Guide to Configuring FRP Reverse Proxy Services in ServBay
FRP is a high-performance reverse proxy tool that achieves internal network penetration through a client-server architecture. This guide will assist ServBay users in configuring the frpc client to set up a secure tunnel, enabling public access to local services.
Technical Principles
FRP establishes an encrypted communication tunnel between the server (frps) and the client (frpc), mapping internal network services to a public server. This solution supports various protocols, including TCP/UDP/HTTP/HTTPS, making it suitable for remote debugging and API testing in a ServBay development environment.
Environment Preparation
1. Installing the FRP Client
Follow the steps below to deploy the frpc client:
- Access the GitHub Release page to download the appropriate version.
- Extract and deploy it to your system PATH (example for macOS ARM architecture):bash
tar -zxvf frp_0.61.1_darwin_arm64.tar.gz sudo cp frp_0.61.1_darwin_arm64/frpc /usr/local/bin/1
2 - Verify the installation:bash
frpc -v # frpc version 0.61.11
2
Tunnel Configuration Practical
Configuration File Description
Create the frpc.toml configuration file with the following basic structure:
serverAddr = your-frps-server.com
serverPort = 7000
auth.method = token
auth.token = your_authentication_token
[[proxies]]
name = "test_web"
type = "http"
localPort = 80
customDomains = servbay.your-domain.com2
3
4
5
6
7
8
9
10
| Configuration Item | Function Description |
|---|---|
| serverAddr | Public address of the FRP server |
| serverPort | Communication port for the FRP server (default 7000) |
| auth.method | Authentication method for the server |
| auth.token | Authentication key for the server |
| type | Proxy type (http/https/tcp, etc.) |
| localPort | Local service port |
| customDomains | Public access domain |
Typical Configuration Example
Mapping the local ServBay HTTPS service to the public network:
In this example:
- The frp server address is
frps.servbay.demo - The domain configured for local ServBay is
servbay.test - The domain providing public services is
test-frp.servbay.app(the domain must resolve to the frp server)
serverAddr = frps.servbay.demo
serverPort = 7000
auth.method = "token"
auth.token = servbay
[[proxies]]
name = "servbay-frpc-demo"
type = "https"
customDomains = ["test-frp.servbay.app"]
[proxies.plugin]
type = "https2https"
localAddr = "127.0.0.1:443"
crtPath = "/Applications/ServBay/ssl/private/tls-certs/servbay.test/servbay.test.crt"
keyPath = "/Applications/ServBay/ssl/private/tls-certs/servbay.test/servbay.test.key"
hostHeaderRewrite = "servbay.test"
requestHeaders.set.x-from-where = "frp"2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Start the service:
frpc -c frpc.tomlService Verification
- Access the mapped domain in your browser:
https://test-frp.servbay.app1 - Check verification indicators:
- Returns HTTP 200 status code
- Response content matches the local service
- Validity of SSL certificate
Log Diagnosis
frpc -c frpc.toml --log_level debug # Enable debug logging
tail -f /var/log/frpc.log # Real-time log monitoring2
Troubleshooting Guide
| Phenomenon | Solution |
|---|---|
| Connection authentication failed | Check if auth.token configuration matches the server |
| Domain resolution issue | Ensure DNS is correctly resolving to the FRP server's IP |
| Port conflict | Use lsof -i :PORT to check port usage |
| Tunnel frequent disconnections | Adjust heartbeat parameter: heartbeat_timeout = 30 |
Advantages of the Solution
The FRP solution provides ServBay users with the following core values:
- Multi-protocol support to meet complex business scenarios
- Hot configuration updates without restarting the service
- Native cascading proxy supports multi-layer internal network penetration
- Open-source architecture ensures data security and control
It is recommended to enable TLS encrypted communication in production environments and enforce encrypted transmission with the configuration tls_enable = true.