1. frp server 安装

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# 下载
cd /usr/local/src/
wget https://github.com/fatedier/frp/releases/download/v0.52.1/frp_0.52.1_linux_amd64.tar.gz
tar xf frp_0.52.1_linux_amd64.tar.gz
mv frp_0.52.1_linux_amd64 ../frp
cd /usr/local/frp/

# 备份服务端配置文件
cp -a frps.toml frps.toml.default

# 删除客户端
rm -rf frpc*

# 设置变量

export WebServerUser='admin'
export WebServerPasswd='myPassword'
export AuthToken='tokenxxxxxxxxxxx'
export ServerWanIP='XXX.XXX.XXX.XXX'
export ServerLanIP='XXX.XXX.XXX.XXX'
export SecretKey='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'

# 创建服务端配置文件
cat >/usr/local/frp/frps.toml<<EOF
bindAddr = "0.0.0.0"
bindPort = 7000
kcpBindPort = 7000
transport.maxPoolCount = 5
tls.force = true
transport.tls.force = true
transport.tls.certFile = "/usr/local/frp/server.crt"
transport.tls.keyFile = "/usr/local/frp/server.key"
transport.tls.trustedCaFile = "/usr/local/frp/ca.crt"
webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "${WebServerUser}"
webServer.password = "${WebServerPasswd}"
webServer.tls.certFile = "/usr/local/frp/server.crt"
webServer.tls.keyFile = "/usr/local/frp/server.key"
webServer.pprofEnable = false
enablePrometheus = true
log.to = "/var/log/frps.log"
log.level = "info"
log.maxDays = 3
log.disablePrintColor = false
detailedErrorsToClient = true
auth.method = "token"
auth.token = "${AuthToken}"
maxPortsPerClient = 0
subDomainHost = "frps.com"
udpPacketSize = 1500
natholeAnalysisDataReserveHours = 168
EOF

# 创建证书
cat /etc/pki/tls/openssl.cnf
cat >/usr/local/frp/my-openssl.cnf<< EOF
[ ca ]
default_ca = CA_default
[ CA_default ]
x509_extensions = usr_cert
[ req ]
default_bits        = 2048
default_md          = sha256
default_keyfile     = privkey.pem
distinguished_name  = req_distinguished_name
attributes          = req_attributes
x509_extensions     = v3_ca
string_mask         = utf8only
[ req_distinguished_name ]
[ req_attributes ]
[ usr_cert ]
basicConstraints       = CA:FALSE
nsComment              = "OpenSSL Generated Certificate"
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer
[ v3_ca ]
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints       = CA:true
EOF

# 创建ca证书
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -subj "/CN=example.ca.com" -days 5000 -out ca.crt

# 创建server端证书
openssl genrsa -out server.key 2048
openssl req -new -sha256 -key server.key -subj "/C=XX/ST=DEFAULT/L=DEFAULT/O=DEFAULT/CN=server.com" -reqexts SAN -config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:localhost,IP:127.0.0.1,IP:${ServerWanIP},IP:${ServerLanIP},DNS:example.server.com")) -out server.csr
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1,IP:${ServerWanIP},IP:${ServerLanIP},DNS:example.server.com") -out server.crt

# 创建client端证书
openssl genrsa -out client.key 2048
openssl req -new -sha256 -key client.key -subj "/C=XX/ST=DEFAULT/L=DEFAULT/O=DEFAULT/CN=client.com" -reqexts SAN -config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:client.com,DNS:example.client.com")) -out client.csr
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile <(printf "subjectAltName=DNS:client.com,DNS:example.client.com") -out client.crt

# 设置systemd启动
yum install systemd
cat >/etc/systemd/system/frps.service<<EOF
[Unit]
# 服务名称,可自定义
Description = frp server
After = network.target syslog.target
Wants = network.target

[Service]
Type = simple
# 启动frps的命令,需修改为您的frps的安装路径
ExecStart = /usr/local/frp/frps -c /usr/local/frp/frps.toml

[Install]
WantedBy = multi-user.target
EOF

systemctl daemon-reload
systemctl start frps
systemctl enable frps

# 查看服务状态和日志
systemctl status frps
journalctl -xfu frps
tail -f /var/log/frps.log

2. frp client proxies 安装配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# 下载
cd /usr/local/src/
wget https://github.com/fatedier/frp/releases/download/v0.52.1/frp_0.52.1_linux_amd64.tar.gz
tar xf frp_0.52.1_linux_amd64.tar.gz
mv frp_0.52.1_linux_amd64 ../frp
cd /usr/local/frp/

# 备份客户端配置文件
cp -a frpc.toml frpc.toml.default

# 删除服务端
rm -rf frps*

# 创建客户端配置文件
cat >/usr/local/frp/frpc.toml<<EOF
serverAddr = "${ServerWanIP}"
serverPort = 7000
loginFailExit = true
log.to = "/usr/local/frp/frpc.log"
log.level = "info"
log.maxDays = 3
log.disablePrintColor = false
auth.method = "token"
auth.token = "${AuthToken}"
webServer.addr = "127.0.0.1"
webServer.port = 7400
webServer.user = "${WebServerUser}"
webServer.password = "${WebServerPasswd}"
webServer.pprofEnable = false
transport.poolCount = 5
transport.protocol = "tcp"
transport.connectServerLocalIP = "0.0.0.0"
transport.tls.enable = true
transport.tls.certFile = "/usr/local/frp/client.crt"
transport.tls.keyFile = "/usr/local/frp/client.key"
transport.tls.trustedCaFile = "/usr/local/frp/ca.crt"
#transport.tls.serverName = "example.com"
udpPacketSize = 1500

[[proxies]]
name = "template-debian"
type = "stcp"
secretKey = "${SecretKey}"
localIP = "127.0.0.1"
localPort = 22
use_encryption = true
use_compression = true
EOF

# 启动客户端
/usr/local/frp/frpc -c /usr/local/frp/frpc.toml

# 查看日志
tail -f /usr/local/frp/frpc.log

3. frp client visitors 安装配置

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
# MacOS
# brew services start frpc

cat >/usr/local/etc/frp/frpc.toml<<EOF
serverAddr = "${ServerWanIP}"
serverPort = 7000
loginFailExit = true
log.to = "/usr/local/var/log/frpc.log"
log.level = "info"
log.maxDays = 3
log.disablePrintColor = false
auth.method = "token"
auth.token = "${AuthToken}"
webServer.addr = "127.0.0.1"
webServer.port = 7400
webServer.user = "${WebServerUser}"
webServer.password = "${WebServerPasswd}"
webServer.pprofEnable = false
transport.poolCount = 5
transport.protocol = "tcp"
transport.connectServerLocalIP = "0.0.0.0"
transport.tls.enable = true
transport.tls.certFile = "/usr/local/etc/frp/client.crt"
transport.tls.keyFile = "/usr/local/etc/frp/client.key"
transport.tls.trustedCaFile = "/usr/local/etc/frp/ca.crt"
# transport.tls.serverName = "example.com"
udpPacketSize = 1500

[[visitors]]
name = "template-debian_visitor"
type = "stcp"
serverName = "template-debian"
secretKey = "${SecretKey}"
bindAddr = "127.0.0.1"
bindPort = 6000
use_encryption = true
use_compression = true

[[visitors]]
name = "Lenovo_visitor"
type = "stcp"
serverName = "Lenovo"
secretKey = "${SecretKey}"
bindAddr = "127.0.0.1"
bindPort = 6001
use_encryption = true
use_compression = true

[[visitors]]
name = "MacMini_visitor"
type = "stcp"
serverName = "MacMini"
secretKey = "${SecretKey}"
bindAddr = "127.0.0.1"
bindPort = 6002
use_encryption = true
use_compression = true

[[visitors]]
name = "SurfaceGo_visitor"
type = "stcp"
serverName = "SurfaceGo"
secretKey = "${SecretKey}"
bindAddr = "127.0.0.1"
bindPort = 6003
use_encryption = true
use_compression = true

[[visitors]]
name = "MacMini-ssh_visitor"
type = "stcp"
serverName = "MacMini-ssh"
secretKey = "${SecretKey}"
bindAddr = "127.0.0.1"
bindPort = 6004
use_encryption = true
use_compression = true

[[visitors]]
name = "ubuntu-01-ssh_visitor"
type = "stcp"
serverName = "ubuntu-01"
secretKey = "${SecretKey}"
bindAddr = "127.0.0.1"
bindPort = 6005
use_encryption = true
use_compression = true

[[visitors]]
name = "ubuntu-02-ssh_visitor"
type = "stcp"
serverName = "ubuntu-02"
secretKey = "${SecretKey}"
bindAddr = "127.0.0.1"
bindPort = 6006
use_encryption = true
use_compression = true

[[visitors]]
name = "UM780XTX_visitor"
type = "stcp"
serverName = "UM780XTX"
secretKey = "${SecretKey}"
bindAddr = "127.0.0.1"
bindPort = 6007
use_encryption = true
use_compression = true
EOF

/usr/local/opt/frpc/bin/frpc -c /usr/local/etc/frp/frpc.toml