使用阿里云ECS搭建FRP,实现内网穿透

使用阿里云ECS搭建FRP,实现内网穿透

philo-尼可 388 2020-11-05

FRP 是一款(免费、开源)内网穿透工具。

在ECS上安装 FRPS

下载安装包

wget https://github.com/fatedier/frp/releases/download/v0.30.0/frp_0.30.0_linux_amd64.tar.gz

解压

tar -zxvf frp_0.30.0_linux_amd64.tar.gz

修改 frps.ini 配置文件

vim frps.ini 

下面是 阿里云ECS 上的配置:

# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
bind_addr = 0.0.0.0
bind_port = 7000

# udp port to help make udp hole to penetrate nat
#bind_udp_port = 7001

# udp port used for kcp protocol, it can be same with 'bind_port'
# if not set, kcp is disabled in frps
kcp_bind_port = 7800

# specify which address proxy will listen for, default value is same with bind_addr
# proxy_bind_addr = 127.0.0.1

# if you want to support virtual host, you must set the http port for listening (optional)
# Note: http port and https port can be same with bind_port
vhost_http_port = 80
vhost_https_port = 443

# set dashboard_addr and dashboard_port to view dashboard of frps
# dashboard_addr's default value is same with bind_addr
# dashboard is available only if dashboard_port is set
dashboard_addr = 0.0.0.0
dashboard_port = 7900

# dashboard user and passwd for basic auth protect, if not set, both default value is admin
dashboard_user = *****
dashboard_pwd = ***********

# dashboard assets directory(only for debug mode)
# assets_dir = ./static
# console or real logFile path like ./frps.log
log_file = ./frps.log

# trace, debug, info, warn, error
log_level = info

log_max_days = 30

# auth token
token = ************

# heartbeat configure, it's not recommended to modify the default value
# the default value of heartbeat_timeout is 90
# heartbeat_timeout = 90

# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
allow_ports = ****-****

# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 50

# max ports can be used for each client, default value is 0 means no limit
#max_ports_per_client = 0

# authentication_timeout means the timeout interval (seconds) when the frpc connects frps
# if authentication_timeout is zero, the time is not verified, default is 900s
authentication_timeout = 900

# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
# when subdomain is test, the host used by routing is test.frps.com
subdomain_host = abc.def

# if tcp stream multiplexing is used, default is true
tcp_mux = true

设置为service

新建 frp-start.sh 文件

#!/bin/sh
nohup /home/philonic/frp/frps -c /home/philonic/frp/frps.ini &

/etc/systemd/system 下创建 frp.service 文件,写入:

[Unit]
Description=Frp Service
After=network.target

[Service]
Type=simple
User=root
ExecStart=/home/philonic/frp-start.sh

[Install]
WantedBy=multi-user.target

启用 frp.service

systemctl enable frp.service

查看、启动、停止

systemctl status frp

systemctl start frp

systemctl stop frp

在蜗牛星际上安装 FRPC

使用FRPS的安装包

wget https://github.com/fatedier/frp/releases/download/v0.30.0/frp_0.30.0_linux_amd64.tar.gz

解压

tar -zxvf frp_0.30.0_linux_amd64.tar.gz

修改 frpc.ini 配置文件

vim frpc.ini 

下面是 蜗牛 上的配置:

[common]
server_addr = ECS 公网 IP
server_port = 7000

log_file = ./frpc.log
# trace, debug, info, warn, error
log_level = info

log_max_days = 3

# for authentication
token = tocken # 和服务端一样

# set admin address for control frpc's action by http api such as reload
admin_addr = 192.168.2.200
admin_port = 9093
admin_user = admin
admin_passwd = admin
# connections will be established in advance, default value is zero
pool_count = 20

# if tcp stream multiplexing is used, default is true, it must be same with frps
tcp_mux = true

# decide if exit program when first login failed, otherwise continuous relogin to frps
# default is true
login_fail_exit = true

# communication protocol used to connect to server
# now it supports tcp and kcp, default is tcp
protocol = tcp
[woniu]
type = http
local_ip = 127.0.0.1
local_port = 5000
use_encryption = true
use_compression = true
subdomain = woniu

[dir]
type = http
local_ip = 192.168.2.1
local_port = 80
use_encryption = true
use_compression = true
subdomain = dir

[port]
type = http
local_ip = 192.168.2.200
local_port = 9000
use_encryption = true
use_compression = true
subdomain = port

[blog]
type = http
local_ip = 192.168.2.200
local_port = 8090
use_encryption = true
use_compression = true
subdomain = blog

[grafana]
type = http
local_ip = 192.168.2.200
local_port = 23000
use_encryption = true
use_compression = true
subdomain = grafana


[www]
type = http
local_ip = 192.168.2.200
local_port = 80
use_encryption = true
use_compression = true
subdomain = www

[ssh]
# tcp | udp | http | https | stcp | xtcp, default is tcp
type = tcp
local_ip = 192.168.2.200
local_port = 22
# true or false, if true, messages between frps and frpc will be encrypted, default is false
use_encryption = true
# if true, message will be compressed
use_compression = true
# remote port listen by frps
remote_port = 22

[mysql8]
# tcp | udp | http | https | stcp | xtcp, default is tcp
type = tcp
local_ip = 192.168.2.200
local_port = 32769
# true or false, if true, messages between frps and frpc will be encrypted, default is false
use_encryption = true
# if true, message will be compressed
use_compression = true
remote_port = 3306

[postgres]
# tcp | udp | http | https | stcp | xtcp, default is tcp
type = tcp
local_ip = 192.168.2.200
local_port = 5432
# true or false, if true, messages between frps and frpc will be encrypted, default is false
use_encryption = true
# if true, message will be compressed
use_compression = true
remote_port = 5432

[redis]
# tcp | udp | http | https | stcp | xtcp, default is tcp
type = tcp
local_ip = 192.168.2.200
local_port = 6379
# true or false, if true, messages between frps and frpc will be encrypted, default is false
use_encryption = true
# if true, message will be compressed
use_compression = true
remote_port = 6379

同时要保证客户端连接ECS的端口开放

FRPC 启动

nohup /var/services/homes/admin/frp_0.20.0_linux_amd64/frpc -c /var/services/homes/admin/frp_0.20.0_linux_amd64/frpc.ini &

FRPC 其他命令

不重启加载配置

./frpc reload -c ./frpc.ini

查看 FRPC 的运行情况

./frpc status -c ./frpc.ini

# 阿里云 # frp # 内网穿透