概述 frp 是一个专注于内网穿透的高性能的反向代理应用,支持 TCP、UDP、HTTP、HTTPS 等多种协议。可以将内网服务以安全、便捷的方式通过具有公网 IP 节点的中转暴露到公网。frp 采用 Golang 编写,所以只需要下载对应的客户端即可,麻烦一些的是需要自己编写适合自己的配置文件。
地址 项目地址:https://github.com/fatedier/frp
中文文档地址:https://gofrp.org/docs/examples/vhost-http/
下载地址:https://github.com/fatedier/frp/releases
文件说明 下载解压完成后
1 2 3 4 5 6 frpc # 客户端二进制文件 frpc_full.ini # 客户端配置文件完整示例 frpc.ini # 客户端配置文件 frps # 服务端二进制文件 frps_full.ini # 服务端配置文件完整示例 frps.in1 # 服务端配置文件
frps_full.ini 有需要的时候方便查阅用,如无需要可以跳过文件说明这一段
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 [common] bind_addr = 0.0 .0.0 bind_port = 7000 bind_udp_port = 7001 kcp_bind_port = 7000 vhost_http_port = 80 vhost_https_port = 4433 dashboard_addr = 0.0 .0.0 dashboard_port = 7500 dashboard_user = admindashboard_pwd = adminenable_prometheus = true log_file = ./frps.loglog_level = infolog_max_days = 3 disable_log_color = false detailed_errors_to_client = true authentication_method = tokenauthenticate_heartbeats = false authenticate_new_work_conns = false token = 12345678 oidc_issuer = oidc_audience = oidc_skip_expiry_check = false oidc_skip_issuer_check = false allow_ports = 2000 -3000 ,3001 ,3003 ,4000 -50000 max_pool_count = 5 max_ports_per_client = 0 tls_only = false subdomain_host = frps.comudp_packet_size = 1500 pprof_enable = false [plugin.user-manager] addr = 127.0 .0.1 :9000 path = /handlerops = Login[plugin.port-manager] addr = 127.0 .0.1 :9001 path = /handlerops = NewProxy
frpc_full.ini 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 [common] server_addr = 0.0 .0.0 server_port = 7000 log_file = ./frpc.loglog_level = infolog_max_days = 3 disable_log_color = false authenticate_heartbeats = false authenticate_new_work_conns = false token = 12345678 oidc_client_id = oidc_client_secret = oidc_audience = oidc_token_endpoint_url = admin_addr = 127.0 .0.1 admin_port = 7400 admin_user = adminadmin_pwd = adminpool_count = 5 user = your_namelogin_fail_exit = true protocol = tcpconnect_server_local_ip = 0.0 .0.0 tls_enable = true meta_var1 = 123 meta_var2 = 234 udp_packet_size = 1500 disable_custom_tls_first_byte = false pprof_enable = false [ssh] type = tcplocal_ip = 127.0 .0.1 local_port = 22 bandwidth_limit = 1 MBuse_encryption = false use_compression = false remote_port = 6001 group = test_groupgroup_key = 123456 health_check_type = tcphealth_check_timeout_s = 3 health_check_max_failed = 3 health_check_interval_s = 10 meta_var1 = 123 meta_var2 = 234 [ssh_random] type = tcplocal_ip = 127.0 .0.1 local_port = 22 remote_port = 0 [range:tcp_port] type = tcplocal_ip = 127.0 .0.1 local_port = 6010 -6020 ,6022 ,6024 -6028 remote_port = 6010 -6020 ,6022 ,6024 -6028 use_encryption = false use_compression = false [dns] type = udplocal_ip = 114.114 .114.114 local_port = 53 remote_port = 6002 use_encryption = false use_compression = false [range:udp_port] type = udplocal_ip = 127.0 .0.1 local_port = 6010 -6020 remote_port = 6010 -6020 use_encryption = false use_compression = false [web01] type = httplocal_ip = 127.0 .0.1 local_port = 80 use_encryption = false use_compression = true http_user = adminhttp_pwd = adminsubdomain = web001custom_domains = web001.yourdomain.comlocations = /,/pichost_header_rewrite = example.comheader_X-From-Where = frphealth_check_type = httphealth_check_url = /statushealth_check_interval_s = 10 health_check_max_failed = 3 health_check_timeout_s = 3 [web02] type = httpslocal_ip = 127.0 .0.1 local_port = 8000 use_encryption = false use_compression = false subdomain = web002custom_domains = web02.yourdomain.comproxy_protocol_version = v2[plugin_unix_domain_socket] type = tcpremote_port = 6003 plugin = unix_domain_socketplugin_unix_path = /var/run/docker.sock[plugin_http_proxy] type = tcpremote_port = 6004 plugin = http_proxyplugin_http_user = abcplugin_http_passwd = abc[plugin_socks5] type = tcpremote_port = 6005 plugin = socks5plugin_user = abcplugin_passwd = abc[plugin_static_file] type = tcpremote_port = 6006 plugin = static_fileplugin_local_path = /var/www/blogplugin_strip_prefix = staticplugin_http_user = abcplugin_http_passwd = abc[plugin_https2http] type = httpscustom_domains = test.yourdomain.complugin = https2httpplugin_local_addr = 127.0 .0.1 :80 plugin_crt_path = ./server.crtplugin_key_path = ./server.keyplugin_host_header_rewrite = 127.0 .0.1 plugin_header_X-From-Where = frp[plugin_https2https] type = httpscustom_domains = test.yourdomain.complugin = https2httpsplugin_local_addr = 127.0 .0.1 :443 plugin_crt_path = ./server.crtplugin_key_path = ./server.keyplugin_host_header_rewrite = 127.0 .0.1 plugin_header_X-From-Where = frp[plugin_http2https] type = httpcustom_domains = test.yourdomain.complugin = http2httpsplugin_local_addr = 127.0 .0.1 :443 plugin_host_header_rewrite = 127.0 .0.1 plugin_header_X-From-Where = frp[secret_tcp] type = stcpsk = abcdefglocal_ip = 127.0 .0.1 local_port = 22 use_encryption = false use_compression = false [secret_tcp_visitor] role = visitortype = stcpserver_name = secret_tcpsk = abcdefgbind_addr = 127.0 .0.1 bind_port = 9000 use_encryption = false use_compression = false [p2p_tcp] type = xtcpsk = abcdefglocal_ip = 127.0 .0.1 local_port = 22 use_encryption = false use_compression = false [p2p_tcp_visitor] role = visitortype = xtcpserver_name = p2p_tcpsk = abcdefgbind_addr = 127.0 .0.1 bind_port = 9001 use_encryption = false use_compression = false [tcpmuxhttpconnect] type = tcpmuxmultiplexer = httpconnectlocal_ip = 127.0 .0.1 local_port = 10701 custom_domains = tunnel1
简单的配置 使用二级域名解析的前提条件,主域名和指定的二级域名都要指向服务器
比如主域名:365day.top
,再加一条泛解析:*.365day.top
,这两条记录全部解析到服务器,这样就可以在客户端随意配置 subdomain
了
配置 frp sever 实际使用肯定不需要那么麻烦,只需要简单的配置一下服务端和客户端即可
frps.ini
的配置示例,注意放通对应的防火墙端口
1 2 3 4 5 6 7 8 9 10 11 12 13 [common] bind_addr = 0.0 .0.0 bind_port = 7000 vhost_http_port = 80 token = 12345678 subdomain_host = 365 day.top
我将 frps
和 frps.ini
放到了 /opt/frp
目录下,将其注册为系统服务(注意给 frps 可执行权限)
1 vim /etc/systemd/system/frps.service
配置文件内容如下
1 2 3 4 5 6 7 8 9 10 11 12 [Unit] Description = frp serverAfter = network.target syslog.targetWants = network.target[Service] Type = simpleExecStart = /opt/frp/frps -c /opt/frp/frps.ini[Install] WantedBy = multi-user.target
重新载入服务的配置文件
运行服务,并查看运行状态,没问题的话设置开机启动
1 2 3 systemctl start frps.service systemctl status frps.service systemctl enable frps.service
配置 frp client 1 2 3 4 5 6 7 8 9 10 11 12 13 14 [common] server_addr = 365 day.topserver_port = 7000 token = 12345678 [alist_server] type = httplocal_ip = 127.0 .0.1 local_port = 80 subdomain = alist
配置完成后和 frpc 放到一起,运行后就可以使用:alist.365day.top
访问 alist 服务了(我在本地开启了 alist 的服务,占用的 80 端口)
总结 这里只是简单的配置并实现了正常使用,如果需要启用 https,简单一些的还是需要配置 nginx,这里暂时不做研究。