From 3ae1a4f45af2e875820a095d53202cef20363474 Mon Sep 17 00:00:00 2001 From: fatedier Date: Tue, 10 Oct 2023 16:48:13 +0800 Subject: [PATCH] update confugration examples and README (#3650) --- README.md | 966 ++++++++++++------------- README_zh.md | 4 - Release.md | 1 + conf/frpc.toml | 360 +++++++++ conf/frps.toml | 154 ++++ conf/{ => legacy}/frpc_legacy_full.ini | 0 conf/{ => legacy}/frps_legacy_full.ini | 0 doc/server_plugin.md | 61 +- package.sh | 1 + pkg/config/legacy/client.go | 6 +- pkg/config/legacy/server.go | 20 +- pkg/config/load_test.go | 45 ++ pkg/config/v1/common.go | 6 +- pkg/config/v1/proxy.go | 4 +- pkg/config/v1/server.go | 2 +- pkg/util/version/version.go | 2 +- web/frps/auto-imports.d.ts | 4 +- 17 files changed, 1086 insertions(+), 550 deletions(-) create mode 100644 conf/frpc.toml create mode 100644 conf/frps.toml rename conf/{ => legacy}/frpc_legacy_full.ini (100%) rename conf/{ => legacy}/frps_legacy_full.ini (100%) create mode 100644 pkg/config/load_test.go diff --git a/README.md b/README.md index 5dc8658b..7c7656bf 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ frp also offers a P2P connect mode. * [Configuration Files](#configuration-files) * [Using Environment Variables](#using-environment-variables) * [Split Configures Into Different Files](#split-configures-into-different-files) - * [Dashboard](#dashboard) + * [Server Dashboard](#server-dashboard) * [Admin UI](#admin-ui) * [Monitor](#monitor) * [Prometheus](#prometheus) @@ -72,10 +72,8 @@ frp also offers a P2P connect mode. * [URL Routing](#url-routing) * [TCP Port Multiplexing](#tcp-port-multiplexing) * [Connecting to frps via HTTP PROXY](#connecting-to-frps-via-http-proxy) - * [Range ports mapping](#range-ports-mapping) * [Client Plugins](#client-plugins) * [Server Manage Plugins](#server-manage-plugins) -* [Development Plan](#development-plan) * [Contributing](#contributing) * [Donation](#donation) * [GitHub Sponsors](#github-sponsors) @@ -113,46 +111,45 @@ We sincerely appreciate your support for frp. To begin, download the latest program for your operating system and architecture from the [Release](https://github.com/fatedier/frp/releases) page. -Next, place the `frps` binary and `frps.ini` configuration file on Server A, which has a public IP address. +Next, place the `frps` binary and server configuration file on Server A, which has a public IP address. -Finally, place the `frpc` binary and `frpc.ini` configuration file on Server B, which is located on a LAN that cannot be directly accessed from the public internet. +Finally, place the `frpc` binary and client configuration file on Server B, which is located on a LAN that cannot be directly accessed from the public internet. Some antiviruses improperly mark frpc as malware and delete it. This is due to frp being a networking tool capable of creating reverse proxies. Antiviruses sometimes flag reverse proxies due to their ability to bypass firewall port restrictions. If you are using antivirus, then you may need to whitelist/exclude frpc in your antivirus settings to avoid accidental quarantine/deletion. See [issue 3637](https://github.com/fatedier/frp/issues/3637) for more details. ### Access your computer in a LAN network via SSH -1. Modify `frps.ini` on server A by setting the `bind_port` for frp clients to connect to: +1. Modify `frps.toml` on server A by setting the `bindPort` for frp clients to connect to: - ```ini - # frps.ini - [common] - bind_port = 7000 + ```toml + # frps.toml + bindPort = 7000 ``` 2. Start `frps` on server A: - `./frps -c ./frps.ini` + `./frps -c ./frps.toml` -3. Modify `frpc.ini` on server B and set the `server_addr` field to the public IP address of your frps server: +3. Modify `frpc.toml` on server B and set the `serverAddr` field to the public IP address of your frps server: - ```ini - # frpc.ini - [common] - server_addr = x.x.x.x - server_port = 7000 + ```toml + # frpc.toml + serverAddr = "x.x.x.x" + serverPort = 7000 - [ssh] - type = tcp - local_ip = 127.0.0.1 - local_port = 22 - remote_port = 6000 + [[proxies]] + name = "ssh" + type = "tcp" + localIP = "127.0.0.1" + localPort = 22 + remotePort = 6000 ``` -Note that the `local_port` (listened on the client) and `remote_port` (exposed on the server) are used for traffic going in and out of the frp system, while the `server_port` is used for communication between frps and frpc. +Note that the `localPort` (listened on the client) and `remotePort` (exposed on the server) are used for traffic going in and out of the frp system, while the `serverPort` is used for communication between frps and frpc. 4. Start `frpc` on server B: - `./frpc -c ./frpc.ini` + `./frpc -c ./frpc.toml` 5. To access server B from another machine through server A via SSH (assuming the username is `test`), use the following command: @@ -162,42 +159,41 @@ Note that the `local_port` (listened on the client) and `remote_port` (exposed o This example implements multiple SSH services exposed through the same port using a proxy of type tcpmux. Similarly, as long as the client supports the HTTP Connect proxy connection method, port reuse can be achieved in this way. -1. Deploy frps on a machine with a public IP and modify the frps.ini file. Here is a simplified configuration: +1. Deploy frps on a machine with a public IP and modify the frps.toml file. Here is a simplified configuration: - ```ini - [common] - bind_port = 7000 - tcpmux_httpconnect_port = 5002 + ```toml + bindPort = 7000 + tcpmuxHTTPConnectPort = 5002 ``` 2. Deploy frpc on the internal machine A with the following configuration: - ```ini - [common] - server_addr = x.x.x.x - server_port = 7000 + ```toml + serverAddr = "x.x.x.x" + serverPort = 7000 - [ssh1] - type = tcpmux - multiplexer = httpconnect - custom_domains = machine-a.example.com - local_ip = 127.0.0.1 - local_port = 22 + [[proxies]] + name = "ssh1" + type = "tcpmux" + multiplexer = "httpconnect" + customDomains = ["machine-a.example.com"] + localIP = "127.0.0.1" + localPort = 22 ``` 3. Deploy another frpc on the internal machine B with the following configuration: - ```ini - [common] - server_addr = x.x.x.x - server_port = 7000 + ```toml + serverAddr = "x.x.x.x" + serverPort = 7000 - [ssh2] - type = tcpmux - multiplexer = httpconnect - custom_domains = machine-b.example.com - local_ip = 127.0.0.1 - local_port = 22 + [[proxies]] + name = "ssh2" + type = "tcpmux" + multiplexer = "httpconnect" + customDomains = ["machine-b.example.com"] + localIP = "127.0.0.1" + localPort = 22 ``` 4. To access internal machine A using SSH ProxyCommand, assuming the username is "test": @@ -214,38 +210,37 @@ Sometimes we need to expose a local web service behind a NAT network to others f Unfortunately, we cannot resolve a domain name to a local IP. However, we can use frp to expose an HTTP(S) service. -1. Modify `frps.ini` and set the HTTP port for vhost to 8080: +1. Modify `frps.toml` and set the HTTP port for vhost to 8080: - ```ini - # frps.ini - [common] - bind_port = 7000 - vhost_http_port = 8080 + ```toml + # frps.toml + bindPort = 7000 + vhostHTTPPort = 8080 ``` If you want to configure an https proxy, you need to set up the `vhost_https_port`. 2. Start `frps`: - `./frps -c ./frps.ini` + `./frps -c ./frps.toml` -3. Modify `frpc.ini` and set `server_addr` to the IP address of the remote frps server. Specify the `local_port` of your web service: +3. Modify `frpc.toml` and set `serverAddr` to the IP address of the remote frps server. Specify the `localPort` of your web service: - ```ini - # frpc.ini - [common] - server_addr = x.x.x.x - server_port = 7000 + ```toml + # frpc.toml + serverAddr = "x.x.x.x" + serverPort = 7000 - [web] - type = http - local_port = 80 - custom_domains = www.example.com + [[proxies]] + name = "web" + type = "http" + localPort = 80 + customDomains = ["www.example.com"] ``` 4. Start `frpc`: - `./frpc -c ./frpc.ini` + `./frpc -c ./frpc.toml` 5. Map the A record of `www.example.com` to either the public IP of the remote frps server or a CNAME record pointing to your original domain. @@ -253,36 +248,35 @@ Unfortunately, we cannot resolve a domain name to a local IP. However, we can us ### Forward DNS query requests -1. Modify `frps.ini`: +1. Modify `frps.toml`: - ```ini - # frps.ini - [common] - bind_port = 7000 + ```toml + # frps.toml + bindPort = 7000 ``` 2. Start `frps`: - `./frps -c ./frps.ini` + `./frps -c ./frps.toml` -3. Modify `frpc.ini` and set `server_addr` to the IP address of the remote frps server. Forward DNS query requests to the Google Public DNS server `8.8.8.8:53`: +3. Modify `frpc.toml` and set `serverAddr` to the IP address of the remote frps server. Forward DNS query requests to the Google Public DNS server `8.8.8.8:53`: - ```ini - # frpc.ini - [common] - server_addr = x.x.x.x - server_port = 7000 + ```toml + # frpc.toml + serverAddr = "x.x.x.x" + serverPort = 7000 - [dns] - type = udp - local_ip = 8.8.8.8 - local_port = 53 - remote_port = 6000 + [[proxies]] + name = "dns" + type = "udp" + localIP = "8.8.8.8" + localPort = 53 + remotePort = 6000 ``` 4. Start frpc: - `./frpc -c ./frpc.ini` + `./frpc -c ./frpc.toml` 5. Test DNS resolution using the `dig` command: @@ -296,17 +290,18 @@ Configure `frps` as above. 1. Start `frpc` with the following configuration: - ```ini - # frpc.ini - [common] - server_addr = x.x.x.x - server_port = 7000 + ```toml + # frpc.toml + serverAddr = "x.x.x.x" + serverPort = 7000 - [unix_domain_socket] - type = tcp - remote_port = 6000 - plugin = unix_domain_socket - plugin_unix_path = /var/run/docker.sock + [[proxies]] + name = "unix_domain_socket" + type = "tcp" + remotePort = 6000 + [proxies.plugin] + type = "unix_domain_socket" + unixPath = "/var/run/docker.sock" ``` 2. Test the configuration by getting the docker version using `curl`: @@ -321,20 +316,21 @@ Configure `frps` as described above, then: 1. Start `frpc` with the following configuration: - ```ini - # frpc.ini - [common] - server_addr = x.x.x.x - server_port = 7000 + ```toml + # frpc.toml + serverAddr = "x.x.x.x" + serverPort = 7000 - [test_static_file] - type = tcp - remote_port = 6000 - plugin = static_file - plugin_local_path = /tmp/files - plugin_strip_prefix = static - plugin_http_user = abc - plugin_http_passwd = abc + [[proxies]] + name = "test_static_file" + type = "tcp" + remotePort = 6000 + [proxies.plugin] + type = "static_file" + localPath = "/tmp/files" + stripPrefix = "static" + httpUser = "abc" + httpPassword = "abc" ``` 2. Visit `http://x.x.x.x:6000/static/` from your browser and specify correct username and password to view files in `/tmp/files` on the `frpc` machine. @@ -345,23 +341,24 @@ You may substitute `https2https` for the plugin, and point the `plugin_local_add 1. Start `frpc` with the following configuration: - ```ini - # frpc.ini - [common] - server_addr = x.x.x.x - server_port = 7000 - vhost_https_port = 443 + ```toml + # frpc.toml + serverAddr = "x.x.x.x" + serverPort = 7000 + vhostHTTPSPort = 443 - [test_https2http] - type = https - custom_domains = test.example.com + [[proxies]] + name = "test_https2http" + type = "https" + customDomains = ["test.example.com"] - plugin = https2http - plugin_local_addr = 127.0.0.1:80 - plugin_crt_path = ./server.crt - plugin_key_path = ./server.key - plugin_host_header_rewrite = 127.0.0.1 - plugin_header_X-From-Where = frp + [proxies.plugin] + type = "https2http" + localAddr = "127.0.0.1:80" + crtPath = "./server.crt" + keyPath = "./server.key" + hostHeaderRewrite = "127.0.0.1" + requestHeaders.set.x-from-where = "frp" ``` 2. Visit `https://test.example.com`. @@ -374,34 +371,33 @@ Configure `frps` same as above. 1. Start `frpc` on machine B with the following config. This example is for exposing the SSH service (port 22), and note the `sk` field for the preshared key, and that the `remote_port` field is removed here: - ```ini - # frpc.ini - [common] - server_addr = x.x.x.x - server_port = 7000 + ```toml + # frpc.toml + serverAddr = "x.x.x.x" + serverPort = 7000 - [secret_ssh] - type = stcp - sk = abcdefg - local_ip = 127.0.0.1 - local_port = 22 + [[proxies]] + name = "secret_ssh" + type = "stcp" + secretKey = "abcdefg" + localIP = "127.0.0.1" + localPort = 22 ``` 2. Start another `frpc` (typically on another machine C) with the following config to access the SSH service with a security key (`sk` field): - ```ini - # frpc.ini - [common] - server_addr = x.x.x.x - server_port = 7000 + ```toml + # frpc.toml + serverAddr = "x.x.x.x" + serverPort = 7000 - [secret_ssh_visitor] - type = stcp - role = visitor - server_name = secret_ssh - sk = abcdefg - bind_addr = 127.0.0.1 - bind_port = 6000 + [[visitors]] + name = "secret_ssh_visitor" + type = "stcp" + serverName = "secret_ssh" + secretKey = "abcdefg" + bindAddr = "127.0.0.1" + bindPort = 6000 ``` 3. On machine C, connect to SSH on machine B, using this command: @@ -414,42 +410,41 @@ Configure `frps` same as above. Note that it may not work with all types of NAT devices. You might want to fallback to stcp if xtcp doesn't work. -1. Start `frpc` on machine B, and expose the SSH port. Note that the `remote_port` field is removed: +1. Start `frpc` on machine B, and expose the SSH port. Note that the `remotePort` field is removed: - ```ini - # frpc.ini - [common] - server_addr = x.x.x.x - server_port = 7000 + ```toml + # frpc.toml + serverAddr = "x.x.x.x" + serverPort = 7000 # set up a new stun server if the default one is not available. - # nat_hole_stun_server = xxx + # natHoleStunServer = "xxx" - [p2p_ssh] - type = xtcp - sk = abcdefg - local_ip = 127.0.0.1 - local_port = 22 + [[proxies]] + name = "p2p_ssh" + type = "xtcp" + secretKey = "abcdefg" + localIP = "127.0.0.1" + localPort = 22 ``` 2. Start another `frpc` (typically on another machine C) with the configuration to connect to SSH using P2P mode: - ```ini - # frpc.ini - [common] - server_addr = x.x.x.x - server_port = 7000 + ```toml + # frpc.toml + serverAddr = "x.x.x.x" + serverPort = 7000 # set up a new stun server if the default one is not available. - # nat_hole_stun_server = xxx + # natHoleStunServer = "xxx" - [p2p_ssh_visitor] - type = xtcp - role = visitor - server_name = p2p_ssh - sk = abcdefg - bind_addr = 127.0.0.1 - bind_port = 6000 + [[visitors]] + name = "p2p_ssh_visitor" + type = "xtcp" + serverName = "p2p_ssh" + secretKey = "abcdefg" + bindAddr = "127.0.0.1" + bindPort = 6000 # when automatic tunnel persistence is required, set it to true - keep_tunnel_open = false + keepTunnelOpen = false ``` 3. On machine C, connect to SSH on machine B, using this command: @@ -460,35 +455,39 @@ Note that it may not work with all types of NAT devices. You might want to fallb ### Configuration Files +Since v0.52.0, we support TOML, YAML, and JSON for configuration. Please note that INI is deprecated and will be removed in future releases. New features will only be available in TOML, YAML, or JSON. Users wanting these new features should switch their configuration format accordingly. + Read the full example configuration files to find out even more features not described here. -[Full configuration file for frps (Server)](./conf/frps_full.ini) +Examples use TOML format, but you can still use YAML or JSON. -[Full configuration file for frpc (Client)](./conf/frpc_full.ini) +[Full configuration file for frps (Server)](./conf/frps.toml) + +[Full configuration file for frpc (Client)](./conf/frpc.toml) ### Using Environment Variables Environment variables can be referenced in the configuration file, using Go's standard format: -```ini -# frpc.ini -[common] -server_addr = {{ .Envs.FRP_SERVER_ADDR }} -server_port = 7000 +```toml +# frpc.toml +serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}" +serverPort = 7000 -[ssh] -type = tcp -local_ip = 127.0.0.1 -local_port = 22 -remote_port = {{ .Envs.FRP_SSH_REMOTE_PORT }} +[[proxies]] +name = "ssh" +type = "tcp" +localIP = "127.0.0.1" +localPort = 22 +remotePort = "{{ .Envs.FRP_SSH_REMOTE_PORT }}" ``` With the config above, variables can be passed into `frpc` program like this: ``` -export FRP_SERVER_ADDR="x.x.x.x" -export FRP_SSH_REMOTE_PORT="6000" -./frpc -c ./frpc.ini +export FRP_SERVER_ADDR=x.x.x.x +export FRP_SSH_REMOTE_PORT=6000 +./frpc -c ./frpc.toml ``` `frpc` will render configuration file template using OS environment variables. Remember to prefix your reference with `.Envs`. @@ -497,81 +496,77 @@ export FRP_SSH_REMOTE_PORT="6000" You can split multiple proxy configs into different files and include them in the main file. -```ini -# frpc.ini -[common] -server_addr = x.x.x.x -server_port = 7000 -includes=./confd/*.ini +```toml +# frpc.toml +serverAddr = "x.x.x.x" +serverPort = 7000 +includes = ["./confd/*.toml"] ``` -```ini -# ./confd/test.ini -[ssh] -type = tcp -local_ip = 127.0.0.1 -local_port = 22 -remote_port = 6000 +```toml +# ./confd/test.toml +[[proxies]] +name = "ssh" +type = "tcp" +localIP = "127.0.0.1" +localPort = 22 +remotePort = 6000 ``` -### Dashboard +### Server Dashboard Check frp's status and proxies' statistics information by Dashboard. Configure a port for dashboard to enable this feature: -```ini -[common] -dashboard_port = 7500 +```toml +webServer.port = 7500 # dashboard's username and password are both optional -dashboard_user = admin -dashboard_pwd = admin +webServer.user = "admin" +webServer.password = "admin" ``` Then visit `http://[server_addr]:7500` to see the dashboard, with username and password both being `admin`. Additionally, you can use HTTPS port by using your domains wildcard or normal SSL certificate: -```ini -[common] -dashboard_port = 7500 +```toml +webServer.port = 7500 # dashboard's username and password are both optional -dashboard_user = admin -dashboard_pwd = admin -dashboard_tls_mode = true -dashboard_tls_cert_file = server.crt -dashboard_tls_key_file = server.key +webServer.user = "admin" +webServer.password = "admin" +webServer.tls.certFile = "server.crt" +webServer.tls.keyFile = "server.key" ``` Then visit `https://[server_addr]:7500` to see the dashboard in secure HTTPS connection, with username and password both being `admin`. ![dashboard](/doc/pic/dashboard.png) -### Admin UI +### Client Admin UI -The Admin UI helps you check and manage frpc's configuration. +The Client Admin UI helps you check and manage frpc's configuration. Configure an address for admin UI to enable this feature: -```ini -[common] -admin_addr = 127.0.0.1 -admin_port = 7400 -admin_user = admin -admin_pwd = admin +```toml +webServer.addr = "127.0.0.1" +webServer.port = 7400 +webServer.user = "admin" +webServer.password = "admin" ``` Then visit `http://127.0.0.1:7400` to see admin UI, with username and password both being `admin`. ### Monitor -When dashboard is enabled, frps will save monitor data in cache. It will be cleared after process restart. +When web server is enabled, frps will save monitor data in cache for 7 days. It will be cleared after process restart. Prometheus is also supported. #### Prometheus -Enable dashboard first, then configure `enable_prometheus = true` in `frps.ini`. +Enable dashboard first, then configure `enablePrometheus = true` in `frps.toml`. `http://{dashboard_addr}/metrics` will provide prometheus monitor data. @@ -579,80 +574,81 @@ Enable dashboard first, then configure `enable_prometheus = true` in `frps.ini`. There are 2 authentication methods to authenticate frpc with frps. -You can decide which one to use by configuring `authentication_method` under `[common]` in `frpc.ini` and `frps.ini`. +You can decide which one to use by configuring `auth.method` in `frpc.toml` and `frps.toml`, the default one is token. -Configuring `authenticate_heartbeats = true` under `[common]` will use the configured authentication method to add and validate authentication on every heartbeat between frpc and frps. +Configuring `auth.additionalScopes = ["HeartBeats"]` will use the configured authentication method to add and validate authentication on every heartbeat between frpc and frps. -Configuring `authenticate_new_work_conns = true` under `[common]` will do the same for every new work connection between frpc and frps. +Configuring `auth.additionalScopes = ["NewWorkConns"]` will do the same for every new work connection between frpc and frps. #### Token Authentication -When specifying `authentication_method = token` under `[common]` in `frpc.ini` and `frps.ini` - token based authentication will be used. +When specifying `auth.method = "token"` in `frpc.toml` and `frps.toml` - token based authentication will be used. -Make sure to specify the same `token` in the `[common]` section in `frps.ini` and `frpc.ini` for frpc to pass frps validation +Make sure to specify the same `auth.token` in `frps.toml` and `frpc.toml` for frpc to pass frps validation #### OIDC Authentication -When specifying `authentication_method = oidc` under `[common]` in `frpc.ini` and `frps.ini` - OIDC based authentication will be used. +When specifying `auth.method = "oidc"` in `frpc.toml` and `frps.toml` - OIDC based authentication will be used. OIDC stands for OpenID Connect, and the flow used is called [Client Credentials Grant](https://tools.ietf.org/html/rfc6749#section-4.4). -To use this authentication type - configure `frpc.ini` and `frps.ini` as follows: +To use this authentication type - configure `frpc.toml` and `frps.toml` as follows: -```ini -# frps.ini -[common] -authentication_method = oidc -oidc_issuer = https://example-oidc-issuer.com/ -oidc_audience = https://oidc-audience.com/.default +```toml +# frps.toml +auth.method = "oidc" +auth.oidc.issuer = "https://example-oidc-issuer.com/" +auth.oidc.audience = "https://oidc-audience.com/.default" ``` -```ini -# frpc.ini -[common] -authentication_method = oidc -oidc_client_id = 98692467-37de-409a-9fac-bb2585826f18 # Replace with OIDC client ID -oidc_client_secret = oidc_secret -oidc_audience = https://oidc-audience.com/.default -oidc_token_endpoint_url = https://example-oidc-endpoint.com/oauth2/v2.0/token +```toml +# frpc.toml +auth.method = "oidc" +auth.oidc.clientID = "98692467-37de-409a-9fac-bb2585826f18" # Replace with OIDC client ID +auth.oidc.clientSecret = "oidc_secret" +auth.oidc.audience = "https://oidc-audience.com/.default" +auth.oidc.tokenEndpointURL = "https://example-oidc-endpoint.com/oauth2/v2.0/token" ``` ### Encryption and Compression The features are off by default. You can turn on encryption and/or compression: -```ini -# frpc.ini -[ssh] -type = tcp -local_port = 22 -remote_port = 6000 -use_encryption = true -use_compression = true +```toml +# frpc.toml +[[proxies]] +name = "ssh" +type = "tcp" +localPort = 22 +remotePort = 6000 +transport.useEncryption = true +transport.useCompression = true ``` #### TLS -Since v0.50.0, the default value of `tls_enable` and `disable_custom_tls_first_byte` has been changed to true, and tls is enabled by default. +Since v0.50.0, the default value of `transport.tls.enable` and `transport.tls.disableCustomTLSFirstByte` has been changed to true, and tls is enabled by default. -For port multiplexing, frp sends a first byte `0x17` to dial a TLS connection. This only takes effect when you set `disable_custom_tls_first_byte` to false. +For port multiplexing, frp sends a first byte `0x17` to dial a TLS connection. This only takes effect when you set `transport.tls.disableCustomTLSFirstByte` to false. -To **enforce** `frps` to only accept TLS connections - configure `tls_only = true` in the `[common]` section in `frps.ini`. **This is optional.** +To **enforce** `frps` to only accept TLS connections - configure `transport.tls.force = true` in `frps.toml`. **This is optional.** -**`frpc` TLS settings (under the `[common]` section):** -```ini -tls_enable = true -tls_cert_file = certificate.crt -tls_key_file = certificate.key -tls_trusted_ca_file = ca.crt +**`frpc` TLS settings:** + +```toml +transport.tls.enable = true +transport.tls.certFile = "certificate.crt" +transport.tls.keyFile = "certificate.key" +transport.tls.trustedCaFile = "ca.crt" ``` -**`frps` TLS settings (under the `[common]` section):** -```ini -tls_only = true -tls_cert_file = certificate.crt -tls_key_file = certificate.key -tls_trusted_ca_file = ca.crt +**`frps` TLS settings:** + +```toml +transport.tls.force = true +transport.tls.certFile = "certificate.crt" +transport.tls.keyFile = "certificate.key" +transport.tls.trustedCaFile = "ca.crt" ``` You will need **a root CA cert** and **at least one SSL/TLS certificate**. It **can** be self-signed or regular (such as Let's Encrypt or another SSL/TLS certificate provider). @@ -729,40 +725,41 @@ openssl x509 -req -days 365 -sha256 \ ### Hot-Reloading frpc configuration -The `admin_addr` and `admin_port` fields are required for enabling HTTP API: +The `webServer` fields are required for enabling HTTP API: -```ini -# frpc.ini -[common] -admin_addr = 127.0.0.1 -admin_port = 7400 +```toml +# frpc.toml +webServer.addr = "127.0.0.1" +webServer.port = 7400 ``` -Then run command `frpc reload -c ./frpc.ini` and wait for about 10 seconds to let `frpc` create or update or remove proxies. +Then run command `frpc reload -c ./frpc.toml` and wait for about 10 seconds to let `frpc` create or update or remove proxies. -**Note that parameters in [common] section won't be modified except 'start'.** +**Note that global client parameters won't be modified except 'start'.** -You can run command `frpc verify -c ./frpc.ini` before reloading to check if there are config errors. +You can run command `frpc verify -c ./frpc.toml` before reloading to check if there are config errors. ### Get proxy status from client -Use `frpc status -c ./frpc.ini` to get status of all proxies. The `admin_addr` and `admin_port` fields are required for enabling HTTP API. +Use `frpc status -c ./frpc.toml` to get status of all proxies. The `webServer` fields are required for enabling HTTP API. ### Only allowing certain ports on the server -`allow_ports` in `frps.ini` is used to avoid abuse of ports: +`allowPorts` in `frps.toml` is used to avoid abuse of ports: -```ini -# frps.ini -[common] -allow_ports = 2000-3000,3001,3003,4000-50000 +```toml +# frps.toml +allowPorts = [ + { start = 2000, end = 3000 }, + { single = 3001 }, + { single = 3003 }, + { start = 4000, end = 50000 } +] ``` -`allow_ports` consists of specific ports or port ranges (lowest port number, dash `-`, highest port number), separated by comma `,`. - ### Port Reuse -`vhost_http_port` and `vhost_https_port` in frps can use same port with `bind_port`. frps will detect the connection's protocol and handle it correspondingly. +`vhostHTTPPort` and `vhostHTTPSPort` in frps can use same port with `bindPort`. frps will detect the connection's protocol and handle it correspondingly. We would like to try to allow multiple proxies bind a same remote port with different protocols in the future. @@ -770,29 +767,29 @@ We would like to try to allow multiple proxies bind a same remote port with diff #### For Each Proxy -```ini -# frpc.ini -[ssh] -type = tcp -local_port = 22 -remote_port = 6000 -bandwidth_limit = 1MB +```toml +# frpc.toml +[[proxies]] +name = "ssh" +type = "tcp" +localPort = 22 +remotePort = 6000 +transport.bandwidthLimit = "1MB" ``` -Set `bandwidth_limit` in each proxy's configure to enable this feature. Supported units are `MB` and `KB`. +Set `transport.bandwidthLimit` in each proxy's configure to enable this feature. Supported units are `MB` and `KB`. -Set `bandwidth_limit_mode` to `client` or `server` to limit bandwidth on the client or server side. Default is `client`. +Set `transport.bandwidthLimitMode` to `client` or `server` to limit bandwidth on the client or server side. Default is `client`. ### TCP Stream Multiplexing frp supports tcp stream multiplexing since v0.10.0 like HTTP2 Multiplexing, in which case all logic connections to the same frpc are multiplexed into the same TCP connection. -You can disable this feature by modify `frps.ini` and `frpc.ini`: +You can disable this feature by modify `frps.toml` and `frpc.toml`: -```ini -# frps.ini and frpc.ini, must be same -[common] -tcp_mux = false +```toml +# frps.toml and frpc.toml, must be same +tcpMux = false ``` ### Support KCP Protocol @@ -803,25 +800,23 @@ KCP mode uses UDP as the underlying transport. Using KCP in frp: 1. Enable KCP in frps: - ```ini - # frps.ini - [common] - bind_port = 7000 + ```toml + # frps.toml + bindPort = 7000 # Specify a UDP port for KCP. - kcp_bind_port = 7000 + kcpBindPort = 7000 ``` - The `kcp_bind_port` number can be the same number as `bind_port`, since `bind_port` field specifies a TCP port. + The `kcpBindPort` number can be the same number as `bindPort`, since `bindPort` field specifies a TCP port. -2. Configure `frpc.ini` to use KCP to connect to frps: +2. Configure `frpc.toml` to use KCP to connect to frps: - ```ini - # frpc.ini - [common] - server_addr = x.x.x.x - # Same as the 'kcp_bind_port' in frps.ini - server_port = 7000 - protocol = kcp + ```toml + # frpc.toml + serverAddr = "x.x.x.x" + # Same as the 'kcpBindPort' in frps.toml + serverPort = 7000 + transport.protocol = "kcp" ``` ### Support QUIC Protocol @@ -832,25 +827,23 @@ Using QUIC in frp: 1. Enable QUIC in frps: - ```ini - # frps.ini - [common] - bind_port = 7000 + ```toml + # frps.toml + bindPort = 7000 # Specify a UDP port for QUIC. - quic_bind_port = 7000 + quicBindPort = 7000 ``` - The `quic_bind_port` number can be the same number as `bind_port`, since `bind_port` field specifies a TCP port. + The `quicBindPort` number can be the same number as `bind_port`, since `bind_port` field specifies a TCP port. -2. Configure `frpc.ini` to use QUIC to connect to frps: +2. Configure `frpc.toml` to use QUIC to connect to frps: - ```ini - # frpc.ini - [common] - server_addr = x.x.x.x - # Same as the 'quic_bind_port' in frps.ini - server_port = 7000 - protocol = quic + ```toml + # frpc.toml + serverAddr = "x.x.x.x" + # Same as the 'quicBindPort' in frps.toml + serverPort = 7000 + transport.protocol = "quic" ``` ### Connection Pooling @@ -859,20 +852,18 @@ By default, frps creates a new frpc connection to the backend service upon a use This feature is suitable for a large number of short connections. -1. Configure the limit of pool count each proxy can use in `frps.ini`: +1. Configure the limit of pool count each proxy can use in `frps.toml`: - ```ini - # frps.ini - [common] - max_pool_count = 5 + ```toml + # frps.toml + transport.maxPoolCount = 5 ``` 2. Enable and specify the number of connection pool: - ```ini - # frpc.ini - [common] - pool_count = 1 + ```toml + # frpc.toml + transport.poolCount = 1 ``` ### Load balancing @@ -881,87 +872,92 @@ Load balancing is supported by `group`. This feature is only available for types `tcp`, `http`, `tcpmux` now. -```ini -# frpc.ini -[test1] -type = tcp -local_port = 8080 -remote_port = 80 -group = web -group_key = 123 +```toml +# frpc.toml +[[proxies]] +name = "test1" +type = "tcp" +localPort = 8080 +remotePort = 80 +loadBalancer.group = "web" +loadBalancer.groupKey = "123" -[test2] -type = tcp -local_port = 8081 -remote_port = 80 -group = web -group_key = 123 +[[proxies]] +name = "test2" +type = "tcp" +localPort = 8081 +remotePort = 80 +loadBalancer.group = "web" +loadBalancer.groupKey = "123" ``` -`group_key` is used for authentication. +`loadBalancer.groupKey` is used for authentication. Connections to port 80 will be dispatched to proxies in the same group randomly. -For type `tcp`, `remote_port` in the same group should be the same. +For type `tcp`, `remotePort` in the same group should be the same. -For type `http`, `custom_domains`, `subdomain`, `locations` should be the same. +For type `http`, `customDomains`, `subdomain`, `locations` should be the same. ### Service Health Check Health check feature can help you achieve high availability with load balancing. -Add `health_check_type = tcp` or `health_check_type = http` to enable health check. +Add `healthCheck.type = "tcp"` or `healthCheck.type = "http"` to enable health check. With health check type **tcp**, the service port will be pinged (TCPing): -```ini -# frpc.ini -[test1] -type = tcp -local_port = 22 -remote_port = 6000 +```toml +# frpc.toml +[[proxies]] +name = "test1" +type = "tcp" +localPort = 22 +remotePort = 6000 # Enable TCP health check -health_check_type = tcp +healthCheck.type = "tcp" # TCPing timeout seconds -health_check_timeout_s = 3 +healthCheck.timeoutSeconds = 3 # If health check failed 3 times in a row, the proxy will be removed from frps -health_check_max_failed = 3 +healthCheck.maxFailed = 3 # A health check every 10 seconds -health_check_interval_s = 10 +healthCheck.intervalSeconds = 10 ``` With health check type **http**, an HTTP request will be sent to the service and an HTTP 2xx OK response is expected: -```ini -# frpc.ini -[web] -type = http -local_ip = 127.0.0.1 -local_port = 80 -custom_domains = test.example.com +```toml +# frpc.toml +[[proxies]] +name = "web" +type = "http" +localIP = "127.0.0.1" +localPort = 80 +customDomains = ["test.example.com"] # Enable HTTP health check -health_check_type = http +healthCheck.type = "http" # frpc will send a GET request to '/status' # and expect an HTTP 2xx OK response -health_check_url = /status -health_check_timeout_s = 3 -health_check_max_failed = 3 -health_check_interval_s = 10 +healthCheck.path = "/status" +healthCheck.timeoutSeconds = 3 +healthCheck.maxFailed = 3 +healthCheck.intervalSeconds = 10 ``` ### Rewriting the HTTP Host Header By default frp does not modify the tunneled HTTP requests at all as it's a byte-for-byte copy. -However, speaking of web servers and HTTP requests, your web server might rely on the `Host` HTTP header to determine the website to be accessed. frp can rewrite the `Host` header when forwarding the HTTP requests, with the `host_header_rewrite` field: +However, speaking of web servers and HTTP requests, your web server might rely on the `Host` HTTP header to determine the website to be accessed. frp can rewrite the `Host` header when forwarding the HTTP requests, with the `hostHeaderRewrite` field: -```ini -# frpc.ini -[web] -type = http -local_port = 80 -custom_domains = test.example.com -host_header_rewrite = dev.example.com +```toml +# frpc.toml +[[proxies]] +name = "web" +type = "http" +localPort = 80 +customDomains = ["test.example.com"] +hostHeaderRewrite = "dev.example.com" ``` The HTTP request will have the `Host` header rewritten to `Host: dev.example.com` when it reaches the actual web server, although the request from the browser probably has `Host: test.example.com`. @@ -970,19 +966,18 @@ The HTTP request will have the `Host` header rewritten to `Host: dev.example.com Similar to `Host`, You can override other HTTP request headers with proxy type `http`. -```ini -# frpc.ini -[web] -type = http -local_port = 80 -custom_domains = test.example.com -host_header_rewrite = dev.example.com -header_X-From-Where = frp +```toml +# frpc.toml +[[proxies]] +name = "web" +type = "http" +localPort = 80 +customDomains = ["test.example.com"] +hostHeaderRewrite = "dev.example.com" +requestHeaders.set.x-from-where = "frp" ``` -Note that parameter(s) prefixed with `header_` will be added to HTTP request headers. - -In this example, it will set header `X-From-Where: frp` in the HTTP request. +In this example, it will set header `x-from-where: frp` in the HTTP request. ### Get Real IP @@ -998,15 +993,16 @@ frp supports Proxy Protocol to send user's real IP to local services. It support Here is an example for https service: -```ini -# frpc.ini -[web] -type = https -local_port = 443 -custom_domains = test.example.com +```toml +# frpc.toml +[[proxies]] +name = "web" +type = "https" +localPort = 443 +customDomains = ["test.example.com"] # now v1 and v2 are supported -proxy_protocol_version = v2 +transport.proxyProtocolVersion = "v2" ``` You can enable Proxy Protocol support in nginx to expose user's real IP in HTTP header `X-Real-IP`, and then read `X-Real-IP` header in your web service for the real IP. @@ -1019,14 +1015,15 @@ This enforces HTTP Basic Auth on all requests with the username and password spe It can only be enabled when proxy type is http. -```ini -# frpc.ini -[web] -type = http -local_port = 80 -custom_domains = test.example.com -http_user = abc -http_pwd = abc +```toml +# frpc.toml +[[proxies]] +name = "web" +type = "http" +localPort = 80 +customDomains = ["test.example.com"] +httpUser = "abc" +httpPassword = "abc" ``` Visit `http://test.example.com` in the browser and now you are prompted to enter the username and password. @@ -1035,24 +1032,25 @@ Visit `http://test.example.com` in the browser and now you are prompted to enter It is convenient to use `subdomain` configure for http and https types when many people share one frps server. -```ini -# frps.ini -subdomain_host = frps.com +```toml +# frps.toml +subDomainHost = "frps.com" ``` Resolve `*.frps.com` to the frps server's IP. This is usually called a Wildcard DNS record. -```ini -# frpc.ini -[web] -type = http -local_port = 80 -subdomain = test +```toml +# frpc.toml +[[proxies]] +name = "web" +type = "http" +localPort = 80 +subdomain = "test" ``` Now you can visit your web service on `test.frps.com`. -Note that if `subdomain_host` is not empty, `custom_domains` should not be the subdomain of `subdomain_host`. +Note that if `subdomainHost` is not empty, `customDomains` should not be the subdomain of `subdomainHost`. ### URL Routing @@ -1060,59 +1058,61 @@ frp supports forwarding HTTP requests to different backend web services by url r `locations` specifies the prefix of URL used for routing. frps first searches for the most specific prefix location given by literal strings regardless of the listed order. -```ini -# frpc.ini -[web01] -type = http -local_port = 80 -custom_domains = web.example.com -locations = / +```toml +# frpc.toml +[[proxies]] +name = "web01" +type = "http" +localPort = 80 +customDomains = ["web.example.com"] +locations = ["/"] -[web02] -type = http -local_port = 81 -custom_domains = web.example.com -locations = /news,/about +[[proxies]] +name = "web02" +type = "http" +localPort = 81 +customDomains = ["web.example.com"] +locations = ["/news", "/about"] ``` HTTP requests with URL prefix `/news` or `/about` will be forwarded to **web02** and other requests to **web01**. ### TCP Port Multiplexing -frp supports receiving TCP sockets directed to different proxies on a single port on frps, similar to `vhost_http_port` and `vhost_https_port`. +frp supports receiving TCP sockets directed to different proxies on a single port on frps, similar to `vhostHTTPPort` and `vhostHTTPSPort`. The only supported TCP port multiplexing method available at the moment is `httpconnect` - HTTP CONNECT tunnel. -When setting `tcpmux_httpconnect_port` to anything other than 0 in frps under `[common]`, frps will listen on this port for HTTP CONNECT requests. +When setting `tcpmuxHTTPConnectPort` to anything other than 0 in frps, frps will listen on this port for HTTP CONNECT requests. -The host of the HTTP CONNECT request will be used to match the proxy in frps. Proxy hosts can be configured in frpc by configuring `custom_domain` and / or `subdomain` under `type = tcpmux` proxies, when `multiplexer = httpconnect`. +The host of the HTTP CONNECT request will be used to match the proxy in frps. Proxy hosts can be configured in frpc by configuring `customDomains` and / or `subdomain` under `tcpmux` proxies, when `multiplexer = "httpconnect"`. For example: -```ini -# frps.ini -[common] -bind_port = 7000 -tcpmux_httpconnect_port = 1337 +```toml +# frps.toml +bindPort = 7000 +tcpmuxHTTPConnectPort = 1337 ``` -```ini -# frpc.ini -[common] -server_addr = x.x.x.x -server_port = 7000 +```toml +# frpc.toml +serverAddr = "x.x.x.x" +serverPort = 7000 -[proxy1] -type = tcpmux -multiplexer = httpconnect -custom_domains = test1 -local_port = 80 +[[proxies]] +name = "proxy1" +type = "tcpmux" +multiplexer = "httpconnect" +customDomains = ["test1"] +localPort = 80 -[proxy2] -type = tcpmux -multiplexer = httpconnect -custom_domains = test2 -local_port = 8080 +[[proxies]] +name = "proxy2" +type = "tcpmux" +multiplexer = "httpconnect" +customDomains = ["test2"] +localPort = 8080 ``` In the above configuration - frps can be contacted on port 1337 with a HTTP CONNECT header such as: @@ -1122,56 +1122,40 @@ CONNECT test1 HTTP/1.1\r\n\r\n ``` and the connection will be routed to `proxy1`. -### Connecting to frps via HTTP PROXY +### Connecting to frps via PROXY -frpc can connect to frps using HTTP proxy if you set OS environment variable `HTTP_PROXY`, or if `http_proxy` is set in frpc.ini file. +frpc can connect to frps through proxy if you set OS environment variable `HTTP_PROXY`, or if `transport.proxyURL` is set in frpc.toml file. It only works when protocol is tcp. -```ini -# frpc.ini -[common] -server_addr = x.x.x.x -server_port = 7000 -http_proxy = http://user:pwd@192.168.1.128:8080 +```toml +# frpc.toml +serverAddr = "x.x.x.x" +serverPort = 7000 +transport.proxyURL = "http://user:pwd@192.168.1.128:8080" ``` -### Range ports mapping - -Proxy with names that start with `range:` will support mapping range ports. - -```ini -# frpc.ini -[range:test_tcp] -type = tcp -local_ip = 127.0.0.1 -local_port = 6000-6006,6007 -remote_port = 6000-6006,6007 -``` - -frpc will generate 8 proxies like `test_tcp_0`, `test_tcp_1`, ..., `test_tcp_7`. - ### Client Plugins frpc only forwards requests to local TCP or UDP ports by default. Plugins are used for providing rich features. There are built-in plugins such as `unix_domain_socket`, `http_proxy`, `socks5`, `static_file`, `http2https`, `https2http`, `https2https` and you can see [example usage](#example-usage). -Specify which plugin to use with the `plugin` parameter. Configuration parameters of plugin should be started with `plugin_`. `local_ip` and `local_port` are not used for plugin. - Using plugin **http_proxy**: -```ini -# frpc.ini -[http_proxy] -type = tcp -remote_port = 6000 -plugin = http_proxy -plugin_http_user = abc -plugin_http_passwd = abc +```toml +# frpc.toml +[[proxies]] +name = "http_proxy" +type = "tcp" +remotePort = 6000 +[proxies.plugin] +type = "http_proxy" +httpUser = "abc" +httpPassword = "abc" ``` -`plugin_http_user` and `plugin_http_passwd` are configuration parameters used in `http_proxy` plugin. +`httpUser` and `httpPassword` are configuration parameters used in `http_proxy` plugin. ### Server Manage Plugins @@ -1179,10 +1163,6 @@ Read the [document](/doc/server_plugin.md). Find more plugins in [gofrp/plugin](https://github.com/gofrp/plugin). -## Development Plan - -* Log HTTP request information in frps. - ## Contributing Interested in getting involved? We would like to help you! diff --git a/README_zh.md b/README_zh.md index 951a7938..d6256a1b 100644 --- a/README_zh.md +++ b/README_zh.md @@ -90,10 +90,6 @@ frp 是一个免费且开源的项目,我们欢迎任何人为其开发和进 ![zsxq](/doc/pic/zsxq.jpg) -### 支付宝扫码捐赠 - -![donate-alipay](/doc/pic/donate-alipay.png) - ### 微信支付捐赠 ![donate-wechatpay](/doc/pic/donate-wechatpay.png) diff --git a/Release.md b/Release.md index a25902cb..95f1ba36 100644 --- a/Release.md +++ b/Release.md @@ -6,3 +6,4 @@ * Change the way to start the visitor through the command line from `frpc stcp --role=visitor xxx` to `frpc stcp visitor xxx`. * Modified the semantics of the `server_addr` in the command line, no longer including the port. Added the `server_port` parameter to configure the port. +* No longer support range ports mapping in TOML/YAML/JSON. diff --git a/conf/frpc.toml b/conf/frpc.toml new file mode 100644 index 00000000..05d6cbe2 --- /dev/null +++ b/conf/frpc.toml @@ -0,0 +1,360 @@ +# your proxy name will be changed to {user}.{proxy} +user = "your_name" + +# A literal address or host name for IPv6 must be enclosed +# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" +# For single serverAddr field, no need square brackets, like serverAddr = "::". +serverAddr = "0.0.0.0" +serverPort = 7000 + +# STUN server to help penetrate NAT hole. +# natHoleStunServer = "stun.easyvoip.com:3478" + +# Decide if exit program when first login failed, otherwise continuous relogin to frps +# default is true +loginFailExit = true + +# console or real logFile path like ./frpc.log +log.to = "./frpc.log" +# trace, debug, info, warn, error +log.level = "info" +log.maxDays = 3 +# disable log colors when log.to is console, default is false +log.disablePrintColor = false + +auth.method = "token" +# auth.additionalScopes specifies additional scopes to include authentication information. +# Optional values are HeartBeats, NewWorkConns. +# auth.additionalScopes = ["HeartBeats", "NewWorkConns"] + +# auth token +auth.token = "12345678" + +# oidc.clientID specifies the client ID to use to get a token in OIDC authentication. +# auth.oidc.clientID = "" +# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication. +# auth.oidc.clientSecret = "" +# oidc.audience specifies the audience of the token in OIDC authentication. +# auth.oidc.audience = "" +# oidc_scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "". +# auth.oidc.scope = "" +# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint. +# It will be used to get an OIDC token. +# auth.oidc.tokenEndpointURL = "" + +# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint. +# For example, if you want to specify the "audience" parameter, you can set as follow. +# frp will add "audience=" "var1=" to the additional parameters. +# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/" +# auth.oidc.additionalEndpointParams.var1 = "foobar" + +# Set admin address for control frpc's action by http api such as reload +webServer.addr = "127.0.0.1" +webServer.port = 7400 +webServer.user = "admin" +webServer.password = "admin" +# Admin assets directory. By default, these assets are bundled with frpc. +# webServer.assetsDir = "./static" + +# Enable golang pprof handlers in admin listener. +webServer.pprofEnable = false + +# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds. +# transport.dialServerTimeout = 10 + +# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. +# If negative, keep-alive probes are disabled. +# transport.dialServerKeepalive = 7200 + +# connections will be established in advance, default value is zero +transport.poolCount = 5 + +# If tcp stream multiplexing is used, default is true, it must be same with frps +# transport.tcpMux = true + +# Specify keep alive interval for tcp mux. +# only valid if tcpMux is enabled. +# transport.tcpMuxKeepaliveInterval = 60 + +# Communication protocol used to connect to server +# supports tcp, kcp, quic, websocket and wss now, default is tcp +transport.protocol = "tcp" + +# set client binding ip when connect server, default is empty. +# only when protocol = tcp or websocket, the value will be used. +transport.connectServerLocalIP = "0.0.0.0" + +# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables +# it only works when protocol is tcp +# transport.proxyURL = "http://user:passwd@192.168.1.128:8080" +# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080" +# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080" + +# quic protocol options +# transport.quic.keepalivePeriod = 10 +# transport.quic.maxIdleTimeout = 30 +# transport.quic.maxIncomingStreams = 100000 + +# If tls.enable is true, frpc will connect frps by tls. +# Since v0.50.0, the default value has been changed to true, and tls is enabled by default. +transport.tls.enable = true + +# transport.tls.certFile = "client.crt" +# transport.tls.keyFile = "client.key" +# transport.tls.trustedCaFile = "ca.crt" +# transport.tls.serverName = "example.com" + +# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the +# first custom byte when tls is enabled. +# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default. +# transport.tls.disableCustomTLSFirstByte = true + +# Heartbeat configure, it's not recommended to modify the default value. +# The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value +# to disable it. +# transport.heartbeatInterval = 30 +# transport.heartbeatTimeout = 90 + +# Specify a dns server, so frpc will use this instead of default one +# dnsServer = "8.8.8.8" + +# Proxy names you want to start. +# Default is empty, means all proxies. +# start = ["ssh", "dns"] + +# Specify udp packet size, unit is byte. If not set, the default value is 1500. +# This parameter should be same between client and server. +# It affects the udp and sudp proxy. +udpPacketSize = 1500 + +# Additional metadatas for client. +metadatas.var1 = "abc" +metadatas.var2 = "123" + +# Include other config files for proxies. +# includes = ["./confd/*.ini"] + +[[proxies]] +# 'ssh' is the unique proxy name +# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh' +name = "ssh" +type = "tcp" +localIP = "127.0.0.1" +localPort = 22 +# Limit bandwidth for this proxy, unit is KB and MB +transport.bandwidthLimit = "1MB" +# Where to limit bandwidth, can be 'client' or 'server', default is 'client' +transport.bandwidthLimitMode = "client" +# If true, traffic of this proxy will be encrypted, default is false +transport.useEncryption = false +# If true, traffic will be compressed +transport.useCompression = false +# Remote port listen by frps +remotePort = 6001 +# frps will load balancing connections for proxies in same group +loadBalancer.group = "test_group" +# group should have same group key +loadBalancer.groupKey = "123456" +# Enable health check for the backend service, it supports 'tcp' and 'http' now. +# frpc will connect local service's port to detect it's healthy status +healthCheck.type = "tcp" +# Health check connection timeout +healthCheck.timeoutSeconds = 3 +# If continuous failed in 3 times, the proxy will be removed from frps +healthCheck.maxFailed = 3 +# every 10 seconds will do a health check +healthCheck.intervalSeconds = 10 +# additional meta info for each proxy +metadatas.var1 = "abc" +metadatas.var2 = "123" + +[[proxies]] +name = "ssh_random" +type = "tcp" +localIP = "192.168.31.100" +localPort = 22 +# If remote_port is 0, frps will assign a random port for you +remotePort = 0 + +[[proxies]] +name = "dns" +type = "udp" +localIP = "114.114.114.114" +localPort = 53 +remotePort = 6002 + +# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02 +[[proxies]] +name = "web01" +type = "http" +localIP = "127.0.0.1" +localPort = 80 +# http username and password are safety certification for http protocol +# if not set, you can access this custom_domains without certification +httpUser = "admin" +httpPassword = "admin" +# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com +subdomain = "web01" +customDomains = ["web01.yourdomain.com"] +# locations is only available for http type +locations = ["/", "/pic"] +# route requests to this service if http basic auto user is abc +# route_by_http_user = abc +hostHeaderRewrite = "example.com" +# params with prefix "header_" will be used to update http request headers +requestHeaders.set.x-from-where = "frp" +healthCheck.type = "http" +# frpc will send a GET http request '/status' to local http service +# http service is alive when it return 2xx http response code +healthCheck.path = "/status" +healthCheck.intervalSeconds = 10 +healthCheck.maxFailed = 3 +healthCheck.timeoutSeconds = 3 + +[[proxies]] +name = "web02" +type = "https" +localIP = "127.0.0.1" +localPort = 8000 +subdomain = "web02" +customDomains = ["web02.yourdomain.com"] +# if not empty, frpc will use proxy protocol to transfer connection info to your local service +# v1 or v2 or empty +transport.proxyProtocolVersion = "v2" + +[[proxies]] +name = "tcpmuxhttpconnect" +type = "tcpmux" +multiplexer = "httpconnect" +localIP = "127.0.0.1" +localPort = 10701 +customDomains = ["tunnel1"] +# routeByHTTPUser = "user1" + +[[proxies]] +name = "plugin_unix_domain_socket" +type = "tcp" +remotePort = 6003 +# if plugin is defined, local_ip and local_port is useless +# plugin will handle connections got from frps +[proxies.plugin] +type = "unix_domain_socket" +unixPath = "/var/run/docker.sock" + +[[proxies]] +name = "plugin_http_proxy" +type = "tcp" +remotePort = 6004 +[proxies.plugin] +type = "http_proxy" +httpUser = "abc" +httpPassword = "abc" + +[[proxies]] +name = "plugin_socks5" +type = "tcp" +remotePort = 6005 +[proxies.plugin] +type = "socks5" +username = "abc" +password = "abc" + +[[proxies]] +name = "plugin_static_file" +type = "tcp" +remotePort = 6006 +[proxies.plugin] +type = "static_file" +localPath = "/var/www/blog" +stripPrefix = "static" +httpUser = "abc" +httpPassword = "abc" + +[[proxies]] +name = "plugin_https2http" +type = "https" +customDomains = ["test.yourdomain.com"] +[proxies.plugin] +type = "https2http" +localAddr = "127.0.0.1:80" +crtPath = "./server.crt" +keyPath = "./server.key" +hostHeaderRewrite = "127.0.0.1" +requestHeaders.set.x-from-where = "frp" + +[[proxies]] +name = "plugin_https2https" +type = "https" +customDomains = ["test.yourdomain.com"] +[proxies.plugin] +type = "https2https" +localAddr = "127.0.0.1:443" +crtPath = "./server.crt" +keyPath = "./server.key" +hostHeaderRewrite = "127.0.0.1" +requestHeaders.set.x-from-where = "frp" + +[[proxies]] +name = "plugin_http2https" +type = "http" +customDomains = ["test.yourdomain.com"] +[proxies.plugin] +type = "http2https" +localAddr = "127.0.0.1:443" +hostHeaderRewrite = "127.0.0.1" +requestHeaders.set.x-from-where = "frp" + +[[proxies]] +name = "secret_tcp" +# If the type is secret tcp, remote_port is useless +# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor +type = "stcp" +# secretKey is used for authentication for visitors +secretKey = "abcdefg" +localIP = "127.0.0.1" +localPort = 22 +# If not empty, only visitors from specified users can connect. +# Otherwise, visitors from same user can connect. '*' means allow all users. +allowUsers = ["*"] + +[[proxies]] +name = "p2p_tcp" +type = "xtcp" +secretKey = "abcdefg" +localIP = "127.0.0.1" +localPort = 22 +# If not empty, only visitors from specified users can connect. +# Otherwise, visitors from same user can connect. '*' means allow all users. +allowUsers = ["user1", "user2"] + +# frpc role visitor -> frps -> frpc role server +[[visitors]] +name = "secret_tcp_visitor" +type = "stcp" +# the server name you want to visitor +serverName = "secret_tcp" +secretKey = "abcdefg" +# connect this address to visitor stcp server +bindAddr = "127.0.0.1" +# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from +# other visitors. (This is not supported for SUDP now) +bindPort = 9000 + +[[visitors]] +name = "p2p_tcp_visitor" +type = "xtcp" +# if the server user is not set, it defaults to the current user +serverUser = "user1" +serverName = "p2p_tcp" +secretKey = "abcdefg" +bindAddr = "127.0.0.1" +# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from +# other visitors. (This is not supported for SUDP now) +bindPort = 9001 +# when automatic tunnel persistence is required, set it to true +keepTunnelOpen = false +# effective when keep_tunnel_open is set to true, the number of attempts to punch through per hour +maxRetriesAnHour = 8 +minRetryInterval = 90 +# fallbackTo = "stcp_visitor" +# fallbackTimeoutMs = 500 diff --git a/conf/frps.toml b/conf/frps.toml new file mode 100644 index 00000000..59db6c9e --- /dev/null +++ b/conf/frps.toml @@ -0,0 +1,154 @@ +# A literal address or host name for IPv6 must be enclosed +# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" +# For single "bind_addr" field, no need square brackets, like "bind_addr = ::". +bindAddr = "0.0.0.0" +bindPort = 7000 + +# udp port used for kcp protocol, it can be same with 'bind_port'. +# if not set, kcp is disabled in frps. +kcpBindPort = 7000 + +# udp port used for quic protocol. +# if not set, quic is disabled in frps. +# quicBindPort = 7002 + +# Specify which address proxy will listen for, default value is same with bind_addr +# proxy_bind_addr = "127.0.0.1" + +# quic protocol options +# transport.quic.keepalivePeriod = 10 +# transport.quic.maxIdleTimeout = 30 +# transport.quic.maxIncomingStreams = 100000 + +# Heartbeat configure, it's not recommended to modify the default value +# The default value of heartbeat_timeout is 90. Set negative value to disable it. +# transport.heartbeatTimeout = 90 + +# Pool count in each proxy will keep no more than maxPoolCount. +transport.maxPoolCount = 5 + +# If tcp stream multiplexing is used, default is true +# transport.tcpMux = true + +# Specify keep alive interval for tcp mux. +# only valid if tcpMux is true. +# transport.tcpMuxKeepaliveInterval = 60 + +# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. +# If negative, keep-alive probes are disabled. +# transport.tcpKeepalive = 7200 + +# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false. +tls.force = false + +# transport.tls.certFile = "server.crt" +# transport.tls.keyFile = "server.key" +# transport.tls.trustedCaFile = "ca.crt" + +# If you want to support virtual host, you must set the http port for listening (optional) +# Note: http port and https port can be same with bind_port +vhostHTTPPort = 80 +vhostHTTPSPort = 443 + +# Response header timeout(seconds) for vhost http server, default is 60s +# vhostHTTPTimeout = 60 + +# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP +# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP +# requests on one single port. If it's not - it will listen on this value for +# HTTP CONNECT requests. By default, this value is 0. +# tcpmuxHTTPConnectPort = 1337 + +# If tcpmux_passthrough is true, frps won't do any update on traffic. +# tcpmuxPassthrough = false + +# Configure the web server to enable the dashboard for frps. +# dashboard is available only if webServer.port is set. +webServer.addr = "127.0.0.1" +webServer.port = 7500 +webServer.user = "admin" +webServer.password = "admin" +# webServer.tls.certFile = "server.crt" +# webServer.tls.keyFile = "server.key" +# dashboard assets directory(only for debug mode) +# webServer.assetsDir = "./static" + +# Enable golang pprof handlers in dashboard listener. +# Dashboard port must be set first +webServer.pprofEnable = false + +# enablePrometheus will export prometheus metrics on webServer in /metrics api. +enablePrometheus = true + +# console or real logFile path like ./frps.log +log.to = "./frps.log" +# trace, debug, info, warn, error +log.level = info +log.maxDays = 3 +# disable log colors when log.to is console, default is false +log.disablePrintColor = false + +# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true. +detailedErrorsToClient = true + +# auth.method specifies what authentication method to use authenticate frpc with frps. +# If "token" is specified - token will be read into login message. +# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token". +auth.method = "token" + +# auth.additionalScopes specifies additional scopes to include authentication information. +# Optional values are HeartBeats, NewWorkConns. +# auth.additionalScopes = ["HeartBeats", "NewWorkConns"] + +# auth token +auth.token = "12345678" + +# oidc issuer specifies the issuer to verify OIDC tokens with. +auth.oidc.issuer = "" +# oidc audience specifies the audience OIDC tokens should contain when validated. +auth.oidc.audience = "" +# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired. +auth.oidc.skipExpiryCheck = false +# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer. +auth.oidc.skipIssuerCheck = false + +# userConnTimeout specifies the maximum time to wait for a work connection. +# userConnTimeout = 10 + +# Only allow frpc to bind ports you list. By default, there won't be any limit. +allowPorts = [ + { start = 2000, end = 3000 }, + { single = 3001 }, + { single = 3003 }, + { start = 4000, end = 50000 } +] + +# Max ports can be used for each client, default value is 0 means no limit +maxPortsPerClient = 0 + +# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file +# When subdomain is est, the host used by routing is test.frps.com +subDomainHost = "frps.com" + +# custom 404 page for HTTP requests +# custom404Page = "/path/to/404.html" + +# specify udp packet size, unit is byte. If not set, the default value is 1500. +# This parameter should be same between client and server. +# It affects the udp and sudp proxy. +udpPacketSize = 1500 + +# Retention time for NAT hole punching strategy data. +natholeAnalysisDataReserveHours = 168 + +[[httpPlugins]] +name = "user-manager" +addr = "127.0.0.1:9000" +path = "/handler" +ops = ["Login"] + +[[httpPlugins]] +name = "port-manager" +addr = "127.0.0.1:9001" +path = "/handler" +ops = ["NewProxy"] diff --git a/conf/frpc_legacy_full.ini b/conf/legacy/frpc_legacy_full.ini similarity index 100% rename from conf/frpc_legacy_full.ini rename to conf/legacy/frpc_legacy_full.ini diff --git a/conf/frps_legacy_full.ini b/conf/legacy/frps_legacy_full.ini similarity index 100% rename from conf/frps_legacy_full.ini rename to conf/legacy/frps_legacy_full.ini diff --git a/doc/server_plugin.md b/doc/server_plugin.md index f4e377f4..b8fa1619 100644 --- a/doc/server_plugin.md +++ b/doc/server_plugin.md @@ -216,49 +216,50 @@ New user connection received from proxy (support `tcp`, `stcp`, `https` and `tcp ### Server Plugin Configuration -```ini -# frps.ini -[common] -bind_port = 7000 +```toml +# frps.toml +bindPort = 7000 -[plugin.user-manager] -addr = 127.0.0.1:9000 -path = /handler -ops = Login +[[httpPlugins]] +name = "user-manager" +addr = "127.0.0.1:9000" +path = "/handler" +ops = ["Login"] -[plugin.port-manager] -addr = 127.0.0.1:9001 -path = /handler -ops = NewProxy +[[httpPlugins]] +name = "port-manager" +addr = "127.0.0.1:9001" +path = "/handler" +ops = ["NewProxy"] ``` -- addr: the address where the external RPC service listens. Defaults to http. For https, specify the schema: `addr = https://127.0.0.1:9001`. +- addr: the address where the external RPC service listens. Defaults to http. For https, specify the schema: `addr = "https://127.0.0.1:9001"`. - path: http request url path for the POST request. - ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...). -- tls_verify: When the schema is https, we verify by default. Set this value to false if you want to skip verification. +- tlsVerify: When the schema is https, we verify by default. Set this value to false if you want to skip verification. ### Metadata Metadata will be sent to the server plugin in each RPC request. -There are 2 types of metadata entries - 1 under `[common]` and the other under each proxy configuration. -Metadata entries under `[common]` will be sent in `Login` under the key `metas`, and in any other RPC request under `user.metas`. +There are 2 types of metadata entries - global one and the other under each proxy configuration. +Global metadata entries will be sent in `Login` under the key `metas`, and in any other RPC request under `user.metas`. Metadata entries under each proxy configuration will be sent in `NewProxy` op only, under `metas`. -Metadata entries start with `meta_`. This is an example of metadata entries in `[common]` and under the proxy named `[ssh]`: +This is an example of metadata entries: -``` -# frpc.ini -[common] -server_addr = 127.0.0.1 -server_port = 7000 -user = fake -meta_token = fake -meta_version = 1.0.0 +```toml +# frpc.toml +serverAddr = "127.0.0.1" +serverPort = 7000 +user = "fake" +metadatas.token = "fake" +metadatas.version = "1.0.0" -[ssh] -type = tcp -local_port = 22 -remote_port = 6000 -meta_id = 123 +[[proxies]] +name = "ssh" +type = "tcp" +localPort = 22 +remotePort = 6000 +metadatas.id = "123" ``` diff --git a/package.sh b/package.sh index 1a63a4e8..f3b220b6 100755 --- a/package.sh +++ b/package.sh @@ -47,6 +47,7 @@ for os in $os_all; do fi cp ../LICENSE ${frp_path} cp -rf ../conf/* ${frp_path} + rm -rf ${frp_path}/legacy # packages cd ./packages diff --git a/pkg/config/legacy/client.go b/pkg/config/legacy/client.go index 92d3a956..f7257cb5 100644 --- a/pkg/config/legacy/client.go +++ b/pkg/config/legacy/client.go @@ -123,9 +123,9 @@ type ClientCommonConf struct { // is "tcp". Protocol string `ini:"protocol" json:"protocol"` // QUIC protocol options - QUICKeepalivePeriod int `ini:"quic_keepalive_period" json:"quic_keepalive_period" validate:"gte=0"` - QUICMaxIdleTimeout int `ini:"quic_max_idle_timeout" json:"quic_max_idle_timeout" validate:"gte=0"` - QUICMaxIncomingStreams int `ini:"quic_max_incoming_streams" json:"quic_max_incoming_streams" validate:"gte=0"` + QUICKeepalivePeriod int `ini:"quic_keepalive_period" json:"quic_keepalive_period"` + QUICMaxIdleTimeout int `ini:"quic_max_idle_timeout" json:"quic_max_idle_timeout"` + QUICMaxIncomingStreams int `ini:"quic_max_incoming_streams" json:"quic_max_incoming_streams"` // TLSEnable specifies whether or not TLS should be used when communicating // with the server. If "tls_cert_file" and "tls_key_file" are valid, // client will load the supplied tls configuration. diff --git a/pkg/config/legacy/server.go b/pkg/config/legacy/server.go index a10db34b..acdb93b4 100644 --- a/pkg/config/legacy/server.go +++ b/pkg/config/legacy/server.go @@ -41,35 +41,35 @@ type ServerCommonConf struct { BindAddr string `ini:"bind_addr" json:"bind_addr"` // BindPort specifies the port that the server listens on. By default, this // value is 7000. - BindPort int `ini:"bind_port" json:"bind_port" validate:"gte=0,lte=65535"` + BindPort int `ini:"bind_port" json:"bind_port"` // KCPBindPort specifies the KCP port that the server listens on. If this // value is 0, the server will not listen for KCP connections. By default, // this value is 0. - KCPBindPort int `ini:"kcp_bind_port" json:"kcp_bind_port" validate:"gte=0,lte=65535"` + KCPBindPort int `ini:"kcp_bind_port" json:"kcp_bind_port"` // QUICBindPort specifies the QUIC port that the server listens on. // Set this value to 0 will disable this feature. // By default, the value is 0. - QUICBindPort int `ini:"quic_bind_port" json:"quic_bind_port" validate:"gte=0,lte=65535"` + QUICBindPort int `ini:"quic_bind_port" json:"quic_bind_port"` // QUIC protocol options - QUICKeepalivePeriod int `ini:"quic_keepalive_period" json:"quic_keepalive_period" validate:"gte=0"` - QUICMaxIdleTimeout int `ini:"quic_max_idle_timeout" json:"quic_max_idle_timeout" validate:"gte=0"` - QUICMaxIncomingStreams int `ini:"quic_max_incoming_streams" json:"quic_max_incoming_streams" validate:"gte=0"` + QUICKeepalivePeriod int `ini:"quic_keepalive_period" json:"quic_keepalive_period"` + QUICMaxIdleTimeout int `ini:"quic_max_idle_timeout" json:"quic_max_idle_timeout"` + QUICMaxIncomingStreams int `ini:"quic_max_incoming_streams" json:"quic_max_incoming_streams"` // ProxyBindAddr specifies the address that the proxy binds to. This value // may be the same as BindAddr. ProxyBindAddr string `ini:"proxy_bind_addr" json:"proxy_bind_addr"` // VhostHTTPPort specifies the port that the server listens for HTTP Vhost // requests. If this value is 0, the server will not listen for HTTP // requests. By default, this value is 0. - VhostHTTPPort int `ini:"vhost_http_port" json:"vhost_http_port" validate:"gte=0,lte=65535"` + VhostHTTPPort int `ini:"vhost_http_port" json:"vhost_http_port"` // VhostHTTPSPort specifies the port that the server listens for HTTPS // Vhost requests. If this value is 0, the server will not listen for HTTPS // requests. By default, this value is 0. - VhostHTTPSPort int `ini:"vhost_https_port" json:"vhost_https_port" validate:"gte=0,lte=65535"` + VhostHTTPSPort int `ini:"vhost_https_port" json:"vhost_https_port"` // TCPMuxHTTPConnectPort specifies the port that the server listens for TCP // HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP // requests on one single port. If it's not - it will listen on this value for // HTTP CONNECT requests. By default, this value is 0. - TCPMuxHTTPConnectPort int `ini:"tcpmux_httpconnect_port" json:"tcpmux_httpconnect_port" validate:"gte=0,lte=65535"` + TCPMuxHTTPConnectPort int `ini:"tcpmux_httpconnect_port" json:"tcpmux_httpconnect_port"` // If TCPMuxPassthrough is true, frps won't do any update on traffic. TCPMuxPassthrough bool `ini:"tcpmux_passthrough" json:"tcpmux_passthrough"` // VhostHTTPTimeout specifies the response header timeout for the Vhost @@ -81,7 +81,7 @@ type ServerCommonConf struct { // DashboardPort specifies the port that the dashboard listens on. If this // value is 0, the dashboard will not be started. By default, this value is // 0. - DashboardPort int `ini:"dashboard_port" json:"dashboard_port" validate:"gte=0,lte=65535"` + DashboardPort int `ini:"dashboard_port" json:"dashboard_port"` // DashboardTLSCertFile specifies the path of the cert file that the server will // load. If "dashboard_tls_cert_file", "dashboard_tls_key_file" are valid, the server will use this // supplied tls configuration. diff --git a/pkg/config/load_test.go b/pkg/config/load_test.go new file mode 100644 index 00000000..eab4ba96 --- /dev/null +++ b/pkg/config/load_test.go @@ -0,0 +1,45 @@ +// Copyright 2023 The frp Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package config + +import ( + "testing" + + "github.com/stretchr/testify/require" + + v1 "github.com/fatedier/frp/pkg/config/v1" +) + +func TestLoadConfigure(t *testing.T) { + require := require.New(t) + content := ` +bindAddr = "127.0.0.1" +kcpBindPort = 7000 +quicBindPort = 7001 +tcpmuxHTTPConnectPort = 7005 +custom404Page = "/abc.html" +transport.tcpKeepalive = 10 +` + + svrCfg := v1.ServerConfig{} + err := LoadConfigure([]byte(content), &svrCfg) + require.NoError(err) + require.EqualValues("127.0.0.1", svrCfg.BindAddr) + require.EqualValues(7000, svrCfg.KCPBindPort) + require.EqualValues(7001, svrCfg.QUICBindPort) + require.EqualValues(7005, svrCfg.TCPMuxHTTPConnectPort) + require.EqualValues("/abc.html", svrCfg.Custom404Page) + require.EqualValues(10, svrCfg.Transport.TCPKeepAlive) +} diff --git a/pkg/config/v1/common.go b/pkg/config/v1/common.go index be4e39a0..119c024c 100644 --- a/pkg/config/v1/common.go +++ b/pkg/config/v1/common.go @@ -34,9 +34,9 @@ const ( // QUIC protocol options type QUICOptions struct { - KeepalivePeriod int `json:"quicKeepalivePeriod,omitempty" validate:"gte=0"` - MaxIdleTimeout int `json:"quicMaxIdleTimeout,omitempty" validate:"gte=0"` - MaxIncomingStreams int `json:"quicMaxIncomingStreams,omitempty" validate:"gte=0"` + KeepalivePeriod int `json:"keepalivePeriod,omitempty"` + MaxIdleTimeout int `json:"maxIdleTimeout,omitempty"` + MaxIncomingStreams int `json:"maxIncomingStreams,omitempty"` } func (c *QUICOptions) Complete() { diff --git a/pkg/config/v1/proxy.go b/pkg/config/v1/proxy.go index dc09c6b9..41bb1341 100644 --- a/pkg/config/v1/proxy.go +++ b/pkg/config/v1/proxy.go @@ -278,7 +278,7 @@ type HTTPProxyConfig struct { HTTPPassword string `json:"httpPassword,omitempty"` HostHeaderRewrite string `json:"hostHeaderRewrite,omitempty"` RequestHeaders HeaderOperations `json:"requestHeaders,omitempty"` - RouteByHTTPUser string `json:"routeByHttpUser,omitempty"` + RouteByHTTPUser string `json:"routeByHTTPUser,omitempty"` } func (c *HTTPProxyConfig) MarshalToMsg(m *msg.NewProxy) { @@ -342,7 +342,7 @@ type TCPMuxProxyConfig struct { HTTPUser string `json:"httpUser,omitempty"` HTTPPassword string `json:"httpPassword,omitempty"` - RouteByHTTPUser string `json:"routeByHttpUser,omitempty"` + RouteByHTTPUser string `json:"routeByHTTPUser,omitempty"` Multiplexer string `json:"multiplexer,omitempty"` } diff --git a/pkg/config/v1/server.go b/pkg/config/v1/server.go index 380bd2d9..5648d249 100644 --- a/pkg/config/v1/server.go +++ b/pkg/config/v1/server.go @@ -62,7 +62,7 @@ type ServerConfig struct { // requested by the client when using Vhost proxying. For example, if this // value is set to "frps.com" and the client requested the subdomain // "test", the resulting URL would be "test.frps.com". - SubDomainHost string `json:"subdomainHost,omitempty"` + SubDomainHost string `json:"subDomainHost,omitempty"` // Custom404Page specifies a path to a custom 404 page to display. If this // value is "", a default page will be displayed. Custom404Page string `json:"custom404Page,omitempty"` diff --git a/pkg/util/version/version.go b/pkg/util/version/version.go index 32a94580..32b31837 100644 --- a/pkg/util/version/version.go +++ b/pkg/util/version/version.go @@ -19,7 +19,7 @@ import ( "strings" ) -var version = "0.51.3" +var version = "0.52.0" func Full() string { return version diff --git a/web/frps/auto-imports.d.ts b/web/frps/auto-imports.d.ts index 08908edd..afc379b3 100644 --- a/web/frps/auto-imports.d.ts +++ b/web/frps/auto-imports.d.ts @@ -1,5 +1,3 @@ // Generated by 'unplugin-auto-import' export {} -declare global { - -} +declare global {}