使用frp内网穿透:将本地服务暴露到公网
文章目录
- 选择
- 准备环境
- 安装
- 一键安装服务端(在公网服务器上)
- docker安装客户端(在本地局域网)
- 1panel安装客户端(在本地局域网)
- 安全配置
- 生成默认 ca
- 生成 frps 证书
- 生成 frpc 的证书
- 服务端配置
- 客户端配置
- 参考
选择
截至2025年,nps四年没维护了:https://github.com/ehang-io/nps
主流方案:https://github.com/fatedier/frp
准备环境
需要一台公网服务器
需要一个域名,并提供泛域名解析。
安装
一键安装服务端(在公网服务器上)
https://github.com/MvsCode/frps-onekey
wget https://gitee.com/mvscode/frps-onekey/raw/master/install-frps.sh -O ./install-frps.sh
chmod 700 ./install-frps.sh
./install-frps.sh install
frps安装路径:/usr/local/frps
frps status manage : frps {start|stop|restart|status|config|version}
Example:start: frps startstop: frps stop
restart: frps restart
docker安装客户端(在本地局域网)
docker run --restart=always --network host -d -v ~/frpc.ini:/etc/frp/frpc.ini --name frpc snowdreamtech/frpc
1panel安装客户端(在本地局域网)
略,很简单
安全配置
自定义 TLS 协议加密
cat > my-openssl.cnf << EOF
[ ca ]
default_ca = CA_default
[ CA_default ]
x509_extensions = usr_cert
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
string_mask = utf8only
[ req_distinguished_name ]
[ req_attributes ]
[ usr_cert ]
basicConstraints = CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = CA:true
EOF
生成默认 ca
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -subj "/CN=domain.com" -days 36500 -out ca.crt
生成 frps 证书
openssl genrsa -out server.key 2048openssl req -new -sha256 -key server.key \-subj "/C=XX/ST=DEFAULT/L=DEFAULT/O=DEFAULT/CN=domain.com" \-reqexts SAN \-config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:localhost,IP:127.0.0.1,DNS:domain.com")) \-out server.csropenssl x509 -req -days 365 -sha256 \-in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \-extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1,DNS:domain.com") \-out server.crt
生成 frpc 的证书
openssl genrsa -out client.key 2048
openssl req -new -sha256 -key client.key \-subj "/C=XX/ST=DEFAULT/L=DEFAULT/O=DEFAULT/CN=domain.com" \-reqexts SAN \-config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:localhost,IP:127.0.0.1,DNS:domain.com")) \-out client.csropenssl x509 -req -days 365 -sha256 \-in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial \-extfile <(printf "subjectAltName=DNS:localhost,DNS:domain.com") \-out client.crt
服务端配置
将上面生成好的文件放到/usr/local/frps/ssl/中
nano /usr/local/frps/frps.toml
transport.tls.certFile = "/usr/local/frps/ssl/server.crt"
transport.tls.keyFile = "/usr/local/frps/ssl/server.key"
transport.tls.trustedCaFile = "/usr/local/frps/ssl/ca.crt"
客户端配置
将上面生成好的文件放到/etc/frp/ssl/中
serverAddr =
serverPort = auth.method = "token"
auth.token = "xxxxxx"webServer.addr = "0.0.0.0"
webServer.port = 8080
webServer.user = "xxxxxx"
webServer.password = "xxxxxx"
webServer.pprofEnable = false# tls
transport.tls.certFile = "/etc/frp/ssl/client.crt"
transport.tls.keyFile = "/etc/frp/ssl/client.key"
transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt"[[proxies]]
name = "ha"
type = "https"
localPort = 443
localIP = "192.168.141.250"
subdomain = "ha"
transport.useEncryption = true
transport.useCompression = true[[proxies]]
name = "freshrss"
#type = "https"
#localPort = 443
type = "http"
localPort = 80
localIP = "192.168.170.1"
subdomain = "freshrss"
transport.useEncryption = true
transport.useCompression = true[[proxies]]
name = "wol"
type = "http"
localPort = 9090
localIP = "192.168.255.254"
subdomain = "wol"
transport.useEncryption = true
transport.useCompression = true
参考
https://shaonianzhentan.github.io/ha-docs/#/install_frpc