使用docker部署 nginx+frp实现内网穿透

前言

内网穿透有时候开发的时候会遇到,需要很多的开发上的调试,但是公司电脑又不是公网IP,这时候frp就用上的。

内网穿透对比

  • frp(个人觉得挺好用的,开源免费,还有人维护)
  • ngrok(开源免费,好像没怎么维护了)
  • 花生壳(要钱,新手必备)

我就介绍这几个,其余内网穿透工具不列出来了。

安装docker

#!/bin/bash

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io
yum install -y docker-ce-20.10.6 docker-ce-cli-20.10.6 containerd.io
systemctl start docker
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

我直接把安装docker和docker-compose的安装脚本列出来了

github下载可能会失败(建议先下载下来然后上传)

# 检测docker安装
docker version
docker ps
docker-compose version
# 确认没问题后继续下一步

编写docker-compose.yml

为什么要使用docker-compose.yml,因为用到了nginx进行反向代理,所以我建议用

我直接贴代码了。

nginx(我用最新版本)

frps(我用0.38.0)

vhost_http_port、vhost_https_port端口不用映射

因为我们建立了一个网络,nginx和frps都是在同一个网络下

version: '3'

networks:
  smnetwork:
    ipam:
      config:
        - subnet: 172.19.0.0/16
          gateway: 172.19.0.1

services:
  nginx:
    # 容器名
    container_name: nginx
    # 镜像
    image: nginx:latest
    # 重启策略
    restart: always
    # 设置网络
    networks:
      smnetwork:
        ipv4_address: 172.19.0.2
    # 文件夹卷映射
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
    #  - ./nginx/cert:/etc/nginx/cert:ro #(可选:主要是为了映射证书,实现ssl)
    # 环境变量
    environment:
      # 设置环境变量 时区上海 编码UTF-8
      TZ: Asia/Shanghai
      LANG: zh_CN.UTF-8
    # 端口映射
    ports:
      # - "22:22" #(可选:如果你本地服务里面有gitlab或者gogs可以考虑使用22端口,根据自己使用情况)
      - "80:80"
      - "443:443"
  frps:
    # 容器名
    container_name: frps
    # 镜像 客户端也要用一样的
    image: snowdreamtech/frps:0.38.0
    # 重启策略
    restart: always
    # 设置网络
    networks:
      smnetwork:
        ipv4_address: 172.19.0.3
    # 文件夹卷映射
    volumes:
      - ./frps.ini:/etc/frp/frps.ini:ro
      - ./page:/page:ro
    # 环境变量
    environment:
      # 设置环境变量 时区上海 编码UTF-8
      TZ: Asia/Shanghai
      LANG: zh_CN.UTF-8
    # 端口映射
    ports:
      - "7000:7000" # bind_port = 7000
      - "7001:7001" # bind_udp_port = 7000

编写nginx配置

worker_processes  1;

events {
    use epoll;
    worker_connections 51200;
    multi_accept on;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    server_names_hash_bucket_size 512;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;

    sendfile   on;
    tcp_nopush on;
    keepalive_timeout 60;
    tcp_nodelay on;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
    gzip_vary on;
    gzip_proxied   expired no-cache no-store private auth;
    gzip_disable   "MSIE [1-6]\.";

    limit_conn_zone $binary_remote_addr zone=perip:10m;
    limit_conn_zone $server_name zone=perserver:10m;

    server_tokens off;
    access_log off;

    server {
        listen       80;
        server_name  *.frp.smalls0098.com;

        client_body_timeout 10s;
        client_header_timeout 10s;

        location / {
            proxy_pass  http://frps:7080;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_max_temp_file_size 0;
            proxy_redirect off;
            proxy_read_timeout 240s;
        }
    }

    server {
        listen       80;
        server_name  smalls0098.com;
        return 301 https://$host$request_uri;
    }

    server {
        listen       443 ssl;
        server_name  www.smalls0098.com;

        client_body_timeout 10s;
        client_header_timeout 10s;
        # 如果添加证书需要把证书文件映射到nginx容器
        ssl_certificate cert/smalls0098.com.pem;
        ssl_certificate_key cert/smalls0098.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        client_max_body_size 1024m;

        location / {
            proxy_pass  http://frps:7080;
            proxy_set_header HOST $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
}


stream {
    upstream git {
        hash $remote_addr consistent;
        server frps:7050 max_fails=3 fail_timeout=10s;
    }
    server {
        listen 22;
        proxy_pass git;
        proxy_connect_timeout 600s;
        proxy_timeout 600s;
    }
}

编写frps服务端 frps.ini配置

[common]
bind_addr = 0.0.0.0
bind_port = 7000
bind_udp_port = 7001
vhost_http_port = 7080
vhost_https_port = 7433
# 两个通信的密钥
auto_token = smalls
privilege_token = smalls
# 仪表盘,看一些数据
dashboard_addr = 0.0.0.0
dashboard_port = 7200
dashboard_user = smalls
dashboard_pwd = smalls
# 开启普罗米修斯
enable_prometheus = true
detailed_errors_to_client = false
# custom_404_page = /page/404.html (可选:自定义404页面)

编写restart.sh

docker-compose stop && docker-compose rm -f && docker-compose up -d

编写frpc客户端 frpc.ini配置

[common]
# 这里可以是frps所在的服务器ip,也可以是某一个域名解析到服务器ip
# 我建议用域名,下面参数不多说了
server_addr =frp.smalls0098.com
server_port = 7000
auto_token = smalls
privilege_token = smalls
# 热更新,热重载相关的
admin_addr = 0.0.0.0
admin_port = 7300
admin_user = smalls
admin_pwd = smalls

# http 比较友好,不需要映射端口
[demo]
type = http
local_ip = 127.0.0.1
local_port = 8080
custom_domains = demo.frp.smalls0098.com

# tcp 需要映射端口
[redis]
type = tcp
local_ip = 127.0.0.1
local_port = 6379
remote_port = 7022

404页面 不是必须的

<!DOCTYPE html>
<html>
<head>
    <title>Not Found</title>
    <style>
        body {
            width: 35em;
            margin: 0 auto;
            font-family: Tahoma, Verdana, Arial, sans-serif;
        }
    </style>
</head>
<body>
<h1>The page you requested was not found.</h1>
<p>Sorry, the page you are looking for is currently unavailable.<br/>
    Please try again later.</p>
</body>
</html>

说点什么
支持Markdown语法
一个能打的评论都没有,要不我留一条试试?
Loading...