BestHub
Sign in
Operations 5 min read

Master Internal Network Mapping with FRP: Setup, Custom Domains, and SSH Access

This guide explains why internal network mapping is needed, compares ngrok and frp, and provides step‑by‑step instructions for deploying a self‑hosted frp server and client to expose services via custom domains or SSH tunnels.

Java Architecture Diary
Java Architecture Diary
Java Architecture Diary
Master Internal Network Mapping with FRP: Setup, Custom Domains, and SSH Access

During the pandemic everyone discussed remote work; see Huang Dongxu's "PingCAP's 5‑year remote work practice". Below are common internal network mapping tools.

Why do internal network mapping

Accessing internal devices from the public internet is troublesome, especially for WeChat development. Devices may be behind routers or lack public IPs.

Ask the network admin to add port mapping on the router.

Buy dynamic DNS services like PeanutShell.

Use free (or paid) NAT traversal services such as natapp.

Self‑host mapping using ngrok/frp.

Why we abandoned ngrok and use frp

In 2016 we offered a free

ngrok

service and shared setup steps in "Angrok an internal penetration service". The setup was unfriendly, so we stopped and switched to

frp

.

GitHub popularity comparison

Supported protocols

frp supports http, ssh, tcp, udp, ftp and other protocols.

Getting Started

Preparation

To build a complete frp service we need:

A public‑IP ECS instance.

A domain name (optional if no DNS).

Install frp (frps) server

Download frp package.

https://github.com/fatedier/frp/releases/download/v0.31.1/frp_0.31.1_darwin_amd64.tar.gz

Extract and edit

frps.ini

.

<code>[common]
bind_port = 7000     # port used by frps service
vhost_http_port = 80  # port frps listens for forwarding</code>

Start

frps

service.

<code>./frps -c ./frps.ini</code>

Install frp (frpc) client

On the target internal machine, install client; download appropriate version for the OS.

Custom domain access to internal service

Edit

frpc.ini

.

<code>[common]
server_addr = <public ECS IP>
server_port = 7000

[unique_name]
type = http
local_port = <local service port>
custom_domains = <custom domain></code>

Start client.

<code>./frpc -c ./frpc.ini</code>

Access the custom domain to reach the internal service.

Use SSH to access company internal machine

Edit

frpc.ini

.

<code>[common]
server_port = 7000

[unique_name]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 10022</code>

Start client.

<code>./frpc -c ./frpc.ini</code>

SSH into internal machine.

<code>ssh -p 10022 [email protected]</code>
DevOpsSSHfrpnetwork tunnelingNgrokinternal mapping
Java Architecture Diary
Written by

Java Architecture Diary

Committed to sharing original, high‑quality technical articles; no fluff or promotional content.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment