FRP 配置内网穿透 远程桌面
FRP安装过程详见:https://github.com/fatedier/frp/blob/master/README_zh.md
我使用的是docker封装的镜像,这里有的坑爹的是如果在启动服务端时不指定配置文件,那么frps将只开启7000端口监听,80,443等端口将不会开启监听,后面的web转发就没法做了!
frps.ini配置如下:
[common] #绑定服务器地址,因为我用的是docker,这里不在绑定主机了 #bind_addr = #全局frp监听端口,如果使用docker需要在宿主机上暴露 bind_port = 7000 bind_udp_port = 7001 kcp_bind_port = 7000 #默认web监听端口 vhost_http_port = 80 #开启子域名监听 subdomain_host = youdomain.com #https监听 vhost_https_port = 443 #控制面板监听端口 dashboard_port = 7500 //控制面板相关 dashboard_user = admin dashboard_pwd = admin privilege_mode = true privilege_token = admin #log_max_days = 7 max_pool_count = 100 #log_level = info #log_file = frps.log #开启远程桌面信息转发,默认转发3389端口 [RDP] type = tcp
frpc.ini配置如下:
[common] #frps所在的服务器外网都中 server_addr = x.x.x.x #对应frps.ini bind_port server_port = 7000 #对应frps.ini 相应配置 privilege_token = admin #log_file = frpc.log #log_level = info #log_max_days = 7 [frps.youdomain.com] type = http privilege_mode = true local_ip = 127.0.0.1 local_port = 80 #custom_domains = frps.youdomain.com use_gzip = true subdomain = frps [frpc.youdomain.com] type = http privilege_mode = true local_ip = 127.0.0.1 local_port = 81 #custom_domains = frpc.youdomain.com use_gzip = true subdomain = frpc [rdp] #远程连接TCP类型 type = tcp #本机的IP地址 local_ip = 127.0.0.1 #重要,代表本机的远程桌面端口 local_port = 3389 #重要,代表发起远程桌面连接的客户端使用的端口 remote_port = 6000
我使用了nginx转发3389端口的tcp请求,能否远程到内网计算机,最重要的就是3389端口一定要是外网能够访问到的,这样才能将远程桌面的信号转发到frps服务端,frps的6000端口在接受到请求后会从当前连接到服务的的客户端端口集合中找到相同端口的线路,将tcp信号全部转发到这个frpc客户端上,这样就完成了内网穿透使用远程桌面连接,需要使用stream模块,与http模块同级别
配置文件如下:
stream { # ... server { #监听外部3389端口 listen 3389; #转发到frps的容器,6000端口是客户端决定的, proxy_pass frps:6000; } }
再次强调 需要放置在 http{}模块同级别,如:
http{
……
}
stream{
……
}
内网穿透nginx反向代理的站点配置文件:
#配置负载均衡池 #Demo1负载均衡池 #upstream frps_pool { # server frps:3389; #} server { listen 80; server_name frps.youdomain.com; access_log /var/log/nginx/frps.youdomain.com.static.a.log; error_log /var/log/nginx/frps.youdomain.com.static.e.log; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name frps.youdomain.com; access_log /var/log/nginx/frps.youdomain.com.static.a.log; error_log /var/log/nginx/frps.youdomain.com.static.e.log; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_certificate /etc/nginx/cert/frps.pem; ssl_certificate_key /etc/nginx/cert/frps.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; keepalive_timeout 70; ssl_session_cache shared:SSL:10m; ssl_session_tickets on; ssl_stapling on; ssl_stapling_verify on; location / { proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_read_timeout 90; #代理转发到frps容器,这里frps可以换成frps所在的容器ip地址,我使用了别名 proxy_pass http://frps; } }
nginx 具体站点配置如下:
#配置负载均衡池 #Demo1负载均衡池 #upstream frps_pool { # server frps:3389; #} server { listen 80; server_name frps.youdomain.com; access_log /var/log/nginx/frps.youdomain.com.static.a.log; error_log /var/log/nginx/frps.youdomain.com.static.e.log; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name frps.youdomain.com; access_log /var/log/nginx/frps.youdomain.com.static.a.log; error_log /var/log/nginx/frps.youdomain.com.static.e.log; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_certificate /etc/nginx/cert/frps.pem; ssl_certificate_key /etc/nginx/cert/frps.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; keepalive_timeout 70; ssl_session_cache shared:SSL:10m; ssl_session_tickets on; ssl_stapling on; ssl_stapling_verify on; location / { proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_read_timeout 90; #代理转发到frps容器,这里frps可以换成frps所在的容器ip地址,我使用了别名 proxy_pass http://frps; } }
远程桌面:
需要首先确认自己电脑是否开启允许远程连接到本机!
正常情况下直接使用frps所在的服务器外网ip地址就能直接远程连接到计算机!
浙公网安备 33010602011771号