frp内网穿透+nginx,实现无端口访问【完整教程】

介绍

frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp, udp , http, https, kcp 协议,为 http 和 https 应用协议提供了额外的能力,且尝试性支持了点对点穿透

地址

项目页:https://github.com/fatedier/frp
下载页:https://github.com/fatedier/frp/releases

必备条件

  • 具备公网IP
  • 有自己的域名

系统环境

服务器:centos 7.2 64位
客户端:小钢炮 Linux beikeyun 4.4.167 #1 SMP Mon May 6 01:01:07 CST 2019 aarch64 GNU/Linux
请根据平台选择正确的frp服务端、客户端,服务端与客户端版本号必须一致。

服务端部署

下载服务端

选择适合自己平台的frp服务端,我的服务器平台是amd64,所以下载这个。

# 下载frp v0.29.0
wget https://github.com/fatedier/frp/releases/download/v0.29.0/frp_0.29.0_linux_amd64.tar.gz
# 解压
tar zxf ./frp_0.29.0_linux_amd64.tar.gz
cd ./frp_0.29.0_linux_amd64
ll

目录结构如下(不同版本可能有差异):

编辑服务端配置

具体配置含义请查阅:README_zh.mdfrps 完整配置文件
frps.ini配置文件:

[common]
bind_port = 5005
dashboard_port = 5004
dashboard_user = admin
dashboard_pwd = admin
vhost_http_port = 5000
vhost_https_port = 5001
subdomain_host = frp.iyuu.cn
token = 123456789

frps.service配置文件:

[Unit]
Description=Frp Server Service
After=network.target

[Service]
User=root
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/bin/frps -c /etc/frps.ini

[Install]
WantedBy=multi-user.target

安装服务

sudo cp ./frps /usr/local/bin/frps
sudo cp ./frps.ini /etc/frps.ini
sudo cp ./systemd/frps.service /usr/lib/systemd/system/frps.service
systemctl enable frps
systemctl start frps

开机启动frps:
systemctl enable frps
启动frps:
systemctl start frps
停止frps:
systemctl stop frps
重启frps:
systemctl restart frps
查看frps状态:
systemctl status frps

删除服务的命令:

systemctl stop frps
sudo rm /usr/local/bin/frps
sudo rm /etc/frps.ini
sudo rm /usr/lib/systemd/system/frps.service

配置nginx实现无端口访问

1、 frp.iyuu.cn做A记录,解析至IP;
2、 *.frp.iyuu.cn做CNAME记录,解析至frp.iyuu.cn;
3、 新建frp.conf配置文件(内容如下),复制到nginx的配置目录/conf/vhost内,不同服务器可能不一样,请确认;
配置nginx反向代理,将来自*.frp.iyuu.cn的80端口请求,分发至frp服务器http请求的监听端口。

server {
    listen 80;
    server_name *.frp.iyuu.cn;
    location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_set_header    Host            $host:80;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_hide_header   X-Powered-By;
    }
}
server {
    listen 80;
    server_name frp.iyuu.cn;
    location / {
        proxy_pass http://127.0.0.1:5004;
        proxy_set_header    Host            $host:80;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_hide_header   X-Powered-By;
    }
}

复制frp.conf命令:
sudo cp ./frp.conf /path/nginx-1.8.1/conf/vhost/
4、 重启nginx
5、 访问测试:http://frp.iyuu.cn
到此,服务端已经部署完毕。如果无法访问,请检查防火墙安全组,放行相关端口。

客户端部署

选择frp客户端

下载适合自己平台的frpc客户端,下载、解压命令与服务端类似,也可以手动下载解压。
小钢炮是arm64平台,并且内置frpc客户端,只是版本没那么高,可以替换升级一下。
https://github.com/fatedier/frp/releases/download/v0.29.0/frp_0.29.0_linux_arm64.tar.gz

编辑客户端配置

frpc配置.png
frpc.ini配置文件,小钢炮内路径/etc/frpc.ini

# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
server_addr=frp.iyuu.cn
server_port=5005
# if you want to connect frps by http proxy or socks5 proxy, you can set http_proxy here or in global environment variables
# it only works when protocol is tcp
# http_proxy = http://user:passwd@192.168.1.128:8080
# http_proxy = socks5://user:passwd@192.168.1.128:1080
# console or real logFile path like ./frpc.log
log_file=/var/log/frpc.log
# trace, debug, info, warn, error
log_level=info
log_max_days=3
# for authentication
token=123456789
# set admin address for control frpc's action by http api such as reload
admin_addr=0.0.0.0
admin_port=7400
admin_user=admin
admin_passwd=admin
# connections will be established in advance, default value is zero
pool_count=5
# if tcp stream multiplexing is used, default is true, it must be same with frps
tcp_mux=true
# your proxy name will be changed to {user}.{proxy}
user=hk
# decide if exit program when first login failed, otherwise continuous relogin to frps
# default is true
login_fail_exit=false
# communication protocol used to connect to server
# now it supports tcp and kcp, default is tcp
protocol=tcp
# specify a dns server, so frpc will use this instead of default one
# dns_server = 8.8.8.8
# proxy names you want to start divided by ','
# default is empty, means all proxies
# start = ssh,dns
# heartbeat configure, it's not recommended to modify the default value
# the default value of heartbeat_interval is 10 and heartbeat_timeout is 90
heartbeat_interval=10
heartbeat_timeout=90
admin_pwd=570100
# specify a dns server, so frpc will use this instead of default one
dns_server=119.29.29.29

[dashboard_hk]
type=http
local_ip=127.0.0.1
local_port=80
use_encryption=false
use_compression=true
remote_port=
subdomain=hk

配置含义请参考:frpc 完整配置文件,根据需要添加代理设置,然后重启frpc
访问测试:http://*.frp.iyuu.cn*替换为您实际的 subdomain参数)。

如何升级frp到最新版本?

服务端frps升级

  1. 下载最新版frp文件
  2. 停止frps服务:systemctl stop frps
  3. 用新版本覆盖旧版本
  4. 如果使用systemd的,记得覆盖:cp frps /usr/local/bin/
  5. 启动新版本frps:systemctl start frps

客户端frpc升级,与服务端类似。

最后修改:2019 年 09 月 21 日 11 : 14 AM
如果觉得我的文章对你有用,请随意赞赏

2 条评论

  1. soyosan

    超赞的教程 解析了泛域名之后每次都去加解析了 OωO

  2. q

    ok

发表评论