公网:
- vps,环境为 debian8 + nginx1.6.2,域名 abc.xyz 指向 vps 的 ip:x.x.x.x
- frps,0.21.0,设置
vhost_http_port = 8080
vhost_https_port = 8081
subdomain_host = abc.xyz
- certbot 已签发 le 证书给 abc.xyz
- nginx 设置转发
server {
listen 443;
server_name abc.xyz;
charset utf-8;
ssl_certificate /etc/letsencrypt/live/abc.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/abc.xyz/privkey.pem;
location / {
proxy_ssl_server_name on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://$host:8081;
}
}
内网:
- 路由器安装 padavan(ip:192.168.12.1),启用 frpc,设置为
[common]
server_addr = x.x.x.x
server_port = 7000
token = xxxx
[server]
type = https
local_ip = 192.168.12.10
local_port = 443
custom_domains = abc.xyz
remote_port = 8081
- 内网主机(ip:192.168.12.10)安装 debian9 + apache2 + php7.2
- 内网主机上用 acme.sh 签发了证书给 abc.xyz
- 内网主机上修改 /etc/apache2/ports.conf,启用 443 端口;修改 /etc/apache2/sites-available/default-ssl.conf
SSLEngine on
SSLCertificateFile /root/.acme.sh/abc.xyz/abc.xyz.cer
SSLCertificateKeyFile /root/.acme.sh/abc.xyz/abc.xyz.key
SSLCertificateChainFile /root/.acme.sh/abc.xyz/fullchain.cer
现在的问题是:
- 按照前面 nginx 的配置,在 vps 上重启 service nginx restart,报错 Job for nginx.service failed. See 'systemctl status nginx.service' and 'journalctl -xn' for details.
- 删除 nginx 配置中的“ proxy_ssl_server_name on;”_这一行,重启 nginx 不报错,但是浏览器打开 https://abc.xyz ,报 502 Bad Gateway ;
- 访问 http://abc.xyz:8081,报 ERR_EMPTY_RESPONSE
- 访问 https://abc.xyz:8081,报 ERR_SSL_PROTOCOL_ERROR _
- 若 nginx 设置 80 端口转发 http://abc.xyz:8080,内网 frpc 设置 http 和 80,打开 http://abc.xyz 正常