什么是FRP?
FRP(Fast Reverse Proxy)是一款高性能的反向代理应用,主要用于内网穿透。通过FRP,您可以将内网服务暴露给外网用户,无需进行复杂的网络配置。
准备工作
- 服务器:一台具备公网IP的服务器,用于部署FRP服务端。
- 客户端:需要进行内网穿透的设备。
- FRP程序:可以从FRP官方GitHub页面下载最新版本。
部署步骤
-
服务器 A (具有公共 IP 地址)
- 解压并放置
frps二进制文件和frps.toml配置文件。 - 修改
frps.toml:[common] bind_port = 7000 - 启动
frps:./frps -c ./frps.toml
- 解压并放置
-
服务器 B (在无法从公共互联网直接访问的服务器上)
- 解压并放置
frpc二进制文件和frpc.toml配置文件。 - 修改
frpc.toml:[common] server_addr = "x.x.x.x" server_port = 7000 [ssh] type = "tcp" local_ip = "127.0.0.1" local_port = 22 remote_port = 6000 - 启动
frpc:./frpc -c ./frpc.toml
- 解压并放置
通过 SSH 访问服务器 B
从另一台机器通过服务器 A 访问服务器 B (假设用户名是 test):
ssh -oPort=6000 test@x.x.x.x
通过多个 SSH 服务共享同一端口
配置 frps.toml:
[common]
bind_port = 7000
tcpmux_httpconnect_port = 5002
配置内部机器 A 和 B 的 frpc.toml:
[common]
server_addr = "x.x.x.x"
server_port = 7000
[ssh1]
type = "tcpmux"
multiplexer = "httpconnect"
custom_domains = ["machine-a.example.com"]
local_ip = "127.0.0.1"
local_port = 22
[ssh2]
type = "tcpmux"
multiplexer = "httpconnect"
custom_domains = ["machine-b.example.com"]
local_ip = "127.0.0.1"
local_port = 22
通过 SSH ProxyCommand 访问:
ssh -o 'proxycommand socat - PROXY:x.x.x.x:%h:%p,proxyport=5002' test@machine-a.example.com
使用自定义域访问内部 Web 服务
配置 frps.toml:
[common]
bind_port = 7000
vhost_http_port = 8080
配置 frpc.toml:
[common]
server_addr = "x.x.x.x"
server_port = 7000
[web]
type = "http"
local_port = 80
custom_domains = ["www.example.com"]
在浏览器中访问 http://www.example.com:8080。
转发 DNS 查询请求
配置 frps.toml:
[common]
bind_port = 7000
配置 frpc.toml:
[common]
server_addr = "x.x.x.x"
server_port = 7000
[dns]
type = "udp"
local_ip = "8.8.8.8"
local_port = 53
remote_port = 6000
测试 DNS 解析:
dig @x.x.x.x -p 6000 www.google.com
转发 Unix 域套接字
配置 frps.toml 和 frpc.toml:
[common]
server_addr = "x.x.x.x"
server_port = 7000
[unix_domain_socket]
type = "tcp"
remote_port = 6000
plugin = "unix_domain_socket"
plugin_unix_path = "/var/run/docker.sock"
测试配置:
curl http://x.x.x.x:6000/version
公开简单的 HTTP 文件服务器
配置 frps.toml 和 frpc.toml:
[common]
server_addr = "x.x.x.x"
server_port = 7000
[test_static_file]
type = "tcp"
remote_port = 6000
plugin = "static_file"
plugin_local_path = "/tmp/files"
plugin_strip_prefix = "static"
plugin_http_user = "abc"
plugin_http_passwd = "abc"
从浏览器访问 http://x.x.x.x:6000/static/。
为本地 HTTP(S) 服务启用 HTTPS
配置 frpc.toml:
[common]
server_addr = "x.x.x.x"
server_port = 7000
[test_https2http]
type = "https"
custom_domains = ["test.example.com"]
plugin = "https2http"
plugin_local_addr = "127.0.0.1:80"
plugin_crt_path = "./server.crt"
plugin_key_path = "./server.key"
plugin_host_header_rewrite = "127.0.0.1"
plugin_request_headers = ["x-from-where: frp"]
访问 https://test.example.com。
使用 STCP 模式
配置 frps.toml 和 frpc.toml:
[common]
server_addr = "x.x.x.x"
server_port = 7000
[secret_ssh]
type = "stcp"
secretkey = "abcdefg"
local_ip = "127.0.0.1"
local_port = 22
在另一台机器上启动 frpc:
[common]
server_addr = "x.x.x.x"
server_port = 7000
[secret_ssh_visitor]
type = "stcp"
server_name = "secret_ssh"
secretkey = "abcdefg"
bind_addr = "127.0.0.1"
bind_port = 6000
使用 SSH 连接:
ssh -oPort=6000 127.0.0.1
使用 P2P 模式
配置 frps.toml 和 frpc.toml:
[common]
server_addr = "x.x.x.x"
server_port = 7000
[p2p_ssh]
type = "xtcp"
secretkey = "abcdefg"
local_ip = "127.0.0.1"
local_port = 22
在另一台机器上启动 frpc:
[common]
server_addr = "x.x.x.x"
server_port = 7000
[p2p_ssh_visitor]
type = "xtcp"
server_name = "p2p_ssh"
secretkey = "abcdefg"
bind_addr = "127.0.0.1"
bind_port = 6000
keep_tunnel_open = false
使用 SSH 连接:
ssh -oPort=6000 127.0.0.1
配置文件和环境变量
您可以使用 TOML、YAML 或 JSON 格式的配置文件。环境变量可以在配置文件中引用,采用 Go 的标准格式:
# frpc.toml
server_addr = "{{ .Envs.FRP_SERVER_ADDR }}"
server_port = 7000
[ssh]
type = "tcp"
local_ip = "127.0.0.1"
local_port = 22
remote_port = "{{ .Envs.FRP_SSH_REMOTE_PORT }}"
设置环境变量:
export FRP_SERVER_ADDR=x.x.x.x
export FRP_SSH_REMOTE_PORT=6000
./frpc -c ./frpc.toml
服务器仪表板
配置 frps.toml:
[common]
web_server_addr = "0.0.0.0"
web_server_port = 7500
web_server_user = "admin"
web_server_pwd = "admin"
访问 http://[server_addr]:7500 查看仪表板。
客户端管理界面
配置 frpc.toml:
[common]
web_server_addr = "127.0.0.1"
web_server_port = 7400
web_server_user = "admin"
web_server_pwd = "admin"
访问 http://127.0.0.1:7400 查看管理界面。
热加载配置
启用 HTTP API:
[common]
web_server_addr = "127.0.0.1"
web_server_port = 7400
使用命令重新加载配置:
frpc reload -c ./frpc.toml
验证客户端
使用令牌认证:
# frps.toml
[common]
auth_token = "abcdefg"
# frpc.toml
[common]
auth_token = "abcdefg"
使用 OIDC 身份验证:
# frps.toml
[common]
auth_method = "oidc"
auth_oidc_issuer = "https://example-oidc-issuer.com/"
auth_oidc_audience = "https://oidc-audience.com/.default"
# frpc.toml
[common]
auth_method = "oidc"
auth_oidc_client_id =
"my-client-id"
auth_oidc_client_secret = "my-client-secret"
auth_oidc_audience = "https://oidc-audience.com/.default"
获取 JWT:
export FRP_OIDC_TOKEN=$(curl -X POST -d 'client_id=my-client-id' -d 'client_secret=my-client-secret' -d 'audience=https://oidc-audience.com/.default' https://example-oidc-issuer.com/token | jq -r .access_token)
配置持久化存储
启用持久化存储:
# frps.toml
[common]
database_type = "sqlite3"
database_path = "/var/lib/frp/frps.db"
配置日志
[common]
log_file = "./frps.log"
log_level = "info"
log_max_days = 3
这样,您可以使用 frp 实现各种隧道需求。可以根据具体需求调整配置以满足安全性和性能的要求。
