Skip to content

附录7:Frpc内网穿透

Jump to bottom
chenxuyong edited this page Jun 6, 2022 · 12 revisions

Frpc内网穿透

1、准备工作

阅读一遍frp的官方文档: https://gofrp.org/docs/

2、frps 服务端部署

PS.本文以 Centos 8 + systemd + nginx + frps 二进制程序为例

服务端公网IP:88.88.88.88,公网暴露端口:8888(Tcp,Frps)、5000(Tcp,Frps<->SmsForwarder)、80/443(Tcp,Nginx)

# 下载
cd ~
wget https://github.com/fatedier/frp/releases/download/v0.43.0/frp_0.43.0_linux_amd64.tar.gz
tar -xzvf frp_0.43.0_linux_amd64.tar.gz
cd frp_0.43.0_linux_amd64

# 服务启动脚本
\cp ./frps /usr/bin/
mkdir -p /etc/frp/
cp ./frps.ini /etc/frp/
\cp ./systemd/frps.service /usr/lib/systemd/system/

# 服务端配置文件
cat > /etc/frp/frps.ini <<EOF
[common]
# 服务端监听端口
bind_port = 8888
# HTTP 类型代理监听的端口(给Nginx反向代理用)
vhost_http_port = 8080
# 鉴权使用的 token 值
token = 88888888
EOF

# 启动frps服务
systemctl enable frps.service 
systemctl start frps.service
systemctl status frps.service

3、nginx 虚拟机配置(绑定域名)

PS.这里强制启用https了

server
    {
        listen 80;
        #listen [::]:80;
        server_name demo.com *.demo.com;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /www/web/default;

        if ($uri !~* /.well-known) {
            return 301 https://$host$request_uri;
        }

        access_log off;
    }

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name demo.com *.demo.com;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /www/web/default;

        ssl_certificate /usr/local/nginx/conf/ssl/demo.com/fullchain.cer;
        ssl_certificate_key /usr/local/nginx/conf/ssl/demo.com/demo.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

        location / {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_pass http://127.0.0.1:8080/;
        }

        access_log off;
    }

4、frpc 客户端配置

首次进入内网穿透·Frpc页面,会自动下载 FrpcLib 动态库(PS. 为了Apk包的大小,采用动态加载so形式)

编辑默认一条配置 远程控制 SmsForwarder 

[common]
#frps服务端公网IP
server_addr = 88.88.88.88
#frps服务端公网端口
server_port = 8888
#可选,建议启用
token = 88888888

[SmsForwarder-TCP]
type = tcp
local_ip = 127.0.0.1
local_port = 5000
#只要修改下面这一行(frps所在服务器必须暴露的公网端口)
remote_port = 5000

[SmsForwarder-HTTP]
type = http
local_ip = 127.0.0.1
local_port = 5000
#只要修改下面这一行(在frps端将域名反代到vhost_http_port)
custom_domains = smsf.demo.com

PS. [SmsForwarder-TCP] 与 [SmsForwarder-HTTP] 二选一即可

  • 如果选 [SmsForwarder-TCP] 则通过 http://88.88.88.88:5000 控制 SmsForwarder

  • 如果选 [SmsForwarder-HTTP] 则通过 http://smsf.demo.com (或 https://smsf.demo.com,取决于 步骤3 是否启用https) 控制 SmsForwarder

Clone this wiki locally