mirror of https://github.com/fatedier/frp.git
392 lines
12 KiB
TOML
392 lines
12 KiB
TOML
# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
|
|
|
|
# your proxy name will be changed to {user}.{proxy}
|
|
user = "your_name"
|
|
|
|
# A literal address or host name for IPv6 must be enclosed
|
|
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
|
|
# For single serverAddr field, no need square brackets, like serverAddr = "::".
|
|
serverAddr = "0.0.0.0"
|
|
serverPort = 7000
|
|
|
|
# STUN server to help penetrate NAT hole.
|
|
# natHoleStunServer = "stun.easyvoip.com:3478"
|
|
|
|
# Decide if exit program when first login failed, otherwise continuous relogin to frps
|
|
# default is true
|
|
loginFailExit = true
|
|
|
|
# console or real logFile path like ./frpc.log
|
|
log.to = "./frpc.log"
|
|
# trace, debug, info, warn, error
|
|
log.level = "info"
|
|
log.maxDays = 3
|
|
# disable log colors when log.to is console, default is false
|
|
log.disablePrintColor = false
|
|
|
|
auth.method = "token"
|
|
# auth.additionalScopes specifies additional scopes to include authentication information.
|
|
# Optional values are HeartBeats, NewWorkConns.
|
|
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
|
|
|
|
# auth token
|
|
auth.token = "12345678"
|
|
|
|
# oidc.clientID specifies the client ID to use to get a token in OIDC authentication.
|
|
# auth.oidc.clientID = ""
|
|
# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication.
|
|
# auth.oidc.clientSecret = ""
|
|
# oidc.audience specifies the audience of the token in OIDC authentication.
|
|
# auth.oidc.audience = ""
|
|
# oidc.scope specifies the permissions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
|
|
# auth.oidc.scope = ""
|
|
# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
|
|
# It will be used to get an OIDC token.
|
|
# auth.oidc.tokenEndpointURL = ""
|
|
|
|
# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint.
|
|
# For example, if you want to specify the "audience" parameter, you can set as follow.
|
|
# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
|
|
# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/"
|
|
# auth.oidc.additionalEndpointParams.var1 = "foobar"
|
|
|
|
# Set admin address for control frpc's action by http api such as reload
|
|
webServer.addr = "127.0.0.1"
|
|
webServer.port = 7400
|
|
webServer.user = "admin"
|
|
webServer.password = "admin"
|
|
# Admin assets directory. By default, these assets are bundled with frpc.
|
|
# webServer.assetsDir = "./static"
|
|
|
|
# Enable golang pprof handlers in admin listener.
|
|
webServer.pprofEnable = false
|
|
|
|
# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.
|
|
# transport.dialServerTimeout = 10
|
|
|
|
# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
|
|
# If negative, keep-alive probes are disabled.
|
|
# transport.dialServerKeepalive = 7200
|
|
|
|
# connections will be established in advance, default value is zero
|
|
transport.poolCount = 5
|
|
|
|
# If tcp stream multiplexing is used, default is true, it must be same with frps
|
|
# transport.tcpMux = true
|
|
|
|
# Specify keep alive interval for tcp mux.
|
|
# only valid if tcpMux is enabled.
|
|
# transport.tcpMuxKeepaliveInterval = 30
|
|
|
|
# Communication protocol used to connect to server
|
|
# supports tcp, kcp, quic, websocket and wss now, default is tcp
|
|
transport.protocol = "tcp"
|
|
|
|
# set client binding ip when connect server, default is empty.
|
|
# only when protocol = tcp or websocket, the value will be used.
|
|
transport.connectServerLocalIP = "0.0.0.0"
|
|
|
|
# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables
|
|
# it only works when protocol is tcp
|
|
# transport.proxyURL = "http://user:passwd@192.168.1.128:8080"
|
|
# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080"
|
|
# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080"
|
|
|
|
# quic protocol options
|
|
# transport.quic.keepalivePeriod = 10
|
|
# transport.quic.maxIdleTimeout = 30
|
|
# transport.quic.maxIncomingStreams = 100000
|
|
|
|
# If tls.enable is true, frpc will connect frps by tls.
|
|
# Since v0.50.0, the default value has been changed to true, and tls is enabled by default.
|
|
transport.tls.enable = true
|
|
|
|
# transport.tls.certFile = "client.crt"
|
|
# transport.tls.keyFile = "client.key"
|
|
# transport.tls.trustedCaFile = "ca.crt"
|
|
# transport.tls.serverName = "example.com"
|
|
|
|
# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the
|
|
# first custom byte when tls is enabled.
|
|
# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.
|
|
# transport.tls.disableCustomTLSFirstByte = true
|
|
|
|
# Heartbeat configure, it's not recommended to modify the default value.
|
|
# The default value of heartbeatInterval is 10 and heartbeatTimeout is 90. Set negative value
|
|
# to disable it.
|
|
# transport.heartbeatInterval = 30
|
|
# transport.heartbeatTimeout = 90
|
|
|
|
# Specify a dns server, so frpc will use this instead of default one
|
|
# dnsServer = "8.8.8.8"
|
|
|
|
# Proxy names you want to start.
|
|
# Default is empty, means all proxies.
|
|
# start = ["ssh", "dns"]
|
|
|
|
# Specify udp packet size, unit is byte. If not set, the default value is 1500.
|
|
# This parameter should be same between client and server.
|
|
# It affects the udp and sudp proxy.
|
|
udpPacketSize = 1500
|
|
|
|
# Additional metadatas for client.
|
|
metadatas.var1 = "abc"
|
|
metadatas.var2 = "123"
|
|
|
|
# Include other config files for proxies.
|
|
# includes = ["./confd/*.ini"]
|
|
|
|
[[proxies]]
|
|
# 'ssh' is the unique proxy name
|
|
# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
|
|
name = "ssh"
|
|
type = "tcp"
|
|
localIP = "127.0.0.1"
|
|
localPort = 22
|
|
# Limit bandwidth for this proxy, unit is KB and MB
|
|
transport.bandwidthLimit = "1MB"
|
|
# Where to limit bandwidth, can be 'client' or 'server', default is 'client'
|
|
transport.bandwidthLimitMode = "client"
|
|
# If true, traffic of this proxy will be encrypted, default is false
|
|
transport.useEncryption = false
|
|
# If true, traffic will be compressed
|
|
transport.useCompression = false
|
|
# Remote port listen by frps
|
|
remotePort = 6001
|
|
# frps will load balancing connections for proxies in same group
|
|
loadBalancer.group = "test_group"
|
|
# group should have same group key
|
|
loadBalancer.groupKey = "123456"
|
|
# Enable health check for the backend service, it supports 'tcp' and 'http' now.
|
|
# frpc will connect local service's port to detect it's healthy status
|
|
healthCheck.type = "tcp"
|
|
# Health check connection timeout
|
|
healthCheck.timeoutSeconds = 3
|
|
# If continuous failed in 3 times, the proxy will be removed from frps
|
|
healthCheck.maxFailed = 3
|
|
# Every 10 seconds will do a health check
|
|
healthCheck.intervalSeconds = 10
|
|
# Additional meta info for each proxy. It will be passed to the server-side plugin for use.
|
|
metadatas.var1 = "abc"
|
|
metadatas.var2 = "123"
|
|
# You can add some extra information to the proxy through annotations.
|
|
# These annotations will be displayed on the frps dashboard.
|
|
[proxies.annotations]
|
|
key1 = "value1"
|
|
"prefix/key2" = "value2"
|
|
|
|
[[proxies]]
|
|
name = "ssh_random"
|
|
type = "tcp"
|
|
localIP = "192.168.31.100"
|
|
localPort = 22
|
|
# If remotePort is 0, frps will assign a random port for you
|
|
remotePort = 0
|
|
|
|
[[proxies]]
|
|
name = "dns"
|
|
type = "udp"
|
|
localIP = "114.114.114.114"
|
|
localPort = 53
|
|
remotePort = 6002
|
|
|
|
# Resolve your domain names to [serverAddr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
|
|
[[proxies]]
|
|
name = "web01"
|
|
type = "http"
|
|
localIP = "127.0.0.1"
|
|
localPort = 80
|
|
# http username and password are safety certification for http protocol
|
|
# if not set, you can access this customDomains without certification
|
|
httpUser = "admin"
|
|
httpPassword = "admin"
|
|
# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
|
|
subdomain = "web01"
|
|
customDomains = ["web01.yourdomain.com"]
|
|
# locations is only available for http type
|
|
locations = ["/", "/pic"]
|
|
# route requests to this service if http basic auto user is abc
|
|
# routeByHTTPUser = abc
|
|
hostHeaderRewrite = "example.com"
|
|
requestHeaders.set.x-from-where = "frp"
|
|
responseHeaders.set.foo = "bar"
|
|
healthCheck.type = "http"
|
|
# frpc will send a GET http request '/status' to local http service
|
|
# http service is alive when it return 2xx http response code
|
|
healthCheck.path = "/status"
|
|
healthCheck.intervalSeconds = 10
|
|
healthCheck.maxFailed = 3
|
|
healthCheck.timeoutSeconds = 3
|
|
# set health check headers
|
|
healthCheck.httpHeaders=[
|
|
{ name = "x-from-where", value = "frp" }
|
|
]
|
|
|
|
[[proxies]]
|
|
name = "web02"
|
|
type = "https"
|
|
localIP = "127.0.0.1"
|
|
localPort = 8000
|
|
subdomain = "web02"
|
|
customDomains = ["web02.yourdomain.com"]
|
|
# if not empty, frpc will use proxy protocol to transfer connection info to your local service
|
|
# v1 or v2 or empty
|
|
transport.proxyProtocolVersion = "v2"
|
|
|
|
[[proxies]]
|
|
name = "tcpmuxhttpconnect"
|
|
type = "tcpmux"
|
|
multiplexer = "httpconnect"
|
|
localIP = "127.0.0.1"
|
|
localPort = 10701
|
|
customDomains = ["tunnel1"]
|
|
# routeByHTTPUser = "user1"
|
|
|
|
[[proxies]]
|
|
name = "plugin_unix_domain_socket"
|
|
type = "tcp"
|
|
remotePort = 6003
|
|
# if plugin is defined, localIP and localPort is useless
|
|
# plugin will handle connections got from frps
|
|
[proxies.plugin]
|
|
type = "unix_domain_socket"
|
|
unixPath = "/var/run/docker.sock"
|
|
|
|
[[proxies]]
|
|
name = "plugin_http_proxy"
|
|
type = "tcp"
|
|
remotePort = 6004
|
|
[proxies.plugin]
|
|
type = "http_proxy"
|
|
httpUser = "abc"
|
|
httpPassword = "abc"
|
|
|
|
[[proxies]]
|
|
name = "plugin_socks5"
|
|
type = "tcp"
|
|
remotePort = 6005
|
|
[proxies.plugin]
|
|
type = "socks5"
|
|
username = "abc"
|
|
password = "abc"
|
|
|
|
[[proxies]]
|
|
name = "plugin_static_file"
|
|
type = "tcp"
|
|
remotePort = 6006
|
|
[proxies.plugin]
|
|
type = "static_file"
|
|
localPath = "/var/www/blog"
|
|
stripPrefix = "static"
|
|
httpUser = "abc"
|
|
httpPassword = "abc"
|
|
|
|
[[proxies]]
|
|
name = "plugin_https2http"
|
|
type = "https"
|
|
customDomains = ["test.yourdomain.com"]
|
|
[proxies.plugin]
|
|
type = "https2http"
|
|
localAddr = "127.0.0.1:80"
|
|
crtPath = "./server.crt"
|
|
keyPath = "./server.key"
|
|
hostHeaderRewrite = "127.0.0.1"
|
|
requestHeaders.set.x-from-where = "frp"
|
|
|
|
[[proxies]]
|
|
name = "plugin_https2https"
|
|
type = "https"
|
|
customDomains = ["test.yourdomain.com"]
|
|
[proxies.plugin]
|
|
type = "https2https"
|
|
localAddr = "127.0.0.1:443"
|
|
crtPath = "./server.crt"
|
|
keyPath = "./server.key"
|
|
hostHeaderRewrite = "127.0.0.1"
|
|
requestHeaders.set.x-from-where = "frp"
|
|
|
|
[[proxies]]
|
|
name = "plugin_http2https"
|
|
type = "http"
|
|
customDomains = ["test.yourdomain.com"]
|
|
[proxies.plugin]
|
|
type = "http2https"
|
|
localAddr = "127.0.0.1:443"
|
|
hostHeaderRewrite = "127.0.0.1"
|
|
requestHeaders.set.x-from-where = "frp"
|
|
|
|
[[proxies]]
|
|
name = "plugin_http2http"
|
|
type = "tcp"
|
|
remotePort = 6007
|
|
[proxies.plugin]
|
|
type = "http2http"
|
|
localAddr = "127.0.0.1:80"
|
|
hostHeaderRewrite = "127.0.0.1"
|
|
requestHeaders.set.x-from-where = "frp"
|
|
|
|
[[proxies]]
|
|
name = "plugin_tls2raw"
|
|
type = "tcp"
|
|
remotePort = 6008
|
|
[proxies.plugin]
|
|
type = "tls2raw"
|
|
localAddr = "127.0.0.1:80"
|
|
crtPath = "./server.crt"
|
|
keyPath = "./server.key"
|
|
|
|
[[proxies]]
|
|
name = "secret_tcp"
|
|
# If the type is secret tcp, remotePort is useless
|
|
# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
|
|
type = "stcp"
|
|
# secretKey is used for authentication for visitors
|
|
secretKey = "abcdefg"
|
|
localIP = "127.0.0.1"
|
|
localPort = 22
|
|
# If not empty, only visitors from specified users can connect.
|
|
# Otherwise, visitors from same user can connect. '*' means allow all users.
|
|
allowUsers = ["*"]
|
|
|
|
[[proxies]]
|
|
name = "p2p_tcp"
|
|
type = "xtcp"
|
|
secretKey = "abcdefg"
|
|
localIP = "127.0.0.1"
|
|
localPort = 22
|
|
# If not empty, only visitors from specified users can connect.
|
|
# Otherwise, visitors from same user can connect. '*' means allow all users.
|
|
allowUsers = ["user1", "user2"]
|
|
|
|
# frpc role visitor -> frps -> frpc role server
|
|
[[visitors]]
|
|
name = "secret_tcp_visitor"
|
|
type = "stcp"
|
|
# the server name you want to visitor
|
|
serverName = "secret_tcp"
|
|
secretKey = "abcdefg"
|
|
# connect this address to visitor stcp server
|
|
bindAddr = "127.0.0.1"
|
|
# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
|
|
# other visitors. (This is not supported for SUDP now)
|
|
bindPort = 9000
|
|
|
|
[[visitors]]
|
|
name = "p2p_tcp_visitor"
|
|
type = "xtcp"
|
|
# if the server user is not set, it defaults to the current user
|
|
serverUser = "user1"
|
|
serverName = "p2p_tcp"
|
|
secretKey = "abcdefg"
|
|
bindAddr = "127.0.0.1"
|
|
# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
|
|
# other visitors. (This is not supported for SUDP now)
|
|
bindPort = 9001
|
|
# when automatic tunnel persistence is required, set it to true
|
|
keepTunnelOpen = false
|
|
# effective when keepTunnelOpen is set to true, the number of attempts to punch through per hour
|
|
maxRetriesAnHour = 8
|
|
minRetryInterval = 90
|
|
# fallbackTo = "stcp_visitor"
|
|
# fallbackTimeoutMs = 500
|