Alibaba cloud server connection intranet operation

background ：
The customer requires to be able to access from the web page of the external network web Control Center .

Introduce ：
Applied for an Alibaba cloud server , In fact, there is a trial version for the first time , After applying for the server , The server will assign you an external network IP, The specific links ： Alibaba cloud

After applying, you can see it on the workbench ：

Then go to the security group to open the port configuration ：
Configure the port to be accessed .

At this time, we use the intranet （ Access to the Internet IP） Login on your computer ：

ssh [email protected]
 Input password 

Then you can log in to ECS .

But at this time, we can only access ECs from the Intranet in the form of a client , So when we deploy one on the cloud server web Program , And this program needs to access data from our intranet , Now what? ？

It's time to frp agent （ Intranet through ） 了 .
See below for details ：
Blog 1
Blog 2

The two blogs are very detailed , Let me add here ：
Alibaba cloud server settings frp The service side , Your own computer is set to frp The client of , Because ECS cannot actively establish a connection with your intranet computer , Only computers on the Intranet can actively connect to Alibaba cloud servers , So here is this configuration .

Alibaba cloud server frp The configuration is as follows ：

[common]            #   Common configuration , This configuration is required （ Do not modify the agent name ）
bind_port = 7000    #  frps  Listening port 

Remember to add this port to the ECS .
in other words frp The server of this program is set on the ECS , This frp The port of the server is 7000, Then start
At this time, you use it on your computer ：

telnet  Alibaba cloud server address  7000

It can be connected .

Then set it in the computer in your intranet frp Client configuration of the program ：

#
[common]
server_addr = 120.76.118.232  # Alibaba cloud server address 
server_port = 7000      # Aliyun server frp The port of the server , On your side frp The client of should connect to this port , Acting from here 

# The following is the port and address of the proxy 
# Alibaba cloud server passes 7000 Port as proxy forwarding 
# For example, if you visit Alibaba cloud server curl -o h.html http://127.0.0.1:6001
# At this time, Alibaba cloud server passes frp agent , Log in to the intranet computer indirectly , To visit 
#http://172.0.8.21:9990, It is equivalent to intranet computer intranet frp Client to access http://172.0.8.21:9990, And then the result 
# Forward to Alibaba cloud server frp Server side , Finally, Alibaba cloud server frp Return the result to the person who actually accesses Alibaba cloud server 
# In a big circle , Finally, Alibaba cloud servers can access a server in the intranet 
[web0]
type = tcp
local_ip = 127.0.0.1
local_port = 9990
remote_port = 6000

[web1]
type = tcp
local_ip = 192.168.1.25  # An internal in the intranet ip
local_port = 9990
remote_port = 6001

[web2]
type = tcp
local_ip = 127.0.0.1
local_port = 1935
remote_port = 6002

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 1935
remote_port = 6003

If you want to access 22, Then input
ssh -p 6006 Intranet host user name @ Cloud server ip
When entering the password, be sure to enter the password in the intranet , Although it prompts you to enter the Alibaba cloud native password

Say it again ：
Someone accesses Alibaba cloud server ：
http:// Alibaba cloud server extranet ip:6001
Its link is as follows
Aliyun server frp Server side —》 Intranet computer frp client —》192.168.1.25:9000
Then follow the same route back
This method is suitable for all kinds of audio and video streams , such as rtsp rtmp http-flv etc.

Reference resources ：NAT Router holing principle
https://www.cnblogs.com/mq0036/p/4644776.html