内网穿透--frp

··

阅读

关键洞察

最近，我在公司部署了一台24小时在线的测试Centos服务器。但是呢，没有固定公网ip，我头秃了，我该如何能让外网可访问呢，测试服务器外网不能访问，我做他的意义何在呢。

A9BC79BE-1AA6-463F-B154-4223D5904B7F.png

so.我就想办法找内网穿透的工具。早先呢，显示nat123，但是这工具是真的是超级麻烦，而且还限制。

后面我就找到了frp。

frp能干啥？

利用处于内网或防火墙后的机器，对外网环境提供 http 或 https 服务。对于 http, https 服务支持基于域名的虚拟主机，支持自定义域名绑定，使多个域名可以共用一个80端口。利用处于内网或防火墙后的机器，对外网环境提供 tcp 和 udp 服务，例如在家里通过 ssh 访问处于公司内网环境内的主机。

听到这里，就觉得很牛逼，嗯。

准备和所需工具

一台具有固定公网ip的服务器 - 服务端
一台无固定公网ip需要穿透的内网服务器 - 连接端
一台用来连接内网服务器的用户端 - 用户端

安装frp步骤详解

首先连接端 和 服务端都需要下载frp工具的包放在自己想放的地方

cd /usr/local/
mkdir frp && cd frp
wget https://github.com/fatedier/frp/releases/download/v0.25.3/frp_0.25.3_linux_386.tar.gz
tar -zxvf  frp_0.25.3_linux_386.tar.gz && cd frp_0.25.3_linux_386
ll

在这个文件夹中，我们 ll一下会发现很多文件，我们主要关注关注4个文件，分别是frpc.ini和frps.ini，前者是连接端所关注的文件，后者是服务端所关注的文件。

然后我们现在

配置服务端的frps

vim ./frps.ini

TXT

[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
bind_addr = 0.0.0.0
bind_port = 7000

# udp port to help make udp hole to penetrate nat
bind_udp_port = 7001

# if you want to support virtual host, you must set the http port for listening (optional)
# Note: http port and https port can be same with bind_port
vhost_http_port = 80   #Notice here that with web services, 80 and 443 are already occupied
vhost_https_port = 443

# response header timeout(seconds) for vhost http server, default is 60s
# vhost_http_timeout = 60

# set dashboard_addr and dashboard_port to view dashboard of frps
# dashboard_addr's default value is same with bind_addr
# dashboard is available only if dashboard_port is set
dashboard_addr = 0.0.0.0
dashboard_port = 7500

# dashboard user and passwd for basic auth protect, if not set, both default value is admin
dashboard_user = admin
dashboard_pwd = admin

# dashboard assets directory(only for debug mode)
# assets_dir = ./static
# console or real logFile path like ./frps.log
log_file = ./frps.log

# trace, debug, info, warn, error
log_level = info

log_max_days = 3

# auth token
token = 12345678

# heartbeat configure, it's not recommended to modify the default value
# the default value of heartbeat_timeout is 90
# heartbeat_timeout = 90

# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
allow_ports = 2000-3000,3001,3003,4000-50000

# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 5

# max ports can be used for each client, default value is 0 means no limit
max_ports_per_client = 0

开启 frp - service 服务

./frps -c ./frps.ini

//就会显示
2019/03/27 14:42:34 [I] [service.go:136] frps tcp listen on 0.0.0.0:7000
2019/03/27 14:42:34 [I] [root.go:204] Start frps success

好了，现在我们要搞的就是连接端的也就是内网服务器的frpc.ini

内网服务器配置

CodeBlock Loading...

Ending

这个时候用客户端连接内网服务器的ssh

CodeBlock Loading...

oh, the tutorial is over. See you later,everyone!!!

[common] # A literal address or host name for IPv6 must be enclosed # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" bind_addr = 0.0.0.0 bind_port = 7000 # udp port to help make udp hole to penetrate nat bind_udp_port = 7001 # if you want to support virtual host, you must set the http port for listening (optional) # Note: http port and https port can be same with bind_port vhost_http_port = 80 #Notice here that with web services, 80 and 443 are already occupied vhost_https_port = 443 # response header timeout(seconds) for vhost http server, default is 60s # vhost_http_timeout = 60 # set dashboard_addr and dashboard_port to view dashboard of frps # dashboard_addr's default value is same with bind_addr # dashboard is available only if dashboard_port is set dashboard_addr = 0.0.0.0 dashboard_port = 7500 # dashboard user and passwd for basic auth protect, if not set, both default value is admin dashboard_user = admin dashboard_pwd = admin # dashboard assets directory(only for debug mode) # assets_dir = ./static # console or real logFile path like ./frps.log log_file = ./frps.log # trace, debug, info, warn, error log_level = info log_max_days = 3 # auth token token = 12345678 # heartbeat configure, it's not recommended to modify the default value # the default value of heartbeat_timeout is 90 # heartbeat_timeout = 90 # only allow frpc to bind ports you list, if you set nothing, there won't be any limit allow_ports = 2000-3000,3001,3003,4000-50000 # pool_count in each proxy will change to max_pool_count if they exceed the maximum value max_pool_count = 5 # max ports can be used for each client, default value is 0 means no limit max_ports_per_client = 0

[common] server_addr = 120.56.37.48 #Public network server IP server_port = 7000 #Same as the server bind_port token = 12345678 #Same as the server token user = ctexthuang #username #The public network accesses the private network server via SSH [ssh] type = tcp #Connection protocol local_ip = 127.0.0.1 #Private network server ip local_port = 22 #SSH default port number remote_port = 6000 #Custom internal SSH port number to access #The public network accesses the private network web server in HTTP mode [web] type = http #Connection protocol local_port = 8081 #The port number of the private network web service custom_domains = repo.iwi.com #The binding of the domain name of the public network server, level 1, level 2 domain name can be

./frpc -r ./frpc.ini //之后会显示 2019/03/27 14:50:10 [I] [service.go:214] login to server success, get run id [2205e2fd3bbb7257], server udp port [xxxx] 2019/03/27 14:50:10 [I] [proxy_manager.go:137] [2205e2fd3bbb7257] proxy added: [ctexthuang.ssh][ctexthuang.web] 2019/03/27 14:50:10 [I] [control.go:143] [ctexthuang.ssh] start proxy success 2019/03/27 14:50:10 [I] [control.go:143] [ctexthuang.web] start proxy success