Simple understanding and prerequisites for execution of Frp
When you have device A and want to access device C on the LAN, you can forward it through device B on the public network.
Prerequisites: a computer with a public IP, a cloud server, or a device with public IPv4/6. If When using ipv6 mode, all device BCs must support ipv6. In addition to bind_addr and server_addr, ipv6 addresses must be enclosed in [].
This article is based on: v0.48.0 version
official website: official website address
Girhub: Github address , just download the amd64 version for windows, 386 is x86
The easiest configuration on the server side (a computer with a public IP)
frps.ini (//please delete the comment)
[common]
bind_addr = 0.0.0.0//监听地址,默认0.0.0.0就行
bind_port = 7000//frps与frpc交互用的端口,记得打开防火墙
Create a new Start.bat, content: fprs -c frps.ini
Double-click to start
The easiest configuration for the client (intranet computer)
frpc.ini (//please delete the comment)
[common]
server_addr = 114.514.191.981//服务器的公网ip,网址也行
server_port = 7000//frps与frpc交互用的端口,记得打开防火墙
[test]//随便起个隧道名字,支持中文
local_ip = 127.0.0.1//被访问的IP
local_port = 3389//被访问的端口,3389就是远程桌面端口
remote_port = 7100//监听端口,当frps的这个端口收到请求后,会转发到上面的127.0.0.1:3389里
//frpc告诉服务端的frps,你收到7100端口的东西发到我127.0.0.1的3389端口里
//端口批量映射需要隧道名以range:开头,用1000-1010格式,,分隔
//可同时转发多个,配置同上
[test2]
...
...
Create a new Start.bat, content: fprc -c frpc.ini
Double-click to start
Since then, the configuration is complete. Remember to open the ports in the firewall inbound rules, or add firewall inbound rules to the exe.
Advanced configuration (more common parameters)
fps.ini
[common]
bind_addr = 0.0.0.0//监听地址,默认0.0.0.0就行
bind_port = 7000//frps与frpc交互用的端口,记得打开防火墙
token = 12345678//设置token
log_file = ./frps.log//日志路径
log_level = info//日志级别:trace(追踪), debug(调试), info(信息), warn(警告), error(错误)
log_max_days = 3//日志保存天数
max_pool_count = 5//连接池数量,如果有很多链接最好弄高点,默认5
//后台仪表盘,登录后可查看frp状态
dashboard_addr = 0.0.0.0//监听IP
dashboard_port = 7500//监听端口
dashboard_user = admin//登录账号
dashboard_pwd = admin//登录密码
//HTTP协议
vhost_http_port = 80//监听http协议的端口,可以与bind_port相同
vhost_https_port = 443//监听https协议的端口,可以与bind_port相同
vhost_http_timeout = 60//http协议超时时间(秒)
frpc.ini
[common]
server_addr = 114.514.191.981//服务器的公网ip,网址也行
server_port = 7000//frps与frpc交互用的端口,记得打开防火墙
token = 12345678//设置token,对应frps
log_file = ./frps.log//日志路径
log_level = info//日志级别:trace(追踪), debug(调试), info(信息), warn(警告), error(错误)
log_max_days = 3//日志保存天数
[test]
type = tcp//连接类型,tcp | udp | http | https | stcp | xtcp//默认TCP
local_ip = 127.0.0.1//被访问的IP
local_port = 3389//被访问的端口
remote_port = 7100//监听的服务器端的端口
use_encryption = true//是否加密信息
use_compression = true//是否压缩信息
bandwidth_limit = 1MB//限制该隧道的带宽,单位为KB或MB
bandwidth_limit_mode = client//限制带宽的位置,client或server,默认client(服务端)
Relatively complete configuration (basically not used)
fps.ini
[common]
bind_addr = 0.0.0.0//[必填]服务器IP,0.0.0.0表示监听所有,支持ipv6
bind_port = 7000//[必填]frps与frpc交互的端口(与你转发的端口无关)
bind_udp_port = 7001//UDP协议监听端口
kcp_bind_port = 7000//KPC协议的UDP监听端口
//QUIC协议的UDP设置
quic_bind_port = 7002//监听的端口,想使用必填
quic_keepalive_period = 10//有效期
quic_max_idle_timeout = 30//最大超时时间
quic_max_incoming_streams = 100000//最大传输流?
//网络代理
proxy_bind_addr = 127.0.0.1//代理的监听地址
//HTTP协议
vhost_http_port = 80//监听http协议的端口,可以与bind_port相同
vhost_https_port = 443//监听https协议的端口,可以与bind_port相同
vhost_http_timeout = 60//http协议超时时间(秒)
//?
tcpmux_httpconnect_port = 1337//监听TPC Http请求,默认0,如果是0,将不会监听
tcpmux_passthrough = false//如果是true,不会对流量进行更新
//后台仪表盘,查看frp状态
dashboard_addr = 0.0.0.0//监听IP
dashboard_port = 7500//监听端口
dashboard_user = admin//登录账号
dashboard_pwd = admin//登录密码
dashboard_tls_mode = false//是都开启仪表盘的tls模式(Https)
dashboard_tls_cert_file = server.crt//Https需要的crt
dashboard_tls_key_file = server.key//Https需要的key
pprof_enable = false//在仪表盘中是否启用golang-proff处理程序
//内部监控,使用Dashboard(后台仪表盘)的地址
enable_prometheus = true//可通过 http://后台仪表盘的IP和端口/metrics 进行访问
assets_dir = ./static//后台仪表盘资源目录(仅限debug模式)
//日志
log_file = ./frps.log//日志路径
log_level = info//日志级别:trace(追踪), debug(调试), info(信息), warn(警告), error(错误)
log_max_days = 3//日志保存天数
disable_log_color = false//当log_file为控制台时禁用日志颜色,默认值为false
detailed_errors_to_client = true//是否向frpc端发送错误消息
//验证
authentication_method = token//用何种方式进行验证,token和oidc(开放ID连接)
authenticate_heartbeats = false//是否要在发送给frps端的心跳包中包含身份验证令牌
authenticate_new_work_conns = false//是否要在发送给frps的新连接中包含身份令牌
token = 12345678//设置token
oidc_issuer =//oidc令牌,默认空
oidc_audience =//oidc受众,默认空
oidc_skip_expiry_check = false//如果是false,则会检查令牌是否过期
oidc_skip_issuer_check = false//如果是false,则会检查颁发者是否与oidc_issuer中指定的颁发者匹配
//其他
heartbeat_timeout = 90//心跳值,负数禁用,不建议改动
user_conn_timeout = 10//用户连接超时时间,不建议改动
allow_ports = 2000-3000,3001,3003,4000-50000//只允许frpc绑定这里列出来的端口,不设置则无限制
max_pool_count = 5//连接池数量,如果有很多链接最好弄高点,默认5
max_ports_per_client = 0//每个客户端可使用的最大端口,0则无限制
tls_only = false//是否只允许tls(Https)
tls_cert_file = server.crt//tls的crt
tls_key_file = server.key//tls的key
tls_trusted_ca_file = ca.crt//信任crt路径
subdomain_host = frps.com//自定义二级域名,设置后,frpc端只要设置subdomain就行,例如frpc的subdomain = test,将自动补全为test.frps.com
tcp_mux = true//是都开启TPC复用,开启后不需要一个用户一个连接,降低延迟节省开销
tcp_mux_keepalive_interval = 60//TPC复用的保活时间
tcp_keepalive = 7200//客户端与服务端的保活探测间隔
custom_404_page = /path/to/404.html//自定义404页面路径
udp_packet_size = 1500//指定UDP数据包大小,客户端服务端要一样
frpc.ini
配置服务器参数
[common]
server_addr = 0.0.0.0//[必填]服务器公网IP
server_port = 7000//[必填]frps与frpc交互的端口(与你转发的端口无关)
dial_server_timeout = 10//连接超时时间
dial_server_keepalive = 7200//客户端与服务端的保活探测间隔
//使用代理去链接frps,这里支持3种链接,仅限TPC模式
http_proxy = http://user:[email protected]:8080
http_proxy = socks5://user:[email protected]:1080
http_proxy = ntlm://user:[email protected]:2080
//日志
log_file = ./frps.log//日志路径
log_level = info//日志级别:trace(追踪), debug(调试), info(信息), warn(警告), error(错误)
log_max_days = 3//日志保存天数
disable_log_color = false//当log_file为控制台时禁用日志颜色,默认值为false
//验证
token = 12345678//frps上对应的token
authentication_method = token//用何种方式进行验证,token和oidc(开放ID连接)
authenticate_heartbeats = false//是否要在发送给frps端的心跳包中包含身份验证令牌
authenticate_new_work_conns = false//是否要在发送给frps的新连接中包含身份令牌
//oidc相关配置
oidc_client_id =
oidc_client_secret =
oidc_audience =
oidc_scope =
oidc_token_endpoint_url =
oidc_additional_audience = https://dev.auth.com/api/v2/
oidc_additional_var1 = foobar
//通过http操作frpc时的配置
admin_addr = 127.0.0.1//IP
admin_port = 7400//端口
admin_user = admin//用户名
admin_pwd = admin//密码
assets_dir = ./static//资源目录
pprof_enable = false//在仪表盘中是否启用golang-proff处理程序
//QUIC协议的UDP设置
quic_keepalive_period = 10//有效期
quic_max_idle_timeout = 30//最大超时时间
quic_max_incoming_streams = 100000//最大传输流?
//其他
tls_enable = true//如果为true,frpc将用tls(Https)的方式连接frps
tls_cert_file = server.crt//tls的crt
tls_key_file = server.key//tls的key
tls_trusted_ca_file = ca.crt//信任crt路径
tls_server_name = example.com//tls服务器名
disable_custom_tls_first_byte = false//若为true,并启用了tls,将用第一个自定义字节连接frps
dns_server = 8.8.8.8//设置frpc使用的DNS服务器
start = ssh,dns//设置代理名称,用,分割,默认空表示所有代理
pool_count = 5//提前建立链接,默认0
tcp_mux = true//是否开始TPC复用,值要与frps相同
tcp_mux_keepalive_interval = 60//TPC复用保活间隔
user = your_name//修改代理名称,将改为{
user}.{
proxy}
login_fail_exit = true//首次链接失败是否退出程序
protocol = tcp//连接到frps的通信协议
connect_server_local_ip = 0.0.0.0//protocol为TPC和websocket时设置的本地IP
udp_packet_size = 1500//指定UDP数据包大小
includes = ./confd/*.ini//包括代理的其他配置文件。
//心跳设置,不建议修改
heartbeat_interval = 30//间隔时间
heartbeat_timeout = 90//超时时间
//服务器端的其他元数据信息
meta_var1 = 123
meta_var2 = 234
配置客户端参数
[隧道名称]//隧道名称,[ssh]名字只能有一个
type = tcp//连接类型,tcp | udp | http | https | stcp | xtcp//默认TCP
local_ip = 127.0.0.1//转发的IP
local_port = 22//转发的本机端口
remote_port = 6001//监听的frps服务器的端口
bandwidth_limit = 1MB//限制该隧道的带宽,单位为KB或MB
bandwidth_limit_mode = client//限制带宽的位置,client或server,默认client(服务端)
use_encryption = false//是否加密信息
use_compression = false//是否压缩信息
//建立组,frps会对相同组内连接进行负载均衡,组秘钥需要一致
group = test_group//组命
group_key = 123456//组秘钥
//后端健康检查,检查连接健康度
health_check_type = tcp
health_check_timeout_s = 3//检查连接超时
health_check_max_failed = 3//失败次数,连接失败次数达到后,将从frps中删除该隧道
health_check_interval_s = 10//检查间隔,秒
subdomain = web01//子域名
custom_domains = web01.yourdomain.com//主域名
//其他元数据信息
meta_var1 = 123
meta_var2 = 234