如該文章有沒有講明的地方,需自行查看查看 官網
nps簡介
背景
nps是一款輕量級、高性能、功能強大的內網穿透代理服務器。目前支持tcp、udp流量轉發,可支持任何tcp、udp上層協議(訪問內網網站、本地支付接口調試、ssh訪問、遠程桌面,內網dns解析等等……),此外還支持內網http代理、內網socks5代理、p2p等,並帶有功能強大的web管理端。
1、做微信公眾號開發、小程序開發等----> 域名代理模式
2、想在外網通過ssh連接內網的機器,做雲服務器到內網服務器端口的映射,----> tcp代理模式
3、在非內網環境下使用內網dns,或者需要通過udp訪問內網機器等----> udp代理模式
4、在外網使用HTTP代理訪問內網站點----> http代理模式
5、搭建一個內網穿透ss,在外網如同使用內網vpn一樣訪問內網資源或者設備----> socks5代理模式
端口、密碼和IP說明
假設公網服務器ip為172.16.186.11
nps默認配置文件使用80,443,8080,8024端口
80和443端口用於主機模式默認端口
8080為web管理訪問端口,web登陸賬密默認為admin/nps.conf中的web_password項定義
8024為網橋端口,用於服務器和客戶端之間的通信
服務端IP
172.16.186.11/24(外)/node1
172.16.1.11/24(內)/node1
Linux客戶端IP
172.16.1.12/24/nod2
Win客戶端IP
172.16.1.13/24
服務端前期配置
1、關閉防火牆、SELinux
[root@node1 ~]# systemctl stop firewalld && systemctl disable firewalld
[root@node1 ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
[root@node1 ~]# setenforce 0
2、時間同步
[root@node1 ~]# vim /etc/chrony.conf
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp.aliyun.com iburst
[root@node1 ~]# systemctl restart chronyd && systemctl enable chronyd
[root@node1 ~]# chronyc sources
3、配置IP
[root@node1 ~]# cd /etc/sysconfig/network-scripts/
# 配置外網IP
[root@node1 network-scripts]# vim ifcfg-ens33
TYPE="Ethernet"
BOOTPROTO="none"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
IPADDR="172.16.186.11" ===> 外網IP
PREFIX="24"
GATEWAY="172.16.186.2"
DNS1="172.16.186.2"
# 配置內網IP
[root@node1 network-scripts]# cp ifcfg-ens33 ifcfg-ens36
[root@node1 network-scripts]# vim ifcfg-ens36
TYPE="Ethernet"
BOOTPROTO="static"
NAME="ens36"
DEVICE="ens36"
ONBOOT="yes"
IPADDR="172.16.1.11" ===> 內網地址
PREFIX="24"
[root@node1 network-scripts]# systemctl stop NetworkManager && systemctl disable NetworkManager
[root@node1 network-scripts]# systemctl restart network
[root@node1 network-scripts]# ip a
服務端搭建
如下載時出現訪問異常,可在有互聯網的機器上打開https://www.ipaddress.com、然后輸入github.com,找到對應的IP,將其寫到hosts文件中
[root@node1 ~]# mkdir nps && cd nps
[root@node1 nps]# wget https://github.com/ehang-io/nps/releases/download/v0.26.10/linux_amd64_server.tar.gz
[root@node1 np]# tar -zxvf linux_amd64_server.tar.gz
[root@node1 np]# vim conf/nps.conf
appname = nps
#Boot mode(dev|pro)
runmode = dev
#HTTP(S) proxy port, no startup if empty
http_proxy_ip=0.0.0.0
http_proxy_port=80 ===> 80、443用於主機模式默認端口
https_proxy_port=443
https_just_proxy=true
#default https certificate setting
https_default_cert_file=conf/server.pem
https_default_key_file=conf/server.key
##bridge
bridge_type=tcp ===> 服務端類型
bridge_port=8024 ===> 8024為網橋端口,用於服務端和客戶端之間的通信鏈接端口
bridge_ip=0.0.0.0
public_vkey=8rehr93fwurfj04j ===> 客戶端連接服務端認證使用,是客戶端連接服務端的密鑰
log_level=7
web_host=a.o.com ===> 服務端web的地址/域名
web_username=admin ===> 服務端web的登陸名
web_password=aa77&88bb ===> 服務端web的登陸密碼
web_port = 8080 ===> 8080是web管理訪問端口
web_ip=0.0.0.0
web_base_url= ===> 可設置web路徑,eg:web_base_url=/nps
web_open_ssl=false ===> 服務端是否開啟https
web_cert_file=conf/server.pem
web_key_file=conf/server.key
auth_crypt_key =1234567812345678 ===> web api認證ip密鑰,可改但必須16位
#allow_ports=9001-9009,10001,11000-12000 ===> 字面意思
#Web management multi-user login
allow_user_login=false
allow_user_register=false
allow_user_change_username=false
#extension
allow_flow_limit=false
allow_rate_limit=false
allow_tunnel_num_limit=false
allow_local_proxy=false
allow_connection_num_limit=false
allow_multi_ip=false
system_info_display=false
#cache
http_cache=false
http_cache_length=100
#get origin ip
http_add_origin_header=true ===> 默認為false
#pprof debug options
#pprof_ip=0.0.0.0
#pprof_port=9999
#client disconnect timeout(客戶端斷開超時時間)
disconnect_timeout=60
安裝並啟動
執行完下述命令后會把當前的配置文件和web靜態文件拷貝到/etc/nps下,以后修改配置文件直接修改 /etc/nps/conf/nps.conf
[root@node1 nps]# ./nps install
2021/08/03 21:41:13 copy file ::/root/nps/conf/clients.json to /etc/nps/conf/clients.json
2021/08/03 21:41:13 copy file ::/root/nps/conf/hosts.json to /etc/nps/conf/hosts.json
2021/08/03 21:41:13 copy file ::/root/nps/conf/nps.conf to /etc/nps/conf/nps.conf
2021/08/03 21:41:13 copy file ::/root/nps/conf/server.key to /etc/nps/conf/server.key
2021/08/03 21:41:13 copy file ::/root/nps/conf/server.pem to /etc/nps/conf/server.pem
2021/08/03 21:41:13 copy file ::/root/nps/conf/tasks.json to /etc/nps/conf/tasks.json
2021/08/03 21:41:13 copy file ::/root/nps/web/views/client/add.html to /etc/nps/web/views/client/add.html
2021/08/03 21:41:13 mkdir:/etc/nps/web/views/client/
2021/08/03 21:41:13 copy file ::/root/nps/web/views/client/edit.html to /etc/nps/web/views/client/edit.html
2021/08/03 21:41:13 copy file ::/root/nps/web/views/client/list.html to /etc/nps/web/views/client/list.html
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/add.html to /etc/nps/web/views/index/add.html
2021/08/03 21:41:13 mkdir:/etc/nps/web/views/index/
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/edit.html to /etc/nps/web/views/index/edit.html
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/hadd.html to /etc/nps/web/views/index/hadd.html
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/hedit.html to /etc/nps/web/views/index/hedit.html
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/help.html to /etc/nps/web/views/index/help.html
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/hlist.html to /etc/nps/web/views/index/hlist.html
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/index.html to /etc/nps/web/views/index/index.html
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/list.html to /etc/nps/web/views/index/list.html
2021/08/03 21:41:13 copy file ::/root/nps/web/views/login/index.html to /etc/nps/web/views/login/index.html
2021/08/03 21:41:13 mkdir:/etc/nps/web/views/login/
2021/08/03 21:41:13 copy file ::/root/nps/web/views/login/register.html to /etc/nps/web/views/login/register.html
2021/08/03 21:41:13 copy file ::/root/nps/web/views/public/error.html to /etc/nps/web/views/public/error.html
2021/08/03 21:41:13 mkdir:/etc/nps/web/views/public/
2021/08/03 21:41:13 copy file ::/root/nps/web/views/public/layout.html to /etc/nps/web/views/public/layout.html
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/bootstrap-table.min.css to /etc/nps/web/static/css/bootstrap-table.min.css
2021/08/03 21:41:13 mkdir:/etc/nps/web/static/css/
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/bootstrap.min.css to /etc/nps/web/static/css/bootstrap.min.css
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/datatables.css to /etc/nps/web/static/css/datatables.css
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/fontawesome.min.css to /etc/nps/web/static/css/fontawesome.min.css
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/regular.min.css to /etc/nps/web/static/css/regular.min.css
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/solid.min.css to /etc/nps/web/static/css/solid.min.css
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/style.css to /etc/nps/web/static/css/style.css
2021/08/03 21:41:13 copy file ::/root/nps/web/static/img/flag/en-US.png to /etc/nps/web/static/img/flag/en-US.png
2021/08/03 21:41:13 mkdir:/etc/nps/web/static/img/
2021/08/03 21:41:13 mkdir:/etc/nps/web/static/img/flag/
2021/08/03 21:41:13 copy file ::/root/nps/web/static/img/flag/zh-CN.png to /etc/nps/web/static/img/flag/zh-CN.png
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/bootstrap-table-locale-all.min.js to /etc/nps/web/static/js/bootstrap-table-locale-all.min.js
2021/08/03 21:41:13 mkdir:/etc/nps/web/static/js/
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/bootstrap-table.min.js to /etc/nps/web/static/js/bootstrap-table.min.js
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/bootstrap.min.js to /etc/nps/web/static/js/bootstrap.min.js
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/echarts.min.js to /etc/nps/web/static/js/echarts.min.js
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/fontawesome.min.js to /etc/nps/web/static/js/fontawesome.min.js
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/inspinia.js to /etc/nps/web/static/js/inspinia.js
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/jquery-3.4.1.min.js to /etc/nps/web/static/js/jquery-3.4.1.min.js
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/language.js to /etc/nps/web/static/js/language.js
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/popper.min.js to /etc/nps/web/static/js/popper.min.js
2021/08/03 21:41:13 copy file ::/root/nps/web/static/page/error.html to /etc/nps/web/static/page/error.html
2021/08/03 21:41:13 mkdir:/etc/nps/web/static/page/
2021/08/03 21:41:13 copy file ::/root/nps/web/static/page/languages.xml to /etc/nps/web/static/page/languages.xml
2021/08/03 21:41:13 copy file ::/root/nps/web/static/webfonts/fa-solid-900.eot to /etc/nps/web/static/webfonts/fa-solid-900.eot
2021/08/03 21:41:13 mkdir:/etc/nps/web/static/webfonts/
2021/08/03 21:41:13 copy file ::/root/nps/web/static/webfonts/fa-solid-900.svg to /etc/nps/web/static/webfonts/fa-solid-900.svg
2021/08/03 21:41:13 copy file ::/root/nps/web/static/webfonts/fa-solid-900.ttf to /etc/nps/web/static/webfonts/fa-solid-900.ttf
2021/08/03 21:41:13 copy file ::/root/nps/web/static/webfonts/fa-solid-900.woff to /etc/nps/web/static/webfonts/fa-solid-900.woff
2021/08/03 21:41:13 copy file ::/root/nps/web/static/webfonts/fa-solid-900.woff2 to /etc/nps/web/static/webfonts/fa-solid-900.woff2
2021/08/03 21:41:13 install ok!
2021/08/03 21:41:13 Static files and configuration files in the current directory will be useless
2021/08/03 21:41:13 The new configuration file is located in /etc/nps you can edit them
2021/08/03 21:41:13 You can start with:
nps start|stop|restart|uninstall|update or nps-update update
anywhere!
啟動nps服務端服務
[root@node1 nps]# ./nps start
[root@node1 nps]# netstat -anpt | egrep '(8080|8024)'
tcp6 0 0 :::8080 :::* LISTEN 11369/nps
tcp6 0 0 :::8024 :::* LISTEN 11369/nps
瀏覽器登陸
客戶端(Linux)配置並啟動
這里在服務端上把Linux端的安裝包下載下來,然后發送到Linux客戶端
# 服務端下載客戶端安裝包
[root@node1 nps]# wget https://github.com/ehang-io/nps/releases/download/v0.26.10/linux_amd64_client.tar.gz
win:https://github.com/ehang-io/nps/releases/download/v0.26.10/windows_amd64_client.tar.gz
[root@node1 nps]# scp linux_amd64_client.tar.gz root@172.16.1.12:~
# 來到客戶端進行安裝
[root@node2 ~]# tar -zxvf linux_amd64_client.tar.gz
[root@node2 ~]# cp conf/npc.conf{,.bak}
[root@node2 ~]# vim conf/npc.conf
[common]
server_addr=172.16.1.11:8024 ===> 8024為網橋端口(供服務器和客戶端間通信)
conn_type=tcp ===> 服務器和客戶端間通信使用的協議
vkey=8rehr93fwurfj04j ===> 和服務端nps.conf中public_vkey項對應
auto_reconnection=true ===> 斷開后是否重新連接
max_conn=1000 ===> 最大連接數
flow_limit=1000 ===> 流量限制
rate_limit=1000 ===> 速率限制
basic_username=11 ===> server配置的basic用戶名和web_username,用於http、socks5代理認證
basic_password=3
web_username=admin ===> 關於web的這兩項要和服務端中nps.conf中對應
web_password=aa77&88bb
crypt=true ===> 是否加密傳輸
compress=true ===> 是否壓縮傳輸
disconnect_timeout=120 ===> 斷開連接超時時間
# 注:其他的都刪除,只留 [common] 段里面的項
客戶端啟動nps
[root@node2 ~]# ./npc 或者 nohup ./npc >> nps.log &
2021/08/03 22:29:55.352 [I] [npc.go:231] the version of client is 0.26.10, the core version of client is 0.26.0
2021/08/03 22:29:55.352 [I] [control.go:97] Loading configuration file conf/npc.conf successfully
2021/08/03 22:29:55.358 [N] [control.go:176] web access login username:admin password:aa77&88bb
2021/08/03 22:29:55.360 [I] [client.go:72] Successful connection with server 172.16.1.11:8024
[root@node2 ~]# netstat -anpt | egrep '(sshd | *npc)'
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 964/sshd
tcp 0 0 172.16.1.12:42590 172.16.1.11:8024 ESTABLISHED 2341/./npc
tcp 0 0 172.16.1.12:58046 172.16.1.12:22 ESTABLISHED 2341/./npc
tcp 0 0 172.16.1.12:42588 172.16.1.11:8024 ESTABLISHED 2341/./npc
tcp 0 0 172.16.1.12:58044 172.16.1.12:22 ESTABLISHED 2341/./npc
tcp6 0 0 :::22 :::* LISTEN 964/sshd
[root@node2 ~]# ll /proc/2341/exe
lrwxrwxrwx. 1 root root 0 Aug 3 22:31 /proc/2341/exe -> /root/npc
在web頁面上能看到node2連接的情況,但是現在僅限於在客戶端和服務端建立了一個連接,但是你想通過服務端的哪個端口連接客戶端的哪個端口等這些都未定義,下面進行定義
客戶端(Windows)配置並啟動
在web頁面上創建第二台主機的配置,如下圖
下圖為上圖中test win這台機的編輯 (垃圾桶右邊的選項) 項打開后的畫面
接下來在服務端上把Win端的安裝包下載下來,然后使用http來供Win端下載
[root@node1 ~]# wget https://github.com/ehang-io/nps/releases/download/v0.26.10/windows_amd64_client.tar.gz
安裝httpd
[root@node1 ~]# yum -y install httpd
注:因為npc占用了80端口,所以需要改下httpd的端口后才能進行啟動httpd
[root@node1 ~]# systemctl status httpd
....
....
Aug 04 00:16:20 node1 httpd[12726]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
Aug 04 00:16:20 node1 httpd[12726]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
Aug 04 00:16:20 node1 httpd[12726]: no listening sockets available, shutting down
[root@node1 ~]# netstat -anpt|grep -w :80
tcp6 0 0 :::80 :::* LISTEN 2549/nps
修改httpd端口
[root@node1 ~]# sed -i "s/Listen 80/Listen 808/" /etc/httpd/conf/httpd.conf
啟動httpd
[root@node1 ~]# systemctl restart httpd
[root@node1 ~]# mv windows_amd64_client.tar.gz /var/www/html/
在win客戶端上從服務端上下載安裝包
http://172.16.1.11/windows_amd64_client.tar.gz
在win端打開cmd輸入下列命令
C:\Users\rambo>cd /d d:\test
使用Sublime Text打開npr.conf文件並進行修改,修改如下
[common]
server_addr=172.16.1.11:8024 ===> 8024為網橋端口(供服務器和客戶端間通信)
conn_type=tcp ===> 服務器和客戶端間通信使用的協議
vkey=xwv01ar8isb04wpn ===> 和web頁面上創建主機時的"唯一驗證秘鑰"對應
auto_reconnection=true ===> 斷開后是否重新連接
max_conn=1000 ===> 最大連接數
flow_limit=1000 ===> 流量限制
rate_limit=1000 ===> 速率限制
basic_username=11 ===> server配置的basic用戶名和web_username,用於http、socks5代理認證
basic_password=3
web_username=admin ===> 關於web的這兩項要和服務端中nps.conf中對應
web_password=aa77&88bb
crypt=true ===> 是否加密傳輸
compress=true ===> 是否壓縮傳輸
disconnect_timeout=120 ===> 斷開連接超時時間
# 注:其他的都刪除,只留 [common] 段里面的項
啟動nps(方法1)
使用管理員運行cmd
# cmd下進入d盤的test目錄中
cd /d d:\test
# 安裝nps
npc.exe install
npc.exe start
方法2見下圖
啟動npc(方法3)
d:\test>npc.exe -server=172.16.1.11:8024 -vkey=8rehr93fwurfj04j -type=tcp
注:
上面命令中的IP是服務端 IP
端口是服務端 nps.conf 中#bridge設置的橋接端口
-vkey有兩種,一種是自動生成,一種是在服務端 nps.conf 中 public_vkey項自定義
該方法不使用文件進行啟動
測試和服務端和win客戶端間的連接
如不知道怎么在客戶端啟動可看下圖
歡迎加入QQ群一起討論Linux、開源等技術
