1 What is frp? (摘自项目README)
frp is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the Internet. As of now, it supports TCP and UDP, as well as HTTP and HTTPS protocols, where requests can be forwarded to internal services by domain name.
frp项目地址:https://github.com/fatedier/frp
2 注:本文是基于linux的配置
release: https://github.com/fatedier/frp/releases
3 无stcp:
Server:
frps.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[common]
bind_port = 7000 # Client和Server通信的端口
run the server:
./frps -c ./frps.ini
Client:
frpc.ini配置
[common]
server_addr = aaa.bbb.ccc.ddd # Server的ip地址
server_port = 7000 # Client和Server通信的端口
[tcp_port]
type = tcp
local_ip = 127.0.0.1
local_port = 6006 # Client服务的端口
remote_port = 6006 # Server暴露的端口
|
run the Client: ./frpc -c ./frpc.ini
4 有stcp:
具体逻辑:Client端1–>frps–>Client端2,相当于公网服务器充当了一个媒介。例如,我在Client1开启了tensorboard,端口是6006。通过公网服务器,我可以在本地的电脑上访问处于内网的Client1的6006端口。
4.1
Server:
frps.ini
1
2
|
[common]
bind_port = 7000
|
run the server: ./frps -c ./frps.ini
4.2
Client1:
frpc.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[common]
server_addr = aaa.bbb.ccc.ddd # Server的ip地址
server_port = 7000
[secret_tcp]
# If the type is secret tcp, remote_port is useless
# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
type = stcp
# sk used for authentication for visitors
sk = abcdefg # sk要和Client2相同
local_ip = 127.0.0.1 # Client1的访问地址
local_port = 6006 # Client1的访问端口
use_encryption = false
use_compression = false
|
run the Client1: ./frpc -c ./frpc.ini
4.3
Client2:
frpc.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[common]
server_addr = aaa.bbb.ccc.ddd
server_port = 7000
# user of frpc should be same in both stcp server and stcp visitor
[secret_tcp_visitor]
# frpc role visitor -> frps -> frpc role server
role = visitor
type = stcp
# the server name you want to visitor
server_name = secret_tcp
sk = abcdefg # sk要和Client1相同
# connect this address to visitor stcp server
bind_addr = 127.0.0.1 # Client2的访问地址
bind_port = 6006 # Client2的访问端口
use_encryption = false
use_compression = false
|
run the Client2: ./frpc -c ./frpc.ini
5 其他小的细节
5.1 如果出现下述错误,表示服务器的防火墙没有关闭(也可能是服务器的安全组没有设置):
login to server failed: dial tcp no route to host
解决办法:
1
2
|
firewall-cmd --state (出现running,表示在运行)
systemctl stop firewalld.service
|
5.2 防火墙的相关命令
1
2
3
4
5
6
7
8
|
启动:# systemctl start firewalld
查看状态:# systemctl status firewalld 或者 firewall-cmd –state
停止:# systemctl disable firewalld
禁用:# systemctl stop firewalld
重启:#systemctl restart firewalld
永久的开放需要的端口
sudo firewall-cmd --zone=public --add-port=7000/tcp --permanent
sudo firewall-cmd --reload //重载生效刚才的端口设置
|
6 最后友情提示:
注意端口安全,防范风险,避免不必要的麻烦 🙂