0x00 准备工作
-
LNMP环境
-
已经安装好nextcloud并能够正常访问,安装过程:https://conimi.com/archives/69
-
单端口多域名,80端口访问http,443端口访问https
-
一台具有公网IP的服务器
注意(可忽略,仅作为个人笔记):
-
由于树莓派一般处于局域网内,因此要通过域名访问可通过修改本地host文件,然后在路由器上实现端口转发 -
在利用LNMP添加SSL证书时,直接添加无法成功,一种解决的办法是,获取局域网公网ip,在路由器上将80端口转发到树莓派80端口(例如树莓派局域网ip为192.168.0.103),然后添加ssl证书 -
先在服务器上添加证书,然后下载到本地
0x01 frp安装及配置
-
frp官网地址:https://github.com/fatedier/frp/releases
-
服务器上不需要安装LNMP环境
我的安装路径/opt/frps/frps_80/
以下是我的frps的配置
由于我是在树莓派上安装的,因此frpc选择的是ARM版本,根据相应环境选择相对应版本。
我的安装路径/opt/frpc/frpc_80/
以下是我的frps的配置
注意:
-
由于本地多个域名共用一个80端口和443端口,nginx通过http 请求中的 host 字段来确定是哪个网站,因此需要加上
host_header_rewrite
,而custom_domains
是必须的。
0x02 frp自启动
-
服务器系统为CentOS
-
树莓派系统为Debian
其中frps
的内容为
保存并设置为开机自启
frpc实现开机自启
其中frpc
的内容为
保存并设置为开机自启
0x03 设置301重定向
-
将域名解析到服务器公网ip
-
通过域名能够访问http和https
我的nginx配置路径为:/usr/local/nginx/conf/vhost/pan.conimi.com.conf
其中配置为:
<span><span>server</span></span><span><span>server</span></span>server<span> {</span><span> {</span>{<span> <span>listen</span> <span>80</span>;</span><span> <span>listen</span> <span>80</span>;</span>listen 80;<span> <span>listen</span> [::]:<span>80</span>;</span><span> <span>listen</span> [::]:<span>80</span>;</span>listen [::]:80;<span> <span>server_name</span> pan.conimi.com ;</span><span> <span>server_name</span> pan.conimi.com ;</span>server_name pan.conimi.com ;<span> <span>return</span> <span>301</span> https://pan.conimi.com<span>$request_uri</span>;</span><span> <span>return</span> <span>301</span> https://pan.conimi.com<span>$request_uri</span>;</span>return 301 https://pan.conimi.com$request_uri;<span> }</span><span> }</span>}<span><br></span><span><br></span>server<span> {</span><span> {</span>{<span> <span>listen</span> <span>443</span> ssl http2;</span><span> <span>listen</span> <span>443</span> ssl http2;</span>listen 443 ssl http2;<span> <span>listen</span> [::]:<span>443</span> ssl http2;</span><span> <span>listen</span> [::]:<span>443</span> ssl http2;</span>listen [::]:443 ssl http2;<span> <span>server_name</span> pan.conimi.com ;</span><span> <span>server_name</span> pan.conimi.com ;</span>server_name pan.conimi.com ;<span> <span>index</span> index.html index.htm index.php default.html default.htm default.php;</span><span> <span>index</span> index.html index.htm index.php default.html default.htm default.php;</span>index index.html index.htm index.php default.html default.htm default.php;<span> <span>root</span> /home/wwwroot/pan.conimi.com;</span><span> <span>root</span> /home/wwwroot/pan.conimi.com;</span>root /home/wwwroot/pan.conimi.com;<span> <span>ssl</span> <span>on</span>;</span><span> <span>ssl</span> <span>on</span>;</span>ssl on;<span> <span>ssl_certificate</span> /usr/local/nginx/conf/ssl/pan.conimi.com/fullchain.cer;</span><span> <span>ssl_certificate</span> /usr/local/nginx/conf/ssl/pan.conimi.com/fullchain.cer;</span>ssl_certificate /usr/local/nginx/conf/ssl/pan.conimi.com/fullchain.cer;<span> <span>ssl_certificate_key</span> /usr/local/nginx/conf/ssl/pan.conimi.com/pan.conimi.com.key;</span><span> <span>ssl_certificate_key</span> /usr/local/nginx/conf/ssl/pan.conimi.com/pan.conimi.com.key;</span>ssl_certificate_key /usr/local/nginx/conf/ssl/pan.conimi.com/pan.conimi.com.key;<span> <span>ssl_session_timeout</span> <span>5m</span>;</span><span> <span>ssl_session_timeout</span> <span>5m</span>;</span>ssl_session_timeout 5m;<span> <span>ssl_protocols</span> TLSv1 TLSv1.<span>1</span> TLSv1.<span>2</span>;</span><span> <span>ssl_protocols</span> TLSv1 TLSv1.<span>1</span> TLSv1.<span>2</span>;</span>ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<span> <span>ssl_prefer_server_ciphers</span> <span>on</span>;</span><span> <span>ssl_prefer_server_ciphers</span> <span>on</span>;</span>ssl_prefer_server_ciphers on;<span> <span>ssl_ciphers</span> <span>"EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"</span>;</span><span> <span>ssl_ciphers</span> <span>"EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"</span>;</span>ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";<span> <span>ssl_session_cache</span> builtin:<span>1000</span> shared:SSL:<span>10m</span>;</span><span> <span>ssl_session_cache</span> builtin:<span>1000</span> shared:SSL:<span>10m</span>;</span>ssl_session_cache builtin:1000 shared:SSL:10m;<span> <span>ssl_dhparam</span> /usr/local/nginx/conf/ssl/dhparam.pem;</span><span> <span>ssl_dhparam</span> /usr/local/nginx/conf/ssl/dhparam.pem;</span>ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;<span><br></span><span><br></span>include enable-php-pathinfo.conf;<span><br></span><span><br></span>location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$<span> {</span><span> {</span>{<span> <span>expires</span> <span>30d</span>;</span><span> <span>expires</span> <span>30d</span>;</span>expires 30d;<span> }</span><span> }</span>}<span><br></span><span><br></span>location ~ .*\.(js|css)?$<span> {</span><span> {</span>{<span> <span>expires</span> <span>12h</span>;</span><span> <span>expires</span> <span>12h</span>;</span>expires 12h;<span> }</span><span> }</span>}<span><br></span><span><br></span><span> <span>location</span> <span>~ /.well-known</span> {</span>location ~ /.well-known {<span> <span>allow</span> all;</span><span> <span>allow</span> all;</span>allow all;<span> }</span><span> }</span>}<span><br></span><span><br></span>location ~ /\.<span> {</span><span> {</span>{<span> <span>deny</span> all;</span><span> <span>deny</span> all;</span>deny all;<span> }</span><span> }</span>}<span><br></span><span><br></span>access_log off;<span> }</span><span> }</span>}
原文链接:https://www.modb.pro/db/198508
© 版权声明
声明📢本站内容均来自互联网,归原创作者所有,如有侵权必删除。
本站文章皆由CC-4.0协议发布,如无来源则为原创,转载请注明出处。
THE END
