FRP project address https://github.com/fatedier/frp/blob/master/README_zh.md frp is a high-performance reverse proxy application that can be used for intranet penetration , supports tcp, udp protocols, http and https The application protocol provides additional capabilities and tentatively supports point-to-point penetration.
ssh connection 1. Need a server that can directly access the external network, such as Alibaba Cloud server (server) 2. Need to do internal network penetration server, such as the company's internal LAN test server (client) web access 3. Need Additional registered domain names
https://github.com/fatedier/frp/releases just choose the latest one, usually in linux environment
Installation operations required by both the client and the server
cd/usr/local/ wget https://github.com/fatedier/frp/releases/download/v0.27.0/frp_0.27.0_linux_amd64.tar.gz tar -zxvf frp_0.27.0_linux_amd64.tar.gz mv frp_0.27.0_linux_amd64 frp
Download the catalog file of frp
Check the frps.ini file and modify it as follows
[common] bind_port = 7000 # The port number that the client binds to the server
In the default configuration information, only one binding port is 7000, which means that we bind port 7000 in the external network server to communicate with the client. Note: The port can be customized, but the client and server need to be unified. Alibaba Cloud server needs to expose port 7000 in the security group rules configured in esc management
Start the server
./frps -c frps.ini
The following indicates that the startup is successful
After the startup is successful, closing xshell or exiting the conversation will disconnect the connection. You can use nohup for background startup (you can use this method for subsequent startup)
The following is the background startup and log input into the file.log file
nohup ./frps -c ./frps.ini> file.log 2>&1 &
Check the frpc.ini file and modify it as follows
[common] server_addr = 188.8.131.52 # Your public network ip server_port = 7000 # The bound port, custom, just keep with the server [ssh] type = tcp local_ip = 127.0.0.1 # Bind ip, fill in 127.0.0.1 to indicate this machine local_port = 22 remote_port = 6008 # ssh defaults to 22, and now forwards to port 6008
Start the client
./frpc -c ./frpc.ini
OK, then you can connect via xshell, just specify the port number as remote_port(6008), as follows
A single ssh configuration is successful, multiple items are configured, the same operation, download frp on another machine, and then only need to modify the frpc.ini file, the modification format is as follows
[common] server_addr = 184.108.40.206 server_port = 7000 [ssh001] # Cannot be repeated type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6009 # Cannot be repeated
The remote_port needs to be modified, the [ssh] name cannot be repeated
The frpc command can be started.
After configuring http, you can access the web services of the intranet. For example, the premise of the cloud disk is to have a registered domain name, so that it can be configured.
Server : modify frps.ini, the content is as follows
[common] bind_port = 7000 vhost_http_port = 6001 # Access port 6001, mapped to the intranet web service
Bind_port has the same meaning when doing ssh before. It is also to establish a communication port with the client. You only need to add vhost_http_port = 6001 to the previous configuration file. This configuration means to allow others to access port 6001 of our server. Frp forwards the http request to the intranet server
Client : modify frpc.ini, the modification content is as follows
[common] server_addr = 220.127.116.11 server_port = 7000 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6008 [web] type = http local_port = 8080 # Access local 8080 web service custom_domains = www.chendahai.cn # must have been filed
OK, use the frpc command to restart, and you can access the 8080 service of the intranet through www.chendahai.cn:6001.
What if you want to configure multiple web services, similar to ssh, just add multiple [web] , please note that the name cannot be duplicate
The server does not need to make any changes, modify the content of ftpc.ini as follows
[common] server_addr = 18.104.22.168 server_port = 7000 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6008 [web01] type = http local_port = 8080 custom_domains = www.chendahai.cn [web02] type = http local_port = 80 custom_domains = cd.chendahai.cn # Use the second-level domain name for configuration
After that, the 80-port web service of the intranet can be accessed through cd.chendahai.cn:6001. The second-level domain name needs to be configured with domain name resolution .
The following is configured with 2 ssh and 3 web services, the server log is as follows
OK, the basic configuration of intranet penetration is complete
The use and configuration of frp is quite simple, if you have any questions or want to know about other functions of frp, you can check the official Chinese document