Preface
Recently the blogger's laboratory is moving. Because the server can only be used when connected to the intranet, after moving, you will not be able to connect to the public network to use the server. This is indeed very distressing, so this article will mainly explain how to use it. Public network server SSH connects to intranet server
System Configuration
- Intranet server: Ubuntu 18.04
- Public server: CentOS 7.9
plan
The following summarizes various ways to access intranet services from the public network:
1, Use remote desktop such as TeamViewer. However, both parties need to install the TeamViewer software and the versions must be consistent. Although it is available, it is troublesome
2, Use peanut shell software for DDNS analysis. Although available, the free version has bandwidth limitations and is not ideal for use.
3.Build a frp server for intranet penetration. It can achieve good speeds and can open any desired port, allowing devices on the intranet or behind a firewall to provide services to the outside world. Itsupports many protocols such as HTTP, TCP, and UDP< /span>, recommended.
To sum up, this article will build the frp service on the public network server to perform intranet penetration to achieve the effect of SSH connecting to the intranet server.
introduce
frp
is a high-performance reverse proxy application focusing on intranet penetration, supporting TCP, UDP, HTTP, HTTPS and more protocol and supports P2P communication. Intranet services can be exposed to the public network through transit with public network IP nodes in a safe and convenient way
Note: Intranet penetration, simply put, means that the data of the intranet can be obtained by the external network and can be mapped to the public network, so that the data of the intranet can be accessed on the public network.
Official documentation:Documentation | frp (gofrp.org)
Installation and deployment
This article corresponds to the official document:Access intranet machines through SSH | frp (gofrp.org)
download
We need to download the frp installation package on the client and server respectively.
wget https://github.com/fatedier/frp/releases/download/v0.51.3/frp_0.51.3_linux_amd64.tar.gz
Then unzip the installation package
tar -zxvf frp_0.51.3_linux_amd64.tar.gz
Show file content
# ls -l
total 30784
-rw-r--r--. 1 1001 docker 11358 Aug 14 12:09 LICENSE
-rwxr-xr-x. 1 1001 docker 14290944 Aug 14 12:04 frpc
-rw-r--r--. 1 1001 docker 126 Aug 14 12:09 frpc.ini
-rw-r--r--. 1 1001 docker 12669 Aug 14 12:09 frpc_full.ini
-rwxr-xr-x. 1 1001 docker 17186816 Aug 14 12:04 frps
-rw-r--r--. 1 1001 docker 26 Aug 14 12:09 frps.ini
-rw-r--r--. 1 1001 docker 5933 Aug 14 12:09 frps_full.ini
Among them frpc
is used by the intranet server, and frps
is used by the public network server
Configuration
Finally we need to fill in the configuration file. First we modify the frps.ini
file on the public network server
# frps
[common]
bind_port = 7000
Then modify the frpc.ini
file on the intranet server. Assume that the public IP of the server where frps is located is x.x.x.x
# frpc
[common]
# tls_enable 防止启动报错 login to server failed: EOF
tls_enable = true
server_addr = x.x.x.x
server_port = 7000
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
Note:Public network server needs to be enabled6000 7000 Port firewall and security group configuration
Finally, start the client and server respectively.
# 服务端
./frps -c ./frps.ini
# 客户端
./frpc -c ./frpc.ini
Then we use SSH locally to access the intranet machine, assuming that we use the test user to connect
ssh -oPort=6000 [email protected]
# 或是
ssh [email protected]:6000
frp will forward the traffic requesting x.x.x.x:6000
to port 22 of the intranet machine
System Configuration
Finally, we can start the service through systemd
and configure it to start automatically at boot to facilitate subsequent operations
Official configuration document:Use systemd | frp (gofrp.org)
Server
First we can create and edit frps.service
files on the frp server
vim /etc/systemd/system/frps.service
Write content
[Unit]
# 服务名称,可自定义
Description = frp server
After = network.target syslog.target
Wants = network.target
[Service]
Type = simple
# 启动frps的命令,需修改为您的frps的安装路径
ExecStart=/usr/bin/frps -c /etc/frp/frps.ini
[Install]
WantedBy = multi-user.target
The command to copy files is as follows
cp ./frps /usr/bin/frps
mkdir /etc/frp
cp ./frps.ini /etc/frp/frps.ini
Common commands
# 启动frp
systemctl start frps
# 停止frp
systemctl stop frps
# 重启frp
systemctl restart frps
# 查看frp状态
systemctl status frps
Configure frps to start automatically at boot
systemctl enable frps
client
This is basically similar to the server configuration, so it will be briefly described.
vim /etc/systemd/system/frpc.service
[Unit]
Description = frp client
After = network.target syslog.target
Wants = network.target
[Service]
Type = simple
ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini
[Install]
WantedBy = multi-user.target
sudo cp ./frpc /usr/bin/frpc
sudo mkdir /etc/frp
sudo cp ./frpc.ini /etc/frp/frpc.ini
sudo systemctl start frpc
sudo systemctl enable frpc
Reference link
- How to connect to the intranet server via SSH from the external network? - Zhihu (zhihu.com)
- How to connect to the lab server at home - Zhihu (zhihu.com)
- Machine Learning - How to access intranet machines at home? - Personal article - SegmentFault Sifu
- How to remotely connect to the laboratory server at home - Volcengine (volcengine.com)
- Configure intranet penetration for the laboratory server to avoid intranet embarrassment and you can use the server at home~_Use realvnc in intranet-CSDN Blog
- How to make your web project achieve intranet penetration (freecodecamp.org)
This article is published by the blog post platform OpenWrite!