diff --git a/apps/frpc/0.56.0/data.yml b/apps/frpc/0.56.0/data.yml index 2a164c2d..8cdfa961 100644 --- a/apps/frpc/0.56.0/data.yml +++ b/apps/frpc/0.56.0/data.yml @@ -33,4 +33,11 @@ additionalProperties: required: true random: true rule: paramComplexity - type: password \ No newline at end of file + type: password + - default: ./data/ssl + disabled: true + envKey: SSL_FOLDER_PATH + labelEn: Certificate folder path (corresponding to "/etc/frp/ssl" in container) + labelZh: 证书文件夹路径 (对应容器内 "/etc/frp/ssl") + required: true + type: text diff --git a/apps/frpc/0.56.0/data/frpc.toml b/apps/frpc/0.56.0/data/frpc.toml index 3d6f6806..a172f59a 100644 --- a/apps/frpc/0.56.0/data/frpc.toml +++ b/apps/frpc/0.56.0/data/frpc.toml @@ -1,8 +1,17 @@ serverAddr = "0.0.0.0" serverPort = 7000 +auth.method = "token" +auth.token = "token123456" + webServer.addr = "0.0.0.0" webServer.port = 40001 webServer.user = "admin" webServer.password = "password123456" webServer.pprofEnable = false + + +# tls +#transport.tls.certFile = "/etc/frp/ssl/client.crt" +#transport.tls.keyFile = "/etc/frp/ssl/client.key" +#transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt" diff --git a/apps/frpc/0.56.0/data/frpc_full.toml b/apps/frpc/0.56.0/data/frpc_full.toml index 05d6cbe2..0528ddea 100644 --- a/apps/frpc/0.56.0/data/frpc_full.toml +++ b/apps/frpc/0.56.0/data/frpc_full.toml @@ -1,3 +1,5 @@ +# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues. + # your proxy name will be changed to {user}.{proxy} user = "your_name" @@ -36,7 +38,7 @@ auth.token = "12345678" # auth.oidc.clientSecret = "" # oidc.audience specifies the audience of the token in OIDC authentication. # auth.oidc.audience = "" -# oidc_scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "". +# oidc.scope specifies the permissions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "". # auth.oidc.scope = "" # oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint. # It will be used to get an OIDC token. @@ -110,7 +112,7 @@ transport.tls.enable = true # transport.tls.disableCustomTLSFirstByte = true # Heartbeat configure, it's not recommended to modify the default value. -# The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value +# The default value of heartbeatInterval is 10 and heartbeatTimeout is 90. Set negative value # to disable it. # transport.heartbeatInterval = 30 # transport.heartbeatTimeout = 90 @@ -162,18 +164,23 @@ healthCheck.type = "tcp" healthCheck.timeoutSeconds = 3 # If continuous failed in 3 times, the proxy will be removed from frps healthCheck.maxFailed = 3 -# every 10 seconds will do a health check +# Every 10 seconds will do a health check healthCheck.intervalSeconds = 10 -# additional meta info for each proxy +# Additional meta info for each proxy. It will be passed to the server-side plugin for use. metadatas.var1 = "abc" metadatas.var2 = "123" +# You can add some extra information to the proxy through annotations. +# These annotations will be displayed on the frps dashboard. +[proxies.annotations] +key1 = "value1" +"prefix/key2" = "value2" [[proxies]] name = "ssh_random" type = "tcp" localIP = "192.168.31.100" localPort = 22 -# If remote_port is 0, frps will assign a random port for you +# If remotePort is 0, frps will assign a random port for you remotePort = 0 [[proxies]] @@ -183,14 +190,14 @@ localIP = "114.114.114.114" localPort = 53 remotePort = 6002 -# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02 +# Resolve your domain names to [serverAddr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02 [[proxies]] name = "web01" type = "http" localIP = "127.0.0.1" localPort = 80 # http username and password are safety certification for http protocol -# if not set, you can access this custom_domains without certification +# if not set, you can access this customDomains without certification httpUser = "admin" httpPassword = "admin" # if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com @@ -199,9 +206,8 @@ customDomains = ["web01.yourdomain.com"] # locations is only available for http type locations = ["/", "/pic"] # route requests to this service if http basic auto user is abc -# route_by_http_user = abc +# routeByHTTPUser = abc hostHeaderRewrite = "example.com" -# params with prefix "header_" will be used to update http request headers requestHeaders.set.x-from-where = "frp" healthCheck.type = "http" # frpc will send a GET http request '/status' to local http service @@ -210,6 +216,10 @@ healthCheck.path = "/status" healthCheck.intervalSeconds = 10 healthCheck.maxFailed = 3 healthCheck.timeoutSeconds = 3 +# set health check headers +healthCheck.httpHeaders=[ + { name = "x-from-where", value = "frp" } +] [[proxies]] name = "web02" @@ -235,7 +245,7 @@ customDomains = ["tunnel1"] name = "plugin_unix_domain_socket" type = "tcp" remotePort = 6003 -# if plugin is defined, local_ip and local_port is useless +# if plugin is defined, localIP and localPort is useless # plugin will handle connections got from frps [proxies.plugin] type = "unix_domain_socket" @@ -306,7 +316,7 @@ requestHeaders.set.x-from-where = "frp" [[proxies]] name = "secret_tcp" -# If the type is secret tcp, remote_port is useless +# If the type is secret tcp, remotePort is useless # Who want to connect local port should deploy another frpc with stcp proxy and role is visitor type = "stcp" # secretKey is used for authentication for visitors @@ -353,7 +363,7 @@ bindAddr = "127.0.0.1" bindPort = 9001 # when automatic tunnel persistence is required, set it to true keepTunnelOpen = false -# effective when keep_tunnel_open is set to true, the number of attempts to punch through per hour +# effective when keepTunnelOpen is set to true, the number of attempts to punch through per hour maxRetriesAnHour = 8 minRetryInterval = 90 # fallbackTo = "stcp_visitor" diff --git a/apps/frpc/0.56.0/docker-compose.yml b/apps/frpc/0.56.0/docker-compose.yml index 39a9c01d..9d0b15ea 100644 --- a/apps/frpc/0.56.0/docker-compose.yml +++ b/apps/frpc/0.56.0/docker-compose.yml @@ -6,7 +6,7 @@ services: network_mode: host volumes: - ./data/frpc.toml:/etc/frp/frpc.toml + - "${SSL_FOLDER_PATH}:/etc/frp/ssl" image: snowdreamtech/frpc:0.56.0 labels: createdBy: "Apps" - diff --git a/apps/frps/0.56.0/data.yml b/apps/frps/0.56.0/data.yml index e71e29ff..6f1eef65 100644 --- a/apps/frps/0.56.0/data.yml +++ b/apps/frps/0.56.0/data.yml @@ -27,4 +27,11 @@ additionalProperties: required: true random: true rule: paramComplexity - type: password \ No newline at end of file + type: password + - default: ./data/ssl + disabled: true + envKey: SSL_FOLDER_PATH + labelEn: Certificate folder path (corresponding to "/etc/frp/ssl" in container) + labelZh: 证书文件夹路径 (对应容器内 "/etc/frp/ssl") + required: true + type: text diff --git a/apps/frps/0.56.0/data/frps.toml b/apps/frps/0.56.0/data/frps.toml index 1c23779b..c6dc7620 100644 --- a/apps/frps/0.56.0/data/frps.toml +++ b/apps/frps/0.56.0/data/frps.toml @@ -1,6 +1,16 @@ +bindAddr = "0.0.0.0" bindPort = 7000 +auth.method = "token" +auth.token = "token123456" + webServer.addr = "0.0.0.0" webServer.port = 7500 webServer.user = "admin" -webServer.password = "admin" \ No newline at end of file +webServer.password = "admin" + +# tls +#transport.tls.force = true +#transport.tls.certFile = "/etc/frp/ssl/server.crt" +#transport.tls.keyFile = "/etc/frp/ssl/server.key" +#transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt" diff --git a/apps/frps/0.56.0/data/frps_full.toml b/apps/frps/0.56.0/data/frps_full.toml index 180a3b24..35c1a57b 100644 --- a/apps/frps/0.56.0/data/frps_full.toml +++ b/apps/frps/0.56.0/data/frps_full.toml @@ -1,10 +1,12 @@ +# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues. + # A literal address or host name for IPv6 must be enclosed # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" -# For single "bind_addr" field, no need square brackets, like "bind_addr = ::". +# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`. bindAddr = "0.0.0.0" bindPort = 7000 -# udp port used for kcp protocol, it can be same with 'bind_port'. +# udp port used for kcp protocol, it can be same with 'bindPort'. # if not set, kcp is disabled in frps. kcpBindPort = 7000 @@ -12,8 +14,8 @@ kcpBindPort = 7000 # if not set, quic is disabled in frps. # quicBindPort = 7002 -# Specify which address proxy will listen for, default value is same with bind_addr -# proxy_bind_addr = "127.0.0.1" +# Specify which address proxy will listen for, default value is same with bindAddr +# proxyBindAddr = "127.0.0.1" # quic protocol options # transport.quic.keepalivePeriod = 10 @@ -21,7 +23,7 @@ kcpBindPort = 7000 # transport.quic.maxIncomingStreams = 100000 # Heartbeat configure, it's not recommended to modify the default value -# The default value of heartbeat_timeout is 90. Set negative value to disable it. +# The default value of heartbeatTimeout is 90. Set negative value to disable it. # transport.heartbeatTimeout = 90 # Pool count in each proxy will keep no more than maxPoolCount. @@ -39,14 +41,14 @@ transport.maxPoolCount = 5 # transport.tcpKeepalive = 7200 # transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false. -tls.force = false +transport.tls.force = false # transport.tls.certFile = "server.crt" # transport.tls.keyFile = "server.key" # transport.tls.trustedCaFile = "ca.crt" # If you want to support virtual host, you must set the http port for listening (optional) -# Note: http port and https port can be same with bind_port +# Note: http port and https port can be same with bindPort vhostHTTPPort = 80 vhostHTTPSPort = 443 @@ -59,7 +61,7 @@ vhostHTTPSPort = 443 # HTTP CONNECT requests. By default, this value is 0. # tcpmuxHTTPConnectPort = 1337 -# If tcpmux_passthrough is true, frps won't do any update on traffic. +# If tcpmuxPassthrough is true, frps won't do any update on traffic. # tcpmuxPassthrough = false # Configure the web server to enable the dashboard for frps. @@ -127,7 +129,7 @@ allowPorts = [ maxPortsPerClient = 0 # If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file -# When subdomain is est, the host used by routing is test.frps.com +# When subdomain is test, the host used by routing is test.frps.com subDomainHost = "frps.com" # custom 404 page for HTTP requests @@ -141,6 +143,14 @@ udpPacketSize = 1500 # Retention time for NAT hole punching strategy data. natholeAnalysisDataReserveHours = 168 +# ssh tunnel gateway +# If you want to enable this feature, the bindPort parameter is required, while others are optional. +# By default, this feature is disabled. It will be enabled if bindPort is greater than 0. +# sshTunnelGateway.bindPort = 2200 +# sshTunnelGateway.privateKeyFile = "/home/frp-user/.ssh/id_rsa" +# sshTunnelGateway.autoGenPrivateKeyPath = "" +# sshTunnelGateway.authorizedKeysFile = "/home/frp-user/.ssh/authorized_keys" + [[httpPlugins]] name = "user-manager" addr = "127.0.0.1:9000" diff --git a/apps/frps/0.56.0/docker-compose.yml b/apps/frps/0.56.0/docker-compose.yml index f1cc099d..29a6b428 100644 --- a/apps/frps/0.56.0/docker-compose.yml +++ b/apps/frps/0.56.0/docker-compose.yml @@ -6,6 +6,7 @@ services: network_mode: host volumes: - ./data/frps.toml:/etc/frp/frps.toml + - "${SSL_FOLDER_PATH}:/etc/frp/ssl" image: snowdreamtech/frps:0.56.0 labels: createdBy: "Apps"