GNBFRP

personal frp server example

[common] is integral section

[common]

A literal address or host name for IPv6 must be enclosed

in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"

For single "server_addr" field, no need square brackets, like "server_addr = ::".

server_addr = 0.0.0.0 server_port = 7000

The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.

dial_server_timeout = 10

dial_server_keepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.

If negative, keep-alive probes are disabled.

dial_server_keepalive = 7200

if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set http_proxy here or in global environment variables

it only works when protocol is tcp

http_proxy = http://user:[email protected]:8080

http_proxy = socks5://user:[email protected]:1080

http_proxy = ntlm://user:[email protected]:2080

console or real logFile path like ./frpc.log

log_file = ./frpc.log

trace, debug, info, warn, error

log_level = info

log_max_days = 3

disable log colors when log_file is console, default is false

disable_log_color = false

for authentication, should be same as your frps.ini

authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.

authenticate_heartbeats = false

authenticate_new_work_conns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.

authenticate_new_work_conns = false

auth token

token = 12345678

oidc_client_id specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".

By default, this value is "".

oidc_client_id =

oidc_client_secret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".

By default, this value is "".

oidc_client_secret =

oidc_audience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".

oidc_audience =

oidc_token_endpoint_url specifies the URL which implements OIDC Token Endpoint.

It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".

oidc_token_endpoint_url =

oidc_additional_xxx specifies additional parameters to be sent to the OIDC Token Endpoint.

For example, if you want to specify the "audience" parameter, you can set as follow.

frp will add "audience=" "var1=" to the additional parameters.

oidc_additional_audience = https://dev.auth.com/api/v2/

oidc_additional_var1 = foobar

set admin address for control frpc's action by http api such as reload

admin_addr = 127.0.0.1 admin_port = 7400 admin_user = admin admin_pwd = admin

Admin assets directory. By default, these assets are bundled with frpc.

assets_dir = ./static

connections will be established in advance, default value is zero

pool_count = 5

if tcp stream multiplexing is used, default is true, it must be same with frps

tcp_mux = true

specify keep alive interval for tcp mux.

only valid if tcp_mux is true.

tcp_mux_keepalive_interval = 60

your proxy name will be changed to {user}.{proxy}

user = your_name

decide if exit program when first login failed, otherwise continuous relogin to frps

default is true

login_fail_exit = true

communication protocol used to connect to server

now it supports tcp, kcp and websocket, default is tcp

protocol = tcp

set client binding ip when connect server, default is empty.

only when protocol = tcp or websocket, the value will be used.

connect_server_local_ip = 0.0.0.0

if tls_enable is true, frpc will connect frps by tls

tls_enable = true

tls_cert_file = client.crt

tls_key_file = client.key

tls_trusted_ca_file = ca.crt

tls_server_name = example.com

specify a dns server, so frpc will use this instead of default one

dns_server = 8.8.8.8

proxy names you want to start separated by ','

default is empty, means all proxies

start = ssh,dns

heartbeat configure, it's not recommended to modify the default value

The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value

to disable it.

heartbeat_interval = 30

heartbeat_timeout = 90

additional meta info for client

meta_var1 = 123 meta_var2 = 234

specify udp packet size, unit is byte. If not set, the default value is 1500.

This parameter should be same between client and server.

It affects the udp and sudp proxy.

udp_packet_size = 1500

include other config files for proxies.

includes = ./confd/*.ini

By default, frpc will connect frps with first custom byte if tls is enabled.

If DisableCustomTLSFirstByte is true, frpc will not send that custom byte.

disable_custom_tls_first_byte = false

Enable golang pprof handlers in admin listener.

Admin port must be set first.

pprof_enable = false

'ssh' is the unique proxy name

if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'

[ssh]

tcp | udp | http | https | stcp | xtcp, default is tcp

type = tcp local_ip = 127.0.0.1 local_port = 22

limit bandwidth for this proxy, unit is KB and MB

bandwidth_limit = 1MB

true or false, if true, messages between frps and frpc will be encrypted, default is false

use_encryption = false

if true, message will be compressed

use_compression = false

remote port listen by frps

remote_port = 6001

frps will load balancing connections for proxies in same group

group = test_group

group should have same group key

group_key = 123456

enable health check for the backend service, it support 'tcp' and 'http' now

frpc will connect local service's port to detect it's healthy status

health_check_type = tcp

health check connection timeout

health_check_timeout_s = 3

if continuous failed in 3 times, the proxy will be removed from frps

health_check_max_failed = 3

every 10 seconds will do a health check

health_check_interval_s = 10

additional meta info for each proxy

meta_var1 = 123 meta_var2 = 234

[ssh_random] type = tcp local_ip = 127.0.0.1 local_port = 22

if remote_port is 0, frps will assign a random port for you

remote_port = 0

if you want to expose multiple ports, add 'range:' prefix to the section name

frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on.

[range:tcp_port] type = tcp local_ip = 127.0.0.1 local_port = 6010-6020,6022,6024-6028 remote_port = 6010-6020,6022,6024-6028 use_encryption = false use_compression = false

[dns] type = udp local_ip = 114.114.114.114 local_port = 53 remote_port = 6002 use_encryption = false use_compression = false

[range:udp_port] type = udp local_ip = 127.0.0.1 local_port = 6010-6020 remote_port = 6010-6020 use_encryption = false use_compression = false

Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02

[web01] type = http local_ip = 127.0.0.1 local_port = 80 use_encryption = false use_compression = true

http username and password are safety certification for http protocol

if not set, you can access this custom_domains without certification

http_user = admin http_pwd = admin

if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com

subdomain = web01 custom_domains = web01.yourdomain.com

locations is only available for http type

locations = /,/pic

route requests to this service if http basic auto user is abc

route_by_http_user = abc

host_header_rewrite = example.com

params with prefix "header_" will be used to update http request headers

header_X-From-Where = frp health_check_type = http

frpc will send a GET http request '/status' to local http service

http service is alive when it return 2xx http response code

health_check_url = /status health_check_interval_s = 10 health_check_max_failed = 3 health_check_timeout_s = 3

[web02] type = https local_ip = 127.0.0.1 local_port = 8000 use_encryption = false use_compression = false subdomain = web01 custom_domains = web02.yourdomain.com

if not empty, frpc will use proxy protocol to transfer connection info to your local service

v1 or v2 or empty

proxy_protocol_version = v2

[plugin_unix_domain_socket] type = tcp remote_port = 6003

if plugin is defined, local_ip and local_port is useless

plugin will handle connections got from frps

plugin = unix_domain_socket

params with prefix "plugin_" that plugin needed

plugin_unix_path = /var/run/docker.sock

[plugin_http_proxy] type = tcp remote_port = 6004 plugin = http_proxy plugin_http_user = abc plugin_http_passwd = abc

[plugin_socks5] type = tcp remote_port = 6005 plugin = socks5 plugin_user = abc plugin_passwd = abc

[plugin_static_file] type = tcp remote_port = 6006 plugin = static_file plugin_local_path = /var/www/blog plugin_strip_prefix = static plugin_http_user = abc plugin_http_passwd = abc

[plugin_https2http] type = https custom_domains = test.yourdomain.com plugin = https2http plugin_local_addr = 127.0.0.1:80 plugin_crt_path = ./server.crt plugin_key_path = ./server.key plugin_host_header_rewrite = 127.0.0.1 plugin_header_X-From-Where = frp

[plugin_https2https] type = https custom_domains = test.yourdomain.com plugin = https2https plugin_local_addr = 127.0.0.1:443 plugin_crt_path = ./server.crt plugin_key_path = ./server.key plugin_host_header_rewrite = 127.0.0.1 plugin_header_X-From-Where = frp

[plugin_http2https] type = http custom_domains = test.yourdomain.com plugin = http2https plugin_local_addr = 127.0.0.1:443 plugin_host_header_rewrite = 127.0.0.1 plugin_header_X-From-Where = frp

[secret_tcp]

If the type is secret tcp, remote_port is useless

Who want to connect local port should deploy another frpc with stcp proxy and role is visitor

type = stcp

sk used for authentication for visitors

sk = abcdefg local_ip = 127.0.0.1 local_port = 22 use_encryption = false use_compression = false

user of frpc should be same in both stcp server and stcp visitor

[secret_tcp_visitor]

frpc role visitor -> frps -> frpc role server

role = visitor type = stcp

the server name you want to visitor

server_name = secret_tcp sk = abcdefg

connect this address to visitor stcp server

bind_addr = 127.0.0.1 bind_port = 9000 use_encryption = false use_compression = false

[p2p_tcp] type = xtcp sk = abcdefg local_ip = 127.0.0.1 local_port = 22 use_encryption = false use_compression = false

[p2p_tcp_visitor] role = visitor type = xtcp server_name = p2p_tcp sk = abcdefg bind_addr = 127.0.0.1 bind_port = 9001 use_encryption = false use_compression = false

[tcpmuxhttpconnect] type = tcpmux multiplexer = httpconnect local_ip = 127.0.0.1 local_port = 10701 custom_domains = tunnel1

route_by_http_user = user1