nas

FRP和NPS内网穿透

最开始用的是FRP，后面看见NPS后，就放弃了FRP，用了一段时间后，发现NPS的配置虽然简单，但会混乱，不知道是不是配置有问题，最后还是用回了FRP.

NPS配置

服务端

appname = nps
#Boot mode(dev|pro)
runmode = dev

#HTTP(S) proxy port, no startup if empty
http_proxy_ip=0.0.0.0
http_proxy_port=9800 
https_proxy_port=9443
https_just_proxy=true
#default https certificate setting
https_default_cert_file=/home/certs/xxk.link.cer
https_default_key_file=/home/certs/xxk.link.key

##bridge
bridge_type=tcp
bridge_port=8096
bridge_ip=0.0.0.0

# Public password, which clients can use to connect to the server
# After the connection, the server will be able to open relevant ports and parse related domain names according to its own configuration file.
public_vkey=123

#Traffic data persistence interval(minute)
#Ignorance means no persistence
#flow_store_interval=1

# log level LevelEmergency->0  LevelAlert->1 LevelCritical->2 LevelError->3 LevelWarning->4 LevelNotice->5 LevelInformational->6 LevelDebug->7
log_level=7
#log_path=nps.log

#Whether to restrict IP access, true or false or ignore
#ip_limit=true

#p2p
p2p_ip=127.0.0.1
p2p_port=6000

#web
web_host=nps.xxx.com
web_username=liujiaxian
web_password=123456
web_port = 9090
web_ip=0.0.0.0
web_base_url=
web_open_ssl=false
web_cert_file=conf/server.pem
web_key_file=conf/server.key
# if web under proxy use sub path. like http://host/nps need this.
#web_base_url=/nps

#Web API unauthenticated IP address(the len of auth_crypt_key must be 16)
#Remove comments if needed
#auth_key=test
auth_crypt_key =1234567812345678

#allow_ports=9001-9009,10001,11000-12000

#Web management multi-user login
allow_user_login=false
allow_user_register=false
allow_user_change_username=false


#extension
allow_flow_limit=false
allow_rate_limit=false
allow_tunnel_num_limit=false
allow_local_proxy=false
allow_connection_num_limit=false
allow_multi_ip=false
system_info_display=false

#cache
http_cache=false
http_cache_length=100

#get origin ip
http_add_origin_header=false

#pprof debug options
#pprof_ip=0.0.0.0
#pprof_port=9999

#client disconnect timeout
disconnect_timeout=60

客户端



[common]
server_addr=127.0.0.1:8024
conn_type=tcp
vkey=123
auto_reconnection=true
max_conn=1000
flow_limit=1000
rate_limit=1000
basic_username=11
basic_password=3
web_username=user
web_password=1234
crypt=true
compress=true
#pprof_addr=0.0.0.0:9999
disconnect_timeout=60
tls_enable = true

[health_check_test1]
health_check_timeout=1
health_check_max_failed=3
health_check_interval=1
health_http_url=/
health_check_type=http
health_check_target=127.0.0.1:8083,127.0.0.1:8082

[health_check_test2]
health_check_timeout=1
health_check_max_failed=3
health_check_interval=1
health_check_type=tcp
health_check_target=127.0.0.1:8083,127.0.0.1:8082

[web]
host=c.o.com
target_addr=127.0.0.1:8083,127.0.0.1:8082

[tcp]
mode=tcp
target_addr=127.0.0.1:8080
server_port=10000

[socks5]
mode=socks5
server_port=19009
multi_account=multi_account.conf

[file]
mode=file
server_port=19008
local_path=/Users/liuhe/Downloads
strip_pre=/web/

[http]
mode=httpProxy
server_port=19004

[udp]
mode=udp
server_port=12253
target_addr=114.114.114.114:53

[ssh_secret]
mode=secret
password=ssh2
target_addr=123.206.77.88:22

[ssh_p2p]
mode=p2p
password=ssh3

[secret_ssh]
local_port=2001
password=ssh2

[p2p_ssh]
local_port=2002
password=ssh3
target_addr=123.206.77.88:22

Nginx配置

[common]
server_addr=127.0.0.1:8024
conn_type=tcp
vkey=123
auto_reconnection=true
max_conn=1000
flow_limit=1000
rate_limit=1000
basic_username=11
basic_password=3
web_username=user
web_password=1234
crypt=true
compress=true
#pprof_addr=0.0.0.0:9999
disconnect_timeout=60
tls_enable = true

[health_check_test1]
health_check_timeout=1
health_check_max_failed=3
health_check_interval=1
health_http_url=/
health_check_type=http
health_check_target=127.0.0.1:8083,127.0.0.1:8082

[health_check_test2]
health_check_timeout=1
health_check_max_failed=3
health_check_interval=1
health_check_type=tcp
health_check_target=127.0.0.1:8083,127.0.0.1:8082

[web]
host=c.o.com
target_addr=127.0.0.1:8083,127.0.0.1:8082

[tcp]
mode=tcp
target_addr=127.0.0.1:8080
server_port=10000

[socks5]
mode=socks5
server_port=19009
multi_account=multi_account.conf

[file]
mode=file
server_port=19008
local_path=/Users/liuhe/Downloads
strip_pre=/web/

[http]
mode=httpProxy
server_port=19004

[udp]
mode=udp
server_port=12253
target_addr=114.114.114.114:53

[ssh_secret]
mode=secret
password=ssh2
target_addr=123.206.77.88:22

[ssh_p2p]
mode=p2p
password=ssh3

[secret_ssh]
local_port=2001
password=ssh2

[p2p_ssh]
local_port=2002
password=ssh3
target_addr=123.206.77.88:22

使用到后面非常奇怪，访问域名非错乱，例如访问a.xxk.link,显示的是b.xxk.link的站点。

FRP配置

服务端

bindPort = 7000

webServer.port = 7500
# dashboard's username and password are both optional
webServer.user = "liujiaxian"
webServer.password = "123456"

客户端

serverAddr = "你的服务器IP"
serverPort = 7000

[[proxies]]
name = "nas"
type = "tcp"
localIP = "192.168.50.200"
localPort = 5888
remotePort = 6000

Nginx

server {
    listen 443 ssl http2;
    server_name frp.xxx.com; #请求域名

    #SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html; #开启ssl
    ssl_certificate *.cer; #pem证书路径
    ssl_certificate_key *.key; #pem证书key路径
    ssl_session_timeout 5m; #会话超时时间
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #SSL协议
    #SSL-END

    #拦截所有请求
    location / {
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:7500; #服务A访问地址
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}

server {
    listen 80;
    server_name frp.xxx.com;
    rewrite ^(.*)$ https://$host$1 permanent;
}

server {
    listen 443 ssl http2;
    server_name a.xxx.com;
  
    add_header Strict-Transport-Security "max-age=31536000";
    #SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html; #开启ssl
    ssl_certificate *.cer; #pem证书路径
    ssl_certificate_key *.key; #pem证书key路径
    #ssl_session_timeout 5m; #会话超时时间
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; #SSL协议
    ssl_session_timeout 30m;
    #SSL-END

    #client_max_body_size 0;

    #拦截所有请求
    location / {
        proxy_set_header Host $http_host:$proxy_port;
        proxy_pass http://127.0.0.1:6000; #服务A访问地址
    }
}

server {
    listen 80;
    server_name a.xxx.com;
    rewrite ^(.*)$ https://$host$1 permanent;
}

如果觉得文章对你有用，请随意赞赏

内网穿透 frp nps

FRP和NPS内网穿透

http://xxk.link/archives/frphe-npsnei-wang-chuan-tou

作者

先修客

发布于

2024-11-07

更新于

2024-11-07

许可协议

CC BY 4.0

FRP和NPS内网穿透

NPS配置

服务端

客户端

Nginx配置

FRP配置

服务端

客户端

Nginx

作者

发布于

更新于

许可协议

评论