In this tutorial, we'll learn how to install and configure FRP on AlmaLinux 10.
What Is FRP (Fast Reverse Proxy)?
FRP (Fast Reverse Proxy) is a lightweight, self-hosted reverse proxy tool designed to securely expose internal applications or private network services to the outside world. It’s commonly used by sysadmins, DevOps engineers, and home lab users who want dependable tunneling without complicated overhead.
FRP is written in Go, known for low memory footprint and high performance. It supports TCP, UDP, HTTP, HTTPS, WebSocket, STCP, and more.
- Latest Stable Release at the time of writing: FRP v0.58+
- Official Docs: https://github.com/fatedier/frp
- How FRP Works (Simple Explanation)
FRP uses a server-client tunneling model:
- frps runs on a public-facing server (VPS or dedicated server).
- frpc runs inside your private network.
Prerequisites
Before we begin, ensure we have the following:
- An AlmaLinux 10 dedicate server or KVM VPS.
- Basic Linux Command Line Knowledge.
Install and Configure FRP Server (frps) on AlmaLinux 10
Step 1: Download FRP
Download FRP in both server and client machine.
Check latest version:
FRP_VER=$(curl -s https://api.github.com/repos/fatedier/frp/releases/latest | grep tag_name | cut -d '"' -f4)
wget https://github.com/fatedier/frp/releases/download/${FRP_VER}/frp_${FRP_VER#v}_linux_amd64.tar.gz
Step 2: Extract Files
tar -xvf frp_*_linux_amd64.tar.gz
cd frp_*/
Step 3: Move Binaries to System Path
sudo mv frps /usr/local/bin/
sudo mv frpc /usr/local/bin/
sudo mkdir -p /etc/frp/
You now have frps and frpc installed system-wide.
Step 4. Configure FRP Server (frps)
The FRP server (frps) runs on the public server. It accepts connections from frpc clients and exposes services to the internet.
4.1 Create frps.ini
sudo nano /etc/frp/frps.ini
Add following content:
[common]
bind_port = 7000
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = StrongPassword123
# Enable HTTP/HTTPS vhost routing
vhost_http_port = 80
vhost_https_port = 443
# Authentication
token = SuperSecretToken
# Optional TLS for encrypted tunnels
tls_enable = true
4.2 Required Ports
FRPS requires these ports:
- Purpose Default Port Required?
- Control connection 7000 Yes
- HTTP vhost routing 80 Optional
- HTTPS vhost routing 443 Optional
- Dashboard 7500 Optional
4.3 Enable TLS Support
FRP can encrypt all traffic tunnel-to-tunnel:
tls_enable = true
This is different from HTTPS. It encrypts FRP communication internally.
4.4 Configure firewall and SELinux
We need add ports in the firewall.
sudo firewall-cmd --add-port={7000,7500,6000}/tcp --permanent
sudo firewall-cmd --reload
You may add additional ports if you required.
Now, SELinux, execute following command:
sudo restorecon -v /usr/local/bin/frps
sudo semanage port -a -t http_port_t -p tcp 7500
4.5 Create systemd Service for frps
Create service file:
sudo nano /etc/systemd/system/frps.service
Paste:
[Unit]
Description=FRP Server Service
After=network.target
[Service]
ExecStart=/usr/local/bin/frps -c /etc/frp/frps.ini
Restart=always
[Install]
WantedBy=multi-user.target
Enable & start:
sudo systemctl daemon-reload
sudo systemctl enable frps
sudo systemctl start frps
sudo systemctl status frps
Step 5. Configure FRP Client (frpc)
The FRP client runs on your internal AlmaLinux 10 server, connecting back to the FRPS machine.
5.1 Create frpc.ini
sudo nano /etc/frp/frpc.ini
Add following content:
[common]
server_addr = your-frps-server-ip
server_port = 7000
token = SuperSecretToken
tls_enable = true
# Example: expose local HTTP server
[web]
type = http
local_port = 8080
custom_domains = app.example.com
# Example: expose SSH
[ssh]
type = tcp
local_port = 22
remote_port = 6000
5.2 Expose HTTP, TCP, and Custom Ports
HTTP Service
[web]
type = http
local_port = 8080
custom_domains = app.yourdomain.com
TCP Service
[redis]
type = tcp
local_port = 6379
remote_port = 6380
UDP Service
[dns]
type = udp
local_port = 53
remote_port = 5300
Configure SELinux, execute following command:
sudo restorecon -v /usr/local/bin/frpc
5.3 Create systemd Service for frpc
sudo nano /etc/systemd/system/frpc.service
Paste:
[Unit]
Description=FRP Client Service
After=network.target
[Service]
ExecStart=/usr/local/bin/frpc -c /etc/frp/frpc.ini
Restart=always
[Install]
WantedBy=multi-user.target
Enable and start:
sudo systemctl daemon-reload
sudo systemctl enable frpc
sudo systemctl start frpc
6. Real-World Example: Expose Internal Dashboard
Suppose your internal dashboard runs on:
http://127.0.0.1:3000
In frpc.ini:
[grafana]
type = http
local_port = 3000
custom_domains = grafana.example.com
Add DNS A record:
grafana.example.com → FRPS public IP
Restart frpc:
sudo systemctl restart frpc
Your internal dashboard is now securely exposed.
7. Expose Multiple Internal Services
Here are real examples you can use in production.
SSH
[ssh]
type = tcp
local_port = 22
remote_port = 6000
Access via:
ssh -p 6000 user@your-frps-ip
Grafana
[grafana]
type = http
local_port = 3000
custom_domains = grafana.example.com
Cockpit
[cockpit]
type = http
local_port = 9090
custom_domains = cockpit.example.com
cPanel/WHM
[cpanel]
type = https
local_port = 2083
custom_domains = cpanel.example.com
Kubernetes Dashboard
[k8s-dashboard]
type = http
local_port = 8001
custom_domains = k8s.example.com
8. Security Hardening
Use a strong token
token = SuperStrongRandomToken
Enable TLS
tls_enable = true
Firewall rules (firewalld)
sudo firewall-cmd --add-port=7000/tcp --permanent
sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --add-port=443/tcp --permanent
sudo firewall-cmd --reload
SELinux ports
If SELinux blocks FRP ports:
sudo semanage port -a -t http_port_t -p tcp 7000
9. Troubleshooting Common FRP Issues
vhost HTTP not supported
Error:
start error: type [http] not supported when vhost http port is not set
Fix: Ensure FRPS has:
vhost_http_port = 80
and port 80 is open.
Client not connecting
Check firewall:
sudo ss -tulpn | grep 7000
sudo firewall-cmd --list-ports
Domain doesn’t resolve
Verify DNS:
dig yourdomain.com
FRPC keeps restarting
Check logs:
journalctl -u frpc -f
10. FRP vs Cloudflare Tunnel vs ZeroTier vs WireGuard
| Feature | FRP | Cloudflare Tunnel | ZeroTier | WireGuard |
|---|---|---|---|---|
| Needs public IP | Yes | No | No | No |
| Works behind NAT | Yes | Yes | Yes | Yes |
| Supports TCP/UDP | Yes | No | Yes | Yes |
| Setup difficulty | Easy | Medium | Medium | Medium |
| Self-hosted | Yes | No | Partial | Yes |
FRP is ideal when you want full control and need to expose multiple internal services.
11. Conclusion
You now have a complete, production-ready FRP setup on AlmaLinux 10. With frps running on a public server and frpc on internal hosts, you can securely expose dashboards, SSH, APIs, and multiple internal tools to the internet without touching NAT or firewall rules on the client side.
This setup is lightweight, fast, secure, and perfect for datacenters, VPS providers, DevOps pipelines, and remote management.
