1.环境
操作系统:
服务器:CentOS 7 64位
客户端:Windows Server 2012 DataCent 64位
2.下载
github地址:frp-github
科普amd及arm架构:
AMD(Advanced Micro Devices)架构是x86的一种变体,是大型主机、台式机和笔记本电脑的主要处理器。而ARM(Advanced RISC Machines)架构是一种精简指令集(RISC)架构,主要用于移动设备如智能手机、平板电脑和嵌入式设备。
Windows选:
frp_x.xx.x_windows_amd64.zip
CentOS选:
frp_x.xx.x_linux_amd64.tar.gz
3.Windows 解压
解压frp_x.xx.x_windows_amd64.zip到自定义目录,解压出来的文件其中frpc.exe为客户端,frpc.ini为客户端配置。
4.CentOS 解压
解压frp_x.xx.x_linux_amd64.tar.gz到自定义目录
5.Window 配置虚拟机 CentOS SSH远程访问
编辑 fprc.ini:
[common]
# 服务器ip
server_addr = xxx.xxx.xxx.xxx
# 服务器绑定端口
server_port = 7000
# 开启ssh远程连接
[ssh]
# 通信类型
type = tcp
# 本地ip
local_ip = xxx.xxx.xxx.xxx
# 本地端口
local_port = 22
# 远程访问端口
remote_port = 6000
6.CentOS 配置 SSH 远程访问
vim fprs.ini:
[common]
bind_port = 7000
7.启动 CentOS frp
nohup /opt/frp_x.xx.x_linux_amd64/frps -c /opt/frp_x.xx.x_linux_amd64/frps.ini
8.启动 Windows 虚拟机 CentOS frp
注意:
要在云服务器安全组里放开自定义的7000、6000端口
使用power shell运行,进入到目录,执行:
.\frpc.exe -c .\frpc.ini
9.连接 Windows 虚拟机 CentOS
ip为服务器ip,端口为远程访问端口remote_port,例:6000
10.配置CentOS http访问
vim fprs.ini:
[common]
bind_port = 20220
# 所有http请求均访问这个端口,会自动映射客户端绑定custom_domains
vhost_http_port = 20221
token = test-http
# dashboard_port = 7300
# dashboard_user = akim
# dashboard_pwd = 123456
# enable_prometheus = true
log_file = /opt/frp/logs/frps.log
log_level = info
log_max_days = 3
11.配置Windows http访问
编辑 fprc.ini:
[common]
# 服务器ip
server_addr = xxx.xxx.xxx.xxx
# 服务器绑定端口
server_port = 20220
# 会话token
token = test-http
# 开启ssh远程连接
[ssh]
# 通信类型
type = tcp
# 本地ip
local_ip = 192.168.67.100
# 本地端口
local_port = 22
# 远程访问端口
remote_port = 10122
# 第一个http请求地址
[api-http]
type = http
local_ip = 192.168.67.100
local_port = 8888
custom_domains = xxx.xxx.com
# 第二个http请求地址
[s3-http]
type = http
local_ip = 192.168.67.100
local_port = 8889
custom_domains = xxx.xxx.com
12.配置 Nginx http 访问
# 第一个http请求域名:xxx.xxx.com -> http to https
server {
listen 80;
server_name xxx.xxx.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name xxx.xxx.com;
ssl_certificate ../cert/xxx.pem;
ssl_certificate_key ../cert/xxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DHE;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://xxx.xxx.xxx.xxx:20221; # 指向fpr vhost_http_port,自动寻址二级域名
}
}
# 第二个http请求域名:xx.xxx.com http to https
server {
listen 80;
server_name xx.xxx.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name xx.xxx.com;
ssl_certificate ../cert/xxx.pem;
ssl_certificate_key ../cert/xxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DHE;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://xxx.xxx.xxx.xxx:20221; # 指向fpr vhost_http_port,自动寻址二级域名
}
}
