服务器搭建(FRPS)
创建配置文件
# 创建存放目录
sudo mkdir /etc/frp
# 创建frps.ini文件
nano /etc/frp/frps.ini
frps.ini内容如下:
[common]
# 监听端口
bind_port = 7000
# 面板端口
dashboard_port = 7500
# 登录面板账号设置
dashboard_user = admin
dashboard_pwd = admin
# 设置http及https协议下代理端口(非重要)
vhost_http_port = 7080
vhost_https_port = 7081
# 身份验证
token = 12345678
[root@server ~]# docker pull registry.cn-shenzhen.aliyuncs.com/mogublog_business/frps
[root@server ~]# docker run --restart=always --network host -d -v /root/frps.ini:/etc/frp/frps.ini --name frps registry.cn-shenzhen.aliyuncs.com/mogublog_business/frps
5d1c7d3ec1697c08bd77fa267e9ae007ffa8c379b81bb6953d6e01ff85c5cbb7
[root@server ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d1c7d3ec169 registry.cn-shenzhen.aliyuncs.com/mogublog_business/frps "/bin/sh -c '/usr/bi..." 4 seconds ago Up 3 seconds frps
[root@server ~]# sudo ufw enable
[root@server ~]# sudo ufw allow 7000
[root@server ~]# sudo ufw allow 7500
[root@server ~]# sudo ufw allow 7080
[root@server ~]# sudo ufw allow 7081
http://ip:7500
中转客户端配置(FRPC)
[root@client ~]# docker pull registry.cn-shenzhen.aliyuncs.com/mogublog_business/frpc:latest
[root@client ~]# docker run --restart=always --network host -d -v /opt/frp/frpc.ini:/etc/frp/frpc.ini --name frpc registry.cn-shenzhen.aliyuncs.com/mogublog_business/frpc:latest
5d73d9ee2583b73b84a2863f61ddf29d722b7ac8a79f1e366bec7998bc8e278b
[root@client ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d73d9ee2583 registry.cn-shenzhen.aliyuncs.com/mogublog_business/frpc:latest "/bin/sh -c '/usr/bi..." 4 seconds ago Up 4 seconds frpc
[root@client ~]#
配置文件示例:
[common]
# server_addr为FRPS服务器IP地址
server_addr = x.x.x.x
# server_port为服务端监听端口,bind_port
server_port = 7000
# 身份验证
token = 12345678
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 2288
# [ssh] 为服务名称,下方此处设置为,访问frp服务段的2288端口时,等同于通过中转服务器访问127.0.0.1的22端口。
# type 为连接的类型,此处为tcp
# local_ip 为中转客户端实际访问的IP
# local_port 为目标端口
# remote_port 为远程端口
[ssh]
type = tcp
local_ip = 192.168.1.229
local_port = 80
remote_port = 18022
[unRAID web]
type = tcp
local_ip = 192.168.1.229
local_port = 80
remote_port = 18088
[Truenas web]
type = tcp
local_ip = 192.168.1.235
local_port = 80
remote_port = 18188
[speedtest]
type = tcp
local_ip = 192.168.1.229
local_port = 6580
remote_port = 18190
[webdav]
type = tcp
local_ip = 192.168.1.235
local_port = 18080
remote_port = 18189
[RDP PC1]
type = tcp
local_ip = 192.168.1.235
local_port = 3389
remote_port = 18389
-
如果监听服务可以有IP限制的设置,需要允许的访问IP为中转内网设备的内网IP;
-
FRP由于端口会暴露在互联网上,虽然说使用方便但安全性较差;