Introduction The
full name of frp, Fast Reverse Proxy, is a high-performance reverse proxy application that can be used for intranet penetration. It is mainly used to solve the problem that some intranet services do not have public IP but need to provide external network access. Using frp can publish TCP, UDP, HTTP, HTTPS and other protocol services in the intranet to the public network, and support Web services for routing and forwarding according to domain names.
Advantages: small and convenient, easy to deploy
As of the completion of this article, the latest version of frp is v0.36.1, and this article uses the latest version.
Pre-preparation
-
One cloud server (or a machine with public network ip);
-
One intranet server;
-
Frp script file;
-
One domain name (optional);
-
Basic linux operation commands.
Download script deployment file
Download link: https://github.com/fatedier/frp/releases
Note:
1) The version downloaded from the server side and the internal network machine side must be the same, otherwise it may affect the internal network penetration.
2) Select the appropriate script according to the server system
The structure of Frp is very simple. It is divided into two executable programs, frps/frpc. Run frps on a VPS with a public network address, and then run frpc in the home network:
1. Check the result, if it is "X86_64", you can select "amd64",
2. Run the following commands, select the corresponding version and download
according to the different architectures. After SSH connect to the VPS, run the following commands to view the processor architecture, and download different versions of frp according to the architecture (the following two commands are acceptable)
arch
uname -m
3. Create a new directory mkdir -p /usr/local/ frp and upload frp_0.36.1_linux_amd64.tar.gz to this directory on the linux server
4. Unzip tar -zxvf frp_0.36.1_linux_amd64.tar.gz
5. Change the name cp -r frp_0.36.1_linux_amd64 frp
6. Enter the decompression directory cd frp_0.36.1_linux_amd64, here are mainly 4 files, frpc, frpc.ini and frps, frps.ini , the first two files (the end of s represents server) are the server program and the server respectively Configuration file, the last two files (c at the end stands for client) are the client program and the client configuration file.
The script is mainly divided into server and client files
1. The server uses Frps and Frps.ini
2. The client uses Frpc and Frpc.ini
1. External network server configuration
For example, if you want to proxy the ssh port 22 of the home server to the external network vps 202.115.8.1:221, then edit the frps.ini configuration file on the vps: vim frps.ini
[common]
bind_port = 7000
dashboard_port = 7500
token = 12345678
dashboard_user = admin
dashboard_pwd = admin
#该端口就是以后访问web服务需要用到的端口
vhost_http_port = 10080
vhost_https_port = 10443If it is not necessary, the port can use the default value, and the token, user and password items should be set by yourself.
- "Bind_port" indicates the port used for the connection between the client and the server. This port number will be used later when configuring the client.
- "Dashboard_port" is the port of the server dashboard. If you use port 7500, you can visit xxxx:7500 (where xxxx is the IP of the VPS) through a browser to view the operation information of the frp service after the configuration is completed and the service is started.
- "Token" is the password used for the connection between the client and the server. Please set and record it yourself. It will be used later.
- "Dashboard_user" and "dashboard_pwd" represent the user name and password for logging in to the dashboard page, which can be set by yourself.
- "Vhost_http_port" and "vhost_https_port" are used when reverse proxy HTTP host.
Personal configuration is as follows
Port self-configuration, start frps after modification
Note: Need to switch to the file directory
./frps -c frps.ini
If you see such a section of output on the screen, it means that the operation is normal. If there is an error message, please check the above steps.
At this time, visit xxxx:7500 and log in with the user name and password you set, you can see the dashboard interface
Server running in the background
So far, our server only runs in the foreground. If Ctrl+C stops or closes the SSH window, frps will stop running, so we use the nohup command to run it in the background.
Background startup: nohup ./frps -c ./frps.ini &
If you have this kind of error: When using the nohup command, you often cannot use nohup because the output path of nohup.out does not have write permission.
This is a method that can use Linux redirection to redirect nohup.out to a path with write permissions, or throw it directly into /dev/null.
nohup ./program >/dev/null 2>/dev/null & program is your project file
This tutorial directly executes the following statement
nohup ./frps </dev/null &>/dev/null &
Then execute the background start command above
This will start in the background
2. Intranet client configuration
Similarly, select the corresponding frp program to download according to the situation of the client device, and the steps of downloading and decompressing under Windows will not be described. (Only centos is introduced here)
[common]
#外网-服务器端ip
server_addr = xx.xx.xx.xx
#外网-服务器端监听的端口(必须与Frps.ini中的配置一致)
server_port = 7000 #与服务端bind_port一致
公网通过ssh访问内部服务器
[ssh]
type = tcp #连接协议
local_ip = 192.168.40.128 #内网服务器ip
local_port = 22 #ssh默认端口号
remote_port = 6000 #自定义的访问内部ssh端口号
[web]
#配置类型为http协议
type = http
#内网机器的IP
local_ip = 127.0.0.1
#内网需要监听的端口
local_port = 80
#公网服务器的IP或者已解析的域名 这里如果你填了域名 请千万记得解析
custom_domains = xxx.xxxx.xxxxIf the domain name filled in custom_domains in the code above is not resolved, the following situation will occur! ! !
So be sure to remember that the domain name must be resolved to the corresponding server
The following is my personal configuration:
Start command: ./frpc -c frpc.ini This is the foreground start
The client runs in the background
Background startup command: nohup ./frpc -c ./frpc.ini &
If there is still a problem, the following command is still executed on the local virtual machine.
nohup: ignoring input and appending output to 'nohup.out'
The server is started successfully in the background and sometimes the above things will appear, please check whether the penetration is successful! !
Reference URL: