|
|
@ -19,18 +19,21 @@ frp is a fast reverse proxy to help you expose a local server behind a NAT or fi |
|
|
|
* [Visit your web service in LAN by custom domains](#visit-your-web-service-in-lan-by-custom-domains) |
|
|
|
* [Visit your web service in LAN by custom domains](#visit-your-web-service-in-lan-by-custom-domains) |
|
|
|
* [Forward DNS query request](#forward-dns-query-request) |
|
|
|
* [Forward DNS query request](#forward-dns-query-request) |
|
|
|
* [Forward unix domain socket](#forward-unix-domain-socket) |
|
|
|
* [Forward unix domain socket](#forward-unix-domain-socket) |
|
|
|
|
|
|
|
* [Expose your service in security](#expose-your-service-in-security) |
|
|
|
* [Connect website through frpc's network](#connect-website-through-frpcs-network) |
|
|
|
* [Connect website through frpc's network](#connect-website-through-frpcs-network) |
|
|
|
* [Features](#features) |
|
|
|
* [Features](#features) |
|
|
|
|
|
|
|
* [Configuration File](#configuration-file) |
|
|
|
* [Dashboard](#dashboard) |
|
|
|
* [Dashboard](#dashboard) |
|
|
|
* [Authentication](#authentication) |
|
|
|
* [Authentication](#authentication) |
|
|
|
* [Encryption and Compression](#encryption-and-compression) |
|
|
|
* [Encryption and Compression](#encryption-and-compression) |
|
|
|
* [Reload configures without frps stopped](#reload-configures-without-frps-stopped) |
|
|
|
* [Hot-Reload frpc configuration](#hot-reload-frpc-configuration) |
|
|
|
* [Privilege Mode](#privilege-mode) |
|
|
|
* [Privilege Mode](#privilege-mode) |
|
|
|
* [Port White List](#port-white-list) |
|
|
|
* [Port White List](#port-white-list) |
|
|
|
* [TCP Stream Multiplexing](#tcp-stream-multiplexing) |
|
|
|
* [TCP Stream Multiplexing](#tcp-stream-multiplexing) |
|
|
|
* [Support KCP Protocol](#support-kcp-protocol) |
|
|
|
* [Support KCP Protocol](#support-kcp-protocol) |
|
|
|
* [Connection Pool](#connection-pool) |
|
|
|
* [Connection Pool](#connection-pool) |
|
|
|
* [Rewriting the Host Header](#rewriting-the-host-header) |
|
|
|
* [Rewriting the Host Header](#rewriting-the-host-header) |
|
|
|
|
|
|
|
* [Get Real IP](#get-real-ip) |
|
|
|
* [Password protecting your web service](#password-protecting-your-web-service) |
|
|
|
* [Password protecting your web service](#password-protecting-your-web-service) |
|
|
|
* [Custom subdomain names](#custom-subdomain-names) |
|
|
|
* [Custom subdomain names](#custom-subdomain-names) |
|
|
|
* [URL routing](#url-routing) |
|
|
|
* [URL routing](#url-routing) |
|
|
@ -187,19 +190,36 @@ However, we can expose a http or https service using frp. |
|
|
|
|
|
|
|
|
|
|
|
Using tcp port to connect unix domain socket like docker daemon. |
|
|
|
Using tcp port to connect unix domain socket like docker daemon. |
|
|
|
|
|
|
|
|
|
|
|
1. Modify frps.ini: |
|
|
|
Configure frps same as above. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1. Start frpc with configurations: |
|
|
|
|
|
|
|
|
|
|
|
```ini |
|
|
|
```ini |
|
|
|
# frps.ini |
|
|
|
# frpc.ini |
|
|
|
[common] |
|
|
|
[common] |
|
|
|
bind_port = 7000 |
|
|
|
server_addr = x.x.x.x |
|
|
|
|
|
|
|
server_port = 7000 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[unix_domain_socket] |
|
|
|
|
|
|
|
type = tcp |
|
|
|
|
|
|
|
remote_port = 6000 |
|
|
|
|
|
|
|
plugin = unix_domain_socket |
|
|
|
|
|
|
|
plugin_unix_path = /var/run/docker.sock |
|
|
|
``` |
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
2. Start frps: |
|
|
|
2. Get docker version by curl command: |
|
|
|
|
|
|
|
|
|
|
|
`./frps -c ./frps.ini` |
|
|
|
`curl http://x.x.x.x:6000/version` |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Expose your service in security |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For some services, if expose them to the public network directly will be a security risk. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
**stcp(secret tcp)** help you create a proxy avoiding any one can access it. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Configure frps same as above. |
|
|
|
|
|
|
|
|
|
|
|
3. Modify frpc.ini: |
|
|
|
1. Start frpc, forward ssh port and `remote_port` is useless: |
|
|
|
|
|
|
|
|
|
|
|
```ini |
|
|
|
```ini |
|
|
|
# frpc.ini |
|
|
|
# frpc.ini |
|
|
@ -207,26 +227,39 @@ Using tcp port to connect unix domain socket like docker daemon. |
|
|
|
server_addr = x.x.x.x |
|
|
|
server_addr = x.x.x.x |
|
|
|
server_port = 7000 |
|
|
|
server_port = 7000 |
|
|
|
|
|
|
|
|
|
|
|
[unix_domain_socket] |
|
|
|
[secret_ssh] |
|
|
|
type = tcp |
|
|
|
type = stcp |
|
|
|
remote_port = 6000 |
|
|
|
sk = abcdefg |
|
|
|
plugin = unix_domain_socket |
|
|
|
local_ip = 127.0.0.1 |
|
|
|
plugin_unix_path = /var/run/docker.sock |
|
|
|
local_port = 22 |
|
|
|
``` |
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
4. Start frpc: |
|
|
|
2. Start another frpc in which you want to connect this ssh server: |
|
|
|
|
|
|
|
|
|
|
|
`./frpc -c ./frpc.ini` |
|
|
|
```ini |
|
|
|
|
|
|
|
# frpc.ini |
|
|
|
|
|
|
|
[common] |
|
|
|
|
|
|
|
server_addr = x.x.x.x |
|
|
|
|
|
|
|
server_port = 7000 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[secret_ssh_vistor] |
|
|
|
|
|
|
|
type = stcp |
|
|
|
|
|
|
|
role = vistor |
|
|
|
|
|
|
|
server_name = secret_ssh |
|
|
|
|
|
|
|
sk = abcdefg |
|
|
|
|
|
|
|
bind_addr = 127.0.0.1 |
|
|
|
|
|
|
|
bind_port = 6000 |
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
5. Get docker version by curl command: |
|
|
|
3. Connect to server in LAN by ssh assuming that username is test: |
|
|
|
|
|
|
|
|
|
|
|
`curl http://x.x.x.x:6000/version` |
|
|
|
`ssh -oPort=6000 test@127.0.0.1` |
|
|
|
|
|
|
|
|
|
|
|
### Connect website through frpc's network |
|
|
|
### Connect website through frpc's network |
|
|
|
|
|
|
|
|
|
|
|
Configure frps same as above. |
|
|
|
Configure frps same as above. |
|
|
|
|
|
|
|
|
|
|
|
1. Modify frpc.ini: |
|
|
|
1. Start frpc with configurations: |
|
|
|
|
|
|
|
|
|
|
|
```ini |
|
|
|
```ini |
|
|
|
# frpc.ini |
|
|
|
# frpc.ini |
|
|
@ -240,13 +273,17 @@ Configure frps same as above. |
|
|
|
plugin = http_proxy # or socks5 |
|
|
|
plugin = http_proxy # or socks5 |
|
|
|
``` |
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
4. Start frpc: |
|
|
|
2. Set http proxy or socks5 proxy `x.x.x.x:6000` in your browser and visit website through frpc's network. |
|
|
|
|
|
|
|
|
|
|
|
`./frpc -c ./frpc.ini` |
|
|
|
## Features |
|
|
|
|
|
|
|
|
|
|
|
5. Set http proxy or socks5 proxy `x.x.x.x:6000` in your browser and visit website through frpc's network. |
|
|
|
### Configuration File |
|
|
|
|
|
|
|
|
|
|
|
## Features |
|
|
|
You can find features which this document not metioned from full example configuration files. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[frps full configuration file](./conf/frps_full.ini) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[frpc full configuration file](./conf/frpc_full.ini) |
|
|
|
|
|
|
|
|
|
|
|
### Dashboard |
|
|
|
### Dashboard |
|
|
|
|
|
|
|
|
|
|
@ -288,9 +325,20 @@ use_encryption = true |
|
|
|
use_compression = true |
|
|
|
use_compression = true |
|
|
|
``` |
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
### Reload configures without frps stopped |
|
|
|
### Hot-Reload frpc configuration |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
First you need to set admin port in frpc's configure file to let it provide HTTP API for more features. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```ini |
|
|
|
|
|
|
|
# frpc.ini |
|
|
|
|
|
|
|
[common] |
|
|
|
|
|
|
|
admin_addr = 127.0.0.1 |
|
|
|
|
|
|
|
admin_port = 7400 |
|
|
|
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Then run command `frpc -c ./frpc.ini --reload` and wait for about 10 seconds to let frpc create or update or delete proxies. |
|
|
|
|
|
|
|
|
|
|
|
This feature is removed since v0.10.0. |
|
|
|
**Note that parameters in [common] section won't be modified except 'start' now.** |
|
|
|
|
|
|
|
|
|
|
|
### Privilege Mode |
|
|
|
### Privilege Mode |
|
|
|
|
|
|
|
|
|
|
@ -386,6 +434,14 @@ host_header_rewrite = dev.yourdomain.com |
|
|
|
|
|
|
|
|
|
|
|
If `host_header_rewrite` is specified, the Host header will be rewritten to match the hostname portion of the forwarding address. |
|
|
|
If `host_header_rewrite` is specified, the Host header will be rewritten to match the hostname portion of the forwarding address. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Get Real IP |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Features for http proxy only. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
You can get user's real IP from http request header `X-Forwarded-For` and `X-Real-IP`. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
**Note that now you can only get these two headers in first request of each user connection.** |
|
|
|
|
|
|
|
|
|
|
|
### Password protecting your web service |
|
|
|
### Password protecting your web service |
|
|
|
|
|
|
|
|
|
|
|
Anyone who can guess your tunnel URL can access your local web server unless you protect it with a password. |
|
|
|
Anyone who can guess your tunnel URL can access your local web server unless you protect it with a password. |
|
|
|