基于 Caddy 作为前端 Web 服务器 + FRPS 作为反向代理方案

架构拓扑

用户请求
    ↓
Caddy (处理 HTTPS 证书、HTTP 反向代理)
    ↓
FRPS (转发 HTTP/HTTPS/TCP 流量)
    ↓
FRPC (客户端内网服务)

服务器端配置(FRPS + Caddy)

1. FRPS 配置 (frps.ini)

bindAddr = "0.0.0.0"
bindPort = 7000
#kcpBindPort = 7000
quicBindPort = 7000

vhostHTTPPort = 8080
vhostHTTPSPort = 8443

transport.maxPoolCount = 2000
transport.tcpMux = true
transport.tcpMuxKeepaliveInterval = 60
transport.tcpKeepalive = 7200
transport.tls.force = false

webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"
webServer.pprofEnable = false

log.to = "/root/frps/frps.log"
log.level = "info"
log.maxDays = 3
log.disablePrintColor = false

auth.method = "token"
auth.token = "password"
enablePrometheus = true
allowPorts = [
  { start = 10, end = 50000 }
]

maxPortsPerClient = 8
udpPacketSize = 1500
natholeAnalysisDataReserveHours = 168
# custom404Page = "/usr/local/frp/404.html"

2. Caddy 配置 (Caddyfile)

example.com {
	# Set this path to your site's directory.
	root * /usr/share/caddy/example.com

	# Enable the static file server.
	file_server

	# Another common task is to set up a reverse proxy:
	# reverse_proxy localhost:8080

	# Or serve a PHP site through php-fpm:
	# php_fastcgi localhost:9000
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
*.example.com {
        reverse_proxy 127.0.0.1:8080
}

关键说明

  • 通配符域名 *.example.com:自动匹配所有子域名,无需为每个服务单独配置。

  • 证书管理:Caddy 自动申请并续签 Let's Encrypt 证书。

  • 安全隔离:FRPS 仅监听 127.0.0.1,避免直接暴露 HTTP/HTTPS 端口到公网

客户端配置(FRPC)

1. HTTP 服务示例 (frpc.ini)

 
[web-service]
type = http
local_ip = 127.0.0.1
local_port = 80
custom_domains = app.example.com  # 匹配 Caddy 的域名

2. HTTPS 服务示例

 
[secure-service]
type = https
local_ip = 127.0.0.1
local_port = 443
custom_domains = api.example.com

3. TCP 服务示例(如 SSH/数据库)

 
[mysql-tcp]
type = tcp
local_ip = 127.0.0.1
local_port = 3306
remote_port = 10022  # 用户通过 public_ip:10022 访问

防火墙规则(服务器端)

端口 协议 用途 开放范围
80 TCP Caddy 的 HTTP 入口 0.0.0.0/0
443 TCP Caddy 的 HTTPS 入口 0.0.0.0/0
7000 TCP FRPC 连接 FRPS 客户端 IP 或 /0
10000-20000 TCP FRPS 的 TCP 服务端口 0.0.0.0/0
7500 TCP FRPS Dashboard(可选) 限管理 IP
posted @ 2025-07-30 23:00  木子欢儿  阅读(143)  评论(0)    收藏  举报