附录7:Frpc内网穿透
PS. 更新于 2024年04月11日,适用于 v3.3.0+ (之前的默认配置是ini格式)
阅读一遍frp的官方文档: https://gofrp.org/zh-cn/docs/
PS.本文以 Ubuntu 22.04 + systemd + nginx + frps 二进制程序为例
服务端公网IP:88.88.88.88,公网暴露端口:8888(Tcp,Frps<->Frpc通信)、5000(Tcp,Frps<->Frpc<->SmsForwarder TCP转发)、80/443(Tcp,Nginx<->Frps<->Frpc<->SmsForwarder HTTP转发)
PS. FRPC客户端 与
主动控制·服务端运行在同一台手机
注意:以下 0.57.0 建议与 SmsForwarder 中的 FrpcLib 的版本一致
# 下载
cd ~
wget https://github.com/fatedier/frp/releases/download/v0.57.0/frp_0.57.0_linux_amd64.tar.gz
tar -xzvf frp_0.57.0_linux_amd64.tar.gz
cd frp_0.57.0_linux_amd64
\cp ./frps /usr/bin/
mkdir -p /etc/frp/
# 服务启动脚本
cat > /usr/lib/systemd/system/frps.service <<EOF
[Unit]
Description = Frp Server Service
After = network.target network-online.target syslog.target
Wants = network.online.target
[Service]
Type = simple
User = root
Restart = on-failure
RestartSec = 5s
ExecStart = /usr/bin/frps -c /etc/frp/frps.toml
ExecReload = /usr/bin/frps reload -c /etc/frp/frps.toml
[Install]
WantedBy = multi-user.target
EOF
# 服务端配置文件
cat > /etc/frp/frps.toml <<EOF
bindAddr = "0.0.0.0"
# 服务端监听端口
bindPort = 8888
kcpBindPort = 8888
# 鉴权使用的 token 值
auth.method = "token"
auth.token = "88888888"
# HTTP 类型代理监听的端口(给Nginx反向代理用)
vhostHTTPPort = 8080
vhostHTTPSPort = 8443
vhostHTTPTimeout = 120
# 【可选】FRP管理界面(修改账号密码,Nginx反向代理到7777)
webServer.addr = "127.0.0.1"
webServer.port = 7777
webServer.user = "user"
webServer.password = "password"
EOF
# 启动frps服务
systemctl enable frps.service
systemctl start frps.service
systemctl status frps.servicePS.这里强制启用https了
server
{
listen 80;
#listen [::]:80;
server_name *.demo.com;
index index.html index.htm index.php default.html default.htm default.php;
root /www/web/default;
if ($uri !~* /.well-known) {
return 301 https://$host$request_uri;
}
access_log off;
}
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name *.demo.com;
index index.html index.htm index.php default.html default.htm default.php;
root /www/web/default;
# 这里配置你自己的ssl证书
ssl_certificate /usr/local/nginx/conf/ssl/demo.com/fullchain.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/demo.com/demo.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080/;
}
access_log off;
}#frps服务端公网IP
serverAddr = "88.88.88.88"
#frps服务端公网端口
serverPort = 8888
#连接服务端的超时时间(增大时间避免frpc在网络未就绪的情况下启动失败)
transport.dialServerTimeout = 60
#第一次登陆失败后是否退出
loginFailExit = false
#可选,建议启用
auth.method = "token"
auth.token = "88888888"
#[二选一即可]每台机器的 name 和 remotePort 不可重复,通过 http://88.88.88.88:5000 访问
[[proxies]]
#同一个frps下,多台设备的 name 不可重复
name = "SmsForwarder-TCP-001"
type = "tcp"
localIP = "127.0.0.1"
localPort = 5000
#只要修改下面这一行(frps所在服务器必须暴露且防火墙放行的公网端口,同一个frps下不可重复)
remotePort = 5000
#[二选一即可]每台机器的 name 和 customDomains 不可重复,通过 http://smsf.demo.com 访问
[[proxies]]
#同一个frps下,多台设备的 name 不可重复
name = "SmsForwarder-HTTP-001"
type = "http"
localPort = 5000
#只要修改下面这一行(在frps端将域名反代到vhost_http_port)
customDomains = ["smsf.demo.com"]PS. type = "tcp" 与 type = "http" 二选一即可
-
如果选
type = "tcp"则通过http://88.88.88.88:5000控制SmsForwarder -
如果选
type = "http"则通过http://smsf.demo.com(或https://smsf.demo.com,取决于 步骤3 是否启用https) 控制SmsForwarder
例如:我这里采用 type = "http"
启动之后,可以查看成功连上Frps的日志
| Frpc配置 | 成功连上Frps |
|---|---|
 |
 |
启动主动控制·服务端,然后在主动控制·客户端的服务地址填写上面https://smsf.demo.com就可以实现远程控制了
| 主动控制·服务端 | 主动控制·客户端 |
|---|---|
 |
 |