nps 使用

参考

https://ehang-io.github.io/nps/?utm_source=ld246.com#/nps_use

https://ld246.com/article/1596364309400

 

注意 安装过后配置文件位于/etc/nps,修改配置文件需要重启

nps.conf

appname = nps
#Boot mode(dev|pro)
runmode = dev

#HTTP(S) proxy port, no startup if empty
http_proxy_ip=0.0.0.0
http_proxy_port=19000
https_proxy_port=19001
https_just_proxy=true
#default https certificate setting
https_default_cert_file=conf/server.pem
https_default_key_file=conf/server.key

##bridge
bridge_type=tcp
bridge_port=19002
bridge_ip=0.0.0.0

# Public password, which clients can use to connect to the server
# After the connection, the server will be able to open relevant ports and parse related domain names according to its own configuration file.
public_vkey=123

#Traffic data persistence interval(minute)
#Ignorance means no persistence
#flow_store_interval=1

# log level LevelEmergency->0  LevelAlert->1 LevelCritical->2 LevelError->3 LevelWarning->4 LevelNotice->5 LevelInformational->6 LevelDebug->7
log_level=7
#log_path=nps.log

#Whether to restrict IP access, true or false or ignore
#ip_limit=true

#p2p
#p2p_ip=127.0.0.1
#p2p_port=6000

#web
web_host=a.o.com
web_username=tiantian
web_password=tian0803
web_port = 19003
web_ip=0.0.0.0
web_base_url=
web_open_ssl=false
web_cert_file=conf/server.pem
web_key_file=conf/server.key
# if web under proxy use sub path. like http://host/nps need this.
#web_base_url=/nps

#Web API unauthenticated IP address(the len of auth_crypt_key must be 16)
#Remove comments if needed
#auth_key=test
auth_crypt_key =1234567812345678

#allow_ports=9001-9009,10001,11000-12000

#Web management multi-user login
allow_user_login=false
allow_user_register=false
allow_user_change_username=false


#extension
allow_flow_limit=false
allow_rate_limit=false
allow_tunnel_num_limit=false
allow_local_proxy=false
allow_connection_num_limit=false
allow_multi_ip=false
system_info_display=false

#cache
http_cache=false
http_cache_length=100

#get origin ip
http_add_origin_header=false

#pprof debug options
#pprof_ip=0.0.0.0
#pprof_port=9999

#client disconnect timeout
disconnect_timeout=60

 配置域名访问，需要配置nginx

域名反向代理http端口

 nginx 配置

server {
    listen 443 ssl http2;
    server_name *.t.yu.top; #填写绑定证书的域名
    ssl_certificate /etc/letsencrypt/live/t.yu.top/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/t.yu.top/privkey.pem;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_session_cache builtin:1000 shared:SSL:10m;
    # openssl dhparam -out /usr/local/nginx/ssl/dhparam.pem 2048
    #ssl_dhparam /usr/local/nginx/ssl/dhparam.pem;


    client_max_body_size 50M;
    client_header_timeout 3600s;
    client_body_timeout 3600s;
    fastcgi_connect_timeout 3600s;
    fastcgi_send_timeout 3600s;
    fastcgi_read_timeout 3600s;

    location ~ \.txt$ {
        # 存放校验文件目录的绝对路径
        root /etc/nginx/weixin;
    }

    location / {
        proxy_set_header Host $host; #保留代理之前的host
        # proxy_set_header X-Real-IP $remote_addr; #保留代理之前的真实客户端ip
        #  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #   proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; #在多级代理的情况下，记录每次代理之前的客户端真实ip

        #   limit_req zone=myRateLimit burst=20 nodelay;
        gzip on;
        gzip_disable "msie6";

        gzip_comp_level 2;
        gzip_min_length 1100;
        gzip_buffers 16 8k;
        gzip_proxied any;
        gzip_types
        text/plain
        text/css
        text/js
        text/xml
        text/javascript
        application/javascript
        application/json
        application/xml
        application/rss+xml
        image/svg+xml;

        proxy_pass http://localhost:19000;
        #    proxy_redirect default; #指定修改被代理服务器返回的响应头中的location头域跟refresh头域数值
    }
}