# [common] is integral section [common] # A literal address or host name for IPv6 must be enclosed # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" # For single "server_addr" field, no need square brackets, like "server_addr = ::". server_addr = 0.0.0.0 server_port = 7000 # STUN server to help penetrate NAT hole. # nat_hole_stun_server = stun.easyvoip.com:3478 # The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds. # dial_server_timeout = 10 # dial_server_keepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. # If negative, keep-alive probes are disabled. # dial_server_keepalive = 7200 # if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set http_proxy here or in global environment variables # it only works when protocol is tcp # http_proxy = http://user:passwd@192.168.1.128:8080 # http_proxy = socks5://user:passwd@192.168.1.128:1080 # http_proxy = ntlm://user:passwd@192.168.1.128:2080 # console or real logFile path like ./frpc.log log_file = ./frpc.log # trace, debug, info, warn, error log_level = info log_max_days = 3 # disable log colors when log_file is console, default is false disable_log_color = false # for authentication, should be same as your frps.ini # authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false. authenticate_heartbeats = false # authenticate_new_work_conns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false. authenticate_new_work_conns = false # auth token token = 12345678 authentication_method = # oidc_client_id specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc". # By default, this value is "". oidc_client_id = # oidc_client_secret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc". # By default, this value is "". oidc_client_secret = # oidc_audience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "". oidc_audience = # oidc_scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "". oidc_scope = # oidc_token_endpoint_url specifies the URL which implements OIDC Token Endpoint. # It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "". oidc_token_endpoint_url = # oidc_additional_xxx specifies additional parameters to be sent to the OIDC Token Endpoint. # For example, if you want to specify the "audience" parameter, you can set as follow. # frp will add "audience=" "var1=" to the additional parameters. # oidc_additional_audience = https://dev.auth.com/api/v2/ # oidc_additional_var1 = foobar # set admin address for control frpc's action by http api such as reload admin_addr = 127.0.0.1 admin_port = 7400 admin_user = admin admin_pwd = admin # Admin assets directory. By default, these assets are bundled with frpc. # assets_dir = ./static # connections will be established in advance, default value is zero pool_count = 5 # if tcp stream multiplexing is used, default is true, it must be same with frps # tcp_mux = true # specify keep alive interval for tcp mux. # only valid if tcp_mux is true. # tcp_mux_keepalive_interval = 60 # your proxy name will be changed to {user}.{proxy} user = your_name # decide if exit program when first login failed, otherwise continuous relogin to frps # default is true login_fail_exit = true # communication protocol used to connect to server # supports tcp, kcp, quic and websocket now, default is tcp protocol = tcp # set client binding ip when connect server, default is empty. # only when protocol = tcp or websocket, the value will be used. connect_server_local_ip = 0.0.0.0 # quic protocol options # quic_keepalive_period = 10 # quic_max_idle_timeout = 30 # quic_max_incoming_streams = 100000 # If tls_enable is true, frpc will connect frps by tls. # Since v0.50.0, the default value has been changed to true, and tls is enabled by default. tls_enable = true # tls_cert_file = client.crt # tls_key_file = client.key # tls_trusted_ca_file = ca.crt # tls_server_name = example.com # specify a dns server, so frpc will use this instead of default one # dns_server = 8.8.8.8 # proxy names you want to start separated by ',' # default is empty, means all proxies # start = ssh,dns # heartbeat configure, it's not recommended to modify the default value # The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value # to disable it. # heartbeat_interval = 30 # heartbeat_timeout = 90 # additional meta info for client meta_var1 = 123 meta_var2 = 234 # specify udp packet size, unit is byte. If not set, the default value is 1500. # This parameter should be same between client and server. # It affects the udp and sudp proxy. udp_packet_size = 1500 # include other config files for proxies. # includes = ./confd/*.ini # If the disable_custom_tls_first_byte is set to false, frpc will establish a connection with frps using the # first custom byte when tls is enabled. # Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default. disable_custom_tls_first_byte = true # Enable golang pprof handlers in admin listener. # Admin port must be set first. pprof_enable = false # 'ssh' is the unique proxy name # if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh' [ssh] # tcp | udp | http | https | stcp | xtcp, default is tcp type = tcp local_ip = 127.0.0.1 local_port = 22 # limit bandwidth for this proxy, unit is KB and MB bandwidth_limit = 1MB # where to limit bandwidth, can be 'client' or 'server', default is 'client' bandwidth_limit_mode = client # true or false, if true, messages between frps and frpc will be encrypted, default is false use_encryption = false # if true, message will be compressed use_compression = false # remote port listen by frps remote_port = 6001 # frps will load balancing connections for proxies in same group group = test_group # group should have same group key group_key = 123456 # enable health check for the backend service, it support 'tcp' and 'http' now # frpc will connect local service's port to detect it's healthy status health_check_type = tcp # health check connection timeout health_check_timeout_s = 3 # if continuous failed in 3 times, the proxy will be removed from frps health_check_max_failed = 3 # every 10 seconds will do a health check health_check_interval_s = 10 # additional meta info for each proxy meta_var1 = 123 meta_var2 = 234 [ssh_random] type = tcp local_ip = 127.0.0.1 local_port = 22 # if remote_port is 0, frps will assign a random port for you remote_port = 0 # if you want to expose multiple ports, add 'range:' prefix to the section name # frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on. [range:tcp_port] type = tcp local_ip = 127.0.0.1 local_port = 6010-6020,6022,6024-6028 remote_port = 6010-6020,6022,6024-6028 use_encryption = false use_compression = false [dns] type = udp local_ip = 114.114.114.114 local_port = 53 remote_port = 6002 use_encryption = false use_compression = false [range:udp_port] type = udp local_ip = 127.0.0.1 local_port = 6010-6020 remote_port = 6010-6020 use_encryption = false use_compression = false # Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02 [web01] type = http local_ip = 127.0.0.1 local_port = 80 use_encryption = false use_compression = true # http username and password are safety certification for http protocol # if not set, you can access this custom_domains without certification http_user = admin http_pwd = admin # if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com subdomain = web01 custom_domains = web01.yourdomain.com # locations is only available for http type locations = /,/pic # route requests to this service if http basic auto user is abc # route_by_http_user = abc host_header_rewrite = example.com # params with prefix "header_" will be used to update http request headers header_X-From-Where = frp health_check_type = http # frpc will send a GET http request '/status' to local http service # http service is alive when it return 2xx http response code health_check_url = /status health_check_interval_s = 10 health_check_max_failed = 3 health_check_timeout_s = 3 [web02] type = https local_ip = 127.0.0.1 local_port = 8000 use_encryption = false use_compression = false subdomain = web02 custom_domains = web02.yourdomain.com # if not empty, frpc will use proxy protocol to transfer connection info to your local service # v1 or v2 or empty proxy_protocol_version = v2 [plugin_unix_domain_socket] type = tcp remote_port = 6003 # if plugin is defined, local_ip and local_port is useless # plugin will handle connections got from frps plugin = unix_domain_socket # params with prefix "plugin_" that plugin needed plugin_unix_path = /var/run/docker.sock [plugin_http_proxy] type = tcp remote_port = 6004 plugin = http_proxy plugin_http_user = abc plugin_http_passwd = abc [plugin_socks5] type = tcp remote_port = 6005 plugin = socks5 plugin_user = abc plugin_passwd = abc [plugin_static_file] type = tcp remote_port = 6006 plugin = static_file plugin_local_path = /var/www/blog plugin_strip_prefix = static plugin_http_user = abc plugin_http_passwd = abc [plugin_https2http] type = https custom_domains = test.yourdomain.com plugin = https2http plugin_local_addr = 127.0.0.1:80 plugin_crt_path = ./server.crt plugin_key_path = ./server.key plugin_host_header_rewrite = 127.0.0.1 plugin_header_X-From-Where = frp [plugin_https2https] type = https custom_domains = test.yourdomain.com plugin = https2https plugin_local_addr = 127.0.0.1:443 plugin_crt_path = ./server.crt plugin_key_path = ./server.key plugin_host_header_rewrite = 127.0.0.1 plugin_header_X-From-Where = frp [plugin_http2https] type = http custom_domains = test.yourdomain.com plugin = http2https plugin_local_addr = 127.0.0.1:443 plugin_host_header_rewrite = 127.0.0.1 plugin_header_X-From-Where = frp [secret_tcp] # If the type is secret tcp, remote_port is useless # Who want to connect local port should deploy another frpc with stcp proxy and role is visitor type = stcp # sk used for authentication for visitors sk = abcdefg local_ip = 127.0.0.1 local_port = 22 use_encryption = false use_compression = false # If not empty, only visitors from specified users can connect. # Otherwise, visitors from same user can connect. '*' means allow all users. allow_users = * # user of frpc should be same in both stcp server and stcp visitor [secret_tcp_visitor] # frpc role visitor -> frps -> frpc role server role = visitor type = stcp # the server name you want to visitor server_name = secret_tcp sk = abcdefg # connect this address to visitor stcp server bind_addr = 127.0.0.1 # bind_port can be less than 0, it means don't bind to the port and only receive connections redirected from # other visitors. (This is not supported for SUDP now) bind_port = 9000 use_encryption = false use_compression = false [p2p_tcp] type = xtcp sk = abcdefg local_ip = 127.0.0.1 local_port = 22 use_encryption = false use_compression = false # If not empty, only visitors from specified users can connect. # Otherwise, visitors from same user can connect. '*' means allow all users. allow_users = user1, user2 [p2p_tcp_visitor] role = visitor type = xtcp # if the server user is not set, it defaults to the current user server_user = user1 server_name = p2p_tcp sk = abcdefg bind_addr = 127.0.0.1 # bind_port can be less than 0, it means don't bind to the port and only receive connections redirected from # other visitors. (This is not supported for SUDP now) bind_port = 9001 use_encryption = false use_compression = false # when automatic tunnel persistence is required, set it to true keep_tunnel_open = false # effective when keep_tunnel_open is set to true, the number of attempts to punch through per hour max_retries_an_hour = 8 min_retry_interval = 90 # fallback_to = stcp_visitor # fallback_timeout_ms = 500 [tcpmuxhttpconnect] type = tcpmux multiplexer = httpconnect local_ip = 127.0.0.1 local_port = 10701 custom_domains = tunnel1 # route_by_http_user = user1