frp 一个高性能的反向代理服务

发布于:2025-08-29 ⋅ 阅读:(23) ⋅ 点赞:(0)

文章目录

项目概述

frp(Fast Reverse Proxy)是一个高性能的反向代理服务,专注于内网穿透解决方案。它允许您将位于 NAT 或防火墙后的本地服务器暴露到互联网,支持多种协议和高级功能。

核心特性

  • 多协议支持:TCP、UDP、HTTP、HTTPS、KCP、QUIC、WebSocket
  • 安全认证:Token、OIDC、TLS 加密传输
  • 高性能:TCP 流复用、连接池、压缩传输
  • 易于配置:TOML/YAML/JSON 配置格式
  • 监控支持:Prometheus 指标、Web 管理界面
  • 插件扩展:静态文件、HTTP 代理、SOCKS5 等

系统架构

内网环境
公网环境
frpc Client
本地服务
frps Server
外部客户端

快速开始

1. 下载安装

# 下载最新版本
wget https://github.com/fatedier/frp/releases/download/v0.53.2/frp_0.53.2_linux_amd64.tar.gz
tar -xzf frp_0.53.2_linux_amd64.tar.gz
cd frp_0.53.2_linux_amd64

2. 服务端快速配置

# 使用简化配置启动服务端
cat > frps.toml << EOF
bindPort = 7000
vhostHTTPPort = 80

[auth]
token = "your_token_here"

[webServer]
addr = "0.0.0.0"
port = 7500
user = "admin"
password = "admin"
EOF

# 启动服务端
./frps -c frps.toml

3. 客户端快速配置

# 配置客户端
cat > frpc.toml << EOF
serverAddr = "your.server.com"
serverPort = 7000

[auth]
token = "your_token_here"

[[proxies]]
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000
EOF

# 启动客户端
./frpc -c frpc.toml

4. 验证连接

# 通过代理连接 SSH
ssh -p 6000 username@your.server.com

# 访问管理界面
curl http://your.server.com:7500

配置文件说明

# 基础连接配置
serverAddr = "your.server.com"
serverPort = 7000

# 认证配置
[auth]
method = "token"
token = "your_secure_token"

# 传输层配置
[transport]
protocol = "tcp"
tls.enable = true
tcpMux = true
poolCount = 5

# 代理配置示例
[[proxies]]
name = "web"
type = "http"
localIP = "127.0.0.1"
localPort = 80
customDomains = ["www.example.com"]

代理类型

TCP/UDP 代理

适用于任何基于 TCP/UDP 的服务:

# SSH 代理
[[proxies]]
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000

# DNS 代理
[[proxies]]
name = "dns"
type = "udp"
localIP = "127.0.0.1"
localPort = 53
remotePort = 6053

HTTP/HTTPS 代理

支持域名绑定和路径路由:

# Web 应用代理
[[proxies]]
name = "web"
type = "http"
localIP = "127.0.0.1"
localPort = 8080
customDomains = ["www.example.com"]
locations = ["/api", "/admin"]

# HTTPS 代理
[[proxies]]
name = "secure_web"
type = "https"
localIP = "127.0.0.1"
localPort = 443
customDomains = ["secure.example.com"]

安全代理 (STCP/SUDP)

需要密钥认证的安全代理:

# 服务端配置
[[proxies]]
name = "secret_ssh"
type = "stcp"
secretKey = "abcdefg123456"
localIP = "127.0.0.1"
localPort = 22

# 访问端配置
[[visitors]]
name = "secret_ssh_visitor"
type = "stcp"
serverName = "secret_ssh"
secretKey = "abcdefg123456"
bindIP = "127.0.0.1"
bindPort = 9000

P2P 代理 (XTCP)

客户端间直连,减少服务器带宽:

# P2P 文件传输
[[proxies]]
name = "p2p_transfer"
type = "xtcp"
secretKey = "p2p_secret"
localIP = "127.0.0.1"
localPort = 8080

[[visitors]]
name = "p2p_transfer_visitor"
type = "xtcp"
serverName = "p2p_transfer"
secretKey = "p2p_secret"
bindIP = "127.0.0.1"
bindPort = 8081

插件系统

frp 支持多种客户端插件,扩展功能:

静态文件服务

[[proxies]]
name = "static_files"
type = "http"
customDomains = ["files.example.com"]

[proxies.plugin]
type = "static_file"
localPath = "/var/www/html"
stripPrefix = "files"
httpUser = "admin"
httpPassword = "password"

HTTP/SOCKS5 代理

# HTTP 代理
[[proxies]]
name = "http_proxy"
type = "tcp"
remotePort = 8080

[proxies.plugin]
type = "http_proxy"
httpUser = "proxy_user"
httpPassword = "proxy_pass"

# SOCKS5 代理
[[proxies]]
name = "socks5_proxy"
type = "tcp"
remotePort = 1080

[proxies.plugin]
type = "socks5"
username = "socks_user"
password = "socks_pass"

协议转换

# HTTP 转 HTTPS
[[proxies]]
name = "http_to_https"
type = "http"
customDomains = ["convert.example.com"]

[proxies.plugin]
type = "http2https"
localAddr = "127.0.0.1:443"
hostHeaderRewrite = "internal.example.com"

使用场景

远程办公

# 企业内网访问
[[proxies]]
name = "office_rdp"
type = "tcp"
localIP = "192.168.1.100"
localPort = 3389
remotePort = 3389

[[proxies]]
name = "office_ssh"
type = "tcp"
localIP = "192.168.1.101"
localPort = 22
remotePort = 2222

Web 服务发布

# 个人博客
[[proxies]]
name = "blog"
type = "http"
localIP = "127.0.0.1"
localPort = 4000
customDomains = ["myblog.com"]

# API 服务
[[proxies]]
name = "api"
type = "http"
localIP = "127.0.0.1"
localPort = 8080
subDomain = "api"

游戏服务器

# Minecraft 服务器
[[proxies]]
name = "minecraft"
type = "tcp"
localIP = "127.0.0.1"
localPort = 25565
remotePort = 25565

[proxies.transport]
bandwidthLimit = "1GB"
useCompression = false

开发环境共享

# 前端开发服务器
[[proxies]]
name = "frontend"
type = "http"
localIP = "127.0.0.1"
localPort = 3000
subDomain = "dev"

# 数据库访问
[[proxies]]
name = "database"
type = "tcp"
localIP = "127.0.0.1"
localPort = 5432
remotePort = 5432

监控运维

Prometheus 监控

# prometheus.yml
scrape_configs:
  - job_name: 'frps'
    static_configs:
      - targets: ['localhost:7500']
    metrics_path: '/metrics'

  - job_name: 'frpc'
    static_configs:
      - targets: ['localhost:7400']

Grafana 仪表板

  • 连接数监控
  • 流量统计
  • 代理状态
  • 性能指标

日志管理

# 日志轮转配置
/var/log/frp/*.log {
    daily
    rotate 30
    compress
    copytruncate
}

Web 管理界面

  • 服务端:http://your.server.com:7500
  • 客户端:http://127.0.0.1:7400

安全配置

认证加强

[auth]
method = "token"
token = "$(openssl rand -base64 32)"
additionalScopes = ["HeartBeats", "NewWorkConns"]

# TLS 强制加密
[transport.tls]
force = true
certFile = "/etc/frp/ssl/server.crt"
keyFile = "/etc/frp/ssl/server.key"

防火墙配置

# 基础防火墙规则
ufw allow 7000/tcp  # frp 服务端口
ufw allow 7500/tcp  # 管理界面
ufw allow 80/tcp    # HTTP 代理
ufw allow 443/tcp   # HTTPS 代理

访问控制

# 端口限制
allowPorts = [
  { start = 2000, end = 3000 },
  { single = 3389 }
]

# 客户端限制
maxPortsPerClient = 5
userConnTimeout = 10

fail2ban 防护

[frp-auth]
enabled = true
filter = frp-auth
logpath = /var/log/frp/frps.log
maxretry = 3
bantime = 3600

项目地址

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布