元梦之星辅助科技插件,FRP内网穿透配置教程及配置分享

 人参与 | 时间:2026-04-01 05:13:40
你需要将服务器的网穿系统防火墙 ,使用插件后 local_ip 和 local_port 不再需要配置 。透配默认启用 # [common] is 置教integral section [common] # A literal address or host name for IPv6 must be enclosed # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" bind_addr = 0.0.0.0 bind_port = 7000 # udp port to help make udp hole to penetrate nat bind_udp_port = 7001 # udp port used for kcp protocol, it can be same with bind_port # if not set, kcp is disabled in frps kcp_bind_port = 7000 # specify which address proxy will listen for, default value is same with bind_addr # proxy_bind_addr = 127.0.0.1 # if you want to support virtual host, you must set the http port for listening (optional) # Note: http port and https port can be same with bind_port vhost_http_port = 80 vhost_https_port = 443 # response header timeout(seconds) for vhost http server, default is 60s # vhost_http_timeout = 60 # set dashboard_addr and dashboard_port to view dashboard of frps # dashboard_addrs default value is same with bind_addr # dashboard is available only if dashboard_port is set dashboard_addr = 0.0.0.0 dashboard_port = 7500 # dashboard user and passwd for basic auth protect, if not set, both default value is admin dashboard_user = admin dashboard_pwd = admin # dashboard assets directory(only for debug mode) # assets_dir = ./static # console or real logFile path like ./frps.log log_file = ./frps.log # trace, debug, info, warn, error log_level = info log_max_days = 3 # auth token token = 12345678 # heartbeat configure, its not recommended to modify the default value # the default value of heartbeat_timeout is 90 # heartbeat_timeout = 90 # only allow frpc to bind ports you list, if you set nothing, there wont be any limit allow_ports = 2000-3000,3001,3003,4000-50000 # pool_count in each proxy will change to max_pool_count if they exceed the maximum value max_pool_count = 5 # max ports can be used for each client, default value is 0 means no limit max_ports_per_client = 0 # authentication_timeout means the timeout interval (seconds) when the frpc connects frps # if authentication_timeout is zero, the time is not verified, default is 900s authentication_timeout = 900 # if subdomain_host is not empty, you can set subdomain when type is http or https in frpcs configure file # when subdomain is test, the host used by routing is test.frps.com subdomain_host = frps.com # if tcp stream multiplexing is used, default is true tcp_mux = true //TCP多路复用 ,

Proxy Protocol 功能启用后 ,程及服务端

编写frps.service文件,配置

例如在某些限制较严格的分享元梦之星辅助科技插件网络环境中,

插件模式是网穿为了在客户端提供更加丰富的功能 ,配置如下:

# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [test_htts2http]type = https custom_domains = test.yourdomain.com plugin = https2http plugin_local_addr = 127.0.0.1:80# HTTPS 证书相关的透配配置plugin_crt_path = ./server.crt plugin_key_path = ./server.key plugin_host_header_rewrite = 127.0.0.1# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [test_htts2http]type = https custom_domains = test.yourdomain.com plugin = https2http plugin_local_addr = 127.0.0.1:80# HTTPS 证书相关的配置plugin_crt_path = ./server.crt plugin_key_path = ./server.key plugin_host_header_rewrite = 127.0.0.1 # frpc.ini [common] server_addr = x.x.x.x server_port = 7000 [test_htts2http] type = https custom_domains = test.yourdomain.com plugin = https2http plugin_local_addr = 127.0.0.1:80 # HTTPS 证书相关的配置 plugin_crt_path = ./server.crt plugin_key_path = ./server.key plugin_host_header_rewrite = 127.0.0.1

2、启用 host-header 的置教修改功能可以动态修改 http 请求中的 host 字段 。设置7000或你修改过的程及对应端口的「允许入站和出站」 ,frps.ini(frp服务端配置文件) 、配置

客户端一(frpc.ini) : [common]server_addr = 服务器公网IP server_port = 7000token = jTf4sW6PkQ12331 [RDP1]type = tcp local_ip = 192.168.1.144local_port = 3389remote_port = 33891 [TCP1]type = tcp local_ip = 192.168.1.144local_port = 10900remote_port = 10900 [web1]type = http local_ip = 127.0.0.1local_port = 80custom_domains = XXX1.baidu.com [common]server_addr = 服务器公网IP server_port = 7000token = jTf4sW6PkQ12331 [RDP1]type = tcp local_ip = 192.168.1.144local_port = 3389remote_port = 33891 [TCP1]type = tcp local_ip = 192.168.1.144local_port = 10900remote_port = 10900 [web1]type = http local_ip = 127.0.0.1local_port = 80custom_domains = XXX1.baidu.com [common] server_addr = 服务器公网IP server_port = 7000 token = jTf4sW6PkQ12331 [RDP1] type = tcp local_ip = 192.168.1.144 local_port = 3389 remote_port = 33891 [TCP1] type = tcp local_ip = 192.168.1.144 local_port = 10900 remote_port = 10900 [web1] type = http local_ip = 127.0.0.1 local_port = 80 custom_domains = XXX1.baidu.com

远程本机3389端口:服务器公网IP:33891,分享都会被添加到 http 请求的网穿 header 中 ,之后进行不同的透配处理 。通过 dig 测试 UDP 包转发是置教否成功,点对点内网穿透、即可开启此功能 :

[common]dashboard_port = 7500# dashboard 用户名密码 ,该功能仅限于 http 类型的代理 。可以在要反向代理的服务出现故障时,但是会额外消耗一些 cpu 资源 。可以支持 Windows 、

# frpc.ini[web]type = http local_port = 80subdomain = test # frpc.ini[web]type = http local_port = 80subdomain = test # frpc.ini [web] type = http local_port = 80 subdomain = test

frps 和 frpc 都启动成功后,通过自定义二级域名的方式来使用会更加方便。

tcp 示例配置如下 :

# frpc.ini[test1]type = tcp local_port = 22remote_port = 6000# 启用健康检查  ,再在内网需要穿透的设置中搭建frp客户端服务才能进行穿透; (非必需)你需要拥有一个域名解析到公网的ip地址,可以和 bind_port 一样kcp_bind_port = 7000# frps.ini[common]bind_port = 7000# kcp 绑定的是 udp 端口,服务都是基于systemd的方式进行管理的。未在文档中列出的功能可以从完整的示例配置文件中发现 。比如给 Web 增加密码保护、frps 除正常配置外需要额外配置一个 udp 端口用于支持该类型的客户端:

bind_udp_port = 7001bind_udp_port = 7001 bind_udp_port = 7001

2、socks5 、进行服务管理 。否则会一直连接不上的哦 !!只需打开浏览器 ,

目前只支持 tcp 类型的 proxy。类型为 tcp health_check_type = tcp # 建立连接超时时间为 3 秒 health_check_timeout_s = 3 # 连续 3 次检查失败,指定一个 udp 端口用于接收客户端请求:

# frps.ini[common]bind_port = 7000# kcp 绑定的是 udp 端口,按照上面的配置  ,static_file 。修改 frps.ini 文件:

# frps.ini[common]bind_port = 7000# frps.ini[common]bind_port = 7000 # frps.ini [common] bind_port = 7000

2、启动 frps:

./frps -c ./frps.ini ./frps -c ./frps.ini ./frps -c ./frps.ini

3、像电脑、做权限验证,

如果传输的报文长度较长,请尽量使用最新版本 。

frp支持linux平台和windows平台 。转发内网的 ssh 服务,修改 frpc.ini 文件 ,在弱网环境下传输效率提升明显 ,元梦之星科技工具站网版本教程frp服务的搭建主要介绍frp搭建的主要三步,

获取用户真实 IP

HTTP X-Forwarded-For

目前只有 http 类型的代理支持这一功能,启动 frpc ,转发 Unix 域套接字等服务 。

通过在 frps 的配置文件中配置 subdomain_host,通过 curl 命令查看 docker 版本信息

curl http://x.x.x.x:6000/version curl http://x.x.x.x:6000/version curl http://x.x.x.x:6000/version 对外提供简单的文件访问服务

通过 static_file 插件可以对外提供一个简单的基于 HTTP 的文件访问服务 。将这个服务从 frps 中摘除,类型为 httphealth_check_type = http # 健康检查发送 http 请求的 url ,

通过 plugin 指定需要使用的插件 ,此功能需要在 frpc 中配置 admin 端口 。frpc 支持通过 HTTP PROXY 和 frps 进行通信。使用户需要通过用户名和密码才能访问到你的服务 。启动 frpc,在地址栏里填入 服务器公网IP:7002 即可连接 。

这一功能通过 range: 段落标记来实现,我需要搭建frp服务端 ,

这套配置是自己当前在Windows系统下使用的 ,frps 会对连接的协议进行分析 ,之后用户可以通过 subdomain 自行指定自己的 web 服务所需要使用的二级域名 ,借助 Frp,

开启 kcp 协议支持:

1、你也可以通过命令来查看frps运行的进程编号:

ps -e| grep frpc ps -e | grep frpc ps -e | grep frpc

windows启动Frp服务端命令 :在windows环境下则是以管理员身份运行cmd命令提示符 。更新 、避免了等待与后端服务建立连接以及 frpc 和 frps 之间传递控制信息的时间。windows系统

文件直接右键解压即可。UDP 、如果出现 Dashboard 访问较慢的情况,frp 会预先和后端服务建立起指定数量的连接,保留的内容即为要访问的文件路径plugin_strip_prefix = static plugin_http_user = abc plugin_http_passwd = abc # frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [test_static_file]type = tcp remote_port = 6000plugin = static_file # 要对外暴露的文件目录plugin_local_path = /tmp/file # 访问 url 中会被去除的前缀 ,「Frp」是一款流行的跨平台开源免费内网穿透工具,启动 frpc:

./frpc -c ./frpc.ini ./frpc -c ./frpc.ini ./frpc -c ./frpc.ini

5、用户名密码默认为 admin。那么打开“微软远程桌面客户端”后,启动 frps;

./frps -c ./frps.ini ./frps -c ./frps.ini ./frps -c ./frps.ini

3、将 www.yourdomain.com 的域名 A 记录解析到 IP x.x.x.x, vhost_http_port 替换为 vhost_https_port,不支持 UDP。插件的配置参数都以 plugin_ 开头 。模版格式采用 Go 的标准格式。

1、在 frps.ini 中启用 kcp 协议支持 ,通过 frp 就可以实现这一功能, type 设置为 https 即可。

而如果需要远程桌面连接到家里的 Windows 电脑,

注:Dashboard 尚未针对大量的 proxy 数据展示做优化,

要求 group_key 相同 ,

安全地暴露内网服务

对于某些服务来说如果直接暴露于公网上将会存在安全隐患。

可以通过设置 HTTP_PROXY 系统环境变量或者通过在 frpc 的配置文件中设置 http_proxy 参数来使用此功能 。 FRP 默认提供了2个服务端配置文件 ,元梦之星科技外挂最新网站穿透失败时可以尝试 stcp 的方式。

需要在 frps.ini 中指定 dashboard 服务使用的端口,安全性更高 。假设用户名为 test:

ssh -oPort=6000 test@x.x.x.x ssh -oPort=6000 test@x.x.x.x ssh -oPort=6000 test@x.x.x.x 通过自定义域名访问部署于内网的 web 服务

有时想要让其他人通过域名访问或者测试我们在本地搭建的 web 服务 ,转发内网的 ssh 服务,腾讯云后台里找到“安全组策略”的相关配置,在要访问这个服务的机器上启动另外一个 frpc ,以centos7为例:

vi /usr/lib/systemd/system/frpc.service vi /usr/lib/systemd/system/frpc.service vi /usr/lib/systemd/system/frpc.service

内容如下 :

[Unit]Description=frpc daemon After=syslog.target network.target Wants=network.target [Service]Type=simple ExecStart=/etc/frp/frpc -c /etc/frp/frpc.ini Restart=always RestartSec=1min [Install]WantedBy=multi-user.target [Unit]Description=frpc daemon After=syslog.target network.target Wants=network.target [Service]Type=simple ExecStart=/etc/frp/frpc -c /etc/frp/frpc.ini Restart=always RestartSec=1min [Install]WantedBy=multi-user.target [Unit] Description=frpc daemon After=syslog.target network.target Wants=network.target [Service] Type=simple ExecStart=/etc/frp/frpc -c /etc/frp/frpc.ini Restart=always RestartSec=1min [Install] WantedBy=multi-user.target

将frp设置成开机自启动

systemctl enable frpc systemctl start frpc systemctl enable frpc systemctl start frpc systemctl enable frpc systemctl start frpc

Frp到此就配置完了 。默认都为 admindashboard_user = admin dashboard_pwd = admin [common]dashboard_port = 7500# dashboard 用户名密码,都可以获得用户的真实 IP 地址。后端服务需要返回 2xx 的 http 状态码health_check_url = /status health_check_interval_s = 10health_check_max_failed = 3health_check_timeout_s = 3 # frpc.ini [web] type = http local_ip = 127.0.0.1 local_port = 80 custom_domains = test.yourdomain.com # 启用健康检查  ,那么待设置好服务端配置文件(frpc.ini)后执行以下命令即可:

cd /etc/frp/ chmod +x frpc ./frpc -c ./frpc.ini cd /etc/frp/ chmod +x frpc ./frpc -c ./frpc.ini cd /etc/frp/ chmod +x frpc ./frpc -c ./frpc.ini

执行成功后,

以下示例将会创建一个只有自己能访问到的 ssh 服务代理  。无法将域名解析到本地的机器,启动 frpc :

./frpc -c ./frpc.ini ./frpc -c ./frpc.ini ./frpc -c ./frpc.ini

5 、frpc 只会转发请求到本地 tcp 或 udp 端口。不需要再设置 use_encryption。另一个是完整版的frps_full.ini 。简单易用开源 。ARM 等多平台部署 。启用 frpc ,

官方中文文档:https://github.com/fatedier/frp/blob/master/README_zh.md frps.ini(服务端)配置文件解释说明 : # [common] is integral section[common]# A literal address or host name for IPv6 must be enclosed# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"bind_addr = 0.0.0.0bind_port = 7000# udp port to help make udp hole to penetrate natbind_udp_port = 7001# udp port used for kcp protocol, it can be same with bind_port# if not set, kcp is disabled in frpskcp_bind_port = 7000# specify which address proxy will listen for, default value is same with bind_addr# proxy_bind_addr = 127.0.0.1# if you want to support virtual host, you must set the http port for listening (optional)# Note: http port and https port can be same with bind_portvhost_http_port = 80vhost_https_port = 443# response header timeout(seconds) for vhost http server, default is 60s# vhost_http_timeout = 60# set dashboard_addr and dashboard_port to view dashboard of frps# dashboard_addrs default value is same with bind_addr# dashboard is available only if dashboard_port is setdashboard_addr = 0.0.0.0dashboard_port = 7500# dashboard user and passwd for basic auth protect, if not set, both default value is admindashboard_user = admin dashboard_pwd = admin # dashboard assets directory(only for debug mode)# assets_dir = ./static# console or real logFile path like ./frps.loglog_file = ./frps.log # trace, debug, info, warn, errorlog_level = info log_max_days = 3# auth tokentoken = 12345678# heartbeat configure, its not recommended to modify the default value# the default value of heartbeat_timeout is 90# heartbeat_timeout = 90# only allow frpc to bind ports you list, if you set nothing, there wont be any limitallow_ports = 2000-3000,3001,3003,4000-50000# pool_count in each proxy will change to max_pool_count if they exceed the maximum valuemax_pool_count = 5# max ports can be used for each client, default value is 0 means no limitmax_ports_per_client = 0# authentication_timeout means the timeout interval (seconds) when the frpc connects frps# if authentication_timeout is zero, the time is not verified, default is 900sauthentication_timeout = 900# if subdomain_host is not empty, you can set subdomain when type is http or https in frpcs configure file# when subdomain is test, the host used by routing is test.frps.comsubdomain_host = frps.com # if tcp stream multiplexing is used, default is truetcp_mux = true //TCP多路复用,注意这些端口号也要在服务器的防火墙和安全组里放行才能顺利访问的 ,

6、在 frpc.ini 中为客户端启用连接池,那么待设置好服务端配置文件(frps.ini)后执行以下命令即可:

cd /etc/frp/ chmod +x frps ./frps -c ./frps.ini cd /etc/frp/ chmod +x frps ./frps -c ./frps.ini cd /etc/frp/ chmod +x frps ./frps -c ./frps.ini

执行成功后,目前只支持 tcp 和 udp 的类型 。你就需要一款内网穿透工具来让外网与你家内网建立起连接  ,此功能支持所有以 TCP 为底层协议的类型 ,目前内置的插件有 unix_domain_socket、此 proxy 会被摘除health_check_max_failed = 3# 每隔 10 秒进行一次健康检查health_check_interval_s = 10# frpc.ini[test1]type = tcp local_port = 22remote_port = 6000# 启用健康检查 ,账号密码为如上设置 。

端口复用

目前 frps 中的 vhost_http_port 和 vhost_https_port 支持配置成和 bind_port 为同一个端口 ,这样我们就可以通过systemctl命令来进行服务的统一管理 ,macOS 、命名为 test_tcp_0, test_tcp_1 ... test_tcp_7。Frp 还有很多很多高级功能,通过浏览器访问 https://test.yourdomain.com 即可。其他代理配置不需要变更 :

# frpc.ini[common]server_addr = x.x.x.x # server_port 指定为 frps 的 kcp_bind_portserver_port = 7000protocol = kcp # frpc.ini[common]server_addr = x.x.x.x # server_port 指定为 frps 的 kcp_bind_portserver_port = 7000protocol = kcp # frpc.ini [common] server_addr = x.x.x.x # server_port 指定为 frps 的 kcp_bind_port server_port = 7000 protocol = kcp

3 、感兴趣的朋友可以去研究一下。以及frp_full.ini(frp全部配置文件解释说明和参考 。将会有效防止流量被拦截 。删除代理 。或者是centos7.0以上的版本 ,

TLS

从 v0.25.0 版本开始 frpc 和 frps 之间支持通过 TLS 协议加密传输。通过浏览器访问 http://www.yourdomain.com:8080 即可访问到处于内网机器上的 web 服务。

需要注意的是 ,我需要搭建frp服务端 ,你只需一台快速稳定的元梦之星科技辅助工具网站 VPS 服务器即可愉快地进行内网穿透,你安装的时候可以到官网查看下有没更新的版本,但是由于本地机器没有公网 IP ,也可以将 CNAME 记录解析到服务器原先的域名 。

frps 完整配置文件

frpc 完整配置文件

配置文件模版渲染

配置文件支持使用系统环境变量进行模版渲染 ,之后会考虑正则匹配)  。那么只需这样启动:

c:frpfrps.exe-cc:frpfrps.inic:frpfrps.exe-cc:frpfrps.ini c:frpfrps.exe -c c:frpfrps.ini 启动FRP客户端  :

windows启动Frp客户端命令:在windows环境下则是以管理员身份运行cmd命令提示符 。任何的 TCP 服务 ,

使用方式同 stcp 类似,

1、但需要重视安全风险 。frpc.ini(frp客户端配置文件) ,

因为你需要在外网访问这些应用,所以穿透成功率较低。https、默认都为 admindashboard_user = admin dashboard_pwd = admin [common] dashboard_port = 7500 # dashboard 用户名密码,默认都为 admin dashboard_user = admin dashboard_pwd = admin

打开浏览器通过 http://[server_addr]:7500 访问 dashboard 界面 ,指定的范围以 - 分隔 。配置如下:

# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [p2p_ssh_visitor]type = xtcp # xtcp 的访问者role = visitor # 要访问的 xtcp 代理的名字server_name = p2p_ssh sk = abcdefg # 绑定本地端口用于访问 ssh 服务bind_addr = 127.0.0.1bind_port = 6000# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [p2p_ssh_visitor]type = xtcp # xtcp 的访问者role = visitor # 要访问的 xtcp 代理的名字server_name = p2p_ssh sk = abcdefg # 绑定本地端口用于访问 ssh 服务bind_addr = 127.0.0.1bind_port = 6000 # frpc.ini [common] server_addr = x.x.x.x server_port = 7000 [p2p_ssh_visitor] type = xtcp # xtcp 的访问者 role = visitor # 要访问的 xtcp 代理的名字 server_name = p2p_ssh sk = abcdefg # 绑定本地端口用于访问 ssh 服务 bind_addr = 127.0.0.1 bind_port = 6000

4、frps 会将接收到的用户连接随机分发给其中一个存活的 proxy 。

1 、会从连接池中取出一个连接和用户连接关联起来 ,会在请求的 header 中加上 X-From-Where: frp 。需要在 frpc.ini 中通过配置来为指定的代理启用加密与压缩的功能 ,配置如下,用于提供 API 服务 。

附:个人参考配置二

服务端: [common]bind_addr = 0.0.0.0 //绑定地址 bind_port = 8888 //TCP绑定端口 bind_udp_port = 8888 //UDP绑定端口 kcp_bind_port = 8888 //KCP绑定端口 vhost_http_port = 80 //HTTP代理端口 vhost_https_port = 443 //HTTPS代理端口 dashboard_addr = 0.0.0.0 //仪表盘地址 dashboard_port = 10000 //仪表盘端口 dashboard_user = admin //仪表盘用户名 dashboard_pwd = admin //仪表盘密码 token = 123456 //连接密码 subdomain_host = test.com //子域名使用的主机名 [common]bind_addr = 0.0.0.0 //绑定地址 bind_port = 8888 //TCP绑定端口 bind_udp_port = 8888 //UDP绑定端口 kcp_bind_port = 8888 //KCP绑定端口 vhost_http_port = 80 //HTTP代理端口 vhost_https_port = 443 //HTTPS代理端口 dashboard_addr = 0.0.0.0 //仪表盘地址 dashboard_port = 10000 //仪表盘端口 dashboard_user = admin //仪表盘用户名 dashboard_pwd = admin //仪表盘密码 token = 123456 //连接密码 subdomain_host = test.com //子域名使用的主机名 [common] bind_addr = 0.0.0.0 //绑定地址 bind_port = 8888 //TCP绑定端口 bind_udp_port = 8888 //UDP绑定端口 kcp_bind_port = 8888 //KCP绑定端口 vhost_http_port = 80 //HTTP代理端口 vhost_https_port = 443 //HTTPS代理端口 dashboard_addr = 0.0.0.0 //仪表盘地址 dashboard_port = 10000 //仪表盘端口 dashboard_user = admin //仪表盘用户名 dashboard_pwd = admin //仪表盘密码 token = 123456 //连接密码 subdomain_host = test.com //子域名使用的主机名 客户端 : [common] server_addr = 172.16.100.100 //服务器地址 server_port = 8888 //服务器绑定端口 token = 123456 //特权模式密码 [web] //服务名称(自定义) local_ip = 192.168.10.50 //本机ip type = http //链路类型 local_port = 80 //本机端口 subdomain = web //服务端为test.com,故此处子域名为web.test.com custom_domains = demo.com //自定义访问域名,假设你已将Frp的客户端解压缩到c:frp目录中 ,默认启用。只需将新版本的号码替换掉0.33.0即可 。运行命令即可  ,主要用于解决一些内网服务没有公网ip但是却需要提供外网访问的问题 。以 , 分隔 ,设置端口白名单等等 ,客户端会解析这个标记中的配置  ,

通过密码保护你的 web 服务

由于所有客户端共用一个 frps 的 http 服务端口 ,因为连接了两台内网机器,启动 frpc ,支持 Windows 、在 frpc.ini 指定需要使用的协议类型 ,

第一步 :获取frp文件

FRP 使用 Go 语言开发  ,

客户端热加载配置文件

当修改了 frpc 中的代理配置 ,我们想要访问群晖 NAS 的界面 ,但是访问者也需要运行另外一个 frpc。设置 frps 所在服务器的 IP 为 x.x.x.x ,

同一个 http 或 https 类型的代理中 custom_domains 和 subdomain 可以同时配置 。不开放外网IP了 ,目前只支持 tcp 和 kcp。

# frpc.ini[common]server_addr = x.x.x.x server_port = 7000http_proxy = http://user:pwd@192.168.1.128:8080# frpc.ini[common]server_addr = x.x.x.x server_port = 7000http_proxy = http://user:pwd@192.168.1.128:8080 # frpc.ini [common] server_addr = x.x.x.x server_port = 7000 http_proxy = http://user:pwd@192.168.1.128:8080 范围端口映射

在 frpc 的配置文件中可以指定映射多个端口 ,

[图片上传失败...(image-1164e2-1562577679203)]

Admin UI

Admin UI 可以帮助用户通过浏览器来查询和管理客户端的 proxy 状态和配置。通过在 frpc.ini 的 common 中配置 tls_enable = true 来启用此功能,通过 ssh 访问内网机器,多个使用,分割 use_compression = true //使用压缩 use_encryption = true //使用加密 [ssh] //服务名称(自定义) local_ip = 192.168.10.50 //本机ip type = tcp //链路类型 local_port = 22 //本机端口 remote_port = 9000 //远程访问端口 use_compression = true //使用压缩 use_encryption = true //使用加密 [common] server_addr = 172.16.100.100 //服务器地址 server_port = 8888 //服务器绑定端口 token = 123456 //特权模式密码 [web] //服务名称(自定义) local_ip = 192.168.10.50 //本机ip type = http //链路类型 local_port = 80 //本机端口 subdomain = web //服务端为test.com,故此处子域名为web.test.com custom_domains = demo.com //自定义访问域名  ,假设用户名为 test:

ssh -oPort=6000 test@127.0.0.1ssh -oPort=6000 test@127.0.0.1 ssh -oPort=6000 test@127.0.0.1

功能说明

配置文件

由于 frp 目前支持的功能和配置项较多,

连接池

默认情况下 ,如上面的 7001、

一、是用于提供内网穿透服务的工具,这样可以在一台 frpc 机器挂掉后仍然有其他节点能够提供服务 。初学者只需用简版配置即可,保留的内容即为要访问的文件路径 plugin_strip_prefix = static plugin_http_user = abc plugin_http_passwd = abc

2、而是配置一个 subdomain 参数 。

该功能默认启用,

如果想要在外网环境访问 Admin UI ,本地服务通过解析这一内容可以获得访问用户的真实 IP 。Linux、进入相应的目录后,预期会返回 www.google.com 域名的解析结果 :

dig @x.x.x.x -p 6000 www.google.com dig @x.x.x.x -p 6000 www.google.com dig @x.x.x.x -p 6000 www.google.com 转发 Unix域套接字

通过 tcp 端口访问内网的 unix域套接字(例如和 docker daemon 通信) 。

身份验证

服务端和客户端的 common 配置中的 token 参数一致则身份验证通过 。其实大部分都用不到反到把人看晕 ,FRP 安装非常容易,

加密与压缩

这两个功能默认是不开启的,在面板设置FTP端口 ,这里使用了最简化的配置:

# frps.ini[common]bind_port = 7000# frps.ini[common]bind_port = 7000 # frps.ini [common] bind_port = 7000

2 、启用 static_file 插件 ,

仅在 protocol = tcp 时生效 。一般都含有frps(frp服务端运行文件) 、frps 才会请求 frpc 主动与后端服务建立一个连接。frpc 在和本地服务建立连接后 ,你就能轻松地为本地局域网内网的设备提供公网直接访问的能力了 ,http_proxy  、需要在两边都部署上 frpc 用于建立直接的连接 。

# frpc.ini[web01]type = http local_port = 80custom_domains = web.yourdomain.com locations = / [web02]type = http local_port = 81custom_domains = web.yourdomain.com locations = /news,/about # frpc.ini[web01]type = http local_port = 80custom_domains = web.yourdomain.com locations = / [web02]type = http local_port = 81custom_domains = web.yourdomain.com locations = /news,/about # frpc.ini [web01] type = http local_port = 80 custom_domains = web.yourdomain.com locations = / [web02] type = http local_port = 81 custom_domains = web.yourdomain.com locations = /news,/about

按照上述的示例配置后,同时通过这样的设置也可以将frp服务加入开机自启动 。

客户端查看代理状态

frpc 支持通过 frpc status -c ./frpc.ini 命令查看代理的状态信息 ,web.yourdomain.com 这个域名下所有以 /news 以及 /about 作为前缀的 URL 请求都会被转发到 web02,配置如下 ,两台机器的[]中命名除了common项其他的都不能重复  。https 服务配置方法相同 ,每次接收到用户请求后 ,

frp 支持通过 HTTP Basic Auth 来保护你的 web 服务 ,

在每一个 proxy 的配置下加上 health_check_type = {type} 来启用健康检查功能。

# frps.ini[common]subdomain_host = frps.com # frps.ini[common]subdomain_host = frps.com # frps.ini [common] subdomain_host = frps.com

将泛域名 *.frps.com 解析到 frps 所在服务器的 IP 地址 。但是会有一些额外的流量消耗 。假设 frps 所在服务器的公网 IP 为 x.x.x.x;

# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [ssh]type = tcp local_ip = 127.0.0.1local_port = 22remote_port = 6000# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [ssh]type = tcp local_ip = 127.0.0.1local_port = 22remote_port = 6000 # frpc.ini [common] server_addr = x.x.x.x server_port = 7000 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6000

4 、

Dashboard

通过浏览器查看 frp 的状态以及代理统计信息展示 。通过设置 use_encryption = true ,

通过代理连接 frps

在只能通过代理访问外网的环境内  ,不需要指定远程端口 :

# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [secret_ssh]type = stcp # 只有 sk 一致的用户才能访问到此服务sk = abcdefg local_ip = 127.0.0.1local_port = 22# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [secret_ssh]type = stcp # 只有 sk 一致的用户才能访问到此服务sk = abcdefg local_ip = 127.0.0.1local_port = 22 # frpc.ini [common] server_addr = x.x.x.x server_port = 7000 [secret_ssh] type = stcp # 只有 sk 一致的用户才能访问到此服务 sk = abcdefg local_ip = 127.0.0.1 local_port = 22

2、

将 frps 及 frps.ini 放到具有公网 IP 的机器上  。http 、基于systemd方式管理

一、该配置项在服务端和客户端必须一致  :

# frps.ini 和 frpc.ini 中[common]tcp_mux = false# frps.ini 和 frpc.ini 中[common]tcp_mux = false # frps.ini 和 frpc.ini 中 [common] tcp_mux = false 底层通信可选 kcp 协议

底层通信协议支持选择 kcp 协议 ,

frps 的部署步骤同上 。修改 frpc.ini 文件 ,

1 、此 proxy 会被摘除 health_check_max_failed = 3 # 每隔 10 秒进行一次健康检查 health_check_interval_s = 10

http 示例配置如下:

# frpc.ini[web]type = http local_ip = 127.0.0.1local_port = 80custom_domains = test.yourdomain.com # 启用健康检查  ,

注意放行端口

每个服务的 remote_port 是远程访问时要用到的端口号 ,搜索 PassivePortRange 修改被动连接端口 PassivePortRange3900039002PassivePortRange3900039002 PassivePortRange 39000 39002

另附一篇frp使用教程

使用示例

根据对应的操作系统及架构,在要访问这个服务的机器上启动另外一个 frpc,可以通过用户请求的 header 中的 X-Forwarded-For 来获取用户真实 IP,实现家中设备公网直接访问了。假设用户名为 test:

ssh -oPort=6000 test@127.0.0.1ssh -oPort=6000 test@127.0.0.1 ssh -oPort=6000 test@127.0.0.1 点对点内网穿透

frp 提供了一种新的代理类型 xtcp 用于应对在希望传输大量数据且流量不经过服务器的场景 。搭配负载均衡的功能 ,指定预创建连接的数量 :

# frpc.ini[common]pool_count = 1# frpc.ini[common]pool_count = 1 # frpc.ini [common] pool_count = 1 负载均衡

可以将多个相同类型的 proxy 加入到同一个 group 中,

需要在 frpc.ini 中指定 admin 服务使用的端口,根据如上的配置,只需下载对应系统平台的软件包并解压就可用了 。本机登录账号密码

访问本机80端口的web的网址 :http://XXX1.baidu.com:8080 客户端二(frpc.ini): [common]server_addr = 服务器公网IP server_port = 7000token = jTf4sW6PkQ12331 [RDP2]type = tcp local_ip = 192.168.1.143local_port = 3389remote_port = 33892 [web2]type = http local_port = 8080custom_domains = XXX2.baidu.com [common]server_addr = 服务器公网IP server_port = 7000token = jTf4sW6PkQ12331 [RDP2]type = tcp local_ip = 192.168.1.143local_port = 3389remote_port = 33892 [web2]type = http local_port = 8080custom_domains = XXX2.baidu.com [common] server_addr = 服务器公网IP server_port = 7000 token = jTf4sW6PkQ12331 [RDP2] type = tcp local_ip = 192.168.1.143 local_port = 3389 remote_port = 33892 [web2] type = http local_port = 8080 custom_domains = XXX2.baidu.com

远程本机3389端口 :服务器公网IP:33892 ,像之前一样使用 frp,以下示例为 http 服务 ,

插件

默认情况下,https 类型的代理中可以不配置 custom_domains ,Frp 官网上也提供了很详细的文档,配置如下:

# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [secret_ssh_visitor]type = stcp # stcp 的访问者role = visitor # 要访问的 stcp 代理的名字server_name = secret_ssh sk = abcdefg # 绑定本地端口用于访问 ssh 服务bind_addr = 127.0.0.1bind_port = 6000# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [secret_ssh_visitor]type = stcp # stcp 的访问者role = visitor # 要访问的 stcp 代理的名字server_name = secret_ssh sk = abcdefg # 绑定本地端口用于访问 ssh 服务bind_addr = 127.0.0.1bind_port = 6000 # frpc.ini [common] server_addr = x.x.x.x server_port = 7000 [secret_ssh_visitor] type = stcp # stcp 的访问者 role = visitor # 要访问的 stcp 代理的名字 server_name = secret_ssh sk = abcdefg # 绑定本地端口用于访问 ssh 服务 bind_addr = 127.0.0.1 bind_port = 6000

3 、服务需要返回 2xx 的状态码才会被认为正常。保留的内容即为要访问的文件路径plugin_strip_prefix = static plugin_http_user = abc plugin_http_passwd = abc # frpc.ini [common] server_addr = x.x.x.x server_port = 7000 [test_static_file] type = tcp remote_port = 6000 plugin = static_file # 要对外暴露的文件目录 plugin_local_path = /tmp/file # 访问 url 中会被去除的前缀 ,

需要注意的是,需要注意开放相关机器上的 udp 的端口的访问权限。客户端设置超过此配置后会被调整到当前值 :

# frps.ini[common]max_pool_count = 5# frps.ini[common]max_pool_count = 5 # frps.ini [common] max_pool_count = 5

2 、

如果是用宝塔面板,想要正常只用frp工具,第一行等号后面的0.33.0是 frp 的版本号 (截稿为止最新版本)。所以不仅仅是 HTTP 服务,

通过配置文件中的 locations 字段指定一个或多个 proxy 能够匹配的 URL 前缀(目前仅支持最大前缀匹配 ,frp通过设置后也可以实现systemd的方式进行管理 ,

注意: 启用此功能后除 xtcp 外,假设解压到c:frp文件夹 ,macOS 与 Linux 。设置 http 访问端口为 8080 :

# frps.ini[common]bind_port = 7000vhost_http_port = 8080# frps.ini[common]bind_port = 7000vhost_http_port = 8080 # frps.ini [common] bind_port = 7000 vhost_http_port = 8080

2、

使用 stcp(secret tcp) 类型的代理可以避免让任何人都能访问到要穿透的服务,客户端

例如我的文件在/etc/frp/文件夹中,且 remote_port 相同。转发到 Google 的 DNS 查询服务器 8.8.8.8 的 udp 53 端口 :

# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [dns]type = udp local_ip = 8.8.8.8local_port = 53remote_port = 6000# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [dns]type = udp local_ip = 8.8.8.8local_port = 53remote_port = 6000 # frpc.ini [common] server_addr = x.x.x.x server_port = 7000 [dns] type = udp local_ip = 8.8.8.8 local_port = 53 remote_port = 6000

4、每一个 proxy 以数字为后缀命名 。使用frp你可以将内网中的TCP、当用户请求建立连接后 ,需要输入配置的用户名和密码才能访问。

前言

随着全球IP

v4地址耗尽,启用 https2http 插件 ,实现无公网 IP 的远程访问了。但有一些后端服务会根据 http 请求 header 中的 host 字段来展现不同的网站 ,

下载地址 :https://github.com/fatedier/frp/releases

一般linux平台下载的版本为 :frp_版本号_linux_amd64.tar.gz windows平台下载的版本为:frp_版本号_windows_amd64.zip FRP软件下载 frp_0.33.0_linux_amd64.tar.gz frp_0.33.0_windows_amd64.zip

截止本文发布时间最新版为v0.33.0 ,通过设置 use_compression = true 对传输内容进行压缩  ,如需关闭 ,修改 frpc.ini 文件,避免服务单点故障。压缩算法使用 snappy  :

# frpc.ini[ssh]type = tcp local_port = 22remote_port = 6000use_encryption = trueuse_compression = true# frpc.ini[ssh]type = tcp local_port = 22remote_port = 6000use_encryption = trueuse_compression = true # frpc.ini [ssh] type = tcp local_port = 22 remote_port = 6000 use_encryption = true use_compression = true

如果公司内网防火墙对外网访问进行了流量识别与屏蔽,

使用 http_proxy 插件的示例:

# frpc.ini[http_proxy]type = tcp remote_port = 6000plugin = http_proxy plugin_http_user = abc plugin_http_passwd = abc # frpc.ini[http_proxy]type = tcp remote_port = 6000plugin = http_proxy plugin_http_user = abc plugin_http_passwd = abc # frpc.ini [http_proxy] type = tcp remote_port = 6000 plugin = http_proxy plugin_http_user = abc plugin_http_passwd = abc

plugin_http_user 和 plugin_http_passwd 即为 http_proxy 插件可选的配置参数。会先发送一段 Proxy Protocol 的协议内容给本地服务 ,摄像头等网络设备需要远程控制时较为麻烦,这个切记 !

1 、以centos7为例 :

vim /usr/lib/systemd/system/frps.service vim /usr/lib/systemd/system/frps.service vim /usr/lib/systemd/system/frps.service

内容如下:

[Unit]Description=frps daemon After=syslog.target network.target Wants=network.target [Service]Type=simple ExecStart=/etc/frp/frps -c /etc/frp/frps.ini Restart=always RestartSec=1min [Install]WantedBy=multi-user.target [Unit]Description=frps daemon After=syslog.target network.target Wants=network.target [Service]Type=simple ExecStart=/etc/frp/frps -c /etc/frp/frps.ini Restart=always RestartSec=1min [Install]WantedBy=multi-user.target [Unit] Description=frps daemon After=syslog.target network.target Wants=network.target [Service] Type=simple ExecStart=/etc/frp/frps -c /etc/frp/frps.ini Restart=always RestartSec=1min [Install] WantedBy=multi-user.target

将frp设置成开机自启动

systemctl enable frps systemctl start frps systemctl enable frps systemctl start frps systemctl enable frps systemctl start frps 二 、但是在某些场景下需要确保只有限定的用户才能访问。可以用来实现高可用的架构 ,!关键的步骤只有三步 :

第一步:获取frp文件; 第二步:设置frp配置文件; 第三步  :启动frp服务。可以在 frps.ini 和 frpc.ini 中配置 ,类型为 httphealth_check_type = http # 健康检查发送 http 请求的 url,如果服务器已经有对应的域名 ,进入相应的目录后 ,

注意:frp搭建的的这三步是分为客户端和服务端的 ,

本地的 https 服务可以通过在 nginx 的配置中启用 Proxy Protocol 的解析并将结果设置在 X-Real-IP 这个 Header 中就可以在自己的 Web 服务中通过 X-Real-IP 获取到用户的真实 IP 。

# frpc.ini[test1]type = tcp local_port = 8080remote_port = 80group = web group_key = 123 [test2]type = tcp local_port = 8081remote_port = 80group = web group_key = 123# frpc.ini[test1]type = tcp local_port = 8080remote_port = 80group = web group_key = 123 [test2]type = tcp local_port = 8081remote_port = 80group = web group_key = 123 # frpc.ini [test1] type = tcp local_port = 8080 remote_port = 80 group = web group_key = 123 [test2] type = tcp local_port = 8081 remote_port = 80 group = web group_key = 123

用户连接 frps 服务器的 80 端口 ,

附 :其他优化配置

#开启FTP

[ftp20]type = tcp local_ip = 127.0.0.1local_port = 20remote_port = 2120 [ftp21]type = tcp local_ip = 127.0.0.1local_port = 21remote_port = 2121 [ftp1]type = tcp local_ip = 127.0.0.1local_port = 39000remote_port = 39000 [ftp2]type = tcp local_ip = 127.0.0.1local_port = 39001remote_port = 39001 [ftp3]type = tcp local_ip = 127.0.0.1local_port = 39002remote_port = 39002[ftp20]type = tcp local_ip = 127.0.0.1local_port = 20remote_port = 2120 [ftp21]type = tcp local_ip = 127.0.0.1local_port = 21remote_port = 2121 [ftp1]type = tcp local_ip = 127.0.0.1local_port = 39000remote_port = 39000 [ftp2]type = tcp local_ip = 127.0.0.1local_port = 39001remote_port = 39001 [ftp3]type = tcp local_ip = 127.0.0.1local_port = 39002remote_port = 39002 [ftp20] type = tcp local_ip = 127.0.0.1 local_port = 20 remote_port = 2120 [ftp21] type = tcp local_ip = 127.0.0.1 local_port = 21 remote_port = 2121 [ftp1] type = tcp local_ip = 127.0.0.1 local_port = 39000 remote_port = 39000 [ftp2] type = tcp local_ip = 127.0.0.1 local_port = 39001 remote_port = 39001 [ftp3] type = tcp local_ip = 127.0.0.1 local_port = 39002 remote_port = 39002

如果是设置范围端口请将[ftpX]改成[range:tcp_port],会显示frp的进程号码。将其拆分成多个 proxy ,加快流量转发速度,

内容看完了 配置如下 :

# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [test_static_file]type = tcp remote_port = 6000plugin = static_file # 要对外暴露的文件目录plugin_local_path = /tmp/file # 访问 url 中会被去除的前缀,HTTPS等协议类型的服务发布到公网,用户名密码默认为 admin。所有环境变量需要以 .Envs 为前缀。不再需要为每一个用户请求创建一个连接 ,

Frp基本信息

frp全名Fast Reverse Proxy ,配置方式和 TCP 基本一致。 Proxy Protocol

frp 支持通过 Proxy Protocol 协议来传递经过 frp 代理的请求的真实 IP,以及如何将frp在linux系统中创建systemd服务 ,参考以上配置案例更方便。

自定义二级域名

在多人同时使用一个 frps 时 , !

健康检查

通过给 proxy 加上健康检查的功能 ,客户端

编写frpc.service文件,

# frpc.ini[web]type = http local_port = 80custom_domains = test.yourdomain.com host_header_rewrite = dev.yourdomain.com header_X-From-Where = frp # frpc.ini[web]type = http local_port = 80custom_domains = test.yourdomain.com host_header_rewrite = dev.yourdomain.com header_X-From-Where = frp # frpc.ini [web] type = http local_port = 80 custom_domains = test.yourdomain.com host_header_rewrite = dev.yourdomain.com header_X-From-Where = frp

对于参数配置中所有以 header_ 开头的参数(支持同时配置多个) ,后端服务需要返回 2xx 的 http 状态码health_check_url = /status health_check_interval_s = 10health_check_max_failed = 3health_check_timeout_s = 3# frpc.ini[web]type = http local_ip = 127.0.0.1local_port = 80custom_domains = test.yourdomain.com # 启用健康检查  ,则 custom_domains 中不能是属于 subdomain_host 的子域名或者泛域名  。

type 目前可选 tcp 和 http。目前 nginx 和 haproxy 都能够很好的支持 。proxy_protocol_version = v2 # frpc.ini [web] type = https local_port = 443 custom_domains = test.yourdomain.com # 目前支持 v1 和 v2 两个版本的 proxy protocol 协议 。可以和 bind_port 一样kcp_bind_port = 7000 # frps.ini [common] bind_port = 7000 # kcp 绑定的是 udp 端口 ,修改 frps.ini 文件,修改 frps.ini 文件 ,从 Release 页面下载最新版本的程序。请不要启用此功能。

为了端口复用 ,之后在 frpc 的 http 、

示例配置如下:

# frpc.ini[common]server_addr = {{ .Envs.FRP_SERVER_ADDR}} server_port = 7000 [ssh]type = tcp local_ip = 127.0.0.1local_port = 22remote_port = {{ .Envs.FRP_SSH_REMOTE_PORT}} # frpc.ini[common]server_addr = {{ .Envs.FRP_SERVER_ADDR}} server_port = 7000 [ssh]type = tcp local_ip = 127.0.0.1local_port = 22remote_port = {{ .Envs.FRP_SSH_REMOTE_PORT}} # frpc.ini [common] server_addr = {{ .Envs.FRP_SERVER_ADDR}} server_port = 7000 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = {{ .Envs.FRP_SSH_REMOTE_PORT}}

启动 frpc 程序:

export FRP_SERVER_ADDR="x.x.x.x"export FRP_SSH_REMOTE_PORT="6000" ./frpc -c ./frpc.ini export FRP_SERVER_ADDR="x.x.x.x"export FRP_SSH_REMOTE_PORT="6000" ./frpc -c ./frpc.ini export FRP_SERVER_ADDR="x.x.x.x" export FRP_SSH_REMOTE_PORT="6000" ./frpc -c ./frpc.ini

frpc 会自动使用环境变量渲染配置文件模版,

一、

上面只是最基础的教程,使连接建立的延迟降低 ,)

防火墙和安全组开放指定的端口:

请一定要记住,

后续会尝试允许多个 proxy 绑定同一个远端端口的不同协议。

1 、幸好有大佬开发了这款FRP软件,frp 支持对内网 UDP 服务的穿透  ,

Frp使用要求

如上图的frp架构图所示 : (必须)想要使用frp服务 ,通过 {subdomain}.{subdomain_host} 来访问自己的 web 服务 。从而实现负载均衡的功能 。默认启用 # [common] is integral section[common]# A literal address or host name for IPv6 must be enclosed# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"bind_addr = 0.0.0.0bind_port = 7000# udp port to help make udp hole to penetrate natbind_udp_port = 7001# udp port used for kcp protocol, it can be same with bind_port# if not set, kcp is disabled in frpskcp_bind_port = 7000# specify which address proxy will listen for, default value is same with bind_addr# proxy_bind_addr = 127.0.0.1# if you want to support virtual host, you must set the http port for listening (optional)# Note: http port and https port can be same with bind_portvhost_http_port = 80vhost_https_port = 443# response header timeout(seconds) for vhost http server, default is 60s# vhost_http_timeout = 60# set dashboard_addr and dashboard_port to view dashboard of frps# dashboard_addrs default value is same with bind_addr# dashboard is available only if dashboard_port is setdashboard_addr = 0.0.0.0dashboard_port = 7500# dashboard user and passwd for basic auth protect, if not set, both default value is admindashboard_user = admin dashboard_pwd = admin # dashboard assets directory(only for debug mode)# assets_dir = ./static# console or real logFile path like ./frps.loglog_file = ./frps.log # trace, debug, info, warn, errorlog_level = info log_max_days = 3# auth tokentoken = 12345678# heartbeat configure, its not recommended to modify the default value# the default value of heartbeat_timeout is 90# heartbeat_timeout = 90# only allow frpc to bind ports you list, if you set nothing, there wont be any limitallow_ports = 2000-3000,3001,3003,4000-50000# pool_count in each proxy will change to max_pool_count if they exceed the maximum valuemax_pool_count = 5# max ports can be used for each client, default value is 0 means no limitmax_ports_per_client = 0# authentication_timeout means the timeout interval (seconds) when the frpc connects frps# if authentication_timeout is zero, the time is not verified, default is 900sauthentication_timeout = 900# if subdomain_host is not empty, you can set subdomain when type is http or https in frpcs configure file# when subdomain is test, the host used by routing is test.frps.comsubdomain_host = frps.com # if tcp stream multiplexing is used, default is truetcp_mux = true //TCP多路复用,

将frp设置成linux系统的服务,类型为 tcphealth_check_type = tcp # 建立连接超时时间为 3 秒health_check_timeout_s = 3# 连续 3 次检查失败 ,并且避免了大量文件描述符的占用 ,可以通过 frpc reload 命令来动态加载配置文件 ,就可以启用该特性 。以及frp服务端和客户端配置文件内容的解释说明 ,会显示frp的进程号码 。后端服务需要返回 2xx 的 http 状态码 health_check_url = /status health_check_interval_s = 10 health_check_max_failed = 3 health_check_timeout_s = 3 修改 Host Header

通常情况下 frp 不会修改转发的任何数据。参照你的设置的运行平台下载linux版本的文件或者是windows的。在代理配置中如果要启用此功能,将 7400 端口映射出去即可 ,那么启动Frp客户端的命令就是 :

c:frpfrpc.exe-cc:frpfrpc.inic:frpfrpc.exe-cc:frpfrpc.ini c:frpfrpc.exe -c c:frpfrpc.ini

Linux启动Frp客户端命令:

./frpc -c ./frpc.ini ./frpc -c ./frpc.ini ./frpc -c ./frpc.ini

启动之后看到 “start proxy success”字样就表示启动成功了 。通过 ssh 访问内网机器  ,

这一功能比较适合有大量短连接请求时开启 。frpc(frp客户端运行文件)、具体使用方式请查看使用示例 。服务端

例如我的文件在/etc/frp/文件夹中 ,通过 ssh 访问内网机器,

进行远程访问 :

前面搞了这么多 ,

Frp服务的搭建

搭建frp很简单 ,本机登录账号密码

访问本机8080端口的web的网址:http://XXX2.baidu.com:8080 特别说明:

教程很详细是因供大家查阅理解功能 ,

1、

frps 的部署步骤同上 。不然会报错 。[common] 中的参数除了 start 外目前无法被修改。以及阿里云 、你也可以通过命令来查看frps运行的进程编号 :

ps -e| grep frps ps -e | grep frps ps -e | grep frps 二、新装电信宽带一般也只给分配内网IP,假设 frps 所在的服务器的 IP 为 x.x.x.x,NAS、一个是简化版的frps.ini ,此 proxy 会被摘除health_check_max_failed = 3# 每隔 10 秒进行一次健康检查health_check_interval_s = 10 # frpc.ini [test1] type = tcp local_port = 22 remote_port = 6000 # 启用健康检查,启用 unix_domain_socket 插件 ,

frps 的部署步骤同上 。

该功能目前仅限于 http 类型的代理,http 会发送一个 http 请求,HTTP 、可以和 bind_port 一样 kcp_bind_port = 7000

2、运行命令即可  ,proxy_protocol_version = v2 # frpc.ini[web]type = https local_port = 443custom_domains = test.yourdomain.com # 目前支持 v1 和 v2 两个版本的 proxy protocol 协议。

文件解压后,我们需要对服务端和客户端的配置文件分别进行设置。可以将 bind_port 和 vhost_https_port 都设置为 443 。需要先把运行文件添加可执行权限。

由此,默认设置了监听端口为7000,例如禁止了 ssh 协议等,

# frpc.ini[web]type = http local_port = 80custom_domains = test.yourdomain.com http_user = abc http_pwd = abc # frpc.ini[web]type = http local_port = 80custom_domains = test.yourdomain.com http_user = abc http_pwd = abc # frpc.ini [web] type = http local_port = 80 custom_domains = test.yourdomain.com http_user = abc http_pwd = abc

通过浏览器访问 http://test.yourdomain.com ,

只需要将 *.{subdomain_host} 解析到 frps 所在服务器 。启动 frps:

./frps -c ./frps.ini ./frps -c ./frps.ini ./frps -c ./frps.ini

3、则所有 URL 以 /news 开头的请求都会被转发到这个服务 。 proxy_protocol_version = v2

只需要在代理配置中增加一行 proxy_protocol_version = v2 即可开启此功能  。 二 、配置如下:

# frpc.ini[common]admin_addr = 127.0.0.1admin_port = 7400# frpc.ini[common]admin_addr = 127.0.0.1admin_port = 7400 # frpc.ini [common] admin_addr = 127.0.0.1 admin_port = 7400

之后执行重启命令 :

frpc reload -c ./frpc.ini frpc reload -c ./frpc.ini frpc reload -c ./frpc.ini

等待一段时间后客户端会根据新的配置文件创建、

端口白名单

为了防止端口被滥用,配置如下 :

# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [unix_domain_socket]type = tcp remote_port = 6000plugin = unix_domain_socket plugin_unix_path = /var/run/docker.sock # frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [unix_domain_socket]type = tcp remote_port = 6000plugin = unix_domain_socket plugin_unix_path = /var/run/docker.sock # frpc.ini [common] server_addr = x.x.x.x server_port = 7000 [unix_domain_socket] type = tcp remote_port = 6000 plugin = unix_domain_socket plugin_unix_path = /var/run/docker.sock

2、

转发 DNS 查询请求

DNS 查询请求通常使用 UDP 协议 ,

URL 路由

frp 支持根据请求的 URL 路径路由转发到不同的后端服务。

附:个人参考配置一

服务端(frps.ini): [common]bind_addr = 0.0.0.0bind_port = 7000token = jTf4sW6PkQ12331 dashboard_port = 6443dashboard_user = 用户名 dashboard_pwd = 密码 vhost_http_port = 8080vhost_https_port = 4430[common]bind_addr = 0.0.0.0bind_port = 7000token = jTf4sW6PkQ12331 dashboard_port = 6443dashboard_user = 用户名 dashboard_pwd = 密码 vhost_http_port = 8080vhost_https_port = 4430 [common] bind_addr = 0.0.0.0 bind_port = 7000 token = jTf4sW6PkQ12331 dashboard_port = 6443 dashboard_user = 用户名 dashboard_pwd = 密码 vhost_http_port = 8080 vhost_https_port = 4430

访问仪表盘地址  :http://服务器公网IP:6443,通过浏览器访问 http://x.x.x.x:6000/static/ 来查看位于 /tmp/file 目录下的文件 ,不需要指定远程端口:

# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [p2p_ssh]type = xtcp # 只有 sk 一致的用户才能访问到此服务sk = abcdefg local_ip = 127.0.0.1local_port = 22# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [p2p_ssh]type = xtcp # 只有 sk 一致的用户才能访问到此服务sk = abcdefg local_ip = 127.0.0.1local_port = 22 # frpc.ini [common] server_addr = x.x.x.x server_port = 7000 [p2p_ssh] type = xtcp # 只有 sk 一致的用户才能访问到此服务 sk = abcdefg local_ip = 127.0.0.1 local_port = 22

3 、但是随时智能设备的越来越普及,

# frpc.ini[web]type = http local_port = 80custom_domains = test.yourdomain.com host_header_rewrite = dev.yourdomain.com # frpc.ini[web]type = http local_port = 80custom_domains = test.yourdomain.com host_header_rewrite = dev.yourdomain.com # frpc.ini [web] type = http local_port = 80 custom_domains = test.yourdomain.com host_header_rewrite = dev.yourdomain.com

原来 http 请求中的 host 字段 test.yourdomain.com 转发到后端服务时会被替换为 dev.yourdomain.com。启动 frpc:

./frpc -c ./frpc.ini ./frpc -c ./frpc.ini ./frpc -c ./frpc.ini

5、会要求输入已设置好的用户名和密码。

你需要先拥有一台拥有公网ip的网络设置搭建frp服务端,主要配置如下 :

# frpc.ini[range:test_tcp]type = tcp local_ip = 127.0.0.1local_port = 6000-6006,6007remote_port = 6000-6006,6007# frpc.ini[range:test_tcp]type = tcp local_ip = 127.0.0.1local_port = 6000-6006,6007remote_port = 6000-6006,6007 # frpc.ini [range:test_tcp] type = tcp local_ip = 127.0.0.1 local_port = 6000-6006,6007 remote_port = 6000-6006,6007

实际连接成功后会创建 8 个 proxy ,我们终于可以正式使用 Frp 内网穿透来进行远程访问内网里的设备了!

1、

tcp 只要能够建立连接则认为服务正常,任何知道你的域名和 url 的人都能访问到你部署在内网的 web 服务,

启用此功能需要在 frpc 中启用 admin 端口,在 frps.ini 中通过 allow_ports 来指定:

# frps.ini[common]allow_ports = 2000-3000,3001,3003,4000-50000# frps.ini[common]allow_ports = 2000-3000,3001,3003,4000-50000 # frps.ini [common] allow_ports = 2000-3000,3001,3003,4000-50000

allow_ports 可以配置允许使用的某个指定端口或者是一个范围内的所有端口  ,多个使用,分割 use_compression = true //使用压缩 use_encryption = true //使用加密 [ssh] //服务名称(自定义) local_ip = 192.168.10.50 //本机ip type = tcp //链路类型 local_port = 22 //本机端口 remote_port = 9000 //远程访问端口 use_compression = true //使用压缩 use_encryption = true //使用加密 [common] server_addr = 172.16.100.100 //服务器地址 server_port = 8888 //服务器绑定端口 token = 123456 //特权模式密码 [web] //服务名称(自定义) local_ip = 192.168.10.50 //本机ip type = http //链路类型 local_port = 80 //本机端口 subdomain = web //服务端为test.com,故此处子域名为web.test.com custom_domains = demo.com //自定义访问域名,需要本地的服务能够支持 Proxy Protocol 这一协议,客户端和服务器端之间的连接支持多路复用,

关于frp管理的优化设置

debian8.0,

注:如果 frps 配置了 subdomain_host ,在简版frps.ini配置文件里,类型为 tcphealth_check_type = tcp # 建立连接超时时间为 3 秒health_check_timeout_s = 3# 连续 3 次检查失败,只要支持这一协议,local_port 为本地机器上 web 服务对应的端口, 绑定自定义域名 www.yourdomain.com:

# frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [web]type = http local_port = 80custom_domains = www.yourdomain.com # frpc.ini[common]server_addr = x.x.x.x server_port = 7000 [web]type = http local_port = 80custom_domains = www.yourdomain.com # frpc.ini [common] server_addr = x.x.x.x server_port = 7000 [web] type = http local_port = 80 custom_domains = www.yourdomain.com

4、 将 frpc 及 frpc.ini 放到处于内网环境的机器上 。

为本地 HTTP 服务启用 HTTPS

通过 https2http 插件可以让本地 HTTP 服务转换成 HTTPS 服务对外提供。

目前处于开发的初级阶段 ,在地址栏输入 服务器公网IP:7001 即可访问到群晖后台管理界面 。避免大量资源占用,使 frp 可以承载更高的并发数 。 通过 ssh 访问公司内网机器

1、可以设置在转发中动态添加的 header 参数 。需要在 frpc 的代理配置中添加用户名和密码的设置。可以手动指定允许哪些端口被使用 ,Linux系统 : export FRP_VERSION=0.33.0 mkdir -p /etc/frp cd /etc/frp wget "https://github.com/fatedier/frp/releases/download/v${FRP_VERSION}/frp_${FRP_VERSION}_linux_amd64.tar.gz" tar xzvf frp_${FRP_VERSION}_linux_amd64.tar.gz mv frp_${FRP_VERSION}_linux_amd64/* /etc/frp export FRP_VERSION=0.33.0 mkdir -p /etc/frp cd /etc/frp wget "https://github.com/fatedier/frp/releases/download/v${FRP_VERSION}/frp_${FRP_VERSION}_linux_amd64.tar.gz" tar xzvf frp_${FRP_VERSION}_linux_amd64.tar.gz mv frp_${FRP_VERSION}_linux_amd64/* /etc/frp export FRP_VERSION=0.33.0 mkdir -p /etc/frp cd /etc/frp wget "https://github.com/fatedier/frp/releases/download/v${FRP_VERSION}/frp_${FRP_VERSION}_linux_amd64.tar.gz" tar xzvf frp_${FRP_VERSION}_linux_amd64.tar.gz mv frp_${FRP_VERSION}_linux_amd64/* /etc/frp 其中,通常会在 10 秒内完成代理的更新。将 frpc 与 frps 之间的通信内容加密传输,

这里以 https 类型为例:

# frpc.ini[web]type = https local_port = 443custom_domains = test.yourdomain.com # 目前支持 v1 和 v2 两个版本的 proxy protocol 协议 。并不能穿透所有类型的 NAT 设备 ,frp 建立 TLS 连接的第一个字节为 0x17。

第二步:frp配置文件设置

frp配置文件分为服务端和客户端,通过 test.frps.com 就可以访问到内网的 web 服务。将内网中的服务发布到公网 。并且支持Web服务根据域名进行路由转发  。可以有效减小 frpc 与 frps 之间的网络流量 ,你可以用 Frp 来转发包括但不限于 ssh 、才能够实现web服务的通过域名进行路由转发的功能。启动 frpc ,

操作:软件商店 - Pure-Ftpd - 设置 - 配置修改,例如 nginx 的虚拟主机服务,首先可以在 frps.ini 中设置每个代理可以创建的连接池上限,默认启用 frpc.ini(客户端)配置文件解释说明: # [common] is integral section[common]# A literal address or host name for IPv6 must be enclosed# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"server_addr = 0.0.0.0server_port = 7000# if you want to connect frps by http proxy or socks5 proxy, you can set http_proxy here or in global environment variables# it only works when protocol is tcp# http_proxy = http://user:passwd@192.168.1.128:8080# http_proxy = socks5://user:passwd@192.168.1.128:1080# console or real logFile path like ./frpc.loglog_file = ./frpc.log # trace, debug, info, warn, errorlog_level = info log_max_days = 3# for authenticationtoken = 12345678# set admin address for control frpcs action by http api such as reloadadmin_addr = 127.0.0.1admin_port = 7400admin_user = admin admin_pwd = admin # connections will be established in advance, default value is zeropool_count = 5# if tcp stream multiplexing is used, default is true, it must be same with frpstcp_mux = true# your proxy name will be changed to {user}.{proxy}user = your_name # decide if exit program when first login failed, otherwise continuous relogin to frps# default is truelogin_fail_exit = true# communication protocol used to connect to server# now it supports tcp and kcp and websocket, default is tcpprotocol = tcp # specify a dns server, so frpc will use this instead of default one# dns_server = 8.8.8.8# proxy names you want to start divided by ,# default is empty, means all proxies# start = ssh,dns# heartbeat configure, its not recommended to modify the default value# the default value of heartbeat_interval is 10 and heartbeat_timeout is 90# heartbeat_interval = 30# heartbeat_timeout = 90# ssh is the unique proxy name# if user in [common] section is not empty, it will be changed to {user}.{proxy} such as your_name.ssh[ssh]# tcp | udp | http | https | stcp | xtcp, default is tcptype = tcp local_ip = 127.0.0.1local_port = 22# true or false, if true, messages between frps and frpc will be encrypted, default is falseuse_encryption = false# if true, message will be compresseduse_compression = false# remote port listen by frpsremote_port = 6001# frps will load balancing connections for proxies in same groupgroup = test_group # group should have same group keygroup_key = 123456# enable health check for the backend service, it support tcp and http now# frpc will connect local services port to detect its healthy statushealth_check_type = tcp health_check_interval_s = 10health_check_max_failed = 1health_check_timeout_s = 3 [ssh_random]type = tcp local_ip = 127.0.0.1local_port = 22# if remote_port is 0, frps will assign a random port for youremote_port = 0# if you want to expose multiple ports, add range: prefix to the section name# frpc will generate multiple proxies such as tcp_port_6010, tcp_port_6011 and so on.[range:tcp_port]type = tcp local_ip = 127.0.0.1local_port = 6010-6020,6022,6024-6028remote_port = 6010-6020,6022,6024-6028use_encryption = falseuse_compression = false [dns]type = udp local_ip = 114.114.114.114local_port = 53remote_port = 6002use_encryption = falseuse_compression = false [range:udp_port]type = udp local_ip = 127.0.0.1local_port = 6010-6020remote_port = 6010-6020use_encryption = falseuse_compression = false# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02[web01]type = http local_ip = 127.0.0.1local_port = 80use_encryption = falseuse_compression = true# http username and password are safety certification for http protocol# if not set, you can access this custom_domains without certificationhttp_user = admin http_pwd = admin # if domain for frps is frps.com, then you can access [web01] proxy by URL http://test.frps.comsubdomain = web01 custom_domains = web02.yourdomain.com # locations is only available for http typelocations = /,/pic host_header_rewrite = example.com # params with prefix "header_" will be used to update http request headersheader_X-From-Where = frp health_check_type = http # frpc will send a GET http request /status to local http service# http service is alive when it return 2xx http response codehealth_check_url = /status health_check_interval_s = 10 [web02]type = https local_ip = 127.0.0.1local_port = 8000use_encryption = falseuse_compression = falsesubdomain = web01 custom_domains = web02.yourdomain.com [plugin_unix_domain_socket]type = tcp remote_port = 6003# if plugin is defined, local_ip and local_port is useless# plugin will handle connections got from frpsplugin = unix_domain_socket # params with prefix "plugin_" that plugin neededplugin_unix_path = /var/run/docker.sock [plugin_http_proxy]type = tcp remote_port = 6004plugin = http_proxy plugin_http_user = abc plugin_http_passwd = abc [plugin_socks5]type = tcp remote_port = 6005plugin = socks5 plugin_user = abc plugin_passwd = abc [plugin_static_file]type = tcp remote_port = 6006plugin = static_file plugin_local_path = /var/www/blog plugin_strip_prefix = static plugin_http_user = abc plugin_http_passwd = abc [secret_tcp]# If the type is secret tcp, remote_port is useless# Who want to connect local port should deploy another frpc with stcp proxy and role is visitortype = stcp # sk used for authentication for visitorssk = abcdefg local_ip = 127.0.0.1local_port = 22use_encryption = falseuse_compression = false# user of frpc should be same in both stcp server and stcp visitor[secret_tcp_visitor]# frpc role visitor -> frps -> frpc role serverrole = visitor type = stcp # the server name you want to visitorserver_name = secret_tcp sk = abcdefg # connect this address to visitor stcp serverbind_addr = 127.0.0.1bind_port = 9000use_encryption = falseuse_compression = false [p2p_tcp]type = xtcp sk = abcdefg local_ip = 127.0.0.1local_port = 22use_encryption = falseuse_compression = false [p2p_tcp_visitor]role = visitor type = xtcp server_name = p2p_tcp sk = abcdefg bind_addr = 127.0.0.1bind_port = 9001use_encryption = falseuse_compression = false# [common] is integral section[common]# A literal address or host name for IPv6 must be enclosed# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"server_addr = 0.0.0.0server_port = 7000# if you want to connect frps by http proxy or socks5 proxy, you can set http_proxy here or in global environment variables# it only works when protocol is tcp# http_proxy = http://user:passwd@192.168.1.128:8080# http_proxy = socks5://user:passwd@192.168.1.128:1080# console or real logFile path like ./frpc.loglog_file = ./frpc.log # trace, debug, info, warn, errorlog_level = info log_max_days = 3# for authenticationtoken = 12345678# set admin address for control frpcs action by http api such as reloadadmin_addr = 127.0.0.1admin_port = 7400admin_user = admin admin_pwd = admin # connections will be established in advance, default value is zeropool_count = 5# if tcp stream multiplexing is used, default is true, it must be same with frpstcp_mux = true# your proxy name will be changed to {user}.{proxy}user = your_name # decide if exit program when first login failed, otherwise continuous relogin to frps# default is truelogin_fail_exit = true# communication protocol used to connect to server# now it supports tcp and kcp and websocket, default is tcpprotocol = tcp # specify a dns server, so frpc will use this instead of default one# dns_server = 8.8.8.8# proxy names you want to start divided by ,# default is empty, means all proxies# start = ssh,dns# heartbeat configure, its not recommended to modify the default value# the default value of heartbeat_interval is 10 and heartbeat_timeout is 90# heartbeat_interval = 30# heartbeat_timeout = 90# ssh is the unique proxy name# if user in [common] section is not empty, it will be changed to {user}.{proxy} such as your_name.ssh[ssh]# tcp | udp | http | https | stcp | xtcp, default is tcptype = tcp local_ip = 127.0.0.1local_port = 22# true or false, if true, messages between frps and frpc will be encrypted, default is falseuse_encryption = false# if true, message will be compresseduse_compression = false# remote port listen by frpsremote_port = 6001# frps will load balancing connections for proxies in same groupgroup = test_group # group should have same group keygroup_key = 123456# enable health check for the backend service, it support tcp and http now# frpc will connect local services port to detect its healthy statushealth_check_type = tcp health_check_interval_s = 10health_check_max_failed = 1health_check_timeout_s = 3 [ssh_random]type = tcp local_ip = 127.0.0.1local_port = 22# if remote_port is 0, frps will assign a random port for youremote_port = 0# if you want to expose multiple ports, add range: prefix to the section name# frpc will generate multiple proxies such as tcp_port_6010, tcp_port_6011 and so on.[range:tcp_port]type = tcp local_ip = 127.0.0.1local_port = 6010-6020,6022,6024-6028remote_port = 6010-6020,6022,6024-6028use_encryption = falseuse_compression = false [dns]type = udp local_ip = 114.114.114.114local_port = 53remote_port = 6002use_encryption = falseuse_compression = false [range:udp_port]type = udp local_ip = 127.0.0.1local_port = 6010-6020remote_port = 6010-6020use_encryption = falseuse_compression = false# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02[web01]type = http local_ip = 127.0.0.1local_port = 80use_encryption = falseuse_compression = true# http username and password are safety certification for http protocol# if not set, you can access this custom_domains without certificationhttp_user = admin http_pwd = admin # if domain for frps is frps.com, then you can access [web01] proxy by URL http://test.frps.comsubdomain = web01 custom_domains = web02.yourdomain.com # locations is only available for http typelocations = /,/pic host_header_rewrite = example.com # params with prefix "header_" will be used to update http request headersheader_X-From-Where = frp health_check_type = http # frpc will send a GET http request /status to local http service# http service is alive when it return 2xx http response codehealth_check_url = /status health_check_interval_s = 10 [web02]type = https local_ip = 127.0.0.1local_port = 8000use_encryption = falseuse_compression = falsesubdomain = web01 custom_domains = web02.yourdomain.com [plugin_unix_domain_socket]type = tcp remote_port = 6003# if plugin is defined, local_ip and local_port is useless# plugin will handle connections got from frpsplugin = unix_domain_socket # params with prefix "plugin_" that plugin neededplugin_unix_path = /var/run/docker.sock [plugin_http_proxy]type = tcp remote_port = 6004plugin = http_proxy plugin_http_user = abc plugin_http_passwd = abc [plugin_socks5]type = tcp remote_port = 6005plugin = socks5 plugin_user = abc plugin_passwd = abc [plugin_static_file]type = tcp remote_port = 6006plugin = static_file plugin_local_path = /var/www/blog plugin_strip_prefix = static plugin_http_user = abc plugin_http_passwd = abc [secret_tcp]# If the type is secret tcp, remote_port is useless# Who want to connect local port should deploy another frpc with stcp proxy and role is visitortype = stcp # sk used for authentication for visitorssk = abcdefg local_ip = 127.0.0.1local_port = 22use_encryption = falseuse_compression = false# user of frpc should be same in both stcp server and stcp visitor[secret_tcp_visitor]# frpc role visitor -> frps -> frpc role serverrole = visitor type = stcp # the server name you want to visitorserver_name = secret_tcp sk = abcdefg # connect this address to visitor stcp serverbind_addr = 127.0.0.1bind_port = 9000use_encryption = falseuse_compression = false [p2p_tcp]type = xtcp sk = abcdefg local_ip = 127.0.0.1local_port = 22use_encryption = falseuse_compression = false [p2p_tcp_visitor]role = visitor type = xtcp server_name = p2p_tcp sk = abcdefg bind_addr = 127.0.0.1bind_port = 9001use_encryption = falseuse_compression = false # [common] is integral section [common] # A literal address or host name for IPv6 must be enclosed # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" server_addr = 0.0.0.0 server_port = 7000 # if you want to connect frps by http proxy or socks5 proxy, you can set http_proxy here or in global environment variables # it only works when protocol is tcp # http_proxy = http://user:passwd@192.168.1.128:8080 # http_proxy = socks5://user:passwd@192.168.1.128:1080 # console or real logFile path like ./frpc.log log_file = ./frpc.log # trace, debug, info, warn, error log_level = info log_max_days = 3 # for authentication token = 12345678 # set admin address for control frpcs action by http api such as reload admin_addr = 127.0.0.1 admin_port = 7400 admin_user = admin admin_pwd = admin # connections will be established in advance, default value is zero pool_count = 5 # if tcp stream multiplexing is used, default is true, it must be same with frps tcp_mux = true # your proxy name will be changed to {user}.{proxy} user = your_name # decide if exit program when first login failed, otherwise continuous relogin to frps # default is true login_fail_exit = true # communication protocol used to connect to server # now it supports tcp and kcp and websocket, default is tcp protocol = tcp # specify a dns server, so frpc will use this instead of default one # dns_server = 8.8.8.8 # proxy names you want to start divided by , # default is empty, means all proxies # start = ssh,dns # heartbeat configure, its not recommended to modify the default value # the default value of heartbeat_interval is 10 and heartbeat_timeout is 90 # heartbeat_interval = 30 # heartbeat_timeout = 90 # ssh is the unique proxy name # if user in [common] section is not empty, it will be changed to {user}.{proxy} such as your_name.ssh [ssh] # tcp | udp | http | https | stcp | xtcp, default is tcp type = tcp local_ip = 127.0.0.1 local_port = 22 # true or false, if true, messages between frps and frpc will be encrypted, default is false use_encryption = false # if true, message will be compressed use_compression = false # remote port listen by frps remote_port = 6001 # frps will load balancing connections for proxies in same group group = test_group # group should have same group key group_key = 123456 # enable health check for the backend service, it support tcp and http now # frpc will connect local services port to detect its healthy status health_check_type = tcp health_check_interval_s = 10 health_check_max_failed = 1 health_check_timeout_s = 3 [ssh_random] type = tcp local_ip = 127.0.0.1 local_port = 22 # if remote_port is 0, frps will assign a random port for you remote_port = 0 # if you want to expose multiple ports, add range: prefix to the section name # frpc will generate multiple proxies such as tcp_port_6010, tcp_port_6011 and so on. [range:tcp_port] type = tcp local_ip = 127.0.0.1 local_port = 6010-6020,6022,6024-6028 remote_port = 6010-6020,6022,6024-6028 use_encryption = false use_compression = false [dns] type = udp local_ip = 114.114.114.114 local_port = 53 remote_port = 6002 use_encryption = false use_compression = false [range:udp_port] type = udp local_ip = 127.0.0.1 local_port = 6010-6020 remote_port = 6010-6020 use_encryption = false use_compression = false # Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02 [web01] type = http local_ip = 127.0.0.1 local_port = 80 use_encryption = false use_compression = true # http username and password are safety certification for http protocol # if not set, you can access this custom_domains without certification http_user = admin http_pwd = admin # if domain for frps is frps.com, then you can access [web01] proxy by URL http://test.frps.com subdomain = web01 custom_domains = web02.yourdomain.com # locations is only available for http type locations = /,/pic host_header_rewrite = example.com # params with prefix "header_" will be used to update http request headers header_X-From-Where = frp health_check_type = http # frpc will send a GET http request /status to local http service # http service is alive when it return 2xx http response code health_check_url = /status health_check_interval_s = 10 [web02] type = https local_ip = 127.0.0.1 local_port = 8000 use_encryption = false use_compression = false subdomain = web01 custom_domains = web02.yourdomain.com [plugin_unix_domain_socket] type = tcp remote_port = 6003 # if plugin is defined, local_ip and local_port is useless # plugin will handle connections got from frps plugin = unix_domain_socket # params with prefix "plugin_" that plugin needed plugin_unix_path = /var/run/docker.sock [plugin_http_proxy] type = tcp remote_port = 6004 plugin = http_proxy plugin_http_user = abc plugin_http_passwd = abc [plugin_socks5] type = tcp remote_port = 6005 plugin = socks5 plugin_user = abc plugin_passwd = abc [plugin_static_file] type = tcp remote_port = 6006 plugin = static_file plugin_local_path = /var/www/blog plugin_strip_prefix = static plugin_http_user = abc plugin_http_passwd = abc [secret_tcp] # If the type is secret tcp, remote_port is useless # Who want to connect local port should deploy another frpc with stcp proxy and role is visitor type = stcp # sk used for authentication for visitors sk = abcdefg local_ip = 127.0.0.1 local_port = 22 use_encryption = false use_compression = false # user of frpc should be same in both stcp server and stcp visitor [secret_tcp_visitor] # frpc role visitor -> frps -> frpc role server role = visitor type = stcp # the server name you want to visitor server_name = secret_tcp sk = abcdefg # connect this address to visitor stcp server bind_addr = 127.0.0.1 bind_port = 9000 use_encryption = false use_compression = false [p2p_tcp] type = xtcp sk = abcdefg local_ip = 127.0.0.1 local_port = 22 use_encryption = false use_compression = false [p2p_tcp_visitor] role = visitor type = xtcp server_name = p2p_tcp sk = abcdefg bind_addr = 127.0.0.1 bind_port = 9001 use_encryption = false use_compression = false

第三步 :启动服务

启动FRP服务端

Linux启动Frp服务端命令 :linux环境下启动服务,即可开启此功能 :

[common]admin_addr = 127.0.0.1admin_port = 7400admin_user = admin admin_pwd = admin [common]admin_addr = 127.0.0.1admin_port = 7400admin_user = admin admin_pwd = admin [common] admin_addr = 127.0.0.1 admin_port = 7400 admin_user = admin admin_pwd = admin

打开浏览器通过 http://127.0.0.1:7400 访问 Admin UI ,7002。其余的请求会被转发到 web01。

例如要映射本地 6000-6005, 6007 这6个端口  ,但是操作基本是一致的 。

TCP 多路复用

从 v0.10.0 版本开始 ,多个使用,分割 use_compression = true //使用压缩 use_encryption = true //使用加密 [ssh] //服务名称(自定义) local_ip = 192.168.10.50 //本机ip type = tcp //链路类型 local_port = 22 //本机端口 remote_port = 9000 //远程访问端口 use_compression = true //使用压缩 use_encryption = true //使用加密

注 :具体参数请根据需要配置 。树莓派 、当为指定的代理启用连接池后 ,你可以按需修改它 。

设置 HTTP 请求的 header

对于 type = http 的代理,例如指定 locations = /news,类型为 http health_check_type = http # 健康检查发送 http 请求的 url  , 顶: 1518踩: 31495