To understand the use of FRP Intranet penetration and configuration

A public network server and domain name are required for Intranet routing. (In this article, the public network server is called the server, and the internal network server is called the client.)

What is the FRP

FRP is a high-performance reverse proxy application that focuses on Intranet penetration and supports various protocols such as TCP, UDP, HTTP, and HTTPS. Intranet services can be exposed to the public network in a secure and convenient way through the transfer of nodes with public IP addresses.

What can you do with Intranet penetration?

Remote access to the HTTP/HTTPS service on the Intranet
Remote Desktop (Windows/Mac)
Remote files, SSH
Applets development
.

With Intranet penetration outside the home to access the computer, NAS, raspberry PI, camera and other network devices or remote control, that’s no big deal

The installation

Official project address: github.com/fatedier/fr…

Run the following command on the server

download

Wget HTTP: / / https://github.com/fatedier/frp/releases/download/v0.38.0/frp_0.38.0_linux_amd64.tar.gzCopy the code

Unpack the

The tar - XVF frp_0. 38.0 _linux_amd64. Tar. GzCopy the code

Move to/usr/local

Mkdir /usr/local/frp mv frp_0.38.0_linux_amd64/* /usr/local/frp/Copy the code

Document describing

Ini: server configuration file FRPS: server software FRpc. ini: client configuration file FRPC: client software

Configure systemctl to control, server run

Vim creates a new file and writes the configuration

vim /usr/lib/systemd/system/frp.service
Copy the code

Write the following, note that the path above is moved and placed is relevant here. Here is the starting server.

[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=simple
ExecStart=/usr/local/frp/frps -c /usr/local/frp/frps.ini
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
StandardOutput=syslog
StandardError=inherit

[Install]
WantedBy=multi-user.target
Copy the code

Reload the configuration file for the service

systemctl daemon-reload
Copy the code

Now you can control the FRP with the SystemCTL suite.

Start/stop/restart, view the status, set the startup/shutdown startup

systemctl start frp systemctl stop frp systemctl restart frp systemctl status frp systemctl enable frp systemctl disable  frpCopy the code

Configuration and Use

The service side

frps.ini

[common] # mandatory
bind_port = 7000 # is the self-defined FRP server port
vhost_http_port = 80 # is a self-defined HTTP access port
token = 123  # Verify identity, add more security

[ssh] # SSH reverse proxy (not mandatory)
listen_port = 6000Is a self-defined SSH access port[web] The contents of the HTTP reverse proxy [] can be customized, but the client and server must correspond (e.g. [aaa],[BBB]);
type = http The service type can be HTTP or HTTPS
custom_domains = test1.a.com For the domain name to be mapped, remember the A record of the domain name to resolve to the IP address of the extranet host.

[web2] # same as above (multiple Settings can be set)
Copy the code

The sample

[common]
bind_port = 7000
vhost_http_port = 80

[ssh]
listen_port = 6000

[web]
type = http
custom_domains = test1.a.com

[web2]
type = http
custom_domains = test2.a.com
Copy the code

Start the

./frps -c ./frps.ini

#The background to start
nohup ./frps -c ./frps.ini &
Copy the code

The client

frpc.ini

[common]
server_addr= IP address of the remote FRP serverserver_port= Port number of the remote FRP servertoken= Token of the remote FRP server[http]
type = http
local_ip = 127.0.0.1
local_port= Local port numberremote_port= HTTP service port number of the remote FRP servercustom_domains= User-defined domain namesubdomain= Match subdomain_host configured on the serverCopy the code

The sample

[common]
server_addr = xx.xx.xx.xx
server_port = 7000
token = 123

[web] 
type = http
custom_domains = xx.xx.xx.xx
local_ip = 127.0.0.1
local_port = 8080
custom_domains = xxx.xxx.xxx
subdomain = k2p
Copy the code

Start the

./frpc -c ./frpc.ini

#The background to start
nohup ./frpc -c ./frpc.ini &
Copy the code

Access Intranet HTTP or HTTPS services

Client Configuration

[common]
server_addr= IP address of the FRP serverserver_port = 7000
vhost_http_port = 80 # customizable
vhost_https_port = 443 # customizable
token= 123

[web] 
type = http
local_ip = 127.0.0.1
local_port = 8080
custom_domains= Custom domain nameCopy the code

After running the service, access **custom_domains:vhost_http_port **

Example: http://123.123.123.123 80 can be omitted

SSH Connection to the Intranet

Client Configuration

[common]
server_addr= IP address of the FRP serverserver_port = 7000
token= 123

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
Copy the code

After running the service, use SSH to directly connect to the server

SSH username@server IP -p Port number#SSH [email protected] -p 6000 (replace X.X.X.X with the IP address of the public network server)
Copy the code

Remote Connection to a Windows PC (RDP)

The preparatory work

1. The server release port 3389 can also be customized. I use 7001 here

2. Enable remote connection on a Windows PC

Desktop -> This computer -> Right-click icon -> Properties -> Remote Settings -> Modify to allow remote connection to this computer

Windows 10 above system direct Settings to open the remote desktop

Client Configuration

[common]
server_addr= IP address of the FRP serverserver_port = 7000
token= 123

[RDP]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 7001
Copy the code

Create an RDP connection

Now let’s search for and open Windows Remote Desktop on any computer on the extranet

Enter the server IP address :remote_port For example, run 1.2.3.4:7001 to connect to Windows on the Intranet.

During this process, you need to enter the user name and startup password of the Intranet computer before remote control.

Set boot to start automatically

There are many ways to set up Windows to start up. It is recommended to use WinSW to register THE FRP as a system service.

Reference link: blog.csdn.net/atmosphere_…

That’s the most stable method, and that’s what I ended up using.

Remotely Connect to a Mac (VNC)

The preparatory work

1. Release port 5900 on the server

2. On the Mac, choose System Preferences > Sharing and select Screen Sharing and Remote Login. The user is all Users.

Client Configuration

[common]
server_addr= IP address of the FRP serverserver_port = 7000
token = 123

[vnc]
type = tcp
local_ip = 127.0.0.1
local_port = 5900
remote_port = 5900
use_encryption = true
use_compression = true
Copy the code

Creating a VNC Connection

Once connected, enter your Mac user name and password

Set boot to start automatically

1. Access the Intranet Mac system and perform the following operations

#Edit the bootstrap file
touch ~/Library/LaunchAgents/frpc.plist
vim ~/Library/LaunchAgents/frpc.plist
Copy the code

2. The content of the frpc.plist file is as follows. Pay attention to the FRPC and frpc.ini paths in the file


      
<! DOCTYPEplist PUBLIC -//Apple Computer//DTD PLIST1.0 / / ENhttp: / / www.apple.com/DTDs/PropertyList-1.0.dtd >
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>frpc</string>
    <key>ProgramArguments</key>
    <array>
     <string>/usr/local/bin/frpc/frpc</string>
         <string>-c</string>
     <string>/usr/local/bin/frpc/frpc.ini</string>
    </array>
    <key>KeepAlive</key>
    <true/>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>
Copy the code

3. Load and take effect

sudo chown root ~/Library/LaunchAgents/frpc.plist
sudo launchctl load -w ~/Library/LaunchAgents/frpc.plist
Copy the code

Binding domain

The port access to the HTTP service is cancelled

Every time you access a domain name you need to add a port is very troublesome, you can set Nginx forwarding

Set the domain name in the client configuration file and resolve the domain name to a public IP address

[web] 
type = http
local_ip = 127.0.0.1
local_port = 8080
custom_domains = test.iyouhun.com;
Copy the code

Then set up Nginx forwarding

.server {
          listen 80; Listen on HTTP port 80
          server_name test.iyouhun.com;  # This is the domain we set up
          access_log  logs/test.iyouhun.com.log  main; # Log
          location / {
                  proxy_pass http://127.0.0.1:7001; # forward to the vhost_http_port port we set in frps.ini
                  proxy_set_header    Host            $host:80;  If you add this line, you need to use the domain name 7001 to access the machine on the Intranet
                  proxy_set_header    X-Real-IP       $remote_addr;
                  proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_hide_headerX-Powered-By; }}...Copy the code

Configuring a Generic domain Name (the DEFAULT FRP domain name)

Domain name resolution

Parse two A records: frp.xxx.com and *. Frp.xxx.com, both pointing to your cloud server IP address. Wait A moment, ping frp.xxx.com

Configuring the Server

# frps.ini
[common]
bind_port = 7000.subdomain_host = frp.xxx.com
Copy the code

Client use

# frpc.ini
[web] 
type = http
local_ip = 127.0.0.1
local_port = 8080
Test.frp.xxx.com = test.frp.xxx.com
subdomain = test # Custom domain name prefix
Copy the code

Access the domain name: test.frp.xxx.com:vhost_http_port

Note: If subdomain_host is configured in FRPS, custom_domains cannot be subdomains or generic domains belonging to subdomain_host.

Configure Nginx

As usual, adding port access every time is too cumbersome, so use Nginx for forwarding

server {
	Listen on port 80
	listen 80;
	*.frp.xxx.com *.frp.xxx.com *.frp.xxx.com
	server_name * .frp.xxx.com frp.xxx.com;
	location / {
		proxy_pass http: //127.0.0.1:8080;
		The header of Host must be added; otherwise, the FRP cannot access through which domain name after forwarding, resulting in forwarding failure
		proxy_set_headerHost $host; }}Copy the code

Issues related to

Don’t start

If the server and client fail to start and no error is reported, it is possible that the file does not have execution permission

#Assign permission commandChomd 777 file nameCopy the code

Exec format error reported during server startup

/frpc: cannot execute binary file: Exec format error
Copy the code

This is the wrong file downloaded, the downloaded FRP does not match the operating system processor architecture, need to download the correct file again.

You can run commands such as arch and uname -a to view the system architecture.

arch
#x86_64
Copy the code

Invalid Host header resolution appears in the vue project

// Add the disableHostCheck attribute to the vue.config.js file

module.exports = {
  devServer: {
    disableHostCheck: true}}Copy the code

To understand the use of FRP Intranet penetration and configuration

What is the FRP

The installation

Configure systemctl to control, server run

Configuration and Use

The service side

The client

Access Intranet HTTP or HTTPS services

Client Configuration

SSH Connection to the Intranet

Client Configuration

Remote Connection to a Windows PC (RDP)

The preparatory work

Client Configuration

Create an RDP connection

Set boot to start automatically

Remotely Connect to a Mac (VNC)

The preparatory work

Client Configuration

Creating a VNC Connection

Set boot to start automatically

Binding domain

The port access to the HTTP service is cancelled

Configuring a Generic domain Name (the DEFAULT FRP domain name)

Configure Nginx

Issues related to

Don’t start

Exec format error reported during server startup

Invalid Host header resolution appears in the vue project

Related Posts

The ES modules in the browser

[JavaScript basics] 6

React class components and function components