云原生

FRP 内网穿透工具实战指南

"# FRP \u5185\u7f51\u7a7f\u900f\u5de5\u5177\u5b9e\u6218\u6307\u5357\n\n> \u672c\u6587\u4ecb\u7ecd FRP (Fast Reverse Proxy) \u5de5\u5177\u7684\u4f7f\u7

"# FRP \u5185\u7f51\u7a7f\u900f\u5de5\u5177\u5b9e\u6218\u6307\u5357\n\n> \u672c\u6587\u4ecb\u7ecd FRP (Fast Reverse Proxy) \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\uff0c\u5e2e\u52a9\u4f60\u5728\u6ca1\u6709\u516c\u7f51 IP \u7684\u60c5\u51b5\u4e0b\u5b9e\u73b0\u5185\u7f51\u670d\u52a1\u66b4\u9732\uff0c\u5e76\u5305\u542b\u6e90\u7801\u4fee\u6539\u9632\u68c0\u6d4b\u7684\u9ad8\u7ea7\u6280\u5de7\u3002\n\n## FRP \u7b80\u4ecb\n\nFRP \u662f\u4e00\u4e2a\u9ad8\u6027\u80fd\u7684\u53cd\u5411\u4ee3\u7406\u5e94\u7528\uff0c\u652f\u6301 TCP\u3001UDP\u3001HTTP\u3001HTTPS \u7b49\u534f\u8bae\uff0c\u53ef\u5c06\u5185\u7f51\u670d\u52a1\u5b89\u5168\u3001\u4fbf\u6377\u5730\u66b4\u9732\u5230\u516c\u7f51\u3002\n\n### \u6838\u5fc3\u7ec4\u4ef6\n\n| \u7ec4\u4ef6 | \u4f5c\u7528 | \u90e8\u7f72\u4f4d\u7f6e |\n|------|------|----------|\n| frps | \u670d\u52a1\u7aef | \u516c\u7f51\u670d\u52a1\u5668 |\n| frpc | \u5ba2\u6237\u7aef | \u5185\u7f51\u673a\u5668 |\n\n### \u5de5\u4f5c\u539f\u7406\n\n\n[\u516c\u7f51\u7528\u6237] \u2500\u2500\u25b6 [frps:\u516c\u7f51\u670d\u52a1\u5668] \u25c0\u2500\u2500\u25b6 [frpc:\u5185\u7f51\u5ba2\u6237\u7aef] \u2500\u2500\u25b6 [\u5185\u7f51\u670d\u52a1]\n\n\n## \u670d\u52a1\u7aef\u914d\u7f6e\n\n### \u57fa\u7840\u914d\u7f6e\n\nini\n# frps.ini\n[common]\nbind_addr = 0.0.0.0\nbind_port = 8888\nbind_udp_port = 8888\nkcp_bind_port = 8888\n\n# Web \u4eea\u8868\u76d8\ndashboard_addr = 0.0.0.0\ndashboard_port = 10000\ndashboard_user = admin\ndashboard_pwd = your_password\n\n# \u8ba4\u8bc1\u4ee4\u724c\ntoken = your_secure_token\n\n# \u5b50\u57df\u540d\u652f\u6301\nsubdomain_host = frp.example.com\n\n# \u65e5\u5fd7\u914d\u7f6e\nlog_file = ./frps.log\nlog_level = info\nlog_max_days = 3\n\n\n### \u90e8\u7f72\u4e3a\u7cfb\u7edf\u670d\u52a1\n\nbash\n# \u521b\u5efa systemd \u670d\u52a1\ncat > /etc/systemd/system/frps.service <<'EOF'\n[Unit]\nDescription=FRP Server Service\nAfter=network.target\n\n[Service]\nType=simple\nUser=frp\nRestart=on-failure\nRestartSec=5s\nExecStart=/usr/local/bin/frps -c /etc/frp/frps.ini\nExecReload=/usr/local/bin/frps reload -c /etc/frp/frps.ini\n\n[Install]\nWantedBy=multi-user.target\nEOF\n\n# \u542f\u52a8\u670d\u52a1\nsystemctl enable frps\nsystemctl start frps\n\n\n## \u5ba2\u6237\u7aef\u914d\u7f6e\n\n### \u57fa\u7840\u914d\u7f6e\n\nini\n# frpc.ini\n[common]\nserver_addr = your-server-ip\nserver_port = 8888\ntoken = your_secure_token\n\n# \u5ba2\u6237\u7aef Web \u7ba1\u7406\nadmin_addr = 127.0.0.1\nadmin_port = 7400\nadmin_user = admin\nadmin_pwd = your_password\n\n# \u52a0\u5bc6\u4f20\u8f93\ntls_enable = true\n\n# \u7528\u6237\u6807\u8bc6\nuser = home-server\n\n[ssh]\ntype = tcp\nlocal_ip = 127.0.0.1\nlocal_port = 22\nremote_port = 9000\nuse_encryption = true\nuse_compression = true\n\n[web]\ntype = http\nlocal_ip = 127.0.0.1\nlocal_port = 80\ncustom_domains = home.example.com\nuse_encryption = true\n\n[nas]\ntype = http\nlocal_ip = 192.168.1.100\nlocal_port = 5000\nsubdomain = nas\n\n\n### \u90e8\u7f72\u4e3a\u7cfb\u7edf\u670d\u52a1\n\nbash\ncat > /etc/systemd/system/frpc.service <<'EOF'\n[Unit]\nDescription=FRP Client Service\nAfter=network.target\n\n[Service]\nType=simple\nUser=nobody\nRestart=on-failure\nRestartSec=5s\nExecStart=/usr/local/bin/frpc -c /etc/frp/frpc.ini\n\n[Install]\nWantedBy=multi-user.target\nEOF\n\nsystemctl enable frpc\nsystemctl start frpc\n\n\n## \u9ad8\u7ea7\u914d\u7f6e\n\n### TLS \u52a0\u5bc6\n\nini\n# frpc.ini\n[common]\ntransport.tls.certFile = \"/etc/frp/client.crt\"\ntransport.tls.keyFile = \"/etc/frp/client.key\"\ntransport.tls.trustedCaFile = \"/etc/frp/ca.crt\"\n\n# frps.ini\n[common]\ntransport.tls.certFile = \"/etc/frp/server.crt\"\ntransport.tls.keyFile = \"/etc/frp/server.key\"\ntransport.tls.trustedCaFile = \"/etc/frp/ca.crt\"\n\n\n### \u8fdb\u7a0b\u5b88\u62a4\u811a\u672c\n\nbash\ncat > /usr/local/bin/frp-protect.sh <<'EOF'\n#!/bin/bash\n\nLOCK_FILE=\"/var/run/frpc.lock\"\nPID_FILE=\"/var/run/frpc.pid\"\n\n# \u68c0\u67e5\u662f\u5426\u5df2\u8fd0\u884c\nif [ -f \"$LOCK_FILE\" ]; then\n pid=$(cat \"$LOCK_FILE\")\n if ps -p \"$pid\" > /dev/null 2>&1; then\n echo \"[INFO] FRP is already running\"\n exit 0\n fi\nfi\n\n# \u521b\u5efa\u9501\u6587\u4ef6\necho $$ > \"$LOCK_FILE\"\n\n# \u68c0\u67e5\u8fdb\u7a0b\u72b6\u6001\nif ! pgrep -x \"frpc\" > /dev/null; then\n echo \"[WARN] FRP is down, restarting... $(date)\"\n /usr/local/bin/frpc -c /etc/frp/frpc.ini &\n echo $! > \"$PID_FILE\"\nelse\n echo \"[INFO] FRP is running normally $(date)\"\nfi\n\nrm -f \"$LOCK_FILE\"\nEOF\n\nchmod +x /usr/local/bin/frp-protect.sh\n\n# \u6dfb\u52a0\u5230 crontab\necho \"* * * * * /usr/local/bin/frp-protect.sh >> /var/log/frp-protect.log 2>&1\" | crontab -\n\n\n## \u6e90\u7801\u4fee\u6539\uff08\u9632\u68c0\u6d4b\uff09\n\n### \u4fee\u6539\u7279\u5f81\u7801\n\nbash\n# \u514b\u9686\u6e90\u7801\ngit clone https://github.com/fatedier/frp.git\ncd frp\n\n# \u4fee\u6539\u7279\u5f81\u5b57\u7b26\u4e32\n# 1. \u4fee\u6539\u7248\u672c\u53f7\u4fe1\u606f\n# 2. \u4fee\u6539\u9ed8\u8ba4\u7aef\u53e3\n# 3. \u4fee\u6539\u534f\u8bae\u7279\u5f81\n\n# \u7f16\u8bd1\nmake\n\n\n### \u5173\u952e\u4fee\u6539\u70b9\n\n| \u6587\u4ef6 | \u4fee\u6539\u5185\u5bb9 |\n|------|----------|\n| pkg/consts/consts.go | \u4fee\u6539\u9ed8\u8ba4\u7aef\u53e3 |\n| client/service.go | \u4fee\u6539\u5fc3\u8df3\u5305\u7279\u5f81 |\n| server/service.go | \u4fee\u6539\u63e1\u624b\u7279\u5f81 |\n\n## \u5e38\u89c1\u95ee\u9898\n\n### \u8fde\u63a5\u88ab\u62d2\u7edd\n\nbash\n# \u68c0\u67e5\u9632\u706b\u5899\niptables -L -n | grep 8888\n\n# \u653e\u884c\u7aef\u53e3\niptables -A INPUT -p tcp --dport 8888 -j ACCEPT\niptables -A INPUT -p tcp --dport 10000 -j ACCEPT\n\n\n### \u901f\u5ea6\u6162\u4f18\u5316\n\nini\n# \u542f\u7528 KCP \u534f\u8bae\n[common]\nprotocol = kcp\n\n[ssh]\ntype = tcp\nlocal_port = 22\nremote_port = 9000\nuse_compression = true\n\n\n## \u5b89\u5168\u5efa\u8bae\n\n1. \u5f3a\u5bc6\u7801\uff1a\u4f7f\u7528\u590d\u6742\u7684 token \u548c dashboard \u5bc6\u7801\n2. IP \u767d\u540d\u5355\uff1a\u9650\u5236\u8bbf\u95ee\u6765\u6e90 IP\n3. TLS \u52a0\u5bc6\uff1a\u542f\u7528\u8bc1\u4e66\u52a0\u5bc6\u901a\u4fe1\n4. \u5b9a\u671f\u66f4\u65b0\uff1a\u4fdd\u6301\u8f6f\u4ef6\u7248\u672c\u6700\u65b0\n\n## \u5c0f\u7ed3\n\nFRP \u662f\u4f18\u79c0\u7684\u5185\u7f51\u7a7f\u900f\u65b9\u6848\uff1a\n\n1. \u90e8\u7f72\u7b80\u5355\uff1a\u5355\u4e8c\u8fdb\u5236\u6587\u4ef6\n2. \u529f\u80fd\u4e30\u5bcc\uff1a\u652f\u6301\u591a\u534f\u8bae\u3001\u591a\u8def\u590d\u7528\n3. \u6027\u80fd\u4f18\u79c0\uff1a\u652f\u6301 KCP \u52a0\u901f\n4. \u53ef\u5b9a\u5236\uff1a\u5f00\u6e90\u53ef\u4fee\u6539\u7279\u5f81\n\n\u9002\u7528\u573a\u666f\uff1a\n- \u5bb6\u5ead NAS \u8fdc\u7a0b\u8bbf\u95ee\n- \u5f00\u53d1\u73af\u5883\u5916\u7f51\u66b4\u9732\n- IoT \u8bbe\u5907\u8fdc\u7a0b\u7ba1\u7406\n\n---\n\n*\u53c2\u8003\u8d44\u6599*\uff1a\n- FRP GitHub\n- FRP \u4e2d\u6587\u6587\u6863\n"

LICENSED UNDER CC BY-NC-SA 4.0
Comment