ox000:

公网IP服务器： 相关端口防火墙关闭

[root@client-142-11-227-141 home]# ls
bbr.sh          docker_ex.sh       down       down.sh  frp_0.35.1_linux_386         frp.tar.gz  init        muma            nginxinit.sh      redis.sh          run.sh
docke_in.sh     docker_gitlab.sh   down1      email    frp_0.35.1_linux_386.tar.gz  http        java        mysql5.5.62.sh  nginx_restart.sh  remote            stop_firewalld.sh
docker-all2.sh  docker_images.tar  down.conf  file     frps.ini                     https       mariadb.sh  mysql.8.0.sh    py                run_firewalld.sh  yang
[root@client-142-11-227-141 home]# tar -zxvf frp_0.35.1_linux_386

进入frp目录

[root@client-142-11-227-141 home]# cd frp_0.35.1_linux_386
[root@client-142-11-227-141 frp_0.35.1_linux_386]# ls
frpc frpc_full.ini frpc.ini frps frps.2022-01-05.log frps_full.ini frps.ini frps.log frps_run.sh LICENSE nohup.out systemd

修改frps.ini 文件配置相关ip/端口/连接.....
[root@client-142-11-227-141 frp_0.35.1_linux_386]# cat frps.ini
[common]
bind_addr = 0.0.0.0
bind_port = 7000
bind_udp_port = 7001
kcp_bind_port = 7000
vhost_http_port = 9999
vhost_https_port = 443
dashboard_addr = 0.0.0.0
dashboard_port = 7501
dashboard_user = yang
dashboard_pwd = xiong
log_file = ./frps.log
log_level = info
log_max_days = 3
disable_log_color = false
token = 12345678
allow_ports = 2000-3000,3001,3004-4000,5000-50000
max_pool_count = 5
max_ports_per_client = 0
#subdomain_host = xiongyang.top
subdomain_host = xiongyang.icu    # 公网ip/可以为域名
#subdomain_host = 104.238.161.157
tcp_mux = true
[root@client-142-11-227-141 frp_0.35.1_linux_386]#

自己写的启动脚本

[root@client-142-11-227-141 frp_0.35.1_linux_386]# cat frps_run.sh
#! /bin/sh
nohup ./frps -c ./frps.ini &

[root@client-142-11-227-141 frp_0.35.1_linux_386]#

[root@client-142-11-227-141 frp_0.35.1_linux_386]# cat nohup.out
2021/03/09 06:09:19 [I] [root.go:116] frps uses command line arguments for config
2021/03/09 06:09:19 [I] [service.go:190] frps tcp listen on 0.0.0.0:7000
2021/03/09 06:09:19 [I] [root.go:217] frps started successfully
2021/03/09 06:13:45 [I] [root.go:116] frps uses command line arguments for config
2021/03/09 06:13:45 [I] [service.go:190] frps tcp listen on 0.0.0.0:7000
2021/03/09 06:13:45 [I] [root.go:217] frps started successfully
2021/03/09 06:39:20 [I] [root.go:116] frps uses command line arguments for config
2021/03/09 06:39:20 [I] [service.go:190] frps tcp listen on 0.0.0.0:7000
2021/03/09 06:39:20 [I] [root.go:217] frps started successfully
2021/03/09 06:43:06 [I] [root.go:116] frps uses command line arguments for config
2021/03/09 06:43:07 [I] [service.go:190] frps tcp listen on 0.0.0.0:7000
2021/03/09 06:43:07 [I] [root.go:217] frps started successfully
2021/03/09 15:44:17 [I] [root.go:108] frps uses config file: ./frps.ini
2021/03/09 15:45:06 [I] [root.go:108] frps uses config file: ./frps.ini
2021/03/09 15:49:03 [I] [root.go:108] frps uses config file: ./frps.ini
2021/03/09 16:13:15 [I] [root.go:108] frps uses config file: ./frps.ini
Create server listener error, listen tcp 0.0.0.0:7000: bind: address already in use
2021/03/30 17:57:26 [I] [root.go:108] frps uses config file: ./frps.ini
2021/06/12 11:44:10 [I] [root.go:108] frps uses config file: ./frps.ini
2021/06/12 13:44:28 [I] [root.go:108] frps uses config file: ./frps.ini
2021/06/22 13:58:06 [I] [root.go:108] frps uses config file: ./frps.ini
2021/09/08 00:13:32 [I] [root.go:108] frps uses config file: ./frps.ini
2021/09/16 19:23:31 [I] [root.go:108] frps uses config file: ./frps.ini
2021/10/11 00:19:22 [I] [root.go:108] frps uses config file: ./frps.ini
2021/10/27 00:58:27 [I] [root.go:108] frps uses config file: ./frps.ini
2021/11/15 23:55:18 [I] [root.go:108] frps uses config file: ./frps.ini
2021/12/30 18:09:37 [I] [root.go:108] frps uses config file: ./frps.ini
Create server listener error, listen tcp 0.0.0.0:443: bind: address already in use
2021/12/30 18:15:59 [I] [root.go:108] frps uses config file: ./frps.ini
Create server listener error, listen tcp 0.0.0.0:443: bind: address already in use
2022/01/05 09:33:24 [I] [root.go:108] frps uses config file: ./frps.ini
2022/01/05 23:38:00 [I] [root.go:108] frps uses config file: ./frps.ini
Create server listener error, listen tcp 0.0.0.0:7000: bind: address already in use
2022/01/05 23:38:41 [I] [root.go:108] frps uses config file: ./frps.ini
Create server listener error, listen tcp 0.0.0.0:7000: bind: address already in use
2022/01/05 23:41:59 [I] [root.go:108] frps uses config file: ./frps.ini
Create server listener error, listen tcp 0.0.0.0:7000: bind: address already in use

0x001:

centos7:内网主机: stcp(secret tcp) 

安全地暴露内网服务

对于某些服务来说如果直接暴露于公网上将会存在安全隐患。

使用 stcp(secret tcp) 类型的代理可以避免让任何人都能访问到要穿透的服务，但是访问者也需要运行另外一个 frpc 客户端。

[root@localhost frp_0.35.0_linux_386]# ls
frpc  frpc_full.ini  frpc.ini  frps  frps_full.ini  frps.ini  LICENSE  out.out  run.sh  systemd

[root@localhost frp_0.35.0_linux_386]# cat frpc.ini
[common]  #frps 配置
#server_addr = xiongyang.top
server_addr = xiongyang.icu
server_port = 7000
token = 12345678

[secret_ssh]               //名称
type = stcp　　　　//协议
sk = yang　　　　//sk 密码
local_ip = 127.0.0.1   //本地IP　　
local_port = 22　　　　//本地端口
#remote_port = 6001
[root@localhost frp_0.35.0_linux_386]#

添加frpc 启动脚本

[root@localhost frp_0.35.0_linux_386]# cat run.sh
cd /home/yang/yang/frp_0.35.0_linux_386/
killall frpc
nohup ./frpc -c frpc.ini > ./out.out 2>&1 &
[root@localhost frp_0.35.0_linux_386]#

//定时任务

crontab -e  //添加定时任务
54 22 * * * /home/yang/yang/frp_0.35.0_linux_386/run.sh
service crond status  //查看定时状态
crontab -l //列出某个用户cron服务的详细内容
crontab -l
54 22 * * * /home/yang/yang/frp_0.35.0_linux_386/run.sh

0x002:

windows:访问者

 frpc.ini：内容

[common] #frps 配置
server_addr = xiongyang.top
server_port = 7000
token = 12345678

[secret_ssh_visitor]    #访问者名称
type = stcp　　　　　　#协议
# stcp 的访问者
role = visitor      #规则
# 要访问的 stcp 代理的名字
server_name = secret_ssh    # 内网主机配置的frpc.ini中的名称（一样才能访问到）
sk = yang　　　　　　　　#  内网主机配置的frpc.ini中的密码 （一样才能访问到）
# 绑定本地端口用于访问 SSH 服务
bind_addr = 127.0.0.1   #本地IP
bind_port = 6000    #本地暴露贵frps的端口

#local_ip = 192.168.89.5
#local_port = 3389
#remote_port = 6000
#custom_domains = xiongyang.top

cmd 窗口运行frpc.exe 

frp_0.35.0_windows_amd64\frp_0.35.0_windows_amd64_dg_>frpc.exe
2022/01/06 02:06:32 [I] [service.go:290] [973c53e867d166c7] login to server success, get run id [973c53e867d166c7], server udp port [7001]
2022/01/06 02:06:32 [I] [visitor_manager.go:86] [973c53e867d166c7] start visitor success
2022/01/06 02:06:32 [I] [visitor_manager.go:130] [973c53e867d166c7] visitor added: [secret_ssh_visitor_dg]

0x002:

访问者连接内网主机：

cmd

C:\Users\xiong>ssh -oPort=6000 root@127.0.0.1
root@127.0.0.1's password:
Last login: Thu Jan  6 02:05:37 2022 from localhost
Last login: Thu Jan  6 02:05:37 2022 from localhost
[root@djsaas ~]# ls
anaconda-ks.cfg
[root@djsaas ~]# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a9:96:98 brd ff:ff:ff:ff:ff:ff
    inet 172.20.16.204/24 brd 172.20.16.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::adca:6e42:1e35:89d0/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: docker0:  mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:3e:dc:2e:05 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:3eff:fedc:2e05/64 scope link
       valid_lft forever preferred_lft forever

0x003:

至此 内网连接成功：流量流向  win10:ip:6000--->frps --->centos7:ip:22  ，frps 会转发6000到frps的流量到连接到frps与之相连的22流量路径

ox004:

额外:定时crontab 

crontab -e  //添加定时任务

54 22 * * * /home/yang/yang/frp_0.35.0_linux_386/run.sh

service crond status  //查看定时状态
crontab -l //列出某个用户cron服务的详细内容

参考frp: https://gofrp.org/docs/examples/xtcp/