在Docker中运行Frps和Frpc
服务器端运行Frps
1、首先下载镜像,可以指定版本
docker pull stilleshan/frps:0.48.0
2、创建文件夹
mkdir -p /opt/frps/certs
3、在/opt/frps下创建Frps配置文件frps.ini,参考如下
[common]
bind_addr = 0.0.0.0
bind_port = /*frps监听端口*/
dashboard_addr = 0.0.0.0
dashboard_port = /*Frps面板端口*/
dashboard_user = /*Frps面板用户*/
dashboard_pwd = /*Frps面板密码*/
dashboard_tls_mode = false
authentication_method = token
token = /*Frps客户端连接密码*/
tls_cert_file = /frp/certs/server.crt
tls_key_file = /frp/certs/server.key
tls_trusted_ca_file = /frp/certs/ca.crt
4、在/opt/frps/certs下生成证书文件,可以用下面的脚本
#!/bin/bash
# 删除历史证书
rm -f ca.crt client.crt client.key server.crt server.key
# 提示用户输入服务器IP和域名
read -p "请输入服务器IP地址: " SERVER_IP
read -p "请输入服务器域名: " SERVER_DOMAIN
# 验证输入非空
if [[ -z "$SERVER_IP" || -z "$SERVER_DOMAIN" ]]; then
echo "错误:IP地址和域名不能为空!"
exit 1
fi
# 创建openssl配置文件
cat > my-openssl.cnf <<EOF
[ ca ]
default_ca = CA_default
[ CA_default ]
x509_extensions = usr_cert
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
string_mask = utf8only
[ req_distinguished_name ]
[ req_attributes ]
[ usr_cert ]
basicConstraints = CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = CA:true
EOF
# 生成CA证书
openssl genrsa -out ca.key 2048 > /dev/null 2>&1
openssl req -x509 -new -nodes -key ca.key -subj "/CN=auto.ca.com" -days 5000 -out ca.crt > /dev/null 2>&1
# 生成私钥
openssl genrsa -out server.key 2048 > /dev/null 2>&1
# 生成CSR(动态添加SAN扩展)
openssl req -new -sha256 -key server.key \
-subj "/C=XX/ST=DEFAULT/L=DEFAULT/O=DEFAULT/CN=server.com" \
-reqexts SAN \
-config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:localhost,IP:$SERVER_IP,DNS:$SERVER_DOMAIN")) \
-out server.csr > /dev/null 2>&1
# 签名证书(动态添加SAN扩展)
openssl x509 -req -days 365 -sha256 \
-in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
-extfile <(printf "subjectAltName=DNS:localhost,IP:$SERVER_IP,DNS:$SERVER_DOMAIN") \
-out server.crt > /dev/null 2>&1
# 生成私钥
openssl genrsa -out client.key 2048 > /dev/null 2>&1
# 生成CSR
openssl req -new -sha256 -key client.key \
-subj "/C=XX/ST=DEFAULT/L=DEFAULT/O=DEFAULT/CN=client.com" \
-reqexts SAN \
-config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:client.com")) \
-out client.csr > /dev/null 2>&1
# 签名证书
openssl x509 -req -days 365 -sha256 \
-in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
-extfile <(printf "subjectAltName=DNS:client.com") \
-out client.crt > /dev/null 2>&1
# 清理临时文件
rm -f server.csr client.csr ca.srl ca.key my-openssl.cnf
echo "所有证书生成完成"
5、运行容器
docker run -itd --name=frps --restart=always \
--network host \
-v /opt/frps/frps.ini:/frp/frps.ini \
-v /opt/frps/certs:/frp/certs \
stilleshan/frps:0.48.0
客户端运行Frpc
1、首先下载镜像,可以指定版本
docker pull stilleshan/frpc:0.48.0
2、创建文件夹
mkdir -p /opt/frpc/certs
3、在/opt/frpc下创建Frpc配置文件frpc.ini,参考如下
[common]
server_addr = /*Frps域名或者IP地址*/
server_port = /*Frps监听端口*/
token = /*Frps客户端连接密码*/
tls_enable = true
tls_cert_file = /frp/certs/client.crt
tls_key_file = /frp/certs/client.key
tls_trusted_ca_file = /frp/certs/ca.crt
[/*隧道名称*/]
type = /*协议TCP或UDP*/
local_ip = /*内网IP*/
local_port = /*内网端口*/
remote_port = /*公网端口*/
4、在/opt/frpc/certs下上传证书文件,ca.crt、client.crt和client.key
5、运行容器
docker run -itd --name=frpc --restart=always \
-v /opt/frpc/frpc.ini:/frp/frpc.ini \
-v /opt/frpc/certs:/frp/certs \
stilleshan/frpc:0.48.0
THE END
0
二维码
海报
在Docker中运行Frps和Frpc
服务器端运行Frps
1、首先下载镜像,可以指定版本
docker pull stilleshan/frps:0.48.0
2、创建文件夹
mkdir -p /opt/frps/certs
3、在/opt/frp……
共有 0 条评论