GIT服务器维护
网络架构
graph TD
browser[浏览器] -->|域名git.xxx.cc| gateway(公网服务器-175.102.11.86)
gateway --> nginx{nginx}
nginx -->|解析https,加载证书,本地端口转发| frps{frps}
frps --> |frp隧道| inserver(内网服务器,192.168.X.X)
inserver --> frpc{frpc}
frpc --> |转发本地http请求| gitlab[GITLAB]
重点
- TLS/SSL证书在nginx加载和验证
- nginx转发到本地frps的VHTTP端口
- frps服务端穿透到frpc端
- gitlab是以docker容器方式运行,所以frpc还要转发到本地的gitlab端口
配置文件示例
nginx
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
| server { listen 443 ssl http2; server_name git.xxx.cc; charset utf-8; access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log; ssl on; ssl_certificate /etc/nginx/ssl/git.xxx.cc.pem; ssl_certificate_key /etc/nginx/ssl/git.xxx.cc.key; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; client_max_body_size 1000m; location / { proxy_pass http://127.0.0.1:7080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
|
frps.ini
1 2 3
| ... vhost_http_port = 7080 ...
|
frpc.ini
1 2 3 4 5 6 7 8
| [Domain_Http] use_compression = true
type = http
local_port = 4000
custom_domains = git.xxx.cc
|