来来回回折腾了好多遍,终于找到一个合适的。先说一下自己的需求,用的电信宽带,趁着疫情找电信要到了公网IP,很快就给开了。封了80,443还在。阿里DDNS解析,每次访问家里的路由器或者N1都要加端口,麻烦,有时候还总搞错。于是就想着通过二级域名+ssl来访问,这样就不用端口了。
1. K2P选择固件刷机
在恩山找了很多,很多都是接近15.35M(刷完不死breed就剩这么多了吧),试了很多都没空间装nginx,当然也有7-10M之间的,但是安装nginx的时候都提示没有缺少组件libstdcpp(应该是编译的时候没加进去),期间都想着 弄台虚拟机自己去编译了,但是还是耐着性子找了很多,终于找到一个有空间的,试了一下,可以安装nginx,忍不住的高兴。
- 为什么nginx?
1、首先uhttpd运行缓慢
2、也有用lighttpd代替的,速度还可以但是他的反向代理只支持IP不支持域名
1.1 固件介绍,恩山论坛
- K2P最新固件R20.4.8
- 内存布局:斐讯
- A1\A2可以刷,B版的就不用看了
- 默认用户名:root 密码:admin
- 应用:
- ipv6
- 去广告
- 网易云解锁
- 动态DNS
- upnp
- passwal
1.2 固件下载,自己存到蓝凑云了。
2. nginx设置
2.1 拨号联网,修改lan口地址:192.168.2.1
2.2 修改软件包中软件源信息,目前是这个
src/gz openwrt_core https://openwrt.proxy.ustclug.org/snapshots/targets/ramips/mt7621/packages
src/gz openwrt_base https://openwrt.proxy.ustclug.org/snapshots/packages/mipsel_24kc/base
src/gz openwrt_luci https://openwrt.proxy.ustclug.org/snapshots/packages/mipsel_24kc/luci
src/gz openwrt_packages https://openwrt.proxy.ustclug.org/snapshots/packages/mipsel_24kc/packages
src/gz openwrt_routing https://openwrt.proxy.ustclug.org/snapshots/packages/mipsel_24kc/routing
src/gz openwrt_telephony https://openwrt.proxy.ustclug.org/snapshots/packages/mipsel_24kc/telephony
2.3 更新软件列表:opkg -update
2.4 安装必要的依赖。注:后2个应该安装不了
opkg install libpcre nginx spawn-fcgi fcgi fcgiwrap
2.5 在路由器的系统 -- 软件包 页面安装:
nginx
nginx-ssl
nginx-mod-luci
# 安装完上面3个,底下2个会自动安装,要是没有就手动装
nginx-util
nginx-ssl-util
- ps:安装完
nginx-mod-luci页面会跳转,重新进去就行
2.6 禁用uhttpd--防止安装nginx后自动运行出现端口冲突
/etc/init.d/uhttpd stop
/etc/init.d/uhttpd disable
# 移除uhttpd
opkg remove uhttpd
2.7 启动nginx
/etc/init.d/nginx enable
/etc/init.d/nginx start
2.8 nginx配置
- 目前我使用正常,nginx.conf配置如下:
# Please consider creating files in /etc/nginx/conf.d/ instead of editing this. # For details see https://openwrt.org/docs/guide-user/services/webserver/nginx user root; events {} http { access_log off; log_format openwrt '$request_method $scheme://$host$request_uri => $status' ' (${body_bytes_sent}B in ${request_time}s) <- $http_referer'; include mime.types; default_type application/octet-stream; sendfile on; client_max_body_size 128M; large_client_header_buffers 2 1k; gzip on; gzip_vary on; gzip_proxied any; root /www; server { listen 127.0.0.1:80 default_server; listen 192.168.2.1:80 default_server; server_name k2p; charset UTF-8; autoindex on; location /cgi-bin/luci { index index.html; include uwsgi_params; uwsgi_param SERVER_ADDR $server_addr; uwsgi_modifier1 9; uwsgi_pass unix:////var/run/luci-webui.socket; } location ~ /cgi-bin/cgi-(backup|download|upload|exec) { include uwsgi_params; uwsgi_param SERVER_ADDR $server_addr; uwsgi_modifier1 9; uwsgi_pass unix:////var/run/luci-cgi_io.socket; } location /luci-static { } location /ubus { ubus_interpreter; ubus_socket_path /var/run/ubus.sock; ubus_parallel_req 2; } } include config/*.conf; }- ps: 原来的那个配置文件不要删,在那放着就行,因为启动nginx的时候里面写死了 需要
_lan这个服务,配置文件中不引入原来的,自己重新建文件夹
- ps: 原来的那个配置文件不要删,在那放着就行,因为启动nginx的时候里面写死了 需要
- 添加ssl配置
- 在阿里云申请证书以后,下载nginx格式的
- 我添加的k2p的https配置:
./config/k2p.conf,如下:server { listen 443 ssl; server_name k2p.**********.com; ssl_certificate ./ssl/k2p/**********.pem; ssl_certificate_key ./ssl/k2p/**********.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto https; proxy_redirect off; proxy_connect_timeout 240; proxy_send_timeout 240; proxy_read_timeout 240; proxy_pass http://192.168.2.1; } }
-
重启nginx,就能用https访问了
K2P.png
