frps配置
学思创
15
文档https://gofrp.org/zh-cn/docs/reference/server-configures/
frps_full_example.toml
# 此配置文件仅供参考,请不要直接使用此配置运行程序,可能会存在各种问题
# IPv6的地址或主机名必须用方括号包裹
# 例如 "[::1]:80", "[ipv6-host]:http" 或 "[ipv6-host%zone]:80"
# 单独的 "bindAddr" 字段不需要方括号,例如 `bindAddr = "::"`
bindAddr = "0.0.0.0"
bindPort = 7000
# 用于KCP协议的UDP端口,可以与 'bindPort' 相同
# 如果未设置,frps中将禁用KCP
kcpBindPort = 7000
# 用于QUIC协议的UDP端口
# 如果未设置,frps中将禁用QUIC
# quicBindPort = 7002
# 指定代理监听地址,默认值与bindAddr相同
# proxyBindAddr = "127.0.0.1"
# QUIC协议选项
# transport.quic.keepalivePeriod = 10
# transport.quic.maxIdleTimeout = 30
# transport.quic.maxIncomingStreams = 100000
# 心跳配置,不建议修改默认值
# 心跳超时默认值为90,设置为负数将禁用
# transport.heartbeatTimeout = 90
# 每个代理中的连接池数量不超过maxPoolCount
transport.maxPoolCount = 5
# 是否启用TCP流多路复用,默认为true
# transport.tcpMux = true
# 指定TCP多路复用保活间隔
# 仅在tcpMux启用时有效
# transport.tcpMuxKeepaliveInterval = 30
# 指定TCP连接的保活探测间隔
# 设置为负数将禁用保活探测
# transport.tcpKeepalive = 7200
# transport.tls.force 指定是否只接受TLS加密连接,默认false
transport.tls.force = false
# transport.tls.certFile = "server.crt"
# transport.tls.keyFile = "server.key"
# transport.tls.trustedCaFile = "ca.crt"
# 如需支持虚拟主机,必须设置HTTP监听端口(可选)
# 注意:http端口和https端口可以与bindPort相同
vhostHTTPPort = 80
vhostHTTPSPort = 443
# 虚拟主机HTTP服务器的响应头超时(秒),默认60秒
# vhostHTTPTimeout = 60
# 指定服务器监听TCP HTTP CONNECT请求的端口
# 值为0时不在单一端口复用TCP请求
# 默认值为0
# tcpmuxHTTPConnectPort = 1337
# 如果tcpmuxPassthrough为true,frps不会对流量做任何修改
# tcpmuxPassthrough = false
# 配置仪表板Web服务器
# 只有设置webServer.port后仪表板才可用
webServer.addr = "127.0.0.1"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"
# webServer.tls.certFile = "server.crt"
# webServer.tls.keyFile = "server.key"
# 仪表板资源目录(仅调试模式使用)
# webServer.assetsDir = "./static"
# 在仪表板中启用golang pprof处理器
# 必须先设置仪表板端口
webServer.pprofEnable = false
# 在Web服务器的/metrics接口导出Prometheus指标
enablePrometheus = true
# 日志输出:console或文件路径如./frps.log
log.to = "./frps.log"
# 日志级别:trace, debug, info, warn, error
log.level = "info"
log.maxDays = 3
# 禁用控制台日志颜色,当log.to为console时有效,默认false
log.disablePrintColor = false
# 是否向客户端发送详细错误信息(含调试信息),默认true
detailedErrorsToClient = true
# 指定认证方式验证frpc与frps的连接
# "token"表示使用令牌认证
# "oidc"表示使用OIDC认证,默认值为"token"
auth.method = "token"
# 指定认证信息的附加范围
# 可选值:HeartBeats, NewWorkConns
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
# 认证令牌
auth.token = "12345678"
# OIDC颁发者验证配置
auth.oidc.issuer = ""
auth.oidc.audience = ""
auth.oidc.skipExpiryCheck = false
auth.oidc.skipIssuerCheck = false
# 等待工作连接的最大时间
# userConnTimeout = 10
# 仅允许frpc绑定列出的端口(默认无限制)
allowPorts = [
{ start = 2000, end = 3000 },
{ single = 3001 },
{ single = 3003 },
{ start = 4000, end = 50000 }
]
# 每个客户端可使用的最大端口数,0表示无限制
maxPortsPerClient = 0
# 设置子域名主机后,frpc配置中http/https类型代理可设置子域名
# 当子域名为test时,路由使用的host为test.frps.com
subDomainHost = "frps.com"
# 自定义HTTP 404页面
# custom404Page = "/path/to/404.html"
# 指定UDP数据包大小(字节),默认1500
# 此参数需客户端和服务端保持一致
# 影响udp和sudp代理
udpPacketSize = 1500
# NAT打洞策略数据保留时间(小时)
natholeAnalysisDataReserveHours = 168
# SSH隧道网关配置
# 启用需设置bindPort参数,其他参数可选
# 默认禁用,当bindPort>0时启用
# sshTunnelGateway.bindPort = 2200
# sshTunnelGateway.privateKeyFile = "/home/frp-user/.ssh/id_rsa"
# sshTunnelGateway.autoGenPrivateKeyPath = ""
# sshTunnelGateway.authorizedKeysFile = "/home/frp-user/.ssh/authorized_keys"
[[httpPlugins]]
name = "user-manager"
addr = "127.0.0.1:9000"
path = "/handler"
ops = ["Login"]
[[httpPlugins]]
name = "port-manager"
addr = "127.0.0.1:9001"
path = "/handler"
ops = ["NewProxy"]