添加acme,frps和nginx项目

2020-05-19 22:44:58 +08:00
parent 71a107eeed
commit 4ddd5f14a2
15 changed files with 411 additions and 0 deletions
--- a/frps/README.md
+++ b/frps/README.md
@@ -0,0 +1,15 @@
+## 前期准备
+
+1. 用acme搞定泛域名ca证书。参看acme项目。
+2. 部署nginx docker。参看nginx项目。
+3. 根据nginx docker的网络设置，对应确定自己的docker-compose.yml文件中的对应内容设置正确。其中包括：
+   - 	nginx所在的网络名称。配置到自己的docker-compose.yml文件中的网络定义中的external->name中去。
+   - 根据网络定义，设定自己的固定ip。
+   - 复制conf.d下的文件到nginx配置目录下的conf.d下。
+   - 确保刚复制的文件配置正确。如其中证书所在路径应符合之前acme复制证书时的目标目录。
+
+## 安装
+
+执行docker-compose up -d
+
+并验证是否成功。
--- a/frps/conf.d/frps.conf
+++ b/frps/conf.d/frps.conf
@@ -0,0 +1,35 @@
+server {
+    listen 80;
+    server_name *.dev.woyue.org;
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name *.dev.woyue.org;
+    server_tokens off;
+
+    ssl_certificate /etc/letsencrypt/live/dev.woyue.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/dev.woyue.org/privkey.pem;
+    #include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    location / {
+        #ip address below should changed accordingly.
+        proxy_pass http://172.20.0.3:8090;
+        proxy_set_header    Host                $http_host;
+        proxy_set_header    X-Real-IP           $remote_addr;
+        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_set_header    Upgrade             $http_upgrade;
+        proxy_set_header    Connection          $http_connection;
+    }
+}
--- a/frps/frps.projitems
+++ b/frps/frps.projitems
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
+    <HasSharedItems>true</HasSharedItems>
+    <SharedGUID>267af5a6-ed6b-46c9-bc52-46988686265a</SharedGUID>
+  </PropertyGroup>
+  <PropertyGroup Label="Configuration">
+    <Import_RootNamespace>frps</Import_RootNamespace>
+  </PropertyGroup>
+  <ItemGroup>
+    <None Include="$(MSBuildThisFileDirectory)conf.d\frps.conf" />
+    <None Include="$(MSBuildThisFileDirectory)frps\conf\frps.ini" />
+    <None Include="$(MSBuildThisFileDirectory)frps\docker-compose.yml" />
+    <None Include="$(MSBuildThisFileDirectory)README.md" />
+  </ItemGroup>
+</Project>
--- a/frps/frps.shproj
+++ b/frps/frps.shproj
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>267af5a6-ed6b-46c9-bc52-46988686265a</ProjectGuid>
+    <MinimumVisualStudioVersion>14.0</MinimumVisualStudioVersion>
+  </PropertyGroup>
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)\CodeSharing\Microsoft.CodeSharing.Common.Default.props" />
+  <Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)\CodeSharing\Microsoft.CodeSharing.Common.props" />
+  <PropertyGroup />
+  <Import Project="frps.projitems" Label="Shared" />
+  <Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)\CodeSharing\Microsoft.CodeSharing.CSharp.targets" />
+</Project>
--- a/frps/frps/conf/frps.ini
+++ b/frps/frps/conf/frps.ini
@@ -0,0 +1,67 @@
+# [common] is integral section
+[common]
+# A literal address or host name for IPv6 must be enclosed
+# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
+bind_addr = 0.0.0.0
+bind_port = 7000
+
+# udp port to help make udp hole to penetrate nat
+bind_udp_port = 7001
+
+# udp port used for kcp protocol, it can be same with 'bind_port'
+# if not set, kcp is disabled in frps
+kcp_bind_port = 7000
+
+# specify which address proxy will listen for, default value is same with bind_addr
+# proxy_bind_addr = 127.0.0.1
+
+# if you want to support virtual host, you must set the http port for listening (optional)
+# Note: http port and https port can be same with bind_port
+vhost_http_port = 8090
+vhost_https_port = 8443
+
+# response header timeout(seconds) for vhost http server, default is 60s
+# vhost_http_timeout = 60
+
+# set dashboard_addr and dashboard_port to view dashboard of frps
+# dashboard_addr's default value is same with bind_addr
+# dashboard is available only if dashboard_port is set
+dashboard_addr = 0.0.0.0
+dashboard_port = 7500
+
+# dashboard user and passwd for basic auth protect, if not set, both default value is admin
+dashboard_user = hmo
+dashboard_pwd = Dm19000o
+
+# dashboard assets directory(only for debug mode)
+# assets_dir = ./static
+# console or real logFile path like ./frps.log
+log_file = ./frps.log
+
+# trace, debug, info, warn, error
+log_level = info
+
+log_max_days = 3
+
+# auth token
+token = 83550348
+
+# heartbeat configure, it's not recommended to modify the default value
+# the default value of heartbeat_timeout is 90
+# heartbeat_timeout = 90
+
+# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
+allow_ports = 43000-43010
+
+# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
+max_pool_count = 5
+
+# max ports can be used for each client, default value is 0 means no limit
+max_ports_per_client = 0
+
+# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
+# when subdomain is test, the host used by routing is test.frps.com
+subdomain_host = dev.woyue.org
+
+# if tcp stream multiplexing is used, default is true
+tcp_mux = true
--- a/frps/frps/docker-compose.yml
+++ b/frps/frps/docker-compose.yml
@@ -0,0 +1,25 @@
+
+version: "3.5"
+
+networks:
+  default:
+    external:
+      name: nginx_firstnet
+
+services:
+  server:
+    image: "ruiny/frps:latest"
+    restart: always
+    networks:
+      default:
+        ipv4_address: 172.20.0.3
+    volumes:
+      - ./conf:/var/frp/conf
+    ports:
+      - "7000:7000"
+      - "7500:7500"
+      - "7001:7001"
+      - "8089:80"
+      - "8443:43"
+      - "43000-43010:43000-43010/udp"
+      - "43000-43010:43000-43010/tcp"