frp

https://github.com/fatedier/frp

 

frp 是一个专注于内网穿透的高性能的反向代理应用，支持 TCP、UDP、HTTP、HTTPS 等多种协议，且支持 P2P 通信。可以将内网服务以安全、便捷的方式通过具有公网 IP 节点的中转暴露到公网。

Sponsors
frp 是一个完全开源的项目，我们的开发工作完全依靠赞助者们的支持。如果你愿意加入他们的行列，请考虑 赞助 frp 的开发。

Gold Sponsors

 

 

 

为什么使用 frp ？
通过在具有公网 IP 的节点上部署 frp 服务端，可以轻松地将内网服务穿透到公网，同时提供诸多专业的功能特性，这包括：

客户端服务端通信支持 TCP、QUIC、KCP 以及 Websocket 等多种协议。
采用 TCP 连接流式复用，在单个连接间承载更多请求，节省连接建立时间，降低请求延迟。
代理组间的负载均衡。
端口复用，多个服务通过同一个服务端端口暴露。
支持 P2P 通信，流量不经过服务器中转，充分利用带宽资源。
多个原生支持的客户端插件（静态文件查看，HTTPS/HTTP 协议转换，HTTP、SOCK5 代理等），便于独立使用 frp 客户端完成某些工作。
高度扩展性的服务端插件系统，易于结合自身需求进行功能扩展。
服务端和客户端 UI 页面。

 

https://github.com/fatedier/frp/blob/dev/README_zh.md

 

ccess your computer in a LAN network via SSH
Modify frps.toml on server A by setting the bindPort for frp clients to connect to:
# frps.toml
bindPort = 7000
Start frps on server A:
./frps -c ./frps.toml

Modify frpc.toml on server B and set the serverAddr field to the public IP address of your frps server:
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000

[[proxies]]
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000
Note that the localPort (listened on the client) and remotePort (exposed on the server) are used for traffic going in and out of the frp system, while the serverPort is used for communication between frps and frpc.

Start frpc on server B:
./frpc -c ./frpc.toml

To access server B from another machine through server A via SSH (assuming the username is test), use the following command:
ssh -oPort=6000 test@x.x.x.x

Multiple SSH services sharing the same port
This example implements multiple SSH services exposed through the same port using a proxy of type tcpmux. Similarly, as long as the client supports the HTTP Connect proxy connection method, port reuse can be achieved in this way.

Deploy frps on a machine with a public IP and modify the frps.toml file. Here is a simplified configuration:
bindPort = 7000
tcpmuxHTTPConnectPort = 5002
Deploy frpc on the internal machine A with the following configuration:
serverAddr = "x.x.x.x"
serverPort = 7000

[[proxies]]
name = "ssh1"
type = "tcpmux"
multiplexer = "httpconnect"
customDomains = ["machine-a.example.com"]
localIP = "127.0.0.1"
localPort = 22
Deploy another frpc on the internal machine B with the following configuration:
serverAddr = "x.x.x.x"
serverPort = 7000

[[proxies]]
name = "ssh2"
type = "tcpmux"
multiplexer = "httpconnect"
customDomains = ["machine-b.example.com"]
localIP = "127.0.0.1"
localPort = 22
To access internal machine A using SSH ProxyCommand, assuming the username is "test":
ssh -o 'proxycommand socat - PROXY:x.x.x.x:%h:%p,proxyport=5002' test@machine-a.example.com

To access internal machine B, the only difference is the domain name, assuming the username is "test":
ssh -o 'proxycommand socat - PROXY:x.x.x.x:%h:%p,proxyport=5002' test@machine-b.example.com

Accessing Internal Web Services with Custom Domains in LAN
Sometimes we need to expose a local web service behind a NAT network to others for testing purposes with our own domain name.

Unfortunately, we cannot resolve a domain name to a local IP. However, we can use frp to expose an HTTP(S) service.

Modify frps.toml and set the HTTP port for vhost to 8080:
# frps.toml
bindPort = 7000
vhostHTTPPort = 8080
If you want to configure an https proxy, you need to set up the vhostHTTPSPort.

Start frps:
./frps -c ./frps.toml

Modify frpc.toml and set serverAddr to the IP address of the remote frps server. Specify the localPort of your web service:
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000

[[proxies]]
name = "web"
type = "http"
localPort = 80
customDomains = ["www.example.com"]
Start frpc:
./frpc -c ./frpc.toml

Map the A record of www.example.com to either the public IP of the remote frps server or a CNAME record pointing to your original domain.

Visit your local web service using url http://www.example.com:8080.

Forward DNS query requests
Modify frps.toml:
# frps.toml
bindPort = 7000
Start frps:
./frps -c ./frps.toml

Modify frpc.toml and set serverAddr to the IP address of the remote frps server. Forward DNS query requests to the Google Public DNS server 8.8.8.8:53:
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000

[[proxies]]
name = "dns"
type = "udp"
localIP = "8.8.8.8"
localPort = 53
remotePort = 6000
Start frpc:
./frpc -c ./frpc.toml

Test DNS resolution using the dig command:
dig @x.x.x.x -p 6000 www.google.com

Forward Unix Domain Socket
Expose a Unix domain socket (e.g. the Docker daemon socket) as TCP.

Configure frps as above.

Start frpc with the following configuration:
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000

[[proxies]]
name = "unix_domain_socket"
type = "tcp"
remotePort = 6000
[proxies.plugin]
type = "unix_domain_socket"
unixPath = "/var/run/docker.sock"
Test the configuration by getting the docker version using curl:
curl http://x.x.x.x:6000/version

Expose a simple HTTP file server
Expose a simple HTTP file server to access files stored in the LAN from the public Internet.

Configure frps as described above, then:

Start frpc with the following configuration:
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000

[[proxies]]
name = "test_static_file"
type = "tcp"
remotePort = 6000
[proxies.plugin]
type = "static_file"
localPath = "/tmp/files"
stripPrefix = "static"
httpUser = "abc"
httpPassword = "abc"
Visit http://x.x.x.x:6000/static/ from your browser and specify correct username and password to view files in /tmp/files on the frpc machine.
Enable HTTPS for a local HTTP(S) service
You may substitute https2https for the plugin, and point the localAddr to a HTTPS endpoint.

Start frpc with the following configuration:
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000

[[proxies]]
name = "test_https2http"
type = "https"
customDomains = ["test.example.com"]

[proxies.plugin]
type = "https2http"
localAddr = "127.0.0.1:80"
crtPath = "./server.crt"
keyPath = "./server.key"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"
Visit https://test.example.com.
Expose your service privately
To mitigate risks associated with exposing certain services directly to the public network, STCP (Secret TCP) mode requires a preshared key to be used for access to the service from other clients.

Configure frps same as above.

Start frpc on machine B with the following config. This example is for exposing the SSH service (port 22), and note the secretKey field for the preshared key, and that the remotePort field is removed here:
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000

[[proxies]]
name = "secret_ssh"
type = "stcp"
secretKey = "abcdefg"
localIP = "127.0.0.1"
localPort = 22
Start another frpc (typically on another machine C) with the following config to access the SSH service with a security key (secretKey field):
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000

[[visitors]]
name = "secret_ssh_visitor"
type = "stcp"
serverName = "secret_ssh"
secretKey = "abcdefg"
bindAddr = "127.0.0.1"
bindPort = 6000
On machine C, connect to SSH on machine B, using this command:
ssh -oPort=6000 127.0.0.1

P2P Mode
xtcp is designed to transmit large amounts of data directly between clients. A frps server is still needed, as P2P here only refers to the actual data transmission.

Note that it may not work with all types of NAT devices. You might want to fallback to stcp if xtcp doesn't work.

Start frpc on machine B, and expose the SSH port. Note that the remotePort field is removed:
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000
# set up a new stun server if the default one is not available.
# natHoleStunServer = "xxx"

[[proxies]]
name = "p2p_ssh"
type = "xtcp"
secretKey = "abcdefg"
localIP = "127.0.0.1"
localPort = 22
Start another frpc (typically on another machine C) with the configuration to connect to SSH using P2P mode:
# frpc.toml
serverAddr = "x.x.x.x"
serverPort = 7000
# set up a new stun server if the default one is not available.
# natHoleStunServer = "xxx"

[[visitors]]
name = "p2p_ssh_visitor"
type = "xtcp"
serverName = "p2p_ssh"
secretKey = "abcdefg"
bindAddr = "127.0.0.1"
bindPort = 6000
# when automatic tunnel persistence is required, set it to true
keepTunnelOpen = false
On machine C, connect to SSH on machine B, using this command:
ssh -oPort=6000 127.0.0.1