V2ray内网穿透来管理NAS的webmin

接上一篇,在NAS上安装好debian buster系统后,并且安装了管理软件webmin, 但NAS是放在公司里的,没有外网固定IP可用。所以只能用内网穿透来实现随时随地管理。
内网穿透有很多的软件,付费的,免费的,花生壳,frp, NPS,NATAPP,ngrok 等等,功能不相上下,只是速度快慢,安装是否快捷而已。因为我的VPS服务器上已经安装了v2ray用来上youtube. 所以也就不打算多装一款软件来折腾了。

首先安装SSL到本地localhost, 支持HTTPS访问,必须是安装好HTTPS后再开始设置内网穿透。

下载mkcert
apt install libnss3-tools
export VER="v1.3.0"
wget -O mkcert https://github.com/FiloSottile/mkcert/releases/download/${VER}/mkcert-${VER}-linux-amd64

注,最新版本查询地址:
https://github.com/FiloSottile/mkcert/releases

再安装
chmod +x mkcert
mv mkcert /usr/local/bin

默认安装在
/root/.local/share/mkcert
更改安装
export CAROOT="$HOME/local_certificates"

显示安装目录:mkcert -CAROOT

再执行
mkcert -install

安装证书
mkcert localhost.dev localhost
The certificate is at "./localhost.dev+1.pem" and the key at "./localhost.dev+1-key.pem"

更改已有证书路径
mkcert -cert-file /usr/local/nginx/ssl/rootCA.pem -key-file /usr/local/nginx/ssl/rootCA-key.pem localhost

使用二级域名代替端口访问

因为用IP:端口形式访问内网穿透,不太方便;通过Nginx二级域名指向不同端口,将https://ip:10000,变成二级域名的样式https://二级域名.colinqi.com,
再结合NAS的V2RAY内网穿透代码,以下代码追加到服务器VPS的vhost目录下conf内:www.顶级域名.com.conf

server  {
        listen 80;
        listen [::]:80;
        
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name  二级域名.colinqi.com;

        ssl_certificate /usr/local/ssl/colinqi.com/fullchain.cer;
        ssl_certificate_key /usr/local/ssl/colinqi.com/colinqi.com.key;
        if ($ssl_protocol = "") { return 301 https://$server_name$request_uri; }
        
        ssl_session_timeout 1d;
        ssl_session_tickets off;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5";                
        ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_dhparam /usr/local/ssl/dh4096.pem;

        location / {
        proxy_pass https://127.0.0.1:10000;
        proxy_connect_timeout 300s;
        proxy_send_timeout 900;
        proxy_read_timeout 900;
        proxy_buffer_size 32k;
        proxy_buffers 4 64k;
        proxy_busy_buffers_size 128k;
        proxy_redirect off;
        proxy_hide_header Vary;
        proxy_set_header Accept-Encoding '';
        proxy_set_header Referer $http_referer;
        proxy_set_header Cookie $http_cookie;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;     
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root  html;
        }
}

在NAS端安装V2RAY,修改配置文件/etc/v2ray/config.json, 配置如下:

{  
  "reverse":{ 
    "bridges":[  
      {  
        "tag":"bridge", 
        "domain":"二级域名.colinqi.com"
      }
    ]
  },
  "outbounds":[
    {  
      "tag":"tunnel",
      "protocol":"vmess",
      "settings":{  
        "vnext":[  
          {  
            "address":"二级域名.colinqi.com",
            "port":28889,
            "users":[  
              {  
                "id":"0ebaa704-8888-8888-8888-08ae22443bb5",
                "alterId":64
              }
            ]
          }
        ]
      }
    },
    {  
      "protocol":"freedom",
      "settings":{  
	"redirect": "127.0.0.1:10000" #NAS端webmin用
      },
      "tag":"out"
    }
  ],
  "routing":{  
    "rules":[  
      {  
        "type":"field",
        "inboundTag":[  
          "bridge"
        ],
        "domain":[  
          "full:二级域名.colinqi.com"
        ],
        "outboundTag":"tunnel"
      },
      {  
        "type":"field",
        "inboundTag":[  
          "bridge"
        ],
        "outboundTag":"out"
      }
    ]    
  }
}

在服务器VPS端配置json文件。

因为已经有了config.json,而且我还不会配置复杂的代码,无法把内网穿透和上网功能汇在一起,所以只有另开一个service, 就叫nas.service; 而新加的配置文件也就叫nas.json.

{  
  "reverse":{
    "portals":[  
      {  
        "tag":"portal",
        "domain":"二级域名.colinqi.com"
      }
    ]
  },
  "inbounds":[
    {  
      "tag":"external",
      "port":10000, #VPS监听端口
      "protocol":"dokodemo-door",
        "settings":{  
          "address":"127.0.0.1",
          "port":10000,  #NAS端webmin端口
          "network":"tcp,udp"
        }
    },
    {  
      "tag": "tunnel",
      "port":28888,
      "protocol":"vmess",
      "settings":{  
        "clients":[  
          {  
            "id":"0ebaa704-8888-8888-8888-08ae22443bb5",
            "alterId":64
          }
        ]
      }
    }
  ],
  "routing":{   
    "rules":[  
      {
        "type":"field",
        "inboundTag":[  
          "external"
        ],
        "outboundTag":"portal"
      },
      {
        "type":"field",
        "inboundTag":[  
          "tunnel"
        ],
        "domain":[  
          "full:二级域名.colinqi.com"
        ],
        "outboundTag":"portal"
      }
    ]
  }
}

新加的nas.service服务内容如下

[Unit]
Description=V2Ray NAS Service
After=network.target
Wants=network.target

[Service]
# This service runs as root. You may consider to run it as another user for security concerns.
# By uncommenting the following two lines, this service will run as user v2ray/v2ray.
# More discussion at https://github.com/v2ray/v2ray-core/issues/1011
# User=v2ray
# Group=v2ray
Type=simple
PIDFile=/run/nas.pid
ExecStart=/usr/bin/v2ray/v2ray -config /etc/v2ray/nas.json
Restart=on-failure
# Don't restart in the case of configuration error
RestartPreventExitStatus=23
StartLimitInterval=30

[Install]
WantedBy=multi-user.target

上述进行使用以下代码控制启动

命令启动:systemctl start nas
开机启动:systemctl enable nas
查看状态:systemctl status nas
重新启动:systemctl restart nas

journalctl -xe -u nas 检查启动内容
systemctl daemon-reload 重新加载

到此配置完成,先启动VPS的nas.service, 再启动NAS端的v2ray.

« 折腾更新NAS系统为Debian buster 项目执行力度乱入 »

Say Something!

Leave a Reply