In Windows, the internal FRP is used

• Decompress to the appropriate directory on the server and configure the frps.ini file as follows:

[common]


Bind_addr = 0.0.0.0


Bind the port to the client


bind_port = 7088


# dashboard user name


dashboard_user = admin


# dashboard password


dashboard_pwd = admin


# Dashboard port, which can be accessed through a browser such as http://ip:7500 after successful startup


dashboard_port = 7500


Set the client token. The corresponding client page needs to be configured


token = 8d262f2b-6dba-4a8d-857e-8a53d1d439e2 

• Press Windows +R and enter CMD to go to the installation directory

• frps.exe -c frps.ini
  Copy the code

• 
• Open the browser: http://localhost:7500/ (the account password is filled in above)

• 
  
  

• Note: Ports 7088 and 33890 should be opened on ali cloud server

2.2 Client Configuration

• Unzip the installation program on the client and configure the frpc.ini configuration file as follows:

[common]


Configure the external IP address of the server


server_addr = 47.xxx.xxx.xx 


Configure the server to listen on the port


server_port = 7088


If the server configures the token, copy the server configures the token here


token = 8d262f2b-6dba-4a8d-857e-8a53d1d439e2


pool_count = 5


I am configuring port range forwarding


[range:services]


Type TCP


type = tcp


The local IP address is usually 127.0.0.1


Local_ip = 127.0.0.1


The range of ports to map locally


local_port = 3389


Port range mapped to the server


remote_port = 33890

• Press Windows +R and enter CMD to go to the command window. Go to the FRPC. exe directory
• 
  
  
• Ini file, and then crazy error, search for a long time turned out to be the wrong file, write here is to give you a hint ~

3. The firewall

• If the server has a firewall must be added to the stack rule, type select application. Otherwise the client may not be able to connect to the server.
• 
  
  

4. Remote desktop connection

• One more thing to do: configure the Local Group Policy Editor on your Intranet computer

• 
  
  

• Add: I used Microsoft account to log in my computer, because remote desktop needs so I changed to local account to facilitate the connection

• 
  
  

• Input IP :33890, this port is our above client configuration, remember to open the port in Ali cloud oh!

• 
  
  

• Connection successful!!

• From here, you can use the remote desktop to connect to the computers on the Intranet. If you do not want to open the port, you do not need to configure the following

Frps.ini and frpc.ini should not be confused, otherwise there will be unexpected errors, please look carefully at the file name of the tutorial

5. Expose Intranet ports for external use

• Maybe we are not only remotely connected to the computers on the Intranet, but also want to provide some services on the computers on the Intranet, such as some services written in Java and some interfaces provided by Node. We hope to call these services externally through the Intranet
• For example, if I want to use Intranet penetration to solve the server memory shortage, I can manage music files by providing file server miniO service on the Intranet. Then, I can call miniO externally to obtain music files
• Enter the topic: Configuring the HTTP Intranet penetration service shared by multiple users using FRP + NGINx
• If I want to call the service of port 8527, how should I call? Do I write 47.xxx.xx.xx. Xx :33890:8527? (Server IP: 33890 is the port through which I connect to the computers on the Intranet), then it occurred to me that each port corresponds to a subdomain name, and the port 8527 was assigned to the subdomain name

5.1. General idea

Step 1: When the configuration is correct, the FRP server and THE FRP client are started successively to establish a communication tunnel.

• The FRP server listens for HTTP7071Port (this port can be customized), receiveUnder this portAll extranet user requests
• The FRP client represents the local Web service ports that it wants to expose to the Internet. This document uses ports 8527 and 9000 as examples

Step 2: Configure the nginx reverse proxy to map the subdomain name under dev.zhengzemin. Cn of the local public network server to port 7071 of the server, which is the port monitored by the FRP. Extranet users access the subdomain name in dev.zhengzemin. Cn, for example:

• a.dev.zhengzemin.cn
• b.dev.zhengzemin.cn

This is equivalent to accessing zhengzemin. Cn: 7071, which triggers the interaction between the FRP server and the client, so that the HTTP request is transmitted from the FRP server to the FRP client

Step 3: After receiving the HTTP request, the FRP client performs the following operations based on the custom configuration:

• The domain name in the HTTP request isa.dev.zhengzemin.cn, forwards the request to my local8527Web service port
• The domain name in the HTTP request isb.dev.zhengzemin.cn, forwards the request to my local9000Web service port

Step 4: When the local Web service receives the HTTP request, it processes the request and completes the response

Step 5: THE FRP client sends the response back to the FRP server. The server ultimately passes the response back to the extranet user

Step 6: The final measured effect is:

• accessa.dev.zhengzemin.cnIs equivalent to accessing my locallocalhost:8527
  
  
• accessb.dev.zhengzemin.cnIs equivalent to accessing my locallocalhost:9000
  
  

5.2. Preparations

• Open Ali Cloud to configure the sub-domain name in the domain name resolution background

• Log in to the domain name resolution background, and add two A records (dev and *. Dev) under zhengzemin.cn, which are the IP addresses of the public network server where the FRP server is deployed.

  All subdomain names in dev. Zhengzemin. Cn will point to the public network server.

• 
  
  

5.3. Hands-on configuration

• Remember the configuration file on our server? Let’s add some more configuration

[common]
bind_addr = 0.0.0.0
Bind the port to the client
bind_port = 7088   
# dashboard user name
dashboard_user = admin
# dashboard password
dashboard_pwd = admin

 # Dashboard port, which can be accessed through a browser such as http://ip:7500 after successful startup
dashboard_port = 7500  
 Set the client token. The corresponding client page needs to be configured
token = 8d262f2b-6dba-4a8d-857e-8a53d1d439e2 


The following is the configuration added this time



The server uses this port to listen to and receive HTTP requests from users on the public network
vhost_http_port = 7071Subdomain_host = local_port = subdomain = local_port = subdomain = local_port
{subdomain}.{subdomain_host} domain name format to access your own local Web services.
If server subdomain_host is dev.msh.com, the client is in a configuration group
Local_port = 8585
# is:
Localhost :8585 = localhost:8585
 
subdomain_host = dev.zhengzemin.cnCopy the code

• If the configuration is successful, restart the following FRP servers
• After the FRP server is configured, the NGINx reverse proxy needs to be configured on the server side
• Provide nginx baidu cloud download: link: pan.baidu.com/s/1ol7j1pu8… Extract code: 7UJV Copy this section of content to open baidu web disk mobile App, more convenient operation oh
• Modify the nginx.conf file

server {
        # FRP's reverse proxy to receive HTTP requests
	
		listen 80;
		server_name *.dev.zhengzemin.cn  dev.zhengzemin.cn;
		
		location / {
			Port # 7071 is the HTTP port that FRP listens onProxy_pass http://127.0.0.1:7071; proxy_set_header Host$host: 80; proxy_set_header X-Real-IP$remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
			
			proxy_connect_timeout 7d;
			proxy_send_timeout 7d;
			proxy_read_timeout 7d;
 
			}
		# prevent crawlers from crawling
		if ($http_user_agent~ *"360Spider|JikeSpider|Spider|spider|bot|Bot|2345Explorer|curl|wget|webZIP|qihoobot|Baiduspider|Googlebot|Googlebot-Mobil e|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot|NSPlayer|bingbot")
			{
				return403; }}Copy the code

[common]
Configure the external IP address of the server
server_addr = 47.xxx.xxx.xx
Configure the server to listen on the port
server_port = 7088

If the server configures the token, copy the server configures the token here
token = 8d262f2b-6dba-4a8d-857e-8a53d1d439e2
pool_count = 5

I am configuring port range forwarding
[range:services]
Type TCP
type = tcp
The local IP address is usually 127.0.0.1Local_ip = 127.0.0.1The range of ports to map locally
local_port = 3389
Port range mapped to the server
remote_port = 33890




The following is the configuration added this time
 
The name of the proxy service in [] is globally unique. The name of each proxy service cannot be the same as that of each proxy service.
Otherwise, normal use will be affected.
 [http-java-bkapi]
type = http
# local_port represents the local Web service port that you want to expose to the extranet
local_port = 8527
The subdomain must be unique in the global scope. The subdomain of each proxy service must not have the same name, otherwise it will affect normal use.
The client subdomain needs to work with the server subdomain_host
subdomain = file
 
 
For details about proxy service 2, refer to Configuration Group 1
[http-minio]
type = http
local_port = 9000
subdomain = minioCopy the code

• The configuration is successful. Restart the following FRP client services
• If the window says“Start Proxy Success”, indicates the FRP server and THE FRP clientCommunication channelEstablish a successful

• Test access

  Access minio.dev.zhengzemin. Cn in your browser to test whether the local Web service is exposed to the Internet

6. Problems encountered in uploading large files using FRP

• Example: The 8527 service is one of the Java applications exposed through THE FRP. Uploading files to the 8527 application results in a cross-domain error
• Don’t panic when you encounter this kind of thing, it’s just whether the front end and the back end have cross-domain processing
• The front end check is confirmed, yes, it is written across the domain, the back end take a look, yes, it is also processed across the domain, the normal cross domain is the front and back end configure the cross domain, but this time is different, cross domain is not related to the front and back end things, what?
• Really cleared all day, and the front-end and back-end is discussed for an afternoon, there is still no solution, but the back-end personnel said: front to request node, then the middle tier to request a Java node do 8257 applications, there would be no cross-domain backend request back-end this kind of thing, after all, cross domain is the browser’s same-origin policy; This works, but it doesn’t suit my scenario, where the front end simply requests Java instead of trying to beat around the bush.
• There is another idea: because it is a cross domain problem, I do a reverse proxy on Nginx to solve the front end cross domain problem (although I have not tried, but I think it might work, the method is always tried)
• In the evening, I suddenly thought, could it be the PROBLEM of FRP? I looked it up and it was
• NGINX server reverse proxy causes upload error
• File upload failure Cause:
  
  
• Client_body_buffer_size Specifies the size of the request cache
• Client_body_temp_path Specifies the path for storing temporary files.
• Client_max_body_size Maximum number of uploaded files.
• I didn’t configure client_body_buffer_size in nginx.conf, Client_body_buffer_size The system defaults to 8K (32-bit) or 16K (64-bit). No client_body_temp_PATH temporary directory is created. If the file size exceeds 16K, an error message is displayed.
• How it works: If the uploaded file size exceeds the client_body_buffer_size default, the file is placed in a temporary directory set by client_body_temp_path.

• 
  
  

  
  

• The final complete nginx.conf looks like this

• worker_processes  1;
  events {
      worker_connections  1024;
  }
  
  http {
      include       mime.types;
      default_type  application/octet-stream;
  	
  	client_max_body_size 200m;
  	client_body_buffer_size 256k;
  	client_body_temp_path /etc/nginx/proxy_temp;
  
      sendfile        on;
    
      server {
          # FRP's reverse proxy to receive HTTP requests
  	
  		listen 80;
  		server_name *.dev.zhengzemin.cn  dev.zhengzemin.cn;
  		
  		location / {
  			Port # 7071 is the HTTP port that FRP listens onProxy_pass http://127.0.0.1:7071; proxy_set_header Host$host: 80; proxy_set_header X-Real-IP$remote_addr;
  			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  			
  			}
  		# prevent crawlers from crawling
  		if ($http_user_agent~ *"360Spider|JikeSpider|Spider|spider|bot|Bot|2345Explorer|curl|wget|webZIP|qihoobot|Baiduspider|Googlebot|Googlebot-Mobil e|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot|NSPlayer|bingbot")
  			{
  				return403; }}}Copy the code

• This configuration can solve the problem of large file upload errors caused by FRP, but the file upload speed is very slow
• Nginx can set the upload speed limit (to be studied), and finally solve the problem that the FRP files are too large to upload.

7. Problem solving

• Question: wechat applet only supports HTTPS protocol, and just set up HTTP Intranet penetration, how to do not apply?

  Solution: You can find the project Settings in wechat Web developer tools, and check the items of “do not verify legitimate domain name, business domain name, TLS version and HTTPS certificate”. In this way, you can use HTTPS in the production environment and HTTP in the local development environment

• Question: I set up the Intranet penetration service, how to limit only internal members available, to prevent outsiders free “hitchhiking”?
• Solution: Authentication can be done based on token parameters. If the token parameters in the common configurations on the server and client are the same, the authentication succeeds.

The original address

Juejin. Cn/post / 684490…

reference