1. 背景

我已经申请了三级域名并备案成功,我自己在内网搭建了多个开源网站的服务,通过frp反向代理到公网中,这里记录如何设置三级域名以及如何添加,准备工作:

  1. 1台云服务器,我是腾讯云服务器。
  2. 已备案的域名。
  3. 内网1台设备,安装frp以及其他开源服务。我这里已ragflow为例。

2. 安装步骤

在内网中已经安装了ragflow的网站,并通过frpc映射到公网的5555端口,注意,5555端口并未对外开放,所以不需要在服务器中暴露。

2.1 腾讯云服务器配置

在云解析DNS中,选择要添加域名和前缀,我这里填写ragflow,域名是apostle9891.cn,那么保存后可以通过ragflow.apostle9891.cn进行访问。

2.2 nginx配置

登录云服务器,复制配置。

1
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/ragflow.apostle9891.cn

修改配置,并强制注入备案信息:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# ragflow
server {

    listen 80;
    listen 443 ssl;
    server_name ragflow.apostle9891.cn;
    location / {
        proxy_pass http://127.0.0.1:5555;  # 将流量转发到内网服务的端口 5555
	    ssl_certificate /etc/letsencrypt/live/ragflow.apostle9891.cn/fullchain.pem; # managed by Certbot
	    ssl_certificate_key /etc/letsencrypt/live/ragflow.apostle9891.cn/privkey.pem; # managed by Certbot
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;    # 关键:支持 WebSocket 升级
        proxy_set_header Connection "upgrade";     # 关键:设置 Connection 头

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        # 关键配置:插入到版权信息 div 之后
        sub_filter '</div><!-- 版权信息 div 结束 -->' '</div> <div class="beian-footer" style="text-align: center; padding: 10px; color: #666; font-size: 12px"> 备案号:<a href="https://beian.miit.gov.cn/" target="_blank">京ICP备2022002381号-1</a> </div>';
        sub_filter_once on;

    location = /auth {
        proxy_pass http://127.0.0.1:5555;  # 将流量转发到内网服务的端口 5555
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;    # 关键:支持 WebSocket 升级
        proxy_set_header Connection "upgrade";     # 关键:设置 Connection 头

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Accept-Encoding "";  # 禁止压缩

        # 仅在登录页注入悬浮备案号
        sub_filter '</body>' ' <div id="beian-bubble" style=" position: fixed; left: 50%; bottom: 2rem; transform: translateX(-50%); padding: 10px 24px; border-radius: 25px; background: rgba(21, 94, 239, 0.9); box-shadow: 0 4px 12px rgba(0, 0, 0, 0.2); cursor: pointer; z-index: 2147483647; color: white; font-size: 14px; transition: 0.2s ease-in-out; white-space: nowrap; "> <a href="https://beian.miit.gov.cn/" target="_blank" style="color: white; text-decoration: none"> 京ICP备2022002381号-1 </a> </div> </body>';
        sub_filter_once on;
    }
    }
}

创建链接:

1
sudo ln -s /etc/nginx/sites-available/ragflow.apostle9891.cn /etc/nginx/sites-enabled/

测试并配置:

1
2
sudo nginx -t
sudo systemctl restart nginx

2.3 设置ssl证书机器人

如何安装机器人可查看wordpress申请https证书
申请证书:

1
sudo certbot --nginx -d ragflow.apostle9891.cn

直接执行会报错,是因为会先验证nginx的服务,由于有 ssl_certificate配置文件,但是证书还没有生成,所以会报错,所以先要注释两个证书,然后选择1不修改配置文件。然后再把注释放开。

2.4 重新启动nginx

1
sudo systemctl restart nginx

重启有可能会报错,如果提示nginx端口被占用,如:

1
2
3
4
5
6
7
8
9
10
11
12
13
● nginx.service - nginx - high performance web server
     Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Sun 2025-03-16 01:16:22 CST; 4s ago
       Docs: https://nginx.org/en/docs/
    Process: 586980 ExecStartPre=/usr/share/nginx/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
    Process: 586990 ExecStart=/usr/share/nginx/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)

Mar 16 01:16:20 VM-16-2-ubuntu nginx[586990]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Mar 16 01:16:20 VM-16-2-ubuntu nginx[586990]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Mar 16 01:16:21 VM-16-2-ubuntu nginx[586990]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Mar 16 01:16:21 VM-16-2-ubuntu nginx[586990]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Mar 16 01:16:21 VM-16-2-ubuntu nginx[586990]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Mar 16 01:16:21 VM-16-2-ubuntu nginx[586990]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)

那么先停止nginx

1
sudo systemctl stop nginx

如果还是不行,那么查看对应的端口号,并kill

1
2
3
sudo lsof -t -i :80  
sudo lsof -t -i :443  
sudo kill -9 <PID>

没有以后重启

1
sudo systemctl restart nginx