跳至主要內容

frp 安装和配置

HSXISAWD2026/3/20大约 4 分钟技术分享服务器教程

frp 安装和配置

FRP 官方文档: FRP 官方文档

frp 是一款高性能的反向代理应用,专注于内网穿透。它支持多种协议,包括 TCP、UDP、HTTP、HTTPS 等,并且具备 P2P 通信功能。使用 frp,您可以安全、便捷地将内网服务暴露到公网,通过拥有公网 IP 的节点进行中转。

搭建 frp 服务,需要一台有公网 IP 的机器,核心原理就是 公网服务器(frp 服务端)监听对应配置端口流量转发到本地服务器(frp 客户端)对应的端口

1.为什么选择 frp?

通过在具有公网 IP 的节点上部署 frp 服务端,您可以轻松地将内网服务穿透到公网,并享受以下专业特性:

  • 多种协议支持:客户端服务端通信支持 TCP、QUIC、KCP 和 Websocket 等多种协议。
  • TCP 连接流式复用:在单个连接上承载多个请求,减少连接建立时间,降低请求延迟。
  • 代理组间的负载均衡。
  • 端口复用:多个服务可以通过同一个服务端端口暴露。
  • P2P 通信:流量不必经过服务器中转,充分利用带宽资源。
  • 客户端插件:提供多个原生支持的客户端插件,如静态文件查看、HTTPS/HTTP 协议转换、HTTP、SOCKS5 代理等,以便满足各种需求。
  • 服务端插件系统:高度可扩展的服务端插件系统,便于根据自身需求进行功能扩展。
  • 用户友好的 UI 页面:提供服务端和客户端的用户界面,使配置和监控变得更加方便。

2.安装 frp

  1. 通过 官网 下载适合你系统的版本
  2. 解压下载的压缩包。
  3. frpc 复制到内网服务所在的机器上
  4. frps 复制到拥有公网 IP 地址的机器上,并将它们放在任意目录。

3. 配置 frp (0.60 版本以上)

服务端配置 (frps.toml)

# FRP 服务端配置文件
# 版本: 0.60.0+

bindAddr = "0.0.0.0"
bindPort = 7000

# 启用QUIC协议支持
transport.quic.keepalivePeriod = 10
transport.quic.maxIdleTimeout = 30
transport.quic.maxIncomingStreams = 100000

# Web服务器配置(仪表盘)
webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "your_dashboard_password_change_me"

# 启用Prometheus监控
webServer.prometheus = true

# 认证配置
auth.method = "token"
auth.token = "your_secure_token_here_change_me"

# 心跳配置
transport.heartbeat.timeout = 90
transport.heartbeat.interval = 30

# 连接池配置
transport.tcpKeepAlive = 30
transport.maxPoolCount = 100
transport.maxPortsPerClient = 0  # 0表示无限制

# TLS配置
transport.tls.force = false
transport.tls.certFile = "/path/to/cert.pem"
transport.tls.keyFile = "/path/to/private.key"
transport.tls.trustedCaFile = "/path/to/ca.pem"

# 日志配置
log.to = "/var/log/frps.log"
log.level = "info"
log.maxDays = 7

# UDP数据包大小
transport.udp.packetSize = 1500

# 子域名配置
subdomainHost = "your_domain.com"

# 允许的端口范围
allowPorts = [
  { start = 10000, end = 20000 }
]

# 自定义404页面
# webServer.custom404Page = "/path/to/404.html"

# 代理配置
[[proxies]]
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000

# 带宽限制(KB/s)
bandwidthLimit.mode = "server"
bandwidthLimit.size = "1MB"

# 健康检查
healthCheck.type = "tcp"
healthCheck.timeoutSeconds = 3
healthCheck.maxFailed = 3
healthCheck.intervalSeconds = 10

# 负载均衡组
group = "ssh_group"
groupKey = "your_group_key"

# HTTP代理示例
[[proxies]]
name = "web"
type = "http"
localIP = "127.0.0.1"
localPort = 80

# 域名配置
customDomains = ["web.your_domain.com", "www.your_domain.com"]

# HTTP认证
httpUser = "admin"
httpPwd = "your_http_password"

# 主机头重写
hostHeaderRewrite = "127.0.0.1"

# 请求头设置
[[proxies.headers]]
set = { "X-From-Where" = "frp" }

# 路由配置
locations = ["/", "/api"]

客户端配置 (frpc.toml)

# FRP 客户端配置文件
# 版本: 0.60.0+

serverAddr = "your_server_ip_or_domain"
serverPort = 7000

# 认证配置
auth.method = "token"
auth.token = "your_secure_token_here_change_me"

# 传输协议配置
transport.protocol = "tcp"  # 可选: "tcp", "kcp", "quic", "websocket"
transport.tls.enable = true
transport.tls.certFile = "/path/to/client/cert.pem"
transport.tls.keyFile = "/path/to/client/private.key"
transport.tls.trustedCaFile = "/path/to/ca.pem"

# 连接池配置
transport.poolCount = 5
transport.heartbeat.interval = 30
transport.heartbeat.timeout = 90

# 用户标识
user = "your_user_identity"

# 元数据
metadatas = { "var1" = "value1", "var2" = "value2" }

# DNS配置
dnsServer = "8.8.8.8"

# 日志配置
log.to = "./frpc.log"
log.level = "info"
log.maxDays = 7

# 管理界面
webServer.addr = "127.0.0.1"
webServer.port = 7400
webServer.user = "admin"
webServer.password = "your_admin_password_change_me"

# 代理配置开始

# SSH代理
[[proxies]]
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000

# 带宽限制
bandwidthLimit.mode = "client"
bandwidthLimit.size = "1MB"

# 健康检查
healthCheck.type = "tcp"
healthCheck.timeoutSeconds = 3
healthCheck.maxFailed = 3
healthCheck.intervalSeconds = 10

# 负载均衡组
group = "ssh_group"
groupKey = "your_group_key"

# 元数据
metadatas = { "ssh_user" = "username" }

# HTTP网站代理
[[proxies]]
name = "web"
type = "http"
localIP = "127.0.0.1"
localPort = 80
subdomain = "web"

# 自定义域名
customDomains = ["web.your_domain.com", "www.your_domain.com"]

# HTTP认证
httpUser = "admin"
httpPwd = "your_http_password"

# 主机头重写
hostHeaderRewrite = "127.0.0.1"

# 请求头设置
[[proxies.headers]]
set = { "X-From-Where" = "frp" }

# HTTPS代理
[[proxies]]
name = "web-https"
type = "https"
localIP = "127.0.0.1"
localPort = 443
subdomain = "webhttps"

# Proxy protocol配置
proxyProtocolVersion = "v2"

# UDP代理
[[proxies]]
name = "dns"
type = "udp"
localIP = "127.0.0.1"
localPort = 53
remotePort = 6001

# STCP安全TCP代理
[[proxies]]
name = "secret_ssh"
type = "stcp"
localIP = "127.0.0.1"
localPort = 22
secretKey = "your_secret_key_change_me"
role = "server"  # 或 "visitor"

# 对于访问者配置
# [[visitors]]
# name = "secret_ssh_visitor"
# type = "stcp"
# serverName = "secret_ssh"
# secretKey = "your_secret_key_change_me"
# bindAddr = "127.0.0.1"
# bindPort = 6002

# XTCP穿透代理
[[proxies]]
name = "p2p_ssh"
type = "xtcp"
localIP = "127.0.0.1"
localPort = 22
secretKey = "your_p2p_secret_key_change_me"

# 范围端口映射
[[proxies]]
name = "range_ports"
type = "tcp"
localIP = "127.0.0.1"
localPort = 10000
remotePort = 10000

# 插件使用示例
[[proxies]]
name = "static_file"
type = "tcp"
remotePort = 6003

# 静态文件插件
[proxies.plugin]
type = "static_file"
localPath = "/var/www/html"
stripPrefix = "static"
httpUser = "user"
httpPasswd = "passwd"
Default footer
Copyright © 2026 HSXISAWD