FRP intranet penetration, reverse proxy

frp It is a high performance reverse proxy application focusing on Intranet penetration , Support TCP、UDP、HTTP、HTTPS Other protocols . You can make intranet services secure 、 Convenient way through the public network IP Node transfer is exposed to the public network .

This article will expose the intranet Web Service as an example , practice frp Installation and deployment of . More scenarios , so frp Example .

install

frp Mainly by client (frpc) and Server side (frps) form , The server is usually deployed in a network with a public network IP On the machine , The client is usually deployed on the machine where the intranet service needs to be penetrated .

Can be in Github Of Release Page to download the latest version of the client and server binary files .

Article public network 、 Intranet machines are Linux x86_64, So I chose frp_0.39.0_linux_amd64.tar.gz. decompression ：

$ tar xzvf frp_0.39.0_linux_amd64.tar.gz
frp_0.39.0_linux_amd64/
frp_0.39.0_linux_amd64/frps
frp_0.39.0_linux_amd64/frps_full.ini
frp_0.39.0_linux_amd64/systemd/
frp_0.39.0_linux_amd64/systemd/[email protected]
frp_0.39.0_linux_amd64/systemd/[email protected]
frp_0.39.0_linux_amd64/systemd/frpc.service
frp_0.39.0_linux_amd64/systemd/frps.service
frp_0.39.0_linux_amd64/LICENSE
frp_0.39.0_linux_amd64/frpc.ini
frp_0.39.0_linux_amd64/frpc_full.ini
frp_0.39.0_linux_amd64/frps.ini
frp_0.39.0_linux_amd64/frpc

Public network

Copy frps File into the public network machine , Assume that IP by x.x.x.x：

scp frps* [email protected]:

modify frps.ini file , Set listening HTTP The request port is 8080：

cat <<-EOF > ~/frps.ini
[common]
bind_port = 7000
vhost_http_port = 8080
EOF

install supervisor Deployment , The backstage runs for a long time ：

#  install  supervisor
sudo apt install supervisor -y

#  Add the configuration 
sudo -i
cat <<-EOF >> /etc/supervisor/supervisord.conf

[program:frps]
directory=/home/ubuntu
command=/home/ubuntu/frps -c /home/ubuntu/frps.ini
priority=999
autostart=true
autorestart=true
startsecs=10
startretries=3
stdout_logfile=/var/log/frps_out.log
stdout_logfile_maxbytes=1MB
stdout_logfile_backups=10
stdout_capture_maxbytes=1MB
stderr_logfile=/var/log/frps_err.log
stderr_logfile_maxbytes=1MB
stderr_logfile_backups=10
stderr_capture_maxbytes=1MB
environment=
nocleanup=false
EOF
exit

#  Update service 
sudo supervisorctl update all

#  View service 
sudo supervisorctl status all

Intranet

Copy frpc File into intranet machine , Assume that IP by 192.168.1.100：

scp frpc* [email protected]:

modify frpc.ini file , hypothesis frps Of the server IP by x.x.x.x,local_port On the local machine Web The port the service listens on , Bind custom domain name as custom_domains.

cat <<-EOF > ~/frpc.ini
[common]
server_addr = x.x.x.x
server_port = 7000

[web]
type = http
local_port = 8000
custom_domains = www.yourdomain.com
EOF

take www.yourdomain.com Domain name of A The record resolves to IP x.x.x.x.

If the server already has a corresponding domain name , Can also be CNAME The record resolves to the original domain name of the server . Or you can modify HTTP Requested Host Field to achieve the same effect .

Simple operation service , To test ：

#  function  HTTP  service 
python3 -m http.server 8000

#  function  frpc  service 
./frpc -c ./frpc.ini

#  Access test 
curl http://www.yourdomain.com:8080/

With systemd Deployment , The backstage runs for a long time ：

#  Copy files 
sudo cp frpc /usr/bin/frpc
sudo mkdir -p /etc/frp
sudo cp frpc.ini /etc/frp/frpc.ini

#  Add the configuration （frp  Given  systemd  To configure ）
sudo -i
cat <<-EOF > /etc/systemd/system/frpc.service
[Unit]
Description=Frp Client Service
After=network.target

[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini
ExecReload=/usr/bin/frpc reload -c /etc/frp/frpc.ini
LimitNOFILE=1048576

[Install]
WantedBy=multi-user.target
EOF
exit

#  Overload configuration 
sudo systemctl daemon-reload

#  Boot up 
sudo systemctl enable frpc.service

#  Start the service 
sudo systemctl start frpc.service

#  Check the status 
sudo systemctl status frpc.service

GoCoding Personal experience sharing , We can pay attention to the official account ！