From 806b55c2926ce222d97e446f3a0f1dd13abbd571 Mon Sep 17 00:00:00 2001 From: fatedier Date: Tue, 24 Oct 2023 10:08:29 +0800 Subject: [PATCH 1/2] admin user not convert in INI (#3719) --- Release.md | 2 +- pkg/config/legacy/conversion.go | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Release.md b/Release.md index 61ea1f44ec3..1660f1e19e2 100644 --- a/Release.md +++ b/Release.md @@ -1,3 +1,3 @@ ### Fixes -* Encryption and compression are not displayed correctly in the dashboard. +* `admin_user` is not effective in the INI configuration. diff --git a/pkg/config/legacy/conversion.go b/pkg/config/legacy/conversion.go index 7a550947b64..0892e4f26f7 100644 --- a/pkg/config/legacy/conversion.go +++ b/pkg/config/legacy/conversion.go @@ -71,6 +71,7 @@ func Convert_ClientCommonConf_To_v1(conf *ClientCommonConf) *v1.ClientCommonConf out.WebServer.Addr = conf.AdminAddr out.WebServer.Port = conf.AdminPort + out.WebServer.User = conf.AdminUser out.WebServer.Password = conf.AdminPwd out.WebServer.AssetsDir = conf.AssetsDir out.WebServer.PprofEnable = conf.PprofEnable From a6478aeac819e9bac5bf719f0c5259a5b6262c3e Mon Sep 17 00:00:00 2001 From: fatedier Date: Tue, 24 Oct 2023 10:42:51 +0800 Subject: [PATCH 2/2] rename example configuration file name (#3721) --- README.md | 6 +- conf/frpc.toml | 358 +---------------------------------- conf/frpc_full_example.toml | 361 ++++++++++++++++++++++++++++++++++++ conf/frps.toml | 155 ---------------- conf/frps_full_example.toml | 156 ++++++++++++++++ package.sh | 2 + pkg/util/version/version.go | 2 +- 7 files changed, 527 insertions(+), 513 deletions(-) create mode 100644 conf/frpc_full_example.toml create mode 100644 conf/frps_full_example.toml diff --git a/README.md b/README.md index cd1a2791cef..fb1592879e6 100644 --- a/README.md +++ b/README.md @@ -459,9 +459,11 @@ Read the full example configuration files to find out even more features not des Examples use TOML format, but you can still use YAML or JSON. -[Full configuration file for frps (Server)](./conf/frps.toml) +These configuration files is for reference only. Please do not use this configuration directly to run the program as it may have various issues. -[Full configuration file for frpc (Client)](./conf/frpc.toml) +[Full configuration file for frps (Server)](./conf/frps_full_example.toml) + +[Full configuration file for frpc (Client)](./conf/frpc_full_example.toml) ### Using Environment Variables diff --git a/conf/frpc.toml b/conf/frpc.toml index bdfc5643031..6438f040e9b 100644 --- a/conf/frpc.toml +++ b/conf/frpc.toml @@ -1,361 +1,9 @@ -# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues. - -# your proxy name will be changed to {user}.{proxy} -user = "your_name" - -# A literal address or host name for IPv6 must be enclosed -# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" -# For single serverAddr field, no need square brackets, like serverAddr = "::". -serverAddr = "0.0.0.0" +serverAddr = "127.0.0.1" serverPort = 7000 -# STUN server to help penetrate NAT hole. -# natHoleStunServer = "stun.easyvoip.com:3478" - -# Decide if exit program when first login failed, otherwise continuous relogin to frps -# default is true -loginFailExit = true - -# console or real logFile path like ./frpc.log -log.to = "./frpc.log" -# trace, debug, info, warn, error -log.level = "info" -log.maxDays = 3 -# disable log colors when log.to is console, default is false -log.disablePrintColor = false - -auth.method = "token" -# auth.additionalScopes specifies additional scopes to include authentication information. -# Optional values are HeartBeats, NewWorkConns. -# auth.additionalScopes = ["HeartBeats", "NewWorkConns"] - -# auth token -auth.token = "12345678" - -# oidc.clientID specifies the client ID to use to get a token in OIDC authentication. -# auth.oidc.clientID = "" -# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication. -# auth.oidc.clientSecret = "" -# oidc.audience specifies the audience of the token in OIDC authentication. -# auth.oidc.audience = "" -# oidc.scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "". -# auth.oidc.scope = "" -# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint. -# It will be used to get an OIDC token. -# auth.oidc.tokenEndpointURL = "" - -# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint. -# For example, if you want to specify the "audience" parameter, you can set as follow. -# frp will add "audience=" "var1=" to the additional parameters. -# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/" -# auth.oidc.additionalEndpointParams.var1 = "foobar" - -# Set admin address for control frpc's action by http api such as reload -webServer.addr = "127.0.0.1" -webServer.port = 7400 -webServer.user = "admin" -webServer.password = "admin" -# Admin assets directory. By default, these assets are bundled with frpc. -# webServer.assetsDir = "./static" - -# Enable golang pprof handlers in admin listener. -webServer.pprofEnable = false - -# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds. -# transport.dialServerTimeout = 10 - -# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. -# If negative, keep-alive probes are disabled. -# transport.dialServerKeepalive = 7200 - -# connections will be established in advance, default value is zero -transport.poolCount = 5 - -# If tcp stream multiplexing is used, default is true, it must be same with frps -# transport.tcpMux = true - -# Specify keep alive interval for tcp mux. -# only valid if tcpMux is enabled. -# transport.tcpMuxKeepaliveInterval = 60 - -# Communication protocol used to connect to server -# supports tcp, kcp, quic, websocket and wss now, default is tcp -transport.protocol = "tcp" - -# set client binding ip when connect server, default is empty. -# only when protocol = tcp or websocket, the value will be used. -transport.connectServerLocalIP = "0.0.0.0" - -# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables -# it only works when protocol is tcp -# transport.proxyURL = "http://user:passwd@192.168.1.128:8080" -# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080" -# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080" - -# quic protocol options -# transport.quic.keepalivePeriod = 10 -# transport.quic.maxIdleTimeout = 30 -# transport.quic.maxIncomingStreams = 100000 - -# If tls.enable is true, frpc will connect frps by tls. -# Since v0.50.0, the default value has been changed to true, and tls is enabled by default. -transport.tls.enable = true - -# transport.tls.certFile = "client.crt" -# transport.tls.keyFile = "client.key" -# transport.tls.trustedCaFile = "ca.crt" -# transport.tls.serverName = "example.com" - -# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the -# first custom byte when tls is enabled. -# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default. -# transport.tls.disableCustomTLSFirstByte = true - -# Heartbeat configure, it's not recommended to modify the default value. -# The default value of heartbeatInterval is 10 and heartbeatTimeout is 90. Set negative value -# to disable it. -# transport.heartbeatInterval = 30 -# transport.heartbeatTimeout = 90 - -# Specify a dns server, so frpc will use this instead of default one -# dnsServer = "8.8.8.8" - -# Proxy names you want to start. -# Default is empty, means all proxies. -# start = ["ssh", "dns"] - -# Specify udp packet size, unit is byte. If not set, the default value is 1500. -# This parameter should be same between client and server. -# It affects the udp and sudp proxy. -udpPacketSize = 1500 - -# Additional metadatas for client. -metadatas.var1 = "abc" -metadatas.var2 = "123" - -# Include other config files for proxies. -# includes = ["./confd/*.ini"] - -[[proxies]] -# 'ssh' is the unique proxy name -# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh' -name = "ssh" -type = "tcp" -localIP = "127.0.0.1" -localPort = 22 -# Limit bandwidth for this proxy, unit is KB and MB -transport.bandwidthLimit = "1MB" -# Where to limit bandwidth, can be 'client' or 'server', default is 'client' -transport.bandwidthLimitMode = "client" -# If true, traffic of this proxy will be encrypted, default is false -transport.useEncryption = false -# If true, traffic will be compressed -transport.useCompression = false -# Remote port listen by frps -remotePort = 6001 -# frps will load balancing connections for proxies in same group -loadBalancer.group = "test_group" -# group should have same group key -loadBalancer.groupKey = "123456" -# Enable health check for the backend service, it supports 'tcp' and 'http' now. -# frpc will connect local service's port to detect it's healthy status -healthCheck.type = "tcp" -# Health check connection timeout -healthCheck.timeoutSeconds = 3 -# If continuous failed in 3 times, the proxy will be removed from frps -healthCheck.maxFailed = 3 -# every 10 seconds will do a health check -healthCheck.intervalSeconds = 10 -# additional meta info for each proxy -metadatas.var1 = "abc" -metadatas.var2 = "123" - -[[proxies]] -name = "ssh_random" -type = "tcp" -localIP = "192.168.31.100" -localPort = 22 -# If remotePort is 0, frps will assign a random port for you -remotePort = 0 - -[[proxies]] -name = "dns" -type = "udp" -localIP = "114.114.114.114" -localPort = 53 -remotePort = 6002 - -# Resolve your domain names to [serverAddr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02 -[[proxies]] -name = "web01" -type = "http" -localIP = "127.0.0.1" -localPort = 80 -# http username and password are safety certification for http protocol -# if not set, you can access this customDomains without certification -httpUser = "admin" -httpPassword = "admin" -# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com -subdomain = "web01" -customDomains = ["web01.yourdomain.com"] -# locations is only available for http type -locations = ["/", "/pic"] -# route requests to this service if http basic auto user is abc -# routeByHTTPUser = abc -hostHeaderRewrite = "example.com" -requestHeaders.set.x-from-where = "frp" -healthCheck.type = "http" -# frpc will send a GET http request '/status' to local http service -# http service is alive when it return 2xx http response code -healthCheck.path = "/status" -healthCheck.intervalSeconds = 10 -healthCheck.maxFailed = 3 -healthCheck.timeoutSeconds = 3 - -[[proxies]] -name = "web02" -type = "https" -localIP = "127.0.0.1" -localPort = 8000 -subdomain = "web02" -customDomains = ["web02.yourdomain.com"] -# if not empty, frpc will use proxy protocol to transfer connection info to your local service -# v1 or v2 or empty -transport.proxyProtocolVersion = "v2" - -[[proxies]] -name = "tcpmuxhttpconnect" -type = "tcpmux" -multiplexer = "httpconnect" -localIP = "127.0.0.1" -localPort = 10701 -customDomains = ["tunnel1"] -# routeByHTTPUser = "user1" - -[[proxies]] -name = "plugin_unix_domain_socket" -type = "tcp" -remotePort = 6003 -# if plugin is defined, localIP and localPort is useless -# plugin will handle connections got from frps -[proxies.plugin] -type = "unix_domain_socket" -unixPath = "/var/run/docker.sock" - -[[proxies]] -name = "plugin_http_proxy" -type = "tcp" -remotePort = 6004 -[proxies.plugin] -type = "http_proxy" -httpUser = "abc" -httpPassword = "abc" - [[proxies]] -name = "plugin_socks5" +name = "test-tcp" type = "tcp" -remotePort = 6005 -[proxies.plugin] -type = "socks5" -username = "abc" -password = "abc" - -[[proxies]] -name = "plugin_static_file" -type = "tcp" -remotePort = 6006 -[proxies.plugin] -type = "static_file" -localPath = "/var/www/blog" -stripPrefix = "static" -httpUser = "abc" -httpPassword = "abc" - -[[proxies]] -name = "plugin_https2http" -type = "https" -customDomains = ["test.yourdomain.com"] -[proxies.plugin] -type = "https2http" -localAddr = "127.0.0.1:80" -crtPath = "./server.crt" -keyPath = "./server.key" -hostHeaderRewrite = "127.0.0.1" -requestHeaders.set.x-from-where = "frp" - -[[proxies]] -name = "plugin_https2https" -type = "https" -customDomains = ["test.yourdomain.com"] -[proxies.plugin] -type = "https2https" -localAddr = "127.0.0.1:443" -crtPath = "./server.crt" -keyPath = "./server.key" -hostHeaderRewrite = "127.0.0.1" -requestHeaders.set.x-from-where = "frp" - -[[proxies]] -name = "plugin_http2https" -type = "http" -customDomains = ["test.yourdomain.com"] -[proxies.plugin] -type = "http2https" -localAddr = "127.0.0.1:443" -hostHeaderRewrite = "127.0.0.1" -requestHeaders.set.x-from-where = "frp" - -[[proxies]] -name = "secret_tcp" -# If the type is secret tcp, remotePort is useless -# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor -type = "stcp" -# secretKey is used for authentication for visitors -secretKey = "abcdefg" localIP = "127.0.0.1" localPort = 22 -# If not empty, only visitors from specified users can connect. -# Otherwise, visitors from same user can connect. '*' means allow all users. -allowUsers = ["*"] - -[[proxies]] -name = "p2p_tcp" -type = "xtcp" -secretKey = "abcdefg" -localIP = "127.0.0.1" -localPort = 22 -# If not empty, only visitors from specified users can connect. -# Otherwise, visitors from same user can connect. '*' means allow all users. -allowUsers = ["user1", "user2"] - -# frpc role visitor -> frps -> frpc role server -[[visitors]] -name = "secret_tcp_visitor" -type = "stcp" -# the server name you want to visitor -serverName = "secret_tcp" -secretKey = "abcdefg" -# connect this address to visitor stcp server -bindAddr = "127.0.0.1" -# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from -# other visitors. (This is not supported for SUDP now) -bindPort = 9000 - -[[visitors]] -name = "p2p_tcp_visitor" -type = "xtcp" -# if the server user is not set, it defaults to the current user -serverUser = "user1" -serverName = "p2p_tcp" -secretKey = "abcdefg" -bindAddr = "127.0.0.1" -# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from -# other visitors. (This is not supported for SUDP now) -bindPort = 9001 -# when automatic tunnel persistence is required, set it to true -keepTunnelOpen = false -# effective when keepTunnelOpen is set to true, the number of attempts to punch through per hour -maxRetriesAnHour = 8 -minRetryInterval = 90 -# fallbackTo = "stcp_visitor" -# fallbackTimeoutMs = 500 +remotePort = 6000 diff --git a/conf/frpc_full_example.toml b/conf/frpc_full_example.toml new file mode 100644 index 00000000000..bdfc5643031 --- /dev/null +++ b/conf/frpc_full_example.toml @@ -0,0 +1,361 @@ +# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues. + +# your proxy name will be changed to {user}.{proxy} +user = "your_name" + +# A literal address or host name for IPv6 must be enclosed +# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" +# For single serverAddr field, no need square brackets, like serverAddr = "::". +serverAddr = "0.0.0.0" +serverPort = 7000 + +# STUN server to help penetrate NAT hole. +# natHoleStunServer = "stun.easyvoip.com:3478" + +# Decide if exit program when first login failed, otherwise continuous relogin to frps +# default is true +loginFailExit = true + +# console or real logFile path like ./frpc.log +log.to = "./frpc.log" +# trace, debug, info, warn, error +log.level = "info" +log.maxDays = 3 +# disable log colors when log.to is console, default is false +log.disablePrintColor = false + +auth.method = "token" +# auth.additionalScopes specifies additional scopes to include authentication information. +# Optional values are HeartBeats, NewWorkConns. +# auth.additionalScopes = ["HeartBeats", "NewWorkConns"] + +# auth token +auth.token = "12345678" + +# oidc.clientID specifies the client ID to use to get a token in OIDC authentication. +# auth.oidc.clientID = "" +# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication. +# auth.oidc.clientSecret = "" +# oidc.audience specifies the audience of the token in OIDC authentication. +# auth.oidc.audience = "" +# oidc.scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "". +# auth.oidc.scope = "" +# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint. +# It will be used to get an OIDC token. +# auth.oidc.tokenEndpointURL = "" + +# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint. +# For example, if you want to specify the "audience" parameter, you can set as follow. +# frp will add "audience=" "var1=" to the additional parameters. +# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/" +# auth.oidc.additionalEndpointParams.var1 = "foobar" + +# Set admin address for control frpc's action by http api such as reload +webServer.addr = "127.0.0.1" +webServer.port = 7400 +webServer.user = "admin" +webServer.password = "admin" +# Admin assets directory. By default, these assets are bundled with frpc. +# webServer.assetsDir = "./static" + +# Enable golang pprof handlers in admin listener. +webServer.pprofEnable = false + +# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds. +# transport.dialServerTimeout = 10 + +# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. +# If negative, keep-alive probes are disabled. +# transport.dialServerKeepalive = 7200 + +# connections will be established in advance, default value is zero +transport.poolCount = 5 + +# If tcp stream multiplexing is used, default is true, it must be same with frps +# transport.tcpMux = true + +# Specify keep alive interval for tcp mux. +# only valid if tcpMux is enabled. +# transport.tcpMuxKeepaliveInterval = 60 + +# Communication protocol used to connect to server +# supports tcp, kcp, quic, websocket and wss now, default is tcp +transport.protocol = "tcp" + +# set client binding ip when connect server, default is empty. +# only when protocol = tcp or websocket, the value will be used. +transport.connectServerLocalIP = "0.0.0.0" + +# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables +# it only works when protocol is tcp +# transport.proxyURL = "http://user:passwd@192.168.1.128:8080" +# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080" +# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080" + +# quic protocol options +# transport.quic.keepalivePeriod = 10 +# transport.quic.maxIdleTimeout = 30 +# transport.quic.maxIncomingStreams = 100000 + +# If tls.enable is true, frpc will connect frps by tls. +# Since v0.50.0, the default value has been changed to true, and tls is enabled by default. +transport.tls.enable = true + +# transport.tls.certFile = "client.crt" +# transport.tls.keyFile = "client.key" +# transport.tls.trustedCaFile = "ca.crt" +# transport.tls.serverName = "example.com" + +# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the +# first custom byte when tls is enabled. +# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default. +# transport.tls.disableCustomTLSFirstByte = true + +# Heartbeat configure, it's not recommended to modify the default value. +# The default value of heartbeatInterval is 10 and heartbeatTimeout is 90. Set negative value +# to disable it. +# transport.heartbeatInterval = 30 +# transport.heartbeatTimeout = 90 + +# Specify a dns server, so frpc will use this instead of default one +# dnsServer = "8.8.8.8" + +# Proxy names you want to start. +# Default is empty, means all proxies. +# start = ["ssh", "dns"] + +# Specify udp packet size, unit is byte. If not set, the default value is 1500. +# This parameter should be same between client and server. +# It affects the udp and sudp proxy. +udpPacketSize = 1500 + +# Additional metadatas for client. +metadatas.var1 = "abc" +metadatas.var2 = "123" + +# Include other config files for proxies. +# includes = ["./confd/*.ini"] + +[[proxies]] +# 'ssh' is the unique proxy name +# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh' +name = "ssh" +type = "tcp" +localIP = "127.0.0.1" +localPort = 22 +# Limit bandwidth for this proxy, unit is KB and MB +transport.bandwidthLimit = "1MB" +# Where to limit bandwidth, can be 'client' or 'server', default is 'client' +transport.bandwidthLimitMode = "client" +# If true, traffic of this proxy will be encrypted, default is false +transport.useEncryption = false +# If true, traffic will be compressed +transport.useCompression = false +# Remote port listen by frps +remotePort = 6001 +# frps will load balancing connections for proxies in same group +loadBalancer.group = "test_group" +# group should have same group key +loadBalancer.groupKey = "123456" +# Enable health check for the backend service, it supports 'tcp' and 'http' now. +# frpc will connect local service's port to detect it's healthy status +healthCheck.type = "tcp" +# Health check connection timeout +healthCheck.timeoutSeconds = 3 +# If continuous failed in 3 times, the proxy will be removed from frps +healthCheck.maxFailed = 3 +# every 10 seconds will do a health check +healthCheck.intervalSeconds = 10 +# additional meta info for each proxy +metadatas.var1 = "abc" +metadatas.var2 = "123" + +[[proxies]] +name = "ssh_random" +type = "tcp" +localIP = "192.168.31.100" +localPort = 22 +# If remotePort is 0, frps will assign a random port for you +remotePort = 0 + +[[proxies]] +name = "dns" +type = "udp" +localIP = "114.114.114.114" +localPort = 53 +remotePort = 6002 + +# Resolve your domain names to [serverAddr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02 +[[proxies]] +name = "web01" +type = "http" +localIP = "127.0.0.1" +localPort = 80 +# http username and password are safety certification for http protocol +# if not set, you can access this customDomains without certification +httpUser = "admin" +httpPassword = "admin" +# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com +subdomain = "web01" +customDomains = ["web01.yourdomain.com"] +# locations is only available for http type +locations = ["/", "/pic"] +# route requests to this service if http basic auto user is abc +# routeByHTTPUser = abc +hostHeaderRewrite = "example.com" +requestHeaders.set.x-from-where = "frp" +healthCheck.type = "http" +# frpc will send a GET http request '/status' to local http service +# http service is alive when it return 2xx http response code +healthCheck.path = "/status" +healthCheck.intervalSeconds = 10 +healthCheck.maxFailed = 3 +healthCheck.timeoutSeconds = 3 + +[[proxies]] +name = "web02" +type = "https" +localIP = "127.0.0.1" +localPort = 8000 +subdomain = "web02" +customDomains = ["web02.yourdomain.com"] +# if not empty, frpc will use proxy protocol to transfer connection info to your local service +# v1 or v2 or empty +transport.proxyProtocolVersion = "v2" + +[[proxies]] +name = "tcpmuxhttpconnect" +type = "tcpmux" +multiplexer = "httpconnect" +localIP = "127.0.0.1" +localPort = 10701 +customDomains = ["tunnel1"] +# routeByHTTPUser = "user1" + +[[proxies]] +name = "plugin_unix_domain_socket" +type = "tcp" +remotePort = 6003 +# if plugin is defined, localIP and localPort is useless +# plugin will handle connections got from frps +[proxies.plugin] +type = "unix_domain_socket" +unixPath = "/var/run/docker.sock" + +[[proxies]] +name = "plugin_http_proxy" +type = "tcp" +remotePort = 6004 +[proxies.plugin] +type = "http_proxy" +httpUser = "abc" +httpPassword = "abc" + +[[proxies]] +name = "plugin_socks5" +type = "tcp" +remotePort = 6005 +[proxies.plugin] +type = "socks5" +username = "abc" +password = "abc" + +[[proxies]] +name = "plugin_static_file" +type = "tcp" +remotePort = 6006 +[proxies.plugin] +type = "static_file" +localPath = "/var/www/blog" +stripPrefix = "static" +httpUser = "abc" +httpPassword = "abc" + +[[proxies]] +name = "plugin_https2http" +type = "https" +customDomains = ["test.yourdomain.com"] +[proxies.plugin] +type = "https2http" +localAddr = "127.0.0.1:80" +crtPath = "./server.crt" +keyPath = "./server.key" +hostHeaderRewrite = "127.0.0.1" +requestHeaders.set.x-from-where = "frp" + +[[proxies]] +name = "plugin_https2https" +type = "https" +customDomains = ["test.yourdomain.com"] +[proxies.plugin] +type = "https2https" +localAddr = "127.0.0.1:443" +crtPath = "./server.crt" +keyPath = "./server.key" +hostHeaderRewrite = "127.0.0.1" +requestHeaders.set.x-from-where = "frp" + +[[proxies]] +name = "plugin_http2https" +type = "http" +customDomains = ["test.yourdomain.com"] +[proxies.plugin] +type = "http2https" +localAddr = "127.0.0.1:443" +hostHeaderRewrite = "127.0.0.1" +requestHeaders.set.x-from-where = "frp" + +[[proxies]] +name = "secret_tcp" +# If the type is secret tcp, remotePort is useless +# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor +type = "stcp" +# secretKey is used for authentication for visitors +secretKey = "abcdefg" +localIP = "127.0.0.1" +localPort = 22 +# If not empty, only visitors from specified users can connect. +# Otherwise, visitors from same user can connect. '*' means allow all users. +allowUsers = ["*"] + +[[proxies]] +name = "p2p_tcp" +type = "xtcp" +secretKey = "abcdefg" +localIP = "127.0.0.1" +localPort = 22 +# If not empty, only visitors from specified users can connect. +# Otherwise, visitors from same user can connect. '*' means allow all users. +allowUsers = ["user1", "user2"] + +# frpc role visitor -> frps -> frpc role server +[[visitors]] +name = "secret_tcp_visitor" +type = "stcp" +# the server name you want to visitor +serverName = "secret_tcp" +secretKey = "abcdefg" +# connect this address to visitor stcp server +bindAddr = "127.0.0.1" +# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from +# other visitors. (This is not supported for SUDP now) +bindPort = 9000 + +[[visitors]] +name = "p2p_tcp_visitor" +type = "xtcp" +# if the server user is not set, it defaults to the current user +serverUser = "user1" +serverName = "p2p_tcp" +secretKey = "abcdefg" +bindAddr = "127.0.0.1" +# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from +# other visitors. (This is not supported for SUDP now) +bindPort = 9001 +# when automatic tunnel persistence is required, set it to true +keepTunnelOpen = false +# effective when keepTunnelOpen is set to true, the number of attempts to punch through per hour +maxRetriesAnHour = 8 +minRetryInterval = 90 +# fallbackTo = "stcp_visitor" +# fallbackTimeoutMs = 500 diff --git a/conf/frps.toml b/conf/frps.toml index d25f6473b35..28e6d968b95 100644 --- a/conf/frps.toml +++ b/conf/frps.toml @@ -1,156 +1 @@ -# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues. - -# A literal address or host name for IPv6 must be enclosed -# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" -# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`. -bindAddr = "0.0.0.0" bindPort = 7000 - -# udp port used for kcp protocol, it can be same with 'bindPort'. -# if not set, kcp is disabled in frps. -kcpBindPort = 7000 - -# udp port used for quic protocol. -# if not set, quic is disabled in frps. -# quicBindPort = 7002 - -# Specify which address proxy will listen for, default value is same with bindAddr -# proxyBindAddr = "127.0.0.1" - -# quic protocol options -# transport.quic.keepalivePeriod = 10 -# transport.quic.maxIdleTimeout = 30 -# transport.quic.maxIncomingStreams = 100000 - -# Heartbeat configure, it's not recommended to modify the default value -# The default value of heartbeatTimeout is 90. Set negative value to disable it. -# transport.heartbeatTimeout = 90 - -# Pool count in each proxy will keep no more than maxPoolCount. -transport.maxPoolCount = 5 - -# If tcp stream multiplexing is used, default is true -# transport.tcpMux = true - -# Specify keep alive interval for tcp mux. -# only valid if tcpMux is true. -# transport.tcpMuxKeepaliveInterval = 60 - -# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. -# If negative, keep-alive probes are disabled. -# transport.tcpKeepalive = 7200 - -# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false. -tls.force = false - -# transport.tls.certFile = "server.crt" -# transport.tls.keyFile = "server.key" -# transport.tls.trustedCaFile = "ca.crt" - -# If you want to support virtual host, you must set the http port for listening (optional) -# Note: http port and https port can be same with bindPort -vhostHTTPPort = 80 -vhostHTTPSPort = 443 - -# Response header timeout(seconds) for vhost http server, default is 60s -# vhostHTTPTimeout = 60 - -# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP -# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP -# requests on one single port. If it's not - it will listen on this value for -# HTTP CONNECT requests. By default, this value is 0. -# tcpmuxHTTPConnectPort = 1337 - -# If tcpmuxPassthrough is true, frps won't do any update on traffic. -# tcpmuxPassthrough = false - -# Configure the web server to enable the dashboard for frps. -# dashboard is available only if webServer.port is set. -webServer.addr = "127.0.0.1" -webServer.port = 7500 -webServer.user = "admin" -webServer.password = "admin" -# webServer.tls.certFile = "server.crt" -# webServer.tls.keyFile = "server.key" -# dashboard assets directory(only for debug mode) -# webServer.assetsDir = "./static" - -# Enable golang pprof handlers in dashboard listener. -# Dashboard port must be set first -webServer.pprofEnable = false - -# enablePrometheus will export prometheus metrics on webServer in /metrics api. -enablePrometheus = true - -# console or real logFile path like ./frps.log -log.to = "./frps.log" -# trace, debug, info, warn, error -log.level = "info" -log.maxDays = 3 -# disable log colors when log.to is console, default is false -log.disablePrintColor = false - -# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true. -detailedErrorsToClient = true - -# auth.method specifies what authentication method to use authenticate frpc with frps. -# If "token" is specified - token will be read into login message. -# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token". -auth.method = "token" - -# auth.additionalScopes specifies additional scopes to include authentication information. -# Optional values are HeartBeats, NewWorkConns. -# auth.additionalScopes = ["HeartBeats", "NewWorkConns"] - -# auth token -auth.token = "12345678" - -# oidc issuer specifies the issuer to verify OIDC tokens with. -auth.oidc.issuer = "" -# oidc audience specifies the audience OIDC tokens should contain when validated. -auth.oidc.audience = "" -# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired. -auth.oidc.skipExpiryCheck = false -# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer. -auth.oidc.skipIssuerCheck = false - -# userConnTimeout specifies the maximum time to wait for a work connection. -# userConnTimeout = 10 - -# Only allow frpc to bind ports you list. By default, there won't be any limit. -allowPorts = [ - { start = 2000, end = 3000 }, - { single = 3001 }, - { single = 3003 }, - { start = 4000, end = 50000 } -] - -# Max ports can be used for each client, default value is 0 means no limit -maxPortsPerClient = 0 - -# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file -# When subdomain is est, the host used by routing is test.frps.com -subDomainHost = "frps.com" - -# custom 404 page for HTTP requests -# custom404Page = "/path/to/404.html" - -# specify udp packet size, unit is byte. If not set, the default value is 1500. -# This parameter should be same between client and server. -# It affects the udp and sudp proxy. -udpPacketSize = 1500 - -# Retention time for NAT hole punching strategy data. -natholeAnalysisDataReserveHours = 168 - -[[httpPlugins]] -name = "user-manager" -addr = "127.0.0.1:9000" -path = "/handler" -ops = ["Login"] - -[[httpPlugins]] -name = "port-manager" -addr = "127.0.0.1:9001" -path = "/handler" -ops = ["NewProxy"] diff --git a/conf/frps_full_example.toml b/conf/frps_full_example.toml new file mode 100644 index 00000000000..d25f6473b35 --- /dev/null +++ b/conf/frps_full_example.toml @@ -0,0 +1,156 @@ +# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues. + +# A literal address or host name for IPv6 must be enclosed +# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" +# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`. +bindAddr = "0.0.0.0" +bindPort = 7000 + +# udp port used for kcp protocol, it can be same with 'bindPort'. +# if not set, kcp is disabled in frps. +kcpBindPort = 7000 + +# udp port used for quic protocol. +# if not set, quic is disabled in frps. +# quicBindPort = 7002 + +# Specify which address proxy will listen for, default value is same with bindAddr +# proxyBindAddr = "127.0.0.1" + +# quic protocol options +# transport.quic.keepalivePeriod = 10 +# transport.quic.maxIdleTimeout = 30 +# transport.quic.maxIncomingStreams = 100000 + +# Heartbeat configure, it's not recommended to modify the default value +# The default value of heartbeatTimeout is 90. Set negative value to disable it. +# transport.heartbeatTimeout = 90 + +# Pool count in each proxy will keep no more than maxPoolCount. +transport.maxPoolCount = 5 + +# If tcp stream multiplexing is used, default is true +# transport.tcpMux = true + +# Specify keep alive interval for tcp mux. +# only valid if tcpMux is true. +# transport.tcpMuxKeepaliveInterval = 60 + +# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. +# If negative, keep-alive probes are disabled. +# transport.tcpKeepalive = 7200 + +# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false. +tls.force = false + +# transport.tls.certFile = "server.crt" +# transport.tls.keyFile = "server.key" +# transport.tls.trustedCaFile = "ca.crt" + +# If you want to support virtual host, you must set the http port for listening (optional) +# Note: http port and https port can be same with bindPort +vhostHTTPPort = 80 +vhostHTTPSPort = 443 + +# Response header timeout(seconds) for vhost http server, default is 60s +# vhostHTTPTimeout = 60 + +# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP +# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP +# requests on one single port. If it's not - it will listen on this value for +# HTTP CONNECT requests. By default, this value is 0. +# tcpmuxHTTPConnectPort = 1337 + +# If tcpmuxPassthrough is true, frps won't do any update on traffic. +# tcpmuxPassthrough = false + +# Configure the web server to enable the dashboard for frps. +# dashboard is available only if webServer.port is set. +webServer.addr = "127.0.0.1" +webServer.port = 7500 +webServer.user = "admin" +webServer.password = "admin" +# webServer.tls.certFile = "server.crt" +# webServer.tls.keyFile = "server.key" +# dashboard assets directory(only for debug mode) +# webServer.assetsDir = "./static" + +# Enable golang pprof handlers in dashboard listener. +# Dashboard port must be set first +webServer.pprofEnable = false + +# enablePrometheus will export prometheus metrics on webServer in /metrics api. +enablePrometheus = true + +# console or real logFile path like ./frps.log +log.to = "./frps.log" +# trace, debug, info, warn, error +log.level = "info" +log.maxDays = 3 +# disable log colors when log.to is console, default is false +log.disablePrintColor = false + +# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true. +detailedErrorsToClient = true + +# auth.method specifies what authentication method to use authenticate frpc with frps. +# If "token" is specified - token will be read into login message. +# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token". +auth.method = "token" + +# auth.additionalScopes specifies additional scopes to include authentication information. +# Optional values are HeartBeats, NewWorkConns. +# auth.additionalScopes = ["HeartBeats", "NewWorkConns"] + +# auth token +auth.token = "12345678" + +# oidc issuer specifies the issuer to verify OIDC tokens with. +auth.oidc.issuer = "" +# oidc audience specifies the audience OIDC tokens should contain when validated. +auth.oidc.audience = "" +# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired. +auth.oidc.skipExpiryCheck = false +# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer. +auth.oidc.skipIssuerCheck = false + +# userConnTimeout specifies the maximum time to wait for a work connection. +# userConnTimeout = 10 + +# Only allow frpc to bind ports you list. By default, there won't be any limit. +allowPorts = [ + { start = 2000, end = 3000 }, + { single = 3001 }, + { single = 3003 }, + { start = 4000, end = 50000 } +] + +# Max ports can be used for each client, default value is 0 means no limit +maxPortsPerClient = 0 + +# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file +# When subdomain is est, the host used by routing is test.frps.com +subDomainHost = "frps.com" + +# custom 404 page for HTTP requests +# custom404Page = "/path/to/404.html" + +# specify udp packet size, unit is byte. If not set, the default value is 1500. +# This parameter should be same between client and server. +# It affects the udp and sudp proxy. +udpPacketSize = 1500 + +# Retention time for NAT hole punching strategy data. +natholeAnalysisDataReserveHours = 168 + +[[httpPlugins]] +name = "user-manager" +addr = "127.0.0.1:9000" +path = "/handler" +ops = ["Login"] + +[[httpPlugins]] +name = "port-manager" +addr = "127.0.0.1:9001" +path = "/handler" +ops = ["NewProxy"] diff --git a/package.sh b/package.sh index 5d51434a806..de3ab2fded0 100755 --- a/package.sh +++ b/package.sh @@ -46,6 +46,8 @@ for os in $os_all; do mv ./frps_${os}_${arch} ${frp_path}/frps fi cp ../LICENSE ${frp_path} + cp -f ../conf/frpc.toml ${frp_path} + cp -f ../conf/frps.toml ${frp_path} # packages cd ./packages diff --git a/pkg/util/version/version.go b/pkg/util/version/version.go index 0f58a3b539b..2dc60eee6fc 100644 --- a/pkg/util/version/version.go +++ b/pkg/util/version/version.go @@ -19,7 +19,7 @@ import ( "strings" ) -var version = "0.52.2" +var version = "0.52.3" func Full() string { return version