Use frp tools to achieve intranet penetration and configure multiple ssh and web services

Use frp tools to achieve intranet penetration and configure multiple ssh and web services

Introduction to frp

FRP project address https://github.com/fatedier/frp/blob/master/README_zh.md frp  is a high-performance reverse proxy application that can be used for intranet penetration , supports tcp, udp protocols, http and https The application protocol provides additional capabilities and tentatively supports point-to-point penetration.

Environmental preparation

ssh connection 1. Need a server that can directly access the external network, such as Alibaba Cloud server (server) 2. Need to do internal network penetration server, such as the company's internal LAN test server (client) web access 3. Need Additional registered domain names

download link

https://github.com/fatedier/frp/releases just choose the latest one, usually in linux environment

installation steps

Installation operations required by both the  client and the server

cd/usr/local/

wget https://github.com/fatedier/frp/releases/download/v0.27.0/frp_0.27.0_linux_amd64.tar.gz

tar -zxvf frp_0.27.0_linux_amd64.tar.gz

mv frp_0.27.0_linux_amd64 frp

  Download the catalog file of frp

  • frpc : client executable program
  • frpc_ful l.in i : all configuration items of the client (you can view all the configuration items of frp in this file)
  • frpc.ini : client configuration items
  • frps : server-side executable program
  • frps_full.ini : All configuration items of the server (you can view all the configuration items of frp in this file)
  • frps.ini : server configuration items
  • LICENSE : License
  • The server only needs to edit the frps.ini file
  • The client only needs to edit the frpc.ini file

Server configuration

  Check the frps.ini file and modify it as follows

[common]
bind_port = 7000 # The port number that the client binds to the server

  In the default configuration information, only one binding port is 7000, which means that we bind port 7000 in the external network server to communicate with the client. Note: The port can be customized, but the client and server need to be unified. Alibaba Cloud server needs to expose port 7000 in the security group rules configured in esc management

  Start the server

./frps -c frps.ini

  The following indicates that the startup is successful

   After the startup is successful, closing xshell or exiting the conversation will disconnect the connection. You can use nohup for background startup (you can use this method for subsequent startup)

  The following is the background startup and log input into the file.log file

nohup ./frps -c ./frps.ini> file.log 2>&1 &

Client configuration

  Check the frpc.ini file and modify it as follows

[common]
server_addr = 39.105.97.50 # Your public network ip
server_port = 7000 # The bound port, custom, just keep with the server

[ssh]
type = tcp
local_ip = 127.0.0.1 # Bind ip, fill in 127.0.0.1 to indicate this machine
local_port = 22
remote_port = 6008 # ssh defaults to 22, and now forwards to port 6008

  • [common] indicates that the following configuration information is some common configuration information
  • server_addr is the public network access ip of our server, that is, the external network server
  • server_port is the port corresponding to bind_port in frps.ini that we configured on the server. Need to be consistent on both sides
  • [ssh] means that the following configuration information is some configuration information we need when we use ssh to connect to the intranet server
  • type is the connection type, tcp is used for ssh connection
  • local_ip is the local ip, just use 127.0.0.1 directly
  • local_port is the local ssh port, ssh default port is 22
  • remote_port is the port requested by the external network server. Note: Alibaba Cloud server needs to add port 6008 in the security group rules configured in the esc management

  Start the client

./frpc -c ./frpc.ini

   OK, then you can connect via xshell, just specify the port number as remote_port(6008), as follows

Multiple ssh configurations

  A single ssh configuration is successful, multiple items are configured, the same operation, download frp on another machine, and then only need to modify the frpc.ini file, the modification format is as follows

[common]
server_addr = 39.105.97.50
server_port = 7000

[ssh001] # Cannot be repeated
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6009 # Cannot be repeated

  The remote_port needs to be modified, the [ssh] name cannot be repeated

  The frpc command can be started.

External server HTTP configuration

  After configuring http, you can access the web services of the intranet. For example, the premise of the cloud disk is to have a registered domain name, so that it can be configured.

Configuration method

Server : modify frps.ini, the content is as follows

[common]
bind_port = 7000
vhost_http_port = 6001 # Access port 6001, mapped to the intranet web service

  Bind_port has the same meaning when doing ssh before. It is also to establish a communication port with the client. You only need to add vhost_http_port = 6001 to the previous configuration file. This configuration means to allow others to access port 6001 of our server. Frp forwards the http request to the intranet server

Client : modify frpc.ini, the modification content is as follows

[common]
server_addr = 39.105.97.50
server_port = 7000

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6008

[web]
type = http
local_port = 8080 # Access local 8080 web service
custom_domains = www.chendahai.cn # must have been filed

  • [web] means our configuration is a web service
  • type indicates that our request method is http
  • local_port means our local service port number is 80
  • custom_domains means that it is configured as a registered domain name (required, and the domain name needs to be available), and the domain name resolution is configured as the external network server ip

  OK, use the frpc command to restart, and you can access the 8080 service of the intranet through www.chendahai.cn:6001.

Multiple web service configuration

  What if you want to configure multiple web services, similar to ssh, just add multiple [web] , please note that the name cannot be duplicate

  The server does not need to make any changes, modify the content of ftpc.ini as follows

[common]
server_addr = 39.105.97.50
server_port = 7000

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6008

[web01]
type = http
local_port = 8080
custom_domains = www.chendahai.cn


[web02]
type = http
local_port = 80
custom_domains = cd.chendahai.cn # Use the second-level domain name for configuration

  After that, the 80-port web service of the intranet can be accessed through cd.chendahai.cn:6001. The second-level domain name needs to be configured with domain name resolution .

  The following is configured with 2 ssh and 3 web services, the server log is as follows

end

  OK, the basic configuration of intranet penetration is complete

  The use and configuration of frp is quite simple, if you have any questions or want to know about other functions of frp, you can check the official Chinese document

Reference: https://cloud.tencent.com/developer/article/1437854 Use frp tool to achieve intranet penetration and configure multiple ssh and web services-Cloud + Community-Tencent Cloud