利用frp将处于内网香橙派中的服务穿透至公网
场景
处于内网中的香橙派上运行着三个web服务+一个ssh需求,我们希望让这些内网服务能处在公网访问。
环境
frp下载:Releases · fatedier/frp (github.com)
frp官网文档:frp
-
香橙派zero3:192.168.10.106(处于内网)
-
公网服务器:1.2.3.4
-
frp版本:
frp_0.53.2_linux_amd64.tar.gz
=> 适用于公网服务器
frp_0.53.2_linux_arm64.tar.gz
=> 适用于香橙派zero3 -
域名:泛解析至公网服务器
示例为
*domain.com
解析至1.2.3.4
服务端
我们的公网服务器作为服务端提供公网IP服务
frps.toml
配置示例
bindPort = 7000 # 连接端口
vhostHTTPPort = 88 # 指定 HTTP 请求的监听端口为88,即最后我们访问域名:88可至内网中对应的服务
运行测试
./frps -c frps.toml
出现如下即成功
[root@VM-4-12-centos frp-opi-wp]# ./frps -c frps.toml
2024/01/23 21:56:35 [I] [root.go:104] frps uses config file: frps.toml
2024/01/23 21:56:35 [I] [service.go:225] frps tcp listen on 0.0.0.0:7000
2024/01/23 21:56:35 [I] [root.go:113] frps started successfully
客户端
香橙派zero3作为服务端提供web服务和ssh需求
frpc.toml
配置示例
serverAddr = "1.2.3.4" # 公网服务器IP
serverPort = 7000 # 与frps.toml中配置相同,注意打开对应端口
[[proxies]] # !!这里一定不能修改,不然会无法穿透
name = "ssh" # 服务名称在这里修改,一定不能改上面方括号里的内容
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000 # 穿透至公网服务器的6000端口
[[proxies]]
name = "doc"
type = "http"
localPort = 8080
customDomains = ["doc.domain.com"] # 这里加前缀即可
[[proxies]]
name = "blog"
type = "http"
localPort = 80
customDomains = ["www.domain.com"]
[[proxies]]
name = "NextCloud"
type = "http"
localPort = 8888
customDomains = ["cloud.domain.com"]
运行测试
./frpc -c frpc.toml
出现如下即成功
root@orangepizero3:~/frp-wordpress# ./frpc -c frpc.toml
2024/01/22 14:49:43 [I] [root.go:141] start frpc service for config file [frpc.toml]
2024/01/22 14:49:43 [I] [service.go:287] try to connect to server...
2024/01/22 14:49:43 [I] [service.go:279] [e59f9a91049ca20a] login to server success, get run id [e59f9a91049ca20a]
这时服务端会有反应
[root@VM-4-12-centos frp-opi-wp]# ./frps -c frps.toml
2024/01/23 21:56:35 [I] [root.go:104] frps uses config file: frps.toml
2024/01/23 21:56:35 [I] [service.go:225] frps tcp listen on 0.0.0.0:7000
2024/01/23 21:56:35 [I] [root.go:113] frps started successfully
2024/01/23 22:00:08 [I] [service.go:563] [cfa62ad515ec4c40] client login info: ip [124.23.134.193:2457] version [0.53.2] hostname [] os [linux] arch [arm64]
2024/01/23 22:00:50 [I] [control.go:359] [cfa62ad515ec4c40] client exit success
2024/01/23 22:11:24 [I] [service.go:563] [301af5cc896139a2] client login info: ip [124.23.133.67:57505] version [0.53.2] hostname [] os [linux] arch [arm64]
2024/01/23 22:15:27 [I] [control.go:359] [301af5cc896139a2] client exit success
# 可以注意到有[ssh]出现了
2024/01/23 22:16:29 [I] [service.go:563] [399ffe49d60af967] client login info: ip [124.23.133.67:57508] version [0.53.2] hostname [] os [linux] arch [arm64]
2024/01/23 22:16:29 [I] [tcp.go:82] [399ffe49d60af967] [ssh] tcp proxy listen port [6000]
2024/01/23 22:16:29 [I] [control.go:401] [399ffe49d60af967] new proxy [ssh] type [tcp] success
2024/01/23 22:16:44 [I] [proxy.go:204] [399ffe49d60af967] [ssh] get a user connection [124.221.233.12:47008]
2024/01/23 22:21:12 [I] [proxy.go:115] [399ffe49d60af967] [ssh] proxy closing
最后访问
doc.domain.com:88
,www.domain.com:88
等即可访问至内网中对应的服务
ssh也是同理
ssh root@1.2.3.4 -p 6000
后台运行
一切都没有问题后,我们把它们制作成service,保证它们可以在后台稳定运行
服务端
vim /usr/lib/systemd/system/frps.service
frps.service配置如下
[Unit]
Description=frps Server Service
After=network.target
Wants=network.target
[Service]
Type=simple
ExecStart=/root/frp-all/frp-opi-wp/frps -c /root/frp-all/frp-opi-wp/frps.toml # 你的frps文件的绝对路径
[Install]
WantedBy=multi-user.target
启动
systemctl start frps
开机自启
systemctl enable frps
查看日志
systemctl status frps
客户端
与服务端同理,frpc.service的配置中ExecStart修改为frpc文件的绝对路径,下面操作相同