一:frp简介
frp 是什么?
frp 采用 Golang 编写,支持跨平台,仅需下载对应平台的二进制文件即可执行,没有额外依赖。
frp 是一个专注于内网穿透的高性能的反向代理应用,支持 TCP、UDP、HTTP、HTTPS 等多种协议。可以将内网服务以安全、便捷的方式通过具有公网 IP 节点的中转暴露到公网。
市面上一些主流的内网穿透工具有:Ngrok,Natapp,花生壳,Ssh、autossh,Frp,Lanproxy,Spike。
这里介绍使用frp工具。
二:安装frp
1:准备
一台公网服务器(配置无要求网络稳定就行),服务器端,如公网IP:123.32.12.32。
内网客户端(准备要穿透出去的设备),客户端,如内网IP:192.168.152.103。
2:下载解压安装包
gitlab地址:https://github.com/fatedier/frp,可以在 Release 页面中下载到最新版本的客户端和服务端二进制文件,所有文件被打包在一个压缩包中。
找到自己Linux合适的版本,下载,主流Linux版本基本上都是amd64。
#下载
wget https://github.com/fatedier/frp/releases/download/v0.44.0/frp_0.44.0_linux_amd64.tar.gz
#解压
tar -zxvf frp_0.44.0_linux_amd64.tar.gz
#进入目录
cd frp_0.44.0_linux_amd64/进入文件夹,有两个名称文件frpc(c结尾代表client)和frps(s结尾代表server),分别是服务端程序和服务端配置程序。
需要将frpc拷贝至客户端,即内网服务器,或者在客户端直接下载也可以,客户端只需要使用frpc文件即可。
root@ubuntu:~/frp_0.44.0_linux_amd64# ls
frpc frpc_full.ini frpc.ini frps frps_full.ini frps.ini LICENSE三:配置服务器端和客户端,及启动
1:配置服务器端
这里是为服务端配置frp 只关注frps和frps.ini即可,原始最简单配置为。
cat frps.ini[common]
#隧道通道,服务器和客户端通过此端口通讯
bind_port = 7000最简单也可以直接使用,先不配置其他测试使用先。
2:配置客户端
只关注frpc和frpc.ini即可,修改frpc.ini。
vim frpc.ini原始配置已经有ssh的端口配置,所以修改server_addr为服务器IP即可。
[common]
server_addr = 123.32.12.32
server_port = 7000
[ssh]
type = tcp
#本机IP
local_ip = 127.0.0.1
#本机需要映射的端口22
local_port = 22
#远程服务器映射的端口为60022
remote_port = 600223:分别启动服务器端和客户端
注:服务器,如有防火墙,请开启7000端口和有需要的端口。
服务器运行启动:
./frps -c frps.ini客户端运行启动:
./frpc -c frpc.ini可以看到提示,都已经启动成功
测试ssh连接,这里用第三方工具xshell测试。
连接IP 为公网IP地址,端口为60022端口。
连接登录,即可登录到内网的192.168.152.103机器。
最简单的ssh端口映射就完成了。
四:升级配置
原始配置简单,但是如果需要其他功能,可自行添加,如下:
1:服务器端配置
vim frps.ini修改如下
[common]
bind_port = 7000
#http服务端口
vhost_http_port = 8088
#https服务端口
vhost_https_port = 8443
# dashboard网页管理界面,以及设置账户密码(非必须,未配置则直接进入)
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin
#客户端需要设置一样的token值才能鉴权通过
token = 123456782:客户端配置
vim frpc.ini修改如下:
[common]
server_addr = 123.32.12.32
server_port = 7000
#token和服务器一致
token = 12345678
[ssh]
type = tcp
#本机IP
local_ip = 127.0.0.1
#本机需要映射的端口22
local_port = 22
#远程服务器映射的端口为60022
remote_port = 60022
[web]
type = http
#本地http服务端口,默认80,按需配置
local_port = 80
# 绑定域名,注:配置http,必须需要域名,否则报错。如没有,可采用普通的tcp模式映射。
custom_domains = xxx.xxx.xxx,vvv.vvv.vvv
[zabbix]
type = tcp
local_ip = 127.0.0.1
#本机需要映射的端口22
local_port = 10050
#远程服务器映射的端口为6000
remote_port = 110503:启动测试
分别启动客户端和服务器端
./frps -c frps.ini客户端运行启动:
./frpc -c frpc.ini浏览器打开web管理界面,http://123.32.12.32:7500/,输入账户密码,可查看端口映射相关情况。
同时访问:http://123.32.12.32:8088,即可访问跳转到到内网192.168.152.103机器的http服务。
其他更多参数参考中文文档:https://gofrp.org/docs/
4:后台启动
当然对于正式环境,可以配置后台启动,并报存日志输出到相关文件。
服务端:
nohup ./frps -c frps.ini > /var/log/frp.log 2>&1 &客户端:
nohup ./frpc -c frpc.ini > /var/log/frp.log 2>&1 &到此,frp服务器搭建完成。
停止
先找到这个进程
例如
ps -aux|grep frp| grep -v grep
root 3600 0.1 0.1 110188 9484 pts/0 Sl 15:04 0:00 ./frpc -c ./frpc.ini
kill -9 3600
如果需要自启动就吧启动命令写成sh脚本,让系统开机自动执行。如果不通首先排除端口问题,可以尝试更换端口,防火墙放行端口号。再不行就先重新启动服务器端系统,然后再重新启动客户端系统继续尝试。
新版的.toml配置文件示例
服务器端:
# 默认能连接到本服务器的ip地址,0.0.0.0表示任何ip都能连接。
bindAddr = "0.0.0.0"
# 本服务器各类协议的端口号。
bindPort = 7000
kcpBindPort = 7000
quicBindPort = 7002
# 使用quic协议连接的一些默认配置参数。
transport.quic.keepalivePeriod = 10
transport.quic.maxIdleTimeout = 30
transport.quic.maxIncomingStreams = 100000
# http服务端口。
vhostHTTPPort = 8080
# https服务端口。
vhostHTTPSPort = 8443
# dashboard网页管理界面,以及设置账户密码(非必须,未配置则直接进入)。
webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"
# 如果使用tcp流复用,默认为true,frpc必须与frps相同。
# 也就是tcp复用,建议关掉,不知道有啥用,但是如果是true打开状态会严重影响客户端上传服务器的速度。
# 虽然关掉会提高速度,但是会影响稳定性,可能会出现多次刷新等待才能链接到服务,或者出现断流的情况。
# 从frp的0.5.0版本以上开始解决了tcpMux导致的网速慢的问题,就是切换成quic协议连接就ok了。
transport.tcpMux = true
# 客户端需要设置一样的token值才能鉴权通过。
auth.method = "token"
auth.token = "123456"
# 允许客户端设置的最大连接池大小,如果客户端配置的值大于此值,会被强制修改为最大值,默认为 5,修改为50。
transport.maxPoolCount = 50客户端的:
# 服务器连接的协议IP以及端口,默认为tcp协议,可选tcp、kcp、quic、websocket 和 wss。
transport.protocol = "tcp"
serverAddr = "192.168.102.101"
serverPort = 7000
# 使用quic协议连接的一些默认配置参数,如果使用quic协议连接就去掉这些参数的注释。
# transport.quic.keepalivePeriod = 10
# transport.quic.maxIdleTimeout = 30
# transport.quic.maxIncomingStreams = 100000
#客户端需要设置一样的token值才能鉴权通过。
auth.method = "token"
auth.token = "123456"
#客户端 AdminServer 配置。
webServer.addr = "0.0.0.0"
webServer.port = 7400
webServer.user = "admin"
webServer.password = "admin"
# 如果使用tcp流复用,默认为true,frpc必须与frps相同。
# 也就是tcp复用,建议关掉,不知道有啥用,但是如果是true打开状态会严重影响客户端上传服务器的速度。
# 虽然关掉会提高速度,但是会影响稳定性,可能会出现多次刷新等待才能链接到服务,或者出现断流的情况。
# 从frp的0.5.0版本以上开始解决了tcpMux导致的网速慢的问题,就是切换成quic协议连接就ok了。
transport.tcpMux = true
#是否启用加密功能,启用后该代理和服务端之间的通信内容都会被加密传输,如果 frpc 启用了全局 TLS,则不需要再启用此参数。
#如果为 true,则该代理的流量将被加密,默认为 false。
transport.useEncryption = false
#是否启用压缩功能,启用后该代理和服务端之间的通信内容都会被压缩传输。
#如果为 true,流量将被压缩。
transport.useCompression = false
#下面就映射的代理,包括代理名称,协议,本地IP端口以及服务器转发端口。
#如果使用HTTP/HTTPS协议必须要有域名以及本地的HTTP/HTTPS端口号,访问的时候都是通过服务器的转发端口号访问。
#如果是其他协议(例如tcp、udp等等)就需要填写本地端口以及服务器转发端口。
[[proxies]]
name = "test-tcp"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 56000
[[proxies]]
name = "web-http"
type = "http"
localIP = "127.0.0.1"
localPort = 80
customDomains = ["www.aaa.com"]
[[proxies]]
name = "web2-https"
type = "https"
localIP = "127.0.0.1"
localPort = 443
customDomains = ["www.aaa.com"]
启动frp:
使用以下命令启动服务器:./frps -c ./frps.toml。
使用以下命令启动客户端:./frpc -c ./frpc.toml。安装为系统服务:
使用 systemd
此示例演示如何在 Linux 系统下使用 systemd 来管理 frps 服务,包括启动、停止、配置后台运行和设置开机自启动。
在 Linux 系统下,使用 systemd 可以方便地控制 frps 服务端的启动、停止、配置后台运行以及开机自启动。
以下是具体的操作步骤:
安装 systemd
如果您的 Linux 服务器上尚未安装 systemd,可以使用包管理器如 yum(适用于 CentOS/RHEL)或 apt(适用于 Debian/Ubuntu)来安装它:
# 使用 yum 安装 systemd(CentOS/RHEL)
yum install systemd
# 使用 apt 安装 systemd(Debian/Ubuntu)
apt install systemd
创建 frps.service 文件
使用文本编辑器 (如 vim) 在 /etc/systemd/system 目录下创建一个 frps.service 文件,用于配置 frps 服务。
$ sudo touch /etc/systemd/system/frps.service
$ sudo vim /etc/systemd/system/frps.service写入内容
[Unit]
# 服务名称,可自定义
Description = frp server
After = network.target syslog.target
Wants = network.target
[Service]
Type = simple
# 启动frps的命令,需修改为您的frps的安装路径
# 提前在/opt目录新建一个frp文件夹,将frp程序复制到此文件夹
# 如果是客户端就将frps改成frpc就行,其他可以保持不变
ExecStart = /opt/frp/frps -c /opt/frp/frps.toml
#部分RHEL8+系统还需要使用下面参数
Restart = always
RestartSec = 20
StartLimitInterval = 0
#Restart = always: 只要不是通过systemctl stop来停止服务,任何情况下都必须要重启服务,默认值为no
#RestartSec = 20: 重启间隔,比如某次异常后,等待5(s)再进行启动,默认值0.1(s)
#StartLimitInterval = 0: 无限次重启,默认是10秒内如果重启超过5次则不再重启,设置为0表示不限次数重启
#如果自动重启不成功可能还需要重新加载一下服务,在终端使用下面的命令
#systemctl daemon-reload
[Install]
WantedBy = multi-user.target使用 systemd 命令管理 frps 服务
# 启动frp
sudo systemctl start frps
# 停止frp
sudo systemctl stop frps
# 重启frp
sudo systemctl restart frps
# 查看frp状态
sudo systemctl status frps设置 frps 开机自启动
sudo systemctl enable frps通过遵循上述步骤,您可以轻松地使用 systemd 来管理 frps 服务,实现启动、停止、自动运行和开机自启动。确保替换路径和配置文件名称以匹配您的实际安装。
Excellent insights! Your breakdown of the topic is clear and concise. For further reading, check out this link: READ MORE. Let’s discuss!
hey there and thank you for your information – I’ve certainly picked up something new from right here.
I did however expertise a few technical issues using this
website, since I experienced to reload the website many times previous to I could get it to load correctly.
I had been wondering if your web host is OK? Not that I’m complaining,
but slow loading instances times will sometimes affect your placement in google and could damage your
high quality score if ads and marketing with Adwords. Anyway
I am adding this RSS to my email and can look out for much more of your respective exciting content.
Make sure you update this again soon.. Escape room lista
I like this web site very much, Its a rattling nice position to read and receive info..
wFBgcjPqa
oXhsWlNEqp
This is the perfect site for everyone who hopes to understand this topic. You know so much its almost tough to argue with you (not that I personally will need to…HaHa). You definitely put a new spin on a topic that has been written about for many years. Great stuff, just great.
There is certainly a lot to know about this topic. I like all of the points you’ve made.
Good web site you have here.. It’s hard to find good quality writing like yours these days. I seriously appreciate individuals like you! Take care!!
Hello! I could have sworn I’ve been to this site before but after browsing through some of the posts I realized it’s new to me. Nonetheless, I’m definitely happy I stumbled upon it and I’ll be book-marking it and checking back regularly.
Everything is very open with a precise description of the issues. It was really informative. Your website is extremely helpful. Thanks for sharing.
Everything is very open with a very clear clarification of the issues. It was really informative. Your website is very helpful. Thanks for sharing.
May I simply say what a relief to discover somebody that truly understands what they’re discussing on the internet. You definitely understand how to bring an issue to light and make it important. More and more people need to check this out and understand this side of the story. I can’t believe you are not more popular because you most certainly have the gift.
It’s difficult to find educated people about this subject, but you seem like you know what you’re talking about! Thanks
This is the right site for anybody who would like to find out about this topic. You know so much its almost hard to argue with you (not that I personally would want to…HaHa). You certainly put a brand new spin on a subject that’s been discussed for years. Great stuff, just excellent.
dWTHcqDkeVKX
QlDxkTZC
Howdy! This blog post could not be written much better! Reading through this article reminds me of my previous roommate! He constantly kept talking about this. I will forward this post to him. Pretty sure he’s going to have a good read. Thanks for sharing!
You need to be a part of a contest for one of the best websites on the web. I most certainly will highly recommend this site!
There’s certainly a great deal to find out about this subject. I like all the points you made.
I blog often and I really appreciate your information. This article has truly peaked my interest. I will take a note of your blog and keep checking for new information about once a week. I subscribed to your Feed too.
This website was… how do I say it? Relevant!! Finally I’ve found something which helped me. Cheers!
After exploring a few of the blog posts on your blog, I really appreciate your way of blogging. I book-marked it to my bookmark website list and will be checking back in the near future. Take a look at my website as well and let me know how you feel.