Docker部署Frp、Frp服务端和客户端配置文件toml以及与nginx共用80和443端口
Docker部署frp,需要先在映射文件夹中建立好配置文件
服务端frps
docker run --restart=always --network host -d -v /opt/dockerdata/frp/frps.toml:/etc/frp/frps.toml --name frps snowdreamtech/frps客户端frpc
docker run --restart=always --network host -d -v /opt/dockerdata/frp/frpc.toml:/etc/frp/frpc.toml --name frpc snowdreamtech/frpcfrps.toml
# 代理映射的端口,与客户端 serverPort = 7000一致
bindPort = 7000
# quic模式映射,就是http3的映射,不过因为目前不能获取真实IP,客户端没有配置,这里只是加上而已
#quicBindPort = 7000
# 服务端http的端口
vhostHTTPPort = 880
#服务端https的端口
vhostHTTPSPort = 8443
# 授权方式,与客户端要一致
auth.method = "token"
auth.token = "xxxxxx"
# 配置 Web 服务器以启用 frps 的仪表板,可以看到连接状态
webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"
# 配置主域名,frpc端可以用subdomain配置自定义二级域名,不用配置customDomains
#subdomainHost = "xxx.com"
# 自定义404页面
#custom404Page = "./404.html"
# 服务端日志,保存三天,文件名frps.log
#log.to = "./frps.log"
#log.level = "info"
#log.maxDays = 3frpc.toml
# 服务器的公网或域名
serverAddr = "xx.xx.xx.xx"
# 服务端通信端口,与frps.toml一致
serverPort = 7000
# 令牌,与frps.toml一致
auth.token = "xxxxxx"
# 连接服务端的超时时间(秒,增大时间避免frpc在网络未就绪的情况下启动失败)
transport.dialServerTimeout = 60
# 第一次登陆失败后是否退出(true为退出,false为不退出,继续连接)
loginFailExit = false
[[proxies]]
# 自定义名称
name = "xxx"
# 服务类型(http、https、tcp等)
type = "http"
# 本地服务端口
localPort = 5000
# 服务需要绑定的域名
customDomains = ["xx.com"]
# 如果frps配置的有subdomainHost,可以直接配置二级域名,与customDomains二选一
#subdomain = "xx"
[[proxies]]
# 自定义名称
name = "ssh"
# 服务类型(http、https、tcp等)
type = "tcp"
# 本地服务端口
localPort = 22
# 服务器的转发端口,例如1022
remotePort = 1022
# 服务需要绑定的域名
customDomains = ["xx.com"]
# 如果frps配置的有subdomainHost,可以直接配置二级域名,与customDomains二选一
#subdomain = "xx"配置Nginx和frps共用80和443端口
frps和Nginx都要同时使用端口80/443,会产生冲突而导致frps不能正常使用的,因为Nginx已提前接管80/443端口,frps是无法正确工作的。
1、修改frps.toml文件,修改vhost_http_port和vhost_https_port为非80和443端口,比如修改为880和8443
2、查看nginx配置文件nginx.conf中加载的其他*.conf文件路径,例如配置文件中显示的是include /usr/local/nginx/conf/conf.d/*.conf,那么在conf.d文件夹下创建frps.conf文件,注意把xxx.com改为自己frp要用的域名,端口改为上一步设置的vhost_http_port端口880,配置内容如下:
server {
listen 80;
server_name *.xxx.com;
# return 301 https://$host$request_uri;
location / {
proxy_pass http://127.0.0.1:880;
proxy_redirect http://$host/ http://$http_host/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
listen 443 ssl http2;
server_name *.xxx.com;
# ssl_certificate /www/server/panel/vhost/cert/yourdomain.crt;
# ssl_certificate_key /www/server/panel/vhost/cert/yourdomain.key;
client_max_body_size 0m;
client_body_buffer_size 256k;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
location / {
proxy_pass http://127.0.0.1:880;
proxy_redirect https://$host/ https://$http_host/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
proxy_set_header Host $host;
}
}如果只接受https加密方式访问,配置内容如下:
server {
listen 80;
server_name *.xxx.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name *.xxx.com;
ssl_certificate /usr/local/nginx/conf/ssl/urdomain.com/fullchain.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/urdomain.com/urdomain.com.key;
client_max_body_size 50m;
client_body_buffer_size 256k;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
location / {
proxy_pass http://127.0.0.1:880;
proxy_redirect off;
proxy_set_header Host $host:80;
proxy_ssl_server_name on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}配置完后重启nginx即可,如果frps.conf未被加载,可以在nginx配置文件nginx.conf中加入frps.conf路径,配置如下:
include /usr/local/nginx/conf/conf.d/*.conf;
include /frps所在路径/frps.conf;重启nginx和frps服务端