frp 是一个专注于内网穿透的高性能的反向代理应用,支持 TCP、UDP、HTTP、HTTPS 等多种协议。可以将内网服务以安全、便捷的方式通过具有公网 IP 节点的中转暴露到公网。
frp is a high-performance reverse proxy application focusing on intranet penetration, supporting multiple protocols such as TCP, UDP, HTTP, and HTTPS. Intranet services can be exposed to the public network through a relay with public network IP nodes in a safe and convenient way.
为什么使用 frp ?
Why use frp?
通过在具有公网 IP 的节点上部署 frp 服务端,可以轻松地将内网服务穿透到公网,同时提供诸多专业的功能特性,这包括:
By deploying the frp server on a node with a public network IP, you can easily penetrate the internal network service to the public network, while providing many professional features, including:
客户端服务端通信支持 TCP、KCP 以及 Websocket 等多种协议。
The client-server communication supports multiple protocols such as TCP, KCP, and Websocket.
采用 TCP 连接流式复用,在单个连接间承载更多请求,节省连接建立时间。
Use TCP connection streaming multiplexing to carry more requests between a single connection, saving connection establishment time.
代理组间的负载均衡。
Load balancing between proxy groups.
端口复用,多个服务通过同一个服务端端口暴露。
Port reuse, multiple services are exposed through the same server port.
多个原生支持的客户端插件(静态文件查看,HTTP、SOCK5 代理等)便于独立使用 frp 客户端完成某些工作。
Multiple natively supported client plug-ins (static file viewing, HTTP, SOCK5 proxy, etc.) facilitate independent use of frp client to complete certain tasks.
高度扩展性的服务端插件系统,方便结合自身需求进行功能扩展。
The highly extensible server-side plug-in system facilitates functional expansion according to your own needs.
服务端和客户端 UI 页面。
Server and client UI pages.
简单来说,frp是一个反向代理软件,他的体积小巧功能强大,讲内网IP进行frp反向代理后,即可使用代理IP进行访问内网机器的服务,例如远程桌面,虽然远程桌面有第三方软件来代替,例如向日葵,teamviewer,等一些软件进行远程,这些软件都有一些诟病,向日葵没有会员会限速,而tv登录远程连接会比较慢。所以可以考虑到使用内网穿透或者反向代理。
To put it simply, frp is a reverse proxy software, its size is small and powerful, after talking about the intranet IP for frp reverse proxy, you can use the proxy IP to access the services of the intranet machine, such as remote desktop, although remote desktop There are third-party software to replace, such as Sunflower, teamviewer, and other software for remote. These softwares have some criticisms. Sunflower does not have a membership rate limit, and the tv login remote connection will be slow. So you can consider using intranet penetration or reverse proxy.
内网穿透可参考:有一个公网IP地址
Intranet penetration can refer to: there is a public IP address
使用端口进行访问时,原理如下
When using the port for access, the principle is as follows
准备工作:
Ready to work:
1、首先得有一台云服务器进行提供网络带宽,frp代理带宽一般受限于该服务器带宽
2、一台目标机器,也就是需要反向代理的机器
1. First, there must be a cloud server to provide network bandwidth, and the frp proxy bandwidth is generally limited by the server bandwidth
2. A target machine, that is, a machine that needs a reverse proxy
云服务器端配置:
Cloud server configuration:
使用命令查看云服务器的架构,一般云服务器架构为x86
Use commands to view the architecture of the cloud server, the general cloud server architecture is x86
[root@cby ~]# arch x86_64
使用命令下载frp软件包
Use command to download frp package
[root@cby ~]# wget https://github.com/fatedier/frp/releases/download/v0.35.1/frp_0.35.1_linux_amd64.tar.gz
下载完成后进行解压
Unzip after downloading
[root@cby ~]# tar -xvf frp_0.35.1_linux_amd64.tar.gz
frp_0.35.1_linux_amd64/
frp_0.35.1_linux_amd64/frps.ini
frp_0.35.1_linux_amd64/frps_full.ini
frp_0.35.1_linux_amd64/systemd/
frp_0.35.1_linux_amd64/systemd/frpc@.service
frp_0.35.1_linux_amd64/systemd/frpc.service
frp_0.35.1_linux_amd64/systemd/frps.service
frp_0.35.1_linux_amd64/systemd/frps@.service
frp_0.35.1_linux_amd64/frpc
frp_0.35.1_linux_amd64/frpc_full.ini
frp_0.35.1_linux_amd64/frps
frp_0.35.1_linux_amd64/frpc.ini
frp_0.35.1_linux_amd64/LICENSE
修改文件夹名称
Modify folder name
[root@cby ~]# cp -r frp_0.35.1_linux_amd64 frp
[root@cby ~]#
[root@cby ~]# ll
total 8508
drwxr-xr-x 3 root root 4096 Feb 19 22:13 frp
drwxr-xr-x 3 mysql 116 4096 Jan 25 16:25 frp_0.35.1_linux_amd64
-rw-r--r-- 1 root root 8695632 Jan 25 16:25 frp_0.35.1_linux_amd64.tar.gz
只需要关注如下几个文件
Only need to pay attention to the following files
frps
frps.ini
frpc
frpc.ini
frps 、frps.ini 这俩个文件是服务端的配置文件和启动程序
frpc、frpc.ini 这俩个文件是客户端的配置文件和启动程序
The two files frps and frps.ini are the configuration files and startup programs of the server
The two files frpc and frpc.ini are the configuration files and startup programs of the client
编辑并添加以下内容
Edit and add the following
[root@cby frp]# vim frps.ini
[root@cby frp]# cat frps.ini
[common]
bind_port = 7000
dashboard_port = 7500
token = 12345678
dashboard_user = admin
dashboard_pwd = admin
vhost_http_port = 10080
vhost_https_port = 10443
解释如下
Explain as follows
“bind_port”表示用于客户端和服务端连接的端口,这个端口号我们之后在配置客户端的时候要用到。
“dashboard_port”是服务端仪表板的端口,若使用7500端口,在配置完成服务启动后可以通过浏览器访问 x.x.x.x:7500 (其中x.x.x.x为VPS的IP)查看frp服务运行信息。
“token”是用于客户端和服务端连接的口令,请自行设置并记录,稍后会用到。
“dashboard_user”和“dashboard_pwd”表示打开仪表板页面登录的用户名和密码,自行设置即可。
“vhost_http_port”和“vhost_https_port”用于反向代理HTTP主机时使用,本文不涉及HTTP协议,因而照抄或者删除这两条均可。
文件修改完成后即可使用该命令进行启动
After the file is modified, you can use this command to start
[root@cby frp]# ./frps -c frps.ini
2021/02/19 22:18:45 [I] [root.go:108] frps uses config file: frps.ini
2021/02/19 22:18:45 [I] [service.go:190] frps tcp listen on 0.0.0.0:7000
2021/02/19 22:18:45 [I] [service.go:232] http service listen on 0.0.0.0:10080
2021/02/19 22:18:45 [I] [service.go:253] https service listen on 0.0.0.0:10443
2021/02/19 22:18:45 [I] [service.go:289] Dashboard listen on 0.0.0.0:7500
2021/02/19 22:18:45 [I] [root.go:217] frps started successfully
若使用云服务器记得需要放行所需端口
If you use cloud server, remember to release the required port
此时访问 x.x.x.x:7500 并使用自己设置的用户名密码登录,即可看到仪表板界面
At this time, visit x.x.x.x:7500 and log in with the username and password you set, you can see the dashboard interface
把服务在后台运行即可
Just run the service in the background
[root@cby frp]# nohup ./frps -c frps.ini &
[1] 4852
[root@cby frp]# jobs
[1]+ Running nohup ./frps -c frps.ini &
客户端配置
Client configuration
Windows系统下即可下载这个:
You can download this under Windows system:
https://github.com/fatedier/frp/releases/download/v0.35.1/frp_0.35.1_windows_amd64.zip
frpc.ini文件内容为
The content of the frpc.ini file is
[common]
server_addr = 123.56.237.11
server_port = 7000
token = 12345678
[rdp]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 7001
[smb]
type = tcp
local_ip = 127.0.0.1
local_port = 445
remote_port = 7002
含义解释
Meaning interpretation
“server_addr”为服务端IP地址,填入即可。 “server_port”为服务器端口,填入你设置的端口号即可,如果未改变就是7000 “token”是你在服务器上设置的连接口令,原样填入即可。
自定义规则如下
The custom rules are as follows
“[xxx]”表示一个规则名称,自己定义,便于查询即可。 “type”表示转发的协议类型,有TCP和UDP等选项可以选择,如有需要请自行查询frp手册。 “local_port”是本地应用的端口号,按照实际应用工作在本机的端口号填写即可。 “remote_port”是该条规则在服务端开放的端口号,自己填写并记录即可。
客户端的启动是需要使用命令行进行启动的, 无法使用双击EXE进行启动。
The startup of the client needs to use the command line to start, it cannot be started by double-clicking the EXE.
C:\Users\Administrator>cd c:\
c:\>cd frp
c:\frp>frpc.exe -c frpc.ini
2021/02/19 22:35:49 [I] [service.go:290] [bf2998700defd7c5] login to server success, get run id [bf2998700defd7c5], server udp port [0]
2021/02/19 22:35:49 [I] [proxy_manager.go:144] [bf2998700defd7c5] proxy added: [rdp smb]
2021/02/19 22:35:49 [I] [control.go:180] [bf2998700defd7c5] [rdp] start proxy success
2021/02/19 22:35:49 [I] [control.go:180] [bf2998700defd7c5] [smb] start proxy success
配置完成后即可在面板上看到该规则
After the configuration is complete, you can see the rule on the panel
同时使用远程连接工具使用IP或者域名即可进行连接
但是Windows客户端的cmd是无法关闭的,关闭后就无法使用了,所以需要设置开机自启,使用bat脚本即可做到
At the same time, use the remote connection tool to connect using IP or domain name
However, the cmd of the Windows client cannot be closed, and it cannot be used after it is closed, so you need to set the boot to start automatically, and you can use the bat script
@echo off
if "%1" == "h" goto begin
mshta vbscript:createobject("wscript.shell").run("""%~nx0"" h",0)(window.close)&&exit
:begin
REM
cd C:\frp
frpc.exe -c frpc.ini
exit
写完之后直接把文件扔到Windows的开机启动文件夹即可
After writing, throw the file directly into the Windows startup folder.