1. 背景

我已经申请了三级域名并备案成功，我自己在内网搭建了多个开源网站的服务，通过frp反向代理到公网中，这里记录如何设置三级域名以及如何添加，准备工作：

1. 1台云服务器，我是腾讯云服务器。
2. 已备案的域名。
3. 内网1台设备，安装frp以及其他开源服务。我这里已ragflow为例。

2. 安装步骤

在内网中已经安装了ragflow的网站，并通过frpc映射到公网的5555端口，注意，5555端口并未对外开放，所以不需要在服务器中暴露。

2.1 腾讯云服务器配置

在云解析DNS中，选择要添加域名和前缀，我这里填写ragflow，域名是apostle9891.cn，那么保存后可以通过ragflow.apostle9891.cn进行访问。

2.2 nginx配置

登录云服务器，复制配置。

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/ragflow.apostle9891.cn  

修改配置，并强制注入备案信息：

# ragflow
server {

    listen 80;
    listen 443 ssl;
    server_name ragflow.apostle9891.cn;
    location / {
        proxy_pass http://127.0.0.1:5555;  # 将流量转发到内网服务的端口 5555
        ssl_certificate /etc/letsencrypt/live/ragflow.apostle9891.cn/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/ragflow.apostle9891.cn/privkey.pem; # managed by Certbot
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;    # 关键：支持 WebSocket 升级
        proxy_set_header Connection "upgrade";     # 关键：设置 Connection 头

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        # 关键配置：插入到版权信息 div 之后
        sub_filter '</div><!-- 版权信息 div 结束 -->' '</div> <div class="beian-footer" style="text-align: center; padding: 10px; color: #666; font-size: 12px"> 备案号：<a href="https://beian.miit.gov.cn/" target="_blank">京ICP备2022002381号-1</a> </div>';
        sub_filter_once on;

    location = /auth {
        proxy_pass http://127.0.0.1:5555;  # 将流量转发到内网服务的端口 5555
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;    # 关键：支持 WebSocket 升级
        proxy_set_header Connection "upgrade";     # 关键：设置 Connection 头

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Accept-Encoding "";  # 禁止压缩

        # 仅在登录页注入悬浮备案号
        sub_filter '</body>' ' <div id="beian-bubble" style=" position: fixed; left: 50%; bottom: 2rem; transform: translateX(-50%); padding: 10px 24px; border-radius: 25px; background: rgba(21, 94, 239, 0.9); box-shadow: 0 4px 12px rgba(0, 0, 0, 0.2); cursor: pointer; z-index: 2147483647; color: white; font-size: 14px; transition: 0.2s ease-in-out; white-space: nowrap; "> <a href="https://beian.miit.gov.cn/" target="_blank" style="color: white; text-decoration: none"> 京ICP备2022002381号-1 </a> </div> </body>';
        sub_filter_once on;
    }
    }
}

创建链接：

sudo ln -s /etc/nginx/sites-available/ragflow.apostle9891.cn /etc/nginx/sites-enabled/  

测试并配置：

sudo nginx -t
sudo systemctl restart nginx

2.3 设置ssl证书机器人

如何安装机器人可查看wordpress申请https证书
申请证书：

sudo certbot --nginx -d ragflow.apostle9891.cn

直接执行会报错，是因为会先验证nginx的服务，由于有 ssl_certificate配置文件，但是证书还没有生成，所以会报错，所以先要注释两个证书，然后选择1不修改配置文件。然后再把注释放开。

2.4 重新启动nginx

sudo systemctl restart nginx

重启有可能会报错，如果提示nginx端口被占用，如：

● nginx.service - nginx - high performance web server
     Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Sun 2025-03-16 01:16:22 CST; 4s ago
       Docs: https://nginx.org/en/docs/
    Process: 586980 ExecStartPre=/usr/share/nginx/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
    Process: 586990 ExecStart=/usr/share/nginx/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)

Mar 16 01:16:20 VM-16-2-ubuntu nginx[586990]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Mar 16 01:16:20 VM-16-2-ubuntu nginx[586990]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Mar 16 01:16:21 VM-16-2-ubuntu nginx[586990]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Mar 16 01:16:21 VM-16-2-ubuntu nginx[586990]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Mar 16 01:16:21 VM-16-2-ubuntu nginx[586990]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Mar 16 01:16:21 VM-16-2-ubuntu nginx[586990]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)

那么先停止nginx

sudo systemctl stop nginx

如果还是不行，那么查看对应的端口号，并kill

sudo lsof -t -i :80  
sudo lsof -t -i :443  
sudo kill -9 <PID>  

没有以后重启

sudo systemctl restart nginx

本文发布于2025年03月16日00:43，已经过了288天，若内容或图片失效，请留言反馈