FRP intranet penetration, reverse proxy

frp It is a high performance reverse proxy application focusing on Intranet penetration , Support TCP、UDP、HTTP、HTTPS Other protocols . You can make intranet services secure 、 Convenient way through the public network IP Node transfer is exposed to the public network .

This article will expose the intranet Web Service as an example , practice frp Installation and deployment of . More scenarios , so frp Example .

install

frp Mainly by client (frpc) and Server side (frps) form , The server is usually deployed in a network with a public network IP On the machine , The client is usually deployed on the machine where the intranet service needs to be penetrated .

Can be in Github Of Release Page to download the latest version of the client and server binary files .

Article public network 、 Intranet machines are Linux x86_64, So I chose frp_0.39.0_linux_amd64.tar.gz. decompression ：

$ tar xzvf frp_0.39.0_linux_amd64.tar.gzfrp_0.39.0_linux_amd64/frp_0.39.0_linux_amd64/frpsfrp_0.39.0_linux_amd64/frps_full.inifrp_0.39.0_linux_amd64/systemd/frp_0.39.0_linux_amd64/systemd/[email protected]_0.39.0_linux_amd64/systemd/[email protected]_0.39.0_linux_amd64/systemd/frpc.servicefrp_0.39.0_linux_amd64/systemd/frps.servicefrp_0.39.0_linux_amd64/LICENSEfrp_0.39.0_linux_amd64/frpc.inifrp_0.39.0_linux_amd64/frpc_full.inifrp_0.39.0_linux_amd64/frps.inifrp_0.39.0_linux_amd64/frpc

Public network

Copy frps File into the public network machine , Assume that IP by x.x.x.x：

scp frps* [email protected]:

modify frps.ini file , Set listening HTTP The request port is 8080：

cat <<-EOF > ~/frps.ini[common]bind_port = 7000vhost_http_port = 8080EOF

install supervisor Deployment , The backstage runs for a long time ：

#  install  supervisorsudo apt install supervisor -y#  Add the configuration sudo -icat <<-EOF >> /etc/supervisor/supervisord.conf[program:frps]directory=/home/ubuntucommand=/home/ubuntu/frps -c /home/ubuntu/frps.inipriority=999autostart=trueautorestart=truestartsecs=10startretries=3stdout_logfile=/var/log/frps_out.logstdout_logfile_maxbytes=1MBstdout_logfile_backups=10stdout_capture_maxbytes=1MBstderr_logfile=/var/log/frps_err.logstderr_logfile_maxbytes=1MBstderr_logfile_backups=10stderr_capture_maxbytes=1MBenvironment=nocleanup=falseEOFexit#  Update service sudo supervisorctl update all#  View service sudo supervisorctl status all

Intranet

Copy frpc File into intranet machine , Assume that IP by 192.168.1.100：

scp frpc* [email protected]:

modify frpc.ini file , hypothesis frps Of the server IP by x.x.x.x,local_port On the local machine Web The port the service listens on , Bind custom domain name as custom_domains.

cat <<-EOF > ~/frpc.ini[common]server_addr = x.x.x.xserver_port = 7000[web]type = httplocal_port = 8000custom_domains = www.yourdomain.comEOF

take www.yourdomain.com Domain name of A The record resolves to IP x.x.x.x.

If the server already has a corresponding domain name , Can also be CNAME The record resolves to the original domain name of the server . Or you can modify HTTP Requested Host Field to achieve the same effect .

Simple operation service , To test ：

#  function  HTTP  service python3 -m http.server 8000#  function  frpc  service ./frpc -c ./frpc.ini#  Access test curl http://www.yourdomain.com:8080/

With systemd Deployment , The backstage runs for a long time ：

#  Copy files sudo cp frpc /usr/bin/frpcsudo mkdir -p /etc/frpsudo cp frpc.ini /etc/frp/frpc.ini#  Add the configuration （frp  Given  systemd  To configure ）sudo -icat <<-EOF > /etc/systemd/system/frpc.service[Unit]Description=Frp Client ServiceAfter=network.target[Service]Type=simpleUser=nobodyRestart=on-failureRestartSec=5sExecStart=/usr/bin/frpc -c /etc/frp/frpc.iniExecReload=/usr/bin/frpc reload -c /etc/frp/frpc.iniLimitNOFILE=1048576[Install]WantedBy=multi-user.targetEOFexit#  Overload configuration sudo systemctl daemon-reload#  Boot up sudo systemctl enable frpc.service#  Start the service sudo systemctl start frpc.service#  Check the status sudo systemctl status frpc.service

GoCoding Personal experience sharing , We can pay attention to the official account ！