Usage and configuration of frp reverse proxy application

News 2023-07-23 06:25:54 views: null

Article Directory

Frp usage

Frp is a reverse proxy application based on Go language. It supports multiple protocols including: TCP, UDP, HTTPS, HTTP, STCP, XTCP, etc. By using Frp, we can easily achieve intranet penetration.
The following introduces the usage of these protocols in Frp.

TCP protocol reverse proxy

Through Frp, the ssh service of the intranet is exposed to the Internet in the form of tcp protocol. The schematic diagram of this framework is as follows:

 +-+-+-+-+       +-+-+-+-+      +-+-+-+-+-+-+-+
 |client |<----->|  frps |<---->|  frpc + ssh |   
 +-+-+-+-+       +-+-+-+-+      +-+-+-+-+-+-+-+

The configuration of the frp server in the framework is as follows:

# frps.ini
[common]
bind_port = 7000

The configuration of the frp client is as follows:

# frpc.ini
[common]
server_addr = x.x.x.x
server_port = 7000

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000

HTTP protocol reverse proxy

The webService of the intranet is exposed to the Internet through the HTTP protocol through frp, and the corresponding principle is shown in the following figure:

 +-+-+-+-+       +-+-+-+-+      +-+-+-+-+-+-+-+
 |client |<----->|  frps |<---->|  frpc + web |   
 +-+-+-+-+       +-+-+-+-+      +-+-+-+-+-+-+-+

The server configuration is as follows:

# frps.ini
[common]
bind_port = 7000
vhost_http_port = 8080

The client configuration is as follows:

# frpc.ini
[common]
server_addr = x.x.x.x
server_port = 7000

[web]
type = http
local_port = 80
custom_domains = www.example.com

UDP protocol reverse proxy

The DNS request of the intranet is exposed to the Internet through the UDP protocol through Frp, and the schematic diagram of the response is shown in the following figure:

 +-+-+-+-+       +-+-+-+-+      +-+-+-+-+-+-+-+
 |client |<----->|  frps |<---->|  frpc + DNS |   
 +-+-+-+-+       +-+-+-+-+      +-+-+-+-+-+-+-+

The server configuration is as follows:

# frps.ini
[common]
bind_port = 7000

The client configuration looks like this:

# frpc.ini
[common]
server_addr = x.x.x.x
server_port = 7000

[dns]
type = udp
local_ip = 8.8.8.8
local_port = 53
remote_port = 6000

STCP protocol reverse proxy

In order to reduce the security risks caused by directly exposing certain services to the public network, Frp provides the STCP (Secret-TCP) protocol, which requires the use of a pre-shared key to access the service from other clients, thereby improving access security.
The principle of the STCP protocol is shown in the figure below:

 +-+-+-+-+-+-+-+-+-+       +-+-+-+-+-+      +-+-+-+-+-+-+-+-+-+
 |client + frpc(C) |<----->| frps(A) | <---->|  frpc + SSH(B) |   
 +-+-+-+-+-+-+-+-+-+       +-+-+-+-+-+      +-+-+-+-+-+-+-+-+-+

The server configuration is as follows:

# frps.ini
[common]
bind_port = 7000

The configuration of the accessed end is as follows:

# frpc-server.ini
## 被访问的一端(B)
[common]
server_addr = *.*.*.*
server_port = 7000
protocol = kcp
token = 12345678

[secret_tcp]
type = stcp
sk = test
local_ip = 127.0.0.1
local_port = 36900

The configuration of the access terminal is shown in the figure below:

# frpc-client.ini
## 访问端(C)
[common]
server_addr = *.*.*.*
server_port = 7000
protocol = kcp
token = 12345678

[secret_tcp_visitor]
type = stcp
role = visitor
server_name = secret_tcp
sk = test
bind_addr = 127.0.0.1
bind_port = 36900

In this mode, both the access terminal and the accessed terminal need to install the frpc client, and both sides need to configure the same secret key. Compared with the TCP protocol, its advantages are as follows:
1. The Frps server only needs to expose one port, which enhances security.
2. Since the access terminal and the accessed terminal access through the secret key, and both need to install frpc, the security of service exposure is improved.

xtcp proxy access mode

Xtcp is a new protocol introduced by frp, which is used to solve the problem of direct transmission of large amounts of data between clients. Due to the incompleteness of the protocol, this transmission method is not applicable to all NAT devices.
The principle of xtcp protocol communication is shown in the figure below:

 +-+-+-+-+-+-+-+-+-+       +-+-+-+-+-+      +-+-+-+-+-+-+-+-+-+
 |client + frpc(C) |<----->| frps(A) | <---->|  frpc + SSH(B) |   
 +-+-+-+-+-+-+-+-+-+       +-+-+-+-+-+      +-+-+-+-+-+-+-+-+-+

The configuration of the frp server is as follows:

# frps.ini
bind_udp_port = 7001
bind_port = 7000

The configuration of the client that frp is accessed is as follows:

# frpc.ini
# 被访问的SSH端(B)
[common]
server_addr = x.x.x.x
server_port = 7000

[p2p_ssh]
type = xtcp
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22

The configuration of the frp access terminal is as follows:

# frpc.ini
# ssh访问端(C)
[common]
server_addr = x.x.x.x
server_port = 7000

[p2p_ssh_visitor]
type = xtcp
role = visitor
server_name = p2p_ssh
sk = abcdefg
bind_addr = 127.0.0.1
bind_port = 6000

The access method is as follows:

ssh -oPort=6000 127.0.0.1

Convert Unix domain socket to TCP protocol

The server only needs to open the corresponding port, and the corresponding configuration of the client is as follows:

# frpc.ini
[common]
server_addr = x.x.x.x
server_port = 7000

[unix_domain_socket]
type = tcp
remote_port = 6000
plugin = unix_domain_socket
plugin_unix_path = /var/run/docker.sock

Expose the intranet http service to the external network

The server configuration is as follows:

# frps.ini
[common]
bind_port = 7000

The client configuration looks like this:

# frpc.ini
[common]
server_addr = x.x.x.x
server_port = 7000

[test_static_file]
type = tcp
remote_port = 6000
plugin = static_file
plugin_local_path = /tmp/files
plugin_strip_prefix = static
plugin_http_user = abc
plugin_http_passwd = abc

Access files on the machine where frpc is located through http://xxxx:6000/static/

frp console

The server frps of frp provides a corresponding web console, through which we can monitor the statistics of frps, and the configuration to start the server console is as follows:

The configuration of http access control is as follows:

[common]
# 控制台的端口号
dashboard_port = 7500
# 控制台账号和密码
dashboard_user = admin # 账号
dashboard_pwd = admin  # 密码
# 访问地址
# http://[server_addr]:7500访问

The configuration of https access console is as follows:

[common]
# 控制台的端口号
dashboard_port = 7500

# 控制的账号密码和证书
dashboard_user = admin
dashboard_pwd = admin
dashboard_tls_mode = true
dashboard_tls_cert_file = server.crt
dashboard_tls_key_file = server.key

# https控制的访问地址
# https://[server_addr]:7500

frpc client configuration console access

[common]
admin_addr = 127.0.0.1
admin_port = 7400
admin_user = admin
admin_pwd = admin
# http://127.0.0.1:7400

Guess you like

Origin blog.csdn.net/yang1fei2/article/details/131779710
Recommended
"U.S. Threats and Damage to Global Cyberspace Security and Development" report released
Ranking
[DP] expected [UVA1498] Activation
What is the ABAP Dynpro program
记录一下halcon例程报错和两个视觉库感兴趣区域绘制
characterReplacement-the longest repeated character after replacement
Target element by id somewhere within an element targeted by id
Test classification
NOI 8780 interceptor missile linear dp
Equipment inspection management wants to fine, light streams Weapon children
sql packet takes the value of the most
Computer java project recommendation SSM (Spring+SpringMVC+MyBatis) takeaway ordering management system
Daily
More
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)

Code World

© 2018 codetd.com