FRP
Centos7安装FRP
- 环境:一个域名、一台腾讯云的 centos7.6 服务器和一台内网 centos7.6 服务器
- 场景:实现可以域名通过公网的 IP 地址访问内网的访问
最小化安装&优化
# 更换腾讯云
cd /etc/yum.repos.d/
mkdir bak
mv CentOS-* bak/
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.tencent.com/repo/centos7_base.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.tencent.com/repo/epel-7.repo
yum install -y tree wget lrzsz vim gdisk lsof net-tools bash-completion yum-utils unzip
# 清理yum缓存
yum clean all
# 重新生成缓存
yum makecache
yum -y install wget安装FRP
# 下载FRP
wget https://github.com/fatedier/frp/releases/download/v0.64.0/frp_0.64.0_linux_amd64.tar.gz
tar -xvf frp_0.64.0_linux_amd64.tar.gz
mv frp_0.64.0_linux_amd64 /usr/local/frp配置FRPS
# /usr/local/frp/frps.toml
bindAddr = "0.0.0.0"
bindPort = 7000
auth.method = "token"
auth.token = "XXX_TOKEN"
webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "XXX_USER"
webServer.password = "XXX_PASSWORD"创建Systemd服务
# vim /lib/systemd/system/frps.service
[Unit]
Description=fraps Service
After=network.target syslog.target
Wants=network.target
[Service]
Type=simple
User=root
ExecStart=/usr/local/frp/frps -c /usr/local/frp/frps.toml
Restart=on-failure
StandardOutput=file:/root/frp/frps.log
StandardError=file:/root/frp/frps.log
[Install]
WantedBy=multi-user.target启动并设置开机自启
systemctl daemon-reload
systemctl enable frps --now
systemctl status frps开放服务端口
firewall-cmd --zone=public --add-port=7000/tcp --permanent
firewall-cmd --zone=public --add-port=7500/tcp --permanent
ps -aux|grep frp| grep -v grep场景1:RDP远程(p2p)
服务端frps.toml配置
bindAddr = "0.0.0.0"
bindPort = 7000
auth.method = "token"
auth.token = "XXX_TOKEN"
webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "username"
webServer.password = "XXX_PASSWORD"
# tls
#transport.tls.force = true
#transport.tls.certFile = "/etc/frp/ssl/server.crt"
#transport.tls.keyFile = "/etc/frp/ssl/server.key"
#transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt"
被远程终端frpc.toml配置
serverAddr = "公网IP"
serverPort = 7000
auth.method = "token"
auth.token = "XXX_TOKEN"
[[proxies]]
name = "7735h-rdp"
type = "xtcp"
secretKey = "XXX_SecreKey"
localIP = "127.0.0.1"
localPort = 3389远程终端frpc.toml配置
serverAddr = "公网IP"
serverPort = 7000
auth.method = "token"
auth.token = "XXX_TOKEN"
[[visitors]]
name = "7735h-rdp"
type = "xtcp"
serverName = "7735h-rdp"
secretKey = "XXX_SecreKey"
bindAddr = "0.0.0.0"
bindPort = 60001
keepTunnelOpen = true场景2: http内网映射
服务端frps.toml配置
# frp监听的端口,用作服务端和客户端通信
bindAddr = "0.0.0.0"
bindPort = 7000
auth.method = "token"
auth.token = "XXX_TOKEN"
# frp提供了一个控制台,可以通过这个端口访问到控制台。可查看frp当前有多少代理连接以及对应的状态
webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "username"
webServer.password = "XXX_PASSWORD"
# tls
#transport.tls.force = true
#transport.tls.certFile = "/etc/frp/ssl/server.crt"
#transport.tls.keyFile = "/etc/frp/ssl/server.key"
#transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt"
# 服务端通过此端口接监听和接收公网用户的https请求
vhostHTTPSPort = 44443
# 服务端通过此端口接监听和接收公网用户的http请求
vhostHTTPPort = 44480
# 服务端的subdomain_host需要和客户端配置文件中的subdomain、local_port配合使用,
# 可通过{subdomain}.{subdomain_host} 的域名格式来访问自己本地的 web 服务。
# 假如服务端的subdomain_host为dev.msh.com,客户端某个配置组中的
# subdomain为a,local_port为8585,
# 则:
# 访问 a.dev.msh.com ,等同于访问本地的localhost:8585
subdomainHost = "huangfamily.cn"内网代理终端frpc.toml配置
serverAddr = "公网IP"
serverPort = 7000
auth.method = "token"
auth.token = "XXX_TOKEN"
# ssh
[[proxies]]
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 14022
# http
# 反向代理: https://x.x.x.218:80
[[proxies]]
name = "data"
type = "http"
localPort = 80
subdomain = "data"
# https
# 反向代理: https://x.x.x.218:443
[[proxies]]
name = "vcsa"
type = "tcp"
localIP = "192.168.14.3"
localPort = 443
remotePort = 14443转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以邮件至 hjxstart@126.com
