2021年9月

Nginx settings:

/etc/nginx/sites-available/domain.name.com

include        /etc/nginx/proxy.conf;
limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s;
server_tokens  off;

upstream corshapi {
        server localhost:5001;
}

add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;


limit_req  zone=one burst=10 nodelay;

location /api {
        proxy_pass         http://localhost:5001;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
}

Reference

  1. Publishing to local IIS failed to include JS files for Pages when using 'abp-script' Tag
  2. Configure IdentityServer4 behind nginx reverse-proxy
  3. Enforce HTTPS in ASP.NET Core
  4. Host ASP.NET Core on Linux with Nginx
  5. Depoloyment Problem: invalid_request
  6. ABP Framework to Azure! - Part 10
  7. Sign-in - IdentityServer 4
  8. Authorization in Angular UI

What is frp?

rp is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the Internet. As of now, it supports TCP and UDP, as well as HTTP and HTTPS protocols, where requests can be forwarded to internal services by domain name.
frp also has a P2P connect mode.

github.com:frp

架构

FRP分为服务端frps和客户端frpc。架构如下:

设置服务端systemd service, /etc/systemd/system/frps.service:

[Unit]
Description=Frp Server Service
After=network.target

[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frps -c /etc/frp/frps.ini
LimitNOFILE=1048576

[Install]
WantedBy=multi-user.target

服务端设置好后:

Congratulations, frps install completed!
==============================================
You Server IP   : 123.123.123.123
Bind port       : 7020
Dashboard port  : 7500
vhost http port : 7080
vhost https port: 7443
Privilege token : tokenxxxxx!
Max Pool count  : 50
Log level       : info
Log max days    : 3
Log file        : enable

客户端 frpc.ini:

[common]
server_addr = 123.123.123.123
server_port = 7020

[web]
type = http
local_port = 80
custom_domains = frp.domain.com

nginx 代理:
server {

# 监听nginx 80端口
listen 80;
# 域名配置 记得一定要加上*.frp.xxx.com +  frp.xxx.com这个,只加frp.xxx.com是不行的,无法支持泛域名做sub模式
server_name *.frp.xxx.com frp.xxx.com;
location / {
    proxy_pass http: //127.0.0.1:7001;
    # 这个Host的header一定要加,不然转发后frp拿不到通过哪个域名访问的,导致转发失败
    proxy_set_header   Host             $host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
}

}

参考

  1. FRP内网穿透与Nginx结合,实现多子域名转发服务(四级子域名)