内网穿透--frp

Written by with ♥ on in Linux

最近,我在公司部署了一台24小时在线的测试Centos服务器。但是呢,没有固定公网ip,我头秃了,我该如何能让外网可访问呢,测试服务器外网不能访问,我做他的意义何在呢。

A9BC79BE-1AA6-463F-B154-4223D5904B7F.png

so.我就想办法找内网穿透的工具。 早先呢,显示nat123,但是这工具是真的是超级麻烦,而且还限制。

后面我就找到了frp。

frp能干啥?

利用处于内网或防火墙后的机器,对外网环境提供 http 或 https 服务。 对于 http, https 服务支持基于域名的虚拟主机,支持自定义域名绑定,使多个域名可以共用一个80端口。 利用处于内网或防火墙后的机器,对外网环境提供 tcp 和 udp 服务,例如在家里通过 ssh 访问处于公司内网环境内的主机。

听到这里,就觉得很牛逼,嗯。

准备和所需工具

  1. 一台具有固定公网ip的服务器 - 服务端
  2. 一台无固定公网ip需要穿透的内网服务器 - 连接端
  3. 一台用来连接内网服务器的用户端 - 用户端

安装frp步骤详解

首先`连接端` 和 `服务端`都需要下载frp工具的包放在自己想放的地方 ```shell cd /usr/local/ mkdir frp && cd frp wget https://github.com/fatedier/frp/releases/download/v0.25.3/frp_0.25.3_linux_386.tar.gz tar -zxvf frp_0.25.3_linux_386.tar.gz && cd frp_0.25.3_linux_386 ll ``` 在这个文件夹中,我们 `ll`一下会发现很多文件,我们主要关注关注4个文件,分别是`frpc.ini`和`frps.ini`,前者是连接端所关注的文件,后者是服务端所关注的文件。

然后我们现在

配置服务端的frps

```shell vim ./frps.ini ``` 
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
bind_addr = 0.0.0.0
bind_port = 7000

# udp port to help make udp hole to penetrate nat
bind_udp_port = 7001

# if you want to support virtual host, you must set the http port for listening (optional)
# Note: http port and https port can be same with bind_port
vhost_http_port = 80   #Notice here that with web services, 80 and 443 are already occupied
vhost_https_port = 443

# response header timeout(seconds) for vhost http server, default is 60s
# vhost_http_timeout = 60

# set dashboard_addr and dashboard_port to view dashboard of frps
# dashboard_addr's default value is same with bind_addr
# dashboard is available only if dashboard_port is set
dashboard_addr = 0.0.0.0
dashboard_port = 7500

# dashboard user and passwd for basic auth protect, if not set, both default value is admin
dashboard_user = admin
dashboard_pwd = admin

# dashboard assets directory(only for debug mode)
# assets_dir = ./static
# console or real logFile path like ./frps.log
log_file = ./frps.log

# trace, debug, info, warn, error
log_level = info

log_max_days = 3

# auth token
token = 12345678

# heartbeat configure, it's not recommended to modify the default value
# the default value of heartbeat_timeout is 90
# heartbeat_timeout = 90

# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
allow_ports = 2000-3000,3001,3003,4000-50000

# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 5

# max ports can be used for each client, default value is 0 means no limit
max_ports_per_client = 0

开启 frp - service 服务

./frps -c ./frps.ini

//就会显示
2019/03/27 14:42:34 [I] [service.go:136] frps tcp listen on 0.0.0.0:7000
2019/03/27 14:42:34 [I] [root.go:204] Start frps success

好了,现在我们要搞的就是连接端的也就是内网服务器的frpc.ini

内网服务器配置

```shell vim ./frpc.ini ``` 
[common]
server_addr = 120.56.37.48   #Public network server IP
server_port = 7000           #Same as the server bind_port
token = 12345678             #Same as the server token
user = ctexthuang            #username
 
#The public network accesses the private network server via SSH
[ssh]
type = tcp              #Connection protocol
local_ip = 127.0.0.1    #Private network server ip
local_port = 22         #SSH default port number
remote_port = 6000      #Custom internal SSH port number to access
 
#The public network accesses the private network web server in HTTP mode
[web]
type = http         #Connection protocol
local_port = 8081   #The port number of the private network web service
custom_domains = repo.iwi.com   #The binding of the domain name of the public network server, level 1, level 2 domain name can be

./frpc -r ./frpc.ini

//之后会显示
2019/03/27 14:50:10 [I] [service.go:214] login to server success, get run id [2205e2fd3bbb7257], server udp port [xxxx]
2019/03/27 14:50:10 [I] [proxy_manager.go:137] [2205e2fd3bbb7257] proxy added: [ctexthuang.ssh][ctexthuang.web]
2019/03/27 14:50:10 [I] [control.go:143] [ctexthuang.ssh] start proxy success
2019/03/27 14:50:10 [I] [control.go:143] [ctexthuang.web] start proxy success

Ending

这个时候用客户端 连接内网服务器 的ssh

ssh root@xx.xxx.xxx.xxx -p 6000 #ps:一堆xxx那个是外网服务器的公网ip,-p 后面接的 是内网服务器映射出来的端口,输入密码即可连接

oh, the tutorial is over. See you later,everyone!!!

本文为ctexthuang原创文章,转载请注明来自ctexthuang_blog

Edit with Markdown
召唤看板娘