,同一个服务器可以代理https和http只需要加两个server即可
    server
{
  listen 80;
  server_name *.api.shanliwawa.top;  
location / {
      proxy_pass http://127.0.0.1:8081;
      proxy_set_header    Host            $host:80;
      proxy_set_header    X-Real-IP       $remote_addr;
      proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_hide_header   X-Powered-By;
  }
}
server
{
  listen 443 ssl http2;
  server_name we7.api.shanliwawa.top;
  if ($server_port !~ 443){
      rewrite ^(/.*)$ https://$host$1 permanent;
  }
  ssl_certificate    /www/server/panel/vhost/cert/api.shanliwawa.top/fullchain.pem;
  ssl_certificate_key    /www/server/panel/vhost/cert/api.shanliwawa.top/privkey.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  error_page 497  https://$host$request_uri;
 location / {
      proxy_ssl_server_name on;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $host;
      proxy_pass https://we7.api.shanliwawa.top:8082;
}
}
  • 客户端配置
    解压到D盘frp下,通过cd 进入到frp,只需要frpc和frpc.ini,配置如下,9.9.9.9是我的阿里云IP,4443和上边对应,启动命令:
    frpc -c frpc.ini
    软件不能关闭,关闭就不能访问了
    客户端管理地址 http://127.0.0.1:7400 账号密码admin
    [common]
server_addr = 9.9.9.9
server_port = 4443
#adminUI
admin_addr = 127.0.0.1
admin_port = 7400
admin_user = admin
admin_pwd = admin
[web1]
type = http
local_ip = 127.0.0.1
local_port = 80
subdomain = home
[web2]
type = https
local_ip = 127.0.0.1
local_port = 443
subdomain  =we7
  • 启动vbs脚本
    dim objShell 
set objShell=wscript.createObject("WScript.Shell") 
msgbox "启动frpc.exe进程成功"
iReturnCode=objShell.Run("C:\app\frp\frpc.exe -c C:\app\frp\frpc.ini",0,TRUE)
  • 关闭vbs脚本
    CreateObject("WScript.Shell").Run "taskkill /f /im frpc.exe", 0
msgbox "关闭frpc.exe进程成功"

    ssl配置

  1. 登录 https://www.sslforfree.com,点击续期,中间一个,下载验证文件,放到本地,然后通过http方式访问;
  2. 此时需要关闭本地服务器强制SSL,以及转发服务器配置文件第一个;
  3. 剪切掉,然后保存,验证文件,然后下载得到三个文件;
  4. 将ca_bundle.crt复制到certificate.crt,得到两个证书;然后放到本地apache服务器;
  5. 最后还需要将两个证书,部署到宝塔服务器ssl,主要是修改服务器配置文件,参考上边配置;
文档更新时间: 2021-11-03 17:01   作者:Yoby