1. Background
In order to solve the problem of electricity consumption due to the tight supply of power load, the power grid has built a lot of edge devices, energy efficiency controllers and load control terminals for commercial buildings, enterprise parks, schools and other places. The system basically adopts cloud-management-edge-end or The main station-substation-unit architecture design, and the side end realizes localized monitoring, control and edge computing applications through mass-produced industrial computers. However, with the increasing assets of edge devices, the workload of service updates and exception handling is also gradually increasing. In terms of networking, the edge ends are basically LAN or 4G networks, resulting in IPs that are all LAN IPs or 4G dynamic IPs. The Internet can only be connected in one direction, and the Internet and the LAN cannot be reached. This requires manual upgrades of side-end services, which greatly increases project operation and maintenance costs and the risk of business trips. The project needs to break the traditional operation and maintenance method.
2. Program
Remote operation and maintenance is different from the current popular DevOps and AiOps. DevOps realizes the integration of R&D and operation and maintenance from the perspective of R&D, while AiOps uses algorithm models from the perspective of customers to predict failures. mentioned. In other words, both DevOps and AiOps need to make updates on the geographical line to achieve remote operation and maintenance. Several solutions are initially conceived for remote access:
- External procurement related products
- frp intranet penetration technology
- lcx port forwarding technology
- mqq technology, which can send data and send packets remotely, but cannot remotely access the system
- Self-developed intranet penetration technology, tcp connection, and a tcp channel. The network device at the edge is connected to the cloud with TCP , and the cloud forwards the client request to the on-site network device, which is similar to a transit function. The network device actively connects to the cloud server and then maintains the connection.
Finally, the frp internal network penetration technology is used to realize it . Here we only talk about this technical point. Through 4G equipment and fixed public network IP , use frp technology to open up network channels. frp is a network penetration application based on P2P technology, and it can also be called a reverse proxy application. It uses frp technology to open up technical problems from the Internet to the LAN, and realize intranet penetration, so that the IP of the LAN can be accessed through the Internet. Use the fixed public network IP for port forwarding to realize the business penetration of the LAN to the external network. As shown in the figure below, the LAN port 6666, after the transfer server (public network IP) performs 36601 proxy, the terminal at the user layer can pass through 36601 port to access the LAN system.
3. Introduction to frp
The official definition of frp is a high-performance reverse proxy application focused on intranet penetration, supporting TCP, UDP, HTTP, HTTPS and other protocols. Intranet services can be exposed to the public network in a safe and convenient manner through the transit of nodes with public network IP.
By deploying the frp server on a node with a public network IP, it is easy to penetrate the intranet service to the public network, and at the same time provide many professional features, including:
-
Client server communication supports various protocols such as TCP, KCP and Websocket.
-
It uses TCP connection stream multiplexing to carry more requests between a single connection and save connection establishment time.
-
Load balancing across proxy groups.
-
Port multiplexing, multiple services are exposed through the same server port.
-
Multiple natively supported client plug-ins (static file viewing, HTTP, SOCK5 proxy, etc.), which are convenient for independent use of the frp client to complete certain tasks.
-
The highly scalable server-side plug-in system is convenient for function expansion according to its own needs.
-
Server and client UI pages.
Download interface: https://github.com/fatedier/frp/releases
Source code interface: https://github.com/fatedier/frp
The frp tcp connection includes three connection modes: tcp, stcp, xtcp
4. Use of frp
frp can be a proxy for many protocols. I will only introduce a tcp and a monitoring interface here. When frp is deployed, it is divided into server-side frps and client-side frpc. It is a one-to-many deployment. frpc is deployed on a LAN, and frps is deployed on a Net IP on the server.
4.1, server frps
When deploying, deploy frps first, because the startup of frpc needs to connect to frps
1) Determine the version
If it is a linux system, first check the version of the system
archCheck the result, if it is "X86_64", you can choose "amd64",
run the following command, according to the different architecture, select the corresponding version and download
wget https://github.com/fatedier/frp/releases/download/v0.22.0/ frp_0.22.0_linux_amd64.tar.gz
wget https://github.com/fatedier/frp/releases/download/v0.36.2/frp_0.36.2_linux_amd64.tar.gz
wget https://github.com/fatedier/frp/ releases/download/v0.36.2/frp_0.37.1_linux_amd64.tar.gz
2) Install
and decompress the compressed package
tar -zxvf frp_0.22.0_linux_amd64.tar.gzRename the folder for easy use
cp -r frp_0.22.0_linux_amd64 frpCopy the decompressed folder to the directory you want. For convenience, I put it directly in the user directory, enter this directory
cd frpCheck the file, whether it contains frpc, frpc.ini, frps, frps.ini
ls -aBecause we are configuring the server, we can delete the two files of the client
rm frpc
rm frpc.ini
3) configuration file
Enter the frp directory, execute vim frps.ini, and enter the configuration file editing page
[common]
bind_port = 7000
dashboard_port = 7500
token = xxxxxxxxx
dashboard_user = admin
dashboard_pwd = admin
vhost_http_port = 38080
vhost_https_port = 3443
"bind_port" indicates the port used for the connection between the client and the server. This port number will be used later when configuring the client.
"dashboard_port" is the port of the server dashboard. If port 7500 is used, after the configuration is complete and the service is started, you can access xxxx:7500 (where xxxx is the IP of the VPS) through a browser to view the running information of the frp service.
"token" is the password used to connect the client and server, please set it yourself and record it, it will be used later.
"dashboard_user" and "dashboard_pwd" indicate the user name and password for logging in to the dashboard page, which can be set by yourself.
"vhost_http_port" and "vhost_https_port" are used when reverse proxying HTTP hosts. This article does not involve the HTTP protocol, so these two items can be copied or deleted.
4) start
./frps -c frps.inior mount it
nohup ./frps -c frps.ini >"nohupLogs/nohup_frps.log" 2>&1 &At this time, visit 111.111.111.111:7500 and log in with the username and password you set, and you can see the dashboard interface, which means success
4.2. Client frpc
1) Determine the version
If it is a linux system, first check the version of the system
archCheck the result, if it is "X86_64", you can choose "amd64",
run the following command, according to the different architecture, select the corresponding version and download
wget https://github.com/fatedier/frp/releases/download/v0.22.0/ frp_0.22.0_linux_amd64.tar.gz
wget https://github.com/fatedier/frp/releases/download/v0.36.2/frp_0.36.2_linux_amd64.tar.gz
wget https://github.com/fatedier/frp/ releases/download/v0.36.2/frp_0.37.1_linux_amd64.tar.gz
2) Install
and decompress the compressed package
tar -zxvf frp_0.22.0_linux_amd64.tar.gzRename the folder for easy use
cp -r frp_0.22.0_linux_amd64 frpCopy the decompressed folder to the directory you want. For convenience, I put it directly in the user directory, enter this directory
cd frpCheck the file, whether it contains frpc, frpc.ini, frps, frps.ini
ls -aBecause we are configuring the server, we can delete the client's two files
rm frps
rm frps.ini
3) configuration file
Enter the frp directory, execute vim frpc.ini, enter the configuration file editing page, [localnginx] means that nginx of the local area network needs to be proxied
[common]
server_addr = 111.111.111.111
server_port = 7000
token = xxxxxxxx
[localnginx]
type = tcp
local_ip = 127.0.0.1
local_port = 7777
remote_port = 7111
[busiweb]
type = tcp
local_ip = 127.0.0.1
local_port = 8188
remote_port = 7222
[RemoteOp]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 33389
# common Same as frps.ini
# server_addr: the ip address of the cloud server
# server_port: the bound port, both the cloud server and the intranet server need to open this port
# token: fill in the required token here, if it is not filled in frps.ini Here is an example of not filling in:
# myPort1 The name of this proxy, write the name casually, for example: [common] [busiweb] [RemoteOp]
# type = type of proxy, generally tcp
# local_ip = local ip
# local_port = port to be proxied
# remote_port = cloud Example of filling in the server port:
4) start
./frpc -c frpc.inior mount it
nohup ./frpc -c frpc.ini >"nohupLogs/nohup_frpc.log" 2>&1 &After the startup is successful, enter http://111.111.111.111:7111/ of the public network address in the browser to access the nginx address of the LAN
4.3. Monitoring interface
frp has its own monitoring interface. After both frps and frpc are started successfully, visit http://public IP:7500
Enter the account (dashboard_user) and password (dashboard_pwd) configured in frps.ini, and open tcp to see the configured LAN information
