2022-04-08-使用frp+nginx实现内网穿透

1. 应用场景

1. 公司网络中没有wifi公司不允许使用手机连接网络。
2. 需要在手机上测试小程序等内容。
3. 自己在内网搭建的网站，能够在公网访问。

2. 解决方案

1. 使用花生壳等实现内网穿透
2. frp+nginx实现内网穿透
3. 使用ssh实现内网穿透

2.1 组件和架构图

1. 组件：Nginx+FRP(内网穿透工具)

2. 流程说明

1、用户使用手机访问公网域名，域名通过Nginx转发到FRPS的进程内

server {
    listen 80;
    server_name www2.toposphere.com;
    location / {
      auth_basic "Please enter your account and password";
      auth_basic_user_file /etc/nginx/httpbasic/passwd;
      proxy_pass http://127.0.0.1:8080;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_hide_header X-Powered-By;
    }
  }

2、FRPS和FRPC实现内网穿透
外网：FRPS----在frps.ini的配置如下：

[common]
bind_port = 7000
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin
vhost_http_port = 8080

内网：FRPC—在frpc.ini的配置如下：

[common]
server_addr = 39.105.20.249
server_port = 7000

#[ssh]
#type = tcp
#local_ip = 127.0.0.1
#local_port = 22
#remote_port = 6000
[web1]
type=http
local_ip=192.168.8.48
local_port=8110
custom_domains=www2.toposphere.net
[web2]
type=http
local_ip=192.168.8.48
local_port=8389
custom_domains=account2.toposphere.net
[web3]
type=http
local_ip=192.168.1.33
local_port=8000
custom_domains=w22.toposphere.net

3、 配置内网Nginx，根据frpc的端口跳转到指定的域名

server {  
    listen 8110;  
    server_name www2.toposphere.net;  
      
    location / {  
                #index.html放在虚拟主机监听的根目录下  
        proxy_ssl_server_name on;
        proxy_pass   https://www.toposphere.net;
    }  
}

3. 主要问题点

3.1 Nginx实现http域名访问https域名(非同一个域名)

1. Nginx实现http域名访问https域名

server {  
    listen 8110;  
    server_name www2.toposphere.net;  
      
    location / {  
        # proxy_ssl_server_name 用于
        proxy_ssl_server_name on;
        proxy_pass   https://www.toposphere.net;
    }  
}

3.2 Nginx添加HTTP Basic认证

1. 生成密码

printf "YOUR_USERNAME:$(openssl passwd -crypt YOUR_PASSWD)\n" >> /etc/nginx/httpbasic/passwd

• 其中YOUR_USERNAME是你的用户名，YOUR_PASSWD是你的密码

2. Nginx添加HttpBasic认证

server {
    listen 80;
    server_name www.toposphere.net toposphere.net;
    location / {
      auth_basic "Please enter your account and password";
      auth_basic_user_file /etc/nginx/httpbasic/passwd;
      proxy_pass http://127.0.0.1:8080;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_hide_header X-Powered-By;
    }
  }

4. 参考文档

1. Nginx反向代理proxy_ssl_server_name的使用：https://blog.dianduidian.com/post/nginx%E5%8F%8D%E5%90%91%E4%BB%A3%E7%90%86%E5%BD%93%E5%90%8E%E7%AB%AF%E4%B8%BAhttps%E6%97%B6%E7%9A%84%E4%B8%80%E4%BA%9B%E7%BB%86%E8%8A%82%E5%92%8C%E5%8E%9F%E7%90%86/
2. Nginx中autoindex on的使用：https://blog.csdn.net/xiaoja_save/article/details/100090149
3. Nginx添加Basic认证：https://nohup.net/?id=204
4. FRP内网穿透：https://blog.csdn.net/weixin_43681778/article/details/116204099
5. FRP官网：https://gofrp.org/docs/reference/client-configures/
6. ssh反向代理实现内网穿透：https://winterant.blog.csdn.net/article/details/116048685
7. 一篇文章学习go语言：https://winterant.blog.csdn.net/article/details/122503351?spm=1001.2014.3001.5502
8. DNS解析中的A记录，AAAA记录等：https://www.cnblogs.com/bluestorm/p/10345334.html