为了某些特殊的用途,就研究了下内网穿透
内网穿透软件常用的也就两个,一个ngrok和本文将要介绍的frp。
本来是在折腾ngrok的,然而,博主耐心有限,这玩意配置起来又费劲,然后就转向了frp。
Github:https://github.com/fatedier/frp
博主使用的是0.25.3版本,可能已有新版本发布,请关注作者的Github。
wget https://github.com/fatedier/frp/releases/download/v0.25.3/frp_0.25.3_linux_amd64.tar.gz gunzip -zxf frp*
内网穿透呢,用处于内网或防火墙后的机器,对外网环境提供 http 、https以及TCP转发服务。
对于 http, https 服务支持基于域名的虚拟主机,支持自定义域名绑定,使多个域名可以共用一个80端口。
利用处于内网或防火墙后的机器,对外网环境提供 tcp 和 udp 服务,例如在家里通过 ssh 访问处于公司内网环境内的主机。
重头戏来了
准备:一台有外网ip的服务器/有公网的宽带也ok、域名一个(不需要web服务可以忽略)、一台处在内网状态下的设备(软路由、电脑、终端)
过程:
①登录服务器(或着处于公网状态的设备),部署frp。此处以Centos7为例。
②通过ssh登录服务器,复制上文的代码内容。完成后,ssh执行 cd frp* 进入解压后目录
③观察文件列表,找到frps.ini这是他的服务端配置文件,可以根据同目录下的frps_full.ini选择性的添加参数。其实默认的就可以了,如果有特殊需要,请酌情添加。
/**************************以下仅给出部分配置文件***************************/
# [common] is integral section [common] # A literal address or host name for IPv6 must be enclosed # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" bind_addr = 0.0.0.0 bind_port = 7000 # udp port to help make udp hole to penetrate nat bind_udp_port = 7001 # udp port used for kcp protocol, it can be same with 'bind_port' # if not set, kcp is disabled in frps kcp_bind_port = 7000 # specify which address proxy will listen for, default value is same with bind_addr # proxy_bind_addr = 127.0.0.1 # if you want to support virtual host, you must set the http port for listening (optional) # Note: http port and https port can be same with bind_port vhost_http_port = 80 vhost_https_port = 443 # response header timeout(seconds) for vhost http server, default is 60s # vhost_http_timeout = 60 # set dashboard_addr and dashboard_port to view dashboard of frps # dashboard_addr's default value is same with bind_addr # dashboard is available only if dashboard_port is set dashboard_addr = 0.0.0.0 dashboard_port = 7500 //这里是web面板的端口号 # 用户面板相关配置,不填默认为 用户名密码均为admin dashboard_user = admin dashboard_pwd = admin # dashboard assets directory(only for debug mode) # assets_dir = ./static # 日志文件路径./frps.log log_file = ./frps.log # trace, debug, info, warn, error //日志等级,非调试设不设置好像没啥用 log_level = info log_max_days = 3 # 授权验证码。如开启配置需要在客户端配置中填写auth_token/token字段 token = 12345678 # heartbeat configure, it's not recommended to modify the default value # the default value of heartbeat_timeout is 90 # heartbeat_timeout = 90 allow_ports = 2000-3000,3001,3003,4000-50000 //允许客户端远程转发端口
④启动方法:./frps -c ./frps.ini
⑤推荐开启web面板
⑥客户端配置(软路由,固件已装好的那种,嘿嘿,这里就不想洗说明如何安装了)
/**************************以下仅给出部分配置文件***************************/
# [common] is integral section [common] # A literal address or host name for IPv6 must be enclosed # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" server_addr = 0.0.0.0 //服务端公网IP地址 server_port = 7000 // 服务端端口号 # if you want to connect frps by http proxy or socks5 proxy, you can set http_proxy here or in global environment variables # it only works when protocol is tcp # http_proxy = http://user:[email protected]:8080 # http_proxy = socks5://user:[email protected]:1080 # console or real logFile path like ./frpc.log log_file = ./frpc.log # trace, debug, info, warn, error log_level = info log_max_days = 3 # for authentication//这里如果配置了需要准确填写,不然无法与公网服务器通信
token = 12345678 #以下仅写出配置ssh转发过程
| [ssh] | |
| type = tcp | |
| local_ip = 127.0.0.1 //本地ip地址(或者已确定的内网IP地址 | |
| local_port = 22 //本地服务端口号 | |
| # if remote_port is 0, frps will assign a random port for you | |
| remote_port = 0 //远程端口号,为0服务器随机分配(参照服务端配置文件中的allow_ports字段) |
⑦启动客户端程序 ./frpc -c ./frpc.ini
⑧登录仪表板,查看统计信息 默认地址为: http://YourAddress:7500/
客户端数量+1说明成功了。
记录就到这里,祝大家玩的开心;
发表评论