1. 服务端安装 (VPS)
下载与部署
# 1. 创建目录并进入
mkdir -p /etc/frp && cd /etc/frp
# 2. 从 GitHub 下载最新版 (以 v0.54.0 为例,请根据实际更新版本号)
wget https://github.com/fatedier/frp/releases/download/v0.54.0/frp_0.54.0_linux_amd64.tar.gz
# 3. 解压并移动二进制文件
tar -zxvf frp_0.54.0_linux_amd64.tar.gz
cp frp_0.54.0_linux_amd64/frps /usr/local/bin/
# 4. 写入配置文件
cat > /etc/frp/frps.toml <<EOF
bindPort = 7000
auth.token = "你的强密码"
# 管理面板(可选,用于查看连接状态)
# webServer.addr = "0.0.0.0"
# webServer.port = 7500
# webServer.user = "admin"
# webServer.password = "admin_pwd"
EOF配置 Systemd 开机自启
cat > /etc/systemd/system/frps.service <<EOF
[Unit]
Description=frp server
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/frps -c /etc/frp/frps.toml
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now frps2. 客户端安装 (PVE 宿主机)
直接在 PVE 的 Shell 中执行(PVE 默认也是 Linux x86_64)。
下载与部署
# 1. 下载并安装二进制文件
mkdir -p /etc/frp && cd /tmp
wget https://github.com/fatedier/frp/releases/download/v0.54.0/frp_0.54.0_linux_amd64.tar.gz
tar -zxvf frp_0.54.0_linux_amd64.tar.gz
cp frp_0.54.0_linux_amd64/frpc /usr/local/bin/
# 2. 写入配置文件 (请修改 serverAddr 为你的 VPS IP)
cat > /etc/frp/frpc.toml <<EOF
serverAddr = "1.2.3.4" # 你的公网服务器 IP
serverPort = 7000
auth.token = "xxx"
[[proxies]]
name = "pve_https_proxy"
type = "https"
customDomains = ["pve.yourdomain.com"]
# 核心:对接 PVE 本地的 HTTPS 8006
[proxies.plugin]
type = "https2https"
localAddr = "127.0.0.1:8006"
EOF配置 Systemd 开机自启
cat > /etc/systemd/system/frpc.service <<EOF
[Unit]
Description=frp client
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/frpc -c /etc/frp/frpc.toml
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now frpc3. 配置nginx
写入 Nginx 配置内容
将以下内容粘贴进去
server {
listen 1024 ssl ;
server_name mypve.xingdp.site;
ssl_certificate /etc/letsencrypt/live/pve.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pve.yourdomain.com/privkey.pem;
location / {
# --- 基础头信息 ---
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# --- 核心转发配置 ---
proxy_pass https://127.0.0.1:18080;
proxy_ssl_verify off; # 必须:忽略 frp 的自签名证书
proxy_ssl_server_name on; # 必须:SNI 传递域名
proxy_ssl_name pve.yourdomain.com;
# --- WebSocket 支持 (PVE 控制台核心) ---
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host; # 确保与浏览器访问域名一致
# --- 性能与稳定性 ---
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
client_max_body_size 50G; # 支持大 ISO 上传
proxy_buffering off; # 降低 Webshell 延迟
# --- 针对 https2https 的小补丁 ---
proxy_redirect off; # 防止 PVE 的 302 跳转导致域名变成内网 IP
}
}certbot配置新增域名和证书
sudo certbot certonly --nginx -d pve.yourdomain.com