HTTPS on the intranet web penetrated by FRP

Time:2022-4-27

In 2021, who doesn’t have an HTTPS? It’s out without an SSL certificate

HTTPS on the intranet web penetrated by FRP

Nginx

The first method is to use nginx on the server side. Nginx monitors ports 80 and 443, forwards the request from the domain name to the port monitored by FRPs (such as 7000) through the reverse proxy of nginx, and then FRPs forwards it to FRPC to process the HTTP response. Configure HTTPS Certificate in nginx, and enable encryption and decryption of SSL by nginx. The configuration of HTTPS certificate and reverse proxy by nginx is a routine operation, and no unnecessary demonstration is needed. Find it troublesome to use the pagoda.

HTTPS configuration of FRP

FRP itself can also be configured with certificates to provide HTTPS services, and the server FRPs can do forwarding at ease.

Server side FRPs configuration

If you want to use nginx reverse proxy FRPs on the server side, the test has not been successful. Here, let FRPs monopolize ports 80 and 443. Modify FRPs ini,

[common]
bind_port = 7000
token=12310086N

vhost_http_port = 80
vhost_https_port = 443

FRPs executes the modified configuration file. Note that the firewall or pagoda releases the corresponding port.

./frps -c frps.ini

HTTPS on the intranet web penetrated by FRP

Intranet HTTP response

At this time, there is an HTTP response page on my intranet 8000 port of 192.168.0.156.

HTTPS on the intranet web penetrated by FRP
HTTPS on the intranet web penetrated by FRP

Intranet FRPC configuration

frpc. Ini configuration is modified according to your own situation. The certificate configuration “plugin_crt_path” and “plugin_key_path” use the certificate of nginx corresponding to the domain name. “Plugin_local_addr” is the corresponding HTTP response port of the intranet

[common]
server_ Addr = server IP
bind_port = 7000
token=12310086N

[test_htts2http]
type = https
custom_ Domains = domain name

plugin = https2http
plugin_local_addr = 127.0.0.1:8000

HTTPS certificate related configuration

plugin_crt_path = ./ssl/server.crt
plugin_key_path = ./ssl/server.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp

./frpc -c frpc.ini

HTTPS on the intranet web penetrated by FRP

There is also one more connection information at the FRPs end
HTTPS on the intranet web penetrated by FRP

visit

The domain name on the configuration is resolved to the IP of the server to access the domain name effectHTTPS on the intranet web penetrated by FRP
HTTPS on the intranet web penetrated by FRP