首页 日志最新的工作

最新的工作

  • 小易
  • ·
  • 2021-11-09
  • ·
  • 日志
  • ·
  • 最新的工作已关闭评论

要完成的事情

  1. 搭建 bitwarden
    参考:https://github.com/dani-garcia/vaultwarden
  2. VPS IPV6 001:19f0:6001:3f9a:5400:2ff:fe9a:bec6
  3. 把VPS上的wordpress改成typecho或者hugo待定
  4. nat123动态域名(待定)
  5. 升级php
  6. 升级nginx为caddy2
  7. 问题

Q1: 外网访问OMV

Q2: 主要想办法解决内网SSL问题
可参考:https://github.com/FiloSottile/mkcert
穿透之后把ffdn.xyz的SSL证书导入到OMV中去

一键发布wp

参考 https://github.com/skywind3000/markpress

搭建FRP 实现内网穿透服务

https://gofrp.org/docs/reference/server-configures/

解决二级域名问题

在cloudflare中设置二级域名指向2.ffdn.xyz的VPS

然后在nginx/confi.d/xxx.conf中设置新的Server如下

server {
listen 443 ssl http2;
server_name app.baidu.com; #frp applaction

# Specify SSL config if using a shared one.
#include conf.d/ssl/ssl.conf;
#证书文件名称
ssl_certificate conf.d/ssl/1_bitwarden.test.com_bundle.crt;
#私钥文件名称
ssl_certificate_key conf.d/ssl/2_bitwarden.test.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

# Allow large attachments
client_max_body_size 128M;

location / {
proxy_pass http://IP:9989;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

需要搞定证书问题 证书泛域名

泛域名证书已解决

FRP穿透之后代理8443到VPS的443端口之后出现502错误

用命令: curl -ipv4 -v https://xxx.ffdn.xyz

查得:

* Trying 45.76.75.64...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x564a5db38fb0)
* Connected to ps.ffdn.xyz (45.76.75.64) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP2 (h2)
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Next protocol (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=*.ffdn.xyz
* start date: Nov 9 01:18:18 2021 GMT
* expire date: Feb 7 01:18:17 2022 GMT
* subjectAltName: host "ps.ffdn.xyz" matched cert's "*.ffdn.xyz"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
.......

未完,待定。。。。

评论关闭。