目标
外网通过域名可以直接访问到内网路由器的管理后台
实现
frp内网穿透
我在年前买了两个域名,一直没有用起来。这次折腾,一块搞起来。我在搬瓦工有一个vps,当然要玩frp,有一台vps是必须的。我的vps主要用来科学上网,因此性能一般,但跑个frp还是绰绰有余的。
nginx配置(为了方便域名使用,也可以直接使用ip)
我在vps安装了nginx,主要是用它来把不同的二级域名,解析到我vps不同的服务器上。比如circle.xxx.com解析到vps 的8080端口。当然你要先在域名注册的地方配置*泛域名解析到vps的ip。nginx的配置(/etc/nginx/con.d/circle.conf)大概是这样的:
<pre>
server {
listen 80 ;
listen [::]:80 ;
server_name circle.xxx.com;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
</pre>
我打算在访问hiwifi.xxx.com的时候,打开路由的后台管理页面,因此,我需要配置nginx解析hiwifi.xxx.com到frp的服务器。我frp服务器端web代理监听了8081端口。
相关的nginx配置如下,其实和上面的差不多。
<pre>
server {
listen 80 ;
listen [::]:80 ;
server_name hiwifi.xxx.com;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
</pre>
frp配置
frp内网穿透,原理我的理解,应该是这样的,一般情况下我在内网也可以访问外网,而外网不能访问内网。而我们知道网络连接是双向的,我们内网连接了外网一台固定的设备,那么我们通过这台固定的设备是可以通过已经建立的连接相互发送信息的。可能理解有误,大概是这个道理。欢迎反驳。
frp服务器端配置,为了方便我使用了特权模式,因为可以避免配置过程中,两份配置文件都要修改的尴尬。服务器端配置如下:
<pre>
[common] is integral section
[common]
A literal address or host name for IPv6 must be enclosed
in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
bind_addr = 0.0.0.0
bind_port = 7000
vhost_http_port = 8081
if you want to configure or reload frps by dashboard, dashboard_port must be set
dashboard_port = 7500
dashboard user and pwd for basic auth protect, if not set, both default value is admin
dashboard_user = admin
dashboard_pwd = admin
dashboard assets directory(only for debug mode)
assets_dir = ./static
console or real logFile path like ./frps.log
log_file = ./frps.log
debug, info, warn, error
log_level = info
log_max_days = 3
if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_token is correct
privilege_mode = true
privilege_token = 12345678
heartbeat configure, it's not recommended to modify the default value
the default value of heartbeat_timeout is 30
heartbeat_timeout = 30
only allow frpc to bind ports you list, if you set nothing, there won't be any limit
privilege_allow_ports = 2000-3000,3001,3003,4000-50000
pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 100
authentication_timeout means the timeout interval (seconds) when the frpc connects frps
if authentication_timeout is zero, the time is not verified, default is 900s
authentication_timeout = 900
if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
when subdomain is test, the host used by routing is test.frps.com
subdomain_host = xxx.com
</pre>
frp客户端配置
<pre>
[common] is integral section
[common]
A literal address or host name for IPv6 must be enclosed
in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
server_addr = xxx.com
server_port = 7000
console or real logFile path like ./frpc.log
log_file = ./frpc.log
debug, info, warn, error
log_level = info
log_max_days = 3
for privilege mode
privilege_token = 12345678
heartbeat configure, it's not recommended to modify the default value
the default value of heartbeat_interval is 10 and heartbeat_timeout is 30
heartbeat_interval = 10
heartbeat_timeout = 30
ssh is the proxy name same as server's configuration
[ssh]
privilege_mode = true
tcp | http, default is tcp
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
true or false, if true, messages between frps and frpc will be encrypted, default is false
use_encryption = false
default is false
use_gzip = false
Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02, the domains are set in frps.ini
[hiwifi]
privilege_mode = true
type = http
local_ip = 127.0.0.1
local_port = 80
use_gzip = true
connections will be established in advance, default value is zero
pool_count = 20
http username and password are safety certification for http protocol
if not set, you can access this custom_domains without certification
http_user = admin
http_pwd = admin
if domain for frps is frps.com, then you can access [web01] proxy by URL http://test.frps.com
subdomain = hiwifi
</pre>
我们把frp运行起来后,在xxx.com:7500可以查看状态信息。访问circle.xxx.com会是我vps上8080端口的服务器。hiwifi.xxx.com会访问vps的8081端口,而8081端口被frp与我极路由的80端口关联,因此也就打开了极路由的80端口。
说的很乱,欢迎提问。另外关于frp代理多个web服务,等我搭了aria2再说。
网友评论