【技巧】使用frpc点对点安全地内网穿透访问ollama服务
0. 为什么需要部署内网穿透点对点服务
在家里想访问单位强劲机器,但是单位机器只能单向访问互联网,互联网无法直接访问到这台机器。通过在云服务器、单位内网服务器、源端访问机器上,分别部署frpc,可以把内网的服务点对点暴露给需要访问的机器。
本文字数2000+,阅读10分钟。
1. 互联网云服务器(简称Server01)
1.1. 配置 frps.toml
bindPort = 8003
说明:
监听 8003 端口接受客户端连接
1.2. 启动Server01服务
$ ./frps -c frps.toml
2025-05-12 13:32:22.888 [I] [frps/root.go:105] frps uses config file: frps.toml
2025-05-12 13:32:23.066 [I] [server/service.go:237] frps tcp listen on 0.0.0.0:8003
2025-05-12 13:32:23.066 [I] [frps/root.go:114] frps started successfully
2. 内网提供服务的机器(简称Server02)
2.1. 配置 frpc.toml
serverAddr = "[互联网云服务器ip或域名]"
serverPort = 8003
[[proxies]]
name = "ollama_tcp"
type = "stcp"
secretKey="[设置一个强度足够的密码]"
localIP = "127.0.0.1"
localPort = 11434
说明:
serverPort:8003 Server01提供服务中转的端口
localPort = 11434 本地需要暴露出去的端口
2.2. 启动Server02服务
$ ./frpc -c frpc.toml
2025-05-12 13:38:39.783 [I] [sub/root.go:149] start frpc service for config file [frpc.toml]
2025-05-12 13:38:39.783 [I] [client/service.go:314] try to connect to server...
2025-05-12 13:38:39.952 [I] [client/service.go:306] [e5d5ff58236a7c1a] login to server success, get run id [e5d5ff58236a7c1a]
2025-05-12 13:38:39.952 [I] [proxy/proxy_manager.go:177] [e5d5ff58236a7c1a] proxy added: [ollama_tcp]
2025-05-12 13:38:39.982 [I] [client/control.go:172] [e5d5ff58236a7c1a] [ollama_tcp] start proxy success
3. 点对点穿透内网访问Server02服务的机器(简称Server03)
3.1. 配置 frpc.toml
serverAddr = "[互联网云服务器ip或域名]"
serverPort = 8003
[[visitors]]
name = "ollama_tcp_vistor"
type = "stcp"
serverName = "ollama_tcp"
secretKey = "[Server02那个强度足够的密码]"
bindAddr= "127.0.0.1"
bindPort = 8001
说明:
serverPort:8003 Server01提供的中转服务端口
serverName Server02提供的服务名
bindPort = 8001 访问本地端口相当于访问Server02端口服务
3.2. 启动Server03服务
$ ./frpc -c frpc.toml
2025-05-12 13:41:59.679 [I] [sub/root.go:149] start frpc service for config file [frpc.toml]
2025-05-12 13:41:59.679 [I] [client/service.go:314] try to connect to server...
2025-05-12 13:41:59.943 [I] [client/service.go:306] [7f964c15b5115d3c] login to server success, get run id [7f964c15b5115d3c]
2025-05-12 13:41:59.943 [I] [visitor/visitor_manager.go:128] [7f964c15b5115d3c] start visitor success
2025-05-12 13:41:59.943 [I] [visitor/visitor_manager.go:179] [7f964c15b5115d3c] visitor added: [ollama_tcp_vistor]
1.3. 测试访问Server03的8001端口
在一台遥远的机器上,浏览器访问 localhost:8001
显示: Ollama is running
4. 在dify容器里面执行访问端程序
如果在win10的wsl直接执行frpc,容器docker-api-1无法访问本机端口服务,需要进一步配置
4.1. frp目录复制到dify的docker映射目录
[dify目录]/docker/volumes/app/storage
frp_0.62.1 image_files privkeys upload_files
4.2. 执行命令
$ sudo docker exec docker-api-1 /app/api/storage/frp_0.62.1/frpc -c /app/api/storage/frp_0.62.1/frpc.toml
[1]: https://gofrp.org/zh-cn/docs/overview/ frp使用指引
[2]: https://github.com/fatedier/frp/releases frp下载地址
[3]:https://mp.weixin.qq.com/s/T76yql-iHhFZTUFy-KHPwQ 基于Docker的内网穿透实战