nps 使用
参考
https://ehang-io.github.io/nps/?utm_source=ld246.com#/nps_use
https://ld246.com/article/1596364309400
注意 安装过后配置文件位于/etc/nps,修改配置文件需要重启
nps.conf
appname = nps #Boot mode(dev|pro) runmode = dev #HTTP(S) proxy port, no startup if empty http_proxy_ip=0.0.0.0 http_proxy_port=19000 https_proxy_port=19001 https_just_proxy=true #default https certificate setting https_default_cert_file=conf/server.pem https_default_key_file=conf/server.key ##bridge bridge_type=tcp bridge_port=19002 bridge_ip=0.0.0.0 # Public password, which clients can use to connect to the server # After the connection, the server will be able to open relevant ports and parse related domain names according to its own configuration file. public_vkey=123 #Traffic data persistence interval(minute) #Ignorance means no persistence #flow_store_interval=1 # log level LevelEmergency->0 LevelAlert->1 LevelCritical->2 LevelError->3 LevelWarning->4 LevelNotice->5 LevelInformational->6 LevelDebug->7 log_level=7 #log_path=nps.log #Whether to restrict IP access, true or false or ignore #ip_limit=true #p2p #p2p_ip=127.0.0.1 #p2p_port=6000 #web web_host=a.o.com web_username=tiantian web_password=tian0803 web_port = 19003 web_ip=0.0.0.0 web_base_url= web_open_ssl=false web_cert_file=conf/server.pem web_key_file=conf/server.key # if web under proxy use sub path. like http://host/nps need this. #web_base_url=/nps #Web API unauthenticated IP address(the len of auth_crypt_key must be 16) #Remove comments if needed #auth_key=test auth_crypt_key =1234567812345678 #allow_ports=9001-9009,10001,11000-12000 #Web management multi-user login allow_user_login=false allow_user_register=false allow_user_change_username=false #extension allow_flow_limit=false allow_rate_limit=false allow_tunnel_num_limit=false allow_local_proxy=false allow_connection_num_limit=false allow_multi_ip=false system_info_display=false #cache http_cache=false http_cache_length=100 #get origin ip http_add_origin_header=false #pprof debug options #pprof_ip=0.0.0.0 #pprof_port=9999 #client disconnect timeout disconnect_timeout=60
配置域名访问,需要配置nginx
域名反向代理http端口
nginx 配置
server { listen 443 ssl http2; server_name *.t.yu.top; #填写绑定证书的域名 ssl_certificate /etc/letsencrypt/live/t.yu.top/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/t.yu.top/privkey.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; ssl_session_cache builtin:1000 shared:SSL:10m; # openssl dhparam -out /usr/local/nginx/ssl/dhparam.pem 2048 #ssl_dhparam /usr/local/nginx/ssl/dhparam.pem; client_max_body_size 50M; client_header_timeout 3600s; client_body_timeout 3600s; fastcgi_connect_timeout 3600s; fastcgi_send_timeout 3600s; fastcgi_read_timeout 3600s; location ~ \.txt$ { # 存放校验文件目录的绝对路径 root /etc/nginx/weixin; } location / { proxy_set_header Host $host; #保留代理之前的host # proxy_set_header X-Real-IP $remote_addr; #保留代理之前的真实客户端ip # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; #在多级代理的情况下,记录每次代理之前的客户端真实ip # limit_req zone=myRateLimit burst=20 nodelay; gzip on; gzip_disable "msie6"; gzip_comp_level 2; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/json application/xml application/rss+xml image/svg+xml; proxy_pass http://localhost:19000; # proxy_redirect default; #指定修改被代理服务器返回的响应头中的location头域跟refresh头域数值 } }