内网穿透工具—FRP

# [common] is integral section[common]# A literal address or host name for IPv6 must be enclosed# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"bind_addr = 0.0.0.0bind_port = 7000
# udp port to help make udp hole to penetrate natbind_udp_port = 7001
# udp port used for kcp protocol, it can be same with 'bind_port'# if not set, kcp is disabled in frpskcp_bind_port = 7000
# specify which address proxy will listen for, default value is same with bind_addr# proxy_bind_addr = 127.0.0.1
# if you want to support virtual host, you must set the http port for listening (optional)# Note: http port and https port can be same with bind_portvhost_http_port = 80vhost_https_port = 443
# response header timeout(seconds) for vhost http server, default is 60s# vhost_http_timeout = 60
# set dashboard_addr and dashboard_port to view dashboard of frps# dashboard_addr's default value is same with bind_addr# dashboard is available only if dashboard_port is setdashboard_addr = 0.0.0.0dashboard_port = 7500
# dashboard user and passwd for basic auth protect, if not set, both default value is admindashboard_user = admindashboard_pwd = admin
# dashboard assets directory(only for debug mode)# assets_dir = ./static# console or real logFile path like ./frps.loglog_file = ./frps.log
# trace, debug, info, warn, errorlog_level = info
log_max_days = 3
# disable log colors when log_file is console, default is falsedisable_log_color = false
# auth tokentoken = 12345678
# heartbeat configure, it's not recommended to modify the default value# the default value of heartbeat_timeout is 90# heartbeat_timeout = 90
# only allow frpc to bind ports you list, if you set nothing, there won't be any limitallow_ports = 2000-3000,3001,3003,4000-50000
# pool_count in each proxy will change to max_pool_count if they exceed the maximum valuemax_pool_count = 5
# max ports can be used for each client, default value is 0 means no limitmax_ports_per_client = 0
# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file# when subdomain is test, the host used by routing is test.frps.comsubdomain_host = frps.com
# if tcp stream multiplexing is used, default is truetcp_mux = true
# custom 404 page for HTTP requests# custom_404_page = /path/to/404.html

# [common] is integral section[common]# A literal address or host name for IPv6 must be enclosed# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"server_addr = 0.0.0.0server_port = 7000
# if you want to connect frps by http proxy or socks5 proxy, you can set http_proxy here or in global environment variables# it only works when protocol is tcp# http_proxy = http://user:[email protected]:8080# http_proxy = socks5://user:[email protected]:1080
# console or real logFile path like ./frpc.loglog_file = ./frpc.log
# trace, debug, info, warn, errorlog_level = info
log_max_days = 3
# disable log colors when log_file is console, default is falsedisable_log_color = false
# for authenticationtoken = 12345678
# set admin address for control frpc's action by http api such as reloadadmin_addr = 127.0.0.1admin_port = 7400admin_user = adminadmin_pwd = admin# Admin assets directory. By default, these assets are bundled with frpc.# assets_dir = ./static
# connections will be established in advance, default value is zeropool_count = 5
# if tcp stream multiplexing is used, default is true, it must be same with frpstcp_mux = true
# your proxy name will be changed to {user}.{proxy}user = your_name
# decide if exit program when first login failed, otherwise continuous relogin to frps# default is truelogin_fail_exit = true
# communication protocol used to connect to server# now it supports tcp and kcp and websocket, default is tcpprotocol = tcp
# if tls_enable is true, frpc will connect frps by tlstls_enable = true
# specify a dns server, so frpc will use this instead of default one# dns_server = 8.8.8.8
# proxy names you want to start seperated by ','# default is empty, means all proxies# start = ssh,dns
# heartbeat configure, it's not recommended to modify the default value# the default value of heartbeat_interval is 10 and heartbeat_timeout is 90# heartbeat_interval = 30# heartbeat_timeout = 90
# 'ssh' is the unique proxy name# if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'[ssh]# tcp | udp | http | https | stcp | xtcp, default is tcptype = tcplocal_ip = 127.0.0.1local_port = 22# limit bandwith for this proxy, unit is KB and MBbandwith_limit = 1MB# true or false, if true, messages between frps and frpc will be encrypted, default is falseuse_encryption = false# if true, message will be compresseduse_compression = false# remote port listen by frpsremote_port = 6001# frps will load balancing connections for proxies in same groupgroup = test_group# group should have same group keygroup_key = 123456# enable health check for the backend service, it support 'tcp' and 'http' now# frpc will connect local service's port to detect it's healthy statushealth_check_type = tcp# health check connection timeouthealth_check_timeout_s = 3# if continuous failed in 3 times, the proxy will be removed from frpshealth_check_max_failed = 3# every 10 seconds will do a health checkhealth_check_interval_s = 10
[ssh_random]type = tcplocal_ip = 127.0.0.1local_port = 22# if remote_port is 0, frps will assign a random port for youremote_port = 0
# if you want to expose multiple ports, add 'range:' prefix to the section name# frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on.[range:tcp_port]type = tcplocal_ip = 127.0.0.1local_port = 6010-6020,6022,6024-6028remote_port = 6010-6020,6022,6024-6028use_encryption = falseuse_compression = false
[dns]type = udplocal_ip = 114.114.114.114local_port = 53remote_port = 6002use_encryption = falseuse_compression = false
[range:udp_port]type = udplocal_ip = 127.0.0.1local_port = 6010-6020remote_port = 6010-6020use_encryption = falseuse_compression = false
# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02[web01]type = httplocal_ip = 127.0.0.1local_port = 80use_encryption = falseuse_compression = true# http username and password are safety certification for http protocol# if not set, you can access this custom_domains without certificationhttp_user = adminhttp_pwd = admin# if domain for frps is frps.com, then you can access [web01] proxy by URL http://test.frps.comsubdomain = web01custom_domains = web02.yourdomain.com# locations is only available for http typelocations = /,/pichost_header_rewrite = example.com# params with prefix "header_" will be used to update http request headersheader_X-From-Where = frphealth_check_type = http# frpc will send a GET http request '/status' to local http service# http service is alive when it return 2xx http response codehealth_check_url = /statushealth_check_interval_s = 10health_check_max_failed = 3health_check_timeout_s = 3
[web02]type = httpslocal_ip = 127.0.0.1local_port = 8000use_encryption = falseuse_compression = falsesubdomain = web01custom_domains = web02.yourdomain.com# if not empty, frpc will use proxy protocol to transfer connection info to your local service# v1 or v2 or emptyproxy_protocol_version = v2
[plugin_unix_domain_socket]type = tcpremote_port = 6003# if plugin is defined, local_ip and local_port is useless# plugin will handle connections got from frpsplugin = unix_domain_socket# params with prefix "plugin_" that plugin neededplugin_unix_path = /var/run/docker.sock
[plugin_http_proxy]type = tcpremote_port = 6004plugin = http_proxyplugin_http_user = abcplugin_http_passwd = abc
[plugin_socks5]type = tcpremote_port = 6005plugin = socks5plugin_user = abcplugin_passwd = abc
[plugin_static_file]type = tcpremote_port = 6006plugin = static_fileplugin_local_path = /var/www/blogplugin_strip_prefix = staticplugin_http_user = abcplugin_http_passwd = abc
[plugin_https2http]type = httpscustom_domains = test.yourdomain.complugin = https2httpplugin_local_addr = 127.0.0.1:80plugin_crt_path = ./server.crtplugin_key_path = ./server.keyplugin_host_header_rewrite = 127.0.0.1plugin_header_X-From-Where = frp
[plugin_http2https]type = httpcustom_domains = test.yourdomain.complugin = http2httpsplugin_local_addr = 127.0.0.1:443plugin_host_header_rewrite = 127.0.0.1plugin_header_X-From-Where = frp
[secret_tcp]# If the type is secret tcp, remote_port is useless# Who want to connect local port should deploy another frpc with stcp proxy and role is visitortype = stcp# sk used for authentication for visitorssk = abcdefglocal_ip = 127.0.0.1local_port = 22use_encryption = falseuse_compression = false
# user of frpc should be same in both stcp server and stcp visitor[secret_tcp_visitor]# frpc role visitor -> frps -> frpc role serverrole = visitortype = stcp# the server name you want to visitorserver_name = secret_tcpsk = abcdefg# connect this address to visitor stcp serverbind_addr = 127.0.0.1bind_port = 9000use_encryption = falseuse_compression = false
[p2p_tcp]type = xtcpsk = abcdefglocal_ip = 127.0.0.1local_port = 22use_encryption = falseuse_compression = false
[p2p_tcp_visitor]role = visitortype = xtcpserver_name = p2p_tcpsk = abcdefgbind_addr = 127.0.0.1bind_port = 9001use_encryption = falseuse_compression = false

cd /rootchmod +x frpsnohup ./frps -c ./frps.ini &

[Unit]Description=Frp Server ServiceAfter=network.target
[Service]Type=simpleUser=nobodyRestart=on-failureRestartSec=5sExecStart=/usr/bin/frps -c /etc/frp/frps.ini
[Install]WantedBy=multi-user.target

[Unit]Description=Frp Client ServiceAfter=network.target
[Service]Type=simpleUser=nobodyRestart=on-failureRestartSec=5sExecStart=/usr/bin/frpc -c /etc/frp/frpc.iniExecReload=/usr/bin/frpc reload -c /etc/frp/frpc.ini
[Install]WantedBy=multi-user.target

#frpssystemctl enable frpssystemctl start frps
#frpcsystemctl enable frpcsystemctl start frpc

[common]bind_addr = 0.0.0.0             //绑定地址bind_port = 8888                //TCP绑定端口bind_udp_port = 8888            //UDP绑定端口kcp_bind_port = 8888            //KCP绑定端口vhost_http_port = 80            //HTTP代理端口vhost_https_port = 443          //HTTPS代理端口dashboard_addr = 0.0.0.0        //仪表盘地址dashboard_port = 10000          //仪表盘端口dashboard_user = admin          //仪表盘用户名dashboard_pwd = admin           //仪表盘密码token = 123456                  //连接密码subdomain_host = test.com       //子域名使用的主机名

[common]server_addr = 10.10.10.10    //服务器地址server_port = 8888              //服务器绑定端口token = 123456                  //特权模式密码tls_enable = true               //加密传输admin_addr = 127.0.0.1          //客户端Web地址admin_port = 7400               //Web访问端口admin_user = admin              //Web访问账户admin_pwd = admin               //Web访问密码user = your_name                //用户名，设置后代理将显示为 <用户名.代理名>
[web]                           //服务名称（自定义）local_ip = 127.0.0.1            //本机iptype = http                     //链路类型local_port = 80                 //本机端口subdomain = web                 //服务端为test.com,故此处子域名为web.test.comcustom_domains = demo.com       //自定义访问域名，多个使用,分割use_compression = true          //使用压缩use_encryption = true           //使用加密
[ssh]local_ip = 127.0.0.1type = tcplocal_port = 22remote_port = 9000use_compression = trueuse_encryption = true