1, Introduction to frp
A high-performance reverse proxy application that can be used for intranet penetration. It supports TCP, UDP, HTTP and HTTPS protocols.
Official documents: https://gofrp.org/docs/
2, Configuration steps
1. Configure ssh connection preparation
Server: you need a server that can directly access the external network, Alibaba cloud or Tencent cloud server
Client: a server that requires intranet penetration
2. Configure ssh installation steps
Attached:( Reference blog)
Download frp compressed package
Download address: https://github.com/fatedier/frp/releases
My is ubuntu, so even if I download frp_0.34.3_linux_amd64.tar.gz can choose according to its own computer
Extract the installation package from the server and client
cd /usr/local/ wget https://github.com/fatedier/frp/releases/download/v0.34.3/frp_0.34.3_linux_amd64.tar.gz tar -zxvf frp_0.34.3_linux_amd64.tar.gz mv frp_0.34.3_linux_amd64 frp
- frpc: client executable
- frpc_full.ini: all configuration items of the client (you can view all configuration items of frp in this file)
- frpc.ini: client configuration item
- frps: server executable
- frps_full.ini: all configuration items of the server (you can view all configuration items of frp in this file)
- frps.ini: server configuration item
- LICENSE: LICENSE
Server configuration
View FRPs INI file, modified as follows
[common] bind_port = 7000 # The port number bound between the client and the server
In the default configuration information, only one binding port is 7000, which means that we bind 7000 port in the external network server to communicate with the client.
Note: the port can be customized, but it needs to be unified between the client and the server. Alibaba cloud servers need to configure security group rules in esc management to expose 7000 ports
Start the server
./frps -c frps.ini
After successful startup, closing the xshell or exiting the callback will disconnect the connection. You can use nohup for background startup (this method can be used for subsequent startup)
The following is the background startup and log input to file Log file
nohup ./frps -c ./frps.ini > file.log 2>&1 &
If required, you can configure the automatic startup at the end of the text
Client configuration
View FRPC INI file, modified as follows
[common] server_addr = 39.105.97.50 # Your public ip server_port = 7000 # The bound port can be customized and can be connected with the server all the time [ssh] type = tcp local_ip = 127.0.0.1 # For the bound ip, fill in 127.0.0.1 to indicate the local machine local_port = 22 remote_port = 6008 # ssh defaults to 22 and now forwards to port 6008
- **[common] * * indicates that the following configuration information is common
- server_addr is the public network access ip of our server, that is, the external network server
- server_port is the FRPs we configured on the server earlier Bind in ini_ Port. Both sides need to be consistent
- **[ssh] * * indicates that the following configuration information is required when we use ssh to connect to the intranet server
- Type is the connection type, and tcp is used for ssh connection
- local_ip is the native ip. You can use 127.0.0.1 directly
- local_port is the local ssh port, and the default ssh port is 22
- remote_port is the port requested by the Internet server. Note: Alibaba cloud server needs to add port 6008 to the security group rules configured in esc management
Start client
./frpc -c ./frpc.ini
OK, then you can connect through xshell. You only need to specify the port number as remote_port(6008), as follows
Multiple ssh configurations (optional)
A single ssh configuration is successful, and multiple items are configured. For the same operation, Download frp on another machine, and then you only need to modify FRPC INI file. The modified format is as follows
[common] server_addr = 39.105.97.50 server_port = 7000 [ssh001] # Cannot repeat type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6009 # Cannot repeat
Remote needs to be_ Port can be modified. The [ssh] name cannot be duplicate
Start the frpc command.
Set frp to start automatically (not necessary)
Create service file
sudo vim /etc/systemd/system/frpc.service
Fill in the information
[Unit] Description=Frp Client After=network.target Wants=network.target [Service] Restart=on-failure RestartSec=5 ExecStart=/usr/local/frp/frpc_linux_arm [Install] WantedBy=multi-user.target
Start service related operations
#Refresh service list: systemctl daemon-reload #Set startup and self startup systemctl enable frpc #Turn off the automatic startup systemctl disable frpc #Start service systemctl start frpc #Out of Service systemctl stop frpc