Intranet penetration frp configuration example

Others 2021-01-28 00:23:37 views: null

frp is a simple and easy to configure intranet penetration service, which can easily map intranet services to the public network, so that the public network can also easily access the intranet web, files, etc., provided that the port is set Not protected by firewalls.

1. Download

Download the corresponding version of frp on the server side and the intranet server that needs to be accessed. Download URL:

https://github.com/fatedier/frp/releases

Linux download command:
find the corresponding version, right-click to copy the download link address, and then run the command:

# wget 下载地址
wget https://github.com/fatedier/frp/releases/download/v0.33.0/frp_0.33.0_linux_amd64.tar.gz

If the report cannot find wget:

-bash: wget: command not found

Then you need to download and install in advance:

yum install wget
Example download:
[root@docker ~]# mkdir -p /usr/local/frp
[root@docker ~]# cd /usr/local/frp
[root@docker frp]# wget https://github.com/fatedier/frp/releases/download/v0.33.0/frp_0.33.0_linux_amd64.tar.gz
Unzip:
[root@docker frp]# tar -zxvf  frp_0.33.0_linux_amd64.tar.gz
frp_0.33.0_linux_amd64/
frp_0.33.0_linux_amd64/frpc_full.ini
frp_0.33.0_linux_amd64/LICENSE
frp_0.33.0_linux_amd64/frpc.ini
frp_0.33.0_linux_amd64/frps.ini
frp_0.33.0_linux_amd64/frpc
frp_0.33.0_linux_amd64/frps_full.ini
frp_0.33.0_linux_amd64/frps
[root@docker frp]# ls
frp_0.33.0_linux_amd64  frp_0.33.0_linux_amd64.tar.gz
[root@docker frp]# mv frp_0.33.0_linux_amd64 frp
[root@docker frp]# ls
frp  frp_0.33.0_linux_amd64.tar.gz
View the tree structure:
[root@docker frp]# tree frp
frp
├── frpc //客户端
├── frpc_full.ini
├── frpc.ini //客户端配置
├── frps //服务端
├── frps_full.ini
├── frps.ini //服务端配置
└── LICENSE

It is not difficult to understand that frpc stands for frp client, which is
similar to the configuration of the internal network customer service side , and frps stands for frp server, which is configured on the public network server

2. Public network server configuration

Configure the server on the public network host, that is, download frps, frps.ini in the file

frps.ini
[common]
#服务端口
bind_port = 7000
#监听地址
bind_addr = 0.0.0.0
#认证token
token = 123456

#http服务端口
vhost_http_port = 80 #一般可以直接设置80,那么就可以直接访问域名无需加端口
#https服务端口
vhost_https_port = 443  #一般可以直接设置443,那么就可以直接访问域名无需加端口

# 控制面板的端口、账号、密码
dashboard_port = 7500 
dashboard_user = root
dashboard_pwd = admin

[web-http]
listen_port=80 #监听内网端口


[web-http02]
listen_port=80 #监听内网端口

[web-https]
listen_port=443 #监听内网端口

3. Intranet client configuration

Configure the client on the intranet host, that is, download frpc, frpc.ini in the file

frpc.ini
[common]
server_addr = 112.113.114.115 #公网IP,自行设置成自己的服务端ip
server_port = 7000 #公网端口
token = 123456 #认证token,需要跟服务端的token保持一致

[ssh]
type = tcp
local_port = 22
local_ip = 127.0.0.1 # 本地局域网ip
# 在服务端注册端口 服务端将监听 7022 ssh [email protected] -p 7022 即可代理到本机 ssh 登录
remote_port = 7022
bandwidth_limit = 1MB #单位下载速度限制

[web-http]
# 远端服务器定义好了 http 服务的端口 这里不需要指定
# 只需要指定 custom/sub_domains 用来做路由即可 
# 如果只是代理一台 则指定服务端ip 使用ip访问即可
type = http
local_port = 8888 #本地http服务端口
remote_port = 80 # 这个不能缺少,否者无法打开
local_ip = 127.0.0.1#本地http服务地址
# 或者指定域名 可以使用其他域名继续绑定
custom_domains = frp1.test.com # 这里的域名是公网ip解析的域名

[web-http02]
type = http
local_port = 8082 #本地http服务端口
local_ip = 127.0.0.1# 本地http服务地址
remote_port = 80 # 这个不能缺少,否者无法打开
# 直接使用服务端的公网ip绑定(这样一个frps只能代理一个http客户端)
custom_domains = frp2.test.com # 这里的域名是公网ip解析的域名

[web-https]
type = https
remote_port = 443 #远程端口
local_ip = 127.0.0.1
local_port = 443 # 本地端口
custom_domains = frp2.test.com


plugin = https2http
plugin_local_addr = 127.0.0.1:80
plugin_crt_path = ./server.crt
plugin_key_path = ./server.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp

For specific configuration, please refer to the git document: https://github.com/fatedier/frp

Generally, https requires a certificate and is more troublesome, so in order to solve this problem, let’s talk about using cloudflare to implement https encryption

4. Start the service

Server
  • Server-side foreground start
[root@iZj6cfqhk4voeeejr9uygtZ frp]# ./frps -c ./frps.ini
2020/06/03 11:28:26 [I] [service.go:83] frps tcp listen on 0.0.0.0:7000
2020/06/03 11:28:26 [I] [service.go:108] http service listen on 0.0.0.0:6080
2020/06/03 11:28:26 [I] [main.go:112] Start frps success
2020/06/03 11:28:26 [I] [main.go:114] PrivilegeMode is enabled, you should pay more attention to security issues

The above prompt means that it has been opened successfully! ! However, in general, if you start multi-user debugging in the foreground, you should actually use the background start:

  • Server background start
nohup ./frps -c ./frps.ini &
Client
  • Client foreground start
[root@docker frp]# ./frpc -c ./frpc.ini
2020/06/03 02:40:51 [I] [service.go:282] [e0a53f67512c167b] login to server success, get run id [e0a53f67512c167b], server udp port [0]
2020/06/03 02:40:51 [I] [proxy_manager.go:144] [e0a53f67512c167b] proxy added: [web-01 ssh web]
2020/06/03 02:40:51 [I] [control.go:179] [e0a53f67512c167b] [web-01] start proxy success
2020/06/03 02:40:51 [I] [control.go:179] [e0a53f67512c167b] [ssh] start proxy success
2020/06/03 02:40:51 [I] [control.go:179] [e0a53f67512c167b] [web] start proxy success
  • Client background start:
nohup ./frpc -c ./frpc.ini &

5. Test visit

After the above configuration operation, open the browser to visit:

  • frp1.test.com can successfully access the intranet: ip:8888 web project
  • frp2.test.com can successfully access the web project of the intranet: ip:8082.
    This completes the configuration and opening of the intranet penetration! ! !

6. Pit encountered and matters needing attention

  • 1. The public network starts successfully, and the following error is reported when the internal network starts
[root@docker frp]# ./frpc -c ./frpc.ini
2020/06/02 23:34:39 [W] [service.go:101] login to server failed: dial tcp xx.xx.xx.xxx:7000: connect: connection timed out

This error is usually that the firewall does not open the port, or the public network server does not add the specified port to the security group!
Solution:
a) Firewall open ports

  • Firewall status:
systemctl status firewalld.service
  • Turn on the firewall:
systemctl start firewalld.service
  • Turn off firewall
systemctl stop firewalld.service
  • View open ports:
firewall-cmd --permanent --zone=public --list-ports
  • Set up open ports
firewall-cmd --zone=public --add-port=7000/tcp --permanent
  • Restart firewall
firewall-cmd --reload

b) Cloud server open port
reference: https://blog.csdn.net/wsjzzcbq/article/details/88896214

  • 2. The frp versions of the client and server are inconsistent
    a) The client prompts:
2020/06/02 23:57:28 [W] [service.go:101] login to server failed: EOF
EOF

b) Server prompt:

2020/06/03 11:50:45 [W] [service.go:214] Accept new mux stream error: broken pipe
  • 3. If it is started in the background at the beginning, modify the configuration and then start to report that frp already exists, then you need to check the frp process
ps -aux|grep frp| grep -v grep

Just kill the process and restart the frp service! ! !

The frp server runs in the background and starts automatically after booting

One, frpc configuration systemctl start

1. Create a systemctl configuration file:
vi /lib/systemd/system/frpc.service
2. Fill in the configuration file with the following configuration information:
[Unit]
Description=frpc service
After=network.target syslog.target
Wants=network.target

[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
#启动服务的命令(此处写你的frpc的实际安装目录)
ExecStart=/usr/local/frp/frp/frpc -c /usr/local/frp/frp/frpc.ini
ExecReload=/usr/local/frp/frp/frpc reload -c /usr/local/frp/frp/frpc.ini

[Install]
WantedBy=multi-user.target
3. Start frpc
# 启动frps
systemctl start frpc
# 打开开机自启动
systemctl enable frpc
# 关闭开机自启动
systemctl disable frpc
# 重启应用
systemctl restart frpc
# 停止应用
systemctl stop frpc
# 查看应用的日志
systemctl status frpc

Two, frps configuration systemctl start

The configuration similar to frpc is just configuring frps on the external network server! !

Three, systemctl commonly used methods

Start the service: systemctl start xxx.service
Close the service: systemctl stop xxx.service
Restart the service: systemctl restart xxx.service
Display the service status: systemctl status xxx.service
Enable the service at boot: systemctl enable xxx.service
Disable the service at boot :Systemctl disable xxx.service
Check whether the service is started: systemctl is-enabled xxx.service
Check the list of started services: systemctl list-unit-files|grep enabled
Check the list of failed services: systemctl --failed

Guess you like

Origin blog.csdn.net/Lin_Hv/article/details/106469084
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com