Logo

Reasons

Published on
...
Authors

Because companies have rules and regulations, information security protection, and data compliance protection. Our R&D is especially like this. As an HBI computer, the company monitors very strictly.

Then I think it's also good to do some data isolation, protecting company privacy. I also hope my personal data isn't on the company computer. If something happens, losing all my data would be a huge loss.

I can conveniently access it at home through the local network with basically no latency. Accessing through my Chrome OS is perfect. I can also conveniently access it from the company, and the latency is acceptable, reaching a usable state. At least it ensures I can access the content I want anytime, anywhere.

Besides this, through Surge, I can also use it as a soft router to manage home internet devices, giving freedom to my Chrome OS. In addition to FRP intranet penetration, I also use tailscale-derp-guide to achieve a better networking experience.

Originally I had an Ubuntu server with 8GB+128GB configuration, but how should I put it:

  1. It requires a subscription fee, 500+ per year, and this is the first-time newcomer price. If I need to keep it, the price will be even higher
  2. Although the configuration looks good, after installing vscode, chrome, zotero, obsidian, and other software, it basically freezes and can't connect, requiring SSH to restart
  3. Then I bought a base model Mac Mini M2 8+256GB, which is enough to meet my current needs. If I need to upgrade after a few years, I can talk about it then and save money
  4. Light office work is basically no problem, and upgrading later will be much simpler

Mac Mini M2

This is an introduction I found on YouTube, roughly explaining what capabilities are needed to achieve these things. Hehe, I happen to have most of them, not to mention the support of ChatGPT and Claude.

FRP Intranet Penetration

🔗 Related Technology: Besides FRP, you can also consider using tailscale-derp-guide to achieve a simpler networking solution.

The most important thing is actually to enable company access, which requires intranet penetration

  1. Install FRP client on the Mac, write the TOML file, and set it to auto-start and run in the background

  2. Install FRP server on the Aliyun server, write the TOML file, and set it to auto-start and run in the background

  3. Write configuration file. Currently supported file formats include TOML/YAML/JSON. The old INI format is still supported but no longer recommended.

  4. Start the server with the following command: ./frps -c ./frps.toml.

  5. Start the client with the following command: ./frpc -c ./frpc.toml.

Mac Side

Aliyun Server Side frps.toml

Confirm the server-side processor model

root@shanghai-aliyun:~# lscpu | grep "Vendor ID"
Vendor ID: GenuineIntel

Download and extract FRP: Use wget command to download:

wget https://github.com/fatedier/frp/releases/download/v0.59.0/frp_0.59.0_linux_amd64.tar.gz
tar -zxvf frp_0.59.0_linux_amd64.tar.gz
cd frp_0.59.0_linux_amd64
sudo cp frps /usr/local/bin/
sudo mkdir /etc/frp
sudo cp frps.toml /etc/frp/
sudo nano /etc/frp/frps.toml

File content is as follows


[common]
bind_port = 7000
vhost_http_port = 8081
vhost_https_port = 443
dashboard_port = 81

[auth]
method = "token"
token = "XXXXXXXX"

[dashboard]
auth_method = "password"
user = "admin"
password = "XXXXXXXX"

[webServer]
addr = "0.0.0.0"
port = 81

Use systemd for boot startup and background running management

sudo nano /etc/systemd/system/frps.service

File content is as follows

[Unit]
   Description=Frp Server Service
   After=network.target

   [Service]
   Type=simple
   User=root
   Restart=on-failure
   RestartSec=5s
   ExecStart=/usr/local/bin/frps -c /etc/frp/frps.toml

   [Install]
   WantedBy=multi-user.target

Ensure correct file permissions

sudo chmod 644 /etc/systemd/system/frps.service
sudo systemctl daemon-reload
sudo systemctl start frps
sudo systemctl status frps

Mac Side Configuration frpc.toml

Navigate to the corresponding folder and change frpc.toml to the following content

[common]
server_addr = "XXXXXXXXXX"
server_port = 7000

[auth]
method = "token"
token = "XXXXXXXX"

[transport]
protocol = "tcp"
tls_enable = true

[proxies]
name = "ssh_m2"
type = "tcp"
local_ip = "127.0.0.1"
local_port = 22
remote_port = 33

[proxies1]
name = "smb_m2"
type = "tcp"
local_ip = "127.0.0.1"
local_port = 445
remote_port = 445

[proxies2]
name = "vnc_m2"
type = "tcp"
local_ip = "127.0.0.1"
local_port = 5900
remote_port = 5900

[proxies3]
name = "Nx_m2"
type = "tcp"
local_ip = "127.0.0.1"
local_port = 4000
remote_port = 4000

Then run

sudo ./frpc -c ./frpc.toml

Then it says frpc can't be opened because Apple cannot check it for malicious software. You need to go to Settings - Privacy and Security to manually enable this.

Auto-start on boot and run in background using macOS's launchd system

  1. Create a Launch Agent plist file:
mkdir -p ~/Library/LaunchAgents
nano ~/Library/LaunchAgents/com.frp.frpc.plist
  1. Paste the following content
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.frp.frpc</string>
    <key>ProgramArguments</key>
    <array>
        <string>/Users/huashan/Documents/frp_0.59.0_darwin_arm64/frpc</string>
        <string>-c</string>
        <string>/Users/huashan/Documents/frp_0.59.0_darwin_arm64/frpc.toml</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>KeepAlive</key>
    <true/>
    <key>StandardErrorPath</key>
    <string>/tmp/frpc.err</string>
    <key>StandardOutPath</key>
    <string>/tmp/frpc.out</string>
</dict>
</plist>
  1. Set correct permissions, load, and start service
chmod 644 ~/Library/LaunchAgents/com.frp.frpc.plist
launchctl load ~/Library/LaunchAgents/com.frp.frpc.plist
launchctl start com.frp.frpc

If you need to stop the service, you can use:

launchctl stop com.frp.frpc

If you want to completely remove this auto-start item, you can use:

launchctl unload ~/Library/LaunchAgents/com.frp.frpc.plist

Then delete the plist file: rm ~/Library/LaunchAgents/com.frp.frpc.plist

If you encounter any problems using FRP, or need to make any changes to the configuration, remember:

If you changed the frpc.toml configuration file, just restart the frpc service:

launchctl stop com.frp.frpc
launchctl start com.frp.frpc

If you changed the plist file, you need to unload then reload:

launchctl unload ~/Library/LaunchAgents/com.frp.frpc.plist
launchctl load ~/Library/LaunchAgents/com.frp.frpc.plist

Mac Mini Basic Settings

Need to prevent sleep, provide sharing permissions

  1. Settings main
  2. Screen saver -- never
  3. Energy saver -- turn everything on
  4. User and group -- auto login
  5. General - Sharing - screen sharing, file sharing, remote login, remote manager, content caching all turned on

被引用

1 篇文章引用

📄Introduction
As someone who wants to organize my life and express my feelings, I need a place to record my thoughts and ideas, so I've decided to use this blog aga...
📅
tutorial

Related Posts

Complete Tailscale Guide: From Self-Hosting DERP Servers to Mac Subnet Routing

Cloud Deployment

Deploying Sub-Store on VPS (Docker Compose + Caddy)

Guide on how to deploy Sub-Store on VPS using Docker Compose and Caddy, including basic usage and configuration.

TutorialCloud Deployment

Pandas Excel Reading Failure Case Analysis

Cloud Deployment
Reasons | 原子比特之间