banner
B1ueD0g

BlueDog's Home

上班使我怨气比鬼重!
x
telegram
email

frp Intranet Penetration Configuration Tutorial

What is frp

frp, short for Fast Reverse Proxy, is a tool used to provide intranet penetration services. It is mainly used to solve the problem of providing external access to some intranet services that do not have a public IP address. With frp, you can publish TCP, UDP, HTTP, HTTPS, and other protocol types of services in the intranet to the public network, and support web services to route forwarding based on domain names.

Why do you need intranet penetration

For different business needs, the reasons can be summarized as follows:

  1. Web projects have higher requirements for the performance of computers (servers) in terms of memory, CPU, hard disk, and graphics processing, and need to be deployed on computers with high-performance local area networks, and require external access.
  2. Set up an intranet penetration tool to serve people who have project deployment requirements but do not have a server (or public IP address).
  3. Remote desktop connection. Of course, this requirement can be replaced by many remote desktop software, but if you want to use Windows Remote Desktop Connection to connect to a company computer, you need intranet penetration.

Preparation

Before using frp, you need a server with a public IP address (referred to as an external host in the following text), a machine that needs to implement intranet penetration (your own computer), an SSH tool, and a domain name (if you only need to establish an SSH reverse proxy, a domain name is not required).

The server is used to deploy the frp server, and the personal computer is used to implement intranet penetration. The SSH tool is used to connect to the server. If it is a Windows Server server, you can use the built-in Windows remote desktop.

image-20230719151928313

As shown in the frp architecture diagram above:

  1. (Required) If you want to use the frp service to publish services in the intranet to the public network, you need to have a frp server set up with a public IP address, and then set up the frp client service in the settings that need to be penetrated in the intranet to achieve penetration.
  2. (Optional) You need to have a domain name resolved to the public IP address in order to achieve the function of web service routing forwarding through domain names.

Building Frp Service#

Building frp is very simple, and there are only three key steps:

  1. Get the frp file.
  2. Set up the frp configuration file.
  3. Start the frp service.
    Note: These three steps of building frp are divided into client and server, but the operations are basically the same. This tutorial mainly introduces the three main steps of building frp, as well as the explanation and explanation of the content of the frp server and client configuration files, and how to create a systemd service for frp in the Linux system for service management.

Step 1: Get the frp file#

frp supports Linux and Windows platforms. Download the Linux version or Windows version according to your operating platform settings.
Download link: https://github.com/fatedier/frp/releases
The version downloaded for the Linux platform is generally: frp_version_linux_amd64.tar.gz
The version downloaded for the Windows platform is generally: frp_version_windows_amd64.zip
The decompression command for the Linux version file is tar zxvf filename, and the Windows version file can be decompressed directly by right-clicking.
After decompression, there are generally frps (frp server running file), frpc (frp client running file), frps.ini (frp server configuration file), frpc.ini (frp client configuration file), and frp_full.ini (frp all configuration file explanation and reference).

The frp configuration file is divided into server and client. To use the frp tool normally, we need to set the configuration files for the server and client separately.

  • Explanation of frps.ini (server) configuration file:
[common]
bind_port = 7000
vhost_http_port = 8080

Note: [bind_port] is the port for the frp client to connect to the server, and [vhost_http_port] is the port for HTTP access (external port).

  • Explanation of frpc.ini (client) configuration file:
[common]
server_addr = 127.0.0.1 #Server IP
server_port = 7000    #frp server port address
 
[web]
type = http
local_port = 8080 #Local project port
custom_domains = test.frp.xxx.com #Domain name

Step 3: Start the service#

To start the service in a Linux environment, you need to add execute permissions to the running file first.
For example, if my file is in the root folder and I need to set up the frp server, after setting up the server configuration file (frps.ini), execute the following command:

cd /root
chmod +x frps
nohup ./frps -c ./frps.ini &

After successful execution, the process number of frp will be displayed. You can also use the command to view the process number of frps running: ps -e | grep frps

In a Windows environment, run the cmd command prompt as an administrator. After entering the corresponding directory, run the command: frps -c frps.ini &

Optimization settings for frp management#

Note: Official systemd service configuration files are now available for direct use.
Debian 8.0 or CentOS 7.0 and above versions are managed based on systemd. After setting up frp, it can also be managed in the systemd way, so that we can use the systemctl command for unified service management. At the same time, through this setting, the frp service can be added to the startup.

  1. Set frp as a Linux system service and manage it based on systemd. Write the frps.service file, taking CentOS 7 as an example:

nano /usr/lib/systemd/system/frps.service

The content is as follows:

[Unit]
Description=Frp Server Service
After=network.target

[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frps -c /etc/frp/frps.ini

[Install]
WantedBy=multi-user.target

Write the frpc.service file, taking CentOS 7 as an example:

nano /usr/lib/systemd/system/frps.service

The content is as follows:

[Unit]
Description=Frp Client Service
After=network.target

[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini
ExecReload=/usr/bin/frpc reload -c /etc/frp/frpc.ini

[Install]
WantedBy=multi-user.target
  1. Set frp to start automatically at boot
#frps
systemctl enable frps
systemctl start frps

#frpc
systemctl enable frpc
systemctl start frpc

Frp is configured here.

Appendix: Personal reference configuration#

Server-side:

[common]
bind_addr = 0.0.0.0             //Binding address
bind_port = 8888                //TCP binding port
bind_udp_port = 8888            //UDP binding port
kcp_bind_port = 8888            //KCP binding port
vhost_http_port = 80            //HTTP proxy port
vhost_https_port = 443          //HTTPS proxy port
dashboard_addr = 0.0.0.0        //Dashboard address
dashboard_port = 10000          //Dashboard port
dashboard_user = admin          //Dashboard username
dashboard_pwd = admin           //Dashboard password
token = 123456                  //Connection password
subdomain_host = test.com       //Hostname used by subdomains

Client-side:

[common]
server_addr = 172.16.100.100    //Server address
server_port = 8888              //Server binding port
token = 123456                  //Privileged mode password
tls_enable = true               //Encrypted transmission        
admin_addr = 127.0.0.1          //Client Web address
admin_port = 7400               //Web access port
admin_user = admin              //Web access account
admin_pwd = admin               //Web access password
user = your_name                //Username, after setting, the proxy will be displayed as <username.proxyname>

[web]                           //Service name (custom)
local_ip = 127.0.0.1            //Local IP
type = http                     //Link type
local_port = 80                 //Local port
subdomain = web                 //The server is test.com, so the subdomain here is web.test.com
custom_domains = demo.com       //Custom access domain name, multiple separated by commas
use_compression = true          //Use compression
use_encryption = true           //Use encryption

[ssh]
local_ip = 127.0.0.1
type = tcp
local_port = 22
remote_port = 9000
use_compression = true
use_encryption = true
  • 👻: Please configure specific parameters according to your needs.
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.