内网穿透
frp 及 natapp
windows 服务器 穿透 连接本地windows计算机
下载链接:
Release v0.41.0 · fatedier/frp (github.com)
官方文档:
https://github.com/fatedier/frp
根据对应的操作系统及架构 从Release 页面下载最新版的程序
- frps 及 frps.ini 放到具有公网IP的·机器上 及服务器
- frpc 及 frpc.ini 放到处于内网环境的机器上
windows
服务器
frps.ini
[common]
#内网穿透服务器端监听的IP地址,可以省略,默认为127.0.0.1
bind_addr = 127.0.0.1
#服务器端监听的端口,默认是7000,可自定义
bind_port = 7000
启动 : frps.exe
frps.exe
本地:
frpc.ini
[common]
#外网-服务器端ip
server_addr = adminzhang.top
#外网-服务器端监听的端口(必须与Frps.ini中的配置一致)
server_port = 7000
[TMCAT]
type = tcp
local_ip = 127.0.0.1
local_port = 8080
remote_port = 18080
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
[mysql]
type = tcp
local_ip = 127.0.0.1
local_port = 3306
remote_port = 13306
启动 frpc.exe
frpc.exe -c frpc.ini
NATAPP
https://natapp.cn/
注册 登录 购买隧道
下载客户端工具
解压后得到一个 natapp.exe
可执行文件
在该目录下打开命令行工具(cmd 管理员模式)
输入:
natapp -authtoken=上面获取的密码(token)
回车后:如图代表启动成功
frp Linux
Linux 服务器 穿透 连接本地windows计算机
下载: frp_0.41.0_linux_amd64.tar.gz
服务器端配置
下载完成后 上传到 Linux 服务器 解压frp压缩包
解压命令: tar -zxvf frp_0.41.0_linux_amd64.tar.gz
进入解压目录:
cd frp_0.41.0_linux_amd64/
打开配置文件(服务器端):
vim frps.ini
修改内容为:
[common]
# frp监听的端口,默认是7000,可以改成其他的
bind_port = 7000
# 授权码,这个token之后在客户端会用到
token = 123456
# frp管理后台端口,按需求更改
dashboard_port = 7500
# frp管理后台用户名和密码
dashboard_user = admin
dashboard_pwd = root
enable_prometheus = true
# frp日志配置
log_file = /var/log/frps.log
log_level = info
log_max_days = 3
保存 退出
注:图片显示有误 6000 是 7500 ---- token: 123456
修改 frps 文件的权限
chmod 777 frps
设置和启动服务:
mkdir -p /etc/frp
cp frps.ini /etc/frp
cp frps /usr/bin
cp systemd/frps.service /usr/lib/systemd/system/
systemctl enable frps
systemctl start frps
开放 linux 端口
7000 7500
firewall-cmd --zone=public --add-port=7000/tcp --permanent
重启防火墙
systemctl restart firewalld.service
查看开放的端口
firewall-cmd --list-ports
访问:
http://www.xiaotao.cloud:7500/
客户端配置
下载 windows 版
frp_0.41.0_windows_amd64
打开 frpc.ini
[common]
server_addr = www.xiaotao.cloud
server_port = 7000
token = 123456
# 配置ssh服务
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
# 这个自定义,之后再ssh连接的时候要用
remote_port = 33890
[web]
type = tcp
local_ip = 127.0.0.1
local_port = 8080
subdomain = www.xiaotao.cloud
remote_port = 18080
win + r cmd
frpc.exe -c frpc.ini
查看 linux 日志
2022/04/23 14:58:59 [I] [service.go:450] [66e39b233f9b19cc] client login info: ip [106.92.242.75:4612] version [0.41.0] hostname [] os [windows] arch [amd64]
2022/04/23 14:58:59 [I] [tcp.go:64] [66e39b233f9b19cc] [ssh] tcp proxy listen port [33890]
2022/04/23 14:58:59 [I] [control.go:465] [66e39b233f9b19cc] new proxy [ssh] success
2022/04/23 14:58:59 [I] [tcp.go:64] [66e39b233f9b19cc] [web] tcp proxy listen port [18080]
2022/04/23 14:58:59 [I] [control.go:465] [66e39b233f9b19cc] new proxy [web] success
设置开机自启
在 frpc.exe
同级目录下 新建 start.bat
start.bat 内容如下
@echo off
:home
frpc -c frpc.ini
goto home
作用:后台运行 如果遇到错误 自动重启
打开控制面板 搜索计划任务
完成后 点击确认,frp 开机自启配置完成
重启电脑后 在任务管理器就可以看到 frpc.exe
使用另一台电脑
点击连接 即可成功连接
# [常见]是积分部分
[常见]
#必须将 IPv6 的文本地址或主机名括起来
# 在方括号中,如“[::1]:80”、“[ipv6-host]:http” 或 “[ipv6-host%zone]:80”
#对于单个“bind_addr”字段,不需要方括号,如“bind_addr = ::”。
bind_addr = 0.0.0.0
bind_port = 7000
# udp 端口,以帮助使 udp 孔穿透 nat
bind_udp_port = 7001
# udp 端口用于 kcp 协议,它可以与 'bind_port' 相同
# 如果未设置,则在 frps 中禁用 kcp
kcp_bind_port = 7000
# 指定代理将侦听的地址,默认值与bind_addr
# proxy_bind_addr = 127.0.0.1
# 如果要支持虚拟主机,必须设置 http 端口进行侦听(可选)
#注意:http 端口和 https 端口可以与bind_port
vhost_http_port = 80
vhost_https_port = 443
# vhost http 服务器的响应标头超时(秒),默认值为 60s
# vhost_http_timeout = 60
# tcpmux_httpconnect_port 指定服务器侦听 TCP 的端口
#HTTP 连接请求。如果值为 0,则服务器将不会多路复用 TCP
# 单个端口上的请求。如果不是 - 它将侦听此值
#HTTP 连接请求。默认情况下,此值为 0。
# tcpmux_httpconnect_port = 1337
# 设置dashboard_addr和dashboard_port以查看frps的仪表板
# dashboard_addr的默认值与bind_addr相同
# 仪表板仅在设置dashboard_port时可用
dashboard_addr = 0.0.0.0
dashboard_port = 7500
# 仪表板用户和 passwd 用于基本身份验证保护
dashboard_user = 管理员
dashboard_pwd = 管理员
# enable_prometheus将在 /metrics api 中的 {dashboard_addr}:{dashboard_port} 上导出 prometheus 指标。
enable_prometheus = 真
# 仪表盘资产目录(仅限调试模式)
# assets_dir = ./静态
# 控制台或真实日志文件路径,如 ./frps.log
log_file = ./frps.log
# 跟踪、调试、信息、警告、错误
log_level = 信息
log_max_days = 3
# 禁用日志颜色,log_file为控制台,默认值为假
disable_log_color = 假
#详细错误客户端定义是否将特定错误(带有调试信息)发送到 frpc。默认情况下,此值为 true。
detailed_errors_to_client = 真
# authentication_method 指定使用哪种身份验证方法对 frpc 进行身份验证。
#如果指定了“令牌” - 令牌将被读入登录消息。
#如果指定了“oidc” - 将使用 OIDC 设置颁发 OIDC(开放 ID 连接)令牌。默认情况下,此值为“令牌”。
authentication_method = 令牌
# authenticate_heartbeats 指定是否在发送到 frps 的检测信号中包含身份验证令牌。默认情况下,此值为 false。
authenticate_heartbeats = 假
#AuthenticateNewWorkConns 指定是否在发送到 frps 的新工作连接中包含身份验证令牌。默认情况下,此值为 false。
authenticate_new_work_conns = 假
# 身份验证令牌
令牌 = 12345678
# oidc_issuer 指定要验证 OIDC 令牌的颁发者。
#默认情况下,此值为 “”。
oidc_issuer =
# oidc_audience 指定 OIDC 令牌在验证时应包含的受众。
#默认情况下,此值为 “”。
oidc_audience =
# oidc_skip_expiry_check 指定是否跳过检查 OIDC 令牌是否过期。
#默认情况下,此值为 false。
oidc_skip_expiry_check = 假
# oidc_skip_issuer_check 指定是否跳过检查 OIDC 令牌的颁发者声明是否与 OidcIssuer 中指定的颁发者匹配。
#默认情况下,此值为 false。
oidc_skip_issuer_check = 假
# 心跳配置,不建议修改默认值
# heartbeat_timeout的默认值为 90。设置负值以禁用它。
# heartbeat_timeout = 90
# user_conn_timeout配置,不建议修改默认值
# user_conn_timeout默认值为10
# user_conn_timeout = 10
# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
allow_ports = 2000-3000,3001,3003,4000-50000
# 如果每个代理中的pool_count超过最大值,它们将更改为max_pool_count
max_pool_count = 5
# 每个客户端可以使用的最大端口数,默认值为 0 表示无限制
max_ports_per_client = 0
# tls_only 指定是否只接受 TLS 加密的连接。默认情况下,该值为 false。
tls_only = 假
# tls_cert_file = server.crt
# tls_key_file = 服务器.key
# tls_trusted_ca_file = ca.crt
# 如果subdomain_host不为空,则可以在 frpc 的配置文件中键入 http 或 https 时设置子域
# 当子域为测试时,路由使用的主机 test.frps.com
subdomain_host = frps.com
# 如果使用 tcp 流多路复用,则默认值为 true
# tcp_mux = 真
# 指定 tcp 多路复用器的保持活动间隔。
# 仅当tcp_mux为真时才有效。
# tcp_mux_keepalive_interval = 60
# tcp_keepalive 指定 frpc 和 frps 之间活动网络连接的保持活动探测器之间的时间间隔。
#如果为阴性,则禁用保持活动状态的探测器。
# tcp_keepalive = 7200
# HTTP请求的自定义404页面
# custom_404_page = /path/to/404.html
# 指定 udp 数据包大小,单位为字节。如果未设置,则默认值为 1500。
#客户端和服务器之间的此参数应相同。
#它会影响 udp 和 sudp 代理。
udp_packet_size = 1500
#在仪表板侦听器中启用 golang pprof 处理程序。
#必须首先设置仪表板端口
pprof_enable = 假
[插件.用户管理器]
地址 = 127.0.0.1:9000
路径 = /处理程序
操作 = 登录
[plugin.port-manager]
地址 = 127.0.0.1:9001
路径 = /处理程序
ops = NewProxy
# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single "server_addr" field, no need square brackets, like "server_addr = ::".
server_addr = 0.0.0.0
server_port = 7000
# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.
# dial_server_timeout = 10
# dial_server_keepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
# If negative, keep-alive probes are disabled.
# dial_server_keepalive = 7200
# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set http_proxy here or in global environment variables
# it only works when protocol is tcp
# http_proxy = http://user:passwd@192.168.1.128:8080
# http_proxy = socks5://user:passwd@192.168.1.128:1080
# http_proxy = ntlm://user:passwd@192.168.1.128:2080
# console or real logFile path like ./frpc.log
log_file = ./frpc.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3
# disable log colors when log_file is console, default is false
disable_log_color = false
# for authentication, should be same as your frps.ini
# authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
authenticate_heartbeats = false
# authenticate_new_work_conns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
authenticate_new_work_conns = false
# auth token
token = 12345678
# oidc_client_id specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
# By default, this value is "".
oidc_client_id =
# oidc_client_secret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
# By default, this value is "".
oidc_client_secret =
# oidc_audience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
oidc_audience =
# oidc_token_endpoint_url specifies the URL which implements OIDC Token Endpoint.
# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
oidc_token_endpoint_url =
# oidc_additional_xxx specifies additional parameters to be sent to the OIDC Token Endpoint.
# For example, if you want to specify the "audience" parameter, you can set as follow.
# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
# oidc_additional_audience = https://dev.auth.com/api/v2/
# oidc_additional_var1 = foobar
# set admin address for control frpc's action by http api such as reload
admin_addr = 127.0.0.1
admin_port = 7400
admin_user = admin
admin_pwd = admin
# Admin assets directory. By default, these assets are bundled with frpc.
# assets_dir = ./static
# connections will be established in advance, default value is zero
pool_count = 5
# if tcp stream multiplexing is used, default is true, it must be same with frps
# tcp_mux = true
# specify keep alive interval for tcp mux.
# only valid if tcp_mux is true.
# tcp_mux_keepalive_interval = 60
# your proxy name will be changed to {user}.{proxy}
user = your_name
# decide if exit program when first login failed, otherwise continuous relogin to frps
# default is true
login_fail_exit = true
# communication protocol used to connect to server
# now it supports tcp, kcp and websocket, default is tcp
protocol = tcp
# set client binding ip when connect server, default is empty.
# only when protocol = tcp or websocket, the value will be used.
connect_server_local_ip = 0.0.0.0
# if tls_enable is true, frpc will connect frps by tls
tls_enable = true
# tls_cert_file = client.crt
# tls_key_file = client.key
# tls_trusted_ca_file = ca.crt
# tls_server_name = example.com
# specify a dns server, so frpc will use this instead of default one
# dns_server = 8.8.8.8
# proxy names you want to start separated by ','
# default is empty, means all proxies
# start = ssh,dns
# heartbeat configure, it's not recommended to modify the default value
# The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value
# to disable it.
# heartbeat_interval = 30
# heartbeat_timeout = 90
# additional meta info for client
meta_var1 = 123
meta_var2 = 234
# specify udp packet size, unit is byte. If not set, the default value is 1500.
# This parameter should be same between client and server.
# It affects the udp and sudp proxy.
udp_packet_size = 1500
# include other config files for proxies.
# includes = ./confd/*.ini
# By default, frpc will connect frps with first custom byte if tls is enabled.
# If DisableCustomTLSFirstByte is true, frpc will not send that custom byte.
disable_custom_tls_first_byte = false
# Enable golang pprof handlers in admin listener.
# Admin port must be set first.
pprof_enable = false
# 'ssh' is the unique proxy name
# if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
[ssh]
# tcp | udp | http | https | stcp | xtcp, default is tcp
type = tcp
local_ip = 127.0.0.1
local_port = 22
# limit bandwidth for this proxy, unit is KB and MB
bandwidth_limit = 1MB
# true or false, if true, messages between frps and frpc will be encrypted, default is false
use_encryption = false
# if true, message will be compressed
use_compression = false
# remote port listen by frps
remote_port = 6001
# frps will load balancing connections for proxies in same group
group = test_group
# group should have same group key
group_key = 123456
# enable health check for the backend service, it support 'tcp' and 'http' now
# frpc will connect local service's port to detect it's healthy status
health_check_type = tcp
# health check connection timeout
health_check_timeout_s = 3
# if continuous failed in 3 times, the proxy will be removed from frps
health_check_max_failed = 3
# every 10 seconds will do a health check
health_check_interval_s = 10
# additional meta info for each proxy
meta_var1 = 123
meta_var2 = 234
[ssh_random]
type = tcp
local_ip = 127.0.0.1
local_port = 22
# if remote_port is 0, frps will assign a random port for you
remote_port = 0
# if you want to expose multiple ports, add 'range:' prefix to the section name
# frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on.
[range:tcp_port]
type = tcp
local_ip = 127.0.0.1
local_port = 6010-6020,6022,6024-6028
remote_port = 6010-6020,6022,6024-6028
use_encryption = false
use_compression = false
[dns]
type = udp
local_ip = 114.114.114.114
local_port = 53
remote_port = 6002
use_encryption = false
use_compression = false
[range:udp_port]
type = udp
local_ip = 127.0.0.1
local_port = 6010-6020
remote_port = 6010-6020
use_encryption = false
use_compression = false
# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
[web01]
type = http
local_ip = 127.0.0.1
local_port = 80
use_encryption = false
use_compression = true
# http username and password are safety certification for http protocol
# if not set, you can access this custom_domains without certification
http_user = admin
http_pwd = admin
# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
subdomain = web01
custom_domains = web01.yourdomain.com
# locations is only available for http type
locations = /,/pic
host_header_rewrite = example.com
# params with prefix "header_" will be used to update http request headers
header_X-From-Where = frp
health_check_type = http
# frpc will send a GET http request '/status' to local http service
# http service is alive when it return 2xx http response code
health_check_url = /status
health_check_interval_s = 10
health_check_max_failed = 3
health_check_timeout_s = 3
[web02]
type = https
local_ip = 127.0.0.1
local_port = 8000
use_encryption = false
use_compression = false
subdomain = web01
custom_domains = web02.yourdomain.com
# if not empty, frpc will use proxy protocol to transfer connection info to your local service
# v1 or v2 or empty
proxy_protocol_version = v2
[plugin_unix_domain_socket]
type = tcp
remote_port = 6003
# if plugin is defined, local_ip and local_port is useless
# plugin will handle connections got from frps
plugin = unix_domain_socket
# params with prefix "plugin_" that plugin needed
plugin_unix_path = /var/run/docker.sock
[plugin_http_proxy]
type = tcp
remote_port = 6004
plugin = http_proxy
plugin_http_user = abc
plugin_http_passwd = abc
[plugin_socks5]
type = tcp
remote_port = 6005
plugin = socks5
plugin_user = abc
plugin_passwd = abc
[plugin_static_file]
type = tcp
remote_port = 6006
plugin = static_file
plugin_local_path = /var/www/blog
plugin_strip_prefix = static
plugin_http_user = abc
plugin_http_passwd = abc
[plugin_https2http]
类型 =
custom_domains = test.yourdomain.com
plugin = https2http
plugin_local_addr = 127.0.0.1:80
plugin_crt_path = ./server.crt
plugin_key_path = ./服务器.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-从何处 = frp
[plugin_https2https]
类型 =
custom_domains = test.yourdomain.com
plugin = https2https
plugin_local_addr = 127.0.0.1:443
plugin_crt_path = ./server.crt
plugin_key_path = ./服务器.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-从何处 = frp
[plugin_http2https]
类型 = http
custom_domains = test.yourdomain.com
plugin = http2https
plugin_local_addr = 127.0.0.1:443
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-从何处 = frp
[secret_tcp]
#如果类型是秘密 tcp,则remote_port无用
#想要连接本地端口的人应该使用stcp代理部署另一个frpc,并且角色是访问者
类型 = stcp
# 用于访问者身份验证的 sk
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22
use_encryption = 假
use_compression = 假
# frpc 的用户在 stcp 服务器和 stcp 访问者中应相同
[secret_tcp_visitor]
# frpc 角色访问者 -> frps -> frpc 角色服务器
角色 = 访客
类型 = stcp
# 您要访问的服务器名称
server_name = secret_tcp
sk = abcdefg
# 将此地址连接到访客 stcp 服务器
bind_addr = 127.0.0.1
bind_port = 9000
use_encryption = 假
use_compression = 假
[p2p_tcp]
类型 = xtcp
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22
use_encryption = 假
use_compression = 假
[p2p_tcp_visitor]
角色 = 访客
类型 = xtcp
server_name = p2p_tcp
sk = abcdefg
bind_addr = 127.0.0.1
bind_port = 9001
use_encryption = 假
use_compression = 假
[tcpmuxhttpconnect]
type = tcpmux
多路复用器 = httpconnect
local_ip = 127.0.0.1
local_port = 10701
custom_domains