123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332 |
- # [common] is integral section
- [common]
- # A literal address or host name for IPv6 must be enclosed
- # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
- # For single "server_addr" field, no need square brackets, like "server_addr = ::".
- server_addr = 0.0.0.0
- server_port = 7000
- # if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set http_proxy here or in global environment variables
- # it only works when protocol is tcp
- # http_proxy = http://user:[email protected]:8080
- # http_proxy = socks5://user:[email protected]:1080
- # http_proxy = ntlm://user:[email protected]:2080
- # console or real logFile path like ./frpc.log
- log_file = ./frpc.log
- # trace, debug, info, warn, error
- log_level = info
- log_max_days = 3
- # disable log colors when log_file is console, default is false
- disable_log_color = false
- # for authentication, should be same as your frps.ini
- # authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
- authenticate_heartbeats = false
- # authenticate_new_work_conns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
- authenticate_new_work_conns = false
- # auth token
- token = 12345678
- # oidc_client_id specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
- # By default, this value is "".
- oidc_client_id =
- # oidc_client_secret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
- # By default, this value is "".
- oidc_client_secret =
- # oidc_audience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
- oidc_audience =
- # oidc_token_endpoint_url specifies the URL which implements OIDC Token Endpoint.
- # It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
- oidc_token_endpoint_url =
- # set admin address for control frpc's action by http api such as reload
- admin_addr = 127.0.0.1
- admin_port = 7400
- admin_user = admin
- admin_pwd = admin
- # Admin assets directory. By default, these assets are bundled with frpc.
- # assets_dir = ./static
- # connections will be established in advance, default value is zero
- pool_count = 5
- # if tcp stream multiplexing is used, default is true, it must be same with frps
- tcp_mux = true
- # specify keep alive interval for tcp mux.
- # only valid if tcp_mux is true.
- # tcp_mux_keepalive_interval = 60
- # your proxy name will be changed to {user}.{proxy}
- user = your_name
- # decide if exit program when first login failed, otherwise continuous relogin to frps
- # default is true
- login_fail_exit = true
- # communication protocol used to connect to server
- # now it supports tcp, kcp and websocket, default is tcp
- protocol = tcp
- # set client binding ip when connect server, default is empty.
- # only when protocol = tcp or websocket, the value will be used.
- connect_server_local_ip = 0.0.0.0
- # if tls_enable is true, frpc will connect frps by tls
- tls_enable = true
- # tls_cert_file = client.crt
- # tls_key_file = client.key
- # tls_trusted_ca_file = ca.crt
- # tls_server_name = example.com
- # specify a dns server, so frpc will use this instead of default one
- # dns_server = 8.8.8.8
- # proxy names you want to start seperated by ','
- # default is empty, means all proxies
- # start = ssh,dns
- # heartbeat configure, it's not recommended to modify the default value
- # The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value
- # to disable it.
- # heartbeat_interval = 30
- # heartbeat_timeout = 90
- # additional meta info for client
- meta_var1 = 123
- meta_var2 = 234
- # specify udp packet size, unit is byte. If not set, the default value is 1500.
- # This parameter should be same between client and server.
- # It affects the udp and sudp proxy.
- udp_packet_size = 1500
- # include other config files for proxies.
- # includes = ./confd/*.ini
- # By default, frpc will connect frps with first custom byte if tls is enabled.
- # If DisableCustomTLSFirstByte is true, frpc will not send that custom byte.
- disable_custom_tls_first_byte = false
- # 'ssh' is the unique proxy name
- # if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
- [ssh]
- # tcp | udp | http | https | stcp | xtcp, default is tcp
- type = tcp
- local_ip = 127.0.0.1
- local_port = 22
- # limit bandwidth for this proxy, unit is KB and MB
- bandwidth_limit = 1MB
- # true or false, if true, messages between frps and frpc will be encrypted, default is false
- use_encryption = false
- # if true, message will be compressed
- use_compression = false
- # remote port listen by frps
- remote_port = 6001
- # frps will load balancing connections for proxies in same group
- group = test_group
- # group should have same group key
- group_key = 123456
- # enable health check for the backend service, it support 'tcp' and 'http' now
- # frpc will connect local service's port to detect it's healthy status
- health_check_type = tcp
- # health check connection timeout
- health_check_timeout_s = 3
- # if continuous failed in 3 times, the proxy will be removed from frps
- health_check_max_failed = 3
- # every 10 seconds will do a health check
- health_check_interval_s = 10
- # additional meta info for each proxy
- meta_var1 = 123
- meta_var2 = 234
- [ssh_random]
- type = tcp
- local_ip = 127.0.0.1
- local_port = 22
- # if remote_port is 0, frps will assign a random port for you
- remote_port = 0
- # if you want to expose multiple ports, add 'range:' prefix to the section name
- # frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on.
- [range:tcp_port]
- type = tcp
- local_ip = 127.0.0.1
- local_port = 6010-6020,6022,6024-6028
- remote_port = 6010-6020,6022,6024-6028
- use_encryption = false
- use_compression = false
- [dns]
- type = udp
- local_ip = 114.114.114.114
- local_port = 53
- remote_port = 6002
- use_encryption = false
- use_compression = false
- [range:udp_port]
- type = udp
- local_ip = 127.0.0.1
- local_port = 6010-6020
- remote_port = 6010-6020
- use_encryption = false
- use_compression = false
- # Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
- [web01]
- type = http
- local_ip = 127.0.0.1
- local_port = 80
- use_encryption = false
- use_compression = true
- # http username and password are safety certification for http protocol
- # if not set, you can access this custom_domains without certification
- http_user = admin
- http_pwd = admin
- # if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
- subdomain = web01
- custom_domains = web01.yourdomain.com
- # locations is only available for http type
- locations = /,/pic
- host_header_rewrite = example.com
- # params with prefix "header_" will be used to update http request headers
- header_X-From-Where = frp
- health_check_type = http
- # frpc will send a GET http request '/status' to local http service
- # http service is alive when it return 2xx http response code
- health_check_url = /status
- health_check_interval_s = 10
- health_check_max_failed = 3
- health_check_timeout_s = 3
- [web02]
- type = https
- local_ip = 127.0.0.1
- local_port = 8000
- use_encryption = false
- use_compression = false
- subdomain = web01
- custom_domains = web02.yourdomain.com
- # if not empty, frpc will use proxy protocol to transfer connection info to your local service
- # v1 or v2 or empty
- proxy_protocol_version = v2
- [plugin_unix_domain_socket]
- type = tcp
- remote_port = 6003
- # if plugin is defined, local_ip and local_port is useless
- # plugin will handle connections got from frps
- plugin = unix_domain_socket
- # params with prefix "plugin_" that plugin needed
- plugin_unix_path = /var/run/docker.sock
- [plugin_http_proxy]
- type = tcp
- remote_port = 6004
- plugin = http_proxy
- plugin_http_user = abc
- plugin_http_passwd = abc
- [plugin_socks5]
- type = tcp
- remote_port = 6005
- plugin = socks5
- plugin_user = abc
- plugin_passwd = abc
- [plugin_static_file]
- type = tcp
- remote_port = 6006
- plugin = static_file
- plugin_local_path = /var/www/blog
- plugin_strip_prefix = static
- plugin_http_user = abc
- plugin_http_passwd = abc
- [plugin_https2http]
- type = https
- custom_domains = test.yourdomain.com
- plugin = https2http
- plugin_local_addr = 127.0.0.1:80
- plugin_crt_path = ./server.crt
- plugin_key_path = ./server.key
- plugin_host_header_rewrite = 127.0.0.1
- plugin_header_X-From-Where = frp
- [plugin_https2https]
- type = https
- custom_domains = test.yourdomain.com
- plugin = https2https
- plugin_local_addr = 127.0.0.1:443
- plugin_crt_path = ./server.crt
- plugin_key_path = ./server.key
- plugin_host_header_rewrite = 127.0.0.1
- plugin_header_X-From-Where = frp
- [plugin_http2https]
- type = http
- custom_domains = test.yourdomain.com
- plugin = http2https
- plugin_local_addr = 127.0.0.1:443
- plugin_host_header_rewrite = 127.0.0.1
- plugin_header_X-From-Where = frp
- [secret_tcp]
- # If the type is secret tcp, remote_port is useless
- # Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
- type = stcp
- # sk used for authentication for visitors
- sk = abcdefg
- local_ip = 127.0.0.1
- local_port = 22
- use_encryption = false
- use_compression = false
- # user of frpc should be same in both stcp server and stcp visitor
- [secret_tcp_visitor]
- # frpc role visitor -> frps -> frpc role server
- role = visitor
- type = stcp
- # the server name you want to visitor
- server_name = secret_tcp
- sk = abcdefg
- # connect this address to visitor stcp server
- bind_addr = 127.0.0.1
- bind_port = 9000
- use_encryption = false
- use_compression = false
- [p2p_tcp]
- type = xtcp
- sk = abcdefg
- local_ip = 127.0.0.1
- local_port = 22
- use_encryption = false
- use_compression = false
- [p2p_tcp_visitor]
- role = visitor
- type = xtcp
- server_name = p2p_tcp
- sk = abcdefg
- bind_addr = 127.0.0.1
- bind_port = 9001
- use_encryption = false
- use_compression = false
- [tcpmuxhttpconnect]
- type = tcpmux
- multiplexer = httpconnect
- local_ip = 127.0.0.1
- local_port = 10701
- custom_domains = tunnel1
|