文章目錄
- 項目概述
- 核心特性
- 系統架構
- 快速開始
- 1. 下載安裝
- 2. 服務端快速配置
- 3. 客戶端快速配置
- 4. 驗證連接
- 配置文件說明
- 代理類型
- TCP/UDP 代理
- HTTP/HTTPS 代理
- 安全代理 (STCP/SUDP)
- P2P 代理 (XTCP)
- 插件系統
- 靜態文件服務
- HTTP/SOCKS5 代理
- 協議轉換
- 使用場景
- 遠程辦公
- Web 服務發布
- 游戲服務器
- 開發環境共享
- 監控運維
- Prometheus 監控
- Grafana 儀表板
- 日志管理
- Web 管理界面
- 安全配置
- 認證加強
- 防火墻配置
- 訪問控制
- fail2ban 防護
- 項目地址
項目概述
frp(Fast Reverse Proxy)是一個高性能的反向代理服務,專注于內網穿透解決方案。它允許您將位于 NAT 或防火墻后的本地服務器暴露到互聯網,支持多種協議和高級功能。
核心特性
- 多協議支持:TCP、UDP、HTTP、HTTPS、KCP、QUIC、WebSocket
- 安全認證:Token、OIDC、TLS 加密傳輸
- 高性能:TCP 流復用、連接池、壓縮傳輸
- 易于配置:TOML/YAML/JSON 配置格式
- 監控支持:Prometheus 指標、Web 管理界面
- 插件擴展:靜態文件、HTTP 代理、SOCKS5 等
系統架構
快速開始
1. 下載安裝
# 下載最新版本
wget https://github.com/fatedier/frp/releases/download/v0.53.2/frp_0.53.2_linux_amd64.tar.gz
tar -xzf frp_0.53.2_linux_amd64.tar.gz
cd frp_0.53.2_linux_amd64
2. 服務端快速配置
# 使用簡化配置啟動服務端
cat > frps.toml << EOF
bindPort = 7000
vhostHTTPPort = 80[auth]
token = "your_token_here"[webServer]
addr = "0.0.0.0"
port = 7500
user = "admin"
password = "admin"
EOF# 啟動服務端
./frps -c frps.toml
3. 客戶端快速配置
# 配置客戶端
cat > frpc.toml << EOF
serverAddr = "your.server.com"
serverPort = 7000[auth]
token = "your_token_here"[[proxies]]
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000
EOF# 啟動客戶端
./frpc -c frpc.toml
4. 驗證連接
# 通過代理連接 SSH
ssh -p 6000 username@your.server.com# 訪問管理界面
curl http://your.server.com:7500
配置文件說明
# 基礎連接配置
serverAddr = "your.server.com"
serverPort = 7000# 認證配置
[auth]
method = "token"
token = "your_secure_token"# 傳輸層配置
[transport]
protocol = "tcp"
tls.enable = true
tcpMux = true
poolCount = 5# 代理配置示例
[[proxies]]
name = "web"
type = "http"
localIP = "127.0.0.1"
localPort = 80
customDomains = ["www.example.com"]
代理類型
TCP/UDP 代理
適用于任何基于 TCP/UDP 的服務:
# SSH 代理
[[proxies]]
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000# DNS 代理
[[proxies]]
name = "dns"
type = "udp"
localIP = "127.0.0.1"
localPort = 53
remotePort = 6053
HTTP/HTTPS 代理
支持域名綁定和路徑路由:
# Web 應用代理
[[proxies]]
name = "web"
type = "http"
localIP = "127.0.0.1"
localPort = 8080
customDomains = ["www.example.com"]
locations = ["/api", "/admin"]# HTTPS 代理
[[proxies]]
name = "secure_web"
type = "https"
localIP = "127.0.0.1"
localPort = 443
customDomains = ["secure.example.com"]
安全代理 (STCP/SUDP)
需要密鑰認證的安全代理:
# 服務端配置
[[proxies]]
name = "secret_ssh"
type = "stcp"
secretKey = "abcdefg123456"
localIP = "127.0.0.1"
localPort = 22# 訪問端配置
[[visitors]]
name = "secret_ssh_visitor"
type = "stcp"
serverName = "secret_ssh"
secretKey = "abcdefg123456"
bindIP = "127.0.0.1"
bindPort = 9000
P2P 代理 (XTCP)
客戶端間直連,減少服務器帶寬:
# P2P 文件傳輸
[[proxies]]
name = "p2p_transfer"
type = "xtcp"
secretKey = "p2p_secret"
localIP = "127.0.0.1"
localPort = 8080[[visitors]]
name = "p2p_transfer_visitor"
type = "xtcp"
serverName = "p2p_transfer"
secretKey = "p2p_secret"
bindIP = "127.0.0.1"
bindPort = 8081
插件系統
frp 支持多種客戶端插件,擴展功能:
靜態文件服務
[[proxies]]
name = "static_files"
type = "http"
customDomains = ["files.example.com"][proxies.plugin]
type = "static_file"
localPath = "/var/www/html"
stripPrefix = "files"
httpUser = "admin"
httpPassword = "password"
HTTP/SOCKS5 代理
# HTTP 代理
[[proxies]]
name = "http_proxy"
type = "tcp"
remotePort = 8080[proxies.plugin]
type = "http_proxy"
httpUser = "proxy_user"
httpPassword = "proxy_pass"# SOCKS5 代理
[[proxies]]
name = "socks5_proxy"
type = "tcp"
remotePort = 1080[proxies.plugin]
type = "socks5"
username = "socks_user"
password = "socks_pass"
協議轉換
# HTTP 轉 HTTPS
[[proxies]]
name = "http_to_https"
type = "http"
customDomains = ["convert.example.com"][proxies.plugin]
type = "http2https"
localAddr = "127.0.0.1:443"
hostHeaderRewrite = "internal.example.com"
使用場景
遠程辦公
# 企業內網訪問
[[proxies]]
name = "office_rdp"
type = "tcp"
localIP = "192.168.1.100"
localPort = 3389
remotePort = 3389[[proxies]]
name = "office_ssh"
type = "tcp"
localIP = "192.168.1.101"
localPort = 22
remotePort = 2222
Web 服務發布
# 個人博客
[[proxies]]
name = "blog"
type = "http"
localIP = "127.0.0.1"
localPort = 4000
customDomains = ["myblog.com"]# API 服務
[[proxies]]
name = "api"
type = "http"
localIP = "127.0.0.1"
localPort = 8080
subDomain = "api"
游戲服務器
# Minecraft 服務器
[[proxies]]
name = "minecraft"
type = "tcp"
localIP = "127.0.0.1"
localPort = 25565
remotePort = 25565[proxies.transport]
bandwidthLimit = "1GB"
useCompression = false
開發環境共享
# 前端開發服務器
[[proxies]]
name = "frontend"
type = "http"
localIP = "127.0.0.1"
localPort = 3000
subDomain = "dev"# 數據庫訪問
[[proxies]]
name = "database"
type = "tcp"
localIP = "127.0.0.1"
localPort = 5432
remotePort = 5432
監控運維
Prometheus 監控
# prometheus.yml
scrape_configs:- job_name: 'frps'static_configs:- targets: ['localhost:7500']metrics_path: '/metrics'- job_name: 'frpc'static_configs:- targets: ['localhost:7400']
Grafana 儀表板
- 連接數監控
- 流量統計
- 代理狀態
- 性能指標
日志管理
# 日志輪轉配置
/var/log/frp/*.log {dailyrotate 30compresscopytruncate
}
Web 管理界面
- 服務端:
http://your.server.com:7500 - 客戶端:
http://127.0.0.1:7400
安全配置
認證加強
[auth]
method = "token"
token = "$(openssl rand -base64 32)"
additionalScopes = ["HeartBeats", "NewWorkConns"]# TLS 強制加密
[transport.tls]
force = true
certFile = "/etc/frp/ssl/server.crt"
keyFile = "/etc/frp/ssl/server.key"
防火墻配置
# 基礎防火墻規則
ufw allow 7000/tcp # frp 服務端口
ufw allow 7500/tcp # 管理界面
ufw allow 80/tcp # HTTP 代理
ufw allow 443/tcp # HTTPS 代理
訪問控制
# 端口限制
allowPorts = [{ start = 2000, end = 3000 },{ single = 3389 }
]# 客戶端限制
maxPortsPerClient = 5
userConnTimeout = 10
fail2ban 防護
[frp-auth]
enabled = true
filter = frp-auth
logpath = /var/log/frp/frps.log
maxretry = 3
bantime = 3600
項目地址
- GitHub 倉庫
- 官方文檔
- Release 頁面
深入解析)
-轉載官方翻譯(有修正))
)
