LinuxCommandLibrary

frp

Expose local services behind NAT/firewall

TLDR

View documentation for frpc, the frp client component

$ tldr frpc
copy

View documentation for frps, the frp server component
$ tldr frps
copy

SYNOPSIS

frps [-c <config_file>] [--version] [--help]
frpc [-c <config_file>] [--version] [--help]

PARAMETERS

-c <config_file>, --config <config_file>
    Specifies the path to the configuration file. For frps, this is typically frps.ini; for frpc, it's frpc.ini.

--version
    Prints the frp version information and exits.

--help
    Displays a comprehensive help message for the command and exits.

DESCRIPTION

frp (fast reverse proxy) is an open-source project designed to help you expose a local service behind a NAT or firewall to the Internet. It typically consists of two main components: a server (frps) and a client (frpc). The server runs on a public-facing machine, while the client runs on the local machine with the service you want to expose.

frp facilitates secure connections and data forwarding through various protocols like TCP, UDP, HTTP, and HTTPS. It's commonly used for scenarios such as accessing SSH servers behind a NAT, exposing local web servers for testing, or providing access to internal services without complex network configurations. Its flexibility allows for both basic port forwarding and more advanced features like subdomain and custom domain routing, load balancing, and secure communication via TLS. It simplifies the process of making internal services externally accessible, bypassing network restrictions efficiently.

CAVEATS

Server Requirement: frp requires a publicly accessible server to run the frps component.
Security: Exposing local services carries inherent security risks. It's crucial to use strong authentication tokens, enable TLS for secure communication, and restrict access to only necessary ports and services.
Performance: The performance of proxied services is dependent on the network bandwidth and latency between the client, server, and the end-user.
Installation: frp is not a standard Linux utility and must be manually downloaded, compiled, or installed from pre-built binaries.

CONFIGURATION FILES

frp heavily relies on configuration files (typically frps.ini for the server and frpc.ini for the client) to define its operational behavior. These files specify critical parameters such as the listening ports, authentication tokens, server address, proxy types (TCP, UDP, HTTP, HTTPS), local service addresses, and advanced routing rules. Proper configuration is essential for frp to function correctly and securely.

CLIENT-SERVER ARCHITECTURE

The core of frp's operation is its client-server architecture. An frps instance runs on a public server, acting as the central relay. One or more frpc instances run on local machines, connecting to the frps server. Upon connection, frpc establishes tunnels for specific services, making them accessible to external users via the public server's address and designated ports. This setup allows private services to bypass NATs and firewalls.

HISTORY

frp was initially developed by Chinese developer fatedier, with its first public release around 2016. It quickly gained significant popularity as a free and open-source alternative to commercial tunneling services like Ngrok, primarily due to its self-hosting capabilities, extensive features, and flexibility in exposing various types of local services. The project is actively maintained on GitHub, benefiting from a large and engaged community that contributes to its continuous development and improvement.

SEE ALSO

ssh(1), autossh(1), systemd(1)

Copied to clipboard