Introduction to the
FRP is what
FRP is a high-performance reverse proxy application for Intranet penetration, supporting TCP, UDP, HTTP, and HTTPS protocols.
The role of FRP
Use the machine behind the Intranet or firewall to provide HTTP or HTTPS services for the external network. For HTTP, THE HTTPS service supports domain-based virtual hosts and custom domain name binding, enabling multiple domain names to share port 80. The devices behind the Intranet or firewall can provide TCP and UDP services on the external network. For example, you can access the hosts on the Intranet through SSH at home.
Free FRP Server
The server is version 0.20.0, please use the client of the same version, which supports UDP hole direct connection and penetration. The free server is only for testing, and you can consider the security issues by yourself. If you need Intranet penetration, you can contact me, I have built the corresponding FRP server for my server
FRP related site materials
GITHUB: github.com/fatedie
Liverpoolfc.tv: diannaobos.com/frp
Installation Environment
Installation environment: Server: Aliyun centos 7 Client: Ubuntu 16
Install the configuration
Server Installation
- To download the FRP software, in order to make it convenient for me to download the star God one-click script from the official website here, only one FRP.bat file is downloaded
- Run on the server
sh frp.bat
, two options will appear, select 1, ‘Set up your own FRPS server’ - Select 3 ‘Update FRPS program version’ to upgrade to the highest version
- After the update is complete, return to the FRPS configuration screen and select 1 ‘Configure Server Information’.
- When the configuration is complete, return to the FRPS configuration interface and select 2 “Start server after Background configuration is complete”.
- After startup, select 4 ‘Add FRPS server to startup service’. If there is’ /run/user/1000/ GVFS ‘: not enough permission, go to the solution provided later, and then go back to 4’ Add FRPS server to startup service ‘.
- If you do not perform Configure Server information, create one in the FRP directory
frps.ini
Copy my configuration and change it. - Frps. ini has been modified. If the configuration does not take effect, start the server after the background configuration is complete
Ini file. Note that = has Spaces before and after it. If there is no space, the configuration will not take effect
[common]
bind_port=7000 The client connects to the external port of the server
dashboard_port = 7500 External port of the server management page
token = 123456 Here is the certificate of client connection authorization
# Dashboard username and password. The default username and password are admin
dashboard_user = admin # Server management page login account
dashboard_pwd = admin Password for logging in to server management page
vhost_http_port = 80 # HTTP open port 80
vhost_https_port = 443 HTTPS opens port 443
# FRPS server log configuration
log_file=/home/jesn/tool/frp/logs/frps.log
log_level=info
log_max_day=7
Copy the code
- If your server has opened the firewall, you should open the external port first
- If you are Ali cloud or other cloud host, server provider opened a firewall, then you need to operate this step, otherwise not. Log in to Aliyun
https://ecs.console.aliyun.com
Under the current instance of your server, openThe security group
Page, configure the port of “entrance side”, here first open two ports7000/7000
7500/7500
- If you can access the FTP web management interface through the external IP address of the server and port 7500, the server is running properly
Client Configuration
- Download via wget
frp.bat
filewget http://www.lu8.win/downloads/frp/frp.bat
- Execute on the client
sh frp.bat
And then select 2 ‘Configure and run FRPC client’ - Select 1 ‘Configure the server to connect’, step by step, if you do not want to configure, you can copy the following configuration as the server to change your own
[common]
server_addr = 100.100.100.100 # Public IP address of the server
server_port = 7001 # FRPS external interface port
token = 123456 Server token certificate
log_file = frpc.log
log_level = info
log_max_days = 3
# SSH configuration
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 7022
Copy the code
- Then start, add boot autostart and server operation
- Enable 7022 outbound port on the server and Ali cloud platform
- Use the SSH connection tool to test whether the SSH server can be successfully connected
HTTP Web configuration
- To apply for the domain name
- Domain name resolution
- Website record < because the server is based on Ali Cloud all sites need to record in advance >
- The FRPS server starts the HTTP or HTTPS configuration port
vhost_http_port = 80 # HTTP open port 80
vhost_https_port = 443 HTTPS opens port 443
Copy the code
- FRPC client configures Intranet sites
[web]
type = http # HTTP
local_port = 80 # local port
custom_domains = www.yourdomain.com Your domain name
Copy the code
Complete FRPS and FRPC configuration
FRPS configuration is complete
# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"Bind_addr = 0.0.0.0 bind_port = 7000# udp port to help make udp hole to penetrate nat
bind_udp_port = 7001
# udp port used for kcp protocol, it can be same with 'bind_port'
# if not set, kcp is disabled in frps
kcp_bind_port = 7000
# specify which address proxy will listen for, default value is same with bind_addr
# proxy_bind_addr = 127.0.0.1
# if you want to support virtual host, you must set the http port for listening (optional)
# Note: http port and https port can be same with bind_port
vhost_http_port = 80
vhost_https_port = 443
# response header timeout(seconds) for vhost http server, default is 60s
# vhost_http_timeout = 60
# set dashboard_addr and dashboard_port to view dashboard of frps
# dashboard_addr's default value is same with bind_addr
# dashboard is available only if dashboard_port is setDashboard_addr = 0.0.0.0 dashboard_port = 7500# dashboard user and passwd for basic auth protect, if not set, both default value is admin
dashboard_user = admin
dashboard_pwd = admin
# dashboard assets directory(only for debug mode)
# assets_dir = ./static
# console or real logFile path like ./frps.log
log_file = ./frps.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3
# auth token
token = 12345678
# heartbeat configure, it's not recommended to modify the default value
# the default value of heartbeat_timeout is 90
# heartbeat_timeout = 90
# only allow frpc to bind ports you list, if you set nothing, there won't be any limitAllow_ports = 2000-3000300, 1300, 3400-50000# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 5
# max ports can be used for each client, default value is 0 means no limit
max_ports_per_client = 0
# authentication_timeout means the timeout interval (seconds) when the frpc connects frps
# if authentication_timeout is zero, the time is not verified, default is 900s
authentication_timeout = 900
# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
# when subdomain is test, the host used by routing is test.frps.com
subdomain_host = frps.com
# if tcp stream multiplexing is used, default is true
tcp_mux = true
Copy the code
FRPC configuration is complete
# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"Server_addr = 0.0.0.0 server_port = 7000# if you want to connect frps by http proxy or socks5 proxy, you can set http_proxy here or in global environment variables
# it only works when protocol is tcp
# http_proxy = http://user:[email protected]:8080
# http_proxy = socks5: / / user: [email protected]:1080
# console or real logFile path like ./frpc.log
log_file = ./frpc.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3
# for authentication
token = 12345678
# set admin address for control frpc's action by http api such as reloadAdmin_addr = 127.0.0.1 admin_port = 7400 admin_user = admin Admin_PWd = admin# connections will be established in advance, default value is zero
pool_count = 5
# if tcp stream multiplexing is used, default is true, it must be same with frps
tcp_mux = true
# your proxy name will be changed to {user}.{proxy}
user = your_name
# decide if exit program when first login failed, otherwise continuous relogin to frps
# default is true
login_fail_exit = true
# communication protocol used to connect to server
# now it supports tcp and kcp and websocket, default is tcp
protocol = tcp
# specify a dns server, so frpc will use this instead of default one
# dns_server = 8.8.8.8
# proxy names you want to start divided by ','
# default is empty, means all proxies
# start = ssh,dns
# heartbeat configure, it's not recommended to modify the default value
# the default value of heartbeat_interval is 10 and heartbeat_timeout is 90
# heartbeat_interval = 30
# heartbeat_timeout = 90
# 'ssh' is the unique proxy name
# if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
[ssh]
# tcp | udp | http | https | stcp | xtcp, default is tcp
type = tcp
local_ip = 127.0.0.1
local_port = 22
# true or false, if true, messages between frps and frpc will be encrypted, default is false
use_encryption = false
# if true, message will be compressed
use_compression = false
# remote port listen by frps
remote_port = 6001
# frps will load balancing connections for proxies in same group
group = test_group
# group should have same group key
group_key = 123456
# enable health check for the backend service, it support 'tcp' and 'http' now
# frpc will connect local service's port to detect it's healthy status
health_check_type = tcp
health_check_interval_s = 10
health_check_max_failed = 1
health_check_timeout_s = 3
[ssh_random]
type = tcp
local_ip = 127.0.0.1
local_port = 22
# if remote_port is 0, frps will assign a random port for you
remote_port = 0
# if you want to expose multiple ports, add 'range:' prefix to the section name
# frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on.
[range:tcp_port]
type = tcp
local_ip = 127.0.0.1
local_port = 6010-6020,6022,6024-6028
remote_port = 6010-6020,6022,6024-6028
use_encryption = false
use_compression = false
[dns]
type = udp
local_ip = 114.114.114.114
local_port = 53
remote_port = 6002
use_encryption = false
use_compression = false
[range:udp_port]
type = udp
local_ip = 127.0.0.1
local_port = 6010-6020
remote_port = 6010-6020
use_encryption = false
use_compression = false
# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
[web01]
type = http
local_ip = 127.0.0.1
local_port = 80
use_encryption = false
use_compression = true
# http username and password are safety certification for http protocol
# if not set, you can access this custom_domains without certification
http_user = admin
http_pwd = admin
# if domain for frps is frps.com, then you can access [web01] proxy by URL http://test.frps.com
subdomain = web01
custom_domains = web02.yourdomain.com
# locations is only available for http type
locations = /,/pic
host_header_rewrite = example.com
# params with prefix "header_" will be used to update http request headers
header_X-From-Where = frp
health_check_type = http
# frpc will send a GET http request '/status' to local http service
# http service is alive when it return 2xx http response code
health_check_url = /status
health_check_interval_s = 10
[web02]
type = https
local_ip = 127.0.0.1
local_port = 8000
use_encryption = false
use_compression = false
subdomain = web01
custom_domains = web02.yourdomain.com
[plugin_unix_domain_socket]
type = tcp
remote_port = 6003
# if plugin is defined, local_ip and local_port is useless
# plugin will handle connections got from frps
plugin = unix_domain_socket
# params with prefix "plugin_" that plugin needed
plugin_unix_path = /var/run/docker.sock
[plugin_http_proxy]
type = tcp
remote_port = 6004
plugin = http_proxy
plugin_http_user = abc
plugin_http_passwd = abc
[plugin_socks5]
type = tcp
remote_port = 6005
plugin = socks5
plugin_user = abc
plugin_passwd = abc
[plugin_static_file]
type = tcp
remote_port = 6006
plugin = static_file
plugin_local_path = /var/www/blog
plugin_strip_prefix = static
plugin_http_user = abc
plugin_http_passwd = abc
[secret_tcp]
# If the type is secret tcp, remote_port is useless
# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
type = stcp
# sk used for authentication for visitorsSk = abcdefg local_IP = 127.0.0.1 local_port = 22 use_encryption =false
use_compression = false
# user of frpc should be same in both stcp server and stcp visitor
[secret_tcp_visitor]
# frpc role visitor -> frps -> frpc role server
role = visitor
type = stcp
# the server name you want to visitor
server_name = secret_tcp
sk = abcdefg
# connect this address to visitor stcp serverBind_addr = 127.0.0.1 bind_port = 9000 use_encryption =false
use_compression = false
[p2p_tcp]
type = xtcp
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22
use_encryption = false
use_compression = false
[p2p_tcp_visitor]
role = visitor
type = xtcp
server_name = p2p_tcp
sk = abcdefg
bind_addr = 127.0.0.1
bind_port = 9001
use_encryption = false
use_compression = false
Copy the code
Problem vs. solution
- “/run/user/1000/ GVFS” is displayed when the FRPS is set to automatic startup: The permission is insufficient. Solution:
umount /run/user/1000/gvfs
rm -rf /run/user/1000/gvfs
Copy the code