Learned (how to achieve intranet penetration connection) how to achieve intranet penetration mode and how to achieve intranet penetration?,

Personal blog for self https://blognas.hwb0307.com Welcome to follow! In the foreword, my friend reminded me that fadeder/frps is the official Docker image of frp, but I don’t think there are detailed instructions for this official image, so I don’t want to toss and turn.

The images I use below are the ones I have used before. I haven’t noticed that they are not official before, so I’m not sure if there are potential security problems. If you are worried about security, you can see how to use fadeder/frps. For example, you can use frp in other ways by referring to the “Containerized FRP Use Scheme” tutorial. For details, see the official Github address:.

Repo recently had a friend ask me: If I have a VPS, how can I set up an intranet penetration service for my home device? Today, I’m going to give a simple and proven solution, which is to use Docker to build frp to achieve intranet penetration! The general working principle of FRP to achieve intranet penetration is as follows:.

Set up the frp server (frps) service in a VPS with a public IP address to resolve the domain name test.sample.com to the VPS and open some specific ports for frps. For example, 1234 installs the frp customer (frpc) service on the local computer.

The communication of frps-frpc is guaranteed to be normal through the common series parameters, and a local service is online, such as localapp: 6534frpc for internal connection, such as frpc: 1234 penetration route: http://test.sample.com →

VPS → frps: 1234 → frpc: 1234 → localapp: 6534 is almost the same. Maybe the actual situation is a little different. This article doesn’t discuss how frps: 1234 → frpc: 1234 works in depth. If you are interested in Google it yourself (I haven’t studied it much, this is the key, haha).

You just need to know that frp is one of the common solutions for intranet penetration, and frp is really easy to use. Because my local broadband has opened public ip, intranet penetration is of little significance to me. But many of my friends’ broadband can’t apply for public ip, so I’d better do an intranet penetration tutorial, hoping to help them!.

The knowledge reserve of this issue is similar to the foundation of installing general Docker. So if you look at the Linux foundation and Docker series I have seen, this issue is very simple! Server-side preparation # Modify working directory as needed work=~/docker/frps #Create and enter directory mkdir -p $work/{conf,log} && cd $work #Log file touch $work/log/frps.log #Pull Docker Image docker pull ruiny/frps:latest。

Modify the configuration file vim as needed/ The content of conf/frps.ini is as follows (items with Chinese marks should be modified by themselves): # [common] is integral section [common] # A literal address

or host name for IPv6 must be enclosed # in square brackets, as in “[::1]:80”, “[ipv6-host]:http” or “[ipv6-host%zone]:80” bind_ addr = 0.0.0.0 bind_ port = 7000 # udp port to help make udp hole to penetrate nat bind_ udp_ port = 7001 # udp port used for kcp protocol, it can be same with bind_ port # if not set, kcp is disabled in frps

kcp_ bind_ port = 7000 # specify which address proxy will listen for, default value is same with bind_ addr # proxy_ bind_ addr = 127.0.0.1 # if you want to support virtual host, you must set the http port for listening (optional) # Note: http port and https port can be same with bind_ port vhost_ http_ port = 80 vhost_ https_ port = 443 # set

dashboard_ addr and dashboard_ port to view dashboard of frps # dashboard_ addrs default value is same with bind_ addr # dashboard is available only if dashboard_ port is set dashboard_ addr = 0.0.0.0

dashboard_ port = 7500 #Modify as needed, which is required for web management of frps dashboard_ user = superman dashboard_ pwd = test0test # dashboard assets directory(only for debug mode) # assets_ dir = ./ static # console or real logFile path like ./ frps.log log_ file = /var/log/frps.log # trace, debug, info, warn, error log_ level = info log_ max_ days = 3 #Modify as needed. It is required in the common series parameters of frpc token = 12345678 # heartbeat

configure, its not recommended to modify the default value # the default value of heartbeat_ timeout is 90 # heartbeat_ timeout = 90 #Modify as needed and select the network segment you want to open allow_ ports = 3505-3510 # pool_ count in each proxy will change to max_ pool_ count if they exceed the maximum value max_ pool_ count = 5 # max ports can be used for each client, default value is 0 means no limit max_ ports_ per_ client = 0 # authentication_ timeout means the timeout interval (seconds) when the frpc connects frps # if authentication_ timeout is zero, the time is not verified, default is 900s authentication_ timeout = 900 # if subdomain_ host is not empty, you can set subdomain when type is http or https in frpcs configure file # when subdomain is test, the host used by routing is test.frps.com # subdomain_ host = frps.imgki.com # if tcp stream multiplexing is used, default is true tcp_ mux = true

Configure the yml file to create a docker-composite file: vim $work/docker-composite. yml Fill in the following: version: 3 services: frps: image: ruiny/frps container_ name: frps1 restart: unless-stopped ports: – 6500:7000 – 6501:7500 – 6502:7001 #Http port – 6503:80 #Https port – 6504:443 #Write the port you want to open to frpc here – 3505-3510:3505-3510 volumes: – ./ conf:/var/frp/conf – ./ log/frps.log:/var/log/frps.log

Note: If your VPS is designed for intranet penetration, you can directly change – 6503:80, – 6504:443 to – 80:80, – 443:443. Otherwise, you need to define a different port to avoid conflicts with Nginx applications. If your VPS is installed with a firewall such as pagoda or ufw, you need to open the corresponding port! In this example, the port number to be opened is:.

6500-6504和3505-3510ufw就不演示了，自己看我以前的Docker文章吧！上线服务：cd $work && docker-compose up -d观察日志（和一般的Docker应用有点不同）：。

Tail – f $work/log/frps.log

Query the working status of frps. The username/password is superman/test0test. The interface is similar to:

At this point, the server side of frp is ready to use the shell to log in to its local device (such as NAS or router). The local side is ready to work. Observe the IP address of the local computer or NAS. You can find the enp character in ifconfig | less. For example, the information of my NAS is similar to:.

The address of 192.168. X. X behind the inet is the LAN IP of the current device. Let’s take 192.168.0.125 as an example to set the working directory: # Change the working directory as needed work=~/docker/frpc #Create and enter the working directory mkdir -p $work && cd $work #Pull Docker Image docker pull chenhw2/frp:latest。

Create a new frpc.ini file: vim./frpc.ini Fill in the following: [common] #Fill in the server’s actual IP or a domain name that resolves the IP server_ addr = sample.com #Fill in the main slogan of the server frps, which is 6500 in this example server_ port = 6500 #It should correspond to the token in frps.ini one by one token = 12345678 [ssh-3505] #Connect the 3505 port of the server to the local 22 port for SSH connection type = tcp #Local ip local_ ip = 192.168.0.125 #Your ssh port.

The default is 22. If there is a custom ssh port, write that custom port local_ port = 22 #One of the ports open to frps, I casually wrote a 3505 remote_ port = 3505 [http-www.sample.cn] #Test http type = http #Local ip local_ ip = 192.168.0.125 #For example, the port number of a Docker application.

Applications with Web interfaces such as Abby and jellyfin local_ port = 6533 custom_ domains = httptest.sample.com [ https-@.sample.cn ] #Test https type = https #Fill in the domain name custom_ domains = httpstest.sample.com plugin = https2http plugin_local_addr = 192.168.0.125:6533 # HTTPS 证书相关的配置 plugin_crt_path = /frp/sample.com.pem plugin_key_path = /frp/sample.com.key plugin_host_header_rewrite = 192.168.0.125 plugin_header_X-From-Where = frp。

最后，记得将证书通过sftp上传到$work目录里面目录内容类似于：$ ls -hl $work -rw-r–r– 1 test_user test 1.1K Jun 13 13:38 frpc.ini -rw-r–r– 1 test_user test 1.7K Jun 13 13:42 sample.com.key -rw-r–r– 1 test_user test 3.8K Jun 13 13:42 sample.com.pem。

我个人建议你申请一个顶级域名的证书，即*.sample.com, sample.com，这样所有的*.sample.com都可以用同一个证书，省去了证书维护的麻烦你如果不想，也可以给每一个子域名单独申请一个证书。

全部都上传到$work文件夹里即可对于每一条https记录，都定义下面的规则：# HTTPS 证书相关的配置 plugin_crt_path = /frp/目标域名证书.pem plugin_key_path = /frp/目标域名证书.key plugin_host_header_rewrite = 192.168.0.125 plugin_header_X-From-Where = frp。

http则比较简单，和tcp类的端口差不多我强烈建议您使用https远程访问Web界面，这样会比较安全细心的小伙伴可能发现，上面的操作与sample.com、httptest.sample.com和httpstest.sample.com

这三个域名有关确实！如果你要使用某域名作为内网穿透所用，你需要将该域名解析到frps所属的VPS的公网ip以后，你每添加一个新的域名，都要对其进行域名解析这个道理不难理解吧？配置yml文件新建docker-compose文件：。

vim $work/docker-compose.yml将以下内容填入：version: 3 services: frps: image: chenhw2/frp container

_name: frpc1 restart: unless-stopped environment: – ARGS=frpc volumes: – .:/frp

上线服务，稍等片刻即可：cd $work && docker-compose up -d观察日志输出：cd $work && docker-compose logs -f日后想下线服务，只要：cd $work && docker-compose down

都是常规操作测试SSH你在自己的Shell终端里测试一下即可：地址：http://sample.com端口号：3505帐户：密码：HTTP访问http://httptest.sample.com:6503。

可成功访问应用HTTPS访问https://httpstest.sample.com:6504可成功访问应用小结FRP内网穿透还是蛮简单的，是吧？根据我过去2年的使用经验来看，FRP内网穿透方案还是十分稳定的，体验不错！不过，我要提醒你一下：。

内网穿透的流量和带宽受限于frps端，即你的VPS平时访问一下Web界面管理应用好了，千万不要做类似于用内网穿透地址看高清视频之类的事情，否则VPS的流量很容易耗尽！参考frp 与免费 SSL证书实现内网穿透并支持 HTTPS 访问。

frps配置文件：https://github.com/ruinny/frp-in-docker/blob/master/frps.ini本文使用 文章同步助手 同步