https://github.com/fatedier/frp

现在组成方案:二级域名(外网ip)+路由器(lede)+frp

一键脚本安装

https://github.com/fatedier/frp/issues/1058
https://github.com/clangcn/onekey-install-shell/tree/master/frps
https://github.com/MvsCode/frp-onekey

https://github.com/fatedier/frp/blob/master/README_zh.md

(服务器安装路径/usr/local/frps) 服务器配置文件frps.ini 如下:

# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
bind_addr = 0.0.0.0
bind_port = 5443
# udp port used for kcp protocol, it can be same with 'bind_port'
# if not set, kcp is disabled in frps
kcp_bind_port = 5443
# if you want to configure or reload frps by dashboard, dashboard_port must be set
dashboard_port = 6443
# dashboard assets directory(only for debug mode)
dashboard_user = user
dashboard_pwd = mima
# assets_dir = ./static

# 设置域名(保证此域名可用)
subdomain_host = frp.domains.com

vhost_http_port = 81
vhost_https_port = 4433
# console or real logFile path like ./frps.log
log_file = ./frps.log
# debug, info, warn, error
log_level = info
log_max_days = 7
# privilege mode is the only supported mode since v0.10.0
privilege_token = tokenxxx
# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
#privilege_allow_ports = 1-65535
# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 50
# if tcp stream multiplexing is used, default is true
tcp_mux = true

以上配置的对应在路由器上OpenWrt R7.5.5 By Lean客户端 Global Setting如下:

Server:frp.domains.com
端口:5443
Privilege Token:tokenxxx 
HTTP穿透服务端口:81
HTTPS穿透服务端口:4433
服务注册间隔:50

上面服务器配置对应在路由器文件路径:/var/etc/frp(进SSH) frpc.conf

[common]
server_addr=frp.domains.com
server_port=5443
privilege_token=tokenxxx
log_level=info
log_max_days=3
protocol=tcp
log_file=/var/etc/frp/frpc.log
tcp_mux=true
login_fail_exit=false

[frp]
type=http
custom_domains=xx.domains.com
local_ip=192.168.1.1
local_port=80
use_encryption=true
use_compression=true

以上[frp]为一个frp服务列表type=http(https作者还没解决,有点问题,可以nginx代理即可)

frp https 服务

访问web

web frp控制台

根据服务器配置信息如下:

dashboard_port = 6443
dashboard_user = user
dashboard_pwd = mima

即是frp.domains.com:6443 账号user密码mima,进入web控制台

https处理:

frp.domains.com.conf配置文件上设置代理:

map $http_x_forwarded_for $clientRealip {
   "" $remote_addr;
   ~^(?P<firstAddr>[0-9\.]+),?.*$  $firstAddr;
}
server {
  listen 80;
  listen 443 ssl http2;
...
location / {
           proxy_pass http://127.0.0.1:6443;  #此处的6443就是你安装frp时设置的dashboard_port端口
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $clientRealip;  # $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
...

即可使用https://frp.domains.com访问

外网访问内网

根据配置信息如下
服务器上配置信息

...
vhost_http_port = 81
...

客户端配置信息

[frp]
    type=http
    custom_domains=xx.domains.com
    local_ip=192.168.1.1
    local_port=80
    use_encryption=true
    use_compression=true

这里使用的是http,因为作者似乎还没解决https 502问题
http访问:xx.domains.com:81即可

https处理:

xx.domains.com.conf配置文件上设置代理:

map $http_x_forwarded_for $clientRealip {
   "" $remote_addr;
   ~^(?P<firstAddr>[0-9\.]+),?.*$  $firstAddr;
}
server {
  listen 80;
  listen 443 ssl http2;
...
  location / {
           proxy_pass http://127.0.0.1:81;  #此处的,81(4433)就是你安装frp时设置的vhost_http(s)_port端口
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $clientRealip;  # $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
...

即可使用https://xx.domains.com访问192.168.1.1

frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp, udp, http, https 协议。
使用内网穿透工具frp
做了简单的完善和补充
FRP内网穿透工具

free frp

https://www.chuantou.org/
https://diannaobos.com/frp/
http://frp.xxorg.com/

服务器设置

[frpc穿透] 【填坑完毕】内网穿透利器Frp一键安装脚本及设置教程
一键安装onekey-install-shell
下载

wget https://github.com/fatedier/frp/releases/download/v0.16.0/frp_0.16.0_linux_386.tar.gz

解压

tar zxvf frp_0.16.0_linux_386.tar.gz

重命名

 mv frp_0.16.0_linux_386 frps

设置frps守护脚本

cd frps

vi start_frps.sh

#!/bin/sh
check(){
    pidof frpc  > /dev/null 2>&1
    if [ $? -ne 0 ]; then
          /etc/frpc/frpc -c /etc/frpc/frpc.ini &  
        fi
}
while true
      do 
      sleep 1
      check 
      done

赋予权限

chmod +x frps frps.ini frps.log start_frps.sh

在/etc/rc.local文件的exit 0前加入下面两行代码

/etc/frpc/frpc -c /etc/frpc/frpc.ini &
/etc/frpc/start_frpc.sh &

Https 代理模式对证书的处理可能有问题未解决
frp端口映射穿透内网
[frpc穿透] 【已解决】求助,frpc穿透https无法使用
FRP客户端和服务端在CentOS7中设置开机启动
有办法让 frp 和 nginx 共存一起用 80 端口吗?
Frp内网穿透配置
【分享】通过frp自建远程桌面连接,彻底告别TeamViewer && 来自此处 1

frp 与 K3

VPS

https://github.com/MvsCode/frps-onekey

/usr/local/frps

/usr/local/frps/frps.ini

# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
bind_addr = 0.0.0.0
bind_port = 5443
# udp port used for kcp protocol, it can be same with 'bind_port'
# if not set, kcp is disabled in frps
kcp_bind_port = 5443
# if you want to configure or reload frps by dashboard, dashboard_port must be set
dashboard_port = 6443
# dashboard assets directory(only for debug mode)
dashboard_user = user
dashboard_pwd = pass
# assets_dir = ./static
vhost_http_port = 81
vhost_https_port = 4433
# console or real logFile path like ./frps.log
log_file = ./frps.log
# debug, info, warn, error
log_level = info
log_max_days = 3
# auth token
token = vpstoken
# It is convenient to use subdomain configure for http、https type when many people use one frps server together.
subdomain_host = xx.xx.com
# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
#allow_ports = 1-65535
# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 50
# if tcp stream multiplexing is used, default is true
tcp_mux = true

Usage: /etc/init.d/frps {start|stop|restart|status|config|version}

/etc/sysconfig/iptables:

# Generated by iptables-save v1.4.21 on Mon Apr 22 12:00:12 2019
*filter
:INPUT DROP [2:80]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [83:21224]
:syn-flood - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 81 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4433 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6443 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
COMMIT
# Completed on Mon Apr 22 12:00:12 2019

/usr/local/nginx/conf/vhost/xx.conf

map $http_x_forwarded_for $clientRealip {
   "" $remote_addr;
   ~^(?P<firstAddr>[0-9\.]+),?.*$  $firstAddr;
}
server {
  listen 80;
  listen 443 ssl http2;
  ssl_certificate /usr/local/nginx/conf/ssl/xx.xx.com.crt;
  ssl_certificate_key /usr/local/nginx/conf/ssl/xx.xx.com.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name xx.xx.com;
  access_log /data/wwwlogs/xx.xx.com_nginx.log combined;
  index index.html index.htm index.php;
  root /data/wwwroot/xx.x.cxom;
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
  
  include /usr/local/nginx/conf/rewrite/other.conf;
  #error_page 404 /404.html;
  #error_page 502 /502.html;
  location / {
    proxy_pass http://127.0.0.1:81;  #此处的6443就是你安装frp时设置的dashboard_port端口
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $clientRealip;  # $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
# location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
#   valid_referers none blocked *.xx.com x.xxx.com;
#   if ($invalid_referer) {
#       return 403;
#   }
# }
  location ~ [^/]\.php(/|$) {
    #fastcgi_pass remote_php_ip:9000;
    fastcgi_pass unix:/dev/shm/php-cgi.sock;
    fastcgi_index index.php;
    include fastcgi.conf;
  }

# location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
#   expires 30d;
#   access_log off;
# }
# location ~ .*\.(js|css)?$ {
#   expires 7d;
#   access_log off;
# }
  location ~ /\.ht {
    deny all;
  }
}

K3

远程管理,远程端口:81, 允许IP:255.255.255.255

FRP设置:

#frp.jsxz.cf是免费提供的frp服务器,如果需要使用,请修改下面两处的“test”为你的名称,比如"hello"
#然后可以通过http://hello.jsxz.cf访问你的设备
#如果无法正常使用,请更改名称,注意名称不能和别人重复
[common]
server_addr = xx.xx.com
server_port = 5443
token = vpstoken
user = user

[web]
type = http
local_port = 80
subdomain = home
#端口转发示例,去除下面每行前面的"#"并修改remote_port,注意remote_port不能和别人重复,否则无法正常启用
#[ssh]
#type = tcp
#local_ip = 127.0.0.1
#local_port = 22
#remote_port = 6000


[frp]
type=http
custom_domains=xx.xx.com
local_ip=192.168.2.1
local_port=80
use_encryption=true
use_compression=true


end

标签:frp, 内网穿透, 反向代理, 远程

你的评论