1

I have a VPS of V2Ray, and V2Ray is configured as "WebSocket+TLS+Web".

(FRPS) VPS: At present, three software V2Ray, Nginx, and FRP are installed on VPS. VPS has the domain name provided by namesilo (assuming the domain name "www.my.com"), the domain name is bound to the CDN of Cloudflare, and the IP address of the VPS is pointed. The domain name applied for a certificate provided by Let's Encrypt in VPS. According to the current configuration, I can access the VPS local http://127.0.0.0.1:14500 port v2ray service through "https://www.my.com/yyyi".

(FRPC) PC: At present, there are three software V2Ray, nextCloud, and FRP installed on PC. FRPS needs to communicate with FRPC communication with PCs behind strict NAT to enable the WebDAV service provided by NextCloud and NEXTCloud to be accessed on the Internet through HTTPS. NextCloud listens to the "http: 127.0.0.0.1: 80" port locally, and FRPC's traffic should be forwarded to this local port. FRPC can communicate with VPS through V2Ray installed by PC as a temporary HTTPS substitute.

The configuration of the current Nginx on VPS is as follows:

```Nginx
server {
  listen 443 ssl;
  listen [::]:443 ssl;
  
  ssl_certificate       /etc/letsencrypt/live/www.my.com/fullchain.pem;
  ssl_certificate_key   /etc/letsencrypt/live/www.my.com/privkey.pem;
  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m;
  ssl_session_tickets off;
  
  ssl_protocols         TLSv1.2 TLSv1.3;
  ssl_ciphers           ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;
  
  server_name           www.my.com;
  
  location /yyyi {
    if ($http_upgrade != "websocket") {
        return 404;
    }
    proxy_redirect off;
    proxy_pass http://127.0.0.1:14500;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    # Show real IP in v2ray access.log
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

I noticed that FRP can install a certificate on the client (FRPC) to realize some kind of HTTPS communication. Does this mean VPS cannot know the clear content of traffic? If this is possible, I will like this model very much, this is what I want to do most.

But if the actual situation is not the case, then I can accept that VPS can observe the explicit text in FRP traffic. But I need to ensure that the communication between "PC", "VPS", and "requesting device" is completely protected by HTTPS, so that ISP cannot observe clear text.

I have tried a FRP configuration that allows NextCloud to be exposed to the Internet via HTTP, which shows that the system is successful, but I hope it can be safer. This is the configuration I have tried:

FRPS:

[common]
bind_port = 38400
privilege_allow_ports = 2000-3000,3001,3003,4000-5000
privilege_token = [pwd]
authentication_timeout = 500

vhost_http_port = 8080
vhost_https_port = 4433

dashboard_addr = [IP]
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = [pwd]

FRPC:

[common]
server_addr = [ip]
server_port = 38400
privilege_token  = [pwd]

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 80
remote_port = 4000
use_encryption = true
use_compression = true
http_proxy = http://127.0.0.1:10809 # V2Ray
Improve this question

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .