mirror of
https://github.com/fatedier/frp.git
synced 2024-12-22 22:45:06 +07:00
390 lines
12 KiB
INI
390 lines
12 KiB
INI
# [common] is integral section
|
|
[common]
|
|
# A literal address or host name for IPv6 must be enclosed
|
|
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
|
|
# For single "server_addr" field, no need square brackets, like "server_addr = ::".
|
|
server_addr = 0.0.0.0
|
|
server_port = 7000
|
|
|
|
# STUN server to help penetrate NAT hole.
|
|
# nat_hole_stun_server = stun.easyvoip.com:3478
|
|
|
|
# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.
|
|
# dial_server_timeout = 10
|
|
|
|
# dial_server_keepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
|
|
# If negative, keep-alive probes are disabled.
|
|
# dial_server_keepalive = 7200
|
|
|
|
# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set http_proxy here or in global environment variables
|
|
# it only works when protocol is tcp
|
|
# http_proxy = http://user:passwd@192.168.1.128:8080
|
|
# http_proxy = socks5://user:passwd@192.168.1.128:1080
|
|
# http_proxy = ntlm://user:passwd@192.168.1.128:2080
|
|
|
|
# console or real logFile path like ./frpc.log
|
|
log_file = ./frpc.log
|
|
|
|
# trace, debug, info, warn, error
|
|
log_level = info
|
|
|
|
log_max_days = 3
|
|
|
|
# disable log colors when log_file is console, default is false
|
|
disable_log_color = false
|
|
|
|
# for authentication, should be same as your frps.ini
|
|
# authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
|
|
authenticate_heartbeats = false
|
|
|
|
# authenticate_new_work_conns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
|
|
authenticate_new_work_conns = false
|
|
|
|
# auth token
|
|
token = 12345678
|
|
|
|
authentication_method =
|
|
|
|
# oidc_client_id specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
|
|
# By default, this value is "".
|
|
oidc_client_id =
|
|
|
|
# oidc_client_secret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
|
|
# By default, this value is "".
|
|
oidc_client_secret =
|
|
|
|
# oidc_audience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
|
|
oidc_audience =
|
|
|
|
# oidc_scope specifies the permissions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
|
|
oidc_scope =
|
|
|
|
# oidc_token_endpoint_url specifies the URL which implements OIDC Token Endpoint.
|
|
# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
|
|
oidc_token_endpoint_url =
|
|
|
|
# oidc_additional_xxx specifies additional parameters to be sent to the OIDC Token Endpoint.
|
|
# For example, if you want to specify the "audience" parameter, you can set as follow.
|
|
# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
|
|
# oidc_additional_audience = https://dev.auth.com/api/v2/
|
|
# oidc_additional_var1 = foobar
|
|
|
|
# set admin address for control frpc's action by http api such as reload
|
|
admin_addr = 127.0.0.1
|
|
admin_port = 7400
|
|
admin_user = admin
|
|
admin_pwd = admin
|
|
# Admin assets directory. By default, these assets are bundled with frpc.
|
|
# assets_dir = ./static
|
|
|
|
# connections will be established in advance, default value is zero
|
|
pool_count = 5
|
|
|
|
# if tcp stream multiplexing is used, default is true, it must be same with frps
|
|
# tcp_mux = true
|
|
|
|
# specify keep alive interval for tcp mux.
|
|
# only valid if tcp_mux is true.
|
|
# tcp_mux_keepalive_interval = 60
|
|
|
|
# your proxy name will be changed to {user}.{proxy}
|
|
user = your_name
|
|
|
|
# decide if exit program when first login failed, otherwise continuous relogin to frps
|
|
# default is true
|
|
login_fail_exit = true
|
|
|
|
# communication protocol used to connect to server
|
|
# supports tcp, kcp, quic, websocket and wss now, default is tcp
|
|
protocol = tcp
|
|
|
|
# set client binding ip when connect server, default is empty.
|
|
# only when protocol = tcp or websocket, the value will be used.
|
|
connect_server_local_ip = 0.0.0.0
|
|
|
|
# quic protocol options
|
|
# quic_keepalive_period = 10
|
|
# quic_max_idle_timeout = 30
|
|
# quic_max_incoming_streams = 100000
|
|
|
|
# If tls_enable is true, frpc will connect frps by tls.
|
|
# Since v0.50.0, the default value has been changed to true, and tls is enabled by default.
|
|
tls_enable = true
|
|
|
|
# tls_cert_file = client.crt
|
|
# tls_key_file = client.key
|
|
# tls_trusted_ca_file = ca.crt
|
|
# tls_server_name = example.com
|
|
|
|
# specify a dns server, so frpc will use this instead of default one
|
|
# dns_server = 8.8.8.8
|
|
|
|
# proxy names you want to start separated by ','
|
|
# default is empty, means all proxies
|
|
# start = ssh,dns
|
|
|
|
# heartbeat configure, it's not recommended to modify the default value
|
|
# The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value
|
|
# to disable it.
|
|
# heartbeat_interval = 30
|
|
# heartbeat_timeout = 90
|
|
|
|
# additional meta info for client
|
|
meta_var1 = 123
|
|
meta_var2 = 234
|
|
|
|
# specify udp packet size, unit is byte. If not set, the default value is 1500.
|
|
# This parameter should be same between client and server.
|
|
# It affects the udp and sudp proxy.
|
|
udp_packet_size = 1500
|
|
|
|
# include other config files for proxies.
|
|
# includes = ./confd/*.ini
|
|
|
|
# If the disable_custom_tls_first_byte is set to false, frpc will establish a connection with frps using the
|
|
# first custom byte when tls is enabled.
|
|
# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.
|
|
disable_custom_tls_first_byte = true
|
|
|
|
# Enable golang pprof handlers in admin listener.
|
|
# Admin port must be set first.
|
|
pprof_enable = false
|
|
|
|
# 'ssh' is the unique proxy name
|
|
# if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
|
|
[ssh]
|
|
# tcp | udp | http | https | stcp | xtcp, default is tcp
|
|
type = tcp
|
|
local_ip = 127.0.0.1
|
|
local_port = 22
|
|
# limit bandwidth for this proxy, unit is KB and MB
|
|
bandwidth_limit = 1MB
|
|
# where to limit bandwidth, can be 'client' or 'server', default is 'client'
|
|
bandwidth_limit_mode = client
|
|
# true or false, if true, messages between frps and frpc will be encrypted, default is false
|
|
use_encryption = false
|
|
# if true, message will be compressed
|
|
use_compression = false
|
|
# remote port listen by frps
|
|
remote_port = 6001
|
|
# frps will load balancing connections for proxies in same group
|
|
group = test_group
|
|
# group should have same group key
|
|
group_key = 123456
|
|
# enable health check for the backend service, it support 'tcp' and 'http' now
|
|
# frpc will connect local service's port to detect it's healthy status
|
|
health_check_type = tcp
|
|
# health check connection timeout
|
|
health_check_timeout_s = 3
|
|
# if continuous failed in 3 times, the proxy will be removed from frps
|
|
health_check_max_failed = 3
|
|
# every 10 seconds will do a health check
|
|
health_check_interval_s = 10
|
|
# additional meta info for each proxy
|
|
meta_var1 = 123
|
|
meta_var2 = 234
|
|
|
|
[ssh_random]
|
|
type = tcp
|
|
local_ip = 127.0.0.1
|
|
local_port = 22
|
|
# if remote_port is 0, frps will assign a random port for you
|
|
remote_port = 0
|
|
|
|
# if you want to expose multiple ports, add 'range:' prefix to the section name
|
|
# frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on.
|
|
[range:tcp_port]
|
|
type = tcp
|
|
local_ip = 127.0.0.1
|
|
local_port = 6010-6020,6022,6024-6028
|
|
remote_port = 6010-6020,6022,6024-6028
|
|
use_encryption = false
|
|
use_compression = false
|
|
|
|
[dns]
|
|
type = udp
|
|
local_ip = 114.114.114.114
|
|
local_port = 53
|
|
remote_port = 6002
|
|
use_encryption = false
|
|
use_compression = false
|
|
|
|
[range:udp_port]
|
|
type = udp
|
|
local_ip = 127.0.0.1
|
|
local_port = 6010-6020
|
|
remote_port = 6010-6020
|
|
use_encryption = false
|
|
use_compression = false
|
|
|
|
# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
|
|
[web01]
|
|
type = http
|
|
local_ip = 127.0.0.1
|
|
local_port = 80
|
|
use_encryption = false
|
|
use_compression = true
|
|
# http username and password are safety certification for http protocol
|
|
# if not set, you can access this custom_domains without certification
|
|
http_user = admin
|
|
http_pwd = admin
|
|
# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
|
|
subdomain = web01
|
|
custom_domains = web01.yourdomain.com
|
|
# locations is only available for http type
|
|
locations = /,/pic
|
|
# route requests to this service if http basic auto user is abc
|
|
# route_by_http_user = abc
|
|
host_header_rewrite = example.com
|
|
# params with prefix "header_" will be used to update http request headers
|
|
header_X-From-Where = frp
|
|
health_check_type = http
|
|
# frpc will send a GET http request '/status' to local http service
|
|
# http service is alive when it return 2xx http response code
|
|
health_check_url = /status
|
|
health_check_interval_s = 10
|
|
health_check_max_failed = 3
|
|
health_check_timeout_s = 3
|
|
|
|
[web02]
|
|
type = https
|
|
local_ip = 127.0.0.1
|
|
local_port = 8000
|
|
use_encryption = false
|
|
use_compression = false
|
|
subdomain = web02
|
|
custom_domains = web02.yourdomain.com
|
|
# if not empty, frpc will use proxy protocol to transfer connection info to your local service
|
|
# v1 or v2 or empty
|
|
proxy_protocol_version = v2
|
|
|
|
[plugin_unix_domain_socket]
|
|
type = tcp
|
|
remote_port = 6003
|
|
# if plugin is defined, local_ip and local_port is useless
|
|
# plugin will handle connections got from frps
|
|
plugin = unix_domain_socket
|
|
# params with prefix "plugin_" that plugin needed
|
|
plugin_unix_path = /var/run/docker.sock
|
|
|
|
[plugin_http_proxy]
|
|
type = tcp
|
|
remote_port = 6004
|
|
plugin = http_proxy
|
|
plugin_http_user = abc
|
|
plugin_http_passwd = abc
|
|
|
|
[plugin_socks5]
|
|
type = tcp
|
|
remote_port = 6005
|
|
plugin = socks5
|
|
plugin_user = abc
|
|
plugin_passwd = abc
|
|
|
|
[plugin_static_file]
|
|
type = tcp
|
|
remote_port = 6006
|
|
plugin = static_file
|
|
plugin_local_path = /var/www/blog
|
|
plugin_strip_prefix = static
|
|
plugin_http_user = abc
|
|
plugin_http_passwd = abc
|
|
|
|
[plugin_https2http]
|
|
type = https
|
|
custom_domains = test.yourdomain.com
|
|
plugin = https2http
|
|
plugin_local_addr = 127.0.0.1:80
|
|
plugin_crt_path = ./server.crt
|
|
plugin_key_path = ./server.key
|
|
plugin_host_header_rewrite = 127.0.0.1
|
|
plugin_header_X-From-Where = frp
|
|
|
|
[plugin_https2https]
|
|
type = https
|
|
custom_domains = test.yourdomain.com
|
|
plugin = https2https
|
|
plugin_local_addr = 127.0.0.1:443
|
|
plugin_crt_path = ./server.crt
|
|
plugin_key_path = ./server.key
|
|
plugin_host_header_rewrite = 127.0.0.1
|
|
plugin_header_X-From-Where = frp
|
|
|
|
[plugin_http2https]
|
|
type = http
|
|
custom_domains = test.yourdomain.com
|
|
plugin = http2https
|
|
plugin_local_addr = 127.0.0.1:443
|
|
plugin_host_header_rewrite = 127.0.0.1
|
|
plugin_header_X-From-Where = frp
|
|
|
|
[secret_tcp]
|
|
# If the type is secret tcp, remote_port is useless
|
|
# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
|
|
type = stcp
|
|
# sk used for authentication for visitors
|
|
sk = abcdefg
|
|
local_ip = 127.0.0.1
|
|
local_port = 22
|
|
use_encryption = false
|
|
use_compression = false
|
|
# If not empty, only visitors from specified users can connect.
|
|
# Otherwise, visitors from same user can connect. '*' means allow all users.
|
|
allow_users = *
|
|
|
|
# user of frpc should be same in both stcp server and stcp visitor
|
|
[secret_tcp_visitor]
|
|
# frpc role visitor -> frps -> frpc role server
|
|
role = visitor
|
|
type = stcp
|
|
# the server name you want to visitor
|
|
server_name = secret_tcp
|
|
sk = abcdefg
|
|
# connect this address to visitor stcp server
|
|
bind_addr = 127.0.0.1
|
|
# bind_port can be less than 0, it means don't bind to the port and only receive connections redirected from
|
|
# other visitors. (This is not supported for SUDP now)
|
|
bind_port = 9000
|
|
use_encryption = false
|
|
use_compression = false
|
|
|
|
[p2p_tcp]
|
|
type = xtcp
|
|
sk = abcdefg
|
|
local_ip = 127.0.0.1
|
|
local_port = 22
|
|
use_encryption = false
|
|
use_compression = false
|
|
# If not empty, only visitors from specified users can connect.
|
|
# Otherwise, visitors from same user can connect. '*' means allow all users.
|
|
allow_users = user1, user2
|
|
|
|
[p2p_tcp_visitor]
|
|
role = visitor
|
|
type = xtcp
|
|
# if the server user is not set, it defaults to the current user
|
|
server_user = user1
|
|
server_name = p2p_tcp
|
|
sk = abcdefg
|
|
bind_addr = 127.0.0.1
|
|
# bind_port can be less than 0, it means don't bind to the port and only receive connections redirected from
|
|
# other visitors. (This is not supported for SUDP now)
|
|
bind_port = 9001
|
|
use_encryption = false
|
|
use_compression = false
|
|
# when automatic tunnel persistence is required, set it to true
|
|
keep_tunnel_open = false
|
|
# effective when keep_tunnel_open is set to true, the number of attempts to punch through per hour
|
|
max_retries_an_hour = 8
|
|
min_retry_interval = 90
|
|
# fallback_to = stcp_visitor
|
|
# fallback_timeout_ms = 500
|
|
|
|
[tcpmuxhttpconnect]
|
|
type = tcpmux
|
|
multiplexer = httpconnect
|
|
local_ip = 127.0.0.1
|
|
local_port = 10701
|
|
custom_domains = tunnel1
|
|
# route_by_http_user = user1
|