frp: open source intranet penetration tool

foreword

frp is a high-performance reverse proxy application focused on intranet penetration, supporting TCP, UDP, HTTP, HTTPS and other protocols. Intranet services can be exposed to the public network in a safe and convenient manner through the transit of nodes with public network IP.

Official website GitHub: https://github.com/fatedier/frp
Official website documentation: https://gofrp.org/docs/

download and install

Installation package: https://github.com/fatedier/frp/releases
Take Ubuntu as an example, execute the command to download:

wget https://github.com/fatedier/frp/releases/download/v0.44.0/frp_0.44.0_linux_amd64.tar.gz

Execute the command to decompress:

tar -zxvf frp_0.44.0_linux_amd64.tar.gz

Server (public network IP device): keep files frpsand frps.ini
client (LAN device): keep files frpcandfrpc.ini

Server configuration (frps.ini)

[common]
bind_port = 8888
token = this_is_your_token

dashboard_port = 10000
dashboard_user = username
dashboard_pwd = password

vhost_http_port = 12888

After the configuration is complete, the server completes these things:

• Configured frp service listening port 8888
• The access key is configured as "this_is_your_token"
• Configure the port, user name, and password of the dashboard, access the public network IP: 10000, enter the user name and password to log in to the background
• Configured to listen on port 12888 to proxy http requests

To quickly start the server, execute:

./frps -c ./frps.ini

For more configurations, see: https://gofrp.org/docs/reference/server-configures/

Client configuration (frpc.ini)

[common]
# 公网IP和服务端监听端口，以及连接秘钥
server_addr = 188.188.188.188 
server_port = 8888
token = this_is_your_token

[ssh_local]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 10099

[static_file]
type = tcp
remote_port = 11099
plugin = static_file
# 要对外暴露的文件目录
plugin_local_path = /home/xxxx/xxx/share
# 用户访问 URL 中会被去除的前缀，保留的内容即为要访问的文件路径
plugin_strip_prefix = static
plugin_http_user = uuuuuuusername
plugin_http_passwd = ppppppppassword

[web_01]
type = http
local_port = 12888
custom_domains = www.fuck.cn

After the configuration is complete, the server completes these things:

• common: tell the client the IP and listening port of the server, and then configure the secret key to connect smoothly
• ssh_local: ssh connection, access to public network IP: 10099 can be forwarded to port 22 of the intranet machine
• static_file: Public files, access public network IP: 11099 Enter user and password to access shared files
• web_01: http mapping, visit www.fuck.cn:12888 to initiate an HTTP request to intranet IP:12888

To quickly start the client, execute:

./frpc -c ./frpc.ini

Note: The firewall should be configured to allow the above ports to pass through.

boot up

To use systemdto control frps, you need to install it first systemd, /etc/systemd/systemthen create a frps.servicefile in the directory and write the following content:

[Unit]
# 服务名称，可自定义
Description = frp server
After = network.target syslog.target
Wants = network.target

[Service]
Type = simple
# 启动frps的命令，需修改为您的frps的安装路径
ExecStart = /path/to/frps -c /path/to/frps.ini

[Install]
WantedBy = multi-user.target

Manage frp service:

# 启动frp
systemctl start frps
# 停止frp
systemctl stop frps
# 重启frp
systemctl restart frps
# 查看frp状态
systemctl status frps

Configure frps to start automatically at boot:

systemctl enable frps