首先先安装AdGuard Home服务器。
为什么先安装这个了,因为之后53端口会影响安装。安装完如打不开因为端口默认是给了ipv6,禁用ipv6参考:https://www.cnblogs.com/kaishirenshi/p/13496475.html
安装完AdGuard Home进不去页面说明:
#开放端口 firewall-cmd --zone=public --add-port=3000/tcp --permanent #添加端口外部访问权限 firewall-cmd --add-port=3000/tcp #重启防火墙 firewall-cmd --reload # 上面完成基本就可以,要是还进不去,执行 # 查询命令 netstat -tunlp # 显示类似下面这样tcp6后面是3000端口,说明给了ipv6了 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3075/sshd tcp6 0 0 :::3000 :::* LISTEN 3837/AdGuardHome 首先,关闭 ipv6 并且重启 httpd: sysctl net.ipv6.conf.all.disable_ipv6=1 systemctl restart httpd
补充关闭防火墙命令
# 关闭端口 firewall-cmd --zone=public --remove-port=3000/tcp --permanent # 重启防火墙 firewall-cmd --reload
安装完AdGuard Home,在执行netstat -tunlp,看到AdGuard Home开放的端口都在tcp6上,如果要转移到tcp上,修改AdGuardHome.yaml文件,把里面的
bind_host: 0.0.0.0转成bind_host: 127.0.0.1或bind_host: 服务器IP,修改完以后,重启AdGuardHome
# 重启 systemctl restart AdGuardHome.service # 启动 systemctl start AdGuardHome.service
-----------------------------------------------------------------------------
再安装Certbot配置证书,AdGuard Home里面https用8443端口
现在需要443和80端口共存
到/www/server/panel/vhost/nginx下面新建dns.yyun8.com.conf文件,输入以下内容,主要是域名,证书和端口
server {
listen 80;
server_name dns.yyun8.com;
location / {
proxy_pass http://127.0.0.1:3001;
proxy_redirect http://$host/ http://$http_host/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
listen 443 ssl http2;
server_name dns.yyun8.com;
ssl_certificate /etc/letsencrypt/live/dns.yyun8.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dns.yyun8.com/privkey.pem;
client_max_body_size 50m;
client_body_buffer_size 256k;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
location / {
proxy_pass https://127.0.0.1:8443;
proxy_redirect https://$host/ https://$http_host/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
proxy_set_header Host $host;
}
}注意上面的域名和证书位置,端口号,然后重启nginx就可以了,
之后可以http://dns.yyun8.com和https://dns.yyun8.com访问AdGuard Home了
DOH加密https://dns.yyun8.com:8443/dns-query也可以用443默认访问了如https://dns.yyun8.com/dns-query
参考:https://www.cnblogs.com/sanduzxcvbnm/p/14544367.html
另一个参考没有测试:https://apad.pro/?p=1107
上游服务器用文件引用,比如我放在了so.miyun1.com网站下面,修改AdGuardHome.yaml文件里面upstream_dns_file引用文件,用绝对路径
upstream_dns_file: /wwwroot/web/so.miyun1.com/88scripts/AGH-overseas.txt
上面文件里面定义了国外域名走哪个dns,还需要在里面添加上默认的dns,修改完以后重启AdGuard Home
# 重启 systemctl restart AdGuardHome.service
补充:让http站点重定向到别的首页
新建一个空站点,比如d.yyun8.com,然后到/www/server/panel/vhost/nginx下面修改dns.yyun8.com.conf文件
在server_name dns.yyun8.com;下面添加
index index.php index.html index.htm default.php default.htm default.html; root /wwwroot/web/d.yyun8.com;
proxy_pass http://127.0.0.1:3001;
proxy_redirect http://$host/ http://$http_host/;
上面两行保留或前面添加#注释掉都可以,然后在这两行下面添加下面代码,保留其中一个就可以了
proxy_redirect ~^http://127.0.0.1:3001(.*) http://d.yyun8.com$1; proxy_redirect http://127.0.0.1:3001/ http://d.yyun8.com/;
下面是完整的修改后的代码,上面参看,主要看下面
server {
listen 80;
server_name dns.yyun8.com;
index index.php index.html index.htm default.php default.htm default.html;
root /wwwroot/web/d.yyun8.com;
location / {
proxy_pass http://127.0.0.1:3001;
proxy_redirect http://$host/ http://$http_host/;
proxy_redirect ~^http://127.0.0.1:3001(.*) http://d.yyun8.com$1;
#proxy_redirect http://127.0.0.1:3001/ http://d.yyun8.com/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
listen 443 ssl http2;
server_name dns.yyun8.com;
ssl_certificate /etc/letsencrypt/live/dns.yyun8.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dns.yyun8.com/privkey.pem;
client_max_body_size 50m;
client_body_buffer_size 256k;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
location / {
proxy_pass https://127.0.0.1:8443;
proxy_redirect https://$host/ https://$http_host/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
proxy_set_header Host $host;
}
}上面修改完访问http://dns.yyun8.com会重定向到http://d.yyun8.com的内容,网址dns.yyun8.com,还是然后去修改http://d.yyun8.com里面的主页内容即可
补充:让https站点重定向到别的首页
在下面文件下面添加指定内容,参考:https://segmentfault.com/q/1010000017065655
listen 443 ssl http2;
server_name dns.yyun8.com;
index index.php index.html index.htm default.php default.htm default.html; root /wwwroot/web/d.yyun8.com;
注释掉之前的https端口重定向,然后下面添加
# 下面是重写https首页到http://d.yyun8.com
location / {
proxy_pass http://d.yyun8.com/;
}
# 下面是重写首页8443/dns-query的8443端口到443端口
location /dns-query {
proxy_pass https://127.0.0.1:8443/dns-query;
}完整代码
server {
listen 80;
server_name dns.yyun8.com;
# 下面两行是指定http哪个目录
index index.php index.html index.htm default.php default.htm default.html;
root /wwwroot/web/d.yyun8.com;
location / {
#proxy_pass http://127.0.0.1:3001;
#proxy_redirect http://$host/ http://$http_host/;
proxy_redirect ~^http://127.0.0.1:3001(.*) http://d.yyun8.com$1;
#proxy_redirect http://127.0.0.1:3001/ http://d.yyun8.com/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
listen 443 ssl http2;
server_name dns.yyun8.com;
# 下面两行是指定https哪个目录
index index.php index.html index.htm default.php default.htm default.html;
root /wwwroot/web/d.yyun8.com;
ssl_certificate /etc/letsencrypt/live/dns.yyun8.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dns.yyun8.com/privkey.pem;
client_max_body_size 50m;
client_body_buffer_size 256k;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
location / {
#proxy_pass https://127.0.0.1:8443;
#proxy_redirect https://$host/ https://$http_host/;
#proxy_redirect ~^https://127.0.0.1:8443(.*) http://d.yyun8.com$1;
#proxy_redirect ~^https://127.0.0.1:8443/dns-query(.*) https://dns.yyun8.com/dns-query$1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
proxy_set_header Host $host;
# 下面是重写https首页到http://d.yyun8.com
location / {
proxy_pass http://d.yyun8.com/;
}
# 下面是重写首页8443/dns-query的8443端口到443端口
location /dns-query {
proxy_pass https://127.0.0.1:8443/dns-query;
}
}
}但是管理面板就不能访问了
另一种方法,https首页不需要,后面加比如panel登陆,这个方法跳转登陆还会跑到https首页去,因为登陆了,只要再次打开后面带/panel就可以进去了
完整代码
server {
listen 80;
server_name dns.yyun8.com;
# 下面两行是指定http哪个目录
index index.php index.html index.htm default.php default.htm default.html;
root /wwwroot/web/d.yyun8.com;
location / {
#proxy_pass http://127.0.0.1:3001;
#proxy_redirect http://$host/ http://$http_host/;
proxy_redirect ~^http://127.0.0.1:3001(.*) http://d.yyun8.com$1;
#proxy_redirect http://127.0.0.1:3001/ http://d.yyun8.com/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
listen 443 ssl http2;
server_name dns.yyun8.com;
# 下面两行是指定https哪个目录
# index index.php index.html index.htm default.php default.htm default.html;
# root /wwwroot/web/d.yyun8.com;
ssl_certificate /etc/letsencrypt/live/dns.yyun8.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dns.yyun8.com/privkey.pem;
client_max_body_size 50m;
client_body_buffer_size 256k;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
location / {
#proxy_pass https://127.0.0.1:8443;
#proxy_redirect https://$host/ https://$http_host/;
#proxy_redirect ~^https://127.0.0.1:8443(.*) http://d.yyun8.com$1;
#proxy_redirect ~^https://127.0.0.1:8443/dns-query(.*) https://dns.yyun8.com/dns-query$1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
proxy_set_header Host $host;
# 下面是重写https首页到http://d.yyun8.com,注释掉,首页为空,用端口访问管理页面
#location / {
#proxy_pass http://d.yyun8.com/;
#}
# 下面是重写首页加密dns的DOH的8443/dns-query的8443端口到443端口
location /dns-query {
proxy_pass https://127.0.0.1:8443/dns-query;
}
location /panel {
proxy_pass https://127.0.0.1:8443/;
}
# 下面是指定登陆页面
location /login.html {
proxy_pass http://127.0.0.1:3001/login.html;
}
# 下面是指定登陆页面需要的其它文件
location /assets/ {
proxy_pass http://127.0.0.1:3001/assets/;
}
# 下面是指定登陆页面需要的其它文件
location /login {
proxy_pass http://127.0.0.1:3001/login;
}
location /main {
proxy_pass http://127.0.0.1:3001/main;
}
# 下面这个主要是登陆要用
location /control {
proxy_pass http://127.0.0.1:3001/control;
}
# 下面这个主要是登陆后跳转
location /#settings {
proxy_pass http://127.0.0.1:3001/#settings;
}
}
}补充:让http和https站点重定向到相同的首页
1,注意修改dns.yyun8.com.conf文件,不是d.yyun8.com.conf文件,去掉https里面的下面两行前面的注释
index index.php index.html index.htm default.php default.htm default.html;
root /wwwroot/web/d.yyun8.com;
2,去掉proxy_redirect ~^https://127.0.0.1:8443(.*) http://d.yyun8.com$1;前面的注释
3,还要注意:root /wwwroot/web/d.yyun8.com;类似这个的网站路径要区分大小写
然后用panel子文件夹来重定向访问控制面板。完整代码如下
server {
listen 80;
server_name dns.yyun8.com;
# 下面两行是指定http哪个目录
index index.php index.html index.htm default.php default.htm default.html;
root /wwwroot/web/d.yyun8.com;
location / {
#proxy_pass http://127.0.0.1:3001;
#proxy_redirect http://$host/ http://$http_host/;
proxy_redirect ~^http://127.0.0.1:3001(.*) http://d.yyun8.com$1;
#proxy_redirect http://127.0.0.1:3001/ http://d.yyun8.com/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
listen 443 ssl http2;
server_name dns.yyun8.com;
# 下面两行是指定https哪个目录
index index.php index.html index.htm default.php default.htm default.html;
root /wwwroot/web/d.yyun8.com;
ssl_certificate /etc/letsencrypt/live/dns.yyun8.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dns.yyun8.com/privkey.pem;
client_max_body_size 50m;
client_body_buffer_size 256k;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
location / {
#proxy_pass https://127.0.0.1:8443;
#proxy_redirect https://$host/ https://$http_host/;
proxy_redirect ~^https://127.0.0.1:8443(.*) http://d.yyun8.com$1;
#proxy_redirect ~^https://127.0.0.1:8443/dns-query(.*) https://dns.yyun8.com/dns-query$1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
proxy_set_header Host $host;
# 下面是重写https首页到http://d.yyun8.com,注释掉,首页为空,用端口访问管理页面
#location / {
#proxy_pass http://d.yyun8.com/;
#}
# 下面是重写首页加密dns的DOH的8443/dns-query的8443端口到443端口
location /dns-query {
proxy_pass https://127.0.0.1:8443/dns-query;
}
location /panel {
proxy_pass https://127.0.0.1:8443/;
}
# 下面是指定登陆页面
location /login.html {
proxy_pass http://127.0.0.1:3001/login.html;
}
# 下面是指定登陆页面需要的其它文件
location /assets/ {
proxy_pass http://127.0.0.1:3001/assets/;
}
# 下面是指定登陆页面需要的其它文件
location /login {
proxy_pass http://127.0.0.1:3001/login;
}
location /main {
proxy_pass http://127.0.0.1:3001/main;
}
# 下面这个主要是登陆要用
location /control {
proxy_pass http://127.0.0.1:3001/control;
}
# 下面这个主要是登陆后跳转
location /#settings {
proxy_pass http://127.0.0.1:3001/#settings;
}
}
}注意事项:网站路径大小写
最后重启Nginx
重启网络:systemctl restart network
