内网虚拟机安装frp后,需要手动启动,这里通过systemd设置frp随系统自动启动,期间对rc.local赋可执行权限,对frp目录
首先,确认在frp的目录中,带配置文件执行程序可以正常启动。
[root@localhost frp]# ./frpc -c frpc.ini
2022/10/28 07:24:37 [I] [service.go:357] [7a47c492f1fa317f] login to server success, get run id [7a47c492f1fa317f], server udp port [0]
2022/10/28 07:24:37 [I] [proxy_manager.go:142] [7a47c492f1fa317f] proxy added: [ssh201]
2022/10/28 07:24:37 [I] [control.go:177] [7a47c492f1fa317f] [ssh201] start proxy success
此时,可以在/lib/systemd/system下创建frpc.service单元文件。
[root@localhost system]# cd /lib/systemd/system
[root@localhost system]# vim frpc.service
frpc.service内容如下:
[Unit]
Description=Frp Client Service # 服务描述
[Service]
Type=simple # 不论进程是否启动成功,systemctl start 都执行成功
User=nobody
Restart=on-failure # on-failure 表示仅在服务进程异常退出时重启
RestartSec=5s # 设置在重启服务前暂停多长时间
ExecStart=/usr/local/frp/frpc -c /usr/local/frp/frpc.ini # 根据自己frp的路径调整
ExecReload=/usr/local/frp/frpc reload -c /usr/local/frp/frpc.ini # 这里也调整路径
LimitNOFILE=1048576 # 最大打开文件数
[Install]
WantedBy=multi-user.target配置时要删除井号及后面的注释↑
保存后重新载入配置文件,并启动frp。
[root@localhost system]# systemctl daemon-reload
[root@localhost system]# systemctl start frpc
[root@localhost system]# systemctl status frpc
● frpc.service - Frp Client Service
Loaded: loaded (/usr/lib/systemd/system/frpc.service; disabled>
Active: activating (auto-restart) (Result: exit-code) since Fr>
Process: 3085 ExecStart=/usr/local/frp/frpc -c /usr/local/frp/f>
Main PID: 3085 (code=exited, status=203/EXEC)
此时发现服务并没有成功启动,同时发现在reload时,虚拟机屏幕上打印了如下字样:
systemd-rc-local-generator[3043]: /etc/rc.d/rc.local is not marked executable, skipping.
随即给rc.local文件可执行权限,再重新载入systemd配置文件,不再打印,此时再执行启动命令。
[root@localhost system]# cd /etc/rc.d/
[root@localhost rc.d]# chmod +x rc.local
[root@localhost rc.d]# systemctl daemon-reload
[root@localhost rc.d]# systemctl start frpc
[root@localhost rc.d]# systemctl status frpc
● frpc.service - Frp Client Service
Loaded: loaded (/usr/lib/systemd/system/frpc.service; disabled>
Active: activating (auto-restart) (Result: exit-code) since Fr>
Process: 3275 ExecStart=/usr/local/frp/frpc -c /usr/local/frp/f>
Main PID: 3275 (code=exited, status=203/EXEC)
很奇怪,又没拉起来,只能去看系统日志了。
[root@localhost system]# tail -f /var/log/messages
......
Oct 28 07:54:57 localhost systemd[1]: /usr/lib/systemd/system/frpc.service:6: Special user nobody configured, this is not safe!
Oct 28 07:54:57 localhost systemd[1]: Started Frp Client Service.
Oct 28 07:54:57 localhost systemd[3587]: frpc.service: Failed to locate executable /usr/local/frp/frpc: Permission denied
Oct 28 07:54:57 localhost systemd[3587]: frpc.service: Failed at step EXEC spawning /usr/local/frp/frpc: Permission denied
Oct 28 07:54:57 localhost systemd[1]: frpc.service: Main process exited, code=exited, status=203/EXEC
Oct 28 07:54:57 localhost systemd[1]: frpc.service: Failed with result 'exit-code'.
报了一个执行失败,权限不足,百度了一下得知,是SELinux阻止程序访问文件,这里可以禁用SELinux,或者使用restorecon命令恢复SELinux文件属性即恢复文件的安全上下文。
1.禁用SELinux
[root@localhost system]# vim /etc/selinux/config
将SELINUX=enforcing 改为 SELINUX=disabled,保存后重启即可。
2.使用restorecon命令
root@localhost frp]# restorecon -rv /usr/local/frp/
Relabeled /usr/local/frp from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:usr_t:s0
......
Relabeled /usr/local/frp/nohup.out from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:usr_t:s0[root@localhost frp]# systemctl start frpc
[root@localhost frp]# systemctl status frpc
● frpc.service - Frp Client Service
Loaded: loaded (/usr/lib/systemd/system/frpc.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2022-10-28 08:13:13 CST; 1s ago
Main PID: 4041 (frpc)
Tasks: 4 (limit: 21420)
Memory: 6.7M
CGroup: /system.slice/frpc.service
└─4041 /usr/local/frp/frpc -c /usr/local/frp/frpc.ini
再用命令启动就正常了,可以继续用systemctl设置开机启动。
root@localhost ]# systemctl is-enabled frpc
disabled
[root@localhost ]# systemctl enable frpc
Created symlink /etc/systemd/system/multi-user.target.wants/frpc.service → /usr/lib/systemd/system/frpc.service.
[root@localhost ]# systemctl is-enabled frpc
enabled