doc: update

This commit is contained in:
fatedier 2018-04-24 01:26:05 +08:00
parent dfb892c8f6
commit 4a5c00286e
7 changed files with 49 additions and 58 deletions

View File

@ -31,7 +31,6 @@ frp is a fast reverse proxy to help you expose a local server behind a NAT or fi
* [Encryption and Compression](#encryption-and-compression) * [Encryption and Compression](#encryption-and-compression)
* [Hot-Reload frpc configuration](#hot-reload-frpc-configuration) * [Hot-Reload frpc configuration](#hot-reload-frpc-configuration)
* [Get proxy status from client](#get-proxy-status-from-client) * [Get proxy status from client](#get-proxy-status-from-client)
* [Privilege Mode](#privilege-mode)
* [Port White List](#port-white-list) * [Port White List](#port-white-list)
* [TCP Stream Multiplexing](#tcp-stream-multiplexing) * [TCP Stream Multiplexing](#tcp-stream-multiplexing)
* [Support KCP Protocol](#support-kcp-protocol) * [Support KCP Protocol](#support-kcp-protocol)
@ -42,6 +41,7 @@ frp is a fast reverse proxy to help you expose a local server behind a NAT or fi
* [Custom subdomain names](#custom-subdomain-names) * [Custom subdomain names](#custom-subdomain-names)
* [URL routing](#url-routing) * [URL routing](#url-routing)
* [Connect frps by HTTP PROXY](#connect-frps-by-http-proxy) * [Connect frps by HTTP PROXY](#connect-frps-by-http-proxy)
* [Range ports mapping](#range-ports-mapping)
* [Plugin](#plugin) * [Plugin](#plugin)
* [Development Plan](#development-plan) * [Development Plan](#development-plan)
* [Contributing](#contributing) * [Contributing](#contributing)
@ -422,21 +422,17 @@ Then run command `frpc reload -c ./frpc.ini` and wait for about 10 seconds to le
Use `frpc status -c ./frpc.ini` to get status of all proxies. You need to set admin port in frpc's configure file. Use `frpc status -c ./frpc.ini` to get status of all proxies. You need to set admin port in frpc's configure file.
### Privilege Mode ### Port White List
Privilege mode is the default and only mode support in frp since v0.10.0. All proxy configurations are set in client. `allow_ports` in frps.ini is used for preventing abuse of ports:
#### Port White List
`privilege_allow_ports` in frps.ini is used for preventing abuse of ports:
```ini ```ini
# frps.ini # frps.ini
[common] [common]
privilege_allow_ports = 2000-3000,3001,3003,4000-50000 allow_ports = 2000-3000,3001,3003,4000-50000
``` ```
`privilege_allow_ports` consists of a specific port or a range of ports divided by `,`. `allow_ports` consists of a specific port or a range of ports divided by `,`.
### TCP Stream Multiplexing ### TCP Stream Multiplexing

View File

@ -29,7 +29,6 @@ frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp
* [加密与压缩](#加密与压缩) * [加密与压缩](#加密与压缩)
* [客户端热加载配置文件](#客户端热加载配置文件) * [客户端热加载配置文件](#客户端热加载配置文件)
* [客户端查看代理状态](#客户端查看代理状态) * [客户端查看代理状态](#客户端查看代理状态)
* [特权模式](#特权模式)
* [端口白名单](#端口白名单) * [端口白名单](#端口白名单)
* [TCP 多路复用](#tcp-多路复用) * [TCP 多路复用](#tcp-多路复用)
* [底层通信可选 kcp 协议](#底层通信可选-kcp-协议) * [底层通信可选 kcp 协议](#底层通信可选-kcp-协议)
@ -450,21 +449,17 @@ admin_port = 7400
frpc 支持通过 `frpc status -c ./frpc.ini` 命令查看代理的状态信息,此功能需要在 frpc 中配置 admin 端口。 frpc 支持通过 `frpc status -c ./frpc.ini` 命令查看代理的状态信息,此功能需要在 frpc 中配置 admin 端口。
### 特权模式 ### 端口白名单
由于从 v0.10.0 版本开始,所有 proxy 都在客户端配置,原先的特权模式是目前唯一支持的模式。 为了防止端口被滥用,可以手动指定允许哪些端口被使用,在 frps.ini 中通过 `allow_ports` 来指定:
#### 端口白名单
为了防止端口被滥用,可以手动指定允许哪些端口被使用,在 frps.ini 中通过 privilege_allow_ports 来指定:
```ini ```ini
# frps.ini # frps.ini
[common] [common]
privilege_allow_ports = 2000-3000,3001,3003,4000-50000 allow_ports = 2000-3000,3001,3003,4000-50000
``` ```
privilege_allow_ports 可以配置允许使用的某个指定端口或者是一个范围内的所有端口,以 `,` 分隔,指定的范围以 `-` 分隔。 `allow_ports` 可以配置允许使用的某个指定端口或者是一个范围内的所有端口,以 `,` 分隔,指定的范围以 `-` 分隔。
### TCP 多路复用 ### TCP 多路复用

View File

@ -47,7 +47,7 @@ token = 12345678
# heartbeat_timeout = 90 # heartbeat_timeout = 90
# only allow frpc to bind ports you list, if you set nothing, there won't be any limit # only allow frpc to bind ports you list, if you set nothing, there won't be any limit
privilege_allow_ports = 2000-3000,3001,3003,4000-50000 allow_ports = 2000-3000,3001,3003,4000-50000
# pool_count in each proxy will change to max_pool_count if they exceed the maximum value # pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 5 max_pool_count = 5

View File

@ -68,7 +68,7 @@ type ServerCommonConf struct {
SubDomainHost string `json:"subdomain_host"` SubDomainHost string `json:"subdomain_host"`
TcpMux bool `json:"tcp_mux"` TcpMux bool `json:"tcp_mux"`
PrivilegeAllowPorts map[int]struct{} AllowPorts map[int]struct{}
MaxPoolCount int64 `json:"max_pool_count"` MaxPoolCount int64 `json:"max_pool_count"`
MaxPortsPerClient int64 `json:"max_ports_per_client"` MaxPortsPerClient int64 `json:"max_ports_per_client"`
HeartBeatTimeout int64 `json:"heart_beat_timeout"` HeartBeatTimeout int64 `json:"heart_beat_timeout"`
@ -97,7 +97,7 @@ func GetDefaultServerConf() *ServerCommonConf {
AuthTimeout: 900, AuthTimeout: 900,
SubDomainHost: "", SubDomainHost: "",
TcpMux: true, TcpMux: true,
PrivilegeAllowPorts: make(map[int]struct{}), AllowPorts: make(map[int]struct{}),
MaxPoolCount: 5, MaxPoolCount: 5,
MaxPortsPerClient: 0, MaxPortsPerClient: 0,
HeartBeatTimeout: 90, HeartBeatTimeout: 90,
@ -232,16 +232,16 @@ func UnmarshalServerConfFromIni(defaultCfg *ServerCommonConf, content string) (c
cfg.Token, _ = conf.Get("common", "token") cfg.Token, _ = conf.Get("common", "token")
if allowPortsStr, ok := conf.Get("common", "privilege_allow_ports"); ok { if allowPortsStr, ok := conf.Get("common", "allow_ports"); ok {
// e.g. 1000-2000,2001,2002,3000-4000 // e.g. 1000-2000,2001,2002,3000-4000
ports, errRet := util.ParseRangeNumbers(allowPortsStr) ports, errRet := util.ParseRangeNumbers(allowPortsStr)
if errRet != nil { if errRet != nil {
err = fmt.Errorf("Parse conf error: privilege_allow_ports: %v", errRet) err = fmt.Errorf("Parse conf error: allow_ports: %v", errRet)
return return
} }
for _, port := range ports { for _, port := range ports {
cfg.PrivilegeAllowPorts[int(port)] = struct{}{} cfg.AllowPorts[int(port)] = struct{}{}
} }
} }

View File

@ -76,8 +76,8 @@ func NewService() (svr *Service, err error) {
ctlManager: NewControlManager(), ctlManager: NewControlManager(),
pxyManager: NewProxyManager(), pxyManager: NewProxyManager(),
visitorManager: NewVisitorManager(), visitorManager: NewVisitorManager(),
tcpPortManager: NewPortManager("tcp", cfg.ProxyBindAddr, cfg.PrivilegeAllowPorts), tcpPortManager: NewPortManager("tcp", cfg.ProxyBindAddr, cfg.AllowPorts),
udpPortManager: NewPortManager("udp", cfg.ProxyBindAddr, cfg.PrivilegeAllowPorts), udpPortManager: NewPortManager("udp", cfg.ProxyBindAddr, cfg.AllowPorts),
} }
// Init assets. // Init assets.

View File

@ -5,5 +5,5 @@ vhost_http_port = 10804
log_file = ./frps.log log_file = ./frps.log
log_level = debug log_level = debug
token = 123456 token = 123456
privilege_allow_ports = 10000-20000,20002,30000-50000 allow_ports = 10000-20000,20002,30000-50000
subdomain_host = sub.com subdomain_host = sub.com

View File

@ -209,7 +209,7 @@ func TestWebSocket(t *testing.T) {
assert.Equal(TEST_HTTP_NORMAL_STR, string(msg)) assert.Equal(TEST_HTTP_NORMAL_STR, string(msg))
} }
func TestPrivilegeAllowPorts(t *testing.T) { func TestAllowPorts(t *testing.T) {
assert := assert.New(t) assert := assert.New(t)
// Port not allowed // Port not allowed
status, err := getProxyStatus(ProxyTcpPortNotAllowed) status, err := getProxyStatus(ProxyTcpPortNotAllowed)