家里买了一台Nas,并且开通了动态公网IP,但是80端口和443端口都是被封禁的。
所以访问Nas上的服务总是需要带上端口号。
我们可以使用域名解析的隐性Url转发隐藏端口号,也可以购买一台云服务器自己做类似的隐性Url转发。这样访问群晖服务就可以不带端口号,并且带宽不会受云服务器带宽限制。
最终效果:访问 blog.vvhz.com 即可访问部署在本地Nas上的halo博客服务。带宽为本地的光纤上传带宽50M。
前提:
1.群晖+动态公网ip
2.一台云服务器最低配置即可
3.域名+DDNS
访问流程:
blog.vvhz.com 解析到云服务器nginx,nginx做一层转发,转发到群晖的 ddns.vvhz.com:8089上,这样可以去掉群晖的端口号。
需要用frameset做页面嵌套,否则会占用公网的带宽。
server { listen 80; # 监听80端口 server_name blog.vvhz.com; # 自己的域名 #把http的域名请求转成https return 301 https://$host$request_uri; } server { listen 443 ssl; server_name blog.vvhz.com; client_max_body_size 100m; ssl_certificate /home/soft/nginx/cert/vvhz.com/vvhz.com_bundle.crt; ssl_certificate_key /home/soft/nginx/cert/vvhz.com/vvhz.com.key; location / { root /home/soft/nginx/web/blog; index index.html; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /admin { root /home/soft/nginx/web/blog; index admin.html; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } <html lang="zh_CN"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2"> <title>日志</title> <link rel="icon" href="favicon.ico" type ="image/x-icon"> </head> <frameset rows="100%"> <frame src="https://ddns.vvhz.com:8089/journals"></frame> </frameset> </html> ddns.vvhz.com使用花生壳ddns解析到群晖的ip上。
群晖使用docker启动centos镜像。
centos镜像中安装nginx,启动halo服务端。
安装nginx监听8089端口,并配置ssl证书,然后转发到halo的8089端口上。
server { listen 8089 ssl; listen 5554; client_max_body_size 100m; server_name blog.vvhz.com; ssl_certificate /home/soft/nginx/cert/vvhz.com/vvhz.com_bundle.crt; ssl_certificate_key /home/soft/nginx/cert/vvhz.com/vvhz.com.key; location / { proxy_set_header HOST $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.31.90:8090/; # 这里改为自己服务器ip } } 整个流程使用同一个一级域名,然后申请一个泛域名的ssl证书,*.vvhz.com。
网上有免费申请泛域名SSL证书的教程。
原文链接:https://blog.csdn.net/huangzhen__/article/details/128410274?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522168466843816800197047861%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=168466843816800197047861&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~times_rank-6-128410274-null-null.blog_rank_default&utm_term=NAS%E3%80%81%E7%BE%A4%E6%99%96%E3%80%81%E9%98%BF%E9%87%8C%E4%BA%91%E3%80%81%E5%9F%9F%E5%90%8D%E8%A7%A3%E6%9E%90%E3%80%81%E5%86%85%E7%BD%91%E7%A9%BF%E9%80%8F%E3%80%81ipv6%E3%80%81ddns%E3%80%81%E8%BD%BB%E9%87%8F%E7%BA%A7%E4%BA%91%E6%9C%8D%E5%8A%A1%E5%99%A8%E3%80%81%E9%93%81%E5%A8%81%E9%A9%AC%E3%80%81%E5%A8%81%E8%81%94%E9%80%9A%E3%80%81DSM%E3%80%81DSM6.0%E3%80%81%E7%BE%A4%E6%99%96nas%E3%80%81%E4%BA%91%E6%9C%8D%E5%8A%A1%E5%99%A8%E3%80%81%E8%9C%97%E7%89%9B%E6%98%9F%E9%99%85%E3%80%81%E9%BB%91%E7%BE%A4%E6%99%96%E3%80%81docker%E3%80%81%E5%AE%B9%E5%99%A8%E9%95%9C%E5%83%8F%E3%80%81%E5%9F%9F%E5%90%8D%E6%B3%A8%E5%86%8C%E3%80%81%E5%AE%9D%E5%A1%94%E3%80%81%E5%8F%8D%E5%90%91%E4%BB%A3%E7%90%86%E3%80%81nginx%E3%80%81frp%E3%80%81%E5%8A%A8%E6%80%81%E5%9F%9F%E5%90%8D%E8%A7%A3%E6%9E%90
