frp
Expose local services behind NAT/firewall
TLDR
View documentation for frpc, the frp client component
View documentation for frps, the frp server component
SYNOPSIS
frps [-c <config_file>] [--version] [--help]
frpc [-c <config_file>] [--version] [--help]
PARAMETERS
-c <config_file>, --config <config_file>
Specifies the path to the configuration file. For frps, this is typically frps.ini; for frpc, it's frpc.ini.
--version
Prints the frp version information and exits.
--help
Displays a comprehensive help message for the command and exits.
DESCRIPTION
frp (fast reverse proxy) is an open-source project designed to help you expose a local service behind a NAT or firewall to the Internet. It typically consists of two main components: a server (frps) and a client (frpc). The server runs on a public-facing machine, while the client runs on the local machine with the service you want to expose.
frp facilitates secure connections and data forwarding through various protocols like TCP, UDP, HTTP, and HTTPS. It's commonly used for scenarios such as accessing SSH servers behind a NAT, exposing local web servers for testing, or providing access to internal services without complex network configurations. Its flexibility allows for both basic port forwarding and more advanced features like subdomain and custom domain routing, load balancing, and secure communication via TLS. It simplifies the process of making internal services externally accessible, bypassing network restrictions efficiently.
CAVEATS
Server Requirement: frp requires a publicly accessible server to run the frps component.
Security: Exposing local services carries inherent security risks. It's crucial to use strong authentication tokens, enable TLS for secure communication, and restrict access to only necessary ports and services.
Performance: The performance of proxied services is dependent on the network bandwidth and latency between the client, server, and the end-user.
Installation: frp is not a standard Linux utility and must be manually downloaded, compiled, or installed from pre-built binaries.
CONFIGURATION FILES
frp heavily relies on configuration files (typically frps.ini for the server and frpc.ini for the client) to define its operational behavior. These files specify critical parameters such as the listening ports, authentication tokens, server address, proxy types (TCP, UDP, HTTP, HTTPS), local service addresses, and advanced routing rules. Proper configuration is essential for frp to function correctly and securely.
CLIENT-SERVER ARCHITECTURE
The core of frp's operation is its client-server architecture. An frps instance runs on a public server, acting as the central relay. One or more frpc instances run on local machines, connecting to the frps server. Upon connection, frpc establishes tunnels for specific services, making them accessible to external users via the public server's address and designated ports. This setup allows private services to bypass NATs and firewalls.
HISTORY
frp was initially developed by Chinese developer fatedier, with its first public release around 2016. It quickly gained significant popularity as a free and open-source alternative to commercial tunneling services like Ngrok, primarily due to its self-hosting capabilities, extensive features, and flexibility in exposing various types of local services. The project is actively maintained on GitHub, benefiting from a large and engaged community that contributes to its continuous development and improvement.