内网服务器经过openwrt端口转发后实现https加密
博主在家里的NAS上虚拟了一台debian,安装了web服务器,由于内网应用比较多,就做了一个内网导航页,这个导航页放在deiban里面,经过openwrt的端口可以任意访问,但是想加上ssl证书,折腾一番,成功,记录一下。
OpenWrt路由器:192.168.0.1,有公网IP,通过ddns连回家,有自己的域名。
debian服务器:192.168.0.3,安装了docker和web服务器,内网导航页index.html放在nginx默认目录下面。
上个内网导航页,自己手写的html,见笑。。。。。。
目的是要实现访问这个页面时,不管何时何地,走https加密,也就是说,在debian服务器里配置nginx的ssl证书,并且通过路由器转发端口后,仍然生效。
说干就干,其实很简单
server {
listen 443 ssl;
server_name 192.168.0.3;
access_log /var/log/nginx/localhost.access.log;
root /var/www/default;
index index.html index.htm index.php;
include /etc/nginx/fastcgi_php;
ssl_certificate /usr/local/etc/aaa.com.ssl/rui.crt;
ssl_certificate_key /usr/local/etc/aaa.com.ssl/rui.key;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets on;
}
server {
if ($host = 192.168.0.3) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name 192.168.0.3;
rewrite ^(.*) https://aaa.com:8084$1 permanent;
}
以上代码贴在debian的nginx配置里面,把aaa.com换成自己的域名,详细说明如下:
1,内网服务器debian的IP是192.168.0.3
2,在debian里配置好所有的ssl证书,域名那里写IP地址
3,在openwrt里做端口转发,外网8084,内网设置为192.168.0.3的443,也就是说,外面访问aaa.com:8084,openwrt会转发到192.168.0.3:443
4,第二个server里,设置如果访问的是80端口,就直接转发到目标地址,也就是最终的地址:https://aaa.com:8084
经过以上操作,在外网访问家里的地址,都是https加密的了。
下面就是内网导航的代码,复制后另存为index.html文件,放在web目录里即可。
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8"> <!--必须放在title标签及其它meta标签前-->
<title>内网导航页</title>
<!-- <link rel="stylesheet" type="text/css" href="../css/边框样式.css"/> -->
<style type="text/css">
table,th,td{
border: 1px solid #66A9FE;
}
th{
height:30px;
}
td{
width:350px;
height:40px;
}
table{
border-collapse: collapse; /*表格边框合并,去除边框间空隙*/
}
body {
text-align: center;
}
table {
margin: auto;
}
</style>
</head>
<body>
<table>
<h1 align="center">内网导航页</h1>
<thead>
<tr>
<th>设备名称</th>
<th>内网地址</th>
<th>外网地址</th>
</tr>
</thead>
<tbody>
<tr>
<td>OpenWRT路由器</td>
<td><a target="_blank" href=https://192.168.0.1>https://192.168.0.1</a></td>
<td><a target="_blank" href=https://aaa.com:8143>https://aaa.com:8143</a></td>
</tr>
<tr>
<td>ESXi服务器</td>
<td><a target="_blank" href=https://192.168.0.4>https://192.168.0.4</a></td>
<td><a target="_blank" href=https://aaa.com:8443>https://aaa.com:8443</a></td>
</tr>
<tr>
<td>PVE服务器</td>
<td><a target="_blank" href=https://192.168.0.14:8006>https://192.168.0.14:8006</a></td>
<td><a target="_blank" href=https://aaa.com:8014>https://aaa.com:8014</a></td>
</tr>
<tr>
<td>Debian服务器</td>
<td><a target="_blank" href=http://192.168.0.3>http://192.168.0.3</a></td>
<td><a target="_blank" href=http://aaa.com:8083>http://aaa.com:8083</a></td>
</tr>
<tr>
<td>群晖WEB页面</td>
<td><a target="_blank" href=http://192.168.0.7>http://192.168.0.7</a></td>
<td><a target="_blank" href=https://aaa.com:5006>https://aaa.com:5006</a></td>
</tr>
<tr>
<td>Docker管理页-Portainer</td>
<td><a target="_blank" href=http://192.168.0.3:9000>http://192.168.0.3:9000</a></td>
<td><a target="_blank" href=http://aaa.com:9000>http://aaa.com:9000</a></td>
</tr>
<tr>
<td>Docker管理页-Portainer-https</td>
<td><a target="_blank" href=https://192.168.0.3:9443>https://192.168.0.3:9443</a></td>
<td><a target="_blank" href=https://aaa.com:9443>https://aaa.com:9443</a></td>
</tr>
<tr>
<td>Debian服务器-qBittorren</td>
<td><a target="_blank" href=https://192.168.0.3:8080>https://192.168.0.3:8080</a></td>
<td><a target="_blank" href=https://aaa.com:9080>https://aaa.com:9080</a></td>
</tr>
<tr>
<td>Debian服务器-qBittorren-ee</td>
<td><a target="_blank" href=https://192.168.0.3:9081>https://192.168.0.3:9081</a></td>
<td><a target="_blank" href=https://aaa.com:9081>https://aaa.com:9081</a></td>
</tr>
<tr>
<td>Debian服务器-aria2</td>
<td><a target="_blank" href=http://192.168.0.3/aria2>http://192.168.0.3/aria2</a></td>
<td><a target="_blank" href=http://aaa.com:8083/aria2/index.html>http://aaa.com:8083/aria2/index.html</a></td>
</tr>
<tr>
<td>Debian服务器-Jellyfin服务器</td>
<td><a target="_blank" href=http://192.168.0.3:8096>http://192.168.0.3:8096</a></td>
<td><a target="_blank" href=http://aaa.com:8096>http://aaa.com:8096</a></td>
</tr>
<tr>
<td>Debian服务器-Docker_百度网盘</td>
<td><a target="_blank" href=http://192.168.0.3:5800>http://192.168.0.3:5800</a></td>
<td><a target="_blank" href=http://aaa.com:5800>http://aaa.com:5800</a></td>
</tr>
<tr>
<td>Debian服务器-Docker_qBittorren</td>
<td><a target="_blank" href=https://192.168.0.3:8082>https://192.168.0.3:8082</a></td>
<td><a target="_blank" href=https://aaa.com:8082>https://aaa.com:8082</a></td>
</tr>
<tr>
<td>Debian服务器-Docker_ResilioSync</td>
<td><a target="_blank" href=http://192.168.0.3:8888>http://192.168.0.3:8888</a></td>
<td><a target="_blank" href=http://aaa.com:8888>http://aaa.com:8888</a></a></td>
</tr>
<tr>
<td>Debian服务器-Docker_Youtube下载器</td>
<td><a target="_blank" href=http://192.168.0.3:3022>http://192.168.0.3:3022</a></td>
<td><a target="_blank" href=http://aaa.com:3022>http://aaa.com:3022</a></td>
</tr>
<tr>
<td>Debian服务器-Docker_Navidrome音乐</td>
<td><a target="_blank" href=http://192.168.0.3:4533>http://192.168.0.3:4533</a></td>
<td><a target="_blank" href=http://aaa.com:4533>http://aaa.com:4533</a></td>
</tr>
<tr>
<td>群晖-ResilioSync</td>
<td><a target="_blank" href=http://192.168.0.7:28888>http://192.168.0.7:28888</a></td>
<td><a target="_blank" href=http://aaa.com:28888>http://aaa.com:28888</a></a></td>
</tr>
<tr>
<td>群晖-qBittorren</td>
<td><a target="_blank" href=http://192.168.0.7:8080>http://192.168.0.7:8080</a></td>
<td><a target="_blank" href=http://aaa.com:8020>http://aaa.com:8020</a></td>
</tr>
</tbody>
</table>
</body>
</html>
如果需要增加,把tr那三行复制一份,放在/tbody上面即可。
