Frp基本信息
frp全名Fast Reverse Proxy捧搞,是用于提供內(nèi)網(wǎng)穿透服務(wù)的工具,主要用于解決一些內(nèi)網(wǎng)服務(wù)沒有公網(wǎng)ip但是卻需要提供外網(wǎng)訪問的問題果复。使用frp你可以將內(nèi)網(wǎng)中的TCP材诽、UDP、HTTP汗捡、HTTPS等協(xié)議類型的服務(wù)發(fā)布到公網(wǎng)淑际,并且支持Web服務(wù)根據(jù)域名進行路由轉(zhuǎn)發(fā)。
frp已經(jīng)將項目開源至github,想深入了解的朋友可以點擊跳轉(zhuǎn)地址春缕,進行深入了解:github項目地址(frp)
Frp使用要求
Frp使用要求
如上圖的frp架構(gòu)圖所示:1盗胀、(必須)想要使用frp服務(wù),將內(nèi)網(wǎng)中的服務(wù)發(fā)布到公網(wǎng)锄贼。你需要先擁有一臺擁有公網(wǎng)ip的網(wǎng)絡(luò)設(shè)置搭建frp服務(wù)端票灰,再在內(nèi)網(wǎng)需要穿透的設(shè)置中搭建frp客戶端服務(wù)才能進行穿透;2宅荤、(非必需)你需要擁有一個域名解析到公網(wǎng)的ip地址屑迂,才能夠?qū)崿F(xiàn)web服務(wù)的通過域名進行路由轉(zhuǎn)發(fā)的功能。
Frp服務(wù)的搭建
搭建frp很簡單膘侮,關(guān)鍵的步驟只有三步:
1屈糊、獲取frp文件;
2琼了、設(shè)置frp配置文件逻锐;
3、啟動frp服務(wù)雕薪。
注意:frp搭建的的這三步是分為客戶端和服務(wù)端的昧诱,但是操作基本是一致的。本教程frp服務(wù)的搭建主要介紹frp搭建的主要三步所袁,以及frp服務(wù)端和客戶端配置文件內(nèi)容的解釋說明盏档,以及如何將frp在linux系統(tǒng)中創(chuàng)建systemd服務(wù),進行服務(wù)管理燥爷。
第一步:獲取frp文件
frp支持linux平臺和windows平臺蜈亩。參照你的設(shè)置的運行平臺下載linux版本的文件或者是windows的。
下載地址:https://github.com/fatedier/frp/releases
一般linux平臺下載的版本為:frp_版本號_linux_amd64.tar.gz
windows平臺下載的版本為:frp_版本號_windows_amd64.zip
linux版本文件的解壓命令為tar zxvf 文件名前翎,windows版本文件直接右鍵解壓即可稚配。
文件解壓后,一般都含有frps(frp服務(wù)端運行文件)港华、frpc(frp客戶端運行文件)道川、frps.ini(frp服務(wù)端配置文件)、frpc.ini(frp客戶端配置文件)立宜,以及frp_full.ini(frp全部配置文件解釋說明和參考冒萄。)
第二步:frp配置文件設(shè)置
frp配置文件分為服務(wù)端和客戶端,想要正常只用frp工具橙数,我們需要對服務(wù)端和客戶端的配置文件分別進行設(shè)置尊流。
官方中文文檔:https://gofrp.org/docs/
-
frps.ini(服務(wù)端)配置文件解釋說明:
# [common] is integral section [common] # A literal address or host name for IPv6 must be enclosed # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" # For single "bind_addr" field, no need square brackets, like "bind_addr = ::". bind_addr = 0.0.0.0 bind_port = 7000 # udp port used for kcp protocol, it can be same with 'bind_port'. # if not set, kcp is disabled in frps. kcp_bind_port = 7000 # udp port used for quic protocol. # if not set, quic is disabled in frps. # quic_bind_port = 7002 # quic protocol options # quic_keepalive_period = 10 # quic_max_idle_timeout = 30 # quic_max_incoming_streams = 100000 # specify which address proxy will listen for, default value is same with bind_addr # proxy_bind_addr = 127.0.0.1 # if you want to support virtual host, you must set the http port for listening (optional) # Note: http port and https port can be same with bind_port vhost_http_port = 80 vhost_https_port = 443 # response header timeout(seconds) for vhost http server, default is 60s # vhost_http_timeout = 60 # tcpmux_httpconnect_port specifies the port that the server listens for TCP # HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP # requests on one single port. If it's not - it will listen on this value for # HTTP CONNECT requests. By default, this value is 0. # tcpmux_httpconnect_port = 1337 # If tcpmux_passthrough is true, frps won't do any update on traffic. # tcpmux_passthrough = false # set dashboard_addr and dashboard_port to view dashboard of frps # dashboard_addr's default value is same with bind_addr # dashboard is available only if dashboard_port is set dashboard_addr = 0.0.0.0 dashboard_port = 7500 # dashboard user and passwd for basic auth protect dashboard_user = admin dashboard_pwd = admin # dashboard TLS mode dashboard_tls_mode = false # dashboard_tls_cert_file = server.crt # dashboard_tls_key_file = server.key # enable_prometheus will export prometheus metrics on {dashboard_addr}:{dashboard_port} in /metrics api. enable_prometheus = true # dashboard assets directory(only for debug mode) # assets_dir = ./static # console or real logFile path like ./frps.log log_file = ./frps.log # trace, debug, info, warn, error log_level = info log_max_days = 3 # disable log colors when log_file is console, default is false disable_log_color = false # DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true. detailed_errors_to_client = true # authentication_method specifies what authentication method to use authenticate frpc with frps. # If "token" is specified - token will be read into login message. # If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token". authentication_method = token # authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false. authenticate_heartbeats = false # AuthenticateNewWorkConns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false. authenticate_new_work_conns = false # auth token token = 12345678 # oidc_issuer specifies the issuer to verify OIDC tokens with. # By default, this value is "". oidc_issuer = # oidc_audience specifies the audience OIDC tokens should contain when validated. # By default, this value is "". oidc_audience = # oidc_skip_expiry_check specifies whether to skip checking if the OIDC token is expired. # By default, this value is false. oidc_skip_expiry_check = false # oidc_skip_issuer_check specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer. # By default, this value is false. oidc_skip_issuer_check = false # heartbeat configure, it's not recommended to modify the default value # the default value of heartbeat_timeout is 90. Set negative value to disable it. # heartbeat_timeout = 90 # user_conn_timeout configure, it's not recommended to modify the default value # the default value of user_conn_timeout is 10 # user_conn_timeout = 10 # only allow frpc to bind ports you list, if you set nothing, there won't be any limit allow_ports = 2000-3000,3001,3003,4000-50000 # pool_count in each proxy will change to max_pool_count if they exceed the maximum value max_pool_count = 5 # max ports can be used for each client, default value is 0 means no limit max_ports_per_client = 0 # tls_only specifies whether to only accept TLS-encrypted connections. By default, the value is false. tls_only = false # tls_cert_file = server.crt # tls_key_file = server.key # tls_trusted_ca_file = ca.crt # if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file # when subdomain is test, the host used by routing is test.frps.com subdomain_host = frps.com # if tcp stream multiplexing is used, default is true # tcp_mux = true # specify keep alive interval for tcp mux. # only valid if tcp_mux is true. # tcp_mux_keepalive_interval = 60 # tcp_keepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. # If negative, keep-alive probes are disabled. # tcp_keepalive = 7200 # custom 404 page for HTTP requests # custom_404_page = /path/to/404.html # specify udp packet size, unit is byte. If not set, the default value is 1500. # This parameter should be same between client and server. # It affects the udp and sudp proxy. udp_packet_size = 1500 # Enable golang pprof handlers in dashboard listener. # Dashboard port must be set first pprof_enable = false # Retention time for NAT hole punching strategy data. nat_hole_analysis_data_reserve_hours = 168 [plugin.user-manager] addr = 127.0.0.1:9000 path = /handler ops = Login [plugin.port-manager] addr = 127.0.0.1:9001 path = /handler ops = NewProxy -
frpc.ini(客戶端)配置文件解釋說明:
# [common] is integral section [common] # A literal address or host name for IPv6 must be enclosed # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" # For single "server_addr" field, no need square brackets, like "server_addr = ::". server_addr = 0.0.0.0 server_port = 7000 # STUN server to help penetrate NAT hole. # nat_hole_stun_server = stun.easyvoip.com:3478 # The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds. # dial_server_timeout = 10 # dial_server_keepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. # If negative, keep-alive probes are disabled. # dial_server_keepalive = 7200 # if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set http_proxy here or in global environment variables # it only works when protocol is tcp # http_proxy = http://user:passwd@192.168.1.128:8080 # http_proxy = socks5://user:passwd@192.168.1.128:1080 # http_proxy = ntlm://user:passwd@192.168.1.128:2080 # console or real logFile path like ./frpc.log log_file = ./frpc.log # trace, debug, info, warn, error log_level = info log_max_days = 3 # disable log colors when log_file is console, default is false disable_log_color = false # for authentication, should be same as your frps.ini # authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false. authenticate_heartbeats = false # authenticate_new_work_conns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false. authenticate_new_work_conns = false # auth token token = 12345678 authentication_method = # oidc_client_id specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc". # By default, this value is "". oidc_client_id = # oidc_client_secret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc". # By default, this value is "". oidc_client_secret = # oidc_audience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "". oidc_audience = # oidc_scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "". oidc_scope = # oidc_token_endpoint_url specifies the URL which implements OIDC Token Endpoint. # It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "". oidc_token_endpoint_url = # oidc_additional_xxx specifies additional parameters to be sent to the OIDC Token Endpoint. # For example, if you want to specify the "audience" parameter, you can set as follow. # frp will add "audience=<value>" "var1=<value>" to the additional parameters. # oidc_additional_audience = https://dev.auth.com/api/v2/ # oidc_additional_var1 = foobar # set admin address for control frpc's action by http api such as reload admin_addr = 127.0.0.1 admin_port = 7400 admin_user = admin admin_pwd = admin # Admin assets directory. By default, these assets are bundled with frpc. # assets_dir = ./static # connections will be established in advance, default value is zero pool_count = 5 # if tcp stream multiplexing is used, default is true, it must be same with frps # tcp_mux = true # specify keep alive interval for tcp mux. # only valid if tcp_mux is true. # tcp_mux_keepalive_interval = 60 # your proxy name will be changed to {user}.{proxy} user = your_name # decide if exit program when first login failed, otherwise continuous relogin to frps # default is true login_fail_exit = true # communication protocol used to connect to server # supports tcp, kcp, quic, websocket and wss now, default is tcp protocol = tcp # set client binding ip when connect server, default is empty. # only when protocol = tcp or websocket, the value will be used. connect_server_local_ip = 0.0.0.0 # quic protocol options # quic_keepalive_period = 10 # quic_max_idle_timeout = 30 # quic_max_incoming_streams = 100000 # If tls_enable is true, frpc will connect frps by tls. # Since v0.50.0, the default value has been changed to true, and tls is enabled by default. tls_enable = true # tls_cert_file = client.crt # tls_key_file = client.key # tls_trusted_ca_file = ca.crt # tls_server_name = example.com # specify a dns server, so frpc will use this instead of default one # dns_server = 8.8.8.8 # proxy names you want to start separated by ',' # default is empty, means all proxies # start = ssh,dns # heartbeat configure, it's not recommended to modify the default value # The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value # to disable it. # heartbeat_interval = 30 # heartbeat_timeout = 90 # additional meta info for client meta_var1 = 123 meta_var2 = 234 # specify udp packet size, unit is byte. If not set, the default value is 1500. # This parameter should be same between client and server. # It affects the udp and sudp proxy. udp_packet_size = 1500 # include other config files for proxies. # includes = ./confd/*.ini # If the disable_custom_tls_first_byte is set to false, frpc will establish a connection with frps using the # first custom byte when tls is enabled. # Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default. disable_custom_tls_first_byte = true # Enable golang pprof handlers in admin listener. # Admin port must be set first. pprof_enable = false # 'ssh' is the unique proxy name # if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh' [ssh] # tcp | udp | http | https | stcp | xtcp, default is tcp type = tcp local_ip = 127.0.0.1 local_port = 22 # limit bandwidth for this proxy, unit is KB and MB bandwidth_limit = 1MB # where to limit bandwidth, can be 'client' or 'server', default is 'client' bandwidth_limit_mode = client # true or false, if true, messages between frps and frpc will be encrypted, default is false use_encryption = false # if true, message will be compressed use_compression = false # remote port listen by frps remote_port = 6001 # frps will load balancing connections for proxies in same group group = test_group # group should have same group key group_key = 123456 # enable health check for the backend service, it support 'tcp' and 'http' now # frpc will connect local service's port to detect it's healthy status health_check_type = tcp # health check connection timeout health_check_timeout_s = 3 # if continuous failed in 3 times, the proxy will be removed from frps health_check_max_failed = 3 # every 10 seconds will do a health check health_check_interval_s = 10 # additional meta info for each proxy meta_var1 = 123 meta_var2 = 234 [ssh_random] type = tcp local_ip = 127.0.0.1 local_port = 22 # if remote_port is 0, frps will assign a random port for you remote_port = 0 # if you want to expose multiple ports, add 'range:' prefix to the section name # frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on. [range:tcp_port] type = tcp local_ip = 127.0.0.1 local_port = 6010-6020,6022,6024-6028 remote_port = 6010-6020,6022,6024-6028 use_encryption = false use_compression = false [dns] type = udp local_ip = 114.114.114.114 local_port = 53 remote_port = 6002 use_encryption = false use_compression = false [range:udp_port] type = udp local_ip = 127.0.0.1 local_port = 6010-6020 remote_port = 6010-6020 use_encryption = false use_compression = false # Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02 [web01] type = http local_ip = 127.0.0.1 local_port = 80 use_encryption = false use_compression = true # http username and password are safety certification for http protocol # if not set, you can access this custom_domains without certification http_user = admin http_pwd = admin # if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com subdomain = web01 custom_domains = web01.yourdomain.com # locations is only available for http type locations = /,/pic # route requests to this service if http basic auto user is abc # route_by_http_user = abc host_header_rewrite = example.com # params with prefix "header_" will be used to update http request headers header_X-From-Where = frp health_check_type = http # frpc will send a GET http request '/status' to local http service # http service is alive when it return 2xx http response code health_check_url = /status health_check_interval_s = 10 health_check_max_failed = 3 health_check_timeout_s = 3 [web02] type = https local_ip = 127.0.0.1 local_port = 8000 use_encryption = false use_compression = false subdomain = web02 custom_domains = web02.yourdomain.com # if not empty, frpc will use proxy protocol to transfer connection info to your local service # v1 or v2 or empty proxy_protocol_version = v2 [plugin_unix_domain_socket] type = tcp remote_port = 6003 # if plugin is defined, local_ip and local_port is useless # plugin will handle connections got from frps plugin = unix_domain_socket # params with prefix "plugin_" that plugin needed plugin_unix_path = /var/run/docker.sock [plugin_http_proxy] type = tcp remote_port = 6004 plugin = http_proxy plugin_http_user = abc plugin_http_passwd = abc [plugin_socks5] type = tcp remote_port = 6005 plugin = socks5 plugin_user = abc plugin_passwd = abc [plugin_static_file] type = tcp remote_port = 6006 plugin = static_file plugin_local_path = /var/www/blog plugin_strip_prefix = static plugin_http_user = abc plugin_http_passwd = abc [plugin_https2http] type = https custom_domains = test.yourdomain.com plugin = https2http plugin_local_addr = 127.0.0.1:80 plugin_crt_path = ./server.crt plugin_key_path = ./server.key plugin_host_header_rewrite = 127.0.0.1 plugin_header_X-From-Where = frp [plugin_https2https] type = https custom_domains = test.yourdomain.com plugin = https2https plugin_local_addr = 127.0.0.1:443 plugin_crt_path = ./server.crt plugin_key_path = ./server.key plugin_host_header_rewrite = 127.0.0.1 plugin_header_X-From-Where = frp [plugin_http2https] type = http custom_domains = test.yourdomain.com plugin = http2https plugin_local_addr = 127.0.0.1:443 plugin_host_header_rewrite = 127.0.0.1 plugin_header_X-From-Where = frp [secret_tcp] # If the type is secret tcp, remote_port is useless # Who want to connect local port should deploy another frpc with stcp proxy and role is visitor type = stcp # sk used for authentication for visitors sk = abcdefg local_ip = 127.0.0.1 local_port = 22 use_encryption = false use_compression = false # If not empty, only visitors from specified users can connect. # Otherwise, visitors from same user can connect. '*' means allow all users. allow_users = * # user of frpc should be same in both stcp server and stcp visitor [secret_tcp_visitor] # frpc role visitor -> frps -> frpc role server role = visitor type = stcp # the server name you want to visitor server_name = secret_tcp sk = abcdefg # connect this address to visitor stcp server bind_addr = 127.0.0.1 # bind_port can be less than 0, it means don't bind to the port and only receive connections redirected from # other visitors. (This is not supported for SUDP now) bind_port = 9000 use_encryption = false use_compression = false [p2p_tcp] type = xtcp sk = abcdefg local_ip = 127.0.0.1 local_port = 22 use_encryption = false use_compression = false # If not empty, only visitors from specified users can connect. # Otherwise, visitors from same user can connect. '*' means allow all users. allow_users = user1, user2 [p2p_tcp_visitor] role = visitor type = xtcp # if the server user is not set, it defaults to the current user server_user = user1 server_name = p2p_tcp sk = abcdefg bind_addr = 127.0.0.1 # bind_port can be less than 0, it means don't bind to the port and only receive connections redirected from # other visitors. (This is not supported for SUDP now) bind_port = 9001 use_encryption = false use_compression = false # when automatic tunnel persistence is required, set it to true keep_tunnel_open = false # effective when keep_tunnel_open is set to true, the number of attempts to punch through per hour max_retries_an_hour = 8 min_retry_interval = 90 # fallback_to = stcp_visitor # fallback_timeout_ms = 500 [tcpmuxhttpconnect] type = tcpmux multiplexer = httpconnect local_ip = 127.0.0.1 local_port = 10701 custom_domains = tunnel1 # route_by_http_user = user1
第三步:啟動服務(wù)
linux環(huán)境下啟動服務(wù)根暑,需要先把運行文件添加可執(zhí)行權(quán)限篱昔。
例如我的文件實在root文件夾中,我需要搭建frp服務(wù)端沾鳄,那么待設(shè)置好服務(wù)端配置文件(frps.ini)后執(zhí)行以下命令即可:
cd /root
chmod +x frps
nohup ./frps -c ./frps.ini &
執(zhí)行成功后,會顯示frp的進程號碼响疚。你也可以通過命令來查看frps運行的進程編號:ps -e | grep frps
在windows環(huán)境下則是以管理員身份運行cmd命令提示符鄙信。進入相應(yīng)的目錄后,運行命令即可:
frps -c frps.ini &
關(guān)于frp管理的優(yōu)化設(shè)置
注:現(xiàn)官方已提供systemd服務(wù)配置文件忿晕,可直接使用装诡。
debian8.0,或者是centos7.0以上的版本践盼,服務(wù)都是基于systemd的方式進行管理的鸦采。frp通過設(shè)置后也可以實現(xiàn)systemd的方式進行管理,這樣我們就可以通過systemctl命令來進行服務(wù)的統(tǒng)一管理咕幻,同時通過這樣的設(shè)置也可以將frp服務(wù)加入開機自啟動渔伯。
-
將frp設(shè)置成linux系統(tǒng)的服務(wù),基于systemd方式管理
編寫frps.service文件:
vi /usr/lib/systemd/system/frps.service
內(nèi)容如下:[Unit] Description=Frp Server Service After=network.target [Service] Type=simple User=nobody Restart=on-failure RestartSec=5s ExecStart=/usr/bin/frps -c /etc/frp/frps.ini [Install] WantedBy=multi-user.target編寫frpc.service文件:
vi /usr/lib/systemd/system/frps.service
內(nèi)容如下:[Unit] Description=Frp Client Service After=network.target [Service] Type=simple User=nobody Restart=on-failure RestartSec=5s ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini ExecReload=/usr/bin/frpc reload -c /etc/frp/frpc.ini [Install] WantedBy=multi-user.target -
將frp設(shè)置成開機自啟動
#frps systemctl enable frps systemctl start frps #frpc systemctl enable frpc systemctl start frpcFrp到此就配置完了肄程。
附:個人參考配置
1锣吼、HTTP及TCP端口映射配置參考
-
服務(wù)器端:
[common] bind_addr = 0.0.0.0 //綁定地址 bind_port = 8888 //TCP綁定端口 bind_udp_port = 8888 //UDP綁定端口 kcp_bind_port = 8888 //KCP綁定端口 vhost_http_port = 80 //HTTP代理端口 vhost_https_port = 443 //HTTPS代理端口 dashboard_addr = 0.0.0.0 //儀表盤地址 dashboard_port = 10000 //儀表盤端口 dashboard_user = admin //儀表盤用戶名 dashboard_pwd = admin //儀表盤密碼 token = 123456 //連接密碼 subdomain_host = test.com //子域名使用的主機名 -
客戶端:
[common] server_addr = 172.16.100.100 //服務(wù)器地址 server_port = 8888 //服務(wù)器綁定端口 token = 123456 //特權(quán)模式密碼 tls_enable = true //加密傳輸 admin_addr = 127.0.0.1 //客戶端Web地址 admin_port = 7400 //Web訪問端口 admin_user = admin //Web訪問賬戶 admin_pwd = admin //Web訪問密碼 user = your_name //用戶名,設(shè)置后代理將顯示為 <用戶名.代理名> [web] //服務(wù)名稱(自定義) local_ip = 127.0.0.1 //本機ip type = http //鏈路類型 local_port = 80 //本機端口 subdomain = web //服務(wù)端為test.com,故此處子域名為web.test.com custom_domains = demo.com //自定義訪問域名蓝厌,多個使用,分割 use_compression = true //使用壓縮 use_encryption = true //使用加密 [ssh] local_ip = 127.0.0.1 type = tcp local_port = 22 remote_port = 9000 use_compression = true use_encryption = true注:具體參數(shù)請根據(jù)需要配置玄叠。
2、XTCP端口映射配置參考(P2P)
官方說明:https://gofrp.org/docs/features/xtcp/
官方示例:https://gofrp.org/docs/examples/xtcp/
-
服務(wù)器端:
[common] bind_addr = 0.0.0.0 #綁定地址 bind_port = 8888 #TCP綁定端口 bind_udp_port = 8888 #UDP綁定端口 kcp_bind_port = 8888 #KCP綁定端口 vhost_http_port = 80 #HTTP代理端口 vhost_https_port = 443 #HTTPS代理端口 dashboard_addr = 0.0.0.0 #儀表盤地址 dashboard_port = 10000 #儀表盤端口 dashboard_user = admin #儀表盤用戶名 dashboard_pwd = admin #儀表盤密碼 token = 123456 #連接密碼 subdomain_host = test.com #子域名使用的主機名 -
客戶端(被訪問):
[common] server_addr = 172.16.100.100 #服務(wù)器地址 server_port = 8888 #服務(wù)器綁定端口 token = 123456 #特權(quán)模式密碼 tls_enable = true #加密傳輸 user = your_name #用戶名拓提,設(shè)置后代理將顯示為 <用戶名.代理名> [p2p_ssh] type = xtcp role = visitor #角色, 這里是 xtcp 服務(wù)端 sk = abcdef local_ip = 127.0.0.1 local_port = 22 -
客戶端(訪問者):
[common] server_addr = 172.16.100.100 #服務(wù)器地址 server_port = 8888 #服務(wù)器綁定端口 token = 123456 #特權(quán)模式密碼 tls_enable = true #加密傳輸 user = your_name #用戶名读恃,設(shè)置后代理將顯示為 <用戶名.代理名> [p2p_ssh_vistor] type = xtcp role = visitor #角色, 這里是 xtcp 訪問者 server_name = p2p_ssh #要訪問的 xtcp 代理的名字 sk = abcdef #訪問密碼,兩個客戶端需一致 bind_addr = 127.0.0.1 bind_port = 2222 #綁定本地端口用于訪問上文p2p_ssh服務(wù) keep_tunnel_open = true #需要自動保持隧道打開時,設(shè)置為 true注:具體參數(shù)請根據(jù)需要配置代态。
