frp穿透和ssl續期 · 萬能Web開發文檔筆記

# frp穿透和ssl續期 ## frp配置http和https,支持在通過域名訪問本地服務,是開發小程序,app,公眾號必備,能節省上傳到服務器時間 - 準備工作阿里云服務器一臺,環境是centos或debian,已安裝php環境,比如寶塔 nginx端口默認用了80,https默認是443 已備案頂級域名一個,已解析二級域名如: api.shanliwawa.top 假如服務器公網IP 9.9.9.9 本地客戶端win10系統,運行php環境,端口80,服務器Apache+php,注意nginx會出錯解析不了. - 下載frp 官方 <https://github.com/fatedier/frp/releases> ,下載很慢,可以用wget命令從阿里云下載然后傳回本地,速度超快,我下載的百度云鏈接：<https://pan.baidu.com/s/1y93ICGadhURKkT0Mz4vX3A> 提取碼：a1dv 服務器端選擇 64位linux frp\_0.33.0\_linux\_amd64.tar.gz 客戶端選windows64位 frp\_0.33.0\_windows\_amd64.zip - 服務器服務器端只需要兩個文件frps和frps.ini 解壓到根目錄下 frp文件夾通過cd進入frp,進入目錄執行,注意權限改為777 進入目錄 `cd /frp` 啟動命令 `nohup ./frps -c ./frps.ini &` **服務器端管理地址 <http://9.9.9.9:7500> 默認賬號密碼admin** frps.ini 配置如下,4443是通信端口,客戶端也必須相同,8081是服務器端口,因為80被nginx占用了,我們要用服務器端nginx反向代理,代理配置如下 ``` <pre class="calibre14">``` [common] #通信端口 bind_port = 4443 #http vhost_http_port = 8081 #https vhost_https_port = 8082 #泛解析,可以解析 *.api.shanliwawa.top subdomain_host =api.shanliwawa.top #服務器面板配置賬號密碼 dashboard_port = 7500 dashboard_user = admin dashboard_pwd = admin ``` ``` - nginx配置,反向代理配置,同一個服務器可以代理https和http只需要加兩個server即可 ``` <pre class="calibre14">``` server { listen 80; server_name *.api.shanliwawa.top; location / { proxy_pass http://127.0.0.1:8081; proxy_set_header Host $host:80; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_hide_header X-Powered-By; } } server { listen 443 ssl http2; server_name we7.api.shanliwawa.top; if ($server_port !~ 443){ rewrite ^(/.*)$ https://$host$1 permanent; } ssl_certificate /www/server/panel/vhost/cert/api.shanliwawa.top/fullchain.pem; ssl_certificate_key /www/server/panel/vhost/cert/api.shanliwawa.top/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; error_page 497 https://$host$request_uri; location / { proxy_ssl_server_name on; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_pass https://we7.api.shanliwawa.top:8082; } } ``` ``` - 客戶端配置解壓到D盤frp下,通過cd 進入到frp,只需要frpc和frpc.ini,配置如下,9.9.9.9是我的阿里云IP,4443和上邊對應,啟動命令: frpc -c frpc.ini 軟件不能關閉,關閉就不能訪問了 **客戶端管理地址 <http://127.0.0.1:7400> 賬號密碼admin** ``` <pre class="calibre14">``` [common] server_addr = 9.9.9.9 server_port = 4443 #adminUI admin_addr = 127.0.0.1 admin_port = 7400 admin_user = admin admin_pwd = admin [web1] type = http local_ip = 127.0.0.1 local_port = 80 subdomain = home [web2] type = https local_ip = 127.0.0.1 local_port = 443 subdomain =we7 ``` ``` - 啟動vbs腳本 ``` <pre class="calibre14">``` dim objShell set objShell=wscript.createObject("WScript.Shell") msgbox "啟動frpc.exe進程成功" iReturnCode=objShell.Run("C:\app\frp\frpc.exe -c C:\app\frp\frpc.ini",0,TRUE) ``` ``` - 關閉vbs腳本 ``` <pre class="calibre14">``` CreateObject("WScript.Shell").Run "taskkill /f /im frpc.exe", 0 msgbox "關閉frpc.exe進程成功" ``` ``` ## ssl配置 1. 登錄 <https://www.sslforfree.com>,點擊續期,中間一個,下載驗證文件,放到本地,然后通過http方式訪問; 2. 此時需要關閉本地服務器強制SSL,以及轉發服務器配置文件第一個; 3. 剪切掉,然后保存,驗證文件,然后下載得到三個文件; 4. 將ca\_bundle.crt復制到certificate.crt,得到兩個證書;然后放到本地apache服務器; 5. 最后還需要將兩個證書,部署到寶塔服務器ssl,主要是修改服務器配置文件,參考上邊配置;