Frp暴露内网服务、RDP和SSH等,配合Nginx
资源 frp官方仓库
frps脚本
配置远程桌面连接 frps服务端配置 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 bind_addr = 0.0 .0.0 bind_port = 7864 kcp_bind_port = 7864 dashboard_port = 18657 dashboard_user = admindashboard_pwd = xxxxxxvhost_http_port = 9569 log_file = ./frps.loglog_level = infolog_max_days = 3 token = xxxxxmax_pool_count = 50 tcp_mux = true bind_udp_port = 9856
frpc客户端配置 被远程控制的主机1 frpc.ini
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 [common] server_addr = xxx.xxx.xxx.xxxserver_port = 7864 protocol = kcptoken = xxxxx[5600x_rdp_tcp] type = tcplocal_ip = 127.0 .0.1 local_port = 3389 remote_port = 6292 [5600x_rdp_udp] type = udplocal_ip = 127.0 .0.1 local_port = 3389 remote_port = 6292 [5600x_rdp_xtcp] type = xtcpsk = xxxlocal_ip = 127.0 .0.1 local_port = 3389 [5600x_rdp_sudp] type = sudpsk = xxxxlocal_ip = 127.0 .0.1 local_port = 3389
设置Frp为服务开机自启 下载WinSW
创建WinSW同名的xml文件放在一起
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 <service > <id > frpc</id > <name > frpc</name > <description > frp客户端</description > <executable > D:\Tool\frp\frpc.exe</executable > <arguments > -c D:\Tool\frp\frpc.ini</arguments > <startmode > Automatic</startmode > <onfailure action ="restart" delay ="120 sec" /> <onfailure action ="restart" delay ="600 sec" /> <log mode ="roll" > </log > <logpath > D:\Tool\frp\logs</logpath > </service >
安装frpc服务:.\WinSW.exe install frpc.xml
更新服务配置:.\WinSW.exe refresh frpc.xml
发起控制的主机2 frpc.ini
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [common] server_addr = xxx.xxx.xxx.xxxserver_port = 7864 protocol = kcptoken = xxxxx[5600x_rdp_visitor] type = xtcprole = visitorserver_name = 5600 x_rdp_xtcpsk = xxxbind_addr = 127.0 .0.1 bind_port = 6000 [5600x_rdp_udp_visitor] type = sudprole = visitorserver_name = 5600 x_rdp_sudpsk = xxxxbind_addr = 127.0 .0.1 bind_port = 6000
开始使用 先开启服务器的frps,在开启主机1的frpc
不想通过服务器转发需要在主机2开启frpc,通过 127.0.0.1:6000
尝试p2p连接主机1
主机2没有frp时可以通过 服务器公网IP:6292
连接主机1
配合Nginx暴露内网服务 Docker安装Nginx 参考教程
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 docker run --name tmp-nginx-container -p 80:80 -d nginx mkdir /root/nginxdocker cp tmp-nginx-container:/etc/nginx /root docker rm -f tmp-nginx-container docker run -d \ -p 80:80 \ -p 443:443 \ --name nginx \ --restart always \ -v /root/nginx:/etc/nginx \ -v /root/nginx-logs:/var/log/nginx \ -v /root/nginx-html:/usr/share/nginx/html \ nginx:alpine
Frp配置 frps 一键脚本
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 [common] bind_addr = 0.0 .0.0 bind_port = 7864 kcp_bind_port = 7864 dashboard_port = 18657 dashboard_user = admindashboard_pwd = xxxxxxvhost_http_port = 88 log_file = ./frps.loglog_level = infolog_max_days = 3 token = xxxxxxmax_pool_count = 50 tcp_mux = true
frpc 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 nano /etc/systemd/system/frpc.service [Unit] Description=Frp Client Service After=network.target [Service] Type=simple User=root Restart=on-failure RestartSec=5s ExecStart=/root/frp/frpc -c /root/frp/frpc.ini [Install] WantedBy=multi-user.target systemctl enable frpc systemctl start frpc systemctl status frpc
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [common] server_addr = frp.nicenan.cnserver_port = 7864 token = xxxx[ssh] type = tcplocal_ip = 127.0 .0.1 local_port = 22 remote_port = 4528 [DOCKER_PORTAINER] type = httplocal_ip = 192.168 .2.149 local_port = 9000 custom_domains = qinglong.nicenan.cn
Nginx配置 default.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 server { listen 443 ssl; server_name qinglong.nicenan.cn; ssl_certificate ssl/qinglong.nicenan.cn.crt; ssl_certificate_key ssl/qinglong.nicenan.cn.key; ssl_session_timeout 5m ; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1.2 TLSv1.3 ; ssl_prefer_server_ciphers on ; location / { proxy_pass http://qinglong.nicenan.cn:88; proxy_buffering off ; proxy_buffer_size 128k ; proxy_buffers 100 128k ; proxy_http_version 1 .1 ; proxy_set_header Upgrade $http_upgrade ; proxy_set_header Connection keep-alive; proxy_set_header Host $host ; proxy_set_header X-Real-IP $remote_addr ; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto $scheme ; proxy_cache_bypass $http_upgrade ; } } server { listen 80 ; server_name qinglong.nicenan.cn; return 301 https://$host $request_uri ; }
Acme自动ssl证书 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 curl https://get.acme.sh | sh export DP_Id="291441" export DP_Key="7c915c94eb53b0f7cc70425e78aef3fe" acme.sh --issue --dns dns_dp -d nicenan.cn -d *.nicenan.cn --keylength ec-256 --server letsencrypt acme.sh --installcert -d nicenan.cn \ --key-file /root/nginx/ssl/nicenan.cn.key \ --fullchain-file /root/nginx/ssl/nicenan.cn.cer \ --reloadcmd "docker restart nginx" \ --ecc acme.sh --issue --dns dns_dp -d n1.nicenan.cn -d *.n1.nicenan.cn --keylength ec-256 --server letsencrypt acme.sh --installcert -d n1.nicenan.cn \ --key-file /root/nginx/ssl/n1.nicenan.cn.key \ --fullchain-file /root/nginx/ssl/n1.nicenan.cn.cer \ --reloadcmd "docker restart nginx" \ --ecc export BARK_API_URL="https://api.day.app/XXXXXXXXXXXXXXXXXXXXXX" export BARK_GROUP=ACMEacme.sh --set-notify --notify-hook bark
支持多个服务 Frp配置 frpc.ini
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [common] server_addr = xxx.xxx.xxx.xxxserver_port = 7864 protocol = kcptoken = xxx[docker_portainer] type = httplocal_ip = 127.0 .0.1 local_port = 9000 custom_domains = docker.n1.nicenan.cn[netdata] type = httplocal_ip = 127.0 .0.1 local_port = 19999 custom_domains = netdata.n1.nicenan.cn
frps.ini
1 2 3 4 5 6 7 8 9 10 11 12 13 14 [common] bind_addr = 0.0 .0.0 bind_port = 7864 kcp_bind_port = 7864 dashboard_port = 18657 dashboard_user = admindashboard_pwd = xxxvhost_http_port = 9569 log_file = ./frps.loglog_level = infolog_max_days = 3 token = xxxmax_pool_count = 50
Nginx配置 以下都是docker挂载到nginx容器的目录 /root/nginx
初始配置: /root/nginx/nginx.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 user nginx;worker_processes auto;error_log /var/log/nginx/error .log notice ;pid /var/run/nginx.pid;events { worker_connections 1024 ; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local ] "$request " ' '$status $body_bytes_sent "$http_referer " ' '"$http_user_agent " "$http_x_forwarded_for "' ; access_log /var/log/nginx/access.log main; sendfile on ; keepalive_timeout 65 ; include /etc/nginx/conf.d/*.conf ; }
需要反代的一系列配置:/root/nginx/conf.d/n1.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 server { listen 443 ssl; server_name docker.n1.nicenan.cn; include /etc/nginx/conf.d/n1.ssl; location / { proxy_pass http://docker.n1.nicenan.cn:9569; include /etc/nginx/conf.d/fxdl; } } server { listen 443 ssl; server_name netdata.n1.nicenan.cn; include /etc/nginx/conf.d/n1.ssl; location / { proxy_pass http://netdata.n1.nicenan.cn:9569; include /etc/nginx/conf.d/fxdl; } } server { listen 80 ; server_name *.n 1.nicenan.cn; return 301 https://$host $request_uri ; }
证书配置(泛域名证书,配合acme自动更新):/root/nginx/conf.d/n1.ssl
1 2 3 4 5 6 ssl_certificate ssl/n1.nicenan.cn.cer; ssl_certificate_key ssl/n1.nicenan.cn.key; ssl_session_timeout 5m ;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1.2 TLSv1.3 ;ssl_prefer_server_ciphers on ;
反向代理buffer配置:/root/nginx/conf.d/fxdl
1 2 3 4 5 6 7 8 9 10 11 proxy_buffering off ;proxy_buffer_size 128k ;proxy_buffers 100 128k ;proxy_http_version 1 .1 ;proxy_set_header Upgrade $http_upgrade ;proxy_set_header Connection keep-alive;proxy_set_header Host $host ;proxy_set_header X-Real-IP $remote_addr ;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;proxy_set_header X-Forwarded-Proto $scheme ;proxy_cache_bypass $http_upgrade ;
每次只需增加一条frpc的配置,并在nginx设置反代即可