Black Synology FRP Intranet Penetration Deployment Record

Enterprise 2023-06-21 11:41:46 views: null

foreword

FRP can be divided into server and client, which will be introduced separately below

server build

       On the server side, I use Alibaba Cloud's lightweight server with a bandwidth of 5M. The steps are as follows:
      (1) Create a folder named frp on the machine, and the specific location is optional:

sudo mkdir /etc/frp

      (2) To create the frps.ini file, you can choose to write it under the window system and then use Xftp and other software to transfer it to the frp folder. The content of frps.ini is as follows, and the relevant parameter values ​​​​can be modified according to your needs.

[common]
# 监听端口
bind_port = 7200
# 面板端口
dashboard_port = 7500
# 登录面板账号设置
dashboard_user = admin
dashboard_pwd = 123456
# 设置http及https协议下代理端口
vhost_http_port = 7080
vhost_https_port = 7081


# 身份验证
token = 123456

      (2) Use docker to run frps. The selected server image is snowdreamtech/frps , the network mode is host , and the file mapping path is the file path where frps.ini is placed above

docker run --restart=always --network host -d -v /etc/frp/frps.ini:/etc/frp/frps.ini --name frps snowdreamtech/frps

Client build

      (1) In order to ensure intranet penetration after each restart, it is necessary to set the IP of Synology to be fixed. This article sets the static IP to 192.168.31.200 (
ip
      2) Create a folder under the docker folder of Synology Name it frp.
frp
      (3) Create the frpc.ini file, you can choose to write it under the window system and then transfer it to the frp folder. The specific content is as follows. This article sets the ports of ssh, Synology web interface, smb, jellyfin and qbittorrent for mapping, which can be changed as needed

[common]
# server_addr为FRPS服务器IP地址
server_addr = xxx.xxx.xxx.xxx
# server_port为服务端监听端口,bind_port
server_port = 7200
# 身份验证,需与frps.ini一致
token = 123456

[ssh]
type = tcp
local_ip = 192.168.31.200
local_port = 22
remote_port = 7222

[web]
type = tcp
local_ip = 192.168.31.200
local_port = 5000
remote_port = 7250

[smb]
type = tcp
local_ip = 192.168.31.200
local_port = 445
remote_port = 7445

[jf]
type = tcp
local_ip = 192.168.31.200
local_port = 8096
remote_port = 7296

[qb]
type = tcp
local_ip = 192.168.31.200
local_port = 8999
remote_port = 7299

      (4) Download the image in the docker of Synology. After the download is complete, create a container in the image, set up the network and storage space, and start it.
frp

frp

frp

frp
      (5) At this time, you can enter http://xxx.xxx.xxx.xxx:7500 to enter the frp panel, and the account password is consistent with frps.ini. After entering, you can see that these ports are all in the online state, and the intranet penetration is successful.
frp

epilogue

      If you use intranet penetration to watch jellyfin videos, all traffic will be transferred through the server, and the bandwidth bottleneck of the traffic is on the server. Taking the server bandwidth in this article as an example, it can only support watching 1080p videos, and the viewing experience of 4K videos is not good. Too much, you need to perform transcoding operations to get a normal viewing experience. If you want to watch 4K smoothly, there are generally the following solutions:

  1. Use frp point-to-point intranet penetration : This is a way to access intranet services without transferring traffic through the server. frp provides a new proxy type xtcp for scenarios where you want to transmit large amounts of data and the traffic does not pass through the server. However, it is currently in the initial stage of development and cannot penetrate all types of NAT devices, so the success rate of penetration is low. In addition, frps.ini needs to be deployed at both ends of Synology and the viewing machine. Please refer to the reference link for the deployment method.
  2. Intranet penetration deployment based on Zerotier root server : The success rate of Zerotier is higher than that of frp point-to-point intranet penetration. After the connection is successful, there is no need to go through the traffic of the server, and it can run up to the upstream bandwidth of Synology, but it also needs Synology Deploy Zerotier at the same time as the viewing machine.
  3. IPV6+DDNS : At present, IPV6 is basically public network ip, without NAT. So you can use the IPV6 address to directly access the machine. In order to prevent IP address changes, DDNS can be used for domain name access. The advantage is that it can run the full upstream bandwidth of Synology, but the disadvantage is that some networks do not support access to IPV6 addresses. I adopt this solution, please refer to the reference link for the specific deployment method.

reference link

Self-built intranet penetration server
frp point-to-point intranet penetration
jellyfin uses ipv6+DDNS to achieve external network access

Guess you like

Origin blog.csdn.net/qq_37263248/article/details/129671160
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com