Tencent Cloud Agent: Tencent Cloud Intranet Penetration and Public Network Access Settings

cloud 2026-06-02 阅读 6

In our daily development work, we often encounter such scenarios: you have written the background of a website or small program on your local computer, want to send it to customers for demonstration, or want to test it on your mobile phone. However, your local computer is hidden behind the router of your home or company. Without public IP, the external network cannot be accessed at all.

At this time, "intranet penetration" comes in handy.

Many novices will choose third-party off-the-shelf tools such as peanut shell and Ngrok, but the free ones are not only limited in speed and flow, but also hard to hear in domain names. In fact, if you have one.

Tencent Cloud Server (Lightweight Application Server or CVM)

, can take advantage of open source artifact

frp

, spend 5 minutes to build a dedicated intranet penetration service. The speed is not limited, the flow is full, and you can bind your own domain name.

Today's tutorial goes straight to the point, taking you hand in hand to complete the configuration of Tengxun cloud server and local client, and completely getting through public network access.

Core Principle: What Is Intranet Penetration Doing?

Before you start, use 10 seconds to understand the principle, and you will not faint when configuring later:

Intranet penetration is essentially

Find a middleman to pass the message

Server (frps): running on the tengxun cloud server where you have public network IP. It is responsible for monitoring requests from users outside the public network.

Client (frpc): Running on your local computer without a public IP. It will take the initiative to connect to the Tencent cloud server and establish an exclusive "secret pipeline".

When an extranet user accesses your Tengxun cloud server, Tengxun cloud will send the request along this pipeline to your local computer, which will return the same way after processing.

Phase I: Tengxun Cloud Server Configuration (frps)

First of all, we need to configure Tengxun cloud server as a qualified "middleman". Take the Linux(Ubuntu/CentOS) system as an example.

1. Download frp software

Get connected to your Tengxun cloud server and go to GitHub to check the latest version of frp.

Run the following command to download the Linux version of frp (selected according to your server architecture, usually amd64)

Bash

wget https://github.com/fatedier/frp/releases/download/v0.60.0/frp_0.60.0_linux_amd64.tar.gz

Unzip the file and enter the directory:

Bash

tar -zxvf frp_0.60.0_linux_amd64.tar.gz

cd frp_0.60.0_linux_amd64

2. Modify the configuration file

frps.toml

On the server side, we only need to focus on

(Server) end of the file. Use

nano

six

repair

Change

frps.toml

Bash

nano frps.toml

Clear the default content and modify it to the following standard configuration:

# frps.toml

bind_port = 7000# Port for communication between server and client

# If you want to view the penetration status through the web page, you can configure the panel (optional)

dashboard_port = 7500# Console Port

dashboard_user = "admin"# console user name

dashboard_pwd = "Your strong password"

# Security verification (it is strongly recommended to add to prevent others from embezzling your server for penetration)

auth.method = "token"

auth.token = "make up a complex token yourself"

Save and exit.

3. Start the server

Run the following command to start:

Bash

./frps -c frps.toml

See output on screen

frps started successfully

, indicating that the server is ready.

💡Background anti-break tips: run directly like this, once the SSH window service is closed, it will be broken. It is recommended to use nohup ./frps -c frps.toml >/dev/null 2>& 1 & to run it in the background.

The second stage: release tencent cloud security group (novices are most likely to step on pits)

Many people found that they could not connect with each other after configuration, 90% of which was because tengxunyun came with it.

Firewall/Security Group

Lock the gate. Frp uses several ports and must go to the console to release them manually.

In the left-side navigation pane, click Firewall (Lightweight Application Server) or Security Group (CVM).

click add rule: port: fill 7000(frp communication port), policy: allow. Port: fill in 7500 (panel port, if not equipped, can not be added), policy: allowed. Port: fill in 80 or 8080, etc. (you want to use the port to access the website outside the network).

Click OK to save.

Phase 3: Local Client Configuration (frpc)

Now, we want to let the local computer hidden in the intranet take the initiative to "recognize relatives". According to your local computer system (Windows/Mac), go to frp's GitHub to download the corresponding compression package. Take Windows computers for example.

1. Prepare documents

After downloading the Windows version of the extract, you will see similar files. Because it is a client, we only leave it

Lient) file at the end:

frpc.exe

and

frpc.toml

2. Modify the local configuration file

frpc.toml

Open with Notepad or VS Code

frpc.toml

, changed to the following:

This, TOML

# frpc.toml

server_addr = "Your Tengxun Cloud Server Public IP"

server_port = 7000

auth.method = "token"

auth.token = "must be exactly the same as the token in frps.toml in the cloud"

# Example 1: Map a local website (such as a local 8080 port) to a public network

[[proxies]]

name = "my_local_website"

type = "tcp"

local_ip = "127.0.0.1"

local_port = 8080# which port does your local service run on

remote_port = 8080# Which port of Tengxun cloud server is mapped

# Example 2: Remote Desktop Mapping (want to remotely control the Windows computer at home from the external network)

[[proxies]]

name = "windows_remote_desktop"

type = "tcp"

local_ip = "127.0.0.1"

local_port = 3389 # Windows remote desktop default port

remote_port = 33890# Custom Port for External Network Access (Remember to Release 33890 in Tengxun Cloud Firewall)

3. Start the client locally

On Windows computer,

Don't

Double-click directly

frpc.exe

! That way the window would flash.

In the blank space of the frp folder, hold down the Shift key of the keyboard, click the right mouse button at the same time, and select open PowerShell window (or terminal) here.

Enter the following command and enter: PowerShell./frpc.exe -c frpc.toml

See the console output start proxy success, indicating that the secret pipeline is officially opened!

The fourth stage: test public network access

Now, the moment to witness a miracle has arrived.

If you run a website with Tomcat, Node.js or Python on your local computer, the port is

8080

Now you can take any mobile phone that can access the Internet, cut off the Wi-Fi to use the cellular network, and enter it in the address bar of your browser:

http:// your tencent

Cloud server public IP:8080

You will find that the web page in your local computer is directly opened on your mobile phone! At this time, whether it is WeChat applet real machine debugging, or to show the code to customers in different places, can run smoothly.

Advanced gameplay: bind domain names and hidden ports (say goodbye to ugly port numbers)

Each visit must be followed by IP

: 8080

Such a tail is not only ugly, but many companies' networks also ban non-standard ports. We hope to use

http://api.yourdomain.com

This clean domain name for direct access.

The best practice is to add a layer to the Tencent cloud server.

Nginx Reverse Proxy

Point the resolution record of your domain name (such as * .yourdomain.com pan-resolution) to your Tengxun cloud server IP.

Install Nginx on the Tencent Cloud server.

Modify the Nginx configuration to forward domain name requests from port 80 (standard web port) to frp's mapped port:

Restart Nginx:sudo systemctl restart Nginx.

After this configuration, tengxunyun's firewall only needs to be released

7000

(for frp) and

Eighty

(Nginx), external network access directly enter the domain name, even

: 8080

All saved, safe and elegant.

Summary and Avoidance of Pit

Using Tencent Cloud to build intranet penetration is a very practical and cost-effective technology. Finally, it is summarized into four pithy formulas, and the problems encountered are compared and investigated:

The versions at both ends should be the same: the frp version numbers of tengxunyun and local computers should be exactly the same, otherwise it is easy to disconnect inexplicably.

Security protection must not forget: token must be added to the configuration file, or your server will be used as a free springboard by bad people every minute.

The cloud port should be released: as long as a new remote_port is added, the "firewall" of tengxunyun console will open the door immediately.

nohup for background operation: remember to add nohup or configure systemd service for server operation to ensure that intranet penetration is still online after SSH is disconnected.