1、前言 {#1%E3%80%81%E5%89%8D%E8%A8%80}

服务器简介： 雨云 - 新一代云服务提供商 - 智识家 (sw0.top)，优势是带宽大还便宜，若无备案域名可购买美区和香港服务器。

服务器官网： 雨云 - 新一代云服务提供商 (rainyun.com)

本教程使用Frps与Frpc进行内网穿透，其中Frps需要自购服务器安装，若无法购买服务器则本教程对你无用；

另外还需拥有自己的域名，雨云免费二级域名好像不能申请证书；

推荐购买国内的主机，使用NAT网络不购买独立IP，国内主机独立IP价格很贵，这种方式虽然不能省略端口号，但是可以确保访问速度很快，NAT给的10个端口基本够用，开一个端口作为反向代理，不同站点使用不同二级域名访问；

Frps：穿透服务端，部署在服务器；

Frpc：穿透客户端，部署在NAS中；

由上述链接注册或输入注册码 zsj的用户，可在 控制台 - 积分中心 - 积分商城 - 优惠券专区处领取 折扣优惠券，湖北地区受限不能使用。

2、Frp安装 {#2%E3%80%81frp%E5%AE%89%E8%A3%85}

2.1、服务器安装1panel面板 {#2.1%E3%80%81%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%AE%89%E8%A3%851panel%E9%9D%A2%E6%9D%BF}

2.1.1、服务器仅做穿透时，只需购买1核1G的即可； {#2.1.1%E3%80%81%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%BB%85%E5%81%9A%E7%A9%BF%E9%80%8F%E6%97%B6%EF%BC%8C%E5%8F%AA%E9%9C%80%E8%B4%AD%E4%B9%B01%E6%A0%B81g%E7%9A%84%E5%8D%B3%E5%8F%AF%EF%BC%9B}

2.1.2、服务器推荐安装debain11系统，预装APP不选，稍后自行安装； {#2.1.2%E3%80%81%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%8E%A8%E8%8D%90%E5%AE%89%E8%A3%85debain11%E7%B3%BB%E7%BB%9F%EF%BC%8C%E9%A2%84%E8%A3%85app%E4%B8%8D%E9%80%89%EF%BC%8C%E7%A8%8D%E5%90%8E%E8%87%AA%E8%A1%8C%E5%AE%89%E8%A3%85%EF%BC%9B}

2.1.3、使用ssh工具连接服务器 {#2.1.3%E3%80%81%E4%BD%BF%E7%94%A8ssh%E5%B7%A5%E5%85%B7%E8%BF%9E%E6%8E%A5%E6%9C%8D%E5%8A%A1%E5%99%A8}

连接信息如上图，端口：22。

2.1.4、安装1panle {#2.1.4%E3%80%81%E5%AE%89%E8%A3%851panle}

服务器安装1Panel服务器运维管理面板 - 智识家|智识笔记 (sw0.top)

2.2、安装OpenResty {#2.2%E3%80%81%E5%AE%89%E8%A3%85openresty}

安装Nginx代理服务器，端口80和443不要修改。

2.3、Frps安装 {#2.3%E3%80%81frps%E5%AE%89%E8%A3%85}

2.3.1、镜像 {#2.3.1%E3%80%81%E9%95%9C%E5%83%8F}

snowdreamtech/frps:latest

2.3.2、安装Frps {#2.3.2%E3%80%81%E5%AE%89%E8%A3%85frps}

服务端口：Frpc的服务连接端口，需要确保服务器防火墙放行此端口；
Dashboard 端口：Frps服务端管理WEB端口，可以被反向代理到80端口下；
用户名和密码：输入一个只会被自己记住的组合即可，此信息用于登录WEB管理端；
注意：使用其他方式按照请确保Frps网络为host；

2.3.2.1、Frps默认配置文件 {#2.3.2.1%E3%80%81frps%E9%BB%98%E8%AE%A4%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6}

bindPort：服务端口
webServer.addr：不要修改；
webServer.port：Frps的web管理端口；
webServer.user和webServer.password：Frps的web管理端账号和密码。

2.3.2.2、Frps完整的配置文件 {#2.3.2.2%E3%80%81frps%E5%AE%8C%E6%95%B4%E7%9A%84%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6}

# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single "bind_addr" field, no need square brackets, like "bind_addr = ::".
bindAddr = "0.0.0.0"
bindPort = 7000

udp port used for kcp protocol, it can be same with 'bind_port'.
================================================================



if not set, kcp is disabled in frps.
====================================



kcpBindPort = 7000


udp port used for quic protocol.
================================



if not set, quic is disabled in frps.
=====================================



quicBindPort = 7002
===================



Specify which address proxy will listen for, default value is same with bind_addr
=================================================================================



proxy_bind_addr = "127.0.0.1"
=============================



quic protocol options
=====================



transport.quic.keepalivePeriod = 10
===================================



transport.quic.maxIdleTimeout = 30
==================================



transport.quic.maxIncomingStreams = 100000
==========================================



Heartbeat configure, it's not recommended to modify the default value
=====================================================================



The default value of heartbeat_timeout is 90. Set negative value to disable it.
===============================================================================



transport.heartbeatTimeout = 90
===============================



Pool count in each proxy will keep no more than maxPoolCount.
=============================================================



transport.maxPoolCount = 5


If tcp stream multiplexing is used, default is true
===================================================



transport.tcpMux = true
=======================



Specify keep alive interval for tcp mux.
========================================



only valid if tcpMux is true.
=============================



transport.tcpMuxKeepaliveInterval = 60
======================================



tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
=====================================================================================================================



If negative, keep-alive probes are disabled.
============================================



transport.tcpKeepalive = 7200
=============================



transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false.
===============================================================================================================



tls.force = false


transport.tls.certFile = "server.crt"
=====================================



transport.tls.keyFile = "server.key"
====================================



transport.tls.trustedCaFile = "ca.crt"
======================================



If you want to support virtual host, you must set the http port for listening (optional)
========================================================================================



Note: http port and https port can be same with bind_port
=========================================================



vhostHTTPPort = 80
vhostHTTPSPort = 443


Response header timeout(seconds) for vhost http server, default is 60s
======================================================================



vhostHTTPTimeout = 60
=====================



tcpmuxHTTPConnectPort specifies the port that the server listens for TCP
========================================================================



HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
===========================================================================



requests on one single port. If it's not - it will listen on this value for
===========================================================================



HTTP CONNECT requests. By default, this value is 0.
===================================================



tcpmuxHTTPConnectPort = 1337
============================



If tcpmux_passthrough is true, frps won't do any update on traffic.
===================================================================



tcpmuxPassthrough = false
=========================



Configure the web server to enable the dashboard for frps.
==========================================================



dashboard is available only if webServer.port is set.
=====================================================



webServer.addr = "127.0.0.1"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"


webServer.tls.certFile = "server.crt"
=====================================



webServer.tls.keyFile = "server.key"
====================================



dashboard assets directory(only for debug mode)
===============================================



webServer.assetsDir = "./static"
================================



Enable golang pprof handlers in dashboard listener.
===================================================



Dashboard port must be set first
================================



webServer.pprofEnable = false


enablePrometheus will export prometheus metrics on webServer in /metrics api.
=============================================================================



enablePrometheus = true


console or real logFile path like ./frps.log
============================================



log.to = "./frps.log"


trace, debug, info, warn, error
===============================



log.level = "info"
log.maxDays = 3


disable log colors when log.to is console, default is false
===========================================================



log.disablePrintColor = false


DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
============================================================================================================================



detailedErrorsToClient = true


auth.method specifies what authentication method to use authenticate frpc with frps.
====================================================================================



If "token" is specified - token will be read into login message.
================================================================



If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
============================================================================================================================



auth.method = "token"


auth.additionalScopes specifies additional scopes to include authentication information.
========================================================================================



Optional values are HeartBeats, NewWorkConns.
=============================================



auth.additionalScopes = \["HeartBeats", "NewWorkConns"\]
========================================================



auth token
==========



auth.token = "12345678"


oidc issuer specifies the issuer to verify OIDC tokens with.
============================================================



auth.oidc.issuer = ""


oidc audience specifies the audience OIDC tokens should contain when validated.
===============================================================================



auth.oidc.audience = ""


oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired.
=====================================================================================



auth.oidc.skipExpiryCheck = false


oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
====================================================================================================================================



auth.oidc.skipIssuerCheck = false


userConnTimeout specifies the maximum time to wait for a work connection.
=========================================================================



userConnTimeout = 10
====================



Only allow frpc to bind ports you list. By default, there won't be any limit.
=============================================================================



allowPorts = \[
{ start = 2000, end = 3000 },
{ single = 3001 },
{ single = 3003 },
{ start = 4000, end = 50000 }
\]


Max ports can be used for each client, default value is 0 means no limit
========================================================================



maxPortsPerClient = 0


If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file
========================================================================================================



When subdomain is est, the host used by routing is test.frps.com
================================================================



subDomainHost = "frps.com"


custom 404 page for HTTP requests
=================================



custom404Page = "/path/to/404.html"
===================================



specify udp packet size, unit is byte. If not set, the default value is 1500.
=============================================================================



This parameter should be same between client and server.
========================================================



It affects the udp and sudp proxy.
==================================



udpPacketSize = 1500


Retention time for NAT hole punching strategy data.
===================================================



natholeAnalysisDataReserveHours = 168


\[\[httpPlugins\]\]
name = "user-manager"
addr = "127.0.0.1:9000"
path = "/handler"
ops = \["Login"\]

`[[httpPlugins]]
name = "port-manager"
addr = "127.0.0.1:9001"
path = "/handler"
ops = ["NewProxy"]
`

此文件不要直接使用，按需摘取所需配置即可；
如无特殊需求，此文件中的配置节一般用不到。

2.3.3、修改Frps配置，增加token认证 {#2.3.3%E3%80%81%E4%BF%AE%E6%94%B9frps%E9%85%8D%E7%BD%AE%EF%BC%8C%E5%A2%9E%E5%8A%A0token%E8%AE%A4%E8%AF%81}

auth.method = "token"
auth.token = "xxxxxx"

增加2段代码，xxxxxx必须修改为强密码；
重启Frps服务端，使配置生效。

2.4、Frpc安装 {#2.4%E3%80%81frpc%E5%AE%89%E8%A3%85}

2.4.1、镜像 {#2.4.1%E3%80%81%E9%95%9C%E5%83%8F}

snowdreamtech/frpc:latest

2.4.2、基础设置 {#2.4.2%E3%80%81%E5%9F%BA%E7%A1%80%E8%AE%BE%E7%BD%AE}

重启策略：容器退出时总是重启容器。

2.4.3、网络 {#2.4.3%E3%80%81%E7%BD%91%E7%BB%9C}

必须选择 host；
必须选择 host；
必须选择 host；

2.4.4、存储空间 {#2.4.4%E3%80%81%E5%AD%98%E5%82%A8%E7%A9%BA%E9%97%B4}

装载路径：/etc/frp/frpc.toml；
文件：必须选择一个文件作为配置文件映射。

2.4.4.1、配置文件内容 {#2.4.4.1%E3%80%81%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6%E5%86%85%E5%AE%B9}

serverAddr = "Frps服务端的ip或者域名"
serverPort = Frps服务端的服务端口

webServer.addr = "0.0.0.0"
webServer.port = 20000
webServer.user = "xxx"
webServer.password = "xxx"
webServer.pprofEnable = false

`auth.method = "token"
auth.token = "xxxxxx"`

serverAddr必须是Frps的ip或域名；
serverPort必须是Frps的服务端端口，本示例为：30000；
webServer.addr不要修改；
webServer.port是Frpc的管理端口；
webServer.user和webServer.password是Frpc的管理端账户和密码；
webServer.pprofEnable不懂不要修改；
auth.method和auth.token需要和Frps配置的完全一致；
保存上述文本内容为：frpc.toml文件，上传到NAS中，作为Frpc的映射配置文件。

2.4.4.2、Frpc的完整配置文件 {#2.4.4.2%E3%80%81frpc%E7%9A%84%E5%AE%8C%E6%95%B4%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6}

# your proxy name will be changed to {user}.{proxy}
user = "your_name"

A literal address or host name for IPv6 must be enclosed
========================================================



in square brackets, as in "\[::1\]:80", "\[ipv6-host\]:http" or "\[ipv6-host%zone\]:80"
=======================================================================================



For single serverAddr field, no need square brackets, like serverAddr = "::".
=============================================================================



serverAddr = "0.0.0.0"
serverPort = 7000


STUN server to help penetrate NAT hole.
=======================================



natHoleStunServer = "stun.easyvoip.com:3478"
============================================



Decide if exit program when first login failed, otherwise continuous relogin to frps
====================================================================================



default is true
===============



loginFailExit = true


console or real logFile path like ./frpc.log
============================================



log.to = "./frpc.log"


trace, debug, info, warn, error
===============================



log.level = "info"
log.maxDays = 3


disable log colors when log.to is console, default is false
===========================================================



log.disablePrintColor = false


auth.method = "token"


auth.additionalScopes specifies additional scopes to include authentication information.
========================================================================================



Optional values are HeartBeats, NewWorkConns.
=============================================



auth.additionalScopes = \["HeartBeats", "NewWorkConns"\]
========================================================



auth token
==========



auth.token = "12345678"


oidc.clientID specifies the client ID to use to get a token in OIDC authentication.
===================================================================================



auth.oidc.clientID = ""
=======================



oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication.
===========================================================================================



auth.oidc.clientSecret = ""
===========================



oidc.audience specifies the audience of the token in OIDC authentication.
=========================================================================



auth.oidc.audience = ""
=======================



oidc_scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
==========================================================================================================================================



auth.oidc.scope = ""
====================



oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
=============================================================================



It will be used to get an OIDC token.
=====================================



auth.oidc.tokenEndpointURL = ""
===============================



oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint.
====================================================================================================



For example, if you want to specify the "audience" parameter, you can set as follow.
====================================================================================



frp will add "audience=\<value\>" "var1=\<value\>" to the additional parameters.
================================================================================



auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/"
============================================================================



auth.oidc.additionalEndpointParams.var1 = "foobar"
==================================================



Set admin address for control frpc's action by http api such as reload
======================================================================



webServer.addr = "127.0.0.1"
webServer.port = 7400
webServer.user = "admin"
webServer.password = "admin"


Admin assets directory. By default, these assets are bundled with frpc.
=======================================================================



webServer.assetsDir = "./static"
================================



Enable golang pprof handlers in admin listener.
===============================================



webServer.pprofEnable = false


The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.
=============================================================================================================



transport.dialServerTimeout = 10
================================



dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
============================================================================================================================



If negative, keep-alive probes are disabled.
============================================



transport.dialServerKeepalive = 7200
====================================



connections will be established in advance, default value is zero
=================================================================



transport.poolCount = 5


If tcp stream multiplexing is used, default is true, it must be same with frps
==============================================================================



transport.tcpMux = true
=======================



Specify keep alive interval for tcp mux.
========================================



only valid if tcpMux is enabled.
================================



transport.tcpMuxKeepaliveInterval = 60
======================================



Communication protocol used to connect to server
================================================



supports tcp, kcp, quic, websocket and wss now, default is tcp
==============================================================



transport.protocol = "tcp"


set client binding ip when connect server, default is empty.
============================================================



only when protocol = tcp or websocket, the value will be used.
==============================================================



transport.connectServerLocalIP = "0.0.0.0"


if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables
=====================================================================================================================================



it only works when protocol is tcp
==================================



transport.proxyURL = "http://user:passwd@192.168.1.128:8080"
============================================================



transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080"
==============================================================



transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080"
============================================================



quic protocol options
=====================



transport.quic.keepalivePeriod = 10
===================================



transport.quic.maxIdleTimeout = 30
==================================



transport.quic.maxIncomingStreams = 100000
==========================================



If tls.enable is true, frpc will connect frps by tls.
=====================================================



Since v0.50.0, the default value has been changed to true, and tls is enabled by default.
=========================================================================================



transport.tls.enable = true


transport.tls.certFile = "client.crt"
=====================================



transport.tls.keyFile = "client.key"
====================================



transport.tls.trustedCaFile = "ca.crt"
======================================



transport.tls.serverName = "example.com"
========================================



If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the
======================================================================================================



first custom byte when tls is enabled.
======================================



Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.
============================================================================================================



transport.tls.disableCustomTLSFirstByte = true
==============================================



Heartbeat configure, it's not recommended to modify the default value.
======================================================================



The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value
=============================================================================================



to disable it.
==============



transport.heartbeatInterval = 30
================================



transport.heartbeatTimeout = 90
===============================



Specify a dns server, so frpc will use this instead of default one
==================================================================



dnsServer = "8.8.8.8"
=====================



Proxy names you want to start.
==============================



Default is empty, means all proxies.
====================================



start = \["ssh", "dns"\]
========================



Specify udp packet size, unit is byte. If not set, the default value is 1500.
=============================================================================



This parameter should be same between client and server.
========================================================



It affects the udp and sudp proxy.
==================================



udpPacketSize = 1500


Additional metadatas for client.
================================



metadatas.var1 = "abc"
metadatas.var2 = "123"


Include other config files for proxies.
=======================================



includes = \["./confd/\*.ini"\]
===============================



\[\[proxies\]\]


'ssh' is the unique proxy name
==============================



If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
=========================================================================================



name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22


Limit bandwidth for this proxy, unit is KB and MB
=================================================



transport.bandwidthLimit = "1MB"


Where to limit bandwidth, can be 'client' or 'server', default is 'client'
==========================================================================



transport.bandwidthLimitMode = "client"


If true, traffic of this proxy will be encrypted, default is false
==================================================================



transport.useEncryption = false


If true, traffic will be compressed
===================================



transport.useCompression = false


Remote port listen by frps
==========================



remotePort = 6001


frps will load balancing connections for proxies in same group
==============================================================



loadBalancer.group = "test_group"


group should have same group key
================================



loadBalancer.groupKey = "123456"


Enable health check for the backend service, it supports 'tcp' and 'http' now.
==============================================================================



frpc will connect local service's port to detect it's healthy status
====================================================================



healthCheck.type = "tcp"


Health check connection timeout
===============================



healthCheck.timeoutSeconds = 3


If continuous failed in 3 times, the proxy will be removed from frps
====================================================================



healthCheck.maxFailed = 3


every 10 seconds will do a health check
=======================================



healthCheck.intervalSeconds = 10


additional meta info for each proxy
===================================



metadatas.var1 = "abc"
metadatas.var2 = "123"


\[\[proxies\]\]
name = "ssh_random"
type = "tcp"
localIP = "192.168.31.100"
localPort = 22


If remote_port is 0, frps will assign a random port for you
===========================================================



remotePort = 0


\[\[proxies\]\]
name = "dns"
type = "udp"
localIP = "114.114.114.114"
localPort = 53
remotePort = 6002


Resolve your domain names to \[server_addr\] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
=======================================================================================================================================================



\[\[proxies\]\]
name = "web01"
type = "http"
localIP = "127.0.0.1"
localPort = 80


http username and password are safety certification for http protocol
=====================================================================



if not set, you can access this custom_domains without certification
====================================================================



httpUser = "admin"
httpPassword = "admin"


if domain for frps is frps.com, then you can access \[web01\] proxy by URL http://web01.frps.com
================================================================================================



subdomain = "web01"
customDomains = \["web01.yourdomain.com"\]


locations is only available for http type
=========================================



locations = \["/", "/pic"\]


route requests to this service if http basic auto user is abc
=============================================================



route_by_http_user = abc
========================



hostHeaderRewrite = "example.com"


params with prefix "header_" will be used to update http request headers
========================================================================



requestHeaders.set.x-from-where = "frp"
healthCheck.type = "http"


frpc will send a GET http request '/status' to local http service
=================================================================



http service is alive when it return 2xx http response code
===========================================================



healthCheck.path = "/status"
healthCheck.intervalSeconds = 10
healthCheck.maxFailed = 3
healthCheck.timeoutSeconds = 3


\[\[proxies\]\]
name = "web02"
type = "https"
localIP = "127.0.0.1"
localPort = 8000
subdomain = "web02"
customDomains = \["web02.yourdomain.com"\]


if not empty, frpc will use proxy protocol to transfer connection info to your local service
============================================================================================



v1 or v2 or empty
=================



transport.proxyProtocolVersion = "v2"


\[\[proxies\]\]
name = "tcpmuxhttpconnect"
type = "tcpmux"
multiplexer = "httpconnect"
localIP = "127.0.0.1"
localPort = 10701
customDomains = \["tunnel1"\]


routeByHTTPUser = "user1"
=========================



\[\[proxies\]\]
name = "plugin_unix_domain_socket"
type = "tcp"
remotePort = 6003


if plugin is defined, local_ip and local_port is useless
========================================================



plugin will handle connections got from frps
============================================



\[proxies.plugin\]
type = "unix_domain_socket"
unixPath = "/var/run/docker.sock"


\[\[proxies\]\]
name = "plugin_http_proxy"
type = "tcp"
remotePort = 6004
\[proxies.plugin\]
type = "http_proxy"
httpUser = "abc"
httpPassword = "abc"


\[\[proxies\]\]
name = "plugin_socks5"
type = "tcp"
remotePort = 6005
\[proxies.plugin\]
type = "socks5"
username = "abc"
password = "abc"


\[\[proxies\]\]
name = "plugin_static_file"
type = "tcp"
remotePort = 6006
\[proxies.plugin\]
type = "static_file"
localPath = "/var/www/blog"
stripPrefix = "static"
httpUser = "abc"
httpPassword = "abc"


\[\[proxies\]\]
name = "plugin_https2http"
type = "https"
customDomains = \["test.yourdomain.com"\]
\[proxies.plugin\]
type = "https2http"
localAddr = "127.0.0.1:80"
crtPath = "./server.crt"
keyPath = "./server.key"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"


\[\[proxies\]\]
name = "plugin_https2https"
type = "https"
customDomains = \["test.yourdomain.com"\]
\[proxies.plugin\]
type = "https2https"
localAddr = "127.0.0.1:443"
crtPath = "./server.crt"
keyPath = "./server.key"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"


\[\[proxies\]\]
name = "plugin_http2https"
type = "http"
customDomains = \["test.yourdomain.com"\]
\[proxies.plugin\]
type = "http2https"
localAddr = "127.0.0.1:443"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"


\[\[proxies\]\]
name = "secret_tcp"


If the type is secret tcp, remote_port is useless
=================================================



Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
=============================================================================================



type = "stcp"


secretKey is used for authentication for visitors
=================================================



secretKey = "abcdefg"
localIP = "127.0.0.1"
localPort = 22


If not empty, only visitors from specified users can connect.
=============================================================



Otherwise, visitors from same user can connect. '\*' means allow all users.
===========================================================================



allowUsers = \["\*"\]


\[\[proxies\]\]
name = "p2p_tcp"
type = "xtcp"
secretKey = "abcdefg"
localIP = "127.0.0.1"
localPort = 22


If not empty, only visitors from specified users can connect.
=============================================================



Otherwise, visitors from same user can connect. '\*' means allow all users.
===========================================================================



allowUsers = \["user1", "user2"\]


frpc role visitor -\> frps -\> frpc role server
===============================================



\[\[visitors\]\]
name = "secret_tcp_visitor"
type = "stcp"


the server name you want to visitor
===================================



serverName = "secret_tcp"
secretKey = "abcdefg"


connect this address to visitor stcp server
===========================================



bindAddr = "127.0.0.1"


bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
=========================================================================================================



other visitors. (This is not supported for SUDP now)
====================================================



bindPort = 9000


\[\[visitors\]\]
name = "p2p_tcp_visitor"
type = "xtcp"


if the server user is not set, it defaults to the current user
==============================================================



serverUser = "user1"
serverName = "p2p_tcp"
secretKey = "abcdefg"
bindAddr = "127.0.0.1"


bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
=========================================================================================================



other visitors. (This is not supported for SUDP now)
====================================================



bindPort = 9001


when automatic tunnel persistence is required, set it to true
=============================================================



keepTunnelOpen = false


effective when keep_tunnel_open is set to true, the number of attempts to punch through per hour
================================================================================================



maxRetriesAnHour = 8
minRetryInterval = 90


fallbackTo = "stcp_visitor"
===========================


`fallbackTimeoutMs = 500`

此文件不要直接使用，按需摘取所需配置即可；
如无特殊需求，此文件中的配置节一般用不到。

3、Frpc的WEB服务 {#3%E3%80%81frpc%E7%9A%84web%E6%9C%8D%E5%8A%A1}

3.1、登录管理端，添加穿透服务 {#3.1%E3%80%81%E7%99%BB%E5%BD%95%E7%AE%A1%E7%90%86%E7%AB%AF%EF%BC%8C%E6%B7%BB%E5%8A%A0%E7%A9%BF%E9%80%8F%E6%9C%8D%E5%8A%A1}

[[proxies]]
name = "Qbittorrent"
type = "tcp"
localIP = "127.0.0.1"
localPort = xxx
# If remote_port is 0, frps will assign a random port for you
remotePort = 41001

每增加一个穿透服务，就需要增加一组上述代码；
name：穿透服务的名称，显示在Frps的连接窗口；
type：一般我们的服务只要选择TCP即可，其他特殊需求自行研究；
localIP：NAS端的ip，我们使用的host网络，所以默认127.0.0.1即可；
localPort：穿透服务的端口，必须是容器的本地端口，不是容器端口，切记；
remotePort：在服务端的映射端口，选择一个未被使用的端口即可，范围推荐：10000-50000之间;
修改后点击上方Upload按钮提交穿透服务；
注意：基础配置发生变更，一般需要重启Frpc后生效，提交穿透服务不需要重启。
注意：基础配置发生变更，一般需要重启Frpc后生效，提交穿透服务不需要重启。
注意：基础配置发生变更，一般需要重启Frpc后生效，提交穿透服务不需要重启。

3.2、反向代理穿透服务，隐藏端口号 {#3.2%E3%80%81%E5%8F%8D%E5%90%91%E4%BB%A3%E7%90%86%E7%A9%BF%E9%80%8F%E6%9C%8D%E5%8A%A1%EF%BC%8C%E9%9A%90%E8%97%8F%E7%AB%AF%E5%8F%A3%E5%8F%B7}

创建反向代理网站；
主域名：访问这个服务的域名，可以是二级域名；
代号：网站基本配置的文件夹名称，自行定义即可；
代理地址：ip：127.0.0.1端口即为代理的服务端口号，上述示例中QB的穿透端口为41001；
注意：代理地址选择http还是https，取决于穿透服务的访问方式，若穿透服务本身是https访问的这里就必须选择https方式，否则选择http即可。
注意：代理地址选择http还是https，取决于穿透服务的访问方式，若穿透服务本身是https访问的这里就必须选择https方式，否则选择http即可。
注意：代理地址选择http还是https，取决于穿透服务的访问方式，若穿透服务本身是https访问的这里就必须选择https方式，否则选择http即可。

3.3、对特定服务进行账号密码验证 {#3.3%E3%80%81%E5%AF%B9%E7%89%B9%E5%AE%9A%E6%9C%8D%E5%8A%A1%E8%BF%9B%E8%A1%8C%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E9%AA%8C%E8%AF%81}

只需对该反向代理网站设置密码访问即可完成对站点加密。

4、Frps的WEB服务 {#4%E3%80%81frps%E7%9A%84web%E6%9C%8D%E5%8A%A1}

4.1、登录管理端 {#4.1%E3%80%81%E7%99%BB%E5%BD%95%E7%AE%A1%E7%90%86%E7%AB%AF}

可以随意查看服务在线状态。

51工具盒子

绿联安装Frpc内网穿透并使用Nginx反向代理隐藏端口号

1、前言 {#1%E3%80%81%E5%89%8D%E8%A8%80}

2、Frp安装 {#2%E3%80%81frp%E5%AE%89%E8%A3%85}

2.1、服务器安装1panel面板 {#2.1%E3%80%81%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%AE%89%E8%A3%851panel%E9%9D%A2%E6%9D%BF}

2.1.1、服务器仅做穿透时，只需购买1核1G的即可； {#2.1.1%E3%80%81%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%BB%85%E5%81%9A%E7%A9%BF%E9%80%8F%E6%97%B6%EF%BC%8C%E5%8F%AA%E9%9C%80%E8%B4%AD%E4%B9%B01%E6%A0%B81g%E7%9A%84%E5%8D%B3%E5%8F%AF%EF%BC%9B}

2.1.3、使用ssh工具连接服务器 {#2.1.3%E3%80%81%E4%BD%BF%E7%94%A8ssh%E5%B7%A5%E5%85%B7%E8%BF%9E%E6%8E%A5%E6%9C%8D%E5%8A%A1%E5%99%A8}

2.1.4、安装1panle {#2.1.4%E3%80%81%E5%AE%89%E8%A3%851panle}

2.2、安装OpenResty {#2.2%E3%80%81%E5%AE%89%E8%A3%85openresty}

2.3、Frps安装 {#2.3%E3%80%81frps%E5%AE%89%E8%A3%85}

2.3.1、镜像 {#2.3.1%E3%80%81%E9%95%9C%E5%83%8F}

2.3.2、安装Frps {#2.3.2%E3%80%81%E5%AE%89%E8%A3%85frps}

2.3.2.1、Frps默认配置文件 {#2.3.2.1%E3%80%81frps%E9%BB%98%E8%AE%A4%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6}

2.3.2.2、Frps完整的配置文件 {#2.3.2.2%E3%80%81frps%E5%AE%8C%E6%95%B4%E7%9A%84%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6}

2.3.3、修改Frps配置，增加token认证 {#2.3.3%E3%80%81%E4%BF%AE%E6%94%B9frps%E9%85%8D%E7%BD%AE%EF%BC%8C%E5%A2%9E%E5%8A%A0token%E8%AE%A4%E8%AF%81}

2.4、Frpc安装 {#2.4%E3%80%81frpc%E5%AE%89%E8%A3%85}

2.4.1、镜像 {#2.4.1%E3%80%81%E9%95%9C%E5%83%8F}

2.4.2、基础设置 {#2.4.2%E3%80%81%E5%9F%BA%E7%A1%80%E8%AE%BE%E7%BD%AE}

2.4.3、网络 {#2.4.3%E3%80%81%E7%BD%91%E7%BB%9C}

2.4.4、存储空间 {#2.4.4%E3%80%81%E5%AD%98%E5%82%A8%E7%A9%BA%E9%97%B4}

2.4.4.1、配置文件内容 {#2.4.4.1%E3%80%81%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6%E5%86%85%E5%AE%B9}

2.4.4.2、Frpc的完整配置文件 {#2.4.4.2%E3%80%81frpc%E7%9A%84%E5%AE%8C%E6%95%B4%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6}

3、Frpc的WEB服务 {#3%E3%80%81frpc%E7%9A%84web%E6%9C%8D%E5%8A%A1}

3.1、登录管理端，添加穿透服务 {#3.1%E3%80%81%E7%99%BB%E5%BD%95%E7%AE%A1%E7%90%86%E7%AB%AF%EF%BC%8C%E6%B7%BB%E5%8A%A0%E7%A9%BF%E9%80%8F%E6%9C%8D%E5%8A%A1}

3.2、反向代理穿透服务，隐藏端口号 {#3.2%E3%80%81%E5%8F%8D%E5%90%91%E4%BB%A3%E7%90%86%E7%A9%BF%E9%80%8F%E6%9C%8D%E5%8A%A1%EF%BC%8C%E9%9A%90%E8%97%8F%E7%AB%AF%E5%8F%A3%E5%8F%B7}

3.3、对特定服务进行账号密码验证 {#3.3%E3%80%81%E5%AF%B9%E7%89%B9%E5%AE%9A%E6%9C%8D%E5%8A%A1%E8%BF%9B%E8%A1%8C%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E9%AA%8C%E8%AF%81}

4、Frps的WEB服务 {#4%E3%80%81frps%E7%9A%84web%E6%9C%8D%E5%8A%A1}

4.1、登录管理端 {#4.1%E3%80%81%E7%99%BB%E5%BD%95%E7%AE%A1%E7%90%86%E7%AB%AF}

厉飞雨

相关推荐

最新文章

猜你喜欢

快捷分类