mirror of https://github.com/fatedier/frp
fatedier
1 year ago
committed by
GitHub
7 changed files with 527 additions and 513 deletions
@ -1,361 +1,9 @@
|
||||
# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues. |
||||
|
||||
# your proxy name will be changed to {user}.{proxy} |
||||
user = "your_name" |
||||
|
||||
# A literal address or host name for IPv6 must be enclosed |
||||
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" |
||||
# For single serverAddr field, no need square brackets, like serverAddr = "::". |
||||
serverAddr = "0.0.0.0" |
||||
serverAddr = "127.0.0.1" |
||||
serverPort = 7000 |
||||
|
||||
# STUN server to help penetrate NAT hole. |
||||
# natHoleStunServer = "stun.easyvoip.com:3478" |
||||
|
||||
# Decide if exit program when first login failed, otherwise continuous relogin to frps |
||||
# default is true |
||||
loginFailExit = true |
||||
|
||||
# console or real logFile path like ./frpc.log |
||||
log.to = "./frpc.log" |
||||
# trace, debug, info, warn, error |
||||
log.level = "info" |
||||
log.maxDays = 3 |
||||
# disable log colors when log.to is console, default is false |
||||
log.disablePrintColor = false |
||||
|
||||
auth.method = "token" |
||||
# auth.additionalScopes specifies additional scopes to include authentication information. |
||||
# Optional values are HeartBeats, NewWorkConns. |
||||
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"] |
||||
|
||||
# auth token |
||||
auth.token = "12345678" |
||||
|
||||
# oidc.clientID specifies the client ID to use to get a token in OIDC authentication. |
||||
# auth.oidc.clientID = "" |
||||
# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication. |
||||
# auth.oidc.clientSecret = "" |
||||
# oidc.audience specifies the audience of the token in OIDC authentication. |
||||
# auth.oidc.audience = "" |
||||
# oidc.scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "". |
||||
# auth.oidc.scope = "" |
||||
# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint. |
||||
# It will be used to get an OIDC token. |
||||
# auth.oidc.tokenEndpointURL = "" |
||||
|
||||
# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint. |
||||
# For example, if you want to specify the "audience" parameter, you can set as follow. |
||||
# frp will add "audience=<value>" "var1=<value>" to the additional parameters. |
||||
# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/" |
||||
# auth.oidc.additionalEndpointParams.var1 = "foobar" |
||||
|
||||
# Set admin address for control frpc's action by http api such as reload |
||||
webServer.addr = "127.0.0.1" |
||||
webServer.port = 7400 |
||||
webServer.user = "admin" |
||||
webServer.password = "admin" |
||||
# Admin assets directory. By default, these assets are bundled with frpc. |
||||
# webServer.assetsDir = "./static" |
||||
|
||||
# Enable golang pprof handlers in admin listener. |
||||
webServer.pprofEnable = false |
||||
|
||||
# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds. |
||||
# transport.dialServerTimeout = 10 |
||||
|
||||
# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. |
||||
# If negative, keep-alive probes are disabled. |
||||
# transport.dialServerKeepalive = 7200 |
||||
|
||||
# connections will be established in advance, default value is zero |
||||
transport.poolCount = 5 |
||||
|
||||
# If tcp stream multiplexing is used, default is true, it must be same with frps |
||||
# transport.tcpMux = true |
||||
|
||||
# Specify keep alive interval for tcp mux. |
||||
# only valid if tcpMux is enabled. |
||||
# transport.tcpMuxKeepaliveInterval = 60 |
||||
|
||||
# Communication protocol used to connect to server |
||||
# supports tcp, kcp, quic, websocket and wss now, default is tcp |
||||
transport.protocol = "tcp" |
||||
|
||||
# set client binding ip when connect server, default is empty. |
||||
# only when protocol = tcp or websocket, the value will be used. |
||||
transport.connectServerLocalIP = "0.0.0.0" |
||||
|
||||
# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables |
||||
# it only works when protocol is tcp |
||||
# transport.proxyURL = "http://user:passwd@192.168.1.128:8080" |
||||
# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080" |
||||
# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080" |
||||
|
||||
# quic protocol options |
||||
# transport.quic.keepalivePeriod = 10 |
||||
# transport.quic.maxIdleTimeout = 30 |
||||
# transport.quic.maxIncomingStreams = 100000 |
||||
|
||||
# If tls.enable is true, frpc will connect frps by tls. |
||||
# Since v0.50.0, the default value has been changed to true, and tls is enabled by default. |
||||
transport.tls.enable = true |
||||
|
||||
# transport.tls.certFile = "client.crt" |
||||
# transport.tls.keyFile = "client.key" |
||||
# transport.tls.trustedCaFile = "ca.crt" |
||||
# transport.tls.serverName = "example.com" |
||||
|
||||
# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the |
||||
# first custom byte when tls is enabled. |
||||
# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default. |
||||
# transport.tls.disableCustomTLSFirstByte = true |
||||
|
||||
# Heartbeat configure, it's not recommended to modify the default value. |
||||
# The default value of heartbeatInterval is 10 and heartbeatTimeout is 90. Set negative value |
||||
# to disable it. |
||||
# transport.heartbeatInterval = 30 |
||||
# transport.heartbeatTimeout = 90 |
||||
|
||||
# Specify a dns server, so frpc will use this instead of default one |
||||
# dnsServer = "8.8.8.8" |
||||
|
||||
# Proxy names you want to start. |
||||
# Default is empty, means all proxies. |
||||
# start = ["ssh", "dns"] |
||||
|
||||
# Specify udp packet size, unit is byte. If not set, the default value is 1500. |
||||
# This parameter should be same between client and server. |
||||
# It affects the udp and sudp proxy. |
||||
udpPacketSize = 1500 |
||||
|
||||
# Additional metadatas for client. |
||||
metadatas.var1 = "abc" |
||||
metadatas.var2 = "123" |
||||
|
||||
# Include other config files for proxies. |
||||
# includes = ["./confd/*.ini"] |
||||
|
||||
[[proxies]] |
||||
# 'ssh' is the unique proxy name |
||||
# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh' |
||||
name = "ssh" |
||||
type = "tcp" |
||||
localIP = "127.0.0.1" |
||||
localPort = 22 |
||||
# Limit bandwidth for this proxy, unit is KB and MB |
||||
transport.bandwidthLimit = "1MB" |
||||
# Where to limit bandwidth, can be 'client' or 'server', default is 'client' |
||||
transport.bandwidthLimitMode = "client" |
||||
# If true, traffic of this proxy will be encrypted, default is false |
||||
transport.useEncryption = false |
||||
# If true, traffic will be compressed |
||||
transport.useCompression = false |
||||
# Remote port listen by frps |
||||
remotePort = 6001 |
||||
# frps will load balancing connections for proxies in same group |
||||
loadBalancer.group = "test_group" |
||||
# group should have same group key |
||||
loadBalancer.groupKey = "123456" |
||||
# Enable health check for the backend service, it supports 'tcp' and 'http' now. |
||||
# frpc will connect local service's port to detect it's healthy status |
||||
healthCheck.type = "tcp" |
||||
# Health check connection timeout |
||||
healthCheck.timeoutSeconds = 3 |
||||
# If continuous failed in 3 times, the proxy will be removed from frps |
||||
healthCheck.maxFailed = 3 |
||||
# every 10 seconds will do a health check |
||||
healthCheck.intervalSeconds = 10 |
||||
# additional meta info for each proxy |
||||
metadatas.var1 = "abc" |
||||
metadatas.var2 = "123" |
||||
|
||||
[[proxies]] |
||||
name = "ssh_random" |
||||
type = "tcp" |
||||
localIP = "192.168.31.100" |
||||
localPort = 22 |
||||
# If remotePort is 0, frps will assign a random port for you |
||||
remotePort = 0 |
||||
|
||||
[[proxies]] |
||||
name = "dns" |
||||
type = "udp" |
||||
localIP = "114.114.114.114" |
||||
localPort = 53 |
||||
remotePort = 6002 |
||||
|
||||
# Resolve your domain names to [serverAddr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02 |
||||
[[proxies]] |
||||
name = "web01" |
||||
type = "http" |
||||
localIP = "127.0.0.1" |
||||
localPort = 80 |
||||
# http username and password are safety certification for http protocol |
||||
# if not set, you can access this customDomains without certification |
||||
httpUser = "admin" |
||||
httpPassword = "admin" |
||||
# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com |
||||
subdomain = "web01" |
||||
customDomains = ["web01.yourdomain.com"] |
||||
# locations is only available for http type |
||||
locations = ["/", "/pic"] |
||||
# route requests to this service if http basic auto user is abc |
||||
# routeByHTTPUser = abc |
||||
hostHeaderRewrite = "example.com" |
||||
requestHeaders.set.x-from-where = "frp" |
||||
healthCheck.type = "http" |
||||
# frpc will send a GET http request '/status' to local http service |
||||
# http service is alive when it return 2xx http response code |
||||
healthCheck.path = "/status" |
||||
healthCheck.intervalSeconds = 10 |
||||
healthCheck.maxFailed = 3 |
||||
healthCheck.timeoutSeconds = 3 |
||||
|
||||
[[proxies]] |
||||
name = "web02" |
||||
type = "https" |
||||
localIP = "127.0.0.1" |
||||
localPort = 8000 |
||||
subdomain = "web02" |
||||
customDomains = ["web02.yourdomain.com"] |
||||
# if not empty, frpc will use proxy protocol to transfer connection info to your local service |
||||
# v1 or v2 or empty |
||||
transport.proxyProtocolVersion = "v2" |
||||
|
||||
[[proxies]] |
||||
name = "tcpmuxhttpconnect" |
||||
type = "tcpmux" |
||||
multiplexer = "httpconnect" |
||||
localIP = "127.0.0.1" |
||||
localPort = 10701 |
||||
customDomains = ["tunnel1"] |
||||
# routeByHTTPUser = "user1" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_unix_domain_socket" |
||||
type = "tcp" |
||||
remotePort = 6003 |
||||
# if plugin is defined, localIP and localPort is useless |
||||
# plugin will handle connections got from frps |
||||
[proxies.plugin] |
||||
type = "unix_domain_socket" |
||||
unixPath = "/var/run/docker.sock" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_http_proxy" |
||||
type = "tcp" |
||||
remotePort = 6004 |
||||
[proxies.plugin] |
||||
type = "http_proxy" |
||||
httpUser = "abc" |
||||
httpPassword = "abc" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_socks5" |
||||
name = "test-tcp" |
||||
type = "tcp" |
||||
remotePort = 6005 |
||||
[proxies.plugin] |
||||
type = "socks5" |
||||
username = "abc" |
||||
password = "abc" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_static_file" |
||||
type = "tcp" |
||||
remotePort = 6006 |
||||
[proxies.plugin] |
||||
type = "static_file" |
||||
localPath = "/var/www/blog" |
||||
stripPrefix = "static" |
||||
httpUser = "abc" |
||||
httpPassword = "abc" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_https2http" |
||||
type = "https" |
||||
customDomains = ["test.yourdomain.com"] |
||||
[proxies.plugin] |
||||
type = "https2http" |
||||
localAddr = "127.0.0.1:80" |
||||
crtPath = "./server.crt" |
||||
keyPath = "./server.key" |
||||
hostHeaderRewrite = "127.0.0.1" |
||||
requestHeaders.set.x-from-where = "frp" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_https2https" |
||||
type = "https" |
||||
customDomains = ["test.yourdomain.com"] |
||||
[proxies.plugin] |
||||
type = "https2https" |
||||
localAddr = "127.0.0.1:443" |
||||
crtPath = "./server.crt" |
||||
keyPath = "./server.key" |
||||
hostHeaderRewrite = "127.0.0.1" |
||||
requestHeaders.set.x-from-where = "frp" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_http2https" |
||||
type = "http" |
||||
customDomains = ["test.yourdomain.com"] |
||||
[proxies.plugin] |
||||
type = "http2https" |
||||
localAddr = "127.0.0.1:443" |
||||
hostHeaderRewrite = "127.0.0.1" |
||||
requestHeaders.set.x-from-where = "frp" |
||||
|
||||
[[proxies]] |
||||
name = "secret_tcp" |
||||
# If the type is secret tcp, remotePort is useless |
||||
# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor |
||||
type = "stcp" |
||||
# secretKey is used for authentication for visitors |
||||
secretKey = "abcdefg" |
||||
localIP = "127.0.0.1" |
||||
localPort = 22 |
||||
# If not empty, only visitors from specified users can connect. |
||||
# Otherwise, visitors from same user can connect. '*' means allow all users. |
||||
allowUsers = ["*"] |
||||
|
||||
[[proxies]] |
||||
name = "p2p_tcp" |
||||
type = "xtcp" |
||||
secretKey = "abcdefg" |
||||
localIP = "127.0.0.1" |
||||
localPort = 22 |
||||
# If not empty, only visitors from specified users can connect. |
||||
# Otherwise, visitors from same user can connect. '*' means allow all users. |
||||
allowUsers = ["user1", "user2"] |
||||
|
||||
# frpc role visitor -> frps -> frpc role server |
||||
[[visitors]] |
||||
name = "secret_tcp_visitor" |
||||
type = "stcp" |
||||
# the server name you want to visitor |
||||
serverName = "secret_tcp" |
||||
secretKey = "abcdefg" |
||||
# connect this address to visitor stcp server |
||||
bindAddr = "127.0.0.1" |
||||
# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from |
||||
# other visitors. (This is not supported for SUDP now) |
||||
bindPort = 9000 |
||||
|
||||
[[visitors]] |
||||
name = "p2p_tcp_visitor" |
||||
type = "xtcp" |
||||
# if the server user is not set, it defaults to the current user |
||||
serverUser = "user1" |
||||
serverName = "p2p_tcp" |
||||
secretKey = "abcdefg" |
||||
bindAddr = "127.0.0.1" |
||||
# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from |
||||
# other visitors. (This is not supported for SUDP now) |
||||
bindPort = 9001 |
||||
# when automatic tunnel persistence is required, set it to true |
||||
keepTunnelOpen = false |
||||
# effective when keepTunnelOpen is set to true, the number of attempts to punch through per hour |
||||
maxRetriesAnHour = 8 |
||||
minRetryInterval = 90 |
||||
# fallbackTo = "stcp_visitor" |
||||
# fallbackTimeoutMs = 500 |
||||
remotePort = 6000 |
||||
|
||||
@ -0,0 +1,361 @@
|
||||
# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues. |
||||
|
||||
# your proxy name will be changed to {user}.{proxy} |
||||
user = "your_name" |
||||
|
||||
# A literal address or host name for IPv6 must be enclosed |
||||
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" |
||||
# For single serverAddr field, no need square brackets, like serverAddr = "::". |
||||
serverAddr = "0.0.0.0" |
||||
serverPort = 7000 |
||||
|
||||
# STUN server to help penetrate NAT hole. |
||||
# natHoleStunServer = "stun.easyvoip.com:3478" |
||||
|
||||
# Decide if exit program when first login failed, otherwise continuous relogin to frps |
||||
# default is true |
||||
loginFailExit = true |
||||
|
||||
# console or real logFile path like ./frpc.log |
||||
log.to = "./frpc.log" |
||||
# trace, debug, info, warn, error |
||||
log.level = "info" |
||||
log.maxDays = 3 |
||||
# disable log colors when log.to is console, default is false |
||||
log.disablePrintColor = false |
||||
|
||||
auth.method = "token" |
||||
# auth.additionalScopes specifies additional scopes to include authentication information. |
||||
# Optional values are HeartBeats, NewWorkConns. |
||||
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"] |
||||
|
||||
# auth token |
||||
auth.token = "12345678" |
||||
|
||||
# oidc.clientID specifies the client ID to use to get a token in OIDC authentication. |
||||
# auth.oidc.clientID = "" |
||||
# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication. |
||||
# auth.oidc.clientSecret = "" |
||||
# oidc.audience specifies the audience of the token in OIDC authentication. |
||||
# auth.oidc.audience = "" |
||||
# oidc.scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "". |
||||
# auth.oidc.scope = "" |
||||
# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint. |
||||
# It will be used to get an OIDC token. |
||||
# auth.oidc.tokenEndpointURL = "" |
||||
|
||||
# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint. |
||||
# For example, if you want to specify the "audience" parameter, you can set as follow. |
||||
# frp will add "audience=<value>" "var1=<value>" to the additional parameters. |
||||
# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/" |
||||
# auth.oidc.additionalEndpointParams.var1 = "foobar" |
||||
|
||||
# Set admin address for control frpc's action by http api such as reload |
||||
webServer.addr = "127.0.0.1" |
||||
webServer.port = 7400 |
||||
webServer.user = "admin" |
||||
webServer.password = "admin" |
||||
# Admin assets directory. By default, these assets are bundled with frpc. |
||||
# webServer.assetsDir = "./static" |
||||
|
||||
# Enable golang pprof handlers in admin listener. |
||||
webServer.pprofEnable = false |
||||
|
||||
# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds. |
||||
# transport.dialServerTimeout = 10 |
||||
|
||||
# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. |
||||
# If negative, keep-alive probes are disabled. |
||||
# transport.dialServerKeepalive = 7200 |
||||
|
||||
# connections will be established in advance, default value is zero |
||||
transport.poolCount = 5 |
||||
|
||||
# If tcp stream multiplexing is used, default is true, it must be same with frps |
||||
# transport.tcpMux = true |
||||
|
||||
# Specify keep alive interval for tcp mux. |
||||
# only valid if tcpMux is enabled. |
||||
# transport.tcpMuxKeepaliveInterval = 60 |
||||
|
||||
# Communication protocol used to connect to server |
||||
# supports tcp, kcp, quic, websocket and wss now, default is tcp |
||||
transport.protocol = "tcp" |
||||
|
||||
# set client binding ip when connect server, default is empty. |
||||
# only when protocol = tcp or websocket, the value will be used. |
||||
transport.connectServerLocalIP = "0.0.0.0" |
||||
|
||||
# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables |
||||
# it only works when protocol is tcp |
||||
# transport.proxyURL = "http://user:passwd@192.168.1.128:8080" |
||||
# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080" |
||||
# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080" |
||||
|
||||
# quic protocol options |
||||
# transport.quic.keepalivePeriod = 10 |
||||
# transport.quic.maxIdleTimeout = 30 |
||||
# transport.quic.maxIncomingStreams = 100000 |
||||
|
||||
# If tls.enable is true, frpc will connect frps by tls. |
||||
# Since v0.50.0, the default value has been changed to true, and tls is enabled by default. |
||||
transport.tls.enable = true |
||||
|
||||
# transport.tls.certFile = "client.crt" |
||||
# transport.tls.keyFile = "client.key" |
||||
# transport.tls.trustedCaFile = "ca.crt" |
||||
# transport.tls.serverName = "example.com" |
||||
|
||||
# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the |
||||
# first custom byte when tls is enabled. |
||||
# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default. |
||||
# transport.tls.disableCustomTLSFirstByte = true |
||||
|
||||
# Heartbeat configure, it's not recommended to modify the default value. |
||||
# The default value of heartbeatInterval is 10 and heartbeatTimeout is 90. Set negative value |
||||
# to disable it. |
||||
# transport.heartbeatInterval = 30 |
||||
# transport.heartbeatTimeout = 90 |
||||
|
||||
# Specify a dns server, so frpc will use this instead of default one |
||||
# dnsServer = "8.8.8.8" |
||||
|
||||
# Proxy names you want to start. |
||||
# Default is empty, means all proxies. |
||||
# start = ["ssh", "dns"] |
||||
|
||||
# Specify udp packet size, unit is byte. If not set, the default value is 1500. |
||||
# This parameter should be same between client and server. |
||||
# It affects the udp and sudp proxy. |
||||
udpPacketSize = 1500 |
||||
|
||||
# Additional metadatas for client. |
||||
metadatas.var1 = "abc" |
||||
metadatas.var2 = "123" |
||||
|
||||
# Include other config files for proxies. |
||||
# includes = ["./confd/*.ini"] |
||||
|
||||
[[proxies]] |
||||
# 'ssh' is the unique proxy name |
||||
# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh' |
||||
name = "ssh" |
||||
type = "tcp" |
||||
localIP = "127.0.0.1" |
||||
localPort = 22 |
||||
# Limit bandwidth for this proxy, unit is KB and MB |
||||
transport.bandwidthLimit = "1MB" |
||||
# Where to limit bandwidth, can be 'client' or 'server', default is 'client' |
||||
transport.bandwidthLimitMode = "client" |
||||
# If true, traffic of this proxy will be encrypted, default is false |
||||
transport.useEncryption = false |
||||
# If true, traffic will be compressed |
||||
transport.useCompression = false |
||||
# Remote port listen by frps |
||||
remotePort = 6001 |
||||
# frps will load balancing connections for proxies in same group |
||||
loadBalancer.group = "test_group" |
||||
# group should have same group key |
||||
loadBalancer.groupKey = "123456" |
||||
# Enable health check for the backend service, it supports 'tcp' and 'http' now. |
||||
# frpc will connect local service's port to detect it's healthy status |
||||
healthCheck.type = "tcp" |
||||
# Health check connection timeout |
||||
healthCheck.timeoutSeconds = 3 |
||||
# If continuous failed in 3 times, the proxy will be removed from frps |
||||
healthCheck.maxFailed = 3 |
||||
# every 10 seconds will do a health check |
||||
healthCheck.intervalSeconds = 10 |
||||
# additional meta info for each proxy |
||||
metadatas.var1 = "abc" |
||||
metadatas.var2 = "123" |
||||
|
||||
[[proxies]] |
||||
name = "ssh_random" |
||||
type = "tcp" |
||||
localIP = "192.168.31.100" |
||||
localPort = 22 |
||||
# If remotePort is 0, frps will assign a random port for you |
||||
remotePort = 0 |
||||
|
||||
[[proxies]] |
||||
name = "dns" |
||||
type = "udp" |
||||
localIP = "114.114.114.114" |
||||
localPort = 53 |
||||
remotePort = 6002 |
||||
|
||||
# Resolve your domain names to [serverAddr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02 |
||||
[[proxies]] |
||||
name = "web01" |
||||
type = "http" |
||||
localIP = "127.0.0.1" |
||||
localPort = 80 |
||||
# http username and password are safety certification for http protocol |
||||
# if not set, you can access this customDomains without certification |
||||
httpUser = "admin" |
||||
httpPassword = "admin" |
||||
# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com |
||||
subdomain = "web01" |
||||
customDomains = ["web01.yourdomain.com"] |
||||
# locations is only available for http type |
||||
locations = ["/", "/pic"] |
||||
# route requests to this service if http basic auto user is abc |
||||
# routeByHTTPUser = abc |
||||
hostHeaderRewrite = "example.com" |
||||
requestHeaders.set.x-from-where = "frp" |
||||
healthCheck.type = "http" |
||||
# frpc will send a GET http request '/status' to local http service |
||||
# http service is alive when it return 2xx http response code |
||||
healthCheck.path = "/status" |
||||
healthCheck.intervalSeconds = 10 |
||||
healthCheck.maxFailed = 3 |
||||
healthCheck.timeoutSeconds = 3 |
||||
|
||||
[[proxies]] |
||||
name = "web02" |
||||
type = "https" |
||||
localIP = "127.0.0.1" |
||||
localPort = 8000 |
||||
subdomain = "web02" |
||||
customDomains = ["web02.yourdomain.com"] |
||||
# if not empty, frpc will use proxy protocol to transfer connection info to your local service |
||||
# v1 or v2 or empty |
||||
transport.proxyProtocolVersion = "v2" |
||||
|
||||
[[proxies]] |
||||
name = "tcpmuxhttpconnect" |
||||
type = "tcpmux" |
||||
multiplexer = "httpconnect" |
||||
localIP = "127.0.0.1" |
||||
localPort = 10701 |
||||
customDomains = ["tunnel1"] |
||||
# routeByHTTPUser = "user1" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_unix_domain_socket" |
||||
type = "tcp" |
||||
remotePort = 6003 |
||||
# if plugin is defined, localIP and localPort is useless |
||||
# plugin will handle connections got from frps |
||||
[proxies.plugin] |
||||
type = "unix_domain_socket" |
||||
unixPath = "/var/run/docker.sock" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_http_proxy" |
||||
type = "tcp" |
||||
remotePort = 6004 |
||||
[proxies.plugin] |
||||
type = "http_proxy" |
||||
httpUser = "abc" |
||||
httpPassword = "abc" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_socks5" |
||||
type = "tcp" |
||||
remotePort = 6005 |
||||
[proxies.plugin] |
||||
type = "socks5" |
||||
username = "abc" |
||||
password = "abc" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_static_file" |
||||
type = "tcp" |
||||
remotePort = 6006 |
||||
[proxies.plugin] |
||||
type = "static_file" |
||||
localPath = "/var/www/blog" |
||||
stripPrefix = "static" |
||||
httpUser = "abc" |
||||
httpPassword = "abc" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_https2http" |
||||
type = "https" |
||||
customDomains = ["test.yourdomain.com"] |
||||
[proxies.plugin] |
||||
type = "https2http" |
||||
localAddr = "127.0.0.1:80" |
||||
crtPath = "./server.crt" |
||||
keyPath = "./server.key" |
||||
hostHeaderRewrite = "127.0.0.1" |
||||
requestHeaders.set.x-from-where = "frp" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_https2https" |
||||
type = "https" |
||||
customDomains = ["test.yourdomain.com"] |
||||
[proxies.plugin] |
||||
type = "https2https" |
||||
localAddr = "127.0.0.1:443" |
||||
crtPath = "./server.crt" |
||||
keyPath = "./server.key" |
||||
hostHeaderRewrite = "127.0.0.1" |
||||
requestHeaders.set.x-from-where = "frp" |
||||
|
||||
[[proxies]] |
||||
name = "plugin_http2https" |
||||
type = "http" |
||||
customDomains = ["test.yourdomain.com"] |
||||
[proxies.plugin] |
||||
type = "http2https" |
||||
localAddr = "127.0.0.1:443" |
||||
hostHeaderRewrite = "127.0.0.1" |
||||
requestHeaders.set.x-from-where = "frp" |
||||
|
||||
[[proxies]] |
||||
name = "secret_tcp" |
||||
# If the type is secret tcp, remotePort is useless |
||||
# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor |
||||
type = "stcp" |
||||
# secretKey is used for authentication for visitors |
||||
secretKey = "abcdefg" |
||||
localIP = "127.0.0.1" |
||||
localPort = 22 |
||||
# If not empty, only visitors from specified users can connect. |
||||
# Otherwise, visitors from same user can connect. '*' means allow all users. |
||||
allowUsers = ["*"] |
||||
|
||||
[[proxies]] |
||||
name = "p2p_tcp" |
||||
type = "xtcp" |
||||
secretKey = "abcdefg" |
||||
localIP = "127.0.0.1" |
||||
localPort = 22 |
||||
# If not empty, only visitors from specified users can connect. |
||||
# Otherwise, visitors from same user can connect. '*' means allow all users. |
||||
allowUsers = ["user1", "user2"] |
||||
|
||||
# frpc role visitor -> frps -> frpc role server |
||||
[[visitors]] |
||||
name = "secret_tcp_visitor" |
||||
type = "stcp" |
||||
# the server name you want to visitor |
||||
serverName = "secret_tcp" |
||||
secretKey = "abcdefg" |
||||
# connect this address to visitor stcp server |
||||
bindAddr = "127.0.0.1" |
||||
# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from |
||||
# other visitors. (This is not supported for SUDP now) |
||||
bindPort = 9000 |
||||
|
||||
[[visitors]] |
||||
name = "p2p_tcp_visitor" |
||||
type = "xtcp" |
||||
# if the server user is not set, it defaults to the current user |
||||
serverUser = "user1" |
||||
serverName = "p2p_tcp" |
||||
secretKey = "abcdefg" |
||||
bindAddr = "127.0.0.1" |
||||
# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from |
||||
# other visitors. (This is not supported for SUDP now) |
||||
bindPort = 9001 |
||||
# when automatic tunnel persistence is required, set it to true |
||||
keepTunnelOpen = false |
||||
# effective when keepTunnelOpen is set to true, the number of attempts to punch through per hour |
||||
maxRetriesAnHour = 8 |
||||
minRetryInterval = 90 |
||||
# fallbackTo = "stcp_visitor" |
||||
# fallbackTimeoutMs = 500 |
||||
@ -0,0 +1,156 @@
|
||||
# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues. |
||||
|
||||
# A literal address or host name for IPv6 must be enclosed |
||||
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" |
||||
# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`. |
||||
bindAddr = "0.0.0.0" |
||||
bindPort = 7000 |
||||
|
||||
# udp port used for kcp protocol, it can be same with 'bindPort'. |
||||
# if not set, kcp is disabled in frps. |
||||
kcpBindPort = 7000 |
||||
|
||||
# udp port used for quic protocol. |
||||
# if not set, quic is disabled in frps. |
||||
# quicBindPort = 7002 |
||||
|
||||
# Specify which address proxy will listen for, default value is same with bindAddr |
||||
# proxyBindAddr = "127.0.0.1" |
||||
|
||||
# quic protocol options |
||||
# transport.quic.keepalivePeriod = 10 |
||||
# transport.quic.maxIdleTimeout = 30 |
||||
# transport.quic.maxIncomingStreams = 100000 |
||||
|
||||
# Heartbeat configure, it's not recommended to modify the default value |
||||
# The default value of heartbeatTimeout is 90. Set negative value to disable it. |
||||
# transport.heartbeatTimeout = 90 |
||||
|
||||
# Pool count in each proxy will keep no more than maxPoolCount. |
||||
transport.maxPoolCount = 5 |
||||
|
||||
# If tcp stream multiplexing is used, default is true |
||||
# transport.tcpMux = true |
||||
|
||||
# Specify keep alive interval for tcp mux. |
||||
# only valid if tcpMux is true. |
||||
# transport.tcpMuxKeepaliveInterval = 60 |
||||
|
||||
# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. |
||||
# If negative, keep-alive probes are disabled. |
||||
# transport.tcpKeepalive = 7200 |
||||
|
||||
# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false. |
||||
tls.force = false |
||||
|
||||
# transport.tls.certFile = "server.crt" |
||||
# transport.tls.keyFile = "server.key" |
||||
# transport.tls.trustedCaFile = "ca.crt" |
||||
|
||||
# If you want to support virtual host, you must set the http port for listening (optional) |
||||
# Note: http port and https port can be same with bindPort |
||||
vhostHTTPPort = 80 |
||||
vhostHTTPSPort = 443 |
||||
|
||||
# Response header timeout(seconds) for vhost http server, default is 60s |
||||
# vhostHTTPTimeout = 60 |
||||
|
||||
# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP |
||||
# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP |
||||
# requests on one single port. If it's not - it will listen on this value for |
||||
# HTTP CONNECT requests. By default, this value is 0. |
||||
# tcpmuxHTTPConnectPort = 1337 |
||||
|
||||
# If tcpmuxPassthrough is true, frps won't do any update on traffic. |
||||
# tcpmuxPassthrough = false |
||||
|
||||
# Configure the web server to enable the dashboard for frps. |
||||
# dashboard is available only if webServer.port is set. |
||||
webServer.addr = "127.0.0.1" |
||||
webServer.port = 7500 |
||||
webServer.user = "admin" |
||||
webServer.password = "admin" |
||||
# webServer.tls.certFile = "server.crt" |
||||
# webServer.tls.keyFile = "server.key" |
||||
# dashboard assets directory(only for debug mode) |
||||
# webServer.assetsDir = "./static" |
||||
|
||||
# Enable golang pprof handlers in dashboard listener. |
||||
# Dashboard port must be set first |
||||
webServer.pprofEnable = false |
||||
|
||||
# enablePrometheus will export prometheus metrics on webServer in /metrics api. |
||||
enablePrometheus = true |
||||
|
||||
# console or real logFile path like ./frps.log |
||||
log.to = "./frps.log" |
||||
# trace, debug, info, warn, error |
||||
log.level = "info" |
||||
log.maxDays = 3 |
||||
# disable log colors when log.to is console, default is false |
||||
log.disablePrintColor = false |
||||
|
||||
# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true. |
||||
detailedErrorsToClient = true |
||||
|
||||
# auth.method specifies what authentication method to use authenticate frpc with frps. |
||||
# If "token" is specified - token will be read into login message. |
||||
# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token". |
||||
auth.method = "token" |
||||
|
||||
# auth.additionalScopes specifies additional scopes to include authentication information. |
||||
# Optional values are HeartBeats, NewWorkConns. |
||||
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"] |
||||
|
||||
# auth token |
||||
auth.token = "12345678" |
||||
|
||||
# oidc issuer specifies the issuer to verify OIDC tokens with. |
||||
auth.oidc.issuer = "" |
||||
# oidc audience specifies the audience OIDC tokens should contain when validated. |
||||
auth.oidc.audience = "" |
||||
# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired. |
||||
auth.oidc.skipExpiryCheck = false |
||||
# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer. |
||||
auth.oidc.skipIssuerCheck = false |
||||
|
||||
# userConnTimeout specifies the maximum time to wait for a work connection. |
||||
# userConnTimeout = 10 |
||||
|
||||
# Only allow frpc to bind ports you list. By default, there won't be any limit. |
||||
allowPorts = [ |
||||
{ start = 2000, end = 3000 }, |
||||
{ single = 3001 }, |
||||
{ single = 3003 }, |
||||
{ start = 4000, end = 50000 } |
||||
] |
||||
|
||||
# Max ports can be used for each client, default value is 0 means no limit |
||||
maxPortsPerClient = 0 |
||||
|
||||
# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file |
||||
# When subdomain is est, the host used by routing is test.frps.com |
||||
subDomainHost = "frps.com" |
||||
|
||||
# custom 404 page for HTTP requests |
||||
# custom404Page = "/path/to/404.html" |
||||
|
||||
# specify udp packet size, unit is byte. If not set, the default value is 1500. |
||||
# This parameter should be same between client and server. |
||||
# It affects the udp and sudp proxy. |
||||
udpPacketSize = 1500 |
||||
|
||||
# Retention time for NAT hole punching strategy data. |
||||
natholeAnalysisDataReserveHours = 168 |
||||
|
||||
[[httpPlugins]] |
||||
name = "user-manager" |
||||
addr = "127.0.0.1:9000" |
||||
path = "/handler" |
||||
ops = ["Login"] |
||||
|
||||
[[httpPlugins]] |
||||
name = "port-manager" |
||||
addr = "127.0.0.1:9001" |
||||
path = "/handler" |
||||
ops = ["NewProxy"] |
||||
Loading…
Reference in new issue