博主在家里的NAS上虚拟了一台debian,安装了web服务器,由于内网应用比较多,就做了一个内网导航页,这个导航页放在deiban里面,经过openwrt的端口可以任意访问,但是想加上ssl证书,折腾一番,成功,记录一下。

OpenWrt路由器:192.168.0.1,有公网IP,通过ddns连回家,有自己的域名。

debian服务器:192.168.0.3,安装了docker和web服务器,内网导航页index.html放在nginx默认目录下面。

上个内网导航页,自己手写的html,见笑。。。。。。

目的是要实现访问这个页面时,不管何时何地,走https加密,也就是说,在debian服务器里配置nginx的ssl证书,并且通过路由器转发端口后,仍然生效。

说干就干,其实很简单

server {
	listen	443 ssl;
	server_name 192.168.0.3;
	access_log  /var/log/nginx/localhost.access.log;
	root   /var/www/default;
	index  index.html index.htm index.php;
	include /etc/nginx/fastcgi_php;

    ssl_certificate /usr/local/etc/aaa.com.ssl/rui.crt;
    ssl_certificate_key /usr/local/etc/aaa.com.ssl/rui.key;
	ssl_ciphers                 TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers    on;
    ssl_protocols                TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_session_cache            shared:SSL:50m;
    ssl_session_timeout          1d;
    ssl_session_tickets          on; 
}
server {
    if ($host = 192.168.0.3) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
	listen 80;
	server_name 192.168.0.3;
	rewrite ^(.*) https://aaa.com:8084$1 permanent; 
}

以上代码贴在debian的nginx配置里面,把aaa.com换成自己的域名,详细说明如下:

1,内网服务器debian的IP是192.168.0.3

2,在debian里配置好所有的ssl证书,域名那里写IP地址

3,在openwrt里做端口转发,外网8084,内网设置为192.168.0.3的443,也就是说,外面访问aaa.com:8084,openwrt会转发到192.168.0.3:443

4,第二个server里,设置如果访问的是80端口,就直接转发到目标地址,也就是最终的地址:https://aaa.com:8084

经过以上操作,在外网访问家里的地址,都是https加密的了。

下面就是内网导航的代码,复制后另存为index.html文件,放在web目录里即可。

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta charset="utf-8">      <!--必须放在title标签及其它meta标签前-->
        <title>内网导航页</title>
        <!-- <link rel="stylesheet" type="text/css" href="../css/边框样式.css"/> -->
        <style type="text/css">
            table,th,td{
               border: 1px solid #66A9FE;
            }
			th{
				height:30px;
			}
			td{
				width:350px;
				height:40px;
				}
            table{
                border-collapse: collapse;      /*表格边框合并,去除边框间空隙*/
            }
			body {
				text-align: center;
				} 
			table {
				margin: auto;
				}
        </style>
    </head>
    <body>
        <table>
            <h1 align="center">内网导航页</h1>
            <thead>
                <tr>
                    <th>设备名称</th>
                    <th>内网地址</th>
                    <th>外网地址</th>
                </tr>
            </thead>
            <tbody>
                <tr>
                    <td>OpenWRT路由器</td>
                    <td><a target="_blank" href=https://192.168.0.1>https://192.168.0.1</a></td>
                    <td><a target="_blank" href=https://aaa.com:8143>https://aaa.com:8143</a></td>
                </tr>
                <tr>
                    <td>ESXi服务器</td>
                    <td><a target="_blank" href=https://192.168.0.4>https://192.168.0.4</a></td>
                    <td><a target="_blank" href=https://aaa.com:8443>https://aaa.com:8443</a></td>
                </tr>
                <tr>
                    <td>PVE服务器</td>
                    <td><a target="_blank" href=https://192.168.0.14:8006>https://192.168.0.14:8006</a></td>
                    <td><a target="_blank" href=https://aaa.com:8014>https://aaa.com:8014</a></td>
                </tr>	
                <tr>
                    <td>Debian服务器</td>
                    <td><a target="_blank" href=http://192.168.0.3>http://192.168.0.3</a></td>
                    <td><a target="_blank" href=http://aaa.com:8083>http://aaa.com:8083</a></td>
                </tr>
                <tr>
                    <td>群晖WEB页面</td>
                    <td><a target="_blank" href=http://192.168.0.7>http://192.168.0.7</a></td>
                    <td><a target="_blank" href=https://aaa.com:5006>https://aaa.com:5006</a></td>
                </tr>
                <tr>
                    <td>Docker管理页-Portainer</td>
                    <td><a target="_blank" href=http://192.168.0.3:9000>http://192.168.0.3:9000</a></td>
                    <td><a target="_blank" href=http://aaa.com:9000>http://aaa.com:9000</a></td>
                </tr>
                <tr>
                    <td>Docker管理页-Portainer-https</td>
                    <td><a target="_blank" href=https://192.168.0.3:9443>https://192.168.0.3:9443</a></td>
                    <td><a target="_blank" href=https://aaa.com:9443>https://aaa.com:9443</a></td>
                </tr>
                <tr>
                    <td>Debian服务器-qBittorren</td>
                    <td><a target="_blank" href=https://192.168.0.3:8080>https://192.168.0.3:8080</a></td>
                    <td><a target="_blank" href=https://aaa.com:9080>https://aaa.com:9080</a></td>
                </tr>
                <tr>
                    <td>Debian服务器-qBittorren-ee</td>
                    <td><a target="_blank" href=https://192.168.0.3:9081>https://192.168.0.3:9081</a></td>
                    <td><a target="_blank" href=https://aaa.com:9081>https://aaa.com:9081</a></td>
                </tr>
                <tr>
                    <td>Debian服务器-aria2</td>
                    <td><a target="_blank" href=http://192.168.0.3/aria2>http://192.168.0.3/aria2</a></td>
                    <td><a target="_blank" href=http://aaa.com:8083/aria2/index.html>http://aaa.com:8083/aria2/index.html</a></td>
                </tr>
                <tr>
                    <td>Debian服务器-Jellyfin服务器</td>
                    <td><a target="_blank" href=http://192.168.0.3:8096>http://192.168.0.3:8096</a></td>
                    <td><a target="_blank" href=http://aaa.com:8096>http://aaa.com:8096</a></td>
                </tr>				
                <tr>
                    <td>Debian服务器-Docker_百度网盘</td>
                    <td><a target="_blank" href=http://192.168.0.3:5800>http://192.168.0.3:5800</a></td>
                    <td><a target="_blank" href=http://aaa.com:5800>http://aaa.com:5800</a></td>
                </tr>				
                <tr>
                    <td>Debian服务器-Docker_qBittorren</td>
                    <td><a target="_blank" href=https://192.168.0.3:8082>https://192.168.0.3:8082</a></td>
                    <td><a target="_blank" href=https://aaa.com:8082>https://aaa.com:8082</a></td>
                </tr>				
	
                <tr>
                    <td>Debian服务器-Docker_ResilioSync</td>
                    <td><a target="_blank" href=http://192.168.0.3:8888>http://192.168.0.3:8888</a></td>
                    <td><a target="_blank" href=http://aaa.com:8888>http://aaa.com:8888</a></a></td>
                </tr>	
                <tr>
                    <td>Debian服务器-Docker_Youtube下载器</td>
                    <td><a target="_blank" href=http://192.168.0.3:3022>http://192.168.0.3:3022</a></td>
                    <td><a target="_blank" href=http://aaa.com:3022>http://aaa.com:3022</a></td>
                </tr>	
                <tr>
                    <td>Debian服务器-Docker_Navidrome音乐</td>
                    <td><a target="_blank" href=http://192.168.0.3:4533>http://192.168.0.3:4533</a></td>
                    <td><a target="_blank" href=http://aaa.com:4533>http://aaa.com:4533</a></td>
                </tr>					
                <tr>
                    <td>群晖-ResilioSync</td>
                    <td><a target="_blank" href=http://192.168.0.7:28888>http://192.168.0.7:28888</a></td>
                    <td><a target="_blank" href=http://aaa.com:28888>http://aaa.com:28888</a></a></td>
                </tr>				
                <tr>
                    <td>群晖-qBittorren</td>
                    <td><a target="_blank" href=http://192.168.0.7:8080>http://192.168.0.7:8080</a></td>
                    <td><a target="_blank" href=http://aaa.com:8020>http://aaa.com:8020</a></td>
                </tr>
            </tbody>
        </table>
    </body>
</html>

如果需要增加,把tr那三行复制一份,放在/tbody上面即可。

发表评论

您的电子邮箱地址不会被公开。