Nginx+Frp+Docker实现HTTPS内网穿透

kyaa111 6月前 ⋅ 218 阅读

内网穿透实用性非常强, 例如支付回调/访问内网数据库

域名dns需要解析到服务器地址

frp下载地址

https://github.com/fatedier/frp/releases

下载这两个文件

frp_0.38.0_linux_amd64.tar.gz

frp_0.38.0_windows_amd64.zip

服务端Nginx配置

server {
    listen 80;
    server_name qqqqqqqqq.22xcode.com;
    rewrite ^(.*)$  https://$host$1 permanent;
}
server {
    listen       443 ssl;
    server_name  qqqqqqqqq.22xcode.com;

    ssl_certificate "qqqqqqqqq.22xcode.com.pem";
    ssl_certificate_key "qqqqqqqqq.22xcode.com.key";

    ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
      
        location / {
            proxy_pass http://localhost:7090;
            # 跨域配置
            add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
            add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
            tcp_nodelay     on;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP       $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Scheme  $scheme;
            # 也可以选择配个错误处理页 以下三个配置为可选项
            root /usr/share/nginx/html;
            error_page 502 /502.html;
            location = /502.html {
            }
        }
}

服务端frp配置 frps.ini

[common]
#用于客户端连接, 服务器应该暴露此端口
bind_port = 7000
vhost_http_port = 7090
#连接池
max_pool_count = 5
#token验证
token = qqqqqqqqq
subdomain_host = qqqqqqqqq.22xcode.com

[aaaa@aaaaaa ~]$ ./frps -c ./frps.ini

客户端frp配置 frpc.ini

[common]
server_addr = xx.xx.xx.xx
server_port = 7000
token = qqqqqqqqq

[httpsname]
type = http
local_port = 8073
local_ip = 127.0.0.1
custom_domains = qqqqqqqqq.22xcode.com

[aaaa@aaaaaa ~]$ ./frpc -c ./frpc.ini

Docker部署

目录结构

[aaaa@aaaaaa ~]$ tree
.
├── Dockerfile
└── frp
    ├── frps
    ├── frps_full.ini
    ├── frps.ini
    ├── frps.log
    ├── LICENSE
    └── systemd
        ├── frpc.service
        ├── frpc@.service
        ├── frps.service
        └── frps@.service

Dockerfile

FROM centos:8
COPY frp/ /root/frp/
CMD ["/root/frp/frps","-c","/root/frp/frps.ini"]
EXPOSE 7000
EXPOSE 7090

构建镜像

docker build -t docker-frp .

运行

配置文件挂载 方便改配置

docker run --name docker-frp -p 7000:7000 -p 7090:7090 -v /usr/local/frp/frps.ini:/root/frp/frps.ini -d docker-frp

钉钉的免费穿透服务

https://developers.dingtalk.com/document/resourcedownload/http-intranet-penetration?pnamespace=app