V2ray内网穿透来管理NAS的webmin
接上一篇,在NAS上安装好debian buster系统后,并且安装了管理软件webmin, 但NAS是放在公司里的,没有外网固定IP可用。所以只能用内网穿透来实现随时随地管理。
内网穿透有很多的软件,付费的,免费的,花生壳,frp, NPS,NATAPP,ngrok 等等,功能不相上下,只是速度快慢,安装是否快捷而已。因为我的VPS服务器上已经安装了v2ray用来上youtube. 所以也就不打算多装一款软件来折腾了。
首先安装SSL到本地localhost, 支持HTTPS访问,必须是安装好HTTPS后再开始设置内网穿透。
下载mkcert
apt install libnss3-tools
export VER="v1.3.0"
wget -O mkcert https://github.com/FiloSottile/mkcert/releases/download/${VER}/mkcert-${VER}-linux-amd64
注,最新版本查询地址:
https://github.com/FiloSottile/mkcert/releases
再安装
chmod +x mkcert
mv mkcert /usr/local/bin
默认安装在
/root/.local/share/mkcert
更改安装
export CAROOT="$HOME/local_certificates"
显示安装目录:mkcert -CAROOT
再执行
mkcert -install
安装证书
mkcert localhost.dev localhost
The certificate is at "./localhost.dev+1.pem" and the key at "./localhost.dev+1-key.pem"
更改已有证书路径
mkcert -cert-file /usr/local/nginx/ssl/rootCA.pem -key-file /usr/local/nginx/ssl/rootCA-key.pem localhost
使用二级域名代替端口访问
因为用IP:端口形式访问内网穿透,不太方便;通过Nginx二级域名指向不同端口,将https://ip:10000,变成二级域名的样式https://二级域名.colinqi.com,
再结合NAS的V2RAY内网穿透代码,以下代码追加到服务器VPS的vhost目录下conf内:www.顶级域名.com.conf
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 二级域名.colinqi.com;
ssl_certificate /usr/local/ssl/colinqi.com/fullchain.cer;
ssl_certificate_key /usr/local/ssl/colinqi.com/colinqi.com.key;
if ($ssl_protocol = "") { return 301 https://$server_name$request_uri; }
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_dhparam /usr/local/ssl/dh4096.pem;
location / {
proxy_pass https://127.0.0.1:10000;
proxy_connect_timeout 300s;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 32k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_set_header Referer $http_referer;
proxy_set_header Cookie $http_cookie;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
在NAS端安装V2RAY,修改配置文件/etc/v2ray/config.json, 配置如下:
{
"reverse":{
"bridges":[
{
"tag":"bridge",
"domain":"二级域名.colinqi.com"
}
]
},
"outbounds":[
{
"tag":"tunnel",
"protocol":"vmess",
"settings":{
"vnext":[
{
"address":"二级域名.colinqi.com",
"port":28889,
"users":[
{
"id":"0ebaa704-8888-8888-8888-08ae22443bb5",
"alterId":64
}
]
}
]
}
},
{
"protocol":"freedom",
"settings":{
"redirect": "127.0.0.1:10000" #NAS端webmin用
},
"tag":"out"
}
],
"routing":{
"rules":[
{
"type":"field",
"inboundTag":[
"bridge"
],
"domain":[
"full:二级域名.colinqi.com"
],
"outboundTag":"tunnel"
},
{
"type":"field",
"inboundTag":[
"bridge"
],
"outboundTag":"out"
}
]
}
}
在服务器VPS端配置json文件。
因为已经有了config.json,而且我还不会配置复杂的代码,无法把内网穿透和上网功能汇在一起,所以只有另开一个service, 就叫nas.service; 而新加的配置文件也就叫nas.json.
{
"reverse":{
"portals":[
{
"tag":"portal",
"domain":"二级域名.colinqi.com"
}
]
},
"inbounds":[
{
"tag":"external",
"port":10000, #VPS监听端口
"protocol":"dokodemo-door",
"settings":{
"address":"127.0.0.1",
"port":10000, #NAS端webmin端口
"network":"tcp,udp"
}
},
{
"tag": "tunnel",
"port":28888,
"protocol":"vmess",
"settings":{
"clients":[
{
"id":"0ebaa704-8888-8888-8888-08ae22443bb5",
"alterId":64
}
]
}
}
],
"routing":{
"rules":[
{
"type":"field",
"inboundTag":[
"external"
],
"outboundTag":"portal"
},
{
"type":"field",
"inboundTag":[
"tunnel"
],
"domain":[
"full:二级域名.colinqi.com"
],
"outboundTag":"portal"
}
]
}
}
新加的nas.service服务内容如下
[Unit]
Description=V2Ray NAS Service
After=network.target
Wants=network.target
[Service]
# This service runs as root. You may consider to run it as another user for security concerns.
# By uncommenting the following two lines, this service will run as user v2ray/v2ray.
# More discussion at https://github.com/v2ray/v2ray-core/issues/1011
# User=v2ray
# Group=v2ray
Type=simple
PIDFile=/run/nas.pid
ExecStart=/usr/bin/v2ray/v2ray -config /etc/v2ray/nas.json
Restart=on-failure
# Don't restart in the case of configuration error
RestartPreventExitStatus=23
StartLimitInterval=30
[Install]
WantedBy=multi-user.target
上述进行使用以下代码控制启动
命令启动:systemctl start nas
开机启动:systemctl enable nas
查看状态:systemctl status nas
重新启动:systemctl restart nas
journalctl -xe -u nas 检查启动内容
systemctl daemon-reload 重新加载
到此配置完成,先启动VPS的nas.service, 再启动NAS端的v2ray.
0
Say Something!