After the intranet virtual machine installs frp, it needs to be started manually. Here, frp is set to start automatically with the system through systemd. During this period, rc.local is assigned executable permissions, and the frp directory is
First, confirm that in the directory of frp, the execution program with the configuration file can start normally.
[root@localhost frp]# ./frpc -c frpc.ini
2022/10/28 07:24:37 [I] [service.go:357] [7a47c492f1fa317f] login to server success, get run id [7a47c492f1fa317f], server udp port [0]
2022/10/28 07:24:37 [I] [proxy_manager.go:142] [7a47c492f1fa317f] proxy added: [ssh201]
2022/10/28 07:24:37 [I] [control.go:177] [7a47c492f1fa317f] [ssh201] start proxy success
At this point, the frpc.service unit file can be created under /lib/systemd/system.
[root@localhost system]# cd /lib/systemd/system
[root@localhost system]# vim frpc.service
The content of frpc.service is as follows:
[Unit]
Description=Frp Client Service # 服务描述
[Service]
Type=simple # 不论进程是否启动成功,systemctl start 都执行成功
User=nobody
Restart=on-failure # on-failure 表示仅在服务进程异常退出时重启
RestartSec=5s # 设置在重启服务前暂停多长时间
ExecStart=/usr/local/frp/frpc -c /usr/local/frp/frpc.ini # 根据自己frp的路径调整
ExecReload=/usr/local/frp/frpc reload -c /usr/local/frp/frpc.ini # 这里也调整路径
LimitNOFILE=1048576 # 最大打开文件数
[Install]
WantedBy=multi-user.target
When configuring, delete the pound sign and the following comments↑
Save and reload the configuration file, and start frp.
[root@localhost system]# systemctl daemon-reload
[root@localhost system]# systemctl start frpc
[root@localhost system]# systemctl status frpc
● frpc.service - Frp Client Service
Loaded: loaded (/usr/lib/systemd/system/frpc.service; disabled>
Active: activating (auto-restart) (Result: exit-code) since Fr>
Process: 3085 ExecStart=/usr/local/frp/frpc -c /usr/local/frp/f>
Main PID: 3085 (code=exited, status=203/EXEC)
At this time, it was found that the service did not start successfully. At the same time, it was found that the following words were printed on the screen of the virtual machine during reload:
systemd-rc-local-generator[3043]: /etc/rc.d/rc.local is not marked executable, skipping.
Immediately give executable permission to the rc.local file, then reload the systemd configuration file, no longer print, and execute the start command at this time.
[root@localhost system]# cd /etc/rc.d/
[root@localhost rc.d]# chmod +x rc.local
[root@localhost rc.d]# systemctl daemon-reload
[root@localhost rc.d]# systemctl start frpc
[root@localhost rc.d]# systemctl status frpc
● frpc.service - Frp Client Service
Loaded: loaded (/usr/lib/systemd/system/frpc.service; disabled>
Active: activating (auto-restart) (Result: exit-code) since Fr>
Process: 3275 ExecStart=/usr/local/frp/frpc -c /usr/local/frp/f>
Main PID: 3275 (code=exited, status=203/EXEC)
It's strange, but it didn't pull up again, so I can only look at the system log.
[root@localhost system]# tail -f /var/log/messages
......
Oct 28 07:54:57 localhost systemd[1]: /usr/lib/systemd/system/frpc.service:6: Special user nobody configured, this is not safe!
Oct 28 07:54:57 localhost systemd[1]: Started Frp Client Service.
Oct 28 07:54:57 localhost systemd[3587]: frpc.service: Failed to locate executable /usr/local/frp/frpc: Permission denied
Oct 28 07:54:57 localhost systemd[3587]: frpc.service: Failed at step EXEC spawning /usr/local/frp/frpc: Permission denied
Oct 28 07:54:57 localhost systemd[1]: frpc.service: Main process exited, code=exited, status=203/EXEC
Oct 28 07:54:57 localhost systemd[1]: frpc.service: Failed with result 'exit-code'.
It reported an execution failure and insufficient permissions. Baidu found out that SELinux prevents programs from accessing files. Here you can disable SELinux, or use the restorecon command to restore SELinux file attributes, that is, restore the security context of files.
1. Disable SELinux
[root@localhost system]# vim /etc/selinux/config
will SELINUX=enforcing
be changed to SELINUX=disabled,保存后重启即可。
2. Use the restorecon command
root@localhost frp]# restorecon -rv /usr/local/frp/
Relabeled /usr/local/frp from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:usr_t:s0
......
Relabeled /usr/local/frp/nohup.out from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:usr_t:s0[root@localhost frp]# systemctl start frpc
[root@localhost frp]# systemctl status frpc
● frpc.service - Frp Client Service
Loaded: loaded (/usr/lib/systemd/system/frpc.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2022-10-28 08:13:13 CST; 1s ago
Main PID: 4041 (frpc)
Tasks: 4 (limit: 21420)
Memory: 6.7M
CGroup: /system.slice/frpc.service
└─4041 /usr/local/frp/frpc -c /usr/local/frp/frpc.ini
It will be normal to start with the command again, and you can continue to use systemctl to set the boot to start.
root@localhost ]# systemctl is-enabled frpc
disabled
[root@localhost ]# systemctl enable frpc
Created symlink /etc/systemd/system/multi-user.target.wants/frpc.service → /usr/lib/systemd/system/frpc.service.
[root@localhost ]# systemctl is-enabled frpc
enabled