Frp服务端搭建
目录
frp 是一款高性能的反向代理应用,专注于内网穿透。它支持多种协议,包括 TCP、UDP、HTTP、HTTPS 等,并且具备 P2P 通信功能。使用 frp,您可以安全、便捷地将内网服务暴露到公网,通过拥有公网 IP 的节点进行中转。
1 下载 frp
wget https://github.com/fatedier/frp/releases/download/v0.59.0/frp_0.59.0_linux_amd64.tar.gz2 修改frps.toml配置
# 服务端监听端口
bindPort = 7000
# http代理监听端口
vhostHTTPPort = 80
# https代理监听端口
vhostHTTPSPort = 443
# 鉴权方式
auth.method = "token"
# 客户端连接的token,相当于密码
auth.token = "password"
subdomainHost = "frp.example.com"
# 服务端UI界面端口
webServer.port = 7500
webServer.addr = "0.0.0.0"
# dashboard's username and password are both optional
webServer.user = "admin"
webServer.password = "password"
# 日志保存设定, 保存位置、保存时长
log.to = "/var/log/frps.log"
log.level = "info"
log.maxDays = 15使用的端口需要开放安全组或者防火墙
3 创建 frps 服务
tee /etc/systemd/system/frps.service <<-'EOF'
[Unit]
Description = frp server
After = network.target syslog.target
Wants = network.target
[Service]
Type = simple
ExecStart = /usr/local/bin/frps -c /etc/frp/frps.toml
[Install]
WantedBy = multi-user.target
EOF4 启动服务
systemctl enable frps.service --now5 客户端连接
5.1 下载 frp
wget https://github.com/fatedier/frp/releases/download/v0.59.0/frp_0.59.0_linux_amd64.tar.gz5.2 修改frpc.toml配置
serverAddr = "frp.example.com"
serverPort = 7000
auth.method = "token"
auth.token = "12345678"
# 日志保存设定, 保存位置、保存时长
log.to = "/var/log/frps.log"
log.level = "info"
log.maxDays = 15
[[proxies]]
name = "web_http"
type = "http"
localIP = "192.168.1.5"
localPort = 5000
subdomain = "web"
[[proxies]]
name = "web_https"
type = "https"
subdomain = "webs"
[proxies.plugin]
type = "https2http"
localAddr = "192.168.1.5:5001"
crtPath = "./server.cer"
keyPath = "./server.key"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"
[[proxies]]
name = "yourname_linux_ssh"
type = "tcp"
localIP = "192.168.1.2"
localPort = 22
remotePort = 22222
[[proxies]]
name = "yourname_windows10_rdp"
type = "tcp"
localIP = "192.168.1.3"
localPort = 3389
remotePort = 33890当 type = “http” 或者 “https” 协议时, custom_domains 和 subdomain 至少需要任意一条参数,也可以同时存在。如果没有此参数会导致 frp 客户端无法启动。
5.3 创建 frpc 服务
tee /etc/systemd/system/frpc.service <<-'EOF'
[Unit]
Description = frp client
After = network.target syslog.target
Wants = network.target
[Service]
Type = simple
ExecStart = /usr/local/bin/frpc -c /etc/frp/frpc.toml
[Install]
WantedBy = multi-user.target
EOF5.4 启动服务
systemctl enable frpc.service --now6 搭配 Nginx 使用
修改frps.toml
vhostHTTPPort = 80
vhostHTTPSPort = 443
# Nginx 使用 80,443 端口,更换 frps 端口避免与 Nginx 冲突
vhostHTTPPort = 8080
vhostHTTPSPort = 8443添加 Nginx 反向代理配置文件
server {
listen 80;
server_name *.test.example.com;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443;
server_name *.test.example.com;
ssl_certificate /data/ssl_cert/example.com/example.com.cer;
ssl_certificate_key /data/ssl_cert/example.com/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location / {
proxy_pass http://127.0.0.1:8443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}参考链接: