2017-05-25 01:10:58 +08:00
# [common] is integral section
[common]
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
2021-03-10 20:19:58 +08:00
# For single "server_addr" field, no need square brackets, like "server_addr = ::".
2017-05-25 01:10:58 +08:00
server_addr = 0.0.0.0
server_port = 7000
2020-09-23 12:05:05 +08:00
# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set http_proxy here or in global environment variables
2017-06-17 18:01:08 +08:00
# it only works when protocol is tcp
2018-04-10 17:46:49 +08:00
# http_proxy = http://user:passwd@192.168.1.128:8080
2018-05-04 18:36:38 +08:00
# http_proxy = socks5://user:passwd@192.168.1.128:1080
2020-09-23 12:05:05 +08:00
# http_proxy = ntlm://user:passwd@192.168.1.128:2080
2017-05-25 01:10:58 +08:00
# console or real logFile path like ./frpc.log
log_file = ./frpc.log
# trace, debug, info, warn, error
log_level = info
log_max_days = 3
2019-08-12 00:47:35 +08:00
# disable log colors when log_file is console, default is false
disable_log_color = false
2020-10-08 14:25:03 +08:00
# for authentication, should be same as your frps.ini
2020-11-23 11:38:21 +08:00
# authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
2020-10-08 14:25:03 +08:00
authenticate_heartbeats = false
2020-11-23 11:38:21 +08:00
# authenticate_new_work_conns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
2020-10-08 14:25:03 +08:00
authenticate_new_work_conns = false
# auth token
2018-04-10 17:46:49 +08:00
token = 12345678
2017-05-25 01:10:58 +08:00
2020-11-23 11:38:21 +08:00
# oidc_client_id specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
# By default, this value is "".
oidc_client_id =
# oidc_client_secret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
# By default, this value is "".
oidc_client_secret =
# oidc_audience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
oidc_audience =
# oidc_token_endpoint_url specifies the URL which implements OIDC Token Endpoint.
# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
oidc_token_endpoint_url =
2017-07-13 02:20:49 +08:00
# set admin address for control frpc's action by http api such as reload
admin_addr = 127.0.0.1
admin_port = 7400
admin_user = admin
2018-11-06 18:35:05 +08:00
admin_pwd = admin
2019-08-20 07:51:03 +08:00
# Admin assets directory. By default, these assets are bundled with frpc.
# assets_dir = ./static
2017-07-13 02:20:49 +08:00
2017-05-25 01:10:58 +08:00
# connections will be established in advance, default value is zero
pool_count = 5
# if tcp stream multiplexing is used, default is true, it must be same with frps
tcp_mux = true
2022-01-13 14:26:07 +08:00
# specify keep alive interval for tcp mux.
# only valid if tcp_mux is true.
# tcp_mux_keepalive_interval = 60
2017-05-25 01:10:58 +08:00
# your proxy name will be changed to {user}.{proxy}
user = your_name
# decide if exit program when first login failed, otherwise continuous relogin to frps
# default is true
login_fail_exit = true
2017-06-04 19:56:21 +08:00
# communication protocol used to connect to server
2020-09-23 12:05:05 +08:00
# now it supports tcp, kcp and websocket, default is tcp
2017-06-04 19:56:21 +08:00
protocol = tcp
2022-01-26 19:47:40 +08:00
# set client binding ip when connect server, default is empty.
# only when protocol = tcp or websocket, the value will be used.
connect_server_local_ip = 0.0.0.0
2019-03-11 14:14:31 +08:00
# if tls_enable is true, frpc will connect frps by tls
tls_enable = true
2020-09-18 20:06:09 +08:00
# tls_cert_file = client.crt
# tls_key_file = client.key
# tls_trusted_ca_file = ca.crt
2021-03-07 14:57:23 +08:00
# tls_server_name = example.com
2020-09-18 20:06:09 +08:00
2018-04-23 02:59:40 +08:00
# specify a dns server, so frpc will use this instead of default one
2018-05-25 01:25:36 +08:00
# dns_server = 8.8.8.8
2018-04-23 02:59:40 +08:00
2019-07-15 03:35:43 +08:00
# proxy names you want to start seperated by ','
2017-05-25 01:45:38 +08:00
# default is empty, means all proxies
# start = ssh,dns
2017-05-25 01:10:58 +08:00
# heartbeat configure, it's not recommended to modify the default value
2022-01-13 14:26:07 +08:00
# The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value
# to disable it.
2017-05-25 01:10:58 +08:00
# heartbeat_interval = 30
# heartbeat_timeout = 90
2019-12-08 21:01:58 +08:00
# additional meta info for client
meta_var1 = 123
meta_var2 = 234
2020-05-07 17:47:36 +08:00
# specify udp packet size, unit is byte. If not set, the default value is 1500.
# This parameter should be same between client and server.
# It affects the udp and sudp proxy.
udp_packet_size = 1500
2021-06-03 00:07:51 +08:00
# include other config files for proxies.
# includes = ./confd/*.ini
2021-08-11 23:10:35 +08:00
# By default, frpc will connect frps with first custom byte if tls is enabled.
# If DisableCustomTLSFirstByte is true, frpc will not send that custom byte.
disable_custom_tls_first_byte = false
2018-05-20 23:22:07 +08:00
# 'ssh' is the unique proxy name
# if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
2017-05-25 01:10:58 +08:00
[ssh]
2018-05-20 23:22:07 +08:00
# tcp | udp | http | https | stcp | xtcp, default is tcp
2017-05-25 01:10:58 +08:00
type = tcp
local_ip = 127.0.0.1
local_port = 22
2020-02-04 21:34:46 +08:00
# limit bandwidth for this proxy, unit is KB and MB
bandwidth_limit = 1MB
2017-05-25 01:10:58 +08:00
# true or false, if true, messages between frps and frpc will be encrypted, default is false
use_encryption = false
# if true, message will be compressed
use_compression = false
# remote port listen by frps
remote_port = 6001
2018-05-21 21:22:10 +08:00
# frps will load balancing connections for proxies in same group
group = test_group
# group should have same group key
group_key = 123456
2018-06-25 18:22:35 +08:00
# enable health check for the backend service, it support 'tcp' and 'http' now
# frpc will connect local service's port to detect it's healthy status
health_check_type = tcp
2019-01-15 11:27:53 +08:00
# health check connection timeout
2018-12-09 21:56:46 +08:00
health_check_timeout_s = 3
2019-01-15 11:27:53 +08:00
# if continuous failed in 3 times, the proxy will be removed from frps
health_check_max_failed = 3
# every 10 seconds will do a health check
health_check_interval_s = 10
2019-12-08 21:01:58 +08:00
# additional meta info for each proxy
meta_var1 = 123
meta_var2 = 234
2017-05-25 01:10:58 +08:00
2018-01-18 16:43:03 +08:00
[ssh_random]
type = tcp
local_ip = 127.0.0.1
local_port = 22
2018-05-08 17:02:49 +08:00
# if remote_port is 0, frps will assign a random port for you
2018-01-18 16:43:03 +08:00
remote_port = 0
2018-01-30 22:07:16 +08:00
# if you want to expose multiple ports, add 'range:' prefix to the section name
2018-01-24 17:49:13 +08:00
# frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on.
[range:tcp_port]
type = tcp
local_ip = 127.0.0.1
local_port = 6010-6020,6022,6024-6028
remote_port = 6010-6020,6022,6024-6028
use_encryption = false
use_compression = false
2017-05-25 01:10:58 +08:00
[dns]
type = udp
local_ip = 114.114.114.114
local_port = 53
remote_port = 6002
use_encryption = false
use_compression = false
2018-01-24 17:49:13 +08:00
[range:udp_port]
type = udp
local_ip = 127.0.0.1
local_port = 6010-6020
remote_port = 6010-6020
use_encryption = false
use_compression = false
2017-05-25 01:10:58 +08:00
# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
[web01]
type = http
local_ip = 127.0.0.1
local_port = 80
use_encryption = false
use_compression = true
# http username and password are safety certification for http protocol
# if not set, you can access this custom_domains without certification
http_user = admin
2018-04-23 03:04:33 +08:00
http_pwd = admin
2021-10-11 12:11:59 +08:00
# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
2017-05-25 01:10:58 +08:00
subdomain = web01
2021-10-11 12:11:59 +08:00
custom_domains = web01.yourdomain.com
2017-12-18 19:35:09 +08:00
# locations is only available for http type
2017-05-25 01:10:58 +08:00
locations = /,/pic
host_header_rewrite = example.com
2018-05-20 23:22:07 +08:00
# params with prefix "header_" will be used to update http request headers
header_X-From-Where = frp
2018-06-25 18:22:35 +08:00
health_check_type = http
# frpc will send a GET http request '/status' to local http service
# http service is alive when it return 2xx http response code
health_check_url = /status
health_check_interval_s = 10
2019-01-15 11:27:53 +08:00
health_check_max_failed = 3
health_check_timeout_s = 3
2017-05-25 01:10:58 +08:00
[web02]
type = https
local_ip = 127.0.0.1
local_port = 8000
use_encryption = false
2018-05-08 17:02:49 +08:00
use_compression = false
2017-05-25 01:10:58 +08:00
subdomain = web01
custom_domains = web02.yourdomain.com
2019-03-29 19:01:18 +08:00
# if not empty, frpc will use proxy protocol to transfer connection info to your local service
# v1 or v2 or empty
proxy_protocol_version = v2
2017-05-25 01:10:58 +08:00
2017-05-30 14:37:51 +08:00
[plugin_unix_domain_socket]
2017-05-25 01:10:58 +08:00
type = tcp
2017-05-30 14:37:51 +08:00
remote_port = 6003
2017-05-25 01:10:58 +08:00
# if plugin is defined, local_ip and local_port is useless
# plugin will handle connections got from frps
plugin = unix_domain_socket
2018-05-20 23:22:07 +08:00
# params with prefix "plugin_" that plugin needed
2017-05-25 01:10:58 +08:00
plugin_unix_path = /var/run/docker.sock
2017-05-30 14:37:51 +08:00
[plugin_http_proxy]
type = tcp
remote_port = 6004
plugin = http_proxy
plugin_http_user = abc
plugin_http_passwd = abc
2017-06-26 03:02:33 +08:00
2018-01-24 23:04:55 +08:00
[plugin_socks5]
2018-01-24 17:49:13 +08:00
type = tcp
remote_port = 6005
2018-01-24 23:04:55 +08:00
plugin = socks5
plugin_user = abc
plugin_passwd = abc
[plugin_static_file]
type = tcp
remote_port = 6006
2018-01-24 17:49:13 +08:00
plugin = static_file
plugin_local_path = /var/www/blog
plugin_strip_prefix = static
plugin_http_user = abc
plugin_http_passwd = abc
2019-04-10 13:39:26 +08:00
[plugin_https2http]
type = https
custom_domains = test.yourdomain.com
plugin = https2http
plugin_local_addr = 127.0.0.1:80
plugin_crt_path = ./server.crt
plugin_key_path = ./server.key
plugin_host_header_rewrite = 127.0.0.1
2019-11-26 10:23:37 +08:00
plugin_header_X-From-Where = frp
2021-01-27 13:14:16 +08:00
[plugin_https2https]
type = https
custom_domains = test.yourdomain.com
plugin = https2https
plugin_local_addr = 127.0.0.1:443
plugin_crt_path = ./server.crt
plugin_key_path = ./server.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp
2019-11-26 10:23:37 +08:00
[plugin_http2https]
type = http
custom_domains = test.yourdomain.com
plugin = http2https
plugin_local_addr = 127.0.0.1:443
plugin_host_header_rewrite = 127.0.0.1
2019-08-13 21:14:06 +08:00
plugin_header_X-From-Where = frp
2019-04-10 13:39:26 +08:00
2017-06-26 03:02:33 +08:00
[secret_tcp]
# If the type is secret tcp, remote_port is useless
2017-12-05 01:34:33 +08:00
# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
2017-06-26 03:02:33 +08:00
type = stcp
2017-12-05 01:34:33 +08:00
# sk used for authentication for visitors
2017-06-26 03:02:33 +08:00
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22
use_encryption = false
use_compression = false
2017-12-05 01:34:33 +08:00
# user of frpc should be same in both stcp server and stcp visitor
[secret_tcp_visitor]
# frpc role visitor -> frps -> frpc role server
role = visitor
2017-06-26 03:02:33 +08:00
type = stcp
2017-12-05 01:34:33 +08:00
# the server name you want to visitor
2017-07-13 12:01:46 +08:00
server_name = secret_tcp
2017-06-26 03:02:33 +08:00
sk = abcdefg
2017-12-05 01:34:33 +08:00
# connect this address to visitor stcp server
2017-06-26 03:02:33 +08:00
bind_addr = 127.0.0.1
bind_port = 9000
use_encryption = false
use_compression = false
2017-10-24 18:20:07 +08:00
[p2p_tcp]
type = xtcp
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22
use_encryption = false
use_compression = false
2017-12-05 01:34:33 +08:00
[p2p_tcp_visitor]
role = visitor
2017-10-24 18:20:07 +08:00
type = xtcp
server_name = p2p_tcp
sk = abcdefg
bind_addr = 127.0.0.1
bind_port = 9001
2017-10-25 02:49:56 +08:00
use_encryption = false
use_compression = false
2020-03-11 14:13:16 +08:00
[tcpmuxhttpconnect]
type = tcpmux
multiplexer = httpconnect
local_ip = 127.0.0.1
local_port = 10701
custom_domains = tunnel1