One day, the small Rui suddenly found the students access to the school library system actually only connected to the campus network to access (referred to as: network access). Small Rui usually a good move, and thus decided to use the technology they learned to do based on a "Campus Book review" Micro-letter applet system.
But our school "campus book search" certainly intranet server system, how can I let the outside world can access it? This Caishuxueqian small Rui students is really a difficult problem. Fortunately, the small Rui Wang seniors get advice - within the network penetration .
What is inside the network through it?
Among the two computers are in different LANs, computer nodes within the network and external network connection communication needs, then we need the help of network penetration technology to solve this problem, also known as NAT traversal . In simple terms, it is to allow external network can visit your local application.
To be able to off-campus and not connected to the campus network, you can also use the "book search system", I decided to use " FRP " to achieve this goal.
frp is an application for advanced reverse proxy internal network penetration , support tcp, udp protocol, provides additional capabilities for http and https application protocol, and try to support the penetration point.
Below is my adopted schematic drawing of a frp achieve within the network penetration, in order to facilitate the distinction between frp client and server , and workflow.
我们先在ESC服务器上配置frp的服务端,然后找一台可访问局域网的设备,搭建web服务器,并且配置frp客服端。以达到实现广域网任意pc访问8080端口,frp服务端就可以把通过8081端口,将请求转发给局域网内的给8082端口,8082端口再将响应通过8081、8080端口返回给PC机。其实就是一个请求转发的过程。
配置frp服务端
1、我们先用SSH连接ECS服务器,根据自己操作系统及架构,从 Release 页面(点击阅读原文)下载最新版本的程序。可以通过wget下载,也可以在自己的电脑上下载好后,通过FTP工具上传。
wget --no-check-certificate https://github.com/fatedier/frp/releases/download/v0.31.2/frp_0.31.2_linux_amd64.tar.gz
2、使用tar命令进行解压
tar -zxvf 解压下载的压缩包
3、修改服务端的配置文件
vim frps.ini[common]#frp服务端与客户端连接端口,frps和frpc必须一致bind_port = 8081#服务端外部提供的端口vhost_http_port = 8080# 仪表盘端口,只有设置了才能使用仪表盘(即后台)dashboard_port = 7500# 仪表盘访问的用户名密码,如果不设置,则默认都是 admindashboard_user = admindashboard_pwd = admin
然后键入ESC+wq+Enter,保存退出。
4、启动服务端
./frps -c frps.ini这里有一个坑,我们断开SSH连接后,frp的服务端也就停止了。我们可以使用nohup,这样就可以保持frp的服务端可以保持正常运行。
nohup ./frps -c frps.ini &
配置frp客户端
1、首页搭建web服务器,我使用的是Nginx,这都大同小异。只要记得自己的Nginx端口就没问题。
2、执行以下命令,下载以及下载frp。
wget --no-check-certificate https://github.com/fatedier/frp/releases/download/v0.31.2/frp_0.31.2_linux_amd64.tar.gztar -zxvf 解压下载的压缩包
3、修改客户端配置文件
vim frpc.ini [common]#服务端公网ip地址server_addr = x.x.x.x#与服务端通信端口server_port = 8081[web]type = http#本地Nginx服务端口local_port = 8082#公网ip绑定的域名custom_domains = xxx.xxx.com
然后键入ESC+wq+Enter,保存退出。
4、启动客户端
nohup ./frpc -c frpc.ini &
小结
这样我们即使与局域网有十万八千里,也可以通过公网ip绑定的域名,轻松的访问到局域网的应用服务。
疑难杂症
有的同学在配置frp中可能会遇到以下困难:
Q:为什么我的端口都配置的正确,但是在外网访问不到了?
A:同学,你可以检查下你的防火墙是否放行以及端口是否被占用,还有局域网下是否可联网。此外,如果你使用的是阿里云默认关闭的端口,那么你需要登录阿里云,在安全组规则中添加你使用的端口。
因为阿里云备案快,我一般使用的都是阿里云的ESC服务器 + 域名。近期阿里云的“学生在家实践计划”活动,凡是大学生即可领取6个月的ESC服务器。
一些善于折腾的、物联网的同学,也可以把家中废弃的电脑、手机变成一台小型的服务器、云盘,使用frp工具实现内网穿透。这样一台废弃电脑、手机也可以变废为宝啦~
我是 郭小睿同学
欢迎加我微信
备注 姓名+技术or方向+学习or公司
拉你进学习交流群
对你有帮助,点个赞!
让更多人受益~
