Home » How to deploy FRP services

How to deploy FRP services

FPR is an open-source project, thanks to the author.
Here is the GitHub link for the FRP project: https://github.com/fatedier/frp

Why do we need FRP?

Network penetration

As more and more devices around the world are connected to the internet, it is no longer possible to assign a unique IP address to each device. If you have a server at home, or a NAS at home, and you want to access it remotely from outside your home. But there is no public IP at home, this is when you need to use FPR for network penetration, allowing us to remotely access devices at home without a public IP.

Secure Connection

Many times, exposing your devices directly to the public internet is unwise, as many companies are constantly scanning the ports of IP addresses worldwide. For example, if you open your NAS to public internet access, it’s like your NAS is streaking on the internet. If at this time your password is also very simple, then your data is exposed to others completely. However, using FRP can add a layer of security, which is relatively safer.

Preparation

A cloud server with a public IP (Microsoft Azure, GCP, AWS, Alibaba Cloud, Huawei Cloud, etc.)

Installation tutorial (download on both the public network server and the controlled computer)

Check Linux version

dpkg --print-architecture

If the output is arm64, execute this command

wget https://github.com/fatedier/frp/releases/download/v0.61.0/frp_0.61.0_linux_arm64.tar.gz

If it is amd64, then execute the following command

wget https://github.com/fatedier/frp/releases/download/v0.61.0/frp_0.61.0_linux_amd64.tar.gz

If an error “-bash: /usr/bin/wget: No such file or directory” appears, it means that your system has not installed the wget plugin, use the following command to install

sudo apt install wget

Extract files

The download command just now will download a tar.gz compressed file, we use the following command to extract, replace Your_File_Name with the filename you downloaded

tar -zxvf Your_File_Name

Enter directory

For example: “cd frp_0.61.0_linux_amd64/”, depending on the file you downloaded

cd Your_Directory

Configure server side

Modify the configuration file

Open with vim or nano

vim frps.ini

If an error occurs, it’s because you haven’t downloaded vim, you can download vim with the following command

sudo apt install vim

After successfully opening, we modify the configuration file as follows

[common]
# frp listening port, the default one is 7000
bind_port = 7000 

# Token, this will be used later
token = Change_To_Your_Token

# Port mapped from the server
vhost_http_port = 9000 

# frp website ports
dashboard_port = 7500 

# frp webpage user name & password
dashboard_user = admin 
dashboard_pwd = admin 
enable_prometheus = true 

# frp log setting
log_file = /var/log/frps.log 
log_level = info 
log_max_days = 3

After modifying, we run the following commands to start the frp server side and add frp to startup

sudo mkdir -p /etc/frp 
sudo cp frps.ini /etc/frp 
sudo cp frps /usr/bin 
sudo cp systemd/frps.service /usr/lib/systemd/system/ 
sudo systemctl enable frps 
sudo systemctl start frps

If you are using a cloud server provided by a manufacturer, then you need to open your firewall and add the corresponding policy group at the cloud server company. If you are using a server from a smaller manufacturer, there might not be an integrated security management software, you can try the following command to allow the ports needed by frp

sudo ufw allow 7000
sudo ufw allow 7500

If an error cannot find ufw, you can try downloading ufw

sudo apt install ufw

Configure client side

Modify the configuration file

Similarly, enter this folder to modify the configuration file, note the name of the configuration file has changed

vim frpc.ini

Modify the settings as follows

[common]
server_addr = Your_Server_IP
server_port = 7000 # Same as the listening port on server
token = Your_Token # The token needs to be the same

# SSH
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000 # (connecting port) you can change this port to any you want

Firewall pass

Generally speaking, the controlled side is usually a home server, usually without a dedicated firewall, so if your home device is Ubuntu, you can try the following command

sudo ufw allow 6000

Start the frp client

./frpc -c frpc.ini

Normally, you will see the connection successful sign if your settings are all correct

Summary

The article only demonstrated how to enable remote access to SSH, but frp can also be used to enable HTTP, HTTPS services.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top