Ubuntu 20.04 搭建 Frp 转发 ssh

背景

解决边缘端没有固定 IP 无法 SSH 进去维护的问题
经过调研,决定安装 frp 的方式

官方文档:https://github.com/fatedier/frp/tree/master

安装 server 端

注意,这里为了安全,指定 klvchen 用户来运行 frps 服务

mkdir -p /data/software
cd /data/software

wget https://github.com/fatedier/frp/releases/download/v0.49.0/frp_0.49.0_linux_amd64.tar.gz
tar zxvf frp_0.49.0_linux_amd64.tar.gz
cd frp_0.49.0_linux_amd64

mkdir -p /usr/local/frps

cp frps /usr/local/frps

cat >> /usr/local/frps/frps.ini << EOF 
[common]
# frpc 连接的端口
bind_port = 43998

# dashboard 相关信息 
dashboard_addr = 0.0.0.0
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = Admin@Huidian

# 日志相关信息
log_file = /usr/local/frps/frps.log
log_level = info
log_max_days = 3

# token 一定要填
token = yDOWA4HdEEztyLzmf06cI20
EOF


chown -R klvchen.klvchen /usr/local/frps/

cat >> /usr/lib/systemd/system/frps.service << EOF 
[Unit]
Description=frps server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=simple
User=klvchen
Group=klvchen
ExecStart=/usr/local/frps/frps -c /usr/local/frps/frps.ini
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
StandardOutput=syslog
StandardError=inherit

[Install]
WantedBy=multi-user.target
EOF 

systemctl daemon-reload
systemctl start frps
systemctl status frps
systemctl enable frps

安装客户端

mkdir -p /data/software
cd /data/software

wget https://github.com/fatedier/frp/releases/download/v0.49.0/frp_0.49.0_linux_amd64.tar.gz
tar zxvf frp_0.49.0_linux_amd64.tar.gz
cd frp_0.49.0_linux_amd64

mkdir -p /usr/local/frpc

cp frpc /usr/local/frpc

cat >> /usr/local/frpc/frpc.ini << EOF 
[common]
# frps 的公网地址,端口和 token
server_addr = 172.16.16.90
server_port = 43998
token = yDOWA4HdEEztyLzmf06cI20

log_file = /usr/local/frpc/frpc.log
log_level = error
log_max_days = 0

# 转发的端口,[]的名字自己写,这里转发的是 ssh 端口 22
[klvchen]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
EOF 

cat >> /usr/lib/systemd/system/frpc.service << EOF
[Unit]
Description=frp server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=simple
ExecStart=/usr/local/frpc/frpc -c /usr/local/frpc/frpc.ini
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
StandardOutput=syslog
StandardError=inherit

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl start frpc
systemctl status frpc
systemctl enable frpc

测试

访问 http://172.16.16.90:7500/

通过 ssh 连接正常,可以通过阿里云设置ssh的端口限制转发的IP地址

posted @ 2023-06-20 17:43  klvchen  阅读(733)  评论(0)    收藏  举报