vsiu

vsiu

HomeArchives

Frp.ini

154
AI Translation
This post is translated from Japanese into English through AI.View Original
# [common] is the shared part of the entire configuration file
[common]
# IPv6 addresses or hostnames must be enclosed in square brackets, e.g., "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For a single "server_addr" field, square brackets are not needed, e.g., "server_addr = ::"
server_addr = 0.0.0.0
server_port = 7000

# The STUN server is used to help penetrate NAT firewalls
# nat_hole_stun_server = stun.easyvoip.com:3478

# The maximum wait time for connecting to the server, default is 10 seconds
# dial_server_timeout = 10

# dial_server_keepalive specifies the keep-alive probe interval for the active network connection between frpc and frps
# If the value is negative, keep-alive probing is disabled.
# dial_server_keepalive = 7200

# If you want to connect to frps through HTTP proxy, SOCKS5 proxy, or NTLM proxy, you can set http_proxy here, or set it in global environment variables
# Only effective when the protocol is tcp
# http_proxy = http://user:[email protected]:8080
# http_proxy = socks5://user:[email protected]:1080
# http_proxy = ntlm://user:[email protected]:2080

# Console or actual log file path, e.g., ./frpc.log
log_file = ./frpc.log

# Trace, debug, info, warning, error
log_level = info

log_max_days = 3

# Disable log color when log_file is console, default is false
disable_log_color = false

# Configuration for authentication, should be the same as in frps.ini
# authenticate_heartbeats specifies whether to include the authentication token in the heartbeat sent to frps. Default is false.
authenticate_heartbeats = false

# authenticate_new_work_conns specifies whether to include the authentication token in new work connections sent to frps. Default is false.
authenticate_new_work_conns = false

# Authentication token
token = 12345678

authentication_method = 

# If AuthenticationMethod == "oidc", oidc_client_id specifies the client ID to be used when obtaining the OIDC authentication token.
# Default is an empty string.
oidc_client_id =

# If AuthenticationMethod == "oidc", oidc_client_secret specifies the client secret to be used when obtaining the OIDC authentication token.
# Default is an empty string.
oidc_client_secret =

# If AuthenticationMethod == "oidc", oidc_audience specifies the audience of the OIDC authentication token. Default is an empty string.
oidc_audience =

# If AuthenticationMethod == "oidc", oidc_scope specifies the permissions of the OIDC authentication token. Default is an empty string.
oidc_scope =

# If AuthenticationMethod == "oidc", oidc_token_endpoint_url specifies the URL that implements the OIDC token endpoint.
# If AuthenticationMethod == "oidc", the default value is an empty string.
oidc_token_endpoint_url =

# oidc_additional_xxx specifies additional parameters to be sent to the OIDC token endpoint.
# For example, if you want to specify the "audience" parameter, you can set it as follows:
# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
# oidc_additional_audience = https://dev.auth.com/api/v2/
# oidc_additional_var1 = foobar

# Set the management address for controlling frpc via HTTP API, e.g., reload
admin_addr = 127.0.0.1
admin_port = 7400
admin_user = admin
admin_pwd = admin
# Directory for management resource files. By default, these resources are bundled with frpc.
# assets_dir = ./static

# Number of pre-established connections, default value is zero
pool_count = 5

# If TCP stream multiplexing is used, default is true, it must be the same as frps
# tcp_mux = true

# Specify the keep-alive interval for TCP multiplexing.
# Only effective when tcp_mux is true.
# tcp_mux_keepalive_interval = 60

# Client binding IP used when connecting to the server, default is empty.
# This value is only used when the protocol is tcp or websocket.
connect_server_local_ip = 0.0.0.0

# QUIC protocol options
# quic_keepalive_period = 10
# quic_max_idle_timeout = 30
# quic_max_incoming_streams = 100000

# If tls_enable is true, frpc will connect to frps via tls.
# Starting from v0.50.0, the default value has changed to true, and tls is enabled by default.
tls_enable = true

# tls_cert_file = client.crt
# tls_key_file = client.key
# tls_trusted_ca_file = ca.crt
# tls_server_name = example.com

# Specify the DNS server, so frpc will use this DNS server instead of the default DNS server
# dns_server = 8.8.8.8

# The names of the proxies to start, separated by commas
# Default is empty, meaning all proxies
# start = ssh,dns

# Heartbeat configuration, it is not recommended to modify the default values
# The default value of heartbeat_interval is 10, and the default value of heartbeat_timeout is 90. Setting a negative value will disable it.
# heartbeat_interval = 30
# heartbeat_timeout = 90

# Additional metadata for the client
meta_var1 = 123
meta_var2 = 234

# Specify the UDP packet size in bytes. If not set, the default value is 1500.
# This parameter should be the same between the client and server.
# It affects UDP and SUDP proxies.
udp_packet_size = 1500

# Include other configuration files for proxies.
# includes = ./confd/*.ini

# If disable_custom_tls_first_byte is set to false, frpc will use the first custom byte to establish a connection with frps
# When tls is enabled, the default value has changed to true, and the first custom byte is disabled by default.

disable_custom_tls_first_byte = true

# Enable Golang pprof handler in the admin listener.
# The Admin port must be set first.
pprof_enable = false

# 'ssh' is the only proxy name
# If user in the [common] section is not empty, it will change to {user}.{proxy}, e.g., 'your_name.ssh'
[ssh]
# tcp | udp | http | https | stcp | xtcp, default is tcp
type = tcp
local_ip = 127.0.0.1
local_port = 22
# Limit the bandwidth of this proxy, in KB and MB
bandwidth_limit = 1MB
# Bandwidth limit mode, can be 'client' or 'server', default is 'client'
bandwidth_limit_mode = client
# true or false, if true, messages between frps and frpc will be encrypted, default is false
use_encryption = false
# If true, messages will be compressed
use_compression = false
# Remote port listened by frps
remote_port = 6001
# frps will load balance proxies in the same group
group = test_group
# The group should have the same group key
group_key = 123456
# Enable health check for backend services, currently supports 'tcp' and 'http'
# frpc will connect to the local service's port to check its health status
health_check_type = tcp
# Health check connection timeout
health_check_timeout_s = 3
# If it fails consecutively 3 times, the proxy will be removed from frps
health_check_max_failed = 3
# Health check every 10 seconds
health_check_interval_s = 10
# Additional metadata for each proxy
meta_var1 = 123
meta_var2 = 234

[ssh_random]
type = tcp
local_ip = 127.0.0.1
local_port = 22
# If remote_port is 0, frps will assign a random port for you
remote_port = 0

# If you want to expose multiple ports, add the "range:" prefix before the section name
# frpc will generate multiple proxies, e.g., 'tcp_port_6010', 'tcp_port_6011', etc.
[range:tcp_port]
type = tcp
local_ip = 127.0.0.1
local_port = 6010-6020,6022,6024-6028
remote_port = 6010-6020,6022,6024-6028
use_encryption = false
use_compression = false

[dns]
type = udp
local_ip = 114.114.114.114
local_port = 53
remote_port = 6002
use_encryption = false
use_compression = false

[range:udp_port]
type = udp
local_ip = 127.0.0.1
local_port = 6010-6020
remote_port = 6010-6020
use_encryption = false
use_compression = false

# Resolve your domain name to [server_addr], so you can access web01 using http://web01.yourdomain.com,
# and web02 using http://web02.yourdomain.com
[web01]
type = http
local_ip = 127.0.0.1
local_port = 80
use_encryption = false
use_compression = true
# The username and password for HTTP are the secure credentials for the HTTP protocol
# If not set, you can access these custom_domains without a certificate
http_user = admin
http_pwd = admin
# If the domain name of frps is frps.com, then you can access the [web01] proxy via the URL http://web01.frps.com
subdomain = web01
custom_domains = web01.yourdomain.com
# Only applicable to http type
locations = /,/pic
# If the http basic auto user is abc, route requests to this service
# route_by_http_user = abc
host_header_rewrite = example.com
# Parameters prefixed with "header_" will be used to update the HTTP request headers
header_X-From-Where = frp
health_check_type = http
# frpc will send a GET http request to the local http service '/status'
# The http service is only healthy if it returns a 2xx http response code
health_check_url = /status
health_check_interval_s = 10
health_check_max_failed = 3
health_check_timeout_s = 3

[web02]
type = https
local_ip = 127.0.0.1
local_port = 8000
use_encryption = false
use_compression = false
subdomain = web02
custom_domains = web02.yourdomain.com
# If not empty, frpc will use the proxy protocol to transmit connection information to the local service
# v1 or v2 or empty
proxy_protocol_version = v2

[plugin_unix_domain_socket]
type = tcp
remote_port = 6003
# If a plugin is defined, local_ip and local_port are useless
# The plugin will handle connections obtained from frps
plugin = unix_domain_socket
# Parameters required by the plugin with the prefix "plugin_"
plugin_unix_path = /var/run/docker.sock

[plugin_http_proxy]
type = tcp
remote_port = 6004
plugin = http_proxy
plugin_http_user = abc
plugin_http_passwd = abc

[plugin_socks5]
type = tcp
remote_port = 6005
plugin = socks5
plugin_user = abc
plugin_passwd = abc

[plugin_static_file]
type = tcp
remote_port = 6006
plugin = static_file
plugin_local_path = /var/www/blog
plugin_strip_prefix = static
plugin_http_user = abc
plugin_http_passwd = abc

[plugin_https2http]
type = https
custom_domains = test.yourdomain.com
plugin = https2http
plugin_local_addr = 127.0.0.1:80
plugin_crt_path = ./server.crt
plugin_key_path = ./server.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp

[plugin_https2https]
type = https
custom_domains = test.yourdomain.com
plugin = https2https
plugin_local_addr = 127.0.0.1:443
plugin_crt_path = ./server.crt
plugin_key_path = ./server.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp

[plugin_http2https]
type = http
custom_domains = test.yourdomain.com
plugin = http2https
plugin_local_addr = 127.0.0.1:443
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp

[secret_tcp]
# If the type is secret tcp, then remote_port is useless
# Users who want to connect to the local port should deploy another frpc with stcp proxy and role as visitor
type = stcp
# sk for visitor authentication
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22
use_encryption = false
use_compression = false
# If not empty, only visitors of the specified user can connect.
# Otherwise, visitors of the same user can connect. '*' means allow all users.
allow_users = *

# The user of frpc should be the same as the user in stcp server and stcp visitor
[secret_tcp_visitor]
# frpc role is visitor -> frps -> frpc role is server
role = visitor
type = stcp
# The name of the server you want to access
server_name = secret_tcp
sk = abcdefg
# Address to connect to the visitor stcp server
bind_addr = 127.0.0.1
# bind_port can be less than 0, meaning not binding to a port, only receiving connections redirected from
# other visitors. (SUDP currently does not support this feature)
bind_port = 9000
use_encryption = false
use_compression = false

[p2p_tcp]
type = xtcp
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22
use_encryption = false
use_compression = false
# If not empty, only visitors of the specified user can connect.
# Otherwise, visitors of the same user can connect. '*' means allow all users.
allow_users = user1, user2

[p2p_tcp_visitor]
role = visitor
type = xtcp
# If the server user is not set, it defaults to the current user
server_user = user1
server_name = p2p_tcp
sk = abcdefg
bind_addr = 127.0.0.1
# bind_port can be less than 0, meaning not binding to a port, only receiving connections redirected from
# other visitors. (SUDP currently does not support this feature)
bind_port = 9001
use_encryption = false
use_compression = false
# Set to true when automatic tunnel persistence is needed
keep_tunnel_open = false
# Effective when keep_tunnel_open is set to true, number of attempts to penetrate per hour
max_retries_an_hour = 8
min_retry_interval = 90
# fallback_to = stcp_visitor
# fallback_timeout_ms = 500

[tcpmuxhttpconnect]
type = tcpmux
multiplexer = httpconnect
local_ip = 127.0.0.1
local_port = 10701
custom_domains = tunnel1
# route_by_http_user = user1
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.