frp内网穿透加nginx 反向代理

目的: 将站点部署到外网无法访问的树莓派中.

部署wordpress

可使用 lnmp 部署, 也可以使用 docker, 树莓派3B+不支持原版的 mysql docker 镜像. 故本次镜像使用: hypriot/rpi-mysql.

docker-compose 文件为:

version: '3.3'

services:
   wordpress:
     depends_on:
       - db
     image: wordpress:latest
     volumes:
       - /home/xxx/files/wwwroot/xxx:/var/www/html
     ports:
       - "81:80"
     restart: always
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_DB_PASSWORD: xxx

   db:
     image: hypriot/rpi-mysql
     volumes:
       - /home/wukt/files/wordpress_db/:/var/lib/mysql
     ports:
       - "3306:3306"
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: xxx
       MYSQL_DATABASE: wordpress
       MYSQL_USER: xxx
       MYSQL_PASSWORD: xxx

frp 服务端和客户端

github: https://github.com/fatedier/frp
可在项目的 release 中下载响应的服务器和客户端版本, 具体配置方式可以参照文档, 本文记录本次部署配置.

服务端配置

服务端应配置的外网可以访问的服务器上.

[common]
bind_port = 8888
bind_addr = 0.0.0.0
bind_udp_port = 
kcp_bind_port = 
privilege_token = xxx
vhost_http_port = 88  ; 一般使用 http 即可, 因为浏览器到 nginx 可以走 https, 配置相对简单些.
vhost_https_port = 444
log_level = info
log_max_days = 3
max_pool_count = 20
tcp_mux = true
max_ports_per_client = 0
authentication_timeout = 900

客户端配置:

[common]
server_addr = ip  ; 服务器端公网ip
server_port = 8888  ; 与服务器端 bindport 相同.
privilege_token = xxx
protocol = tcp
use_encryption = true
use_compression = true
log_level = info
log_max_days = 3
tcp_mux = true
login_fail_exit = false

[raspberrypi]
type = http
local_port = 81
custom_domains = blog.wktadmin.com ; 多域名使用逗号隔开.

nginx 反向代理

如果不使用 nginx, 网站部署仍然是成功的, 但是为了网站可以使用80/443端口访问, 而又不影响服务端已存在的其他网站, 只好使用 nginx 反向代理, 将浏览器访问80/443端口的请求, 转发到 frp 的 http 服务监听的88端口上.

本站开启 https, 所以配置如下:

server
    {
    listen 443 ssl http2;
        #listen [::]:80;
        server_name blog.wktadmin.com;
            ssl_certificate /etc/letsencrypt/live/blog.wktadmin.com/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/blog.wktadmin.com/privkey.pem;
 location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass_header Server;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
                proxy_pass http://127.0.0.1:88/;
        }
    }

树莓派(Raspbian)安装docker-compose

依照官网提供的方法https://docs.docker.com/compose/install/, 会下载一个404的页面到/usr/local/bin下, 原因是系统不主流导致sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose指向了不存在的路径.

安装方法

sudo pip install docker-compose

但是直接pip会提示缺少依赖导致错误:

File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 1145, in build_and_install         self.run_setup(setup_script, setup_base, args)       File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 1133, in run_setup         raise DistutilsError("Setup script exited with %s" % (v.args[0],))     distutils.errors.DistutilsError: Setup script exited with error: command 'arm-linux-gnueabihf-gcc' failed with exit status 1          ---------------------------------------- Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-8KnQlf/pynacl/

安装依赖

sudo apt-get install -y  libffi-dev gcc libc-dev make

postgrepsql 添加自增列

表中已有数据, 需要填充:

如果没有id字段

alter table bandwidth_day_use add id serial not null;

如果有id字段

PostgreSQL中让主键自增长可先建立一个对应表的sequence

CREATE SEQUENCE test_id_seq
START WITH 1
INCREMENT BY 1
NO MINVALUE
NO MAXVALUE
CACHE 1;

其中START是从数字几开始,INCREMENT BY是一次增长几个数字,NO MINVALUE是没有最小值,NO MAXVALUE是没有最大值;

然后修改表id字段

alter table test alter column id set default nextval('test_id_seq');