本文介绍如何使用nginx、frp及let'sencrypt实现内网穿透,包括服务器环境搭建、证书申请及配置等步骤。
附录一 nginx + frp + let's encrypt 搭建内网穿透环境
搭建 frp
frp项目地址:https://github.com/fatedier/frp
frp地址:https://gofrp.org/
- 下载项目到本地并且上传到服务器
需要一个云服务器,这里买了一个腾讯云,由于我的腾讯云下载特别慢所以我下载后再上传
- 安装 frp
# 安装 lrzsz
sudo yum install -y lrzsz
# 上传文件
rz
# 解压在 /opt目录下
tar xzvf frp_0.34.3_linux_amd64.tar.gz
# 重命名
mv frp_0.34.3_linux_amd64/ frp
- 设置frp 开机启动(客户端类似)
# 创建启动文件
sudo vim /etc/systemd/system/frps.service
# 编辑文件内容并保存
# ------文件内容开始-----
[Unit]
Description=jingwei-cloud frp service
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=simple
ExecStart=/opt/frp/frps -c /opt/frp/frps.ini
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
StandardOutput=syslog
StandardError=inherit
[Install]
WantedBy=multi-user.target
# 文件内容结束
#刷新服务列表:
systemctl daemon-reload
#设置开机自启
systemctl enable frps
#关闭开机自启
systemctl disable frps
#启动服务
systemctl start frps
#停止服务
systemctl stop frps
#查看服务状态
systemctl status frps
nginx 安装
# 安装工具
sudo yum install yum-utils
# 新增文件
sudo vim /etc/yum.repos.d/nginx.repo
# -------文件内容----------
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
# -----------文件内容-------------
# 需要使用最新的nginx 执行下面命令
sudo yum-config-manager --enable nginx-mainline
# 安装 nginx
sudo yum install nginx
let’s encrypt 安装
参考链接:https://www.cnblogs.com/wzlinux/p/11188454.html
安装链接:https://certbot.eff.org/
参考链接:https://www.jianshu.com/p/122894787128
# 安装snap
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf upgrade
sudo yum install snapd
# 开机启动
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
# 确保最新snap
sudo snap install core; sudo snap refresh core
# 卸载之前安装过的
sudo yum remove certbot
# 安装 certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
# 生成证书(需要生成 泛域名证书)
sudo certbot certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --preferred-challenges dns -d *.jingwei-cloud.top
配置证书
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/jingwei-cloud.top/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jingwei-cloud.top/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
proxy_pass http://127.0.0.1:7500;
proxy_set_header Host $host:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Powered-By;
# try_files $uri $uri/ =404;
}
}
错误处理
- 证书错误
# 下载插件
wget https://raw.githubusercontent.com/al-one/certbot-auth-dnspod/master/certbot-auth-dnspod.sh
chmod +x certbot-auth-dnspod.sh
# 配置 token
echo "your dnspod token" > /etc/dnspod_token
# 自动更新证书
# 更新脚本可以放在以下几个地方 /etc/crontab/ /etc/cron.*/* systemctl list-timers
# 新增 certbot.sh
vim /etc/cron.dalay/certbot.sh
# 内容
#!/bin/sh
certbot renew --manual-auth-hook /path/to/certbot-auth-dnspod.sh --post-hook "systemctl reload nginx"
根据上面配置自己搭建的博客系统
自己博客地址: https://blog.wuwei-j.top
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
