使用FRP的http2https插件完美解决HTTPS网站穿透

现在互联网主流已经是HTTPS，如果有本地网站需要穿透到外网，FRP是重要的选项。

涉及三个配置包括FRPS、FRPC、Nginx，以及证书配置

1.FRPS的配置文件frps.toml

bindPort = 7001
auth.method ="token"
auth.token = "mytoken"
webServer.addr = "0.0.0.0"
webServer.port = 7003
webServer.user ="user"
webServer.password = "pass"
allowPorts = [{single=80},{single=443}]
vhostHTTPPort = 80
vhostHTTPSPort = 443

开启80和443端口的http、https协议代理。webServer配置可选。

需要说明的是，网上大部分资料都是FRP老版本的配置，本文基于0.63版本的FRP。最新版的配置说明详见FRP项目官方https://github.com/fatedier/frp/

2.FRPC的配置文件frpc.toml

serverAddr = "your.ip"
serverPort = 7001
auth.method = "token"
auth.token = "your.token"

[[proxies]]
name = "webhttp"
type = "http"
localPort = 8080
customDomains = ["www.your-domain.com", "your-domain.com"] 
[[proxies]]
name = "web_https2http"
type = "https"
customDomains = ["www.your-domain.com", "your-domain.com"]

[proxies.plugin]
type = "https2http"
crtPath = "/path/to/crt/cert.crt"
keyPath = "/path/to/key/private.key"
localAddr = "127.0.0.1:8080"  # 改为本地HTTP端口
requestHeaders.set.x-from-where = "frp"
requestHeaders.set.x-forwarded-proto = "https"
requestHeaders.set.x-forwarded-host = "www.your-domain.come"

开启https类型的代理，并使用https2http插件，同时指定证书路径，指定本地http服务端口。这样就实现了将本地的http服务，通过frp转换为https服务穿透到外网。同时，也开启http的代理，否则http链接就访问不到网站。

3.Nginx配置

server {
    listen 8080;
    server_name your-domain.com www.your-domain.com;
    
    # 关键：确保传递给WordPress的头部正确
    location / {
        proxy_pass http://wordpress:80;
        
        # 这些头部必须正确设置
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;  # 固定为https
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Port 443;
        
        # 超时设置
        proxy_connect_timeout 300s;
        proxy_send_timeout 300s;
        proxy_read_timeout 300s;
        
        # 禁用重定向跟随，让WordPress处理
        proxy_redirect off;
    }
    
    # 静态文件处理
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires 30d;
        add_header Cache-Control "public, no-transform";
        proxy_pass http://wordpress:80;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto https;
    }
    
    # PHP处理
    location ~ \.php$ {
        proxy_pass http://wordpress:80;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $http_host;
    }
}

这里是docker部署的Nginx的配置，wordpress也是docker部署。wordpress设置-常规中WordPress 地址和站点地址均设置为https://www.your-domain.com

这样配置之后，由FRP处理穿透和TLS，Nginx提供本地http服务即可。