**作为折腾党,我们怎么能开云服务器呢?我们要用家里有限的资源,**搞出一个机房。像什么花生壳啊,nat123 啊,那速度可是真的不敢恭维,chinaz 去 ping 一下红的橙的黄的一大片,打开网页的速度可想而知,站长看着看着就哭了。那么怎么办呢?大概已经有兄弟有所耳闻,Github 上有一个 Demo,叫 Frp,它能够在具有公网 IP 地址的服务器上,将 NAT 或防火墙后面的任何 tcp 或 udp 服务暴露给互联网,无论有没有公网 ip,能上网就行。通俗来讲,就是找一台有公网 ip 的服务器,然后跟你家里的服务器或者 NAT 建立连接,让这个有公网 ip 的服务器转发用户对内网服务器的请求。相当于给内网服务器一个 ip。
看到这里,又会有兄弟说了,喔,那照样是要买一台云服务器咯,我不干这活!其实呐,我个人理解,买一台超低配,大带宽的服务器就行了,LAMP 或 LNMP 都根本不用装,就用来跑 Frp,1H1G 相信也不会特别贵吧。我们只需要云服务器的带宽和公网 ip,其他一概不需要。如果你的域名备了案,直接去腾讯云秒杀一台服务器完了,一年三十多块钱 (不是广告),要是没有备案,就买一台香港的云服务器可以了,也不会很贵的,这就交给大家自由抉择了
东扯西扯又扯了这么多,赶紧开始正文
正文开始
1. 下载服务端 Frp 源码
github 上有的下,而且是最新版,我用的是 0.33 版本的,没换过
我也可以提供我现在用的 frp 压缩包:
上传到服务端 (也就是有公网 ip 的云服务器), 解压
2.Frp 服务端配置
修改 frps.ini (记住,是 frps.ini,别搞混了)
先删除里面所有内容:
#往里填
[common]
bind_port = 7000
vhost_http_port = 8080 //这是内网穿透对外端口,可以自己修改
#仪表盘配置
dashboard_port = 7500//端口可以修改
dashboard_user = admin//用户名和密码可以自己修改
dashboard_pwd = admin
“bind_port”表示用于客户端和服务端连接的端口,这个端口号我们之后在配置客户端的时候要用到。
“dashboard_port”是服务端仪表板的端口,若使用7500端口,在配置完成服务启动后可以通过浏览器访问 x.x.x.x:7500 (其中x.x.x.x为VPS的IP)查看frp服务运行信息。
“token”是用于客户端和服务端连接的口令,请自行设置并记录,稍后会用到。
“dashboard_user”和“dashboard_pwd”表示打开仪表板页面登录的用户名和密码,自行设置即可。
“vhost_http_port”和“vhost_https_port”用于反向代理HTTP主机时使用
防火墙放行端口:
进入 frp 文件目录,启动 frp 服务:
setsid ./frps -c ./frps.ini
看到 success 了吗,你应该懂得~
我们访问一下 frp 控制面板,刚刚没有启用的大佬可以跳过
浏览器访问 ip + 端口 (默认 7500), 输入用户名和密码
可以随便看看,到时候你创建了穿透服务后,就可以在控制面板统一管理了
3. 下载客户端 Frp 源码
版本要对应啊!要是用了 0.33 的大佬,就接着下载吧
上传到客户端 (也就是没有公网 ip 的云服务器), 解压
4.Frp 客户端配置
修改 frpc.ini (记住,是 frpc.ini,别搞混了)
先删除里面所有内容:
#往里填
[common]
server_addr = your_公网ip
server_port = 7000
vhost_http_port = 8080//要跟服务端端口一样
“server_addr”为服务端IP地址,填入即可。
“server_port”为服务器端口,填入你设置的端口号即可,如果未改变就是7000
“token”是你在服务器上设置的连接口令,原样填入即可。
防火墙放行对应端口
进入 frp 文件目录,启动 frp 服务:
setsid ./frpc -c ./frpc.ini
图示成功穿透
完整配置文件示例,按需使用(大佬可以仔细研究,具体穿透教程拉下)
#frps
# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
bind_addr = 0.0.0.0
bind_port = 7000
# udp port to help make udp hole to penetrate nat
bind_udp_port = 7001
# udp port used for kcp protocol, it can be same with 'bind_port'
# if not set, kcp is disabled in frps
kcp_bind_port = 7000
# specify which address proxy will listen for, default value is same with bind_addr
# proxy_bind_addr = 127.0.0.1
# if you want to support virtual host, you must set the http port for listening (optional)
# Note: http port and https port can be same with bind_port
vhost_http_port = 80
vhost_https_port = 443
# response header timeout(seconds) for vhost http server, default is 60s
# vhost_http_timeout = 60
# TcpMuxHttpConnectPort specifies the port that the server listens for TCP
# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
# requests on one single port. If it's not - it will listen on this value for
# HTTP CONNECT requests. By default, this value is 0.
# tcpmux_httpconnect_port = 1337
# set dashboard_addr and dashboard_port to view dashboard of frps
# dashboard_addr's default value is same with bind_addr
# dashboard is available only if dashboard_port is set
dashboard_addr = 0.0.0.0
dashboard_port = 7500
# dashboard user and passwd for basic auth protect, if not set, both default value is admin
dashboard_user = admin
dashboard_pwd = admin
# enable_prometheus will export prometheus metrics on {dashboard_addr}:{dashboard_port} in /metrics api.
enable_prometheus = true
# dashboard assets directory(only for debug mode)
# assets_dir = ./static
# console or real logFile path like ./frps.log
log_file = ./frps.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3
# disable log colors when log_file is console, default is false
disable_log_color = false
# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
detailed_errors_to_client = true
# AuthenticationMethod specifies what authentication method to use authenticate frpc with frps.
# If "token" is specified - token will be read into login message.
# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
authentication_method = token
# AuthenticateHeartBeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
authenticate_heartbeats = false
# AuthenticateNewWorkConns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
authenticate_new_work_conns = false
# auth token
token = 12345678
# OidcClientId specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
# By default, this value is "".
oidc_client_id =
# OidcClientSecret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
# By default, this value is "".
oidc_client_secret =
# OidcAudience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
oidc_audience =
# OidcTokenEndpointUrl specifies the URL which implements OIDC Token Endpoint.
# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
oidc_token_endpoint_url =
# heartbeat configure, it's not recommended to modify the default value
# the default value of heartbeat_timeout is 90
# heartbeat_timeout = 90
# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
allow_ports = 2000-3000,3001,3003,4000-50000
# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 5
# max ports can be used for each client, default value is 0 means no limit
max_ports_per_client = 0
# TlsOnly specifies whether to only accept TLS-encrypted connections. By default, the value is false.
tls_only = false
# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
# when subdomain is test, the host used by routing is test.frps.com
subdomain_host = frps.com
# if tcp stream multiplexing is used, default is true
tcp_mux = true
# custom 404 page for HTTP requests
# custom_404_page = /path/to/404.html
[plugin.user-manager]
addr = 127.0.0.1:9000
path = /handler
ops = Login
[plugin.port-manager]
addr = 127.0.0.1:9001
path = /handler
ops = NewProxy
#frpc
# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
server_addr = 0.0.0.0
server_port = 7000
# if you want to connect frps by http proxy or socks5 proxy, you can set http_proxy here or in global environment variables
# it only works when protocol is tcp
# http_proxy = http://user:passwd@192.168.1.128:8080
# http_proxy = socks5://user:passwd@192.168.1.128:1080
# console or real logFile path like ./frpc.log
log_file = ./frpc.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3
# disable log colors when log_file is console, default is false
disable_log_color = false
# for authentication
token = 12345678
# set admin address for control frpc's action by http api such as reload
admin_addr = 127.0.0.1
admin_port = 7400
admin_user = admin
admin_pwd = admin
# Admin assets directory. By default, these assets are bundled with frpc.
# assets_dir = ./static
# connections will be established in advance, default value is zero
pool_count = 5
# if tcp stream multiplexing is used, default is true, it must be same with frps
tcp_mux = true
# your proxy name will be changed to {user}.{proxy}
user = your_name
# decide if exit program when first login failed, otherwise continuous relogin to frps
# default is true
login_fail_exit = true
# communication protocol used to connect to server
# now it supports tcp and kcp and websocket, default is tcp
protocol = tcp
# if tls_enable is true, frpc will connect frps by tls
tls_enable = true
# specify a dns server, so frpc will use this instead of default one
# dns_server = 8.8.8.8
# proxy names you want to start seperated by ','
# default is empty, means all proxies
# start = ssh,dns
# heartbeat configure, it's not recommended to modify the default value
# the default value of heartbeat_interval is 10 and heartbeat_timeout is 90
# heartbeat_interval = 30
# heartbeat_timeout = 90
# additional meta info for client
meta_var1 = 123
meta_var2 = 234
# 'ssh' is the unique proxy name
# if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
[ssh]
# tcp | udp | http | https | stcp | xtcp, default is tcp
type = tcp
local_ip = 127.0.0.1
local_port = 22
# limit bandwidth for this proxy, unit is KB and MB
bandwidth_limit = 1MB
# true or false, if true, messages between frps and frpc will be encrypted, default is false
use_encryption = false
# if true, message will be compressed
use_compression = false
# remote port listen by frps
remote_port = 6001
# frps will load balancing connections for proxies in same group
group = test_group
# group should have same group key
group_key = 123456
# enable health check for the backend service, it support 'tcp' and 'http' now
# frpc will connect local service's port to detect it's healthy status
health_check_type = tcp
# health check connection timeout
health_check_timeout_s = 3
# if continuous failed in 3 times, the proxy will be removed from frps
health_check_max_failed = 3
# every 10 seconds will do a health check
health_check_interval_s = 10
# additional meta info for each proxy
meta_var1 = 123
meta_var2 = 234
[ssh_random]
type = tcp
local_ip = 127.0.0.1
local_port = 22
# if remote_port is 0, frps will assign a random port for you
remote_port = 0
# if you want to expose multiple ports, add 'range:' prefix to the section name
# frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on.
[range:tcp_port]
type = tcp
local_ip = 127.0.0.1
local_port = 6010-6020,6022,6024-6028
remote_port = 6010-6020,6022,6024-6028
use_encryption = false
use_compression = false
[dns]
type = udp
local_ip = 114.114.114.114
local_port = 53
remote_port = 6002
use_encryption = false
use_compression = false
[range:udp_port]
type = udp
local_ip = 127.0.0.1
local_port = 6010-6020
remote_port = 6010-6020
use_encryption = false
use_compression = false
# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
[web01]
type = http
local_ip = 127.0.0.1
local_port = 80
use_encryption = false
use_compression = true
# http username and password are safety certification for http protocol
# if not set, you can access this custom_domains without certification
http_user = admin
http_pwd = admin
# if domain for frps is frps.com, then you can access [web01] proxy by URL http://test.frps.com
subdomain = web01
custom_domains = web02.yourdomain.com
# locations is only available for http type
locations = /,/pic
host_header_rewrite = example.com
# params with prefix "header_" will be used to update http request headers
header_X-From-Where = frp
health_check_type = http
# frpc will send a GET http request '/status' to local http service
# http service is alive when it return 2xx http response code
health_check_url = /status
health_check_interval_s = 10
health_check_max_failed = 3
health_check_timeout_s = 3
[web02]
type = https
local_ip = 127.0.0.1
local_port = 8000
use_encryption = false
use_compression = false
subdomain = web01
custom_domains = web02.yourdomain.com
# if not empty, frpc will use proxy protocol to transfer connection info to your local service
# v1 or v2 or empty
proxy_protocol_version = v2
[plugin_unix_domain_socket]
type = tcp
remote_port = 6003
# if plugin is defined, local_ip and local_port is useless
# plugin will handle connections got from frps
plugin = unix_domain_socket
# params with prefix "plugin_" that plugin needed
plugin_unix_path = /var/run/docker.sock
[plugin_http_proxy]
type = tcp
remote_port = 6004
plugin = http_proxy
plugin_http_user = abc
plugin_http_passwd = abc
[plugin_socks5]
type = tcp
remote_port = 6005
plugin = socks5
plugin_user = abc
plugin_passwd = abc
[plugin_static_file]
type = tcp
remote_port = 6006
plugin = static_file
plugin_local_path = /var/www/blog
plugin_strip_prefix = static
plugin_http_user = abc
plugin_http_passwd = abc
[plugin_https2http]
type = https
custom_domains = test.yourdomain.com
plugin = https2http
plugin_local_addr = 127.0.0.1:80
plugin_crt_path = ./server.crt
plugin_key_path = ./server.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp
[plugin_http2https]
type = http
custom_domains = test.yourdomain.com
plugin = http2https
plugin_local_addr = 127.0.0.1:443
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp
[secret_tcp]
# If the type is secret tcp, remote_port is useless
# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
type = stcp
# sk used for authentication for visitors
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22
use_encryption = false
use_compression = false
# user of frpc should be same in both stcp server and stcp visitor
[secret_tcp_visitor]
# frpc role visitor -> frps -> frpc role server
role = visitor
type = stcp
# the server name you want to visitor
server_name = secret_tcp
sk = abcdefg
# connect this address to visitor stcp server
bind_addr = 127.0.0.1
bind_port = 9000
use_encryption = false
use_compression = false
[p2p_tcp]
type = xtcp
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22
use_encryption = false
use_compression = false
[p2p_tcp_visitor]
role = visitor
type = xtcp
server_name = p2p_tcp
sk = abcdefg
bind_addr = 127.0.0.1
bind_port = 9001
use_encryption = false
use_compression = false
[tcpmuxhttpconnect]
type = tcpmux
multiplexer = httpconnect
local_ip = 127.0.0.1
local_port = 10701
custom_domains = tunnel1
小白 web 穿透教程:
搭好 frp 服务后,服务端(即 frps.ini)修改文件:
#往里填
[common]
bind_port = 7000
vhost_http_port = 8080
//这是内网穿透对外端口,可以自己修改,如果需要80或443端口(方便),卸载nginx或apache
#仪表盘配置
dashboard_port = 7500//端口可以修改
dashboard_user = admin//用户名和密码可以自己修改
dashboard_pwd = admin
#以下是需要添加的内容
#添加web穿透
[web]
type = http
custom_domains = text.rosmontis.com #穿透域名
客户端(即 frpc.ini)修改文件:
#添加web穿透
[web01]
type = http
local_ip = 127.0.0.1
local_port = 81 #端口,非常重要,必须填对
custom_domains = text.rosmontis.com
我们可以在客户端宝塔修改网站端口:
启动 frp 服务,客户端 81 端口即可映射到服务端 8080 端口,访问服务端公网 ip+8080 即可访问到内网资源
若是需要使用 80 端口,需要卸载 web 服务!
更多服务端口的穿透示例:
“[xxx]”表示一个规则名称,自己定义,便于查询即可。
“type”表示转发的协议类型,有TCP和UDP等选项可以选择,如有需要请自行查询frp手册。
“local_port”是本地应用的端口号,按照实际应用工作在本机的端口号填写即可。
“remote_port”是该条规则在服务端开放的端口号,自己填写并记录即可。
#ssh服务穿透
#通过tcp来连接SSH
#frps.ini
#empty
#frpc.ini
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
#mysql服务穿透
#通过tcp来连接mysql
#frps.ini
#empty
#frpc.ini
[mysql]
type = tcp
local_port = 3306
remote_port = 3306
#use_encryption = true
#use_compression = true
#tomcat服务穿透
#frps.ini
#empty
#frpc.ini
type = http
local_port = 8083
custom_domains = tomcat.xxxx1.com
remote_port =
一点点高级玩法
1.token 验证
防止别的服务器使用你的 frp 服务,相当于密码
在 frps.ini 和 frpc.ini 添加:
token = 123456789 #密码自己改
2. 开机自启
[Unit]
Description=Frp Server Service
After=network.target
[Service]
User=root
Restart=on-failure
RestartSec=5s
ExecStart=frps文件夹路径 -c frps.ini路径/frps.ini
[Install]
WantedBy=multi-user.target
#ssh执行
开机启动frps:
systemctl enable frps
启动frps:
systemctl start frps
停止frps:
systemctl stop frps
重启frps:
systemctl restart frps
查看frps状态:
systemctl status frps
删除服务的命令:
systemctl stop frps
3. 多 server
多台内网服务器同时使用一个外网服务端:
将 frpc.ini 改成 frpc2.ini 或 frpc3.ini,依次递增即可
./frpc -c frpc2.ini
4. 自定义规则
“[xxx]”表示一个规则名称,自己定义,便于查询即可。
“type”表示转发的协议类型,有TCP和UDP等选项可以选择,如有需要请自行查询frp手册。
“local_port”是本地应用的端口号,按照实际应用工作在本机的端口号填写即可。
“remote_port”是该条规则在服务端开放的端口号,自己填写并记录即可。
tcp,udp,http 的穿透可自己玩,参数含义如上
评论区