工具项目地址 https://github.com/rapiz1/rathole ----------------------------------------------证书创建脚本 #!/bin/sh # 创建根证书(CA) openssl req -x509 \ -sha256 -days 356 \ -nodes \ -newkey rsa:2048 \ -subj "/CN=MyOwnCA/C=US/L=San Fransisco" \ -keyout rootCA.key -out rootCA.crt # 生成服务器私钥 openssl genrsa -out server.key 2048 # 删除多余的 "a" 和修正 "genrssrv" 为 "genrsa" # 创建 CSR 配置文件 cat > csr.conf <<EOF [ req ] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C = US ST = California L = San Fransisco O = Someone OU = Someone CN = localhost [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = localhost EOF # 生成 CSR openssl req -new -key server.key -out server.csr -config csr.conf # 创建证书扩展配置文件 cat > cert.conf <<EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = localhost EOF # 生成服务器证书(🔥 修复命令换行格式) openssl x509 -req \ -in server.csr \ -CA rootCA.crt -CAkey rootCA.key \ -CAcreateserial \ -out server.crt \ -days 365 \ -sha256 -extfile cert.conf # 生成 PKCS12 文件 openssl pkcs12 -export \ -out identity.pfx \ -inkey server.key \ -in server.crt \ -certfile rootCA.crt \ -passout pass:1234 \ -keypbe PBE-SHA1-3DES \ -certpbe PBE-SHA1-3DES # 清理临时文件 rm -f server.csr csr.conf cert.conf # 拉取镜像并运行 docker run -d \ --network host \ --name rathole-server \ -v $(pwd)/server.toml:/etc/rathole/server.toml \ rapiz1/rathole /etc/rathole/server.toml