佬们,请教一个关于FRP内网穿透的配置

技术 | Technology
1

frp的配置官网说的挺明白的,但是我这边一直有个困惑,有懂行的大佬帮忙看看:


  • 1. 我使用的是0.58.1这个版本的frp,服务器用的是一台腾讯云的

  • 2. 我想要做nginx反向代理配置,我专门给frp解析了一个域名:frp.domain.com
  • 3. 我现在本地有一个http服务,我想重新解析一个域名:a.frp.domain.com
  • 4. 问题是我做了下面配置访问一直是502,不知道哪里出了问题
    如下是我的nginx配置: ``` server { server_name frp.domain.com; listen 80; listen [::]:80;

    https 配置不需要可以不配置

    #listen 443 ssl http2;
    #listen [::]:443 ssl http2;
    #ssl_certificate /root/.ssl/domain.com/fullchain.cer;
    #ssl_certificate_key /root/.ssl/domain.com/domain.com.key;

    https end

    location / {
    proxy_pass http://10.0.20.17:11001;
    }
    }
    server {
    server_name *.frp.domain.com;
    listen 80;
    listen [::]:80;

    https 配置不需要可以不配置

    #listen 443 ssl http2;
    #listen [::]:443 ssl http2;
    #ssl_certificate /root/.ssl/domain.com/fullchain.cer;
    #ssl_certificate_key /root/.ssl/domain.com/domain.com.key;

    https end

    location / {
    proxy_ssl_server_name off;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    # proxy_set_header Host $host:$server_port;
    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_pass http://10.0.20.17:11000;
    }
    }
    ```

    • 如下是我的frps.toml配置:

    ```toml bindPort = 11000 vhostHTTPPort = 11001 # 开启域名 subdomainHost = "frp.domain.com" # 授权码 auth.method = "token" auth.token = "xxx"

    去除访问限速

    #transport.tcpMux = false

    FRP 日志配置

    log.to = “/opt/frp_0.58.1_linux_amd64/logs/frps.log”
    log.level = “info”
    log.maxDays = 3
    ```

    frp客户端配置:

    ```json "auth": { "token": "xxx" }, "log": {}, "transport": {}, "proxies": [ { "type": "http", "name": "test", "transport": { "useCompression": true, "useEncryption": true }, "localPort": 5421, "customDomains": [], "subdomain": "a" } ], "serverAddr": "frp.domain.com", "serverPort": 11000, "start": [] ```

    上面配置访问a.frp.domain.com会报502,但是如果访问a.frp.domain.com:11001就可以正常访问。
    求帮忙看看

    2

    应该是本地服务器封了80端口,来自洪荒之尼古拉斯赵四的评论

    3

    @“zhiwenwang”#p50895 准确的说是运营商封的

    4

    你是说服务器的80端口吗?80端口没被封,我代理过好几个网站没问题

    5

    有点复杂,我的用的 frp 跟你的不一样…

    6

    @“sdaw”#p51175 确实复杂了,如果只是用ip+端口确实没问题,但是记不住啊,所以引进了域名

    7

    搞定了,直接使用三级域名可以访问

    修改一下nginx配置:


    ```
     server {
    server_name *.frp.domain.com;
    listen 80;
    listen [::]:80;

    https 配置不需要可以不配置

    #listen 443 ssl http2;
    #listen [::]:443 ssl http2;
    #ssl_certificate /root/.ssl/domain.com/fullchain.cer;
    #ssl_certificate_key /root/.ssl/domain.com/domain.com.key;

    https end

    location / {
    proxy_ssl_server_name off;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    # proxy_set_header Host $host:$server_port;
    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_pass http://10.0.20.17:11001;
    }
    }
    ```

    搞定后可以直接a.frp.domain.com / b.frp.domain.com / c.frp.domain.com去访问了
    舒服了

    8

    frp直接域名转发就可以了啊,还要nginx干啥呢?

    frp就能实现,通过a.frp.domain.com访问你本地的内网网站了啊。