Frp + Nginx reverse proxy

frp server 配置

[common]
#服务端监听端口, 接收 frpc 的连接
bind_port = 7000
#为 HTTP 类型代理监听的端口
vhost_http_port = 8080

#启用 Dashboard 监听的本地端口
dashboard_port = 7500
#HTTP BasicAuth 用户名	
dashboard_user = admin
#HTTP BasicAuth 密码
dashboard_pwd = a12345678

frp 服务开机启动配置

vim /etc/systemd/system/frps.service

[Unit]
# 服务名称，可自定义
Description = frp server
After = network.target syslog.target
Wants = network.target

[Service]
Type = simple
# 启动frps的命令，需修改为您的frps的安装路径
ExecStart = /path/to/frps -c /path/to/frps.ini

[Install]
WantedBy = multi-user.target

# 启动frp
systemctl start frps
# 停止frp
systemctl stop frps
# 重启frp
systemctl restart frps
# 查看frp状态
systemctl status frps

开机自启动

systemctl enable frps

frp客户端配置

server_addr = x.x.x.x
server_port = 7000


[web]
type = http
local_port = 8080
custom_domains = 域名/ip

Nginx 转发

location / {
   proxy_pass http://127.0.0.1:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
}

配置HTTPS

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxxx.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxx.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

80端口重定向

server {
    if ($host = 域名) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen 80 ;
	listen [::]:80 ;
    server_name 域名;
    return 404; # managed by Certbot
}

注意事项

1、服务器端口是否开启