从 v0.52.0 版本开始,frp 开始支持 TOML、YAML 和 JSON 作为配置文件格式。
本文所用版本v0.62.1,并且以debian为例
快速使用
使用以下基础配置快速开始使用frp
使用时推荐将全部注释删掉使用
#frps配置
bindAddr = "0.0.0.0"
bindPort = 7000
# 认证方式:token
auth.method = "token"
# 认证令牌
auth.token = "12345678"
# 启用 TLS 连接 frps(v0.50.0 起默认启用)
transport.tls.enable = true
#frpc配置
#此处应将0.0.0.0替换成服务器ip
serverAddr = "0.0.0.0"
serverPort = 7000
auth.method = "token"
auth.token = "12345678"
transport.tls.enable = true
#以下是代理配置
[[proxies]]
#代理配置名称
name = "ssh"
#代理类型
type = "tcp"
#代理本地ip
localIP = "192.168.1.100"
#代理本地端口
localPort = 22
#代理远程端口
remotePort = 2222
使用systemctl管理frp
一般来说,debian系均安装systemd,如果未安装,使用apt install systemd -y进行安装
以下是frps安装教程
# 下载FRP (0.62.1版本)
wget https://github.com/fatedier/frp/releases/download/v0.62.1/frp_0.62.1_linux_amd64.tar.gz
# 创建目标目录
sudo mkdir -p /usr/local/frps
# 解压直接到目标目录
sudo tar -zxvf frp_0.62.1_linux_amd64.tar.gz --strip-components=1 -C /usr/local/frps
# 编辑配置文件
sudo vim /usr/local/frps/frps.toml
#创建Systemd服务文件
sudo vim /etc/systemd/system/frps.service
#以下是/etc/systemd/system/frps.service内容
[Unit]
Description=FRPS
After=network.target
[Service]
Type=simple
User=root
Restart=always
RestartSec=3s
ExecStart=/usr/local/frps/frps -c /usr/local/frps/frps.toml
[Install]
WantedBy=multi-user.target
使用 systemd 命令管理 frps 服务
# 启动frp
sudo systemctl start frps
# 停止frp
sudo systemctl stop frps
# 重启frp
sudo systemctl restart frps
# 查看frp状态
sudo systemctl status frps
#设置 frps 开机自启动
sudo systemctl enable frps
#取消 frps 开机自启动
sudo systemctl disable frps
以下是frpc安装教程
# 下载FRP (0.62.1版本)
wget https://github.com/fatedier/frp/releases/download/v0.62.1/frp_0.62.1_linux_amd64.tar.gz
# 创建目标目录
sudo mkdir -p /usr/local/frpc
# 解压直接到目标目录
sudo tar -zxvf frp_0.62.1_linux_amd64.tar.gz --strip-components=1 -C /usr/local/frpc
# 编辑配置文件
sudo vim /usr/local/frpc/frpc.toml
#创建Systemd服务文件
sudo vim /etc/systemd/system/frpc.service
#以下是/etc/systemd/system/frpc.service内容
[Unit]
Description=FRPC
After=network.target
[Service]
Type=simple
User=root
Restart=always
RestartSec=3s
ExecStart=/usr/local/frpc/frpc -c /usr/local/frpc/frpc.toml
[Install]
WantedBy=multi-user.target
使用 systemd 命令管理 frpc 服务
# 启动frp
sudo systemctl start frpc
# 停止frp
sudo systemctl stop frpc
# 重启frp
sudo systemctl restart frpc
# 查看frp状态
sudo systemctl status frpc
#设置 frpc 开机自启动
sudo systemctl enable frpc
#取消 frpc 开机自启动
sudo systemctl disable frpc
全配置详解
#frps
# 此配置文件仅供参考。请勿直接使用此配置运行程序,可能存在各种问题。
# IPv6 的字面地址或主机名必须用方括号括起来,
# 例如 "[::1]:80"、"[ipv6-host]:http" 或 "[ipv6-host%zone]:80"。
# 单字段 "bindAddr" 无需方括号,例如 `bindAddr = "::"`。
bindAddr = "0.0.0.0"
bindPort = 7000
# KCP 协议使用的 UDP 端口,可与 'bindPort' 相同。
# 未设置时,frps 将禁用 KCP。
kcpBindPort = 7000
# QUIC 协议使用的 UDP 端口。
# 未设置时,frps 将禁用 QUIC。
# quicBindPort = 7002
# 指定代理监听地址,默认值与 bindAddr 相同
# proxyBindAddr = "127.0.0.1"
# QUIC 协议选项
# transport.quic.keepalivePeriod = 10
# transport.quic.maxIdleTimeout = 30
# transport.quic.maxIncomingStreams = 100000
# 心跳配置,不建议修改默认值
# heartbeatTimeout 默认值为 90,设置为负数可禁用
# transport.heartbeatTimeout = 90
# 每个代理的连接池数量不超过 maxPoolCount
transport.maxPoolCount = 5
# 是否启用 TCP 流多路复用,默认为 true
# transport.tcpMux = true
# 指定 TCP 多路复用保活间隔(仅当 tcpMux=true 时有效)
# transport.tcpMuxKeepaliveInterval = 30
# 指定 frpc 与 frps 间活跃网络连接的保活探测间隔(秒)。
# 若为负值,则禁用保活探测。
# transport.tcpKeepalive = 7200
# 是否强制仅接受 TLS 加密连接(默认 false)
transport.tls.force = false
# transport.tls.certFile = "server.crt"
# transport.tls.keyFile = "server.key"
# transport.tls.trustedCaFile = "ca.crt"
# 如需支持虚拟主机,必须设置 HTTP 监听端口(可选)
# 注意:http 和 https 端口可与 bindPort 相同
vhostHTTPPort = 80
vhostHTTPSPort = 443
# 虚拟主机 HTTP 服务的响应头超时(秒),默认为 60
# vhostHTTPTimeout = 60
# 指定服务器监听 TCP HTTP CONNECT 请求的端口。
# 值为 0 表示不在单一端口复用 TCP 请求(默认)。
# 非零值将在此端口监听 HTTP CONNECT 请求。
# tcpmuxHTTPConnectPort = 1337
# 为 true 时,frps 不会对流量进行任何修改
# tcpmuxPassthrough = false
# 配置仪表板服务器(仅当 webServer.port 设置时生效)
webServer.addr = "127.0.0.1"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"
# webServer.tls.certFile = "server.crt"
# webServer.tls.keyFile = "server.key"
# 仪表板资源目录(仅调试模式)
# webServer.assetsDir = "./static"
# 在仪表板监听器中启用 Golang pprof 处理器(需先设置仪表板端口)
webServer.pprofEnable = false
# 在 webServer 的 /metrics 接口导出 Prometheus 指标
enablePrometheus = true
# 日志输出:console 或真实路径如 ./frps.log
log.to = "./frps.log"
# 日志级别:trace, debug, info, warn, error
log.level = "info"
log.maxDays = 3
# 日志输出到控制台时禁用颜色(默认 false)
log.disablePrintColor = false
# 是否向 frpc 发送详细错误信息(含调试信息),默认 true
detailedErrorsToClient = true
# 指定 frpc 与 frps 的认证方式。
# "token":在登录消息中读取令牌(默认)。
# "oidc":使用 OIDC 设置签发令牌。
auth.method = "token"
# 指定认证信息包含的额外范围(可选值:HeartBeats, NewWorkConns)
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
# 认证令牌
auth.token = "12345678"
# OIDC 令牌签发者
auth.oidc.issuer = ""
# OIDC 令牌目标受众
auth.oidc.audience = ""
# 是否跳过 OIDC 令牌过期检查
auth.oidc.skipExpiryCheck = false
# 是否跳过签发者声明匹配校验
auth.oidc.skipIssuerCheck = false
# 等待工作连接的最大超时时间(秒)
# userConnTimeout = 10
# 仅允许 frpc 绑定列出的端口(默认无限制)
allowPorts = [
{ start = 2000, end = 3000 },
{ single = 3001 },
{ single = 3003 },
{ start = 4000, end = 50000 }
]
# 单客户端最大可用端口数(0 表示无限制)
maxPortsPerClient = 0
# 非空时,frpc 配置中 http/https 类型代理可设置子域名
# 例如子域名为 test,则路由主机为 test.frps.com
subDomainHost = "frps.com"
# HTTP 请求的自定义 404 页面路径
# custom404Page = "/path/to/404.html"
# 指定 UDP 数据包大小(字节),未设置时默认 1500。
# 此参数需在客户端与服务端保持一致。
# 影响 udp 和 sudp 代理。
udpPacketSize = 1500
# NAT 穿透策略数据的保留时间(小时)
natholeAnalysisDataReserveHours = 168
# SSH 隧道网关
# 启用需设置 bindPort(其他参数可选),默认禁用。
# bindPort > 0 时自动启用。
# sshTunnelGateway.bindPort = 2200
# sshTunnelGateway.privateKeyFile = "/home/frp-user/.ssh/id_rsa"
# sshTunnelGateway.autoGenPrivateKeyPath = ""
# sshTunnelGateway.authorizedKeysFile = "/home/frp-user/.ssh/authorized_keys"
[[httpPlugins]]
name = "user-manager"
addr = "127.0.0.1:9000"
path = "/handler"
ops = ["Login"]
[[httpPlugins]]
name = "port-manager"
addr = "127.0.0.1:9001"
path = "/handler"
ops = ["NewProxy"]
#frpc
# 此配置文件仅供参考。请勿直接使用此配置运行程序,可能存在各种问题。
# 代理名称将变更为 {user}.{proxy} 格式
user = "your_name"
# IPv6 的字面地址或主机名必须用方括号括起来,
# 例如 "[::1]:80"、"[ipv6-host]:http" 或 "[ipv6-host%zone]:80"。
# 单字段 serverAddr 无需方括号,如 serverAddr = "::"。
serverAddr = "0.0.0.0"
serverPort = 7000
# 用于 NAT 穿透的 STUN 服务器
# natHoleStunServer = "stun.easyvoip.com:3478"
# 首次登录失败时是否退出程序(否则持续重连),默认为 true
loginFailExit = true
# 日志输出:console 或真实路径如 ./frpc.log
log.to = "./frpc.log"
# 日志级别:trace, debug, info, warn, error
log.level = "info"
log.maxDays = 3
# 日志输出到控制台时禁用颜色(默认 false)
log.disablePrintColor = false
auth.method = "token"
# 指定认证信息包含的额外范围(可选值:HeartBeats, NewWorkConns)
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
# 认证令牌
auth.token = "12345678"
# OIDC 认证的客户端 ID
# auth.oidc.clientID = ""
# OIDC 认证的客户端密钥
# auth.oidc.clientSecret = ""
# OIDC 令牌目标受众
# auth.oidc.audience = ""
# OIDC 令牌权限范围
# auth.oidc.scope = ""
# OIDC 令牌端点 URL
# auth.oidc.tokenEndpointURL = ""
# OIDC 令牌端点的附加参数
# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/"
# auth.oidc.additionalEndpointParams.var1 = "foobar"
# 设置 HTTP API 管理地址(用于重载等操作)
webServer.addr = "127.0.0.1"
webServer.port = 7400
webServer.user = "admin"
webServer.password = "admin"
# 管理页面资源目录(默认内置于 frpc)
# webServer.assetsDir = "./static"
# 在管理监听器中启用 Golang pprof 处理器
webServer.pprofEnable = false
# 连接服务器的最大超时时间(秒),默认 10
# transport.dialServerTimeout = 10
# frpc 与 frps 间活跃网络连接的保活探测间隔(秒)
# 若为负值,则禁用保活探测
# transport.dialServerKeepalive = 7200
# 预建立连接数,默认为 0
transport.poolCount = 5
# 是否启用 TCP 流多路复用(需与 frps 一致),默认为 true
# transport.tcpMux = true
# TCP 多路复用保活间隔(仅当 tcpMux 启用时有效)
# transport.tcpMuxKeepaliveInterval = 30
# 连接服务器的通信协议,支持 tcp/kcp/quic/websocket/wss,默认 tcp
transport.protocol = "tcp"
# 连接服务器时绑定的本地 IP(仅限 tcp/websocket 协议)
transport.connectServerLocalIP = "0.0.0.0"
# 通过 HTTP/SOCKS5/NTLM 代理连接 frps(仅限 tcp 协议)
# transport.proxyURL = "http://user:passwd@192.168.1.128:8080"
# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080"
# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080"
# QUIC 协议选项
# transport.quic.keepalivePeriod = 10
# transport.quic.maxIdleTimeout = 30
# transport.quic.maxIncomingStreams = 100000
# 是否启用 TLS 连接 frps(v0.50.0 起默认 true)
transport.tls.enable = true
# transport.tls.certFile = "client.crt"
# transport.tls.keyFile = "client.key"
# transport.tls.trustedCaFile = "ca.crt"
# transport.tls.serverName = "example.com"
# 启用 TLS 时是否禁用自定义首字节(v0.50.0 起默认 true)
# transport.tls.disableCustomTLSFirstByte = true
# 心跳配置(不建议修改默认值)
# heartbeatInterval 默认 10,heartbeatTimeout 默认 90,设为负值禁用
# transport.heartbeatInterval = 30
# transport.heartbeatTimeout = 90
# 指定 DNS 服务器(覆盖系统默认)
# dnsServer = "8.8.8.8"
# 需启用的代理名称(留空则启用全部)
# start = ["ssh", "dns"]
# 指定 UDP 数据包大小(字节),需与服务器一致,影响 udp/sudp 代理
udpPacketSize = 1500
# 实验特性开关
# featureGates = { VirtualNet = true }
# 实验性虚拟网络配置(需启用 VirtualNet 特性)
# virtualNet.address = "100.86.1.1/24"
# 客户端附加元数据
metadatas.var1 = "abc"
metadatas.var2 = "123"
# 包含其他代理配置文件
# includes = ["./confd/*.ini"]
[[proxies]]
# 代理唯一名称(若设全局 user 将变为 your_name.ssh)
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
# 带宽限制(单位 KB/MB)
transport.bandwidthLimit = "1MB"
# 带宽限制位置(client/server),默认 client
transport.bandwidthLimitMode = "client"
# 是否加密流量,默认 false
transport.useEncryption = false
# 是否压缩流量
transport.useCompression = false
# frps 监听端口
remotePort = 6001
# 同组代理负载均衡
loadBalancer.group = "test_group"
# 组密钥需一致
loadBalancer.groupKey = "123456"
# 后端服务健康检查(支持 tcp/http)
healthCheck.type = "tcp"
# 健康检查超时(秒)
healthCheck.timeoutSeconds = 3
# 连续失败 3 次后从 frps 移除
healthCheck.maxFailed = 3
# 检查间隔(秒)
healthCheck.intervalSeconds = 10
# 代理附加元数据(传递至服务端插件)
metadatas.var1 = "abc"
metadatas.var2 = "123"
# 仪表板注释信息
[proxies.annotations]
key1 = "value1"
"prefix/key2" = "value2"
[[proxies]]
name = "ssh_random"
type = "tcp"
localIP = "192.168.31.100"
localPort = 22
# remotePort=0 时 frps 分配随机端口
remotePort = 0
[[proxies]]
name = "dns"
type = "udp"
localIP = "114.114.114.114"
localPort = 53
remotePort = 6002
# 域名解析至 [serverAddr] 后可通过 http://web01.yourdomain.com 访问
[[proxies]]
name = "web01"
type = "http"
localIP = "127.0.0.1"
localPort = 80
# HTTP 基础认证(未设置则无需认证)
httpUser = "admin"
httpPassword = "admin"
# 若 frps 域为 frps.com,可通过 http://web01.frps.com 访问
subdomain = "web01"
customDomains = ["web01.yourdomain.com"]
# 仅 http 类型有效的位置过滤
locations = ["/", "/pic"]
# 按 HTTP 用户路由
# routeByHTTPUser = abc
hostHeaderRewrite = "example.com"
requestHeaders.set.x-from-where = "frp"
responseHeaders.set.foo = "bar"
healthCheck.type = "http"
# 向本地服务发送 GET /status 请求,2xx 响应视为存活
healthCheck.path = "/status"
healthCheck.intervalSeconds = 10
healthCheck.maxFailed = 3
healthCheck.timeoutSeconds = 3
# 健康检查头部
healthCheck.httpHeaders=[
{ name = "x-from-where", value = "frp" }
]
[[proxies]]
name = "web02"
type = "https"
localIP = "127.0.0.1"
localPort = 8000
subdomain = "web02"
customDomains = ["web02.yourdomain.com"]
# 使用 proxy protocol 传递连接信息
transport.proxyProtocolVersion = "v2"
[[proxies]]
name = "tcpmuxhttpconnect"
type = "tcpmux"
multiplexer = "httpconnect"
localIP = "127.0.0.1"
localPort = 10701
customDomains = ["tunnel1"]
# routeByHTTPUser = "user1"
[[proxies]]
name = "plugin_unix_domain_socket"
type = "tcp"
remotePort = 6003
# 启用插件时 localIP/localPort 无效
[proxies.plugin]
type = "unix_domain_socket"
unixPath = "/var/run/docker.sock"
[[proxies]]
name = "plugin_http_proxy"
type = "tcp"
remotePort = 6004
[proxies.plugin]
type = "http_proxy"
httpUser = "abc"
httpPassword = "abc"
[[proxies]]
name = "plugin_socks5"
type = "tcp"
remotePort = 6005
[proxies.plugin]
type = "socks5"
username = "abc"
password = "abc"
[[proxies]]
name = "plugin_static_file"
type = "tcp"
remotePort = 6006
[proxies.plugin]
type = "static_file"
localPath = "/var/www/blog"
stripPrefix = "static"
httpUser = "abc"
httpPassword = "abc"
[[proxies]]
name = "plugin_https2http"
type = "https"
customDomains = ["test.yourdomain.com"]
[proxies.plugin]
type = "https2http"
localAddr = "127.0.0.1:80"
crtPath = "./server.crt"
keyPath = "./server.key"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"
[[proxies]]
name = "plugin_https2https"
type = "https"
customDomains = ["test.yourdomain.com"]
[proxies.plugin]
type = "https2https"
localAddr = "127.0.0.1:443"
crtPath = "./server.crt"
keyPath = "./server.key"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"
[[proxies]]
name = "plugin_http2https"
type = "http"
customDomains = ["test.yourdomain.com"]
[proxies.plugin]
type = "http2https"
localAddr = "127.0.0.1:443"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"
[[proxies]]
name = "plugin_http2http"
type = "tcp"
remotePort = 6007
[proxies.plugin]
type = "http2http"
localAddr = "127.0.0.1:80"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"
[[proxies]]
name = "plugin_tls2raw"
type = "tcp"
remotePort = 6008
[proxies.plugin]
type = "tls2raw"
localAddr = "127.0.0.1:80"
crtPath = "./server.crt"
keyPath = "./server.key"
[[proxies]]
name = "secret_tcp"
# stcp 类型无需 remotePort,访问端需部署 visitor 角色的 frpc
type = "stcp"
# 访客认证密钥
secretKey = "abcdefg"
localIP = "127.0.0.1"
localPort = 22
# 允许访问的用户('*' 表示所有用户)
allowUsers = ["*"]
[[proxies]]
name = "p2p_tcp"
type = "xtcp"
secretKey = "abcdefg"
localIP = "127.0.0.1"
localPort = 22
# 允许访问的用户
allowUsers = ["user1", "user2"]
[[proxies]]
name = "vnet-server"
type = "stcp"
secretKey = "your-secret-key"
[proxies.plugin]
type = "virtual_net"
# frpc 访客端配置:visitor -> frps -> server
[[visitors]]
name = "secret_tcp_visitor"
type = "stcp"
# 目标服务器名称
serverName = "secret_tcp"
secretKey = "abcdefg"
# 访客绑定地址
bindAddr = "127.0.0.1"
# bindPort < 0 表示不绑定端口(仅接收重定向连接,sudp 不支持)
bindPort = 9000
[[visitors]]
name = "p2p_tcp_visitor"
type = "xtcp"
# 服务器用户(留空默认为当前用户)
serverUser = "user1"
serverName = "p2p_tcp"
secretKey = "abcdefg"
bindAddr = "127.0.0.1"
# bindPort < 0 表示不绑定端口
bindPort = 9001
# 是否保持隧道持久化
keepTunnelOpen = false
# 每小时穿透尝试次数(keepTunnelOpen=true 时生效)
maxRetriesAnHour = 8
minRetryInterval = 90
# fallbackTo = "stcp_visitor"
# fallbackTimeoutMs = 500
[[visitors]]
name = "vnet-visitor"
type = "stcp"
serverName = "vnet-server"
secretKey = "your-secret-key"
bindPort = -1
[visitors.plugin]
type = "virtual_net"
destinationIP = "100.86.0.1"
*这是一则由 Google AdSense 自动推荐的广告,不代表本站立场
*这是一则由 Google AdSense 自动推荐的广告,不代表本站立场
Comments NOTHING