How to Install and Use FRP for Secure Connections π
Wednesday, Dec 18, 2024 | 7 minute read
Unleash the Power of Secure Connections! π₯ This innovative tool enables developers to effortlessly bypass network barriers, support multiple protocols, and ensure safe service exposure with flexible configurations and robust security features. Perfect for seamless network access! π
In the digital age, freedom and convenience in network connectivity have become indispensable needs for every developer. How can we securely expose local services to the internet and break through network limitations?
In this highly interconnected era of information, many developers face the challenge of safely accessing, sharing, and maintaining local services. Reverse proxy technology has emerged, and FRP (Fast Reverse Proxy) is one of its standout solutions! FRP not only effectively circumvents network restrictions but also serves as a must-have tool for developers with its powerful features and flexible configurations πͺ.
1. What is FRP? π
FRP (Fast Reverse Proxy) is a high-speed reverse proxy tool designed to facilitate access to local servers located behind Network Address Translation (NAT) or firewalls. In simple terms, FRP acts as a βsecret tunnelβ in the digital world, helping us securely expose local services to the internet π. Its core functionality lies in its ability to efficiently penetrate NAT and firewalls, supporting multiple network protocols to provide users with a seamless online service access experience!
2. The Unique Appeal of FRP β¨
The appeal of FRP lies not only in its ability to break through network barriers but also in its comprehensive support for various protocols π. Whether it’s TCP, UDP, HTTP, or HTTPS, FRP can handle them with ease, allowing users to manage a variety of network requests flexibly.
- Flexible Configuration Options ποΈ: FRP supports various file formats, including TOML, YAML, and JSON, and can reference environment variables in configuration files, enabling users to dynamically configure based on their needs.
- Powerful Monitoring and Performance Analysis Features π: FRP integrates with Prometheus to trace performance data in real-time, aiding developers in in-depth analysis and optimization to enhance service quality!
- Security Assurance π: FRP supports multiple authentication mechanisms, including token-based authentication and OIDC authentication, ensuring that all connections are secure and worry-free. Furthermore, it provides traffic encryption and compression to enhance security and performance during transmission, alleviating users’ concerns while using the tool!
3. Why Developers Love FRP? β€οΈ
FRP is popular among developers thanks to its convenient service access method π. It simplifies the management of local services and significantly reduces the complexity of network configurations, allowing developers to focus more on project development rather than network maintenance.
- High Availability and Load Balancing βοΈ: FRP provides high availability and load balancing features, ensuring the reliability of services, and maintaining efficient and robust performance in any scenario.
- Wide Applicability π: With advanced traffic control features, such as HTTP Host header rewriting, custom subdomains, and TCP port reuse, FRP can meet various application needs, enabling developers to adapt flexibly to different scenarios.
As a powerful tool, FRP displays extraordinary capabilities in breaking down network barriers and ensuring local services are safely exposed to the internet, making it an βinvincible weaponβ π for developers! Whether youβre a novice programmer or an experienced developer, FRP is definitely worth a try!
Getting Started with FRP π
FRP is a robust open-source tool that helps expose local servers to the public internet behind NAT or firewalls. It supports protocols including TCP, UDP, HTTP, and HTTPS, making it easy to forward requests from a domain to our internal services. Let’s dive into how to install and configure FRP to create a tunnel for your network services!π
Installing FRP π§
First, remember to download the appropriate version of FRP for your system from the Release page! After downloading, donβt forget to unzip the file! πΎ Place frps (server) on a server A with a public IP, while frpc (client) goes on server B, located within the LAN behind NAT or firewall.
Setting Up the FRP Server on Server A βοΈ
Open the terminal and happily run the following commands to download and unzip FRP:
wget https://github.com/fatedier/frp/releases/download/v0.48.0/frp_0.48.0_linux_amd64.tar.gz
tar -xvf frp_0.48.0_linux_amd64.tar.gz
Here, we use the wget command to directly download the latest version of FRP from GitHub, and tar -xvf to extract the downloaded archive. π After extraction, we can find the frps executable, ready for the next step!
Next, move frps to the /usr/bin directory for easier access:
sudo cp frp_0.48.0_linux_amd64/frps /usr/bin
This way, we can use the frps command from any location without having to specify the absolute path every time, which is very convenient!
Then, create a configuration file and add the following content (you can use vim, nano, or another text editor):
[common]
bind_port = 7000
vhost_http_port = 8890
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin
In this configuration, we set several important parameters:
bind_port: The port on which the frp server will listen (default is7000).vhost_http_port: The virtual host port for HTTP requests (default is8890).dashboard_port: The monitoring panel port for frp for status viewing (default is7500).dashboard_useranddashboard_pwd: The username and password for accessing the monitoring panel.
Starting the FRP Server π
Next, create a service file to manage frps with systemd:
[Unit]
Description=Frp Server Service
After=network.target
[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frps -c /etc/frp/frps.ini
LimitNOFILE=1048576
[Install]
WantedBy=multi-user.target
In this configuration file, ExecStart specifies the command to start the FRP Server, which will automatically start upon system reboot. Additionally, the user is set to nobody to minimize permission issues.
Copy the service file to the correct location, then reload and start the service:
cp frps.service /etc/systemd/system/
systemctl daemon-reload
systemctl start frps.service
systemctl enable frps.service
And just like that, we’ve successfully started the FRP Server! π
Setting Up the FRP Client on Server B π₯οΈ
On Server B, download and unzip the FRP Client:
wget https://github.com/fatedier/frp/releases/download/v0.48.0/frp_0.48.0_linux_arm64.tar.gz
tar -xvf frp_0.48.0_linux_arm64.tar.gz
sudo cp frp_0.48.0_linux_arm64/frpc /usr/bin
As before, use wget to download and extract the client, continuing our journey!
Next, create a configuration file and add the following content:
[common]
server_addr = 120.8.8.8
server_port = 7000
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 10022
Here, you should replace server_addr with the IP address of your Server A. The [ssh] section defines an SSH proxy that maps Local port 22 to remote 10022, which is very convenient!
Just like with the server, we need to create a service file for the client and start it:
[Unit]
Description=Frp Client Service
After=network.target
[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini
LimitNOFILE=1048576
[Install]
WantedBy=multi-user.target
Similarly, we can start the client with the following commands:
systemctl daemon-reload
systemctl start frpc.service
systemctl enable frpc.service
Now, the FRP client is successfully up and running! π
Running the Client π
To run the client, just enter the following commands:
systemctl daemon-reload
systemctl start frpc.service
systemctl enable frpc.service
Using these commands, we reload the configuration and start the frpc service, ensuring that it will automatically start on system boot, allowing you to access LAN services anytime!
Example Usage π
Accessing a LAN Computer via SSH π
-
First, modify the
frps.tomlfile on Server A:bindPort = 7000 -
Start
frps:./frps -c ./frps.toml -
Next, modify the
frpc.tomlfile on Server B:serverAddr = "x.x.x.x" serverPort = 7000 [[proxies]] name = "ssh" type = "tcp" localIP = "127.0.0.1" localPort = 22 remotePort = 6000 -
Start
frpc:./frpc -c ./frpc.toml -
Now you can SSH into Server B:
ssh -oPort=6000 test@x.x.x.x
With these steps, you can securely access devices behind NAT via SSH, super convenient! π
Exposing a Simple HTTP File Server π
-
On Server B, start
frpcwith the following configuration:serverAddr = "x.x.x.x" serverPort = 7000 [[proxies]] name = "test_static_file" type = "tcp" remotePort = 6000 [proxies.plugin] type = "static_file" localPath = "/tmp/files" -
Access
http://x.x.x.x:6000/static/in your browser, and you’ll see the files you want to expose! πΌοΈ
Enabling HTTPS for Local HTTP(S) Services π
-
Start
frpcwith the following configuration:serverAddr = "x.x.x.x" serverPort = 7000 [[proxies]] name = "test_https2http" type = "https" customDomains = ["test.example.com"] [proxies.plugin] type = "https2http" localAddr = "127.0.0.1:80" -
You can now access
https://test.example.comand securely reach your HTTP service! π
P2P Mode π°οΈ
-
Start
frpcon machine B:serverAddr = "x.x.x.x" serverPort = 7000 [[proxies]] name = "p2p_ssh" type = "xtcp" secretKey = "abcdefg" localIP = "127.0.0.1" localPort = 22 -
On machine C, start another
frpcwith the following configuration:serverAddr = "x.x.x.x" serverPort = 7000 [[visitors]] name = "p2p_ssh_visitor" type = "xtcp" serverName = "p2p_ssh" secretKey = "abcdefg" bindAddr = "127.0.0.1" bindPort = 6000 -
Now, connect via SSH from machine C to machine B:
ssh -oPort=6000 127.0.0.1
Awesome! You’ve successfully set up various network access scenarios through FRP! Make the most of this open-source tool to easily expose LAN resources to external networks π‘.