mirror of
https://github.com/fatedier/frp.git
synced 2024-12-04 22:01:43 +01:00
update confugration examples and README (#3650)
This commit is contained in:
parent
21d8e674f0
commit
3ae1a4f45a
@ -90,10 +90,6 @@ frp 是一个免费且开源的项目,我们欢迎任何人为其开发和进
|
|||||||
|
|
||||||
![zsxq](/doc/pic/zsxq.jpg)
|
![zsxq](/doc/pic/zsxq.jpg)
|
||||||
|
|
||||||
### 支付宝扫码捐赠
|
|
||||||
|
|
||||||
![donate-alipay](/doc/pic/donate-alipay.png)
|
|
||||||
|
|
||||||
### 微信支付捐赠
|
### 微信支付捐赠
|
||||||
|
|
||||||
![donate-wechatpay](/doc/pic/donate-wechatpay.png)
|
![donate-wechatpay](/doc/pic/donate-wechatpay.png)
|
||||||
|
@ -6,3 +6,4 @@
|
|||||||
|
|
||||||
* Change the way to start the visitor through the command line from `frpc stcp --role=visitor xxx` to `frpc stcp visitor xxx`.
|
* Change the way to start the visitor through the command line from `frpc stcp --role=visitor xxx` to `frpc stcp visitor xxx`.
|
||||||
* Modified the semantics of the `server_addr` in the command line, no longer including the port. Added the `server_port` parameter to configure the port.
|
* Modified the semantics of the `server_addr` in the command line, no longer including the port. Added the `server_port` parameter to configure the port.
|
||||||
|
* No longer support range ports mapping in TOML/YAML/JSON.
|
||||||
|
360
conf/frpc.toml
Normal file
360
conf/frpc.toml
Normal file
@ -0,0 +1,360 @@
|
|||||||
|
# your proxy name will be changed to {user}.{proxy}
|
||||||
|
user = "your_name"
|
||||||
|
|
||||||
|
# A literal address or host name for IPv6 must be enclosed
|
||||||
|
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
|
||||||
|
# For single serverAddr field, no need square brackets, like serverAddr = "::".
|
||||||
|
serverAddr = "0.0.0.0"
|
||||||
|
serverPort = 7000
|
||||||
|
|
||||||
|
# STUN server to help penetrate NAT hole.
|
||||||
|
# natHoleStunServer = "stun.easyvoip.com:3478"
|
||||||
|
|
||||||
|
# Decide if exit program when first login failed, otherwise continuous relogin to frps
|
||||||
|
# default is true
|
||||||
|
loginFailExit = true
|
||||||
|
|
||||||
|
# console or real logFile path like ./frpc.log
|
||||||
|
log.to = "./frpc.log"
|
||||||
|
# trace, debug, info, warn, error
|
||||||
|
log.level = "info"
|
||||||
|
log.maxDays = 3
|
||||||
|
# disable log colors when log.to is console, default is false
|
||||||
|
log.disablePrintColor = false
|
||||||
|
|
||||||
|
auth.method = "token"
|
||||||
|
# auth.additionalScopes specifies additional scopes to include authentication information.
|
||||||
|
# Optional values are HeartBeats, NewWorkConns.
|
||||||
|
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
|
||||||
|
|
||||||
|
# auth token
|
||||||
|
auth.token = "12345678"
|
||||||
|
|
||||||
|
# oidc.clientID specifies the client ID to use to get a token in OIDC authentication.
|
||||||
|
# auth.oidc.clientID = ""
|
||||||
|
# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication.
|
||||||
|
# auth.oidc.clientSecret = ""
|
||||||
|
# oidc.audience specifies the audience of the token in OIDC authentication.
|
||||||
|
# auth.oidc.audience = ""
|
||||||
|
# oidc_scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
|
||||||
|
# auth.oidc.scope = ""
|
||||||
|
# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
|
||||||
|
# It will be used to get an OIDC token.
|
||||||
|
# auth.oidc.tokenEndpointURL = ""
|
||||||
|
|
||||||
|
# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint.
|
||||||
|
# For example, if you want to specify the "audience" parameter, you can set as follow.
|
||||||
|
# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
|
||||||
|
# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/"
|
||||||
|
# auth.oidc.additionalEndpointParams.var1 = "foobar"
|
||||||
|
|
||||||
|
# Set admin address for control frpc's action by http api such as reload
|
||||||
|
webServer.addr = "127.0.0.1"
|
||||||
|
webServer.port = 7400
|
||||||
|
webServer.user = "admin"
|
||||||
|
webServer.password = "admin"
|
||||||
|
# Admin assets directory. By default, these assets are bundled with frpc.
|
||||||
|
# webServer.assetsDir = "./static"
|
||||||
|
|
||||||
|
# Enable golang pprof handlers in admin listener.
|
||||||
|
webServer.pprofEnable = false
|
||||||
|
|
||||||
|
# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.
|
||||||
|
# transport.dialServerTimeout = 10
|
||||||
|
|
||||||
|
# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
|
||||||
|
# If negative, keep-alive probes are disabled.
|
||||||
|
# transport.dialServerKeepalive = 7200
|
||||||
|
|
||||||
|
# connections will be established in advance, default value is zero
|
||||||
|
transport.poolCount = 5
|
||||||
|
|
||||||
|
# If tcp stream multiplexing is used, default is true, it must be same with frps
|
||||||
|
# transport.tcpMux = true
|
||||||
|
|
||||||
|
# Specify keep alive interval for tcp mux.
|
||||||
|
# only valid if tcpMux is enabled.
|
||||||
|
# transport.tcpMuxKeepaliveInterval = 60
|
||||||
|
|
||||||
|
# Communication protocol used to connect to server
|
||||||
|
# supports tcp, kcp, quic, websocket and wss now, default is tcp
|
||||||
|
transport.protocol = "tcp"
|
||||||
|
|
||||||
|
# set client binding ip when connect server, default is empty.
|
||||||
|
# only when protocol = tcp or websocket, the value will be used.
|
||||||
|
transport.connectServerLocalIP = "0.0.0.0"
|
||||||
|
|
||||||
|
# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables
|
||||||
|
# it only works when protocol is tcp
|
||||||
|
# transport.proxyURL = "http://user:passwd@192.168.1.128:8080"
|
||||||
|
# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080"
|
||||||
|
# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080"
|
||||||
|
|
||||||
|
# quic protocol options
|
||||||
|
# transport.quic.keepalivePeriod = 10
|
||||||
|
# transport.quic.maxIdleTimeout = 30
|
||||||
|
# transport.quic.maxIncomingStreams = 100000
|
||||||
|
|
||||||
|
# If tls.enable is true, frpc will connect frps by tls.
|
||||||
|
# Since v0.50.0, the default value has been changed to true, and tls is enabled by default.
|
||||||
|
transport.tls.enable = true
|
||||||
|
|
||||||
|
# transport.tls.certFile = "client.crt"
|
||||||
|
# transport.tls.keyFile = "client.key"
|
||||||
|
# transport.tls.trustedCaFile = "ca.crt"
|
||||||
|
# transport.tls.serverName = "example.com"
|
||||||
|
|
||||||
|
# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the
|
||||||
|
# first custom byte when tls is enabled.
|
||||||
|
# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.
|
||||||
|
# transport.tls.disableCustomTLSFirstByte = true
|
||||||
|
|
||||||
|
# Heartbeat configure, it's not recommended to modify the default value.
|
||||||
|
# The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value
|
||||||
|
# to disable it.
|
||||||
|
# transport.heartbeatInterval = 30
|
||||||
|
# transport.heartbeatTimeout = 90
|
||||||
|
|
||||||
|
# Specify a dns server, so frpc will use this instead of default one
|
||||||
|
# dnsServer = "8.8.8.8"
|
||||||
|
|
||||||
|
# Proxy names you want to start.
|
||||||
|
# Default is empty, means all proxies.
|
||||||
|
# start = ["ssh", "dns"]
|
||||||
|
|
||||||
|
# Specify udp packet size, unit is byte. If not set, the default value is 1500.
|
||||||
|
# This parameter should be same between client and server.
|
||||||
|
# It affects the udp and sudp proxy.
|
||||||
|
udpPacketSize = 1500
|
||||||
|
|
||||||
|
# Additional metadatas for client.
|
||||||
|
metadatas.var1 = "abc"
|
||||||
|
metadatas.var2 = "123"
|
||||||
|
|
||||||
|
# Include other config files for proxies.
|
||||||
|
# includes = ["./confd/*.ini"]
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
# 'ssh' is the unique proxy name
|
||||||
|
# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
|
||||||
|
name = "ssh"
|
||||||
|
type = "tcp"
|
||||||
|
localIP = "127.0.0.1"
|
||||||
|
localPort = 22
|
||||||
|
# Limit bandwidth for this proxy, unit is KB and MB
|
||||||
|
transport.bandwidthLimit = "1MB"
|
||||||
|
# Where to limit bandwidth, can be 'client' or 'server', default is 'client'
|
||||||
|
transport.bandwidthLimitMode = "client"
|
||||||
|
# If true, traffic of this proxy will be encrypted, default is false
|
||||||
|
transport.useEncryption = false
|
||||||
|
# If true, traffic will be compressed
|
||||||
|
transport.useCompression = false
|
||||||
|
# Remote port listen by frps
|
||||||
|
remotePort = 6001
|
||||||
|
# frps will load balancing connections for proxies in same group
|
||||||
|
loadBalancer.group = "test_group"
|
||||||
|
# group should have same group key
|
||||||
|
loadBalancer.groupKey = "123456"
|
||||||
|
# Enable health check for the backend service, it supports 'tcp' and 'http' now.
|
||||||
|
# frpc will connect local service's port to detect it's healthy status
|
||||||
|
healthCheck.type = "tcp"
|
||||||
|
# Health check connection timeout
|
||||||
|
healthCheck.timeoutSeconds = 3
|
||||||
|
# If continuous failed in 3 times, the proxy will be removed from frps
|
||||||
|
healthCheck.maxFailed = 3
|
||||||
|
# every 10 seconds will do a health check
|
||||||
|
healthCheck.intervalSeconds = 10
|
||||||
|
# additional meta info for each proxy
|
||||||
|
metadatas.var1 = "abc"
|
||||||
|
metadatas.var2 = "123"
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "ssh_random"
|
||||||
|
type = "tcp"
|
||||||
|
localIP = "192.168.31.100"
|
||||||
|
localPort = 22
|
||||||
|
# If remote_port is 0, frps will assign a random port for you
|
||||||
|
remotePort = 0
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "dns"
|
||||||
|
type = "udp"
|
||||||
|
localIP = "114.114.114.114"
|
||||||
|
localPort = 53
|
||||||
|
remotePort = 6002
|
||||||
|
|
||||||
|
# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
|
||||||
|
[[proxies]]
|
||||||
|
name = "web01"
|
||||||
|
type = "http"
|
||||||
|
localIP = "127.0.0.1"
|
||||||
|
localPort = 80
|
||||||
|
# http username and password are safety certification for http protocol
|
||||||
|
# if not set, you can access this custom_domains without certification
|
||||||
|
httpUser = "admin"
|
||||||
|
httpPassword = "admin"
|
||||||
|
# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
|
||||||
|
subdomain = "web01"
|
||||||
|
customDomains = ["web01.yourdomain.com"]
|
||||||
|
# locations is only available for http type
|
||||||
|
locations = ["/", "/pic"]
|
||||||
|
# route requests to this service if http basic auto user is abc
|
||||||
|
# route_by_http_user = abc
|
||||||
|
hostHeaderRewrite = "example.com"
|
||||||
|
# params with prefix "header_" will be used to update http request headers
|
||||||
|
requestHeaders.set.x-from-where = "frp"
|
||||||
|
healthCheck.type = "http"
|
||||||
|
# frpc will send a GET http request '/status' to local http service
|
||||||
|
# http service is alive when it return 2xx http response code
|
||||||
|
healthCheck.path = "/status"
|
||||||
|
healthCheck.intervalSeconds = 10
|
||||||
|
healthCheck.maxFailed = 3
|
||||||
|
healthCheck.timeoutSeconds = 3
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "web02"
|
||||||
|
type = "https"
|
||||||
|
localIP = "127.0.0.1"
|
||||||
|
localPort = 8000
|
||||||
|
subdomain = "web02"
|
||||||
|
customDomains = ["web02.yourdomain.com"]
|
||||||
|
# if not empty, frpc will use proxy protocol to transfer connection info to your local service
|
||||||
|
# v1 or v2 or empty
|
||||||
|
transport.proxyProtocolVersion = "v2"
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "tcpmuxhttpconnect"
|
||||||
|
type = "tcpmux"
|
||||||
|
multiplexer = "httpconnect"
|
||||||
|
localIP = "127.0.0.1"
|
||||||
|
localPort = 10701
|
||||||
|
customDomains = ["tunnel1"]
|
||||||
|
# routeByHTTPUser = "user1"
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "plugin_unix_domain_socket"
|
||||||
|
type = "tcp"
|
||||||
|
remotePort = 6003
|
||||||
|
# if plugin is defined, local_ip and local_port is useless
|
||||||
|
# plugin will handle connections got from frps
|
||||||
|
[proxies.plugin]
|
||||||
|
type = "unix_domain_socket"
|
||||||
|
unixPath = "/var/run/docker.sock"
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "plugin_http_proxy"
|
||||||
|
type = "tcp"
|
||||||
|
remotePort = 6004
|
||||||
|
[proxies.plugin]
|
||||||
|
type = "http_proxy"
|
||||||
|
httpUser = "abc"
|
||||||
|
httpPassword = "abc"
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "plugin_socks5"
|
||||||
|
type = "tcp"
|
||||||
|
remotePort = 6005
|
||||||
|
[proxies.plugin]
|
||||||
|
type = "socks5"
|
||||||
|
username = "abc"
|
||||||
|
password = "abc"
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "plugin_static_file"
|
||||||
|
type = "tcp"
|
||||||
|
remotePort = 6006
|
||||||
|
[proxies.plugin]
|
||||||
|
type = "static_file"
|
||||||
|
localPath = "/var/www/blog"
|
||||||
|
stripPrefix = "static"
|
||||||
|
httpUser = "abc"
|
||||||
|
httpPassword = "abc"
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "plugin_https2http"
|
||||||
|
type = "https"
|
||||||
|
customDomains = ["test.yourdomain.com"]
|
||||||
|
[proxies.plugin]
|
||||||
|
type = "https2http"
|
||||||
|
localAddr = "127.0.0.1:80"
|
||||||
|
crtPath = "./server.crt"
|
||||||
|
keyPath = "./server.key"
|
||||||
|
hostHeaderRewrite = "127.0.0.1"
|
||||||
|
requestHeaders.set.x-from-where = "frp"
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "plugin_https2https"
|
||||||
|
type = "https"
|
||||||
|
customDomains = ["test.yourdomain.com"]
|
||||||
|
[proxies.plugin]
|
||||||
|
type = "https2https"
|
||||||
|
localAddr = "127.0.0.1:443"
|
||||||
|
crtPath = "./server.crt"
|
||||||
|
keyPath = "./server.key"
|
||||||
|
hostHeaderRewrite = "127.0.0.1"
|
||||||
|
requestHeaders.set.x-from-where = "frp"
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "plugin_http2https"
|
||||||
|
type = "http"
|
||||||
|
customDomains = ["test.yourdomain.com"]
|
||||||
|
[proxies.plugin]
|
||||||
|
type = "http2https"
|
||||||
|
localAddr = "127.0.0.1:443"
|
||||||
|
hostHeaderRewrite = "127.0.0.1"
|
||||||
|
requestHeaders.set.x-from-where = "frp"
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "secret_tcp"
|
||||||
|
# If the type is secret tcp, remote_port is useless
|
||||||
|
# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
|
||||||
|
type = "stcp"
|
||||||
|
# secretKey is used for authentication for visitors
|
||||||
|
secretKey = "abcdefg"
|
||||||
|
localIP = "127.0.0.1"
|
||||||
|
localPort = 22
|
||||||
|
# If not empty, only visitors from specified users can connect.
|
||||||
|
# Otherwise, visitors from same user can connect. '*' means allow all users.
|
||||||
|
allowUsers = ["*"]
|
||||||
|
|
||||||
|
[[proxies]]
|
||||||
|
name = "p2p_tcp"
|
||||||
|
type = "xtcp"
|
||||||
|
secretKey = "abcdefg"
|
||||||
|
localIP = "127.0.0.1"
|
||||||
|
localPort = 22
|
||||||
|
# If not empty, only visitors from specified users can connect.
|
||||||
|
# Otherwise, visitors from same user can connect. '*' means allow all users.
|
||||||
|
allowUsers = ["user1", "user2"]
|
||||||
|
|
||||||
|
# frpc role visitor -> frps -> frpc role server
|
||||||
|
[[visitors]]
|
||||||
|
name = "secret_tcp_visitor"
|
||||||
|
type = "stcp"
|
||||||
|
# the server name you want to visitor
|
||||||
|
serverName = "secret_tcp"
|
||||||
|
secretKey = "abcdefg"
|
||||||
|
# connect this address to visitor stcp server
|
||||||
|
bindAddr = "127.0.0.1"
|
||||||
|
# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
|
||||||
|
# other visitors. (This is not supported for SUDP now)
|
||||||
|
bindPort = 9000
|
||||||
|
|
||||||
|
[[visitors]]
|
||||||
|
name = "p2p_tcp_visitor"
|
||||||
|
type = "xtcp"
|
||||||
|
# if the server user is not set, it defaults to the current user
|
||||||
|
serverUser = "user1"
|
||||||
|
serverName = "p2p_tcp"
|
||||||
|
secretKey = "abcdefg"
|
||||||
|
bindAddr = "127.0.0.1"
|
||||||
|
# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
|
||||||
|
# other visitors. (This is not supported for SUDP now)
|
||||||
|
bindPort = 9001
|
||||||
|
# when automatic tunnel persistence is required, set it to true
|
||||||
|
keepTunnelOpen = false
|
||||||
|
# effective when keep_tunnel_open is set to true, the number of attempts to punch through per hour
|
||||||
|
maxRetriesAnHour = 8
|
||||||
|
minRetryInterval = 90
|
||||||
|
# fallbackTo = "stcp_visitor"
|
||||||
|
# fallbackTimeoutMs = 500
|
154
conf/frps.toml
Normal file
154
conf/frps.toml
Normal file
@ -0,0 +1,154 @@
|
|||||||
|
# A literal address or host name for IPv6 must be enclosed
|
||||||
|
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
|
||||||
|
# For single "bind_addr" field, no need square brackets, like "bind_addr = ::".
|
||||||
|
bindAddr = "0.0.0.0"
|
||||||
|
bindPort = 7000
|
||||||
|
|
||||||
|
# udp port used for kcp protocol, it can be same with 'bind_port'.
|
||||||
|
# if not set, kcp is disabled in frps.
|
||||||
|
kcpBindPort = 7000
|
||||||
|
|
||||||
|
# udp port used for quic protocol.
|
||||||
|
# if not set, quic is disabled in frps.
|
||||||
|
# quicBindPort = 7002
|
||||||
|
|
||||||
|
# Specify which address proxy will listen for, default value is same with bind_addr
|
||||||
|
# proxy_bind_addr = "127.0.0.1"
|
||||||
|
|
||||||
|
# quic protocol options
|
||||||
|
# transport.quic.keepalivePeriod = 10
|
||||||
|
# transport.quic.maxIdleTimeout = 30
|
||||||
|
# transport.quic.maxIncomingStreams = 100000
|
||||||
|
|
||||||
|
# Heartbeat configure, it's not recommended to modify the default value
|
||||||
|
# The default value of heartbeat_timeout is 90. Set negative value to disable it.
|
||||||
|
# transport.heartbeatTimeout = 90
|
||||||
|
|
||||||
|
# Pool count in each proxy will keep no more than maxPoolCount.
|
||||||
|
transport.maxPoolCount = 5
|
||||||
|
|
||||||
|
# If tcp stream multiplexing is used, default is true
|
||||||
|
# transport.tcpMux = true
|
||||||
|
|
||||||
|
# Specify keep alive interval for tcp mux.
|
||||||
|
# only valid if tcpMux is true.
|
||||||
|
# transport.tcpMuxKeepaliveInterval = 60
|
||||||
|
|
||||||
|
# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
|
||||||
|
# If negative, keep-alive probes are disabled.
|
||||||
|
# transport.tcpKeepalive = 7200
|
||||||
|
|
||||||
|
# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false.
|
||||||
|
tls.force = false
|
||||||
|
|
||||||
|
# transport.tls.certFile = "server.crt"
|
||||||
|
# transport.tls.keyFile = "server.key"
|
||||||
|
# transport.tls.trustedCaFile = "ca.crt"
|
||||||
|
|
||||||
|
# If you want to support virtual host, you must set the http port for listening (optional)
|
||||||
|
# Note: http port and https port can be same with bind_port
|
||||||
|
vhostHTTPPort = 80
|
||||||
|
vhostHTTPSPort = 443
|
||||||
|
|
||||||
|
# Response header timeout(seconds) for vhost http server, default is 60s
|
||||||
|
# vhostHTTPTimeout = 60
|
||||||
|
|
||||||
|
# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP
|
||||||
|
# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
|
||||||
|
# requests on one single port. If it's not - it will listen on this value for
|
||||||
|
# HTTP CONNECT requests. By default, this value is 0.
|
||||||
|
# tcpmuxHTTPConnectPort = 1337
|
||||||
|
|
||||||
|
# If tcpmux_passthrough is true, frps won't do any update on traffic.
|
||||||
|
# tcpmuxPassthrough = false
|
||||||
|
|
||||||
|
# Configure the web server to enable the dashboard for frps.
|
||||||
|
# dashboard is available only if webServer.port is set.
|
||||||
|
webServer.addr = "127.0.0.1"
|
||||||
|
webServer.port = 7500
|
||||||
|
webServer.user = "admin"
|
||||||
|
webServer.password = "admin"
|
||||||
|
# webServer.tls.certFile = "server.crt"
|
||||||
|
# webServer.tls.keyFile = "server.key"
|
||||||
|
# dashboard assets directory(only for debug mode)
|
||||||
|
# webServer.assetsDir = "./static"
|
||||||
|
|
||||||
|
# Enable golang pprof handlers in dashboard listener.
|
||||||
|
# Dashboard port must be set first
|
||||||
|
webServer.pprofEnable = false
|
||||||
|
|
||||||
|
# enablePrometheus will export prometheus metrics on webServer in /metrics api.
|
||||||
|
enablePrometheus = true
|
||||||
|
|
||||||
|
# console or real logFile path like ./frps.log
|
||||||
|
log.to = "./frps.log"
|
||||||
|
# trace, debug, info, warn, error
|
||||||
|
log.level = info
|
||||||
|
log.maxDays = 3
|
||||||
|
# disable log colors when log.to is console, default is false
|
||||||
|
log.disablePrintColor = false
|
||||||
|
|
||||||
|
# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
|
||||||
|
detailedErrorsToClient = true
|
||||||
|
|
||||||
|
# auth.method specifies what authentication method to use authenticate frpc with frps.
|
||||||
|
# If "token" is specified - token will be read into login message.
|
||||||
|
# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
|
||||||
|
auth.method = "token"
|
||||||
|
|
||||||
|
# auth.additionalScopes specifies additional scopes to include authentication information.
|
||||||
|
# Optional values are HeartBeats, NewWorkConns.
|
||||||
|
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
|
||||||
|
|
||||||
|
# auth token
|
||||||
|
auth.token = "12345678"
|
||||||
|
|
||||||
|
# oidc issuer specifies the issuer to verify OIDC tokens with.
|
||||||
|
auth.oidc.issuer = ""
|
||||||
|
# oidc audience specifies the audience OIDC tokens should contain when validated.
|
||||||
|
auth.oidc.audience = ""
|
||||||
|
# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired.
|
||||||
|
auth.oidc.skipExpiryCheck = false
|
||||||
|
# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
|
||||||
|
auth.oidc.skipIssuerCheck = false
|
||||||
|
|
||||||
|
# userConnTimeout specifies the maximum time to wait for a work connection.
|
||||||
|
# userConnTimeout = 10
|
||||||
|
|
||||||
|
# Only allow frpc to bind ports you list. By default, there won't be any limit.
|
||||||
|
allowPorts = [
|
||||||
|
{ start = 2000, end = 3000 },
|
||||||
|
{ single = 3001 },
|
||||||
|
{ single = 3003 },
|
||||||
|
{ start = 4000, end = 50000 }
|
||||||
|
]
|
||||||
|
|
||||||
|
# Max ports can be used for each client, default value is 0 means no limit
|
||||||
|
maxPortsPerClient = 0
|
||||||
|
|
||||||
|
# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file
|
||||||
|
# When subdomain is est, the host used by routing is test.frps.com
|
||||||
|
subDomainHost = "frps.com"
|
||||||
|
|
||||||
|
# custom 404 page for HTTP requests
|
||||||
|
# custom404Page = "/path/to/404.html"
|
||||||
|
|
||||||
|
# specify udp packet size, unit is byte. If not set, the default value is 1500.
|
||||||
|
# This parameter should be same between client and server.
|
||||||
|
# It affects the udp and sudp proxy.
|
||||||
|
udpPacketSize = 1500
|
||||||
|
|
||||||
|
# Retention time for NAT hole punching strategy data.
|
||||||
|
natholeAnalysisDataReserveHours = 168
|
||||||
|
|
||||||
|
[[httpPlugins]]
|
||||||
|
name = "user-manager"
|
||||||
|
addr = "127.0.0.1:9000"
|
||||||
|
path = "/handler"
|
||||||
|
ops = ["Login"]
|
||||||
|
|
||||||
|
[[httpPlugins]]
|
||||||
|
name = "port-manager"
|
||||||
|
addr = "127.0.0.1:9001"
|
||||||
|
path = "/handler"
|
||||||
|
ops = ["NewProxy"]
|
@ -216,49 +216,50 @@ New user connection received from proxy (support `tcp`, `stcp`, `https` and `tcp
|
|||||||
|
|
||||||
### Server Plugin Configuration
|
### Server Plugin Configuration
|
||||||
|
|
||||||
```ini
|
```toml
|
||||||
# frps.ini
|
# frps.toml
|
||||||
[common]
|
bindPort = 7000
|
||||||
bind_port = 7000
|
|
||||||
|
|
||||||
[plugin.user-manager]
|
[[httpPlugins]]
|
||||||
addr = 127.0.0.1:9000
|
name = "user-manager"
|
||||||
path = /handler
|
addr = "127.0.0.1:9000"
|
||||||
ops = Login
|
path = "/handler"
|
||||||
|
ops = ["Login"]
|
||||||
|
|
||||||
[plugin.port-manager]
|
[[httpPlugins]]
|
||||||
addr = 127.0.0.1:9001
|
name = "port-manager"
|
||||||
path = /handler
|
addr = "127.0.0.1:9001"
|
||||||
ops = NewProxy
|
path = "/handler"
|
||||||
|
ops = ["NewProxy"]
|
||||||
```
|
```
|
||||||
|
|
||||||
- addr: the address where the external RPC service listens. Defaults to http. For https, specify the schema: `addr = https://127.0.0.1:9001`.
|
- addr: the address where the external RPC service listens. Defaults to http. For https, specify the schema: `addr = "https://127.0.0.1:9001"`.
|
||||||
- path: http request url path for the POST request.
|
- path: http request url path for the POST request.
|
||||||
- ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...).
|
- ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...).
|
||||||
- tls_verify: When the schema is https, we verify by default. Set this value to false if you want to skip verification.
|
- tlsVerify: When the schema is https, we verify by default. Set this value to false if you want to skip verification.
|
||||||
|
|
||||||
### Metadata
|
### Metadata
|
||||||
|
|
||||||
Metadata will be sent to the server plugin in each RPC request.
|
Metadata will be sent to the server plugin in each RPC request.
|
||||||
|
|
||||||
There are 2 types of metadata entries - 1 under `[common]` and the other under each proxy configuration.
|
There are 2 types of metadata entries - global one and the other under each proxy configuration.
|
||||||
Metadata entries under `[common]` will be sent in `Login` under the key `metas`, and in any other RPC request under `user.metas`.
|
Global metadata entries will be sent in `Login` under the key `metas`, and in any other RPC request under `user.metas`.
|
||||||
Metadata entries under each proxy configuration will be sent in `NewProxy` op only, under `metas`.
|
Metadata entries under each proxy configuration will be sent in `NewProxy` op only, under `metas`.
|
||||||
|
|
||||||
Metadata entries start with `meta_`. This is an example of metadata entries in `[common]` and under the proxy named `[ssh]`:
|
This is an example of metadata entries:
|
||||||
|
|
||||||
```
|
```toml
|
||||||
# frpc.ini
|
# frpc.toml
|
||||||
[common]
|
serverAddr = "127.0.0.1"
|
||||||
server_addr = 127.0.0.1
|
serverPort = 7000
|
||||||
server_port = 7000
|
user = "fake"
|
||||||
user = fake
|
metadatas.token = "fake"
|
||||||
meta_token = fake
|
metadatas.version = "1.0.0"
|
||||||
meta_version = 1.0.0
|
|
||||||
|
|
||||||
[ssh]
|
[[proxies]]
|
||||||
type = tcp
|
name = "ssh"
|
||||||
local_port = 22
|
type = "tcp"
|
||||||
remote_port = 6000
|
localPort = 22
|
||||||
meta_id = 123
|
remotePort = 6000
|
||||||
|
metadatas.id = "123"
|
||||||
```
|
```
|
||||||
|
@ -47,6 +47,7 @@ for os in $os_all; do
|
|||||||
fi
|
fi
|
||||||
cp ../LICENSE ${frp_path}
|
cp ../LICENSE ${frp_path}
|
||||||
cp -rf ../conf/* ${frp_path}
|
cp -rf ../conf/* ${frp_path}
|
||||||
|
rm -rf ${frp_path}/legacy
|
||||||
|
|
||||||
# packages
|
# packages
|
||||||
cd ./packages
|
cd ./packages
|
||||||
|
@ -123,9 +123,9 @@ type ClientCommonConf struct {
|
|||||||
// is "tcp".
|
// is "tcp".
|
||||||
Protocol string `ini:"protocol" json:"protocol"`
|
Protocol string `ini:"protocol" json:"protocol"`
|
||||||
// QUIC protocol options
|
// QUIC protocol options
|
||||||
QUICKeepalivePeriod int `ini:"quic_keepalive_period" json:"quic_keepalive_period" validate:"gte=0"`
|
QUICKeepalivePeriod int `ini:"quic_keepalive_period" json:"quic_keepalive_period"`
|
||||||
QUICMaxIdleTimeout int `ini:"quic_max_idle_timeout" json:"quic_max_idle_timeout" validate:"gte=0"`
|
QUICMaxIdleTimeout int `ini:"quic_max_idle_timeout" json:"quic_max_idle_timeout"`
|
||||||
QUICMaxIncomingStreams int `ini:"quic_max_incoming_streams" json:"quic_max_incoming_streams" validate:"gte=0"`
|
QUICMaxIncomingStreams int `ini:"quic_max_incoming_streams" json:"quic_max_incoming_streams"`
|
||||||
// TLSEnable specifies whether or not TLS should be used when communicating
|
// TLSEnable specifies whether or not TLS should be used when communicating
|
||||||
// with the server. If "tls_cert_file" and "tls_key_file" are valid,
|
// with the server. If "tls_cert_file" and "tls_key_file" are valid,
|
||||||
// client will load the supplied tls configuration.
|
// client will load the supplied tls configuration.
|
||||||
|
@ -41,35 +41,35 @@ type ServerCommonConf struct {
|
|||||||
BindAddr string `ini:"bind_addr" json:"bind_addr"`
|
BindAddr string `ini:"bind_addr" json:"bind_addr"`
|
||||||
// BindPort specifies the port that the server listens on. By default, this
|
// BindPort specifies the port that the server listens on. By default, this
|
||||||
// value is 7000.
|
// value is 7000.
|
||||||
BindPort int `ini:"bind_port" json:"bind_port" validate:"gte=0,lte=65535"`
|
BindPort int `ini:"bind_port" json:"bind_port"`
|
||||||
// KCPBindPort specifies the KCP port that the server listens on. If this
|
// KCPBindPort specifies the KCP port that the server listens on. If this
|
||||||
// value is 0, the server will not listen for KCP connections. By default,
|
// value is 0, the server will not listen for KCP connections. By default,
|
||||||
// this value is 0.
|
// this value is 0.
|
||||||
KCPBindPort int `ini:"kcp_bind_port" json:"kcp_bind_port" validate:"gte=0,lte=65535"`
|
KCPBindPort int `ini:"kcp_bind_port" json:"kcp_bind_port"`
|
||||||
// QUICBindPort specifies the QUIC port that the server listens on.
|
// QUICBindPort specifies the QUIC port that the server listens on.
|
||||||
// Set this value to 0 will disable this feature.
|
// Set this value to 0 will disable this feature.
|
||||||
// By default, the value is 0.
|
// By default, the value is 0.
|
||||||
QUICBindPort int `ini:"quic_bind_port" json:"quic_bind_port" validate:"gte=0,lte=65535"`
|
QUICBindPort int `ini:"quic_bind_port" json:"quic_bind_port"`
|
||||||
// QUIC protocol options
|
// QUIC protocol options
|
||||||
QUICKeepalivePeriod int `ini:"quic_keepalive_period" json:"quic_keepalive_period" validate:"gte=0"`
|
QUICKeepalivePeriod int `ini:"quic_keepalive_period" json:"quic_keepalive_period"`
|
||||||
QUICMaxIdleTimeout int `ini:"quic_max_idle_timeout" json:"quic_max_idle_timeout" validate:"gte=0"`
|
QUICMaxIdleTimeout int `ini:"quic_max_idle_timeout" json:"quic_max_idle_timeout"`
|
||||||
QUICMaxIncomingStreams int `ini:"quic_max_incoming_streams" json:"quic_max_incoming_streams" validate:"gte=0"`
|
QUICMaxIncomingStreams int `ini:"quic_max_incoming_streams" json:"quic_max_incoming_streams"`
|
||||||
// ProxyBindAddr specifies the address that the proxy binds to. This value
|
// ProxyBindAddr specifies the address that the proxy binds to. This value
|
||||||
// may be the same as BindAddr.
|
// may be the same as BindAddr.
|
||||||
ProxyBindAddr string `ini:"proxy_bind_addr" json:"proxy_bind_addr"`
|
ProxyBindAddr string `ini:"proxy_bind_addr" json:"proxy_bind_addr"`
|
||||||
// VhostHTTPPort specifies the port that the server listens for HTTP Vhost
|
// VhostHTTPPort specifies the port that the server listens for HTTP Vhost
|
||||||
// requests. If this value is 0, the server will not listen for HTTP
|
// requests. If this value is 0, the server will not listen for HTTP
|
||||||
// requests. By default, this value is 0.
|
// requests. By default, this value is 0.
|
||||||
VhostHTTPPort int `ini:"vhost_http_port" json:"vhost_http_port" validate:"gte=0,lte=65535"`
|
VhostHTTPPort int `ini:"vhost_http_port" json:"vhost_http_port"`
|
||||||
// VhostHTTPSPort specifies the port that the server listens for HTTPS
|
// VhostHTTPSPort specifies the port that the server listens for HTTPS
|
||||||
// Vhost requests. If this value is 0, the server will not listen for HTTPS
|
// Vhost requests. If this value is 0, the server will not listen for HTTPS
|
||||||
// requests. By default, this value is 0.
|
// requests. By default, this value is 0.
|
||||||
VhostHTTPSPort int `ini:"vhost_https_port" json:"vhost_https_port" validate:"gte=0,lte=65535"`
|
VhostHTTPSPort int `ini:"vhost_https_port" json:"vhost_https_port"`
|
||||||
// TCPMuxHTTPConnectPort specifies the port that the server listens for TCP
|
// TCPMuxHTTPConnectPort specifies the port that the server listens for TCP
|
||||||
// HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
|
// HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
|
||||||
// requests on one single port. If it's not - it will listen on this value for
|
// requests on one single port. If it's not - it will listen on this value for
|
||||||
// HTTP CONNECT requests. By default, this value is 0.
|
// HTTP CONNECT requests. By default, this value is 0.
|
||||||
TCPMuxHTTPConnectPort int `ini:"tcpmux_httpconnect_port" json:"tcpmux_httpconnect_port" validate:"gte=0,lte=65535"`
|
TCPMuxHTTPConnectPort int `ini:"tcpmux_httpconnect_port" json:"tcpmux_httpconnect_port"`
|
||||||
// If TCPMuxPassthrough is true, frps won't do any update on traffic.
|
// If TCPMuxPassthrough is true, frps won't do any update on traffic.
|
||||||
TCPMuxPassthrough bool `ini:"tcpmux_passthrough" json:"tcpmux_passthrough"`
|
TCPMuxPassthrough bool `ini:"tcpmux_passthrough" json:"tcpmux_passthrough"`
|
||||||
// VhostHTTPTimeout specifies the response header timeout for the Vhost
|
// VhostHTTPTimeout specifies the response header timeout for the Vhost
|
||||||
@ -81,7 +81,7 @@ type ServerCommonConf struct {
|
|||||||
// DashboardPort specifies the port that the dashboard listens on. If this
|
// DashboardPort specifies the port that the dashboard listens on. If this
|
||||||
// value is 0, the dashboard will not be started. By default, this value is
|
// value is 0, the dashboard will not be started. By default, this value is
|
||||||
// 0.
|
// 0.
|
||||||
DashboardPort int `ini:"dashboard_port" json:"dashboard_port" validate:"gte=0,lte=65535"`
|
DashboardPort int `ini:"dashboard_port" json:"dashboard_port"`
|
||||||
// DashboardTLSCertFile specifies the path of the cert file that the server will
|
// DashboardTLSCertFile specifies the path of the cert file that the server will
|
||||||
// load. If "dashboard_tls_cert_file", "dashboard_tls_key_file" are valid, the server will use this
|
// load. If "dashboard_tls_cert_file", "dashboard_tls_key_file" are valid, the server will use this
|
||||||
// supplied tls configuration.
|
// supplied tls configuration.
|
||||||
|
45
pkg/config/load_test.go
Normal file
45
pkg/config/load_test.go
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
// Copyright 2023 The frp Authors
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package config
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
|
v1 "github.com/fatedier/frp/pkg/config/v1"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestLoadConfigure(t *testing.T) {
|
||||||
|
require := require.New(t)
|
||||||
|
content := `
|
||||||
|
bindAddr = "127.0.0.1"
|
||||||
|
kcpBindPort = 7000
|
||||||
|
quicBindPort = 7001
|
||||||
|
tcpmuxHTTPConnectPort = 7005
|
||||||
|
custom404Page = "/abc.html"
|
||||||
|
transport.tcpKeepalive = 10
|
||||||
|
`
|
||||||
|
|
||||||
|
svrCfg := v1.ServerConfig{}
|
||||||
|
err := LoadConfigure([]byte(content), &svrCfg)
|
||||||
|
require.NoError(err)
|
||||||
|
require.EqualValues("127.0.0.1", svrCfg.BindAddr)
|
||||||
|
require.EqualValues(7000, svrCfg.KCPBindPort)
|
||||||
|
require.EqualValues(7001, svrCfg.QUICBindPort)
|
||||||
|
require.EqualValues(7005, svrCfg.TCPMuxHTTPConnectPort)
|
||||||
|
require.EqualValues("/abc.html", svrCfg.Custom404Page)
|
||||||
|
require.EqualValues(10, svrCfg.Transport.TCPKeepAlive)
|
||||||
|
}
|
@ -34,9 +34,9 @@ const (
|
|||||||
|
|
||||||
// QUIC protocol options
|
// QUIC protocol options
|
||||||
type QUICOptions struct {
|
type QUICOptions struct {
|
||||||
KeepalivePeriod int `json:"quicKeepalivePeriod,omitempty" validate:"gte=0"`
|
KeepalivePeriod int `json:"keepalivePeriod,omitempty"`
|
||||||
MaxIdleTimeout int `json:"quicMaxIdleTimeout,omitempty" validate:"gte=0"`
|
MaxIdleTimeout int `json:"maxIdleTimeout,omitempty"`
|
||||||
MaxIncomingStreams int `json:"quicMaxIncomingStreams,omitempty" validate:"gte=0"`
|
MaxIncomingStreams int `json:"maxIncomingStreams,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *QUICOptions) Complete() {
|
func (c *QUICOptions) Complete() {
|
||||||
|
@ -278,7 +278,7 @@ type HTTPProxyConfig struct {
|
|||||||
HTTPPassword string `json:"httpPassword,omitempty"`
|
HTTPPassword string `json:"httpPassword,omitempty"`
|
||||||
HostHeaderRewrite string `json:"hostHeaderRewrite,omitempty"`
|
HostHeaderRewrite string `json:"hostHeaderRewrite,omitempty"`
|
||||||
RequestHeaders HeaderOperations `json:"requestHeaders,omitempty"`
|
RequestHeaders HeaderOperations `json:"requestHeaders,omitempty"`
|
||||||
RouteByHTTPUser string `json:"routeByHttpUser,omitempty"`
|
RouteByHTTPUser string `json:"routeByHTTPUser,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *HTTPProxyConfig) MarshalToMsg(m *msg.NewProxy) {
|
func (c *HTTPProxyConfig) MarshalToMsg(m *msg.NewProxy) {
|
||||||
@ -342,7 +342,7 @@ type TCPMuxProxyConfig struct {
|
|||||||
|
|
||||||
HTTPUser string `json:"httpUser,omitempty"`
|
HTTPUser string `json:"httpUser,omitempty"`
|
||||||
HTTPPassword string `json:"httpPassword,omitempty"`
|
HTTPPassword string `json:"httpPassword,omitempty"`
|
||||||
RouteByHTTPUser string `json:"routeByHttpUser,omitempty"`
|
RouteByHTTPUser string `json:"routeByHTTPUser,omitempty"`
|
||||||
Multiplexer string `json:"multiplexer,omitempty"`
|
Multiplexer string `json:"multiplexer,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -62,7 +62,7 @@ type ServerConfig struct {
|
|||||||
// requested by the client when using Vhost proxying. For example, if this
|
// requested by the client when using Vhost proxying. For example, if this
|
||||||
// value is set to "frps.com" and the client requested the subdomain
|
// value is set to "frps.com" and the client requested the subdomain
|
||||||
// "test", the resulting URL would be "test.frps.com".
|
// "test", the resulting URL would be "test.frps.com".
|
||||||
SubDomainHost string `json:"subdomainHost,omitempty"`
|
SubDomainHost string `json:"subDomainHost,omitempty"`
|
||||||
// Custom404Page specifies a path to a custom 404 page to display. If this
|
// Custom404Page specifies a path to a custom 404 page to display. If this
|
||||||
// value is "", a default page will be displayed.
|
// value is "", a default page will be displayed.
|
||||||
Custom404Page string `json:"custom404Page,omitempty"`
|
Custom404Page string `json:"custom404Page,omitempty"`
|
||||||
|
@ -19,7 +19,7 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
var version = "0.51.3"
|
var version = "0.52.0"
|
||||||
|
|
||||||
func Full() string {
|
func Full() string {
|
||||||
return version
|
return version
|
||||||
|
4
web/frps/auto-imports.d.ts
vendored
4
web/frps/auto-imports.d.ts
vendored
@ -1,5 +1,3 @@
|
|||||||
// Generated by 'unplugin-auto-import'
|
// Generated by 'unplugin-auto-import'
|
||||||
export {}
|
export {}
|
||||||
declare global {
|
declare global {}
|
||||||
|
|
||||||
}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user