使用 frp 通过云厂商公网IP实现内网穿透

不必太纠结于当下,也不必太忧虑未来,当你经历过一些事情的时候,眼前的风景已经和从前不一样了。——村上春树

写在前面


  • 有小伙伴推荐,简单了解
  • 博文内容涉及 内网穿透 工具 frp 的安装以及2个Demo
  • 内网的静态文件服务访问 Demo
  • 内网多端口映射 Demo
  • 理解不足小伙伴帮忙指正

不必太纠结于当下,也不必太忧虑未来,当你经历过一些事情的时候,眼前的风景已经和从前不一样了。——村上春树


公有云上面租一台机器

在这里插入图片描述

配置 hostname修改 PS1(非必须),更新 yum 仓库,开始之前做一些准备工作

1
2
┌──[root@liruilongs.github.io]-[~] 
└─$yum update

使用的系统环境

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
┌──[root@liruilongs.github.io]-[~] 
└─$hostnamectl
Static hostname: liruilongs.github.io
Pretty hostname: VM-16-15-centos
Icon name: computer-vm
Chassis: vm 🖴
Machine ID: 613a0293049a4b07973b2510b3318f11
Boot ID: 67748b49b4774c38a59a204f8c03efec
Virtualization: kvm
Operating System: CentOS Stream 9
CPE OS Name: cpe:/o:centos:centos:9
Kernel: Linux 5.14.0-432.el9.x86_64
Architecture: x86-64
Hardware Vendor: Tencent Cloud
Hardware Model: CVM
Firmware Version: seabios-1.9.1-qemu-project.org
┌──[root@liruilongs.github.io]-[~]
└─$

服务端安装

安装包下载:

https://github.com/fatedier/frp/releases

需要根据服务端类型选择对应的版本

1
2
3
4
5
6
┌──[root@liruilongs.github.io]-[~] 
└─$mkdir frp
┌──[root@liruilongs.github.io]-[~]
└─$cd frp
┌──[root@liruilongs.github.io]-[~/frp]
└─$wget https://github.com/fatedier/frp/releases/download/v0.57.0/frp_0.57.0_linux_amd64.tar.gz

解压

1
2
3
4
5
[root@liruilongs frp]# tar -xf frp_0.57.0_linux_amd64.tar.gz 
[root@liruilongs frp]# ls
frp_0.57.0_linux_amd64 frp_0.57.0_linux_amd64.tar.gz
[root@liruilongs frp]# cd frp_0.57.0_linux_amd64
[root@liruilongs frp_0.57.0_linux_amd64]# ls

服务端可执行文件 frps 放到合适的位置

1
2
3
4
5
6
7
8
9
10
11
12
13
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64] 
└─$ls
frpc frpc.toml frps frps.toml LICENSE
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$mv frps /usr/local/bin/
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$ls /usr/local/bin/frps
/usr/local/bin/frps
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$which frps
/usr/local/bin/frps
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$

服务端配置文件准备

配置文件可以参考: gofrp.org/zh-cn/docs/examples/

服务端配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
┌──[root@liruilongs.github.io]-[/etc/frps] 
└─$mkdir /etc/frps;cd /etc/frps; vim frps.toml
┌──[root@liruilongs.github.io]-[/etc/frps]
└─$cat /etc/frps/frps.toml
# 绑定端口
bindPort = 7000
# 配置Web 管理
# 默认为 127.0.0.1,如果需要公网访问,需要修改为 0.0.0.0。
webServer.addr = "0.0.0.0"
webServer.port = 7500
# dashboard 用户名密码,可选,默认为空
webServer.user = "admin"
webServer.password = "admin"
┌──[root@liruilongs.github.io]-[/etc/frps]
└─$

这里需要同步开启 云服务器的防火墙或者安全组,放行端口 7500

服务端 service 单元文件编写

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
┌──[root@liruilongs.github.io]-[/etc/frps] 
└─$vim /etc/systemd/system/frps.service
┌──[root@liruilongs.github.io]-[/etc/frps]
└─$cat /etc/systemd/system/frps.service
[Unit]
# 服务名称,可自定义
Description = frp server
After = network.target syslog.target
Wants = network.target
[Service]
Type = simple
# 启动frps的命令,需修改为您的frps的安装路径
ExecStart = /usr/local/bin/frps -c /etc/frps/frps.toml
[Install]
WantedBy = multi-user.target

确认配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
┌──[root@liruilongs.github.io]-[/etc/frps] 
└─$systemctl cat frps.service
# /etc/systemd/system/frps.service
[Unit]
# 服务名称,可自定义
Description = frp server
After = network.target syslog.target
Wants = network.target
[Service]
Type = simple
# 启动frps的命令,需修改为您的frps的安装路径
ExecStart = /usr/local/bin/frps -c /etc/frps/frps.toml
[Install]
WantedBy = multi-user.target

┌──[root@liruilongs.github.io]-[/etc/frps]
└─$

服务端启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64] 
└─$systemctl start frps.service
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$systemctl status frps.service
● frps.service - frp server
Loaded: loaded (/etc/systemd/system/frps.service; disabled; preset: disabled)
Active: active (running) since Sat 2024-04-27 12:15:03 CST; 8s ago
Main PID: 926794 (frps)
Tasks: 5 (limit: 11127)
Memory: 9.4M
CPU: 220ms
CGroup: /system.slice/frps.service
└─926794 /usr/local/bin/frps -c /etc/frps/frps.toml

Apr 27 12:15:03 liruilongs.github.io systemd[1]: Started frp server.
Apr 27 12:15:03 liruilongs.github.io frps[926794]: 2024-04-27 12:15:03.809 [I] [frps/root.go:105] frps uses config file: /etc/f>
Apr 27 12:15:04 liruilongs.github.io frps[926794]: 2024-04-27 12:15:04.020 [I] [server/service.go:237] frps tcp listen on 0.0.0>
Apr 27 12:15:04 liruilongs.github.io frps[926794]: 2024-04-27 12:15:04.020 [I] [frps/root.go:114] frps started successfully
Apr 27 12:15:04 liruilongs.github.io frps[926794]: 2024-04-27 12:15:04.021 [I] [server/service.go:350] dashboard listen on 0.0.>
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$

配置开机自启动

1
2
3
4
5
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64] 
└─$systemctl enable frps.service
Created symlink /etc/systemd/system/multi-user.target.wants/frps.service → /etc/systemd/system/frps.service.
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$

访问服务端管理界面测试

通过 公网IP:管理Web端口 访问管理界面

管理界面

客户端安装

移动客户端可执行文件到合适位置,这里我们使用这一台机器同时模拟客户端, 实际上 客户的端需要拷贝到你的内网环境的机器上

1
2
3
4
5
6
7
8
9
10
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64] 
└─$ls
frpc frpc.toml frps.toml LICENSE
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$mv frpc /usr/local/bin/
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$which frpc
/usr/local/bin/frpc
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$

客户的配置文件准备

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
┌──[root@liruilongs.github.io]-[/etc] 
└─$mkdir /etc/frpc;vim /etc/frpc/frpc.toml
┌──[root@liruilongs.github.io]-[/etc]
└─$cat /etc/frpc/frpc.toml
serverAddr = "x.x.x.x" # 公网IP地址
serverPort = 7000 # 公网暴露端口
#管理界面配置
webServer.addr = "0.0.0.0"
webServer.port = 7400
webServer.user = "admin"
webServer.password = "admin"
[[proxies]]
name = "admin_ui"
type = "tcp"
localPort = 7400
remotePort = 7600
# 需要暴露的其他的端口配置
┌──[root@liruilongs.github.io]-[/etc/frps]
└─$

需要放行服务端防火墙 7600 端口,这里我们把内网,也就是客户端的 7400 端口映射到 公网的 7600 端口,这里我们就可以通过 公网IP:7600 来访问 客户端的管理界面

客户端 service 单元文件编写

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
┌──[root@liruilongs.github.io]-[~] 
└─$vim /etc/systemd/system/frpc.service
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$systemctl cat frpc.service
# /etc/systemd/system/frpc.service
[Unit]
# 服务名称,可自定义
Description = frp client
After = network.target syslog.target
Wants = network.target
[Service]
Type = simple
# 启动frps的命令,需修改为您的frps的安装路径
ExecStart = /usr/local/bin/frpc -c /etc/frpc/frpc.toml
[Install]
WantedBy = multi-user.target
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$

客户端服务启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64] 
└─$systemctl start frpc.service
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$systemctl status frpc.service
● frpc.service - frp client
Loaded: loaded (/etc/systemd/system/frpc.service; enabled; preset: disabled)
Active: active (running) since Sat 2024-04-27 12:57:04 CST; 5s ago
Main PID: 937311 (frpc)
Tasks: 4 (limit: 11127)
Memory: 4.6M
CPU: 7ms
CGroup: /system.slice/frpc.service
└─937311 /usr/local/bin/frpc -c /etc/frpc/frpc.toml

Apr 27 12:57:04 liruilongs.github.io systemd[1]: Started frp client.
Apr 27 12:57:04 liruilongs.github.io frpc[937311]: 2024-04-27 12:57:04.663 [I] [sub/root.go:142] start frpc service for config file [/etc/frpc/frpc.toml]
Apr 27 12:57:04 liruilongs.github.io frpc[937311]: 2024-04-27 12:57:04.664 [I] [client/service.go:294] try to connect to server...
Apr 27 12:57:04 liruilongs.github.io frpc[937311]: 2024-04-27 12:57:04.672 [I] [client/service.go:286] [b7a69f20af11ef97] login to server success, get run id [b7a69f20af11ef97]
Apr 27 12:57:04 liruilongs.github.io frpc[937311]: 2024-04-27 12:57:04.672 [I] [proxy/proxy_manager.go:173] [b7a69f20af11ef97] proxy added: [admin_ui]
Apr 27 12:57:04 liruilongs.github.io frpc[937311]: 2024-04-27 12:57:04.672 [I] [client/service.go:184] admin server listen on 0.0.0.0:7400
Apr 27 12:57:04 liruilongs.github.io frpc[937311]: 2024-04-27 12:57:04.675 [W] [client/control.go:168] [b7a69f20af11ef97] [admin_ui] start error: port unavailable
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$

访问客户端管理界面测试

常用场景Demo

官方文档提供了很多 Demo,这里主要看种常四用的场景

提供简单的文件访问服务

客户端配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64] 
└─$cat /etc/frpc/frpc.toml
serverAddr = "62.234.100.41" # 公网IP地址
serverPort = 7000 # 公网暴露端口
#管理界面配置
webServer.addr = "0.0.0.0"
webServer.port = 7400
webServer.user = "admin"
webServer.password = "admin"
[[proxies]]
name = "admin_ui"
type = "tcp"
localPort = 7400
remotePort = 7600
# 需要暴露的其他的端口配置
[[proxies]]
name = "test_static_file"
type = "tcp"
remotePort = 8099 # 外网暴露端口
[proxies.plugin]
type = "static_file"
# 本地文件目录,对外提供访问
localPath = "/tmp"
# URL 中的前缀,将被去除,保留的内容即为要访问的文件路径
stripPrefix = "static"
httpUser = "abc"
httpPassword = "abc"
┌──[root@liruilongs.github.io]-[~/frp/frp_0.57.0_linux_amd64]
└─$

这里需要注意部分端口可能浏览器不能识别为 web 服务,比如 6000 ,可能需要更换端口 8099

1
2
3
4
5
┌──[root@liruilongs.github.io]-[/tmp] 
└─$systemctl restart frpc.service
┌──[root@liruilongs.github.io]-[/tmp]
└─$systemctl is-active frpc.service
active

端口范围映射

客户的配置文件中添加下面的配置,重新加载

1
2
3
4
5
6
7
{{- range $_, $v := parseNumberRangePair "6000-6006,6007" "6000-6006,6007" }}
[[proxies]]
name = "tcp-{{ $v.First }}"
type = "tcp"
localPort = {{ $v.First }}
remotePort = {{ $v.Second }}
{{- end }}

这会映射 6000-60007 这8 个端口

博文部分内容参考

© 文中涉及参考链接内容版权归原作者所有,如有侵权请告知 :)


https://github.com/fatedier/frp

https://gofrp.org/zh-cn/docs/


© 2018-至今 liruilonger@gmail.com, All rights reserved. 保持署名-非商用-相同方式共享(CC BY-NC-SA 4.0)

发布于

2024-04-08

更新于

2024-11-22

许可协议

评论
Your browser is out-of-date!

Update your browser to view this website correctly.&npsb;Update my browser now

×