Use frp for intranet penetration

frp is a fast reverse proxy that allows you to expose a local server located behind a NAT or firewall to the Internet. It currently supports TCP and UDP, as well as HTTP and HTTPS protocols, enabling requests to be forwarded to internal services via domain name.

Frp server dockerfile

FROM alpine:latest

LABEL maintainer="Tyson <longtaijun@msn.cn>"

ENV FRP_VERSION 0.54.0

RUN cd /root \
    &&  wget --no-check-certificate -c https://github.com/fatedier/frp/releases/download/v${FRP_VERSION}/frp_${FRP_VERSION}_linux_amd64.tar.gz \
    &&  tar zxvf frp_${FRP_VERSION}_linux_amd64.tar.gz  \
    &&  cd frp_${FRP_VERSION}_linux_amd64/ \
    &&  cp frps /usr/bin/ \
    &&  mkdir -p /etc/frp \
    &&  cp frps.ini /etc/frp \
    &&  cd /root \
    &&  rm frp_${FRP_VERSION}_linux_amd64.tar.gz \
    &&  rm -rf frp_${FRP_VERSION}_linux_amd64/ 

ENTRYPOINT /usr/bin/frps -c /etc/frp/frps.ini

Frp client dockerfile

FROM alpine:latest

LABEL maintainer="Tyson <longtaijun@msn.cn>"

ENV FRP_VERSION 0.54.0

RUN cd /root \
    &&  wget --no-check-certificate -c https://github.com/fatedier/frp/releases/download/v${FRP_VERSION}/frp_${FRP_VERSION}_linux_amd64.tar.gz \
    &&  tar zxvf frp_${FRP_VERSION}_linux_amd64.tar.gz  \
    &&  cd frp_${FRP_VERSION}_linux_amd64/ \
    &&  cp frpc /usr/bin/ \
    &&  mkdir -p /etc/frp \
    &&  cp frpc.ini /etc/frp \
    &&  cd /root \
    &&  rm frp_${FRP_VERSION}_linux_amd64.tar.gz \
    &&  rm -rf frp_${FRP_VERSION}_linux_amd64/ 

ENTRYPOINT /usr/bin/frpc -c /etc/frp/frpc.ini

Build frp docker images

# Frp server
docker build -t frps .

# Frp client
docker build -t frpc .

Frp configuration file

# Frp server configuration
[common]
bind_addr = 0.0.0.0
bind_port = 7000
kcp_bind_port = 7000
bind_udp_port = 7001
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = test.com
token = test.com
vhost_http_port = 8080
vhost_https_port = 8443
log_level = info
log_max_days = 7
max_pool_count = 1000
max_ports_per_client = 0
authentication_timeout = 0
tcp_mux = ture
privilege_mode = ture

# Frp client configuration
[common]
server_addr = test.com
server_port = 7000
token = test.com
tls_enable = true
disable_custom_tls_first_byte = true
log_level = info
log_max_days = 7
login_fail_exit = false
 
[test.com]
type = tcp
local_ip = 192.168.100.100
local_port = 80
remote_port = 80
use_compression = true
use_encryption = true
group = test
group_key = test.com
health_check_type = tcp
health_check_timeout_s = 10
health_check_max_failed = 3
health_check_interval_s = 60