frps.toml:
bindPort = 7000
auth.method = "token"
auth.token = "******"
vhostHTTPPort = 8000
vhostHTTPSPort = 8001
frpc.toml:
serverAddr = "s.wzh.kim"
serverPort = 7000
auth.method = "token"
auth.token = "******"
[[proxies]]
name = "web"
type = "https"
localPort = 5001
customDomains = ["nas.wzh.kim"]
server {
listen 80;
listen [::]:80;
server_name nas.wzh.kim;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name nas.wzh.kim;
ssl_certificate certs/self_signed/server.crt;
ssl_certificate_key certs/self_signed/server.key;
location / {
proxy_pass https://127.0.0.1:8001; # 转发到本机的 frps 监听 HTTPS 服务的地址
# 设置 SNI 信息
proxy_ssl_server_name on;
# 设置 SNI 名称为客户端请求的主机名
proxy_ssl_name $host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
解释:
proxy_ssl_server_name on;:启用 SNI 传递。
proxy_ssl_name $host;:设置 SNI 名称为客户端请求的主机名。
添加上面的配置项,reload nginx 之后,确实可以正常访问了。