BestHub
Sign in
Operations 5 min read

Master Internal Network Mapping with FRP: Setup, Custom Domains, and SSH Access

This guide explains why internal network mapping is needed, compares ngrok and frp, and provides step‑by‑step instructions for deploying a self‑hosted frp server and client to expose services via custom domains or SSH tunnels.

Java Architecture Diary
Java Architecture Diary
Java Architecture Diary
Master Internal Network Mapping with FRP: Setup, Custom Domains, and SSH Access

During the pandemic everyone discussed remote work; see Huang Dongxu's "PingCAP's 5‑year remote work practice". Below are common internal network mapping tools.

Why do internal network mapping

Accessing internal devices from the public internet is troublesome, especially for WeChat development. Devices may be behind routers or lack public IPs.

Ask the network admin to add port mapping on the router.

Buy dynamic DNS services like PeanutShell.

Use free (or paid) NAT traversal services such as natapp.

Self‑host mapping using ngrok/frp.

Why we abandoned ngrok and use frp

In 2016 we offered a free ngrok service and shared setup steps in "Angrok an internal penetration service". The setup was unfriendly, so we stopped and switched to frp.

GitHub popularity comparison

Supported protocols

frp supports http, ssh, tcp, udp, ftp and other protocols.

Getting Started

Preparation

To build a complete frp service we need:

A public‑IP ECS instance.

A domain name (optional if no DNS).

Install frp (frps) server

Download frp package.

https://github.com/fatedier/frp/releases/download/v0.31.1/frp_0.31.1_darwin_amd64.tar.gz

Extract and edit frps.ini.

[common]
bind_port = 7000     # port used by frps service
vhost_http_port = 80  # port frps listens for forwarding

Start frps service.

./frps -c ./frps.ini

Install frp (frpc) client

On the target internal machine, install client; download appropriate version for the OS.

Custom domain access to internal service

Edit frpc.ini.

[common]
server_addr = <public ECS IP>
server_port = 7000

[unique_name]
type = http
local_port = <local service port>
custom_domains = <custom domain>

Start client. ./frpc -c ./frpc.ini Access the custom domain to reach the internal service.

Use SSH to access company internal machine

Edit frpc.ini.

[common]
server_port = 7000

[unique_name]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 10022

Start client. ./frpc -c ./frpc.ini SSH into internal machine.

ssh -p 10022 [email protected]
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

SSHfrpnetwork tunnelingngrokinternal mapping
Java Architecture Diary
Written by

Java Architecture Diary

Committed to sharing original, high‑quality technical articles; no fluff or promotional content.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment