前言
政府就是政府,网络安全要做到第一位,分配的服务器都要在堡垒机之下才能访问,所以得想招给代理出来,也给自己方便不是。
既然要反代理,就选的FRP,开源。。。。(不花钱)
FRP服务器搭建
下载对应版本的frp(包括服务端和客户端):大型同性交友网站
| window客户端+服务端 | Linux客户端+服务端 | arm客户端+服务端 | |
|---|---|---|---|
| 0.51.3 | frp_0.51.3_windows_amd64.zip | frp_0.51.3_linux_amd64.tar.gz | frp_0.51.3_linux_arm64.tar.gz |
| 0.38.0 | frp_0.38.0_windows_amd64.zip | frp_0.38.0_linux_arm64.tar.gz | |
具体服务端配置文件信息frps.ini:
[common]
bind_port = 7000
#dashboard 用户名
dashboard_user = user1
#dashboard 密码
dashboard_pwd = user1
#dashboard 端口,启动成功后可通过浏览器访问如http://ip:7500
dashboard_port = 7500
token = 8d262f2b-6dba-4a8d-857e-8a53d1d439e2运行服务端至后台
[root@w7 frp_0.33.0_linux_amd64]# nohup /root/frp/frp_0.33.0_linux_amd64/frps -c frps.ini &
2020/06/09 22:28:59 [I] [service.go:178] frps tcp listen on 0.0.0.0:7000
2020/06/09 22:28:59 [I] [service.go:277] Dashboard listen on 0.0.0.0:7500
2020/06/09 22:28:59 [I] [root.go:209] start frps success运行之后可访问http://IP:7500
FRP客户端(linux)
具体的客户端配置文件信息:
[common]
# 配置服务端对外的ip地址
server_addr = xxx.xxx.xxx.xxx
#配置服务端监听的端口
server_port = 7088
#如果服务端配置token,将服务端配置的token复制到此处
token = 8d262f2b-6dba-4a8d-857e-8a53d1d439e2
pool_count = 5
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 7122
[ftp]
type = tcp
local_ip = 127.0.0.1
local_port = 21
remote_port = 7121运行客户端端至后台
[root@localhost frp_0.33.0_linux_amd64]# nohup /root/frp/frp_0.33.0_linux_amd64/frpc -c frpc.ini &
[1] 26153
[root@localhost frp_0.33.0_linux_amd64]# nohup: 忽略输入并把输出追加到'nohup.out'
[root@localhost frp_0.33.0_linux_amd64]# ls
frpc frpc_full.ini frpc.ini frps frps_full.ini frps.ini LICENSE nohup.out systemd
[root@localhost frp_0.33.0_linux_amd64]# cat nohup.out
2020/06/09 10:55:56 [I] [service.go:282] [0d80fe0bb829cc87] login to server success, get run id [0d80fe0bb829cc87], server udp port [0]
2020/06/09 10:55:56 [I] [proxy_manager.go:144] [0d80fe0bb829cc87] proxy added: [ssh ftp]
2020/06/09 10:55:56 [I] [control.go:179] [0d80fe0bb829cc87] [ssh] start proxy success
2020/06/09 10:55:56 [I] [control.go:179] [0d80fe0bb829cc87] [ftp] start proxy successlinux systemctl方式进程守护
在/etc/systemd/system下新建frpc.service文件,内容如下:
[Unit]
Description=Frp client
After=network.target
[Service]
Type=simple
User=root
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/frp/frpc -c /usr/local/frp/frpc.ini
[Install]
WantedBy=multi-user.targetFRP客户端(window)
具体的客户端配置文件信息:
[common]
# 配置服务端对外的ip地址
server_addr = xxx.xxx.xxx.xxx
#配置服务端监听的端口
server_port = 7088
#如果服务端配置token,将服务端配置的token复制到此处
token = 8d262f2b-6dba-4a8d-857e-8a53d1d439e2
pool_count = 5
[mstsc]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 7133创建一个文件run.vbs
Set ws = CreateObject("Wscript.Shell")
ws.run "cmd /c C:\frp_0.33.0_windows_amd64\frpc.exe -c C:\frp_0.33.0_windows_amd64\frpc.ini",vbhide (这里注意要改为你的文件位置)运行以下vbs文件就可以了
这样就大功告成,访问服务端的7122就相当于访问内网被隔离的机器22端口
还不快抢沙发