26
2024
11
01:15:41

Frp0.52之后版本完整配置详情

参考 https://github.com/fatedier/frp/tree/dev/conf


frps.toml

# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.


# A literal address or host name for IPv6 must be enclosed

# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"

# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`.

bindAddr = "0.0.0.0"

bindPort = 7000


# udp port used for kcp protocol, it can be same with 'bindPort'.

# if not set, kcp is disabled in frps.

kcpBindPort = 7000


# udp port used for quic protocol.

# if not set, quic is disabled in frps.

# quicBindPort = 7002


# Specify which address proxy will listen for, default value is same with bindAddr

# proxyBindAddr = "127.0.0.1"


# quic protocol options

# transport.quic.keepalivePeriod = 10

# transport.quic.maxIdleTimeout = 30

# transport.quic.maxIncomingStreams = 100000


# Heartbeat configure, it's not recommended to modify the default value

# The default value of heartbeatTimeout is 90. Set negative value to disable it.

# transport.heartbeatTimeout = 90


# Pool count in each proxy will keep no more than maxPoolCount.

transport.maxPoolCount = 5


# If tcp stream multiplexing is used, default is true

# transport.tcpMux = true


# Specify keep alive interval for tcp mux.

# only valid if tcpMux is true.

# transport.tcpMuxKeepaliveInterval = 60


# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.

# If negative, keep-alive probes are disabled.

# transport.tcpKeepalive = 7200


# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false.

transport.tls.force = false


# transport.tls.certFile = "server.crt"

# transport.tls.keyFile = "server.key"

# transport.tls.trustedCaFile = "ca.crt"


# If you want to support virtual host, you must set the http port for listening (optional)

# Note: http port and https port can be same with bindPort

vhostHTTPPort = 80

vhostHTTPSPort = 443


# Response header timeout(seconds) for vhost http server, default is 60s

# vhostHTTPTimeout = 60


# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP

# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP

# requests on one single port. If it's not - it will listen on this value for

# HTTP CONNECT requests. By default, this value is 0.

# tcpmuxHTTPConnectPort = 1337


# If tcpmuxPassthrough is true, frps won't do any update on traffic.

# tcpmuxPassthrough = false


# Configure the web server to enable the dashboard for frps.

# dashboard is available only if webServer.port is set.

webServer.addr = "127.0.0.1"

webServer.port = 7500

webServer.user = "admin"

webServer.password = "admin"

# webServer.tls.certFile = "server.crt"

# webServer.tls.keyFile = "server.key"

# dashboard assets directory(only for debug mode)

# webServer.assetsDir = "./static"


# Enable golang pprof handlers in dashboard listener.

# Dashboard port must be set first

webServer.pprofEnable = false


# enablePrometheus will export prometheus metrics on webServer in /metrics api.

enablePrometheus = true


# console or real logFile path like ./frps.log

log.to = "./frps.log"

# trace, debug, info, warn, error

log.level = "info"

log.maxDays = 3

# disable log colors when log.to is console, default is false

log.disablePrintColor = false


# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.

detailedErrorsToClient = true


# auth.method specifies what authentication method to use authenticate frpc with frps.

# If "token" is specified - token will be read into login message.

# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".

auth.method = "token"


# auth.additionalScopes specifies additional scopes to include authentication information.

# Optional values are HeartBeats, NewWorkConns.

# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]


# auth token

auth.token = "12345678"


# oidc issuer specifies the issuer to verify OIDC tokens with.

auth.oidc.issuer = ""

# oidc audience specifies the audience OIDC tokens should contain when validated.

auth.oidc.audience = ""

# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired.

auth.oidc.skipExpiryCheck = false

# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.

auth.oidc.skipIssuerCheck = false


# userConnTimeout specifies the maximum time to wait for a work connection.

# userConnTimeout = 10


# Only allow frpc to bind ports you list. By default, there won't be any limit.

allowPorts = [

  { start = 2000, end = 3000 },

  { single = 3001 },

  { single = 3003 },

  { start = 4000, end = 50000 }

]


# Max ports can be used for each client, default value is 0 means no limit

maxPortsPerClient = 0


# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file

# When subdomain is test, the host used by routing is test.frps.com

subDomainHost = "frps.com"


# custom 404 page for HTTP requests

# custom404Page = "/path/to/404.html"


# specify udp packet size, unit is byte. If not set, the default value is 1500.

# This parameter should be same between client and server.

# It affects the udp and sudp proxy.

udpPacketSize = 1500


# Retention time for NAT hole punching strategy data.

natholeAnalysisDataReserveHours = 168


# ssh tunnel gateway

# If you want to enable this feature, the bindPort parameter is required, while others are optional.

# By default, this feature is disabled. It will be enabled if bindPort is greater than 0.

# sshTunnelGateway.bindPort = 2200

# sshTunnelGateway.privateKeyFile = "/home/frp-user/.ssh/id_rsa"

# sshTunnelGateway.autoGenPrivateKeyPath = ""

# sshTunnelGateway.authorizedKeysFile = "/home/frp-user/.ssh/authorized_keys"


[[httpPlugins]]

name = "user-manager"

addr = "127.0.0.1:9000"

path = "/handler"

ops = ["Login"]


[[httpPlugins]]

name = "port-manager"

addr = "127.0.0.1:9001"

path = "/handler"

ops = ["NewProxy"]







frpc.toml

# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.


# your proxy name will be changed to {user}.{proxy}

user = "your_name"


# A literal address or host name for IPv6 must be enclosed

# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"

# For single serverAddr field, no need square brackets, like serverAddr = "::".

serverAddr = "0.0.0.0"

serverPort = 7000


# STUN server to help penetrate NAT hole.

# natHoleStunServer = "stun.easyvoip.com:3478"


# Decide if exit program when first login failed, otherwise continuous relogin to frps

# default is true

loginFailExit = true


# console or real logFile path like ./frpc.log

log.to = "./frpc.log"

# trace, debug, info, warn, error

log.level = "info"

log.maxDays = 3

# disable log colors when log.to is console, default is false

log.disablePrintColor = false


auth.method = "token"

# auth.additionalScopes specifies additional scopes to include authentication information.

# Optional values are HeartBeats, NewWorkConns.

# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]


# auth token

auth.token = "12345678"


# oidc.clientID specifies the client ID to use to get a token in OIDC authentication.

# auth.oidc.clientID = ""

# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication.

# auth.oidc.clientSecret = ""

# oidc.audience specifies the audience of the token in OIDC authentication.

# auth.oidc.audience = ""

# oidc.scope specifies the permissions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".

# auth.oidc.scope = ""

# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint.

# It will be used to get an OIDC token.

# auth.oidc.tokenEndpointURL = ""


# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint.

# For example, if you want to specify the "audience" parameter, you can set as follow.

# frp will add "audience=<value>" "var1=<value>" to the additional parameters.

# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/"

# auth.oidc.additionalEndpointParams.var1 = "foobar"


# Set admin address for control frpc's action by http api such as reload

webServer.addr = "127.0.0.1"

webServer.port = 7400

webServer.user = "admin"

webServer.password = "admin"

# Admin assets directory. By default, these assets are bundled with frpc.

# webServer.assetsDir = "./static"


# Enable golang pprof handlers in admin listener.

webServer.pprofEnable = false


# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.

# transport.dialServerTimeout = 10


# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.

# If negative, keep-alive probes are disabled.

# transport.dialServerKeepalive = 7200


# connections will be established in advance, default value is zero

transport.poolCount = 5


# If tcp stream multiplexing is used, default is true, it must be same with frps

# transport.tcpMux = true


# Specify keep alive interval for tcp mux.

# only valid if tcpMux is enabled.

# transport.tcpMuxKeepaliveInterval = 60


# Communication protocol used to connect to server

# supports tcp, kcp, quic, websocket and wss now, default is tcp

transport.protocol = "tcp"


# set client binding ip when connect server, default is empty.

# only when protocol = tcp or websocket, the value will be used.

transport.connectServerLocalIP = "0.0.0.0"


# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables

# it only works when protocol is tcp

# transport.proxyURL = "http://user:passwd@192.168.1.128:8080"

# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080"

# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080"


# quic protocol options

# transport.quic.keepalivePeriod = 10

# transport.quic.maxIdleTimeout = 30

# transport.quic.maxIncomingStreams = 100000


# If tls.enable is true, frpc will connect frps by tls.

# Since v0.50.0, the default value has been changed to true, and tls is enabled by default.

transport.tls.enable = true


# transport.tls.certFile = "client.crt"

# transport.tls.keyFile = "client.key"

# transport.tls.trustedCaFile = "ca.crt"

# transport.tls.serverName = "example.com"


# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the

# first custom byte when tls is enabled.

# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.

# transport.tls.disableCustomTLSFirstByte = true


# Heartbeat configure, it's not recommended to modify the default value.

# The default value of heartbeatInterval is 10 and heartbeatTimeout is 90. Set negative value

# to disable it.

# transport.heartbeatInterval = 30

# transport.heartbeatTimeout = 90


# Specify a dns server, so frpc will use this instead of default one

# dnsServer = "8.8.8.8"


# Proxy names you want to start.

# Default is empty, means all proxies.

# start = ["ssh", "dns"]


# Specify udp packet size, unit is byte. If not set, the default value is 1500.

# This parameter should be same between client and server.

# It affects the udp and sudp proxy.

udpPacketSize = 1500


# Additional metadatas for client.

metadatas.var1 = "abc"

metadatas.var2 = "123"


# Include other config files for proxies.

# includes = ["./confd/*.ini"]


[[proxies]]

# 'ssh' is the unique proxy name

# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'

name = "ssh"

type = "tcp"

localIP = "127.0.0.1"

localPort = 22

# Limit bandwidth for this proxy, unit is KB and MB

transport.bandwidthLimit = "1MB"

# Where to limit bandwidth, can be 'client' or 'server', default is 'client'

transport.bandwidthLimitMode = "client"

# If true, traffic of this proxy will be encrypted, default is false

transport.useEncryption = false

# If true, traffic will be compressed

transport.useCompression = false

# Remote port listen by frps

remotePort = 6001

# frps will load balancing connections for proxies in same group

loadBalancer.group = "test_group"

# group should have same group key

loadBalancer.groupKey = "123456"

# Enable health check for the backend service, it supports 'tcp' and 'http' now.

# frpc will connect local service's port to detect it's healthy status

healthCheck.type = "tcp"

# Health check connection timeout

healthCheck.timeoutSeconds = 3

# If continuous failed in 3 times, the proxy will be removed from frps

healthCheck.maxFailed = 3

# every 10 seconds will do a health check

healthCheck.intervalSeconds = 10

# additional meta info for each proxy

metadatas.var1 = "abc"

metadatas.var2 = "123"


[[proxies]]

name = "ssh_random"

type = "tcp"

localIP = "192.168.31.100"

localPort = 22

# If remotePort is 0, frps will assign a random port for you

remotePort = 0


[[proxies]]

name = "dns"

type = "udp"

localIP = "114.114.114.114"

localPort = 53

remotePort = 6002


# Resolve your domain names to [serverAddr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02

[[proxies]]

name = "web01"

type = "http"

localIP = "127.0.0.1"

localPort = 80

# http username and password are safety certification for http protocol

# if not set, you can access this customDomains without certification

httpUser = "admin"

httpPassword = "admin"

# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com

subdomain = "web01"

customDomains = ["web01.yourdomain.com"]

# locations is only available for http type

locations = ["/", "/pic"]

# route requests to this service if http basic auto user is abc

# routeByHTTPUser = abc

hostHeaderRewrite = "example.com"

requestHeaders.set.x-from-where = "frp"

healthCheck.type = "http"

# frpc will send a GET http request '/status' to local http service

# http service is alive when it return 2xx http response code

healthCheck.path = "/status"

healthCheck.intervalSeconds = 10

healthCheck.maxFailed = 3

healthCheck.timeoutSeconds = 3


[[proxies]]

name = "web02"

type = "https"

localIP = "127.0.0.1"

localPort = 8000

subdomain = "web02"

customDomains = ["web02.yourdomain.com"]

# if not empty, frpc will use proxy protocol to transfer connection info to your local service

# v1 or v2 or empty

transport.proxyProtocolVersion = "v2"


[[proxies]]

name = "tcpmuxhttpconnect"

type = "tcpmux"

multiplexer = "httpconnect"

localIP = "127.0.0.1"

localPort = 10701

customDomains = ["tunnel1"]

# routeByHTTPUser = "user1"


[[proxies]]

name = "plugin_unix_domain_socket"

type = "tcp"

remotePort = 6003

# if plugin is defined, localIP and localPort is useless

# plugin will handle connections got from frps

[proxies.plugin]

type = "unix_domain_socket"

unixPath = "/var/run/docker.sock"


[[proxies]]

name = "plugin_http_proxy"

type = "tcp"

remotePort = 6004

[proxies.plugin]

type = "http_proxy"

httpUser = "abc"

httpPassword = "abc"


[[proxies]]

name = "plugin_socks5"

type = "tcp"

remotePort = 6005

[proxies.plugin]

type = "socks5"

username = "abc"

password = "abc"


[[proxies]]

name = "plugin_static_file"

type = "tcp"

remotePort = 6006

[proxies.plugin]

type = "static_file"

localPath = "/var/www/blog"

stripPrefix = "static"

httpUser = "abc"

httpPassword = "abc"


[[proxies]]

name = "plugin_https2http"

type = "https"

customDomains = ["test.yourdomain.com"]

[proxies.plugin]

type = "https2http"

localAddr = "127.0.0.1:80"

crtPath = "./server.crt"

keyPath = "./server.key"

hostHeaderRewrite = "127.0.0.1"

requestHeaders.set.x-from-where = "frp"


[[proxies]]

name = "plugin_https2https"

type = "https"

customDomains = ["test.yourdomain.com"]

[proxies.plugin]

type = "https2https"

localAddr = "127.0.0.1:443"

crtPath = "./server.crt"

keyPath = "./server.key"

hostHeaderRewrite = "127.0.0.1"

requestHeaders.set.x-from-where = "frp"


[[proxies]]

name = "plugin_http2https"

type = "http"

customDomains = ["test.yourdomain.com"]

[proxies.plugin]

type = "http2https"

localAddr = "127.0.0.1:443"

hostHeaderRewrite = "127.0.0.1"

requestHeaders.set.x-from-where = "frp"


[[proxies]]

name = "secret_tcp"

# If the type is secret tcp, remotePort is useless

# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor

type = "stcp"

# secretKey is used for authentication for visitors

secretKey = "abcdefg"

localIP = "127.0.0.1"

localPort = 22

# If not empty, only visitors from specified users can connect.

# Otherwise, visitors from same user can connect. '*' means allow all users.

allowUsers = ["*"]


[[proxies]]

name = "p2p_tcp"

type = "xtcp"

secretKey = "abcdefg"

localIP = "127.0.0.1"

localPort = 22

# If not empty, only visitors from specified users can connect.

# Otherwise, visitors from same user can connect. '*' means allow all users.

allowUsers = ["user1", "user2"]


# frpc role visitor -> frps -> frpc role server

[[visitors]]

name = "secret_tcp_visitor"

type = "stcp"

# the server name you want to visitor

serverName = "secret_tcp"

secretKey = "abcdefg"

# connect this address to visitor stcp server

bindAddr = "127.0.0.1"

# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from

# other visitors. (This is not supported for SUDP now)

bindPort = 9000


[[visitors]]

name = "p2p_tcp_visitor"

type = "xtcp"

# if the server user is not set, it defaults to the current user

serverUser = "user1"

serverName = "p2p_tcp"

secretKey = "abcdefg"

bindAddr = "127.0.0.1"

# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from

# other visitors. (This is not supported for SUDP now)

bindPort = 9001

# when automatic tunnel persistence is required, set it to true

keepTunnelOpen = false

# effective when keepTunnelOpen is set to true, the number of attempts to punch through per hour

maxRetriesAnHour = 8

minRetryInterval = 90

# fallbackTo = "stcp_visitor"

# fallbackTimeoutMs = 500

————————————————




推荐本站淘宝优惠价购买喜欢的宝贝:

image.png

本文链接:https://www.hqyman.cn/post/8590.html 非本站原创文章欢迎转载,原创文章需保留本站地址!

分享到:
打赏





休息一下~~


« 上一篇 下一篇 »

发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

请先 登录 再评论,若不是会员请先 注册

您的IP地址是: