--- title: 【记录】安装nps/frp服务端与客户端 urlname: -ji-lu--an-zhuang-npsfrp-fu-wu-duan-yu-ke-hu-duan date: 2023-07-09 19:59:34 index_img: https://api.limour.top/randomImg?d=2023-07-09 19:59:34 tags: 内网穿透 --- ## 安装nps ### 服务端 + 安装 [Nginx Proxy Manager](/Docker-bu-shu-Nginx-Proxy-Manager) + 项目地址 [yisier/nps](https://github.com/yisier/nps) + 安全组放行 `8025` 端口 ```bash mkdir -p ~/base/NPS && cd ~/base/NPS && mkdir conf nano docker-compose.yml nano conf/nps.conf touch conf/{clients,hosts,tasks}.json sudo docker-compose up -d # 反代 dashboard 8080 ``` ```yml version: '3.3' services: nps: restart: unless-stopped ports: - '8025:8025' volumes: - './conf:/conf' - '/etc/localtime:/etc/localtime:ro' image: yisier1/nps networks: default: external: true name: ngpm ``` ```conf appname = nps #Boot mode(dev|pro) runmode = pro #HTTP(S) proxy port, no startup if empty http_proxy_ip=0.0.0.0 http_proxy_port=18081 ##bridge bridge_type=tcp bridge_port=8024 bridge_ip=0.0.0.0 tls_bridge_port=8025 tls_enable=true #Traffic data persistence interval(minute) #Ignorance means no persistence #flow_store_interval=1 # log level LevelEmergency->0 LevelAlert->1 LevelCritical->2 LevelError->3 LevelWarning->4 LevelNotice->5 LevelInformational->6 LevelDebug->7 log_level=7 #log_path=nps.log #Whether to restrict IP access, true or false or ignore #ip_limit=true #allow_ports=9001-9009,10001,11000-12000 #Web management multi-user login allow_user_login=false allow_user_register=false allow_user_change_username=false #extension allow_flow_limit=false allow_rate_limit=false allow_tunnel_num_limit=false allow_local_proxy=false allow_connection_num_limit=false allow_multi_ip=false system_info_display=true #cache http_cache=false http_cache_length=100 #get origin ip http_add_origin_header=true #pprof debug options #pprof_ip=0.0.0.0 #pprof_port=9999 #client disconnect timeout disconnect_timeout=60 # 以下的需要进行配置 # Public password, which clients can use to connect to the server # After the connection, the server will be able to open relevant ports and parse related domain names according to its own configuration file. public_vkey=<16个字符> #Web API unauthenticated IP address(the len of auth_crypt_key must be 16) #Remove comments if needed auth_key=<24个字符> auth_crypt_key=<16个字符> #web web_host=limour.top web_username=Limour web_password=<16个字符> web_port = 8080 web_ip=0.0.0.0 web_open_ssl=false web_base_url= open_captcha=true # if web under proxy use sub path. like http://host/nps need this. #web_base_url=/nps #p2p p2p_ip=<写服务器的ip> p2p_port=6000 # 设置为6000,请在控制台防火墙开放6000~6002(额外添加2个端口)udp端口 ``` ### 客户端 ```bash # nps web管理-客户端,新建一个客户端,记录下唯一验证密钥 mkdir -p ~/base/NPC && cd ~/base/NPC nano docker-compose.yml sudo docker-compose up -d sudo docker-compose logs ``` ```yml version: '3.3' services: npc: container_name: npc network_mode: host image: yisier1/npc restart: unless-stopped command: -server=nps.blog.com:8025 -vkey= -tls_enable=true ``` ### 临时客户端 ```bash #!/usr/bin/bash HOME=/home/jovyan nohup $HOME/bin/npc -server=nps.blog.com:8025 -vkey=*** -tls_enable=true > ~/log/npc.log 2>&1 & source activate jupyter jupyter lab \ --ip='0.0.0.0' \ --no-browser \ --ServerApp.token="****" \ --port=19878 \ --NotebookNotary.db_file=':memory:' ``` ```bash nano j.sh chmod +x j.sh nohup ./j.sh > ~/log/j.log 2>&1 & ``` ## 安装 frp (过时) ### 服务端 ```bash mkdir -p ~/base/FRP && cd ~/base/FRP nano docker-compose.yml nano frps.ini sudo docker-compose up -d tail frps_log/frps.log # 反代 dashboard 11750 ``` ```yml version: '3.3' services: frps: restart: always network_mode: host volumes: - './frps.ini:/etc/frp/frps.ini' - './frps_log:/tmp/frps_log' container_name: frps image: snowdreamtech/frps networks: default: external: true name: ngpm ``` ``` [common] tls_only = true authentication_method = token token = bind_port = 21000 bind_udp_port = 20999 kcp_bind_port = 21000 dashboard_port = 11750 dashboard_user = Limour dashboard_pwd = allow_ports = 21001-21999 subdomain_host = limour.top vhost_http_port = 21080 vhost_https_port = 21443 log_file = /tmp/frps_log/frps.log log_level = info log_max_days = 3 ``` ### 客户端 ```bash mkdir -p ~/base/FRP && cd ~/base/FRP nano docker-compose.yml nano frpc.ini sudo docker-compose up -d ``` ```yml version: '3.3' services: frpc: restart: always network_mode: host volumes: - './frpc.ini:/etc/frp/frpc.ini' image: snowdreamtech/frpc ``` ```ini [common] server_addr = frp.limour.top server_port = 21000 tls_enable = true token = user = rasp4 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 21122 [AAA] type = http local_ip = 127.0.0.1 local_port = 2017 use_compression = true subdomain = aaa host_header_rewrite = 127.0.0.1 [CaaS] type = http use_compression = true subdomain = caas4 plugin = http2https plugin_local_addr = 127.0.0.1:8443 plugin_host_header_rewrite = 127.0.0.1 plugin_header_X-From-Where = frp [app_web] type = http local_ip = 192.168.1.1 local_port = 80 use_compression = true subdomain = app http_user = Limour http_pwd = ``` ## 安装 ServerStatus ### 服务端 ```bash mkdir -p ~/sss && cd ~/sss wget --no-check-certificate -qO ./serverstatus-config.json https://raw.githubusercontent.com/cppla/ServerStatus/master/server/config.json && mkdir ./serverstatus-monthtraffic nano docker-compose.yml sudo docker-compose up -d # NPM面板反代8001端口,并设置域名解析 ``` ```yml version: '3.3' services: serverstatus: restart: always volumes: - './serverstatus-config.json:/ServerStatus/server/config.json' - './serverstatus-monthtraffic:/usr/share/nginx/html/json' ports: - '8001:80' - '35601:35601' image: 'cppla/serverstatus:latest' networks: default: external: true name: ngpm ``` ### 客户端 ```bash # 编辑 serverstatus-config.json # 重启服务端 sudo docker-compose restart wget --no-check-certificate -qO client-linux.py 'https://raw.githubusercontent.com/cppla/ServerStatus/master/clients/client-linux.py' chmod +x client-linux.py # 测试一下:/home/pi/client-linux.py SERVER=sss.limour.top USER=ld_rasp4 PASSWORD=DEFAULTPASSWORD INTERVAL=10 # 创建system服务 sudo nano /etc/systemd/system/ssc.service sudo systemctl enable ssc sudo systemctl start ssc sudo systemctl status ssc ``` ```ini [Unit] Description=ServerStatus-Client After=network.target [Service] ExecStart=/home/pi/client-linux.py SERVER=45.79.67.132 USER=ld_rasp4 PASSWORD=DEFAULT_PASSWORD INTERVAL=10 ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure [Install] WantedBy=multi-user.target ```