标签 内网穿透 下的文章
frp
https://github.com/fatedier/frp
现在组成方案:二级域名(外网ip)+路由器(lede)+frp
一键脚本安装
https://github.com/fatedier/frp/issues/1058
https://github.com/clangcn/onekey-install-shell/tree/master/frps
https://github.com/MvsCode/frp-onekey
https://github.com/fatedier/frp/blob/master/README_zh.md
(服务器安装路径/usr/local/frps) 服务器配置文件frps.ini
如下:
# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
bind_addr = 0.0.0.0
bind_port = 5443
# udp port used for kcp protocol, it can be same with 'bind_port'
# if not set, kcp is disabled in frps
kcp_bind_port = 5443
# if you want to configure or reload frps by dashboard, dashboard_port must be set
dashboard_port = 6443
# dashboard assets directory(only for debug mode)
dashboard_user = user
dashboard_pwd = mima
# assets_dir = ./static
# 设置域名(保证此域名可用)
subdomain_host = frp.domains.com
vhost_http_port = 81
vhost_https_port = 4433
# console or real logFile path like ./frps.log
log_file = ./frps.log
# debug, info, warn, error
log_level = info
log_max_days = 7
# privilege mode is the only supported mode since v0.10.0
privilege_token = tokenxxx
# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
#privilege_allow_ports = 1-65535
# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 50
# if tcp stream multiplexing is used, default is true
tcp_mux = true
以上配置的对应在路由器上OpenWrt R7.5.5 By Lean
客户端 Global Setting
如下:
Server:frp.domains.com
端口:5443
Privilege Token:tokenxxx
HTTP穿透服务端口:81
HTTPS穿透服务端口:4433
服务注册间隔:50
上面服务器配置对应在路由器文件路径:/var/etc/frp(进SSH) frpc.conf
[common]
server_addr=frp.domains.com
server_port=5443
privilege_token=tokenxxx
log_level=info
log_max_days=3
protocol=tcp
log_file=/var/etc/frp/frpc.log
tcp_mux=true
login_fail_exit=false
[frp]
type=http
custom_domains=xx.domains.com
local_ip=192.168.1.1
local_port=80
use_encryption=true
use_compression=true
以上[frp]为一个frp服务列表type=http
(https作者还没解决,有点问题,可以nginx代理即可)
访问web
web frp控制台
根据服务器配置信息如下:
dashboard_port = 6443
dashboard_user = user
dashboard_pwd = mima
即是frp.domains.com:6443 账号user密码mima,进入web控制台
https处理:
在frp.domains.com.conf
配置文件上设置代理:
map $http_x_forwarded_for $clientRealip {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
server {
listen 80;
listen 443 ssl http2;
...
location / {
proxy_pass http://127.0.0.1:6443; #此处的6443就是你安装frp时设置的dashboard_port端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $clientRealip; # $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
...
即可使用https://frp.domains.com访问
外网访问内网
根据配置信息如下
服务器上配置信息
...
vhost_http_port = 81
...
客户端配置信息
[frp]
type=http
custom_domains=xx.domains.com
local_ip=192.168.1.1
local_port=80
use_encryption=true
use_compression=true
这里使用的是http,因为作者似乎还没解决https 502问题
http访问:xx.domains.com:81即可
https处理:
在xx.domains.com.conf
配置文件上设置代理:
map $http_x_forwarded_for $clientRealip {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
server {
listen 80;
listen 443 ssl http2;
...
location / {
proxy_pass http://127.0.0.1:81; #此处的,81(4433)就是你安装frp时设置的vhost_http(s)_port端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $clientRealip; # $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
...
即可使用https://xx.domains.com访问192.168.1.1
frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp, udp, http, https 协议。
使用内网穿透工具frp
做了简单的完善和补充
FRP内网穿透工具
free frp
https://www.chuantou.org/
https://diannaobos.com/frp/
http://frp.xxorg.com/
服务器设置
[frpc穿透] 【填坑完毕】内网穿透利器Frp一键安装脚本及设置教程
一键安装onekey-install-shell
下载
wget https://github.com/fatedier/frp/releases/download/v0.16.0/frp_0.16.0_linux_386.tar.gz
解压
tar zxvf frp_0.16.0_linux_386.tar.gz
重命名
mv frp_0.16.0_linux_386 frps
设置frps守护脚本
cd frps
vi start_frps.sh
#!/bin/sh
check(){
pidof frpc > /dev/null 2>&1
if [ $? -ne 0 ]; then
/etc/frpc/frpc -c /etc/frpc/frpc.ini &
fi
}
while true
do
sleep 1
check
done
赋予权限
chmod +x frps frps.ini frps.log start_frps.sh
在/etc/rc.local文件的exit 0前加入下面两行代码
/etc/frpc/frpc -c /etc/frpc/frpc.ini &
/etc/frpc/start_frpc.sh &
Https 代理模式对证书的处理可能有问题未解决
frp端口映射穿透内网
[frpc穿透] 【已解决】求助,frpc穿透https无法使用
FRP客户端和服务端在CentOS7中设置开机启动
有办法让 frp 和 nginx 共存一起用 80 端口吗?
Frp内网穿透配置
【分享】通过frp自建远程桌面连接,彻底告别TeamViewer && 来自此处 1
frp 与 K3
VPS
https://github.com/MvsCode/frps-onekey
/usr/local/frps
/usr/local/frps/frps.ini
# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
bind_addr = 0.0.0.0
bind_port = 5443
# udp port used for kcp protocol, it can be same with 'bind_port'
# if not set, kcp is disabled in frps
kcp_bind_port = 5443
# if you want to configure or reload frps by dashboard, dashboard_port must be set
dashboard_port = 6443
# dashboard assets directory(only for debug mode)
dashboard_user = user
dashboard_pwd = pass
# assets_dir = ./static
vhost_http_port = 81
vhost_https_port = 4433
# console or real logFile path like ./frps.log
log_file = ./frps.log
# debug, info, warn, error
log_level = info
log_max_days = 3
# auth token
token = vpstoken
# It is convenient to use subdomain configure for http、https type when many people use one frps server together.
subdomain_host = xx.xx.com
# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
#allow_ports = 1-65535
# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 50
# if tcp stream multiplexing is used, default is true
tcp_mux = true
Usage: /etc/init.d/frps {start|stop|restart|status|config|version}
/etc/sysconfig/iptables:
# Generated by iptables-save v1.4.21 on Mon Apr 22 12:00:12 2019
*filter
:INPUT DROP [2:80]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [83:21224]
:syn-flood - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 81 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4433 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6443 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
COMMIT
# Completed on Mon Apr 22 12:00:12 2019
/usr/local/nginx/conf/vhost/xx.conf
map $http_x_forwarded_for $clientRealip {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /usr/local/nginx/conf/ssl/xx.xx.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/xx.xx.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name xx.xx.com;
access_log /data/wwwlogs/xx.xx.com_nginx.log combined;
index index.html index.htm index.php;
root /data/wwwroot/xx.x.cxom;
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
include /usr/local/nginx/conf/rewrite/other.conf;
#error_page 404 /404.html;
#error_page 502 /502.html;
location / {
proxy_pass http://127.0.0.1:81; #此处的6443就是你安装frp时设置的dashboard_port端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $clientRealip; # $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
# valid_referers none blocked *.xx.com x.xxx.com;
# if ($invalid_referer) {
# return 403;
# }
# }
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
# location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
# expires 30d;
# access_log off;
# }
# location ~ .*\.(js|css)?$ {
# expires 7d;
# access_log off;
# }
location ~ /\.ht {
deny all;
}
}
K3
远程管理,远程端口:81, 允许IP:255.255.255.255
FRP设置:
#frp.jsxz.cf是免费提供的frp服务器,如果需要使用,请修改下面两处的“test”为你的名称,比如"hello"
#然后可以通过http://hello.jsxz.cf访问你的设备
#如果无法正常使用,请更改名称,注意名称不能和别人重复
[common]
server_addr = xx.xx.com
server_port = 5443
token = vpstoken
user = user
[web]
type = http
local_port = 80
subdomain = home
#端口转发示例,去除下面每行前面的"#"并修改remote_port,注意remote_port不能和别人重复,否则无法正常启用
#[ssh]
#type = tcp
#local_ip = 127.0.0.1
#local_port = 22
#remote_port = 6000
[frp]
type=http
custom_domains=xx.xx.com
local_ip=192.168.2.1
local_port=80
use_encryption=true
use_compression=true
end