Shirone's Blog

Frp reverse proxy

These days, I’m frequently traveling between my home and my lab at school. The workstation in our lab is already been set up with a bastion server, and it can be easily accessed at my home with a school VPN. But sometimes I still need to access my own computer at home from the lab. The problem is that my home network is doesn’t has a static public IP, so I decided to use a reverse proxy to access my home computer.

Since I already owns some cloud server, so there’s no need for me to use some paid service like ngrok or teamviewer. I decided to use frp, which is a free and open source reverse proxy tool. It’s easy to use and has a lot of features. I will show you how to use it in this post.

Key concepts

Before we start, let’s talk about some key concepts of frp.

Frp consists of a server and a client. Server will listen on a port and wait for the client to connect. Client will connect to the server and tells the server about the traffic that needed to be forward. Then, the server will forward the traffic to the client. And the client will forward the traffic to the target service.

Server side

On the cloud server, simply download the package from the release page and extract it. And check the frps.ini file. The default configuration is enough for us to use. And we are going to enable the log feature here for auditing, and also add a token to enhance security. All you need from the package is the frps executable file and a frps.ini file.

[common]
bind_port = 7000
token = [edit your token]
log_file = /var/log/frps.log
log_level = info
log_max_days = 7

Then, create a systemd service to start the server. The file should be placed under /etc/systemd/system/.

[Unit]
# The name of the service
Description = frp server
After = network.target syslog.target
Wants = network.target

[Service]
Type = simple
# path to the executable and the config file, need to be changed
ExecStart = /usr/bin/frps -c /etc/frps/frps.ini

[Install]
WantedBy = multi-user.target

And start the service.

systemctl start frps
# enable the service to start at boot
systemctl enable frps

Done!

● frps.service - frp server
     Loaded: loaded (/etc/systemd/system/frps.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2023-05-17 03:53:01 UTC; 3s ago
   Main PID: 106854 (frps)
      Tasks: 3 (limit: 1076)
     Memory: 11.3M
     CGroup: /system.slice/frps.service
             └─106854 /usr/bin/frps -c /etc/frps/frps.ini

Jun 03 03:53:01 AzureHK systemd[1]: Started frp server.
Jun 03 03:53:01 AzureHK frps[106854]: 2023/05/17 03:53:01 [I] [root.go:203] frps uses config file: /etc/frps/frps.ini
Jun 03 03:53:01 AzureHK frps[106854]: 2023/05/17 03:53:01 [I] [service.go:208] frps tcp listen on 0.0.0.0:7000
Jun 03 03:53:01 AzureHK frps[106854]: 2023/05/17 03:53:01 [I] [root.go:212] frps started successfully

Client side

On the client side, we need to download the package and extract it. And check the frpc.ini file. We also need the frpc executable file for the frp client.

[common]
server_addr = x.x.x.x
server_port = 7000
token = [edit your token]

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
# The port on the remote server that you want to use to access the service
remote_port = 6000

And remember to your cloud server’s firewall to allow the traffic to the port that you specified in both frpc.ini and frps.ini file. Which is 7000 and 6000 here.

You can also create a systemd service for the client just like what we did for the server. Then,

systemctl start frpc
● frpc.service - frp client
     Loaded: loaded (/etc/systemd/system/frpc.service; enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: active (running) since Sat 2023-05-17 14:09:33 AEST; 1s ago
   Main PID: 4231 (frpc)
      Tasks: 10 (limit: 38378)
     Memory: 5.7M
        CPU: 10ms
     CGroup: /system.slice/frpc.service
             └─4231 /usr/bin/frpc -c /etc/frpc/frpc.ini

Jun 03 14:09:33 fedora systemd[1]: Started frpc.service - frp client.
Jun 03 14:09:34 fedora frpc[4231]: 2023/05/17 14:09:34 [I] [service.go:295] [da61edf787b543d7] login to server success, get run id [da61edf787b543d7]
Jun 03 14:09:34 fedora frpc[4231]: 2023/05/17 14:09:34 [I] [proxy_manager.go:152] [da61edf787b543d7] proxy added: [ssh]
Jun 03 14:09:34 fedora frpc[4231]: 2023/05/17 14:09:34 [I] [control.go:172] [da61edf787b543d7] [ssh] start proxy success

Then, you can use ssh -oPort=[port] [frpc username]@[frps server] to access the machine anywhere!