Frps服务端全配置文件 frps_full_example.toml
[collapse status=“false” title=“frps服务端配置文件原文”]
# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`.
bindAddr = "0.0.0.0"
bindPort = 7000
# udp port used for kcp protocol, it can be same with 'bindPort'.
# if not set, kcp is disabled in frps.
kcpBindPort = 7000
# udp port used for quic protocol.
# if not set, quic is disabled in frps.
# quicBindPort = 7002
# Specify which address proxy will listen for, default value is same with bindAddr
# proxyBindAddr = "127.0.0.1"
# quic protocol options
# transport.quic.keepalivePeriod = 10
# transport.quic.maxIdleTimeout = 30
# transport.quic.maxIncomingStreams = 100000
# Heartbeat configure, it's not recommended to modify the default value
# The default value of heartbeatTimeout is 90. Set negative value to disable it.
# transport.heartbeatTimeout = 90
# Pool count in each proxy will keep no more than maxPoolCount.
transport.maxPoolCount = 5
# If tcp stream multiplexing is used, default is true
# transport.tcpMux = true
# Specify keep alive interval for tcp mux.
# only valid if tcpMux is true.
# transport.tcpMuxKeepaliveInterval = 60
# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
# If negative, keep-alive probes are disabled.
# transport.tcpKeepalive = 7200
# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false.
transport.tls.force = false
# transport.tls.certFile = "server.crt"
# transport.tls.keyFile = "server.key"
# transport.tls.trustedCaFile = "ca.crt"
# If you want to support virtual host, you must set the http port for listening (optional)
# Note: http port and https port can be same with bindPort
vhostHTTPPort = 80
vhostHTTPSPort = 443
# Response header timeout(seconds) for vhost http server, default is 60s
# vhostHTTPTimeout = 60
# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP
# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
# requests on one single port. If it's not - it will listen on this value for
# HTTP CONNECT requests. By default, this value is 0.
# tcpmuxHTTPConnectPort = 1337
# If tcpmuxPassthrough is true, frps won't do any update on traffic.
# tcpmuxPassthrough = false
# Configure the web server to enable the dashboard for frps.
# dashboard is available only if webServer.port is set.
webServer.addr = "127.0.0.1"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"
# webServer.tls.certFile = "server.crt"
# webServer.tls.keyFile = "server.key"
# dashboard assets directory(only for debug mode)
# webServer.assetsDir = "./static"
# Enable golang pprof handlers in dashboard listener.
# Dashboard port must be set first
webServer.pprofEnable = false
# enablePrometheus will export prometheus metrics on webServer in /metrics api.
enablePrometheus = true
# console or real logFile path like ./frps.log
log.to = "./frps.log"
# trace, debug, info, warn, error
log.level = "info"
log.maxDays = 3
# disable log colors when log.to is console, default is false
log.disablePrintColor = false
# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
detailedErrorsToClient = true
# auth.method specifies what authentication method to use authenticate frpc with frps.
# If "token" is specified - token will be read into login message.
# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
auth.method = "token"
# auth.additionalScopes specifies additional scopes to include authentication information.
# Optional values are HeartBeats, NewWorkConns.
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
# auth token
auth.token = "12345678"
# oidc issuer specifies the issuer to verify OIDC tokens with.
auth.oidc.issuer = ""
# oidc audience specifies the audience OIDC tokens should contain when validated.
auth.oidc.audience = ""
# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired.
auth.oidc.skipExpiryCheck = false
# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
auth.oidc.skipIssuerCheck = false
# userConnTimeout specifies the maximum time to wait for a work connection.
# userConnTimeout = 10
# Only allow frpc to bind ports you list. By default, there won't be any limit.
allowPorts = [
{ start = 2000, end = 3000 },
{ single = 3001 },
{ single = 3003 },
{ start = 4000, end = 50000 }
]
# Max ports can be used for each client, default value is 0 means no limit
maxPortsPerClient = 0
# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file
# When subdomain is test, the host used by routing is test.frps.com
subDomainHost = "frps.com"
# custom 404 page for HTTP requests
# custom404Page = "/path/to/404.html"
# specify udp packet size, unit is byte. If not set, the default value is 1500.
# This parameter should be same between client and server.
# It affects the udp and sudp proxy.
udpPacketSize = 1500
# Retention time for NAT hole punching strategy data.
natholeAnalysisDataReserveHours = 168
# ssh tunnel gateway
# If you want to enable this feature, the bindPort parameter is required, while others are optional.
# By default, this feature is disabled. It will be enabled if bindPort is greater than 0.
# sshTunnelGateway.bindPort = 2200
# sshTunnelGateway.privateKeyFile = "/home/frp-user/.ssh/id_rsa"
# sshTunnelGateway.autoGenPrivateKeyPath = ""
# sshTunnelGateway.authorizedKeysFile = "/home/frp-user/.ssh/authorized_keys"
[[httpPlugins]]
name = "user-manager"
addr = "127.0.0.1:9000"
path = "/handler"
ops = ["Login"]
[[httpPlugins]]
name = "port-manager"
addr = "127.0.0.1:9001"
path = "/handler"
ops = ["NewProxy"]
[/collapse]
[collapse status=“false” title=“frps服务端配置文件中文注释(机翻)“]
# 此配置文件仅供参考,请勿直接使用此配置文件运行程序,因为可能存在各种问题。
# IPv6的文字地址或主机名必须用方括号括起来,例如"[::1]:80"、"[ipv6-host]:http"或"[ipv6-host%zone]:80"。
# 对于单个的"bindAddr"字段,不需要方括号,像`bindAddr = "::"`。
bindAddr = "0.0.0.0"
bindPort = 7000
# 用于kcp协议的UDP端口,可以与'bindPort'相同。
# 如果未设置,则在frps中禁用kcp。
kcpBindPort = 7000
# 用于quic协议的UDP端口。
# 如果未设置,则在frps中禁用quic。
# quicBindPort = 7002
# 指定代理将监听的地址,默认值与bindAddr相同
# proxyBindAddr = "127.0.0.1"
# quic协议选项
# transport.quic.keepalivePeriod = 10
# transport.quic.maxIdleTimeout = 30
# transport.quic.maxIncomingStreams = 100000
# 心跳配置,不建议修改默认值
# heartbeatTimeout的默认值为90。设置为负值可以禁用心跳。
# transport.heartbeatTimeout = 90
# 每个代理中保留的连接池数量不超过maxPoolCount。
transport.maxPoolCount = 5
# 如果使用了tcp流多路复用,默认值为true
# transport.tcpMux = true
# 指定tcp多路复用的保持活动间隔。
# 仅在tcpMux为true时有效。
# transport.tcpMuxKeepaliveInterval = 60
# tcpKeepalive指定frpc和frps之间的活动网络连接的保持活动探测之间的间隔时间。
# 如果为负值,则禁用保持活动探测。
# transport.tcpKeepalive = 7200
# transport.tls.force指定是否仅接受TLS加密连接。默认值为false。
transport.tls.force = false
# transport.tls.certFile = "server.crt"
# transport.tls.keyFile = "server.key"
# transport.tls.trustedCaFile = "ca.crt"
# 如果要支持虚拟主机,必须设置用于监听的http端口(可选)
# 注意:http端口和https端口可以与bindPort相同
vhostHTTPPort = 80
vhostHTTPSPort = 443
# vhost http服务器的响应头超时时间(秒),默认值为60秒
# vhostHTTPTimeout = 60
# tcpmuxHTTPConnectPort指定服务器监听TCP HTTP CONNECT请求的端口。
# 如果值为0,则服务器不会在一个单一端口上复用TCP请求。
# 如果不是0,则会在此值上监听HTTP CONNECT请求。默认情况下,此值为0。
# tcpmuxHTTPConnectPort = 1337
# 如果tcpmuxPassthrough为true,则frps不会对流量进行任何更新。
# tcpmuxPassthrough = false
# 配置web服务器以启用frps的仪表板。
# 仪表板仅在设置了webServer.port时可用。
webServer.addr = "127.0.0.1"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"
# webServer.tls.certFile = "server.crt"
# webServer.tls.keyFile = "server.key"
# 仪表板资源目录(仅用于调试模式)
# webServer.assetsDir = "./static"
# 在仪表板侦听器中启用golang pprof处理程序。
# 必须先设置仪表板端口
webServer.pprofEnable = false
# enablePrometheus将在webServer的/metrics api上导出prometheus指标。
enablePrometheus = true
# 控制台或实际的logFile路径,如./frps.log
log.to = "./frps.log"
# trace, debug, info, warn, error
log.level = "info"
log.maxDays = 3
# 当log.to为console时禁用日志颜色,默认值为false
log.disablePrintColor = false
# DetailedErrorsToClient定义是否向frpc发送具体的错误(带有调试信息)。
# 默认情况下,此值为true。
detailedErrorsToClient = true
# auth.method指定用于验证frpc与frps之间的身份验证方法。
# 如果指定为"token" - token将被读入登录消息。
# 如果指定为"oidc" - 将使用OIDC(Open ID Connect)设置发行OIDC(Open ID Connect)令牌。默认情况下,此值为"token"。
auth.method = "token"
# auth.additionalScopes指定要包括在身份验证信息中的附加范围。
# 可选值为HeartBeats、NewWorkConns。
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
# auth token
auth.token = "12345678"
# oidc发行者指定用于验证OIDC令牌的发行者。
auth.oidc.issuer = ""
# oidc受众指定在验证时OIDC令牌应包含的受众。
auth.oidc.audience = ""
# oidc skipExpiryCheck指定是否跳过检查OIDC令牌是否过期。
auth.oidc.skipExpiryCheck = false
# oidc skipIssuerCheck指定是否跳过检查OIDC令牌的发行者声明是否与OidcIssuer中指定的发行者匹配。
auth.oidc.skipIssuerCheck = false
# userConnTimeout指定等待工作连接的最长时间。
# userConnTimeout = 10
# 仅允许frpc绑定您列出的端口。默认情况下,不会有任何限制。
allowPorts = [
{ start = 2000, end = 3000 },
{ single = 3001 },
{ single = 3003 },
{ start = 4000, end = 50000 }
]
# 每个客户端可使用的最大端口数,默认值为0表示无限制
maxPortsPerClient = 0
# 如果subDomainHost不为空,则可以在frpc的配置文件中的类型为http或https的情况下设置子域名
# 当子域名为test时,路由使用的主机名为test.frps.com
subDomainHost = "frps.com"
# HTTP请求的自定义404页面
# custom404Page = "/path/to/404.html"
# 指定UDP数据包大小,单位为字节。如果未设置,默认值为1500。
# 此参数应与客户端和服务器端相同。
# 它会影响UDP和SUDP代理。
udpPacketSize = 1500
# NAT打洞策略数据的保留时间。
natholeAnalysisDataReserveHours = 168
# SSH隧道网关
# 如果要启用此功能,则需要bindPort参数,其他参数是可选的。
# 默认情况下,此功能是禁用的。如果bindPort大于0,它将被启用。
# sshTunnelGateway.bindPort = 2200
# sshTunnelGateway.privateKeyFile = "/home/frp-user/.ssh/id_rsa"
# sshTunnelGateway.autoGenPrivateKeyPath = ""
# sshTunnelGateway.authorizedKeysFile = "/home/frp-user/.ssh/authorized_keys"
[[httpPlugins]]
name = "user-manager"
addr = "127.0.0.1:9000"
path = "/handler"
ops = ["Login"]
[[httpPlugins]]
name = "port-manager"
addr = "127.0.0.1:9001"
path = "/handler"
ops = ["NewProxy"]
[/collapse]
参与讨论