In this tutorial, we'll learn how to install and configure FRP on Ubuntu 24.04.
What Is FRP (Fast Reverse Proxy)?
FRP (Fast Reverse Proxy) is a lightweight, self-hosted reverse proxy tool designed to securely expose internal applications or private network services to the outside world. It’s commonly used by sysadmins, DevOps engineers, and home lab users who want dependable tunneling without complicated overhead.
FRP is written in Go, known for low memory footprint and high performance. It supports TCP, UDP, HTTP, HTTPS, WebSocket, STCP, and more.
- Latest Stable Release at the time of writing: FRP v0.58+
- Official Docs: https://github.com/fatedier/frp
- How FRP Works (Simple Explanation)
FRP uses a server-client tunneling model:
- frps runs on a public-facing server (VPS or dedicated server).
- frpc runs inside your private network.
The client establishes an outbound connection to the server. Once the tunnel is active, external users hit the FRP server, which forwards traffic back through the established tunnel to your internal service.
Why this matters
- No need for port forwarding.
- No need to expose your entire private machine.
- Works even behind NAT and CGNAT.
Prerequisites
Before we begin, ensure we have the following:
- An Ubuntu 24.04 dedicate server or KVM VPS.
- Basic Linux Command Line Knowledge.
Install and Configure FRP Server (frps)
Step 1: Download FRP
cd /opt
sudo wget https://github.com/fatedier/frp/releases/download/v0.65.0/frp_0.65.0_linux_amd64.tar.gz
sudo tar -xvzf frp_0.65.0_linux_amd64.tar.gz
mv frp_0.65.0_linux_amd64 frp
Step 2: Configure firewall
We need to open some ports in the firewall:
sudo ufw allow 7000,7500,6000,8080/tcp
sudo ufw realod
Step 2: Configure frps.ini
Create frps.ini file:
sudo nano /opt/frp/frps.ini
Add following content:
[common]
bind_port = 7000
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = StrongPassword123
token = VerySecureToken
vhost_http_port = 80
vhost_https_port = 443
Step 3: Run frps manually to test
cd /opt/frp
./frps -c frps.ini
If successful:
- Dashboard = http://server-ip:7500
- Tunnel listener = TCP 7000
Install and Configure FRP Client (frpc)
Follow steps need to execute on Client server.
Step 1: Download FRP client
cd /opt
sudo wget https://github.com/fatedier/frp/releases/download/v0.65.0/frp_0.65.0_linux_amd64.tar.gz
sudo tar -xvzf frp_0.65.0_linux_amd64.tar.gz
mv frp_0.65.0_linux_amd64 frp
Step 2: Configure frpc.ini
Example: expose an internal HTTP service running on port 8080.
Create frps.ini file:
sudo nano /opt/frp/frps.ini
Add following content:
[common]
server_addr = your_public_server_ip
server_port = 7000
token = VerySecureToken
[internal-web]
type = http
local_port = 8080
custom_domains = app.example.com
For TCP services such as SSH:
[ssh-tunnel]
type = tcp
local_port = 22
remote_port = 6000
Your SSH would then be accessible at:
ssh -p 6000 user@your_public_server_ip
Step 3: Test frpc
cd /opt/frp
./frpc -c frpc.ini
Run FRP as a Systemd Service
Create frps service in server
sudo nano /etc/systemd/system/frps.service
Add following content:
[Unit]
Description=FRP Server Service
After=network.target
[Service]
Type=simple
ExecStart=/opt/frp/frps -c /opt/frp/frps.ini
Restart=always
[Install]
WantedBy=multi-user.target
Enable service:
sudo systemctl daemon-reload
sudo systemctl enable frps
sudo systemctl start frps
sudo systemctl status frps
Create frps service in client
sudo nano /etc/systemd/system/frpc.service
Add following content:
[Unit]
Description=FRP Client Service
After=network.target
[Service]
Type=simple
ExecStart=/opt/frp/frpc -c /opt/frp/frpc.ini
Restart=always
[Install]
WantedBy=multi-user.target
Enable:
sudo systemctl enable frpc
sudo systemctl start frpc
sudo systemctl status frpc
Advanced FRP Configurations
1. STCP (Secure TCP)
Expose apps privately to authenticated users:
Server:
[common]
bind_port = 7000
Client (internal):
[secret-app]
type = stcp
local_port = 9000
sk = supersecretkey
Client (visitor):
[visitor]
type = stcp
role = visitor
server_name = secret-app
sk = supersecretkey
bind_addr = 0.0.0.0
bind_port = 9999
2. Load balancing
[web-1]
type = http
local_port = 8081
custom_domains = app.example.com
group = web
[web-2]
type = http
local_port = 8082
custom_domains = app.example.com
group = web
3. UDP tunneling (e.g., DNS)
[dns]
type = udp
local_port = 53
remote_port = 5353
Logging, Monitoring, and Debugging
Enable logs
In frps.ini:
log_file = /var/log/frps.log
log_level = info
In frpc.ini:
log_file = /var/log/frpc.log
log_level = debug
Debug issues
tail -f /var/log/frps.log
tail -f /var/log/frpc.log
ss -lntp
systemctl status frps
systemctl status frpc
Security Best Practices
- Use token authentication for all tunnels.
- Bind dashboard to localhost and reverse proxy via HTTPS.
- Don’t expose frps raw ports to the internet without firewalls.
- Always use strong passwords.
- Limit which IPs can access your FRP server (UFW/iptables).
- Keep FRP updated to the latest version.
Common Use Cases
- Access internal dev services remotely
- Bypass CGNAT for home lab deployments
- Expose Kubernetes dashboard securely
- Remote SSH tunneling across NAT
- Internal API exposure for testing
- Remote desktop or VNC access
- IoT device access without port forwarding
Final Thoughts
FRP delivers a clean, reliable, low-latency way to expose private services securely. With a small footprint and a straightforward configuration structure, it outperforms many traditional tunneling tools and fits perfectly for home labs, startups, and small-team DevOps workflows.
Once configured with systemd and proper security, it becomes a stable, long-running part of your network toolkit.
FAQs
1. Is FRP secure?
Yes, when you use tokens, STCP mode, and firewall rules.
2. What is the default FRP port?
7000 for frps and 7500 for the dashboard.
3. Can FRP expose multiple services?
Yes, frpc supports unlimited service blocks.
4. Does FRP support HTTPS?
Yes, both HTTPS and HTTP-to-HTTPS reverse proxy.
5. Can FRP bypass CGNAT?
Yes. Clients behind CGNAT can connect to your public FRP server.
6. Can I use FRP for production?
Yes, many teams use it for internal dashboards, SSH, APIs, and cluster tools.
