文章目录
之前写过一篇无公网IP通过ZeroTier方便实现内网穿透的文章,由于ZeroTier服务受网络环境影响,速度太慢,于是决定通过frp来替代它。
frp内网穿透是通过一个带有公网IP的服务器进行中转,对被控主机实现反向代理,用户通过访问frps(中转服务器)来实现对frpc(被控主机)的远程访问。
frp流程图如下:
frp项目地址:https://github.com/fatedier/frp
本实验环境以阿里云服务器作为中转机,中转服务器使用Centos7.6,被控主机使用Centos7.6,用户使用Windows10
由于网络原因,文中链接已经替换成了本地链接,如不放心,请自行去GitHub下载
frps中转服务器配置 {#title-0}
1、下载frp
在一台有公网IP的主机上配置frps,我这里以阿里云Centos7.x主机为例
wget https://down.whsir.com/downloads/frp_0.27.0_linux_amd64.tar.gz tar xf frp_0.27.0_linux_amd64.tar.gz mv frp_0.27.0_linux_amd64 /usr/local cd /usr/local/frp_0.27.0_linux_amd64 rm -f frpc*
|-----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 4 5 | wget https://down.whsir.com/downloads/frp_0.27.0_linux_amd64.tar.gz tar xf frp_0.27.0_linux_amd64.tar.gz mv frp_0.27.0_linux_amd64 /usr/local cd /usr/local/frp_0.27.0_linux_amd64 rm -f frpc* |
2、配置frps
这里使用最基础的配置
vi frps.ini
|---|-------------| | 1 | vi frps.ini |
[common] bind_port = 7000 dashboard_user = whsir dashboard_pwd = blog.whsir.com dashboard_port = 8000
|-------------|---------------------------------------------------------------------------------------------------------| | 1 2 3 4 5 6 | [common] bind_port = 7000 dashboard_user = whsir dashboard_pwd = blog.whsir.com dashboard_port = 8000 |
3、启动frps
配置启动服务
vi /etc/systemd/system/frps.service
|---|-------------------------------------| | 1 | vi /etc/systemd/system/frps.service |
[Unit] Description=frps daemon After=syslog.target network.target Wants=network.target [Service] Type=simple ExecStart=/usr/local/frp_0.27.0_linux_amd64/frps -c /usr/local/frp_0.27.0_linux_amd64/frps.ini [Install] WantedBy=multi-user.target
|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 4 5 6 7 8 9 10 11 | [Unit] Description=frps daemon After=syslog.target network.target Wants=network.target [Service] Type=simple ExecStart=/usr/local/frp_0.27.0_linux_amd64/frps -c /usr/local/frp_0.27.0_linux_amd64/frps.ini [Install] WantedBy=multi-user.target |
systemctl enable frps systemctl start frps
|-----|--------------------------------------------| | 1 2 | systemctl enable frps systemctl start frps |
4、访问监控平台
http://公网IP:8000
账号whsir
密码blog.whsir.com
如果访问不了,请使用ss -lnt命令检查端口是否启动,是否因为防火墙原因拦截。
至此frps中转服务器配置完成
frpc内网主机配置 {#title-1}
1、内网主机下载frp
wget https://down.whsir.com/downloads/frp_0.27.0_linux_amd64.tar.gz tar xf frp_0.27.0_linux_amd64.tar.gz mv frp_0.27.0_linux_amd64 /usr/local cd /usr/local/frp_0.27.0_linux_amd64 rm -f frps*
|-----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 4 5 | wget https://down.whsir.com/downloads/frp_0.27.0_linux_amd64.tar.gz tar xf frp_0.27.0_linux_amd64.tar.gz mv frp_0.27.0_linux_amd64 /usr/local cd /usr/local/frp_0.27.0_linux_amd64 rm -f frps* |
2、配置frpc
其中x.x.x.x表示frps中转服务器IP地址
ssh字段:local_port = 22示被控(内网)主机的ssh端口,remote_port = 6000表示ssh中转端口
web字段:local_port = 80表示被控(内网)主机的web端口,remote_port = 8081表示web中转端口
vi frpc.ini
|---|-------------| | 1 | vi frpc.ini |
[common] server_addr = x.x.x.x server_port = 7000 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6000 [web] type = tcp local_ip = 127.0.0.1 local_port = 80 remote_port = 8081
|-------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | [common] server_addr = x.x.x.x server_port = 7000 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6000 [web] type = tcp local_ip = 127.0.0.1 local_port = 80 remote_port = 8081 |
3、启动frpc
配置启动服务
vi /etc/systemd/system/frpc.service
|---|-------------------------------------| | 1 | vi /etc/systemd/system/frpc.service |
[Unit] Description=frpc daemon After=syslog.target network.target Wants=network.target [Service] Type=simple ExecStart=/usr/local/frp_0.27.0_linux_amd64/frpc -c /usr/local/frp_0.27.0_linux_amd64/frpc.ini [Install] WantedBy=multi-user.target
|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 4 5 6 7 8 9 10 11 | [Unit] Description=frpc daemon After=syslog.target network.target Wants=network.target [Service] Type=simple ExecStart=/usr/local/frp_0.27.0_linux_amd64/frpc -c /usr/local/frp_0.27.0_linux_amd64/frpc.ini [Install] WantedBy=multi-user.target |
systemctl enable frpc systemctl start frpc
|-----|--------------------------------------------| | 1 2 | systemctl enable frpc systemctl start frpc |
至此frpc被控主机配置完成
此时可通过x.x.x.x:6000连接内网ssh,通过http://x.x.x.x:8081访问内网主机web,访问速度取决于带宽