frp 教程

Posted on

出这个文章的前提是bruce最近买了一个阿里云主机,但是呢云主机的配置比较拉。刚好家里有一台闲置的主机,就想着搞一搞内网穿透。

工具用的是 frp

tcp 模式

这种方式安全性比较差,端口容易被扫,log里看到好多陌生ip。

  1. Modify frps.toml on server A by setting the bindPort for frp clients to connect to:
1
2
# frps.toml
bindPort = 7000

  1. Start frps on server A:

    ./frps -c ./frps.toml

  2. Modify frpc.toml on server B and set the serverAddr field to the public IP address of your frps server:

1
2
3
4
5
6
7
8
9
10
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000

[[proxies]]
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000

Note that the localPort (listened on the client) and remotePort (exposed on the server) are used for traffic going in and out of the frp system, while the serverPort is used for communication between frps and frpc.

  1. Start frpc on server B:

    ./frpc -c ./frpc.toml

  2. To access server B from another machine through server A via SSH (assuming the username is test), use the following command:

    ssh -oPort=6000 test@x.x.x.x

stcp 模式

比上面的要安全些

To mitigate risks associated with exposing certain services directly to the public network, STCP (Secret TCP) mode requires a preshared key to be used for access to the service from other clients.

Configure frps same as above.

  1. Start frpc on machine B with the following config. This example is for exposing the SSH service (port 22), and note the secretKey field for the preshared key, and that the remotePort field is removed here:
1
2
3
4
5
6
7
8
9
10
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000

[[proxies]]
name = "secret_ssh"
type = "stcp"
secretKey = "abcdefg"
localIP = "127.0.0.1"
localPort = 22
  1. Start another frpc (typically on another machine C) with the following config to access the SSH service with a security key (secretKey field):
1
2
3
4
5
6
7
8
9
10
11
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000

[[visitors]]
name = "secret_ssh_visitor"
type = "stcp"
serverName = "secret_ssh"
secretKey = "abcdefg"
bindAddr = "127.0.0.1"
bindPort = 6000

  1. On machine C, connect to SSH on machine B, using this command:

    ssh -oPort=6000 127.0.0.1

http 模式

可以把内网的http服务通过云服务器暴露出来

Sometimes we need to expose a local web service behind a NAT network to others for testing purposes with our own domain name.

Unfortunately, we cannot resolve a domain name to a local IP. However, we can use frp to expose an HTTP(S) service.

  1. Modify frps.toml and set the HTTP port for vhost to 8080:
1
2
3
# frps.toml
bindPort = 7000
vhostHTTPPort = 8080

If you want to configure an https proxy, you need to set up the vhostHTTPSPort.

  1. Start frps:

    ./frps -c ./frps.toml

  2. Modify frpc.toml and set serverAddr to the IP address of the remote frps server. Specify the localPort of your web service:

1
2
3
4
5
6
7
8
9
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000

[[proxies]]
name = "web"
type = "http"
localPort = 80
customDomains = ["www.example.com"]

  1. Start frpc:

    ./frpc -c ./frpc.toml

  2. Map the A record of www.example.com to either the public IP of the remote frps server or a CNAME record pointing to your original domain.

  3. Visit your local web service using url http://www.example.com:8080.