Frp的簡(jiǎn)單理解與執(zhí)行的前提條件
有設(shè)備A,想訪問(wèn)處于局域網(wǎng)的設(shè)備C時(shí),可以通過(guò)處在公網(wǎng)的設(shè)備B進(jìn)行轉(zhuǎn)發(fā)
前提條件:一個(gè)有公網(wǎng)IP的電腦,云服務(wù)器、有公網(wǎng)IPV4/6的設(shè)備均可,如果使用ipv6模式,那么設(shè)備BC都必須支持ipv6才行,ipv6地址除了bind_addr和server_addr,都要用[]括起來(lái)
本文基于:v0.48.0版本
官網(wǎng): 官網(wǎng)地址
Girhub:Github地址,windows下載amd64版本就行,386是x86
服務(wù)器端(有公網(wǎng)IP的電腦)最簡(jiǎn)易配置
frps.ini(//注釋請(qǐng)刪掉)
[common]
bind_addr = 0.0.0.0//監(jiān)聽(tīng)地址,默認(rèn)0.0.0.0就行
bind_port = 7000//frps與frpc交互用的端口,記得打開(kāi)防火墻
新建一個(gè)Start.bat,內(nèi)容:fprs -c frps.ini
雙擊就可以啟動(dòng)
客戶端(內(nèi)網(wǎng)電腦)最簡(jiǎn)易配置
frpc.ini(//注釋請(qǐng)刪掉)
[common]
server_addr = 114.514.191.981//服務(wù)器的公網(wǎng)ip,網(wǎng)址也行
server_port = 7000//frps與frpc交互用的端口,記得打開(kāi)防火墻
[test]//隨便起個(gè)隧道名字,支持中文
local_ip = 127.0.0.1//被訪問(wèn)的IP
local_port = 3389//被訪問(wèn)的端口,3389就是遠(yuǎn)程桌面端口
remote_port = 7100//監(jiān)聽(tīng)端口,當(dāng)frps的這個(gè)端口收到請(qǐng)求后,會(huì)轉(zhuǎn)發(fā)到上面的127.0.0.1:3389里
//frpc告訴服務(wù)端的frps,你收到7100端口的東西發(fā)到我127.0.0.1的3389端口里
//端口批量映射需要隧道名以range:開(kāi)頭,用1000-1010格式,,分隔
//可同時(shí)轉(zhuǎn)發(fā)多個(gè),配置同上
[test2]
...
...
新建一個(gè)Start.bat,內(nèi)容:fprc -c frpc.ini
雙擊就可以啟動(dòng)
自此,配置完成,其中的端口記得在防火墻入站規(guī)則里打開(kāi),或者給exe加上防火墻入站規(guī)則也行
進(jìn)階配置(多了些常用參數(shù))
frps.ini
[common]
bind_addr = 0.0.0.0//監(jiān)聽(tīng)地址,默認(rèn)0.0.0.0就行
bind_port = 7000//frps與frpc交互用的端口,記得打開(kāi)防火墻
token = 12345678//設(shè)置token
log_file = ./frps.log//日志路徑
log_level = info//日志級(jí)別:trace(追蹤), debug(調(diào)試), info(信息), warn(警告), error(錯(cuò)誤)
log_max_days = 3//日志保存天數(shù)
max_pool_count = 5//連接池?cái)?shù)量,如果有很多鏈接最好弄高點(diǎn),默認(rèn)5
//后臺(tái)儀表盤,登錄后可查看frp狀態(tài)
dashboard_addr = 0.0.0.0//監(jiān)聽(tīng)IP
dashboard_port = 7500//監(jiān)聽(tīng)端口
dashboard_user = admin//登錄賬號(hào)
dashboard_pwd = admin//登錄密碼
//HTTP協(xié)議
vhost_http_port = 80//監(jiān)聽(tīng)http協(xié)議的端口,可以與bind_port相同
vhost_https_port = 443//監(jiān)聽(tīng)https協(xié)議的端口,可以與bind_port相同
vhost_http_timeout = 60//http協(xié)議超時(shí)時(shí)間(秒)
frpc.ini
[common]
server_addr = 114.514.191.981//服務(wù)器的公網(wǎng)ip,網(wǎng)址也行
server_port = 7000//frps與frpc交互用的端口,記得打開(kāi)防火墻
token = 12345678//設(shè)置token,對(duì)應(yīng)frps
log_file = ./frps.log//日志路徑
log_level = info//日志級(jí)別:trace(追蹤), debug(調(diào)試), info(信息), warn(警告), error(錯(cuò)誤)
log_max_days = 3//日志保存天數(shù)
[test]
type = tcp//連接類型,tcp | udp | http | https | stcp | xtcp//默認(rèn)TCP
local_ip = 127.0.0.1//被訪問(wèn)的IP
local_port = 3389//被訪問(wèn)的端口
remote_port = 7100//監(jiān)聽(tīng)的服務(wù)器端的端口
use_encryption = true//是否加密信息
use_compression = true//是否壓縮信息
bandwidth_limit = 1MB//限制該隧道的帶寬,單位為KB或MB
bandwidth_limit_mode = client//限制帶寬的位置,client或server,默認(rèn)client(服務(wù)端)
相對(duì)完整配置(基本用不上)
frps.ini
[common]bind_addr = 0.0.0.0//[必填]服務(wù)器IP,0.0.0.0表示監(jiān)聽(tīng)所有,支持ipv6
bind_port = 7000//[必填]frps與frpc交互的端口(與你轉(zhuǎn)發(fā)的端口無(wú)關(guān))bind_udp_port = 7001//UDP協(xié)議監(jiān)聽(tīng)端口
kcp_bind_port = 7000//KPC協(xié)議的UDP監(jiān)聽(tīng)端口
//QUIC協(xié)議的UDP設(shè)置
quic_bind_port = 7002//監(jiān)聽(tīng)的端口,想使用必填
quic_keepalive_period = 10//有效期
quic_max_idle_timeout = 30//最大超時(shí)時(shí)間
quic_max_incoming_streams = 100000//最大傳輸流?
//網(wǎng)絡(luò)代理
proxy_bind_addr = 127.0.0.1//代理的監(jiān)聽(tīng)地址
//HTTP協(xié)議
vhost_http_port = 80//監(jiān)聽(tīng)http協(xié)議的端口,可以與bind_port相同
vhost_https_port = 443//監(jiān)聽(tīng)https協(xié)議的端口,可以與bind_port相同
vhost_http_timeout = 60//http協(xié)議超時(shí)時(shí)間(秒)//?
tcpmux_httpconnect_port = 1337//監(jiān)聽(tīng)TPC Http請(qǐng)求,默認(rèn)0,如果是0,將不會(huì)監(jiān)聽(tīng)
tcpmux_passthrough = false//如果是true,不會(huì)對(duì)流量進(jìn)行更新
//后臺(tái)儀表盤,查看frp狀態(tài)
dashboard_addr = 0.0.0.0//監(jiān)聽(tīng)I(yíng)P
dashboard_port = 7500//監(jiān)聽(tīng)端口
dashboard_user = admin//登錄賬號(hào)
dashboard_pwd = admin//登錄密碼
dashboard_tls_mode = false//是都開(kāi)啟儀表盤的tls模式(Https)dashboard_tls_cert_file = server.crt//Https需要的crt
dashboard_tls_key_file = server.key//Https需要的key
pprof_enable = false//在儀表盤中是否啟用golang-proff處理程序
//內(nèi)部監(jiān)控,使用Dashboard(后臺(tái)儀表盤)的地址
enable_prometheus = true//可通過(guò) http://后臺(tái)儀表盤的IP和端口/metrics 進(jìn)行訪問(wèn)
assets_dir = ./static//后臺(tái)儀表盤資源目錄(僅限debug模式)
//日志
log_file = ./frps.log//日志路徑
log_level = info//日志級(jí)別:trace(追蹤), debug(調(diào)試), info(信息), warn(警告), error(錯(cuò)誤)
log_max_days = 3//日志保存天數(shù)
disable_log_color = false//當(dāng)log_file為控制臺(tái)時(shí)禁用日志顏色,默認(rèn)值為false
detailed_errors_to_client = true//是否向frpc端發(fā)送錯(cuò)誤消息
//驗(yàn)證
authentication_method = token//用何種方式進(jìn)行驗(yàn)證,token和oidc(開(kāi)放ID連接)authenticate_heartbeats = false//是否要在發(fā)送給frps端的心跳包中包含身份驗(yàn)證令牌
authenticate_new_work_conns = false//是否要在發(fā)送給frps的新連接中包含身份令牌
token = 12345678//設(shè)置token
oidc_issuer =//oidc令牌,默認(rèn)空
oidc_audience =//oidc受眾,默認(rèn)空
oidc_skip_expiry_check = false//如果是false,則會(huì)檢查令牌是否過(guò)期
oidc_skip_issuer_check = false//如果是false,則會(huì)檢查頒發(fā)者是否與oidc_issuer中指定的頒發(fā)者匹配
//其他
heartbeat_timeout = 90//心跳值,負(fù)數(shù)禁用,不建議改動(dòng)
user_conn_timeout = 10//用戶連接超時(shí)時(shí)間,不建議改動(dòng)
allow_ports = 2000-3000,3001,3003,4000-50000//只允許frpc綁定這里列出來(lái)的端口,不設(shè)置則無(wú)限制
max_pool_count = 5//連接池?cái)?shù)量,如果有很多鏈接最好弄高點(diǎn),默認(rèn)5
max_ports_per_client = 0//每個(gè)客戶端可使用的最大端口,0則無(wú)限制
tls_only = false//是否只允許tls(Https)tls_cert_file = server.crt//tls的crt
tls_key_file = server.key//tls的key
tls_trusted_ca_file = ca.crt//信任crt路徑
subdomain_host = frps.com//自定義二級(jí)域名,設(shè)置后,frpc端只要設(shè)置subdomain就行,例如frpc的subdomain = test,將自動(dòng)補(bǔ)全為test.frps.com
tcp_mux = true//是都開(kāi)啟TPC復(fù)用,開(kāi)啟后不需要一個(gè)用戶一個(gè)連接,降低延遲節(jié)省開(kāi)銷
tcp_mux_keepalive_interval = 60//TPC復(fù)用的保活時(shí)間
tcp_keepalive = 7200//客戶端與服務(wù)端的保活探測(cè)間隔
custom_404_page = /path/to/404.html//自定義404頁(yè)面路徑
udp_packet_size = 1500//指定UDP數(shù)據(jù)包大小,客戶端服務(wù)端要一樣
frpc.ini
配置服務(wù)器參數(shù)
[common]
server_addr = 0.0.0.0//[必填]服務(wù)器公網(wǎng)IP
server_port = 7000//[必填]frps與frpc交互的端口(與你轉(zhuǎn)發(fā)的端口無(wú)關(guān))
dial_server_timeout = 10//連接超時(shí)時(shí)間
dial_server_keepalive = 7200//客戶端與服務(wù)端的保活探測(cè)間隔
//使用代理去鏈接frps,這里支持3種鏈接,僅限TPC模式
http_proxy = http://user:passwd@192.168.1.128:8080
http_proxy = socks5://user:passwd@192.168.1.128:1080
http_proxy = ntlm://user:passwd@192.168.1.128:2080
//日志
log_file = ./frps.log//日志路徑
log_level = info//日志級(jí)別:trace(追蹤), debug(調(diào)試), info(信息), warn(警告), error(錯(cuò)誤)
log_max_days = 3//日志保存天數(shù)
disable_log_color = false//當(dāng)log_file為控制臺(tái)時(shí)禁用日志顏色,默認(rèn)值為false
//驗(yàn)證
token = 12345678//frps上對(duì)應(yīng)的token
authentication_method = token//用何種方式進(jìn)行驗(yàn)證,token和oidc(開(kāi)放ID連接)
authenticate_heartbeats = false//是否要在發(fā)送給frps端的心跳包中包含身份驗(yàn)證令牌
authenticate_new_work_conns = false//是否要在發(fā)送給frps的新連接中包含身份令牌
//oidc相關(guān)配置
oidc_client_id =
oidc_client_secret =
oidc_audience =
oidc_scope =
oidc_token_endpoint_url =
oidc_additional_audience = https://dev.auth.com/api/v2/
oidc_additional_var1 = foobar
//通過(guò)http操作frpc時(shí)的配置
admin_addr = 127.0.0.1//IP
admin_port = 7400//端口
admin_user = admin//用戶名
admin_pwd = admin//密碼
assets_dir = ./static//資源目錄
pprof_enable = false//在儀表盤中是否啟用golang-proff處理程序
//QUIC協(xié)議的UDP設(shè)置
quic_keepalive_period = 10//有效期
quic_max_idle_timeout = 30//最大超時(shí)時(shí)間
quic_max_incoming_streams = 100000//最大傳輸流?
//其他
tls_enable = true//如果為true,frpc將用tls(Https)的方式連接frps
tls_cert_file = server.crt//tls的crt
tls_key_file = server.key//tls的key
tls_trusted_ca_file = ca.crt//信任crt路徑
tls_server_name = example.com//tls服務(wù)器名
disable_custom_tls_first_byte = false//若為true,并啟用了tls,將用第一個(gè)自定義字節(jié)連接frps
dns_server = 8.8.8.8//設(shè)置frpc使用的DNS服務(wù)器
start = ssh,dns//設(shè)置代理名稱,用,分割,默認(rèn)空表示所有代理
pool_count = 5//提前建立鏈接,默認(rèn)0
tcp_mux = true//是否開(kāi)始TPC復(fù)用,值要與frps相同
tcp_mux_keepalive_interval = 60//TPC復(fù)用保活間隔
user = your_name//修改代理名稱,將改為{user}.{proxy}
login_fail_exit = true//首次鏈接失敗是否退出程序
protocol = tcp//連接到frps的通信協(xié)議
connect_server_local_ip = 0.0.0.0//protocol為TPC和websocket時(shí)設(shè)置的本地IP
udp_packet_size = 1500//指定UDP數(shù)據(jù)包大小
includes = ./confd/*.ini//包括代理的其他配置文件。
//心跳設(shè)置,不建議修改
heartbeat_interval = 30//間隔時(shí)間
heartbeat_timeout = 90//超時(shí)時(shí)間
//服務(wù)器端的其他元數(shù)據(jù)信息
meta_var1 = 123
meta_var2 = 234
配置客戶端參數(shù)
[隧道名稱]//隧道名稱,[ssh]名字只能有一個(gè)
type = tcp//連接類型,tcp | udp | http | https | stcp | xtcp//默認(rèn)TCP
local_ip = 127.0.0.1//轉(zhuǎn)發(fā)的IP
local_port = 22//轉(zhuǎn)發(fā)的本機(jī)端口
remote_port = 6001//監(jiān)聽(tīng)的frps服務(wù)器的端口
bandwidth_limit = 1MB//限制該隧道的帶寬,單位為KB或MB
bandwidth_limit_mode = client//限制帶寬的位置,client或server,默認(rèn)client(服務(wù)端)
use_encryption = false//是否加密信息
use_compression = false//是否壓縮信息
//建立組,frps會(huì)對(duì)相同組內(nèi)連接進(jìn)行負(fù)載均衡,組秘鑰需要一致
group = test_group//組命
group_key = 123456//組秘鑰
//后端健康檢查,檢查連接健康度
health_check_type = tcp
health_check_timeout_s = 3//檢查連接超時(shí)
health_check_max_failed = 3//失敗次數(shù),連接失敗次數(shù)達(dá)到后,將從frps中刪除該隧道
health_check_interval_s = 10//檢查間隔,秒
subdomain = web01//子域名
custom_domains = web01.yourdomain.com//主域名
//其他元數(shù)據(jù)信息
meta_var1 = 123
meta_var2 = 234
該文章在 2023/12/28 18:38:28 編輯過(guò)
400 186 1886
