refactor(frps): 重构 frps 部署配置

- 移除 .env 文件，直接使用 frps.toml 配置 - 更新 README.md，调整文件结构和配置流程 - 修改 docker-compose.yml，移除不必要的配置 - 删除 init.sh 脚本，简化部署流程 - 更新 nginx 配置相关文件，统一证书文件命名
2025-05-10 22:57:10 +08:00
parent 7861b25c2b
commit dab7ae23d7
12 changed files with 32 additions and 163 deletions
--- a/docker/compose/frps/.env
+++ b/docker/compose/frps/.env
@@ -1,6 +0,0 @@
-AUTH_TOKEN=""
-CONTAINER_NAME="frps"
-PANEL_APP_PORT_HTTP=7500
-PANEL_APP_PORT_SERVICE=7000
-PASSWORD=""
-USER_NAME=""
--- a/docker/compose/frps/README.md
+++ b/docker/compose/frps/README.md
@@ -5,27 +5,27 @@
 1. 创建一些文件夹

    ```bash
-    mkdir -p /opt/docker/frps && mkdir -p /opt/docker/frps/data && cd /opt/docker/frps
+    mkdir -p /opt/docker/frps/data/ssl && cd /opt/docker/frps
    ```

-2. 下载 `.env` 文件
-
-    ```bash
-    curl -fsSL https://git.sugarscat.cn/me/script/-/raw/main/docker/compose/frps/.env > .env
-    ```
-
-3. 下载 docker-compose.yml
+2. 下载 docker-compose.yml

    ```bash
    curl -fsSL https://git.sugarscat.cn/me/script/-/raw/main/docker/compose/frps/docker-compose.yml > docker-compose.yml
    ```

+3. 下载配置
+
+    ```bash
+    curl -fsSL https://git.sugarscat.cn/me/script/-/raw/main/docker/compose/frps/frps.toml > data/frps.toml
+    ```
+
 ## docker-compose 部署

 1. 修改配置

    ```bash
-    vim .env
+    vim data/frps.toml
    ```

 2. 启动
--- a/docker/compose/frps/docker-compose.yml
+++ b/docker/compose/frps/docker-compose.yml
@@ -1,14 +1,7 @@
 services:
  frps:
-    container_name: ${CONTAINER_NAME}
-    deploy:
-      resources:
-        limits:
-          cpus: '1'
-          memory: "1G"
+    container_name: frps
    image: snowdreamtech/frps:0.61.2
-    labels:
-      createdBy: Apps
    network_mode: host
    restart: always
    volumes:
--- a/docker/compose/frps/frps.toml
+++ b/docker/compose/frps/frps.toml
@@ -0,0 +1,16 @@
+bindAddr = "0.0.0.0"
+bindPort = 7000
+
+auth.method = "token"
+auth.token = ""
+
+webServer.addr = "0.0.0.0"
+webServer.port = 7500
+webServer.user = "admin"
+webServer.password = ""
+
+# tls
+#transport.tls.force = true
+#transport.tls.certFile = "/etc/frp/ssl/server.crt"
+#transport.tls.keyFile = "/etc/frp/ssl/server.key"
+#transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt"
--- a/docker/compose/frps/install.sh
+++ b/docker/compose/frps/install.sh
--- a/docker/compose/frps/scripts/init.sh
+++ b/docker/compose/frps/scripts/init.sh
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-source ./.env
-
-sed -i "s/bindPort = .*$/bindPort = ${PANEL_APP_PORT_SERVICE}/" ./data/frps.toml
-sed -i "s/auth\.token = \".*\"/auth.token = \"${AUTH_TOKEN}\"/" ./data/frps.toml
-sed -i "s/webServer\.port = .*$/webServer.port = ${PANEL_APP_PORT_HTTP}/" ./data/frps.toml
-sed -i "s/webServer\.user = \".*\"/webServer.user = \"${USER_NAME}\"/" ./data/frps.toml
-sed -i "s/webServer\.password = \".*\"/webServer.password = \"${PASSWORD}\"/" ./data/frps.toml
--- a/nginx/default/README.md
+++ b/nginx/default/README.md
@@ -1,29 +0,0 @@
-# default
-
-## Nginx 配置
-
-> 该配置需要在 `/etc/nginx/ssl/` 目录下创建 `fullchain.pem` 和 `privkey.pem` 证书文件。
-
-下载配置
-
-```bash
-curl -fsSL https://git.sugarscat.cn/me/script/-/raw/main/nginx/default/nginx.conf > /etc/nginx/sites-available/default
-```
-
-启用配置
-
-```bash
-ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/
-```
-
-测试配置
-
-```bash
-nginx -t
-```
-
-重启 nginx
-
-```bash
-systemctl restart nginx
-```
--- a/nginx/default/nginx.conf
+++ b/nginx/default/nginx.conf
@@ -1,96 +0,0 @@
-##
-# You should look at the following URL's in order to grasp a solid understanding
-# of Nginx configuration files in order to fully unleash the power of Nginx.
-# https://www.nginx.com/resources/wiki/start/
-# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
-# https://wiki.debian.org/Nginx/DirectoryStructure
-#
-# In most cases, administrators will remove this file from sites-enabled/ and
-# leave it as reference inside of sites-available where it will continue to be
-# updated by the nginx packaging team.
-#
-# This file will automatically load configuration files provided by other
-# applications, such as Drupal or Wordpress. These applications will be made
-# available underneath a path with that package name, such as /drupal8.
-#
-# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
-##
-
-# Default server configuration
-#
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-
-    # SSL configuration
-    #
-    listen 443 ssl default_server;
-    listen [::]:443 ssl default_server;
-
-    # ssl 设置
-    ssl_certificate /etc/nginx/ssl/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
-
-    #
-    # Note: You should disable gzip for SSL traffic.
-    # See: https://bugs.debian.org/773332
-    #
-    # Read up on ssl_ciphers to ensure a secure configuration.
-    # See: https://bugs.debian.org/765782
-    #
-    # Self signed certs generated by the ssl-cert package
-    # Don't use them in a production server!
-    #
-    # include snippets/snakeoil.conf;
-
-    root /var/www/html;
-
-    # Add index.php to the list if you are using PHP
-    index index.html index.htm index.nginx-debian.html;
-
-    server_name _;
-
-    location / {
-        # First attempt to serve request as file, then
-        # as directory, then fall back to displaying a 404.
-        return 403;
-    }
-
-    # pass PHP scripts to FastCGI server
-    #
-    #location ~ \.php$ {
-    #	include snippets/fastcgi-php.conf;
-    #
-    #	# With php-fpm (or other unix sockets):
-    #	fastcgi_pass unix:/run/php/php7.4-fpm.sock;
-    #	# With php-cgi (or other tcp sockets):
-    #	fastcgi_pass 127.0.0.1:9000;
-    #}
-
-    # deny access to .htaccess files, if Apache's document root
-    # concurs with nginx's one
-    #
-    #location ~ /\.ht {
-    #	deny all;
-    #}
-}
-
-
-# Virtual Host configuration for example.com
-#
-# You can move that to a different file under sites-available/ and symlink that
-# to sites-enabled/ to enable it.
-#
-#server {
-#	listen 80;
-#	listen [::]:80;
-#
-#	server_name example.com;
-#
-#	root /var/www/example.com;
-#	index index.html;
-#
-#	location / {
-#		try_files $uri $uri/ =404;
-#	}
-#}
--- a/nginx/git.sugarscat.cn/README.md
+++ b/nginx/git.sugarscat.cn/README.md
@@ -2,7 +2,7 @@

 ## Nginx 配置

-> 该配置需要在 `/etc/nginx/ssl/` 目录下创建 `fullchain.pem` 和 `privkey.pem` 证书文件。
+> 该配置需要在 `/etc/nginx/ssl/` 目录下创建 `fullchain.crt` 和 `privkey.key` 证书文件。

 下载配置

--- a/nginx/git.sugarscat.cn/nginx.conf
+++ b/nginx/git.sugarscat.cn/nginx.conf
@@ -20,8 +20,8 @@ server {
        return 301 https://$host$request_uri;
    }
    # ssl 设置
-    ssl_certificate /etc/nginx/ssl/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+    ssl_certificate /etc/nginx/ssl/fullchain.crt;
+    ssl_certificate_key /etc/nginx/ssl/privkey.key;

    ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
--- a/nginx/note.sugarscat.cn/README.md
+++ b/nginx/note.sugarscat.cn/README.md
@@ -30,7 +30,7 @@ crontab -l

 ## Nginx 配置

-> 该配置需要在 `/etc/nginx/ssl/` 目录下创建 `fullchain.pem` 和 `privkey.pem` 证书文件。
+> 该配置需要在 `/etc/nginx/ssl/` 目录下创建 `fullchain.crt` 和 `privkey.key` 证书文件。

 下载配置

--- a/nginx/note.sugarscat.cn/nginx.conf
+++ b/nginx/note.sugarscat.cn/nginx.conf
@@ -9,8 +9,8 @@ server {
    }

    # ssl 设置
-    ssl_certificate /etc/nginx/ssl/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+    ssl_certificate /etc/nginx/ssl/fullchain.crt;
+    ssl_certificate_key /etc/nginx/ssl/privkey.key;

    ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;