frps.toml:

bindPort = 7000
auth.method = "token"
auth.token = "******"
vhostHTTPPort = 8000
vhostHTTPSPort = 8001

frpc.toml:

serverAddr = "s.wzh.kim"
serverPort = 7000
auth.method = "token"
auth.token = "******"

[[proxies]]
name = "web"
type = "https"
localPort = 5001
customDomains = ["nas.wzh.kim"]

server {
    listen       80;
    listen  [::]:80;
    server_name nas.wzh.kim;
    return 301 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name nas.wzh.kim;

  ssl_certificate certs/self_signed/server.crt;
  ssl_certificate_key certs/self_signed/server.key;

  location / {
    proxy_pass https://127.0.0.1:8001; # 转发到本机的 frps 监听 HTTPS 服务的地址

    # 设置 SNI 信息
    proxy_ssl_server_name on;
    # 设置 SNI 名称为客户端请求的主机名
    proxy_ssl_name $host;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

解释:
proxy_ssl_server_name on;:启用 SNI 传递。
proxy_ssl_name $host;:设置 SNI 名称为客户端请求的主机名。
添加上面的配置项,reload nginx 之后,确实可以正常访问了。

最后修改:2024 年 07 月 14 日
如果觉得我的文章对你有用,请随意赞赏