feat:修正并添加frp的tls设置 (#1142)

2025-03-25 01:51:16 +08:00 · 2024-03-27 15:41:53 +08:00 · 2024-03-27 15:41:53 +08:00 · a1ce4bb18a
commit a1ce4bb18a
parent d4bf07da01
8 changed files with 79 additions and 25 deletions
--- a/apps/frpc/0.56.0/data.yml
+++ b/apps/frpc/0.56.0/data.yml
@ -33,4 +33,11 @@ additionalProperties:
          required: true
          random: true
          rule: paramComplexity
-          type: password
+          type: password
        - default: ./data/ssl
          disabled: true
          envKey: SSL_FOLDER_PATH
          labelEn: Certificate folder path (corresponding to "/etc/frp/ssl" in container)
          labelZh: 证书文件夹路径 (对应容器内 "/etc/frp/ssl")
          required: true
          type: text
--- a/apps/frpc/0.56.0/data/frpc.toml
+++ b/apps/frpc/0.56.0/data/frpc.toml
@ -1,8 +1,17 @@
 serverAddr = "0.0.0.0"
 serverPort = 7000
 auth.method = "token"
 auth.token = "token123456"
 webServer.addr = "0.0.0.0"
 webServer.port = 40001
 webServer.user = "admin"
 webServer.password = "password123456"
 webServer.pprofEnable = false
 # tls
 #transport.tls.certFile = "/etc/frp/ssl/client.crt"
 #transport.tls.keyFile = "/etc/frp/ssl/client.key"
 #transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt"
--- a/apps/frpc/0.56.0/data/frpc_full.toml
+++ b/apps/frpc/0.56.0/data/frpc_full.toml
@ -1,3 +1,5 @@
 # This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
 # your proxy name will be changed to {user}.{proxy}
 user = "your_name"
@ -36,7 +38,7 @@ auth.token = "12345678"
 # auth.oidc.clientSecret = ""
 # oidc.audience specifies the audience of the token in OIDC authentication.
 # auth.oidc.audience = ""
-# oidc_scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
+# oidc.scope specifies the permissions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
 # auth.oidc.scope = ""
 # oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
 # It will be used to get an OIDC token.
@ -110,7 +112,7 @@ transport.tls.enable = true
 # transport.tls.disableCustomTLSFirstByte = true
 # Heartbeat configure, it's not recommended to modify the default value.
-# The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value
+# The default value of heartbeatInterval is 10 and heartbeatTimeout is 90. Set negative value
 # to disable it.
 # transport.heartbeatInterval = 30
 # transport.heartbeatTimeout = 90
@ -162,18 +164,23 @@ healthCheck.type = "tcp"
 healthCheck.timeoutSeconds = 3
 # If continuous failed in 3 times, the proxy will be removed from frps
 healthCheck.maxFailed = 3
-# every 10 seconds will do a health check
+# Every 10 seconds will do a health check
 healthCheck.intervalSeconds = 10
-# additional meta info for each proxy
+# Additional meta info for each proxy. It will be passed to the server-side plugin for use.
 metadatas.var1 = "abc"
 metadatas.var2 = "123"
 # You can add some extra information to the proxy through annotations.
 # These annotations will be displayed on the frps dashboard.
 [proxies.annotations]
 key1 = "value1"
 "prefix/key2" = "value2"
 [[proxies]]
 name = "ssh_random"
 type = "tcp"
 localIP = "192.168.31.100"
 localPort = 22
-# If remote_port is 0, frps will assign a random port for you
+# If remotePort is 0, frps will assign a random port for you
 remotePort = 0
 [[proxies]]
@ -183,14 +190,14 @@ localIP = "114.114.114.114"
 localPort = 53
 remotePort = 6002
-# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
+# Resolve your domain names to [serverAddr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
 [[proxies]]
 name = "web01"
 type = "http"
 localIP = "127.0.0.1"
 localPort = 80
 # http username and password are safety certification for http protocol
-# if not set, you can access this custom_domains without certification
+# if not set, you can access this customDomains without certification
 httpUser = "admin"
 httpPassword = "admin"
 # if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
@ -199,9 +206,8 @@ customDomains = ["web01.yourdomain.com"]
 # locations is only available for http type
 locations = ["/", "/pic"]
 # route requests to this service if http basic auto user is abc
-# route_by_http_user = abc
+# routeByHTTPUser = abc
 hostHeaderRewrite = "example.com"
 # params with prefix "header_" will be used to update http request headers
 requestHeaders.set.x-from-where = "frp"
 healthCheck.type = "http"
 # frpc will send a GET http request '/status' to local http service
@ -210,6 +216,10 @@ healthCheck.path = "/status"
 healthCheck.intervalSeconds = 10
 healthCheck.maxFailed = 3
 healthCheck.timeoutSeconds = 3
 # set health check headers
 healthCheck.httpHeaders=[
    { name = "x-from-where", value = "frp" }
 ]
 [[proxies]]
 name = "web02"
@ -235,7 +245,7 @@ customDomains = ["tunnel1"]
 name = "plugin_unix_domain_socket"
 type = "tcp"
 remotePort = 6003
-# if plugin is defined, local_ip and local_port is useless
+# if plugin is defined, localIP and localPort is useless
 # plugin will handle connections got from frps
 [proxies.plugin]
 type = "unix_domain_socket"
@ -306,7 +316,7 @@ requestHeaders.set.x-from-where = "frp"
 [[proxies]]
 name = "secret_tcp"
-# If the type is secret tcp, remote_port is useless
+# If the type is secret tcp, remotePort is useless
 # Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
 type = "stcp"
 # secretKey is used for authentication for visitors
@ -353,7 +363,7 @@ bindAddr = "127.0.0.1"
 bindPort = 9001
 # when automatic tunnel persistence is required, set it to true
 keepTunnelOpen = false
-# effective when keep_tunnel_open is set to true, the number of attempts to punch through per hour
+# effective when keepTunnelOpen is set to true, the number of attempts to punch through per hour
 maxRetriesAnHour = 8
 minRetryInterval = 90
 # fallbackTo = "stcp_visitor"
--- a/apps/frpc/0.56.0/docker-compose.yml
+++ b/apps/frpc/0.56.0/docker-compose.yml
@ -6,7 +6,7 @@ services:
    network_mode: host
    volumes:
        - ./data/frpc.toml:/etc/frp/frpc.toml
        - "${SSL_FOLDER_PATH}:/etc/frp/ssl"
    image: snowdreamtech/frpc:0.56.0
    labels:  
      createdBy: "Apps"
--- a/apps/frps/0.56.0/data.yml
+++ b/apps/frps/0.56.0/data.yml
@ -27,4 +27,11 @@ additionalProperties:
          required: true
          random: true
          rule: paramComplexity
-          type: password
+          type: password
        - default: ./data/ssl
          disabled: true
          envKey: SSL_FOLDER_PATH
          labelEn: Certificate folder path (corresponding to "/etc/frp/ssl" in container)
          labelZh: 证书文件夹路径 (对应容器内 "/etc/frp/ssl")
          required: true
          type: text
--- a/apps/frps/0.56.0/data/frps.toml
+++ b/apps/frps/0.56.0/data/frps.toml
@ -1,6 +1,16 @@
 bindAddr = "0.0.0.0"
 bindPort = 7000
 auth.method = "token"
 auth.token = "token123456"
 webServer.addr = "0.0.0.0"
 webServer.port = 7500
 webServer.user = "admin"
-webServer.password = "admin"
+webServer.password = "admin"
 # tls
 #transport.tls.force = true
 #transport.tls.certFile = "/etc/frp/ssl/server.crt"
 #transport.tls.keyFile = "/etc/frp/ssl/server.key"
 #transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt"
--- a/apps/frps/0.56.0/data/frps_full.toml
+++ b/apps/frps/0.56.0/data/frps_full.toml
@ -1,10 +1,12 @@
 # This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
 # A literal address or host name for IPv6 must be enclosed
 # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
-# For single "bind_addr" field, no need square brackets, like "bind_addr = ::".
+# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`.
 bindAddr = "0.0.0.0"
 bindPort = 7000
-# udp port used for kcp protocol, it can be same with 'bind_port'.
+# udp port used for kcp protocol, it can be same with 'bindPort'.
 # if not set, kcp is disabled in frps.
 kcpBindPort = 7000
@ -12,8 +14,8 @@ kcpBindPort = 7000
 # if not set, quic is disabled in frps.
 # quicBindPort = 7002
-# Specify which address proxy will listen for, default value is same with bind_addr
+# Specify which address proxy will listen for, default value is same with bindAddr
-# proxy_bind_addr = "127.0.0.1"
+# proxyBindAddr = "127.0.0.1"
 # quic protocol options
 # transport.quic.keepalivePeriod = 10
@ -21,7 +23,7 @@ kcpBindPort = 7000
 # transport.quic.maxIncomingStreams = 100000
 # Heartbeat configure, it's not recommended to modify the default value
-# The default value of heartbeat_timeout is 90. Set negative value to disable it.
+# The default value of heartbeatTimeout is 90. Set negative value to disable it.
 # transport.heartbeatTimeout = 90
 # Pool count in each proxy will keep no more than maxPoolCount.
@ -39,14 +41,14 @@ transport.maxPoolCount = 5
 # transport.tcpKeepalive = 7200
 # transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false.
-tls.force = false
+transport.tls.force = false
 # transport.tls.certFile = "server.crt"
 # transport.tls.keyFile = "server.key"
 # transport.tls.trustedCaFile = "ca.crt"
 # If you want to support virtual host, you must set the http port for listening (optional)
-# Note: http port and https port can be same with bind_port
+# Note: http port and https port can be same with bindPort
 vhostHTTPPort = 80
 vhostHTTPSPort = 443
@ -59,7 +61,7 @@ vhostHTTPSPort = 443
 # HTTP CONNECT requests. By default, this value is 0.
 # tcpmuxHTTPConnectPort = 1337
-# If tcpmux_passthrough is true, frps won't do any update on traffic.
+# If tcpmuxPassthrough is true, frps won't do any update on traffic.
 # tcpmuxPassthrough = false
 # Configure the web server to enable the dashboard for frps.
@ -127,7 +129,7 @@ allowPorts = [
 maxPortsPerClient = 0
 # If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file
-# When subdomain is est, the host used by routing is test.frps.com
+# When subdomain is test, the host used by routing is test.frps.com
 subDomainHost = "frps.com"
 # custom 404 page for HTTP requests
@ -141,6 +143,14 @@ udpPacketSize = 1500
 # Retention time for NAT hole punching strategy data.
 natholeAnalysisDataReserveHours = 168
 # ssh tunnel gateway
 # If you want to enable this feature, the bindPort parameter is required, while others are optional.
 # By default, this feature is disabled. It will be enabled if bindPort is greater than 0.
 # sshTunnelGateway.bindPort = 2200
 # sshTunnelGateway.privateKeyFile = "/home/frp-user/.ssh/id_rsa"
 # sshTunnelGateway.autoGenPrivateKeyPath = ""
 # sshTunnelGateway.authorizedKeysFile = "/home/frp-user/.ssh/authorized_keys"
 [[httpPlugins]]
 name = "user-manager"
 addr = "127.0.0.1:9000"
--- a/apps/frps/0.56.0/docker-compose.yml
+++ b/apps/frps/0.56.0/docker-compose.yml
@ -6,6 +6,7 @@ services:
    network_mode: host
    volumes:
        - ./data/frps.toml:/etc/frp/frps.toml
        - "${SSL_FOLDER_PATH}:/etc/frp/ssl"
    image: snowdreamtech/frps:0.56.0
    labels:  
      createdBy: "Apps"