内网穿透 --- frp
中文文档:https://github.com/fatedier/frp/blob/dev/README_zh.md
手机+frp内网穿透搭建随身携带的服务器:https://blog.csdn.net/sinat_27938829/article/details/73604722
软路由 通过 Openwrt 自带的 Frp 插件:https://zhuanlan.zhihu.com/p/367894569
手机搭建个人网站 ( KSWEB+TERMUX+FRP内网穿透 ):https://www.jianshu.com/p/9981d27c0350
玩转内外网互通 ( Ngrok、钉钉、花生壳、frp ):https://www.it235.com/实用工具/内网穿透/pierce.html
内网穿透
什么是内网穿透?
内网穿透,又叫 NET 穿透,是计算机用语。用通俗的说法就是你家里的个人电脑,可以直接被外网的人访问。例如你在公司,不通过远程工具,直接也可以访问到家里的电脑。内网穿透就是把局域网的 端口暴露给 公网,然后通过公网就可以访问局域网暴露端口的服务
通常实现内网穿透,是通过路由器上端口映射来实现的。但是路由器通常不是每个人都有权限可以访问和设置,而且可能存在多级路由器较为复杂的网络结构。端口映射也无法实现。
正常来说我们的个人电脑是无法被别人访问到的(有固定 ip 除外!),而且现在固定 ip 资源稀缺,运营商也不会随便给你分配了,个人申请也挺难。
为什么需要内网穿透?就个人而已,需要用到内网穿透的原因:一是方便访问公司的内网环境,不喜欢使用远程工具,挺麻烦的。二是方便把个人电脑上的应用开放到外网进行访问。
1、Frp 介绍
FRP 全名:Fast Reverse Proxy。FRP 是一个使用 Go 语言开发的开源、简洁易用、高性能的内网穿透和反向代理软件,支持 tcp, udp, http, https 等协议。frp 项目官网是:https://github.com/fatedier/frp
使用 frp工具有以下优势:
- 1. 利用处于内网或防火墙后的机器,对外网环境提供 HTTP 或 HTTPS 服务。
- 2. 对于 HTTP, HTTPS 服务支持基于域名的虚拟主机,支持自定义域名绑定,使多个域名可以共用一个 80 端口。
- 3. 利用处于内网或防火墙后的机器,对外网环境提供 TCP 和 UDP 服务,例如在家里通过 SSH 访问处于公司内网环境内的主机。
frp 工作原理
- 服务端运行,监听一个主端口,等待客户端的连接;
- 客户端连接到服务端的主端口,同时告诉服务端要监听的端口和转发类型;
- 服务端fork新的进程监听客户端指定的端口;
- 外网用户连接到客户端指定的端口,服务端通过和客户端的连接将数据转发到客户端;
- 客户端进程再将数据转发到本地服务,从而实现内网对外暴露服务的能力。
2、配置教程
想要配置 frp 穿透,首先必须先要有一台具有外网 ip ( 即:可以外网访问 ) 的服务器。如果没有,接下来的教程就不用看了。
配置教程主要分为两个部分,
- 1:服务器端 (外网服务器) 的配置;服务端通常部署在具有公网 IP 的机器上
- 2:客户端 (内网服务器) 配置。客户端通常部署在需要穿透的内网服务所在的机器上
服务端 ( 外网服务器 ) 配置
linux 版:
下载地址:https://github.com/fatedier/frp/releases
下载好后上传到服务器上:scp frp_0.39.0_linux_amd64.tar.gz 用户名@服务端ip:~/
这样就放到了服务端的家目录了。或者执行命令:wget https://github.com/fatedier/frp/releases/download/v0.39.0/frp_0.39.0_linux_amd64.tar.gz
如果觉得速度很慢,可以使用 mwget 安装:mwget https://github.com/fatedier/frp/releases/download/v0.39.0/frp_0.39.0_linux_amd64.tar.gz
解压 frp 压缩包:tar -zxvf frp_0.39.0_linux_amd64.tar.gz
frp 目录下的文件分为两部分:
- frpc 开头的代表着 客户端 使用。
- frps 开头的代表 服务端 使用。
- .ini 结尾的文件是 frp 的配置文件,也是需要进行修改的文件。
frps_full.ini 文件内容:
# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single "bind_addr" field, no need square brackets, like "bind_addr = ::".
bind_addr = 0.0.0.0
bind_port = 7000# udp port to help make udp hole to penetrate nat
bind_udp_port = 7001# udp port used for kcp protocol, it can be same with 'bind_port'
# if not set, kcp is disabled in frps
kcp_bind_port = 7000# specify which address proxy will listen for, default value is same with bind_addr
# proxy_bind_addr = 127.0.0.1# if you want to support virtual host, you must set the http port for listening (optional)
# Note: http port and https port can be same with bind_port
vhost_http_port = 80
vhost_https_port = 443# response header timeout(seconds) for vhost http server, default is 60s
# vhost_http_timeout = 60# tcpmux_httpconnect_port specifies the port that the server listens for TCP
# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
# requests on one single port. If it's not - it will listen on this value for
# HTTP CONNECT requests. By default, this value is 0.
# tcpmux_httpconnect_port = 1337# set dashboard_addr and dashboard_port to view dashboard of frps
# dashboard_addr's default value is same with bind_addr
# dashboard is available only if dashboard_port is set
dashboard_addr = 0.0.0.0
dashboard_port = 7500# dashboard user and passwd for basic auth protect
dashboard_user = admin
dashboard_pwd = admin# enable_prometheus will export prometheus metrics on {dashboard_addr}:{dashboard_port} in /metrics api.
enable_prometheus = true# dashboard assets directory(only for debug mode)
# assets_dir = ./static# console or real logFile path like ./frps.log
log_file = ./frps.log# trace, debug, info, warn, error
log_level = infolog_max_days = 3# disable log colors when log_file is console, default is false
disable_log_color = false# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
detailed_errors_to_client = true# authentication_method specifies what authentication method to use authenticate frpc with frps.
# If "token" is specified - token will be read into login message.
# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
authentication_method = token# authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
authenticate_heartbeats = false# AuthenticateNewWorkConns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
authenticate_new_work_conns = false# auth token
token = 12345678# oidc_issuer specifies the issuer to verify OIDC tokens with.
# By default, this value is "".
oidc_issuer =# oidc_audience specifies the audience OIDC tokens should contain when validated.
# By default, this value is "".
oidc_audience =# oidc_skip_expiry_check specifies whether to skip checking if the OIDC token is expired.
# By default, this value is false.
oidc_skip_expiry_check = false# oidc_skip_issuer_check specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
# By default, this value is false.
oidc_skip_issuer_check = false# heartbeat configure, it's not recommended to modify the default value
# the default value of heartbeat_timeout is 90. Set negative value to disable it.
# heartbeat_timeout = 90# user_conn_timeout configure, it's not recommended to modify the default value
# the default value of user_conn_timeout is 10
# user_conn_timeout = 10# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
allow_ports = 2000-3000,3001,3003,4000-50000# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 5# max ports can be used for each client, default value is 0 means no limit
max_ports_per_client = 0# tls_only specifies whether to only accept TLS-encrypted connections. By default, the value is false.
tls_only = false# tls_cert_file = server.crt
# tls_key_file = server.key
# tls_trusted_ca_file = ca.crt# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
# when subdomain is test, the host used by routing is test.frps.com
subdomain_host = frps.com# if tcp stream multiplexing is used, default is true
tcp_mux = true
# specify keep alive interval for tcp mux.
# only valid if tcp_mux is true.
# tcp_mux_keepalive_interval = 60# custom 404 page for HTTP requests
# custom_404_page = /path/to/404.html# specify udp packet size, unit is byte. If not set, the default value is 1500.
# This parameter should be same between client and server.
# It affects the udp and sudp proxy.
udp_packet_size = 1500[plugin.user-manager]
addr = 127.0.0.1:9000
path = /handler
ops = Login[plugin.port-manager]
addr = 127.0.0.1:9001
path = /handler
ops = NewProxy
frpc_full.ini 文件内容
# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single "server_addr" field, no need square brackets, like "server_addr = ::".
server_addr = 0.0.0.0
server_port = 7000# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set http_proxy here or in global environment variables
# it only works when protocol is tcp
# http_proxy = http://user:passwd@192.168.1.128:8080
# http_proxy = socks5://user:passwd@192.168.1.128:1080
# http_proxy = ntlm://user:passwd@192.168.1.128:2080# console or real logFile path like ./frpc.log
log_file = ./frpc.log# trace, debug, info, warn, error
log_level = infolog_max_days = 3# disable log colors when log_file is console, default is false
disable_log_color = false# for authentication, should be same as your frps.ini
# authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
authenticate_heartbeats = false# authenticate_new_work_conns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
authenticate_new_work_conns = false# auth token
token = 12345678# oidc_client_id specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
# By default, this value is "".
oidc_client_id =# oidc_client_secret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
# By default, this value is "".
oidc_client_secret =# oidc_audience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
oidc_audience =# oidc_token_endpoint_url specifies the URL which implements OIDC Token Endpoint.
# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
oidc_token_endpoint_url =# set admin address for control frpc's action by http api such as reload
admin_addr = 127.0.0.1
admin_port = 7400
admin_user = admin
admin_pwd = admin
# Admin assets directory. By default, these assets are bundled with frpc.
# assets_dir = ./static# connections will be established in advance, default value is zero
pool_count = 5# if tcp stream multiplexing is used, default is true, it must be same with frps
tcp_mux = true
# specify keep alive interval for tcp mux.
# only valid if tcp_mux is true.
# tcp_mux_keepalive_interval = 60# your proxy name will be changed to {user}.{proxy}
user = your_name# decide if exit program when first login failed, otherwise continuous relogin to frps
# default is true
login_fail_exit = true# communication protocol used to connect to server
# now it supports tcp, kcp and websocket, default is tcp
protocol = tcp# set client binding ip when connect server, default is empty.
# only when protocol = tcp or websocket, the value will be used.
connect_server_local_ip = 0.0.0.0# if tls_enable is true, frpc will connect frps by tls
tls_enable = true# tls_cert_file = client.crt
# tls_key_file = client.key
# tls_trusted_ca_file = ca.crt
# tls_server_name = example.com# specify a dns server, so frpc will use this instead of default one
# dns_server = 8.8.8.8# proxy names you want to start seperated by ','
# default is empty, means all proxies
# start = ssh,dns# heartbeat configure, it's not recommended to modify the default value
# The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value
# to disable it.
# heartbeat_interval = 30
# heartbeat_timeout = 90# additional meta info for client
meta_var1 = 123
meta_var2 = 234# specify udp packet size, unit is byte. If not set, the default value is 1500.
# This parameter should be same between client and server.
# It affects the udp and sudp proxy.
udp_packet_size = 1500# include other config files for proxies.
# includes = ./confd/*.ini# By default, frpc will connect frps with first custom byte if tls is enabled.
# If DisableCustomTLSFirstByte is true, frpc will not send that custom byte.
disable_custom_tls_first_byte = false# 'ssh' is the unique proxy name
# if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
[ssh]
# tcp | udp | http | https | stcp | xtcp, default is tcp
type = tcp
local_ip = 127.0.0.1
local_port = 22
# limit bandwidth for this proxy, unit is KB and MB
bandwidth_limit = 1MB
# true or false, if true, messages between frps and frpc will be encrypted, default is false
use_encryption = false
# if true, message will be compressed
use_compression = false
# remote port listen by frps
remote_port = 6001
# frps will load balancing connections for proxies in same group
group = test_group
# group should have same group key
group_key = 123456
# enable health check for the backend service, it support 'tcp' and 'http' now
# frpc will connect local service's port to detect it's healthy status
health_check_type = tcp
# health check connection timeout
health_check_timeout_s = 3
# if continuous failed in 3 times, the proxy will be removed from frps
health_check_max_failed = 3
# every 10 seconds will do a health check
health_check_interval_s = 10
# additional meta info for each proxy
meta_var1 = 123
meta_var2 = 234[ssh_random]
type = tcp
local_ip = 127.0.0.1
local_port = 22
# if remote_port is 0, frps will assign a random port for you
remote_port = 0# if you want to expose multiple ports, add 'range:' prefix to the section name
# frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on.
[range:tcp_port]
type = tcp
local_ip = 127.0.0.1
local_port = 6010-6020,6022,6024-6028
remote_port = 6010-6020,6022,6024-6028
use_encryption = false
use_compression = false[dns]
type = udp
local_ip = 114.114.114.114
local_port = 53
remote_port = 6002
use_encryption = false
use_compression = false[range:udp_port]
type = udp
local_ip = 127.0.0.1
local_port = 6010-6020
remote_port = 6010-6020
use_encryption = false
use_compression = false# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
[web01]
type = http
local_ip = 127.0.0.1
local_port = 80
use_encryption = false
use_compression = true
# http username and password are safety certification for http protocol
# if not set, you can access this custom_domains without certification
http_user = admin
http_pwd = admin
# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
subdomain = web01
custom_domains = web01.yourdomain.com
# locations is only available for http type
locations = /,/pic
host_header_rewrite = example.com
# params with prefix "header_" will be used to update http request headers
header_X-From-Where = frp
health_check_type = http
# frpc will send a GET http request '/status' to local http service
# http service is alive when it return 2xx http response code
health_check_url = /status
health_check_interval_s = 10
health_check_max_failed = 3
health_check_timeout_s = 3[web02]
type = https
local_ip = 127.0.0.1
local_port = 8000
use_encryption = false
use_compression = false
subdomain = web01
custom_domains = web02.yourdomain.com
# if not empty, frpc will use proxy protocol to transfer connection info to your local service
# v1 or v2 or empty
proxy_protocol_version = v2[plugin_unix_domain_socket]
type = tcp
remote_port = 6003
# if plugin is defined, local_ip and local_port is useless
# plugin will handle connections got from frps
plugin = unix_domain_socket
# params with prefix "plugin_" that plugin needed
plugin_unix_path = /var/run/docker.sock[plugin_http_proxy]
type = tcp
remote_port = 6004
plugin = http_proxy
plugin_http_user = abc
plugin_http_passwd = abc[plugin_socks5]
type = tcp
remote_port = 6005
plugin = socks5
plugin_user = abc
plugin_passwd = abc[plugin_static_file]
type = tcp
remote_port = 6006
plugin = static_file
plugin_local_path = /var/www/blog
plugin_strip_prefix = static
plugin_http_user = abc
plugin_http_passwd = abc[plugin_https2http]
type = https
custom_domains = test.yourdomain.com
plugin = https2http
plugin_local_addr = 127.0.0.1:80
plugin_crt_path = ./server.crt
plugin_key_path = ./server.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp[plugin_https2https]
type = https
custom_domains = test.yourdomain.com
plugin = https2https
plugin_local_addr = 127.0.0.1:443
plugin_crt_path = ./server.crt
plugin_key_path = ./server.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp[plugin_http2https]
type = http
custom_domains = test.yourdomain.com
plugin = http2https
plugin_local_addr = 127.0.0.1:443
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp[secret_tcp]
# If the type is secret tcp, remote_port is useless
# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
type = stcp
# sk used for authentication for visitors
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22
use_encryption = false
use_compression = false# user of frpc should be same in both stcp server and stcp visitor
[secret_tcp_visitor]
# frpc role visitor -> frps -> frpc role server
role = visitor
type = stcp
# the server name you want to visitor
server_name = secret_tcp
sk = abcdefg
# connect this address to visitor stcp server
bind_addr = 127.0.0.1
bind_port = 9000
use_encryption = false
use_compression = false[p2p_tcp]
type = xtcp
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22
use_encryption = false
use_compression = false[p2p_tcp_visitor]
role = visitor
type = xtcp
server_name = p2p_tcp
sk = abcdefg
bind_addr = 127.0.0.1
bind_port = 9001
use_encryption = false
use_compression = false[tcpmuxhttpconnect]
type = tcpmux
multiplexer = httpconnect
local_ip = 127.0.0.1
local_port = 10701
custom_domains = tunnel1
进入解压后的目录,打开配置文件:vi frps.ini 将文件内容修改为如下:
[common]bind_port = 7000 # frp 监听的端口,默认是7000,可以改成其他的
token = mytoken_12345 # 授权码,可以改成更复杂,这个token之后在客户端会用到
dashboard_port = 7500 # frp 管理后台端口,请按自己需求更改
dashboard_user = admin # frp 管理后台用户名和密码,请改成自己的
dashboard_pwd = admin
enable_prometheus = true# frp 日志配置
log_file = /var/log/frps.log
log_level = info
log_max_days = 3
- bind_port 表示客户端和服务端连接的端口,客户端也需同样设置并一致(必填)
- token 是用于客户端和服务端连接的口令,客户端也需同样设置并一致(必填)
- dashboard_port 是服务端仪表板的端口,服务端仪表板查看frp服务运行信息。(按需)
- dashboard_user 和 dashboard_pwd 是打开仪表板页面登录用的用户名和密码(按需)
启动 frp 服务
sudo mkdir -p /etc/frp
sudo cp frps.ini /etc/frp
sudo cp frps /usr/bin
sudo cp systemd/frps.service /usr/lib/systemd/system/
sudo systemctl enable frps
sudo systemctl start frps
如果上述命令依次执行完没有任何错误出现,则说明启动成功。
防火墙开放端口
# 添加监听端口
sudo firewall-cmd --permanent --add-port=7000/tcp
# 添加管理后台端口
sudo firewall-cmd --permanent --add-port=7500/tcp
sudo firewall-cmd --reload
注意:
- 1:如果是 ubuntu 或者 centos 6,请使用 ufw / iptables 工具放行端口;
- 2:7000 和 7500 两个端口分别对应 frps.ini 配置中的 bind_port 和 dashboard_port
验证服务端是否启动成功
访问:http://服务器IP:后台管理端口 ,输入 用户名、密码 可以查看连接状态。如:http://62.244.114.4:7500/,用户名和密码分别对应 frps.ini 文件中的 dashboard_user 和dashboard_pwd 登录之后界面如下:
客户端 ( 内网服务器 ) 配置
把 frpc 开头的文件复制到内网服务器上( 就是要把内网端口暴露给外网的访问的服务器上 ),
打开配置文件进行配置:vi frpc.ini (注意:不是frps.ini)
将文件内容修改为如下:
# 客户端配置
[common]
server_addr = 服务器ip
server_port = 7000 # 与frps.ini的bind_port一致
token = 52010 # 与frps.ini的token一致# 配置ssh服务
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000 # 这个自定义,之后再ssh连接的时候要用[ssh2] # 不同客户端需要不同的名字
type = tcp
local_ip = 127.0.0.1
local_port = 3389 #SSH使用22端口 windows系统使用3389端口
remote_port = 6006 #这个端口是指通过x.x.x.x:6000访问内网机子的转发端口[rdb]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 6000# 配置 http 服务,可用于小程序开发、远程调试等,如果没有可以不写下面的
[web]
type = http
local_ip = 127.0.0.1
local_port = 8080
subdomain = test.hijk.pw # web域名
remote_port = 自定义的远程服务器端口,例如8080
- server_addr 就是服务器的外网IP(必填)
- bind_port 表示客户端和服务端连接的端口,服务端也需同样设置并一致(必填)
- token 是用于客户端和服务端连接的口令,服务端也需同样设置并一致(必填)
- [rdb] 是一个规则名称,可自定义
- type 是转发的协议类型
- local_port 是本地应用的端口号,本例子的3389是远程桌面的默认端口
- remote_port 是该条规则在服务端开放的端口号,在公司电脑win10电脑开始里输入mstsc,调出远程桌面连接,输入服务器 IP 加 remote_port 就可远程家里电脑了
注意:[ssh] 这样的名称必须全局唯一,即就算有多个客户端,也只能使用一次,其他的可以用[ssh2]、[ssh3] 等;意思就是说,如果你要配置多个客户端,必须将另外的客户端的 [ssh] 改为[ssh2]、[ssh3] 等,并且 remote_port 也要变,比如 6002,6003 等
防火墙开放端口
sudo firewall-cmd --permanent --add-port=6000/tcp
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload
启动客户端:./frpc -c frpc.ini
测试穿透是否配置成功
找另外一台不同网段的电脑,在终端执行:ssh 用户名@服务端ip -p 端口号
这里一定要注意,这里用的是服务端的ip和用户名,端口号用的frpc.ini文件中的remote_port。如果你登录成功,那么,恭喜你,你已经学会了利用frc怎么配置内网穿透了!!!
3、frp 应用
ssh 远程访问
由于以上 家里的电脑(frp客户端)安装在win10系统上,使用3389可实现远程桌面,对标linux系统,远程访问软件就要用到FinalShell或Xshell,因此在linux系统上安装客户端需要在frpc.ini,加上以下内容:
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 7001在 FinalShell 或 Xshell 中输入腾讯云服务器 IP:7001 加上 linux 的账密就可访问
web 服务连接
在 家里的电脑(frp客户端)开启了一个web服务,比如启动tomcat,那么客户端的配置文件frpc.ini 需要填入以下内容
[web]
type = http
local_ip = 127.0.0.1
local_port = 8080
custom_domains = www.youdomain.com上面的 custom_domains 是域名设置,必须要有,www.youdomain.com 可以在腾讯云买最便宜5块钱一年,域名注册-我的域名-注册域名中即可购买,然后解析域名,将腾讯云服务器IP和自定义的域名绑定,以后访问腾讯云服务器就直接输入域名就可以了,比如用百度,就直接输入 www.baidu.com
然后 公司电脑浏览器 输入www.youdomain.com:10080 即可(此处的10080就是服务端设置的vhost_http_port),查看到家里电脑(frp客户端)启动的 web 服务
HTTP 穿透
HTTP 穿透,也就是我们应用层面的通信协议,http协议;穿透它是为了方便我们访问内网的 web 应用,例如我在内网机器,起了一个 tomcat 部署了一个网站,我想让其他人外网的人来访问我,那就需要进行 HTTP 的穿透;
服务端
[common]
bind_port = 7000
vhost_http_port = 80 # 将服务器的 80 端口用作 http 协议的通信
vhost_https_port = 443 # 进服务器的 443 端口用作 https 协议通信
privilege_token = token123456789 # frp的认证,对应的客户也需要配置一样,才可以进行通信客户端
[common]
server_addr = 云服务器ip
server_port = 7000
privilege_token = token123456789 #frp的认证[web_http]
type=http #通信类型为http
local_ip = 127.0.0.1
local_port = 8080
custom_domains = 二级域名/公网ip[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000http 的穿透,我们看到服务端和客户端的配置文件都进行了改动,我们重点来看下客户单中的配置;type = http : 这个是因为我们想要创建的隧道是进行 http 通信的,也就是用来访问本地 web 应用;custom_domains = 二级域名/公网ip :这个配置一般使用一个二级域名来配置,用于通过域名来访问你的穿透服务器,如果没有域名,那么我们写上一个服务器的公网 ip 也是可以的,用 ip 的话,在外网访问的时候,就只能通过 ip 进行访问了,效果都一样;
文件访问服务
在家里电脑(frp客户端)的frpc.ini添加以下内容
[my_static_file]
type = tcp
remote_port = 6001
plugin = static_file
plugin_local_path = E:\\temp
plugin_strip_prefix = static
plugin_http_user = abc
plugin_http_passwd = 123plugin 是需要用到的插件
plugin_local_path是要对外暴露的文件目录
plugin_strip_prefix访问url携带的前缀
plugin_http_user访问账号
plugin_http_passwd访问密码
在 公司电脑 的浏览器输入:http://1.1.1.1:6001/static/
输入账号密码就可查看家里电脑分享的文件,其中1.1.1.1是腾讯云服务器对外的IP
综合 配置
frp内网穿透,可以使用域名,也可使用IP, 一般来讲,域名比较好记。所以有域名的话尽量使用域名,实在没有域名的话才使用IP。
由于web服务一般均会使用80端口,如果80端口是否被nginx或其它web 服务占用的话,则要改成其他端口,如8080,也可使用nginx的反向代理实现frp服务端与nginx共用80端口。
frp实现内网穿透(没有公网IP的利器)
以下 frps就是服务器端(server),frpc就是客户端(client)。
1.有自己域名的FRP配置
# frps.ini服务端配置
[common]
bind_addr = 0.0.0.0
bind_port = 7000
privilege_token = abcdefghijk
vhost_http_port = 80
vhost_https_port = 443
#frpc.ini客户端配置
[common]
server_addr = 服务端IP
server_port = 7000
privilege_token = abcdefghijk
[httpname]
type = http
local_port = 80
local_ip = 127.0.0.1
custom_domains = www.52help.net
[httpsname]
type = https
local_port = 443
local_ip = 127.0.0.1
custom_domains = 52help.net
这里的 www.52help.net 52help.net两个域名要真实存在,且要在域名解析里将指定域名解析到frps服务端的IP上。
custom_domains = 这里填写你已经解析到frps服务端IP上的域名,自己每个穿透对应服务,都可以绑定一个专属域名用于访问,包括使用tcp和udp协议。
然后就可以通过这个已经自定义域域名访问到自己的对应HTTP服务。
2.只有IP,没有自己域名的配置
如果自己没有域名,但又想使用FRP实现内网穿透到我的HTTP服务
frps.ini服务端配置
# frps.ini
[common]
bind_addr = 0.0.0.0
bind_port = 7000
privilege_token = abcdefghijk
# frpc.ini客户端配置
[common]
server_addr = 服务端IP
server_port = 7000
privilege_token = abcdefghijk
[httpname]
type = tcp
local_port = 80
local_ip = 127.0.0.1
remote_port = 8080
然后就可以通过 服务端IP地址:8080 来访问访问到对应穿透的服务。
内网穿透 --- frp相关推荐
- 内网穿透-Frp(1)使用樱花Frp(Sakura Frp)进行免费的内网穿透操作步骤
背景介绍:因需要在4G路由器(openwrt,mips架构)上提高页面和视频流展示,需要在公网能访问的,问题:4G卡不能固定IP,所以没办法使用公网+端口映射方式进行:故采取内网穿透frp方式进行公网 ...
- 记录linux的内网穿透frp操作
记录linux的内网穿透frp操作 由于本人在宿舍偶尔需要查看实验室内电脑程序结果及传输一些文件,不得不利用frp内网穿透,需要准备以下三台电脑,如果有多个客户端,也可以进行配置: 一.一台具有公网i ...
- 使用内网穿透frp做远程桌面连接
索引 安装服务端 以windows为服务端安装 以CentOS为服务端安装 安装客户端 开始连接远程 登录控制台 CentOS服务端设置开机自启动 Windows客户端/服务端设置开机自启 参考文章: ...
- 内网穿透------frp配置(服务端客户端配置)超详细的那种~~~
强调:配置文件中每行代码最后一定不要留空格!!! 配置文件中尽量不要有注释,必须写的话,要用符合的语法写: 分号; 第一步:云服务器上域名解析添加(前提是有域名已经备案) 这里有对应操作截图文件 第二 ...
- 内网穿透 frp : 隐藏通信隧道技术
1 frp介绍 注意事项: 1)服务器端和内网机器端下载的版本要相同,否则可能会影响内网穿透 2)根据服务器系统选择合适的脚本 脚本主要分为服务端与客户端文件 1.外网服务器端用到的是Frps和Frp ...
- windows 下frp服务启动_内网穿透frp linux服务端搭建和windows客户端使用
一.Linux 服务端搭建 1.下载安装 wget --no-check-certificate https://raw.githubusercontent.com/clangcn/onekey-in ...
- Armbian魔百盒折腾记4(内网穿透frp、异地组网等)慢更中
好久没发文了. 有时在外面突然想连接一下盒子,但苦于没公网,于是各种折腾,终于勉强实现了. 先写frp,有精力再慢慢更吧. 一.Frp一键部署 本来想以一个实例讲讲的,这段时间事情太多了,先略. 就说 ...
- 手把手教你用frp内网穿透
手把手教你用frp做内网穿透 frp 是一个专注于内网穿透的反向代理应用程序,使用时需要花钱申请公网IP和云服务器,可以将内网服务以安全.便捷的方式通过具有公网 IP 节点的中转暴露到公网. 一.认识 ...
- frp内网穿透SSH
参考博客: 博客1(推荐): https://sspai.com/post/52523 博客2: https://blog.csdn.net/qq_36981760/article/details/1 ...
最新文章
- 石家庄地铁线路查询系统
- 姐告诉你什么是C++,你懂的。
- 舔狗日记网PHP源码
- 牛客网NOIP赛前集训营 提高组 第5场 T2 旅游
- Oracle 中给表添加主键、外键
- php parse url 中文,php parse_url()函数解析URL用法总结
- mysql gtid坑_数据库mysqldump的坑
- 使用本机IP调试web项目
- 虚拟机桥接模式设置IP
- 2021最新软件测试面试题(含答案)
- 果木浪子吉他入门零基础教学(70课时)
- Cannot add foreign key constraint 错误解决办法
- dpi、ppi、apm是什么
- Windows与嵌入式linux设备数据传送工具——tftpd32软件使用说明
- Kubuntu samba安装
- 基本系统调用性能lmbench测试方法和下载
- 动画入门(登陆动画)
- tomcat重启机制
- 本地机连接不上虚拟机?
- RemiLore:少女与异世界与魔导书 简体中文免安装版