使用FRP 0.58版本进行内网穿透的详细教程

什么是FRP？

FRP（Fast Reverse Proxy）是一款高性能的反向代理应用，主要用于内网穿透。通过FRP，您可以将内网服务暴露给外网用户，无需进行复杂的网络配置。

准备工作

1. 服务器：一台具备公网IP的服务器，用于部署FRP服务端。
2. 客户端：需要进行内网穿透的设备。
3. FRP程序：可以从FRP官方GitHub页面下载最新版本。
   

部署步骤

1. 服务器 A (具有公共 IP 地址)

   • 解压并放置 frps 二进制文件和 frps.toml 配置文件。
   • 修改 frps.toml:

     [common]
     bind_port = 7000
     

   • 启动 frps:

     ./frps -c ./frps.toml
     

2. 服务器 B (在无法从公共互联网直接访问的服务器上)

   • 解压并放置 frpc 二进制文件和 frpc.toml 配置文件。
   • 修改 frpc.toml:

     [common]
     server_addr = "x.x.x.x"
     server_port = 7000[ssh]
     type = "tcp"
     local_ip = "127.0.0.1"
     local_port = 22
     remote_port = 6000
     

   • 启动 frpc:

     ./frpc -c ./frpc.toml
     

通过 SSH 访问服务器 B

从另一台机器通过服务器 A 访问服务器 B (假设用户名是 test):

ssh -oPort=6000 test@x.x.x.x

通过多个 SSH 服务共享同一端口

配置 frps.toml:

[common]
bind_port = 7000
tcpmux_httpconnect_port = 5002

配置内部机器 A 和 B 的 frpc.toml:

[common]
server_addr = "x.x.x.x"
server_port = 7000[ssh1]
type = "tcpmux"
multiplexer = "httpconnect"
custom_domains = ["machine-a.example.com"]
local_ip = "127.0.0.1"
local_port = 22[ssh2]
type = "tcpmux"
multiplexer = "httpconnect"
custom_domains = ["machine-b.example.com"]
local_ip = "127.0.0.1"
local_port = 22

通过 SSH ProxyCommand 访问:

ssh -o 'proxycommand socat - PROXY:x.x.x.x:%h:%p,proxyport=5002' test@machine-a.example.com

使用自定义域访问内部 Web 服务

配置 frps.toml:

[common]
bind_port = 7000
vhost_http_port = 8080

配置 frpc.toml:

[common]
server_addr = "x.x.x.x"
server_port = 7000[web]
type = "http"
local_port = 80
custom_domains = ["www.example.com"]

在浏览器中访问 http://www.example.com:8080。

转发 DNS 查询请求

配置 frps.toml:

[common]
bind_port = 7000

配置 frpc.toml:

[common]
server_addr = "x.x.x.x"
server_port = 7000[dns]
type = "udp"
local_ip = "8.8.8.8"
local_port = 53
remote_port = 6000

测试 DNS 解析:

dig @x.x.x.x -p 6000 www.google.com

转发 Unix 域套接字

配置 frps.toml 和 frpc.toml:

[common]
server_addr = "x.x.x.x"
server_port = 7000[unix_domain_socket]
type = "tcp"
remote_port = 6000
plugin = "unix_domain_socket"
plugin_unix_path = "/var/run/docker.sock"

测试配置:

curl http://x.x.x.x:6000/version

公开简单的 HTTP 文件服务器

配置 frps.toml 和 frpc.toml:

[common]
server_addr = "x.x.x.x"
server_port = 7000[test_static_file]
type = "tcp"
remote_port = 6000
plugin = "static_file"
plugin_local_path = "/tmp/files"
plugin_strip_prefix = "static"
plugin_http_user = "abc"
plugin_http_passwd = "abc"

从浏览器访问 http://x.x.x.x:6000/static/。

为本地 HTTP(S) 服务启用 HTTPS

配置 frpc.toml:

[common]
server_addr = "x.x.x.x"
server_port = 7000[test_https2http]
type = "https"
custom_domains = ["test.example.com"]
plugin = "https2http"
plugin_local_addr = "127.0.0.1:80"
plugin_crt_path = "./server.crt"
plugin_key_path = "./server.key"
plugin_host_header_rewrite = "127.0.0.1"
plugin_request_headers = ["x-from-where: frp"]

访问 https://test.example.com。

使用 STCP 模式

配置 frps.toml 和 frpc.toml:

[common]
server_addr = "x.x.x.x"
server_port = 7000[secret_ssh]
type = "stcp"
secretkey = "abcdefg"
local_ip = "127.0.0.1"
local_port = 22

在另一台机器上启动 frpc:

[common]
server_addr = "x.x.x.x"
server_port = 7000[secret_ssh_visitor]
type = "stcp"
server_name = "secret_ssh"
secretkey = "abcdefg"
bind_addr = "127.0.0.1"
bind_port = 6000

使用 SSH 连接:

ssh -oPort=6000 127.0.0.1

使用 P2P 模式

配置 frps.toml 和 frpc.toml:

[common]
server_addr = "x.x.x.x"
server_port = 7000[p2p_ssh]
type = "xtcp"
secretkey = "abcdefg"
local_ip = "127.0.0.1"
local_port = 22

在另一台机器上启动 frpc:

[common]
server_addr = "x.x.x.x"
server_port = 7000[p2p_ssh_visitor]
type = "xtcp"
server_name = "p2p_ssh"
secretkey = "abcdefg"
bind_addr = "127.0.0.1"
bind_port = 6000
keep_tunnel_open = false

使用 SSH 连接:

ssh -oPort=6000 127.0.0.1

配置文件和环境变量

您可以使用 TOML、YAML 或 JSON 格式的配置文件。环境变量可以在配置文件中引用，采用 Go 的标准格式:

# frpc.toml
server_addr = "{{ .Envs.FRP_SERVER_ADDR }}"
server_port = 7000[ssh]
type = "tcp"
local_ip = "127.0.0.1"
local_port = 22
remote_port = "{{ .Envs.FRP_SSH_REMOTE_PORT }}"

设置环境变量:

export FRP_SERVER_ADDR=x.x.x.x
export FRP_SSH_REMOTE_PORT=6000
./frpc -c ./frpc.toml

服务器仪表板

配置 frps.toml:

[common]
web_server_addr = "0.0.0.0"
web_server_port = 7500
web_server_user = "admin"
web_server_pwd = "admin"

访问 http://[server_addr]:7500 查看仪表板。

客户端管理界面

配置 frpc.toml:

[common]
web_server_addr = "127.0.0.1"
web_server_port = 7400
web_server_user = "admin"
web_server_pwd = "admin"

访问 http://127.0.0.1:7400 查看管理界面。

热加载配置

启用 HTTP API:

[common]
web_server_addr = "127.0.0.1"
web_server_port = 7400

使用命令重新加载配置:

frpc reload -c ./frpc.toml

验证客户端

使用令牌认证:

# frps.toml
[common]
auth_token = "abcdefg"# frpc.toml
[common]
auth_token = "abcdefg"

使用 OIDC 身份验证:

# frps.toml
[common]
auth_method = "oidc"
auth_oidc_issuer = "https://example-oidc-issuer.com/"
auth_oidc_audience = "https://oidc-audience.com/.default"# frpc.toml
[common]
auth_method = "oidc"
auth_oidc_client_id ="my-client-id"
auth_oidc_client_secret = "my-client-secret"
auth_oidc_audience = "https://oidc-audience.com/.default"

获取 JWT:

export FRP_OIDC_TOKEN=$(curl -X POST -d 'client_id=my-client-id' -d 'client_secret=my-client-secret' -d 'audience=https://oidc-audience.com/.default' https://example-oidc-issuer.com/token | jq -r .access_token)

配置持久化存储

启用持久化存储:

# frps.toml
[common]
database_type = "sqlite3"
database_path = "/var/lib/frp/frps.db"

配置日志

[common]
log_file = "./frps.log"
log_level = "info"
log_max_days = 3

这样，您可以使用 frp 实现各种隧道需求。可以根据具体需求调整配置以满足安全性和性能的要求。