mirror of
https://github.com/fatedier/frp.git
synced 2025-01-13 00:04:49 +07:00
doc: add health check
This commit is contained in:
parent
b250342e27
commit
bbc6f1687d
59
README.md
59
README.md
@ -8,11 +8,12 @@
|
|||||||
|
|
||||||
frp is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet. As of now, it supports tcp & udp, as well as http and https protocols, where requests can be forwarded to internal services by domain name.
|
frp is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet. As of now, it supports tcp & udp, as well as http and https protocols, where requests can be forwarded to internal services by domain name.
|
||||||
|
|
||||||
|
Now it also try to support p2p connect.
|
||||||
|
|
||||||
## Table of Contents
|
## Table of Contents
|
||||||
|
|
||||||
<!-- vim-markdown-toc GFM -->
|
<!-- vim-markdown-toc GFM -->
|
||||||
|
|
||||||
* [What can I do with frp?](#what-can-i-do-with-frp)
|
|
||||||
* [Status](#status)
|
* [Status](#status)
|
||||||
* [Architecture](#architecture)
|
* [Architecture](#architecture)
|
||||||
* [Example Usage](#example-usage)
|
* [Example Usage](#example-usage)
|
||||||
@ -37,6 +38,7 @@ frp is a fast reverse proxy to help you expose a local server behind a NAT or fi
|
|||||||
* [Support KCP Protocol](#support-kcp-protocol)
|
* [Support KCP Protocol](#support-kcp-protocol)
|
||||||
* [Connection Pool](#connection-pool)
|
* [Connection Pool](#connection-pool)
|
||||||
* [Load balancing](#load-balancing)
|
* [Load balancing](#load-balancing)
|
||||||
|
* [Health Check](#health-check)
|
||||||
* [Rewriting the Host Header](#rewriting-the-host-header)
|
* [Rewriting the Host Header](#rewriting-the-host-header)
|
||||||
* [Set Headers In HTTP Request](#set-headers-in-http-request)
|
* [Set Headers In HTTP Request](#set-headers-in-http-request)
|
||||||
* [Get Real IP](#get-real-ip)
|
* [Get Real IP](#get-real-ip)
|
||||||
@ -55,11 +57,6 @@ frp is a fast reverse proxy to help you expose a local server behind a NAT or fi
|
|||||||
|
|
||||||
<!-- vim-markdown-toc -->
|
<!-- vim-markdown-toc -->
|
||||||
|
|
||||||
## What can I do with frp?
|
|
||||||
|
|
||||||
* Expose any http and https service behind a NAT or firewall to the internet by a server with public IP address(Name-based Virtual Host Support).
|
|
||||||
* Expose any tcp or udp service behind a NAT or firewall to the internet by a server with public IP address.
|
|
||||||
|
|
||||||
## Status
|
## Status
|
||||||
|
|
||||||
frp is under development and you can try it with latest release version. Master branch for releasing stable version when dev branch for developing.
|
frp is under development and you can try it with latest release version. Master branch for releasing stable version when dev branch for developing.
|
||||||
@ -394,7 +391,7 @@ Then visit `http://[server_addr]:7500` to see dashboard, default username and pa
|
|||||||
|
|
||||||
### Authentication
|
### Authentication
|
||||||
|
|
||||||
Since v0.10.0, you only need to set `token` in frps.ini and frpc.ini.
|
`token` in frps.ini and frpc.ini should be same.
|
||||||
|
|
||||||
### Encryption and Compression
|
### Encryption and Compression
|
||||||
|
|
||||||
@ -536,6 +533,52 @@ group_key = 123
|
|||||||
|
|
||||||
Proxies in same group will accept connections from port 80 randomly.
|
Proxies in same group will accept connections from port 80 randomly.
|
||||||
|
|
||||||
|
### Health Check
|
||||||
|
|
||||||
|
Health check feature can help you achieve high availability with load balancing.
|
||||||
|
|
||||||
|
Add `health_check_type = {type}` to enable health check.
|
||||||
|
|
||||||
|
**type** can be tcp or http.
|
||||||
|
|
||||||
|
Type tcp will dial the service port and type http will send a http rquest to service and require a 200 response.
|
||||||
|
|
||||||
|
Type tcp configuration:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
# frpc.ini
|
||||||
|
[test1]
|
||||||
|
type = tcp
|
||||||
|
local_port = 22
|
||||||
|
remote_port = 6000
|
||||||
|
# enable tcp health check
|
||||||
|
health_check_type = tcp
|
||||||
|
# dial timeout seconds
|
||||||
|
health_check_timeout_s = 3
|
||||||
|
# if continuous failed in 3 times, the proxy will be removed from frps
|
||||||
|
health_check_max_failed = 3
|
||||||
|
# every 10 seconds will do a health check
|
||||||
|
health_check_interval_s = 10
|
||||||
|
```
|
||||||
|
|
||||||
|
Type http configuration:
|
||||||
|
```ini
|
||||||
|
# frpc.ini
|
||||||
|
[web]
|
||||||
|
type = http
|
||||||
|
local_ip = 127.0.0.1
|
||||||
|
local_port = 80
|
||||||
|
custom_domains = test.yourdomain.com
|
||||||
|
# enable http health check
|
||||||
|
health_check_type = http
|
||||||
|
# frpc will send a GET http request '/status' to local http service
|
||||||
|
# http service is alive when it return 2xx http response code
|
||||||
|
health_check_url = /status
|
||||||
|
health_check_interval_s = 10
|
||||||
|
health_check_max_failed = 3
|
||||||
|
health_check_timeout_s = 3
|
||||||
|
```
|
||||||
|
|
||||||
### Rewriting the Host Header
|
### Rewriting the Host Header
|
||||||
|
|
||||||
When forwarding to a local port, frp does not modify the tunneled HTTP requests at all, they are copied to your server byte-for-byte as they are received. Some application servers use the Host header for determining which development site to display. For this reason, frp can rewrite your requests with a modified host header. Use the `host_header_rewrite` switch to rewrite incoming HTTP requests.
|
When forwarding to a local port, frp does not modify the tunneled HTTP requests at all, they are copied to your server byte-for-byte as they are received. Some application servers use the Host header for determining which development site to display. For this reason, frp can rewrite your requests with a modified host header. Use the `host_header_rewrite` switch to rewrite incoming HTTP requests.
|
||||||
@ -574,8 +617,6 @@ Features for http proxy only.
|
|||||||
|
|
||||||
You can get user's real IP from http request header `X-Forwarded-For` and `X-Real-IP`.
|
You can get user's real IP from http request header `X-Forwarded-For` and `X-Real-IP`.
|
||||||
|
|
||||||
**Note that now you can only get these two headers in first request of each user connection.**
|
|
||||||
|
|
||||||
### Password protecting your web service
|
### Password protecting your web service
|
||||||
|
|
||||||
Anyone who can guess your tunnel URL can access your local web server unless you protect it with a password.
|
Anyone who can guess your tunnel URL can access your local web server unless you protect it with a password.
|
||||||
|
68
README_zh.md
68
README_zh.md
@ -4,13 +4,12 @@
|
|||||||
|
|
||||||
[README](README.md) | [中文文档](README_zh.md)
|
[README](README.md) | [中文文档](README_zh.md)
|
||||||
|
|
||||||
frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp, udp, http, https 协议。
|
frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp, udp 协议,为 http 和 https 应用协议提供了额外的能力,且尝试性支持了点对点穿透。
|
||||||
|
|
||||||
## 目录
|
## 目录
|
||||||
|
|
||||||
<!-- vim-markdown-toc GFM -->
|
<!-- vim-markdown-toc GFM -->
|
||||||
|
|
||||||
* [frp 的作用](#frp-的作用)
|
|
||||||
* [开发状态](#开发状态)
|
* [开发状态](#开发状态)
|
||||||
* [架构](#架构)
|
* [架构](#架构)
|
||||||
* [使用示例](#使用示例)
|
* [使用示例](#使用示例)
|
||||||
@ -35,6 +34,7 @@ frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp
|
|||||||
* [底层通信可选 kcp 协议](#底层通信可选-kcp-协议)
|
* [底层通信可选 kcp 协议](#底层通信可选-kcp-协议)
|
||||||
* [连接池](#连接池)
|
* [连接池](#连接池)
|
||||||
* [负载均衡](#负载均衡)
|
* [负载均衡](#负载均衡)
|
||||||
|
* [健康检查](#健康检查)
|
||||||
* [修改 Host Header](#修改-host-header)
|
* [修改 Host Header](#修改-host-header)
|
||||||
* [设置 HTTP 请求的 header](#设置-http-请求的-header)
|
* [设置 HTTP 请求的 header](#设置-http-请求的-header)
|
||||||
* [获取用户真实 IP](#获取用户真实-ip)
|
* [获取用户真实 IP](#获取用户真实-ip)
|
||||||
@ -53,15 +53,9 @@ frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp
|
|||||||
|
|
||||||
<!-- vim-markdown-toc -->
|
<!-- vim-markdown-toc -->
|
||||||
|
|
||||||
## frp 的作用
|
|
||||||
|
|
||||||
* 利用处于内网或防火墙后的机器,对外网环境提供 http 或 https 服务。
|
|
||||||
* 对于 http, https 服务支持基于域名的虚拟主机,支持自定义域名绑定,使多个域名可以共用一个80端口。
|
|
||||||
* 利用处于内网或防火墙后的机器,对外网环境提供 tcp 和 udp 服务,例如在家里通过 ssh 访问处于公司内网环境内的主机。
|
|
||||||
|
|
||||||
## 开发状态
|
## 开发状态
|
||||||
|
|
||||||
frp 仍然处于前期开发阶段,未经充分测试与验证,不推荐用于生产环境。
|
frp 仍然处于开发阶段,未经充分测试与验证,不推荐用于生产环境。
|
||||||
|
|
||||||
master 分支用于发布稳定版本,dev 分支用于开发,您可以尝试下载最新的 release 版本进行测试。
|
master 分支用于发布稳定版本,dev 分支用于开发,您可以尝试下载最新的 release 版本进行测试。
|
||||||
|
|
||||||
@ -394,6 +388,8 @@ frpc 会自动使用环境变量渲染配置文件模版,所有环境变量需
|
|||||||
|
|
||||||
通过浏览器查看 frp 的状态以及代理统计信息展示。
|
通过浏览器查看 frp 的状态以及代理统计信息展示。
|
||||||
|
|
||||||
|
**注:Dashboard 尚未针对大量的 proxy 数据展示做优化,如果出现 Dashboard 访问较慢的情况,请不要启用此功能。**
|
||||||
|
|
||||||
需要在 frps.ini 中指定 dashboard 服务使用的端口,即可开启此功能:
|
需要在 frps.ini 中指定 dashboard 服务使用的端口,即可开启此功能:
|
||||||
|
|
||||||
```ini
|
```ini
|
||||||
@ -410,7 +406,7 @@ dashboard_pwd = admin
|
|||||||
|
|
||||||
### 身份验证
|
### 身份验证
|
||||||
|
|
||||||
从 v0.10.0 版本开始,所有 proxy 配置全部放在客户端(也就是之前版本的特权模式),服务端和客户端的 common 配置中的 `token` 参数一致则身份验证通过。
|
服务端和客户端的 common 配置中的 `token` 参数一致则身份验证通过。
|
||||||
|
|
||||||
### 加密与压缩
|
### 加密与压缩
|
||||||
|
|
||||||
@ -564,6 +560,52 @@ group_key = 123
|
|||||||
|
|
||||||
要求 `group_key` 相同,做权限验证,且 `remote_port` 相同。
|
要求 `group_key` 相同,做权限验证,且 `remote_port` 相同。
|
||||||
|
|
||||||
|
### 健康检查
|
||||||
|
|
||||||
|
通过给 proxy 加上健康检查的功能,可以在要反向代理的服务出现故障时,将这个服务从 frps 中摘除,搭配负载均衡的功能,可以用来实现高可用的架构,避免服务单点故障。
|
||||||
|
|
||||||
|
在每一个 proxy 的配置下加上 `health_check_type = {type}` 来启用健康检查功能。
|
||||||
|
|
||||||
|
**type** 目前可选 tcp 和 http。
|
||||||
|
|
||||||
|
tcp 只要能够建立连接则认为服务正常,http 会发送一个 http 请求,服务需要返回 2xx 的状态码才会被认为正常。
|
||||||
|
|
||||||
|
tcp 示例配置如下:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
# frpc.ini
|
||||||
|
[test1]
|
||||||
|
type = tcp
|
||||||
|
local_port = 22
|
||||||
|
remote_port = 6000
|
||||||
|
# 启用健康检查,类型为 tcp
|
||||||
|
health_check_type = tcp
|
||||||
|
# 建立连接超时时间为 3 秒
|
||||||
|
health_check_timeout_s = 3
|
||||||
|
# 连续 3 次检查失败,此 proxy 会被摘除
|
||||||
|
health_check_max_failed = 3
|
||||||
|
# 每隔 10 秒进行一次健康检查
|
||||||
|
health_check_interval_s = 10
|
||||||
|
```
|
||||||
|
|
||||||
|
http 示例配置如下:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
# frpc.ini
|
||||||
|
[web]
|
||||||
|
type = http
|
||||||
|
local_ip = 127.0.0.1
|
||||||
|
local_port = 80
|
||||||
|
custom_domains = test.yourdomain.com
|
||||||
|
# 启用健康检查,类型为 http
|
||||||
|
health_check_type = http
|
||||||
|
# 健康检查发送 http 请求的 url,后端服务需要返回 2xx 的 http 状态码
|
||||||
|
health_check_url = /status
|
||||||
|
health_check_interval_s = 10
|
||||||
|
health_check_max_failed = 3
|
||||||
|
health_check_timeout_s = 3
|
||||||
|
```
|
||||||
|
|
||||||
### 修改 Host Header
|
### 修改 Host Header
|
||||||
|
|
||||||
通常情况下 frp 不会修改转发的任何数据。但有一些后端服务会根据 http 请求 header 中的 host 字段来展现不同的网站,例如 nginx 的虚拟主机服务,启用 host-header 的修改功能可以动态修改 http 请求中的 host 字段。该功能仅限于 http 类型的代理。
|
通常情况下 frp 不会修改转发的任何数据。但有一些后端服务会根据 http 请求 header 中的 host 字段来展现不同的网站,例如 nginx 的虚拟主机服务,启用 host-header 的修改功能可以动态修改 http 请求中的 host 字段。该功能仅限于 http 类型的代理。
|
||||||
@ -599,8 +641,6 @@ header_X-From-Where = frp
|
|||||||
|
|
||||||
目前只有 **http** 类型的代理支持这一功能,可以通过用户请求的 header 中的 `X-Forwarded-For` 和 `X-Real-IP` 来获取用户真实 IP。
|
目前只有 **http** 类型的代理支持这一功能,可以通过用户请求的 header 中的 `X-Forwarded-For` 和 `X-Real-IP` 来获取用户真实 IP。
|
||||||
|
|
||||||
**需要注意的是,目前只在每一个用户连接的第一个 HTTP 请求中添加了这两个 header。**
|
|
||||||
|
|
||||||
### 通过密码保护你的 web 服务
|
### 通过密码保护你的 web 服务
|
||||||
|
|
||||||
由于所有客户端共用一个 frps 的 http 服务端口,任何知道你的域名和 url 的人都能访问到你部署在内网的 web 服务,但是在某些场景下需要确保只有限定的用户才能访问。
|
由于所有客户端共用一个 frps 的 http 服务端口,任何知道你的域名和 url 的人都能访问到你部署在内网的 web 服务,但是在某些场景下需要确保只有限定的用户才能访问。
|
||||||
@ -647,7 +687,7 @@ subdomain = test
|
|||||||
|
|
||||||
frps 和 frpc 都启动成功后,通过 `test.frps.com` 就可以访问到内网的 web 服务。
|
frps 和 frpc 都启动成功后,通过 `test.frps.com` 就可以访问到内网的 web 服务。
|
||||||
|
|
||||||
需要注意的是如果 frps 配置了 `subdomain_host`,则 `custom_domains` 中不能是属于 `subdomain_host` 的子域名或者泛域名。
|
**注:如果 frps 配置了 `subdomain_host`,则 `custom_domains` 中不能是属于 `subdomain_host` 的子域名或者泛域名。**
|
||||||
|
|
||||||
同一个 http 或 https 类型的代理中 `custom_domains` 和 `subdomain` 可以同时配置。
|
同一个 http 或 https 类型的代理中 `custom_domains` 和 `subdomain` 可以同时配置。
|
||||||
|
|
||||||
@ -736,8 +776,6 @@ plugin_http_passwd = abc
|
|||||||
计划在后续版本中加入的功能与优化,排名不分先后,如果有其他功能建议欢迎在 [issues](https://github.com/fatedier/frp/issues) 中反馈。
|
计划在后续版本中加入的功能与优化,排名不分先后,如果有其他功能建议欢迎在 [issues](https://github.com/fatedier/frp/issues) 中反馈。
|
||||||
|
|
||||||
* frps 记录 http 请求日志。
|
* frps 记录 http 请求日志。
|
||||||
* frps 支持直接反向代理,类似 haproxy。
|
|
||||||
* 集成对 k8s 等平台的支持。
|
|
||||||
|
|
||||||
## 为 frp 做贡献
|
## 为 frp 做贡献
|
||||||
|
|
||||||
|
@ -76,9 +76,12 @@ group_key = 123456
|
|||||||
# enable health check for the backend service, it support 'tcp' and 'http' now
|
# enable health check for the backend service, it support 'tcp' and 'http' now
|
||||||
# frpc will connect local service's port to detect it's healthy status
|
# frpc will connect local service's port to detect it's healthy status
|
||||||
health_check_type = tcp
|
health_check_type = tcp
|
||||||
health_check_interval_s = 10
|
# health check connection timeout
|
||||||
health_check_max_failed = 1
|
|
||||||
health_check_timeout_s = 3
|
health_check_timeout_s = 3
|
||||||
|
# if continuous failed in 3 times, the proxy will be removed from frps
|
||||||
|
health_check_max_failed = 3
|
||||||
|
# every 10 seconds will do a health check
|
||||||
|
health_check_interval_s = 10
|
||||||
|
|
||||||
[ssh_random]
|
[ssh_random]
|
||||||
type = tcp
|
type = tcp
|
||||||
@ -137,6 +140,8 @@ health_check_type = http
|
|||||||
# http service is alive when it return 2xx http response code
|
# http service is alive when it return 2xx http response code
|
||||||
health_check_url = /status
|
health_check_url = /status
|
||||||
health_check_interval_s = 10
|
health_check_interval_s = 10
|
||||||
|
health_check_max_failed = 3
|
||||||
|
health_check_timeout_s = 3
|
||||||
|
|
||||||
[web02]
|
[web02]
|
||||||
type = https
|
type = https
|
||||||
|
Loading…
Reference in New Issue
Block a user