Skip to content
Please note that GitHub no longer supports your web browser.

We recommend upgrading to the latest Google Chrome Or Firefox .

Learn more
A fast reverse proxy to help you expose a local server local
Go Vue JavaScript Shell HTML Makefile
Branch: Master
Clone or download
Latest commit Adc3adc Nov 2, 2019

README.md

FRP

 Build Status

README A kind of Chinese document

What is FRP?

FRP is a fast reverse proxy to help you expose a expose, "", " TCP And UDP As well as HTTP And HTTPS Protocols, where requests can be forwarded to internal services by domain by

FRP also has a P2P connect mode.

Table of Contents

Development Status

FRP is under development. Try the latest release version in the Master Branch, or use the Dev Branch for the version in development.

The protocol might change at a release and we don't promise backwards

Architecture

 Architecture

Example Usage

Firstly, download the latest programs from Release Page according to your operating system and architecture.

Put FRPs And Frps.ini Onto your server A with public IP.

Put FRPC And Frpc.ini Onto your server B in LAN (that can't be connected from from be).

Access your computer in LAN by SSH

  1. Modify Frps.ini On server A:
 Wei Frps.ini
 [common]
 Bind_port = 7000
  1. Start FRPs On server A:

./frps -c./frps.ini

  1. On server B, modify Frpc.ini To put in your FRPs Server public IP as Server_addr Field:
 Wei Frpc.ini
 [common]
 Server_addr = x.x.x.x Server_port = 7000 [ssh]
 Type = TCP Local_ip = 127.0.0.1 Local_port = 22 Remote_port = 6000
  1. Start FRPC On server B:

./frpc -c./frpc.ini

  1. From another machine, SSH to server B like this (assuming that assuming) Test ):

SSH -oPort=6000 test@x.x.x.x

Visit your web service in LAN by custom domains

Sometimes we want to expose a local web service behind a behind, "", ",", ",", "," and "

However, we can expose an HTTP (S) service using frp.

  1. Modify Frps.ini Set the Vhost HTTP port to 8080:
 Wei Frps.ini
 [common]
 Bind_port = 7000 Vhost_http_port = 8080
  1. Start FRPs :

./frps -c./frps.ini

  1. Modify Frpc.ini And set Server_addr To the IP address of the remote FRPs server. The Local_port Is the port of your web service:
 Wei Frpc.ini
 [common]
 Server_addr = x.x.x.x Server_port = 7000 [web]
 Type = http Local_port = 80 Custom_domains = www.example.com
  1. Start FRPC :

./frpc -c./frpc.ini

  1. Resolve A record of Www.example.com To the public IP of the remote FRPs server or CNAME or

  2. Now visit your local web service using URL Http://www.example.com:8080 .

Forward DNS query request

  1. Modify Frps.ini :
 Wei Frps.ini
 [common]
 Bind_port = 7000
  1. Start FRPs :

./frps -c./frps.ini

  1. Modify Frpc.ini And set Server_addr To the IP address of the remote FRPs server, forward DNS, server 8.8.8.8:53 :
 Wei Frpc.ini
 [common]
 Server_addr = x.x.x.x Server_port = 7000 [dns]
 Type = UDP Local_ip = 8.8.8.8 Local_port = 53 Remote_port = 6000
  1. Start frpc:

./frpc -c./frpc.ini

  1. Test DNS resolution using Dig Command:

Dig @x.x.x.x -p 6000 www.google.com

Forward Unix domain socket

Expose a Unix domain socket (e.g. the Docker daemon socket) as TCP.

Configure FRPs Same as above.

  1. Start FRPC With configuration:
 Wei Frpc.ini
 [common]
 Server_addr = x.x.x.x Server_port = 7000 [unix_domain_socket]
 Type = TCP Remote_port = 6000 Plugin = unix_domain_socket Plugin_unix_path = /var/run/docker.sock
  1. Test: Get Docker version using Curl :

Curl http://x.x.x.x:6000/version

Expose a simple HTTP file server

Browser your files stored in the LAN, from public Internet.

Configure FRPs Same as above.

  1. Start FRPC With configuration:
 Wei Frpc.ini
 [common]
 Server_addr = x.x.x.x Server_port = 7000 [test_static_file]
 Type = TCP Remote_port = 6000 Plugin = static_file Plugin_local_path = /tmp/files Plugin_strip_prefix = static Plugin_http_user = ABC Plugin_http_passwd = ABC
  1. Visit Http://x.x.x.x:6000/static/ From your browser and specify correct user and password to view to /tmp/files On the FRPC Machine.

Enable HTTPS for local HTTP service

  1. Start FRPC With configuration:
 Wei Frpc.ini
 [common]
 Server_addr = x.x.x.x Server_port = 7000 [test_https2http]
 Type = HTTPS Custom_domains = test.example.com Plugin = https2http Plugin_local_addr = 127.0.0.1:80 Plugin_crt_path =./server.crt Plugin_key_path =./server.key Plugin_host_header_rewrite = 127.0.0.1 Plugin_header_X-From-Where = FRP
  1. Visit Https://test.example.com .

Expose your service privately

Some services will be at risk if exposed directly to the to STCP (secret TCP) mode, a preshared key is needed to access the, to

Configure FRPs Same as above.

  1. Start FRPC On machine B with the following config. This example is for is (B 22) Sk Field for the preshared key, and that the Remote_port Field is removed here:
 Wei Frpc.ini
 [common]
 Server_addr = x.x.x.x Server_port = 7000 [secret_ssh]
 Type = STCP Sk = ABCDEFG Local_ip = 127.0.0.1 Local_port = 22
  1. Start another FRPC (typically on another machine C) with the following config to access access, " Sk Field):
 Wei Frpc.ini
 [common]
 Server_addr = x.x.x.x Server_port = 7000 [secret_ssh_visitor]
 Type = STCP Role = visitor Server_name = secret_ssh Sk = ABCDEFG Bind_addr = 127.0.0.1 Bind_port = 6000
  1. On machine C, connect to SSH on machine B, using this using

SSH -oPort=6000 127.0.0.1

P2P Mode

Xtcp Is designed for transmitting large amounts of data directly between clients., directly, "

Note it can't penetrate all types of NAT devices. You might You STCP If Xtcp Doesn't work.

  1. In Frps.ini Configure a UDP port for xtcp:
 Wei Frps.ini
 Bind_udp_port = 7001
  1. Start FRPC On machine B, expose the SSH port. Note that Remote_port Field is removed:
 Wei Frpc.ini
 [common]
 Server_addr = x.x.x.x Server_port = 7000 [p2p_ssh]
 Type = xtcp Sk = ABCDEFG Local_ip = 127.0.0.1 Local_port = 22
  1. Start another FRPC (typically on another machine C) with the config to connect to connect
 Wei Frpc.ini
 [common]
 Server_addr = x.x.x.x Server_port = 7000 [p2p_ssh_visitor]
 Type = xtcp Role = visitor Server_name = p2p_ssh Sk = ABCDEFG Bind_addr = 127.0.0.1 Bind_port = 6000
  1. On machine C, connect to SSH on machine B, using this using

SSH -oPort=6000 127.0.0.1

Features

Configuration Files

Read the full example configuration files to find out even more even

Full configuration file for FRPs (Server)

Full configuration file for FRPC (Client)

Using Environment Variables

Environment variables can be referenced in the configuration file, using Go's using

 Wei Frpc.ini
 [common]
 Server_addr =.Envs.FRP_SERVER_ADDR Server_port = 7000 [ssh]
 Type = TCP Local_ip = 127.0.0.1 Local_port = 22 Remote_port =.Envs.FRP_SSH_REMOTE_PORT

With the config above, variables can be passed into FRPC Program like this:

 Export FRP_SERVER_ADDR= "x.x.x.x" 
export FRP_SSH_REMOTE_PORT= "6000" 
./frpc -c./frpc.ini

FRPC Will render configuration file template using OS environment variables. Remember to Remember .Envs .

Dashboard

Check frp's status and proxies'statistics information by Dashboard.

Configure a port for dashboard to enable this feature:

 [common]
 Dashboard_port = 7500 Wei Dashboard's username and password are both optional, if not set, default set
 Dashboard_user = admin Dashboard_pwd = admin

Then visit Http://[server_addr]: 7500 To see the dashboard, with username and password both being Admin By default.

 Dashboard

Admin UI

The Admin UI helps you check and manage frpc's configuration.

Configure an address for admin UI to enable this feature:

 [common]
 Admin_addr = 127.0.0.1 Admin_port = 7400 Admin_user = admin Admin_pwd = admin

Then visit Http://127.0.0.1:7400 To see admin UI, with username and password both being Admin By default.

Authenticating the Client

Always use the same Token In the [common] Section in Frps.ini And Frpc.ini .

Encryption and Compression

The features are off by default. You can turn on encryption on

 Wei Frpc.ini
 [ssh]
 Type = TCP Local_port = 22 Remote_port = 6000 Use_encryption = true Use_compression = true

TLS

FRP supports the TLS protocol between FRPC And FRPs Since v0.25.0.

Config Tls_enable = true In the [common] Section to Frpc.ini To enable this feature.

For port multiplexing, FRP sends a first byte 0x17 To dial a TLS connection.

Hot-Reloading FRPC configuration

The Admin_addr And Admin_port Fields are required for enabling HTTP API:

 Wei Frpc.ini
 [common]
 Admin_addr = 127.0.0.1 Admin_port = 7400

Then run command FRPC reload -c./frpc.ini And wait for about 10 seconds to let FRPC Create or update or delete proxies.

Note that parameters in [common] section won't be modified except'start'.

Get proxy status from client

Use FRPC status -c./frpc.ini To get status of all proxies. The Admin_addr And Admin_port Fields are required for enabling HTTP API.

Only allowing certain ports on the server

Allow_ports In Frps.ini Is used to avoid abuse of ports:

 Wei Frps.ini
 [common]
 Allow_ports = 2000-3000300130034000-50000

Allow_ports Consists of specific ports or port ranges (lowest port number, dash) - Highest port number), separated by comma , .

Port Reuse

Vhost_http_port And Vhost_https_port In FRPs can use same port with Bind_port FRPs will detect the connection's protocol and handle it correspondingly.

We would like to try to allow multiple proxies bind a bind

TCP Stream Multiplexing

FRP supports TCP stream multiplexing since v0.10.0 like HTTP2 Multiplexing, in, HTTP2, ",", ",", "and"

You can disable this feature by modify Frps.ini And Frpc.ini :

 Wei Frps.ini and frpc.ini, must be same
 [common]
 Tcp_mux = false

Support KCP Protocol

KCP is a fast and reliable protocol that can achieve the achieve 30%, 40%, 10%, 20%,

KCP mode uses UDP as the underlying transport. Using KCP in KCP

  1. Enable KCP in frps:
 Wei Frps.ini
 [common]
 Bind_port = 7000 Wei Specify a UDP port for KCP.
 Kcp_bind_port = 7000

The Kcp_bind_port Number can be the same number as Bind_port Since Bind_port Field specifies a TCP port.

  1. Configure Frpc.ini To use KCP to connect to frps:
 Wei Frpc.ini
 [common]
 Server_addr = x.x.x.x Wei Same as the'kcp_bind_port'in frps.ini
 Server_port = 7000 Protocol = KCP

Connection Pooling

By default, FRPs creates a new FRPC connection to the backend, to, a, a,

This feature is suitable for a large number of short connections.

  1. Configure the limit of pool count each proxy can use in Frps.ini :
 Wei Frps.ini
 [common]
 Max_pool_count = 5
  1. Enable and specify the number of connection pool:
 Wei Frpc.ini
 [common]
 Pool_count = 1

Load balancing

Load balancing is supported by Group .

This feature is only available for types TCP And Http Now.

 Wei Frpc.ini
 [test1]
 Type = TCP Local_port = 8080 Remote_port = 80 Group = Web Group_key = 123 [test2]
 Type = TCP Local_port = 8081 Remote_port = 80 Group = Web Group_key = 123

Group_key Is used for authentication.

Connections to port 80 will be dispatched to proxies in the same the

For type TCP , Remote_port In the same group should be the same.

For type Http , Custom_domains , Subdomain , Locations Should be the same.

Service Health Check

Health check feature can help you achieve high availability with load with

Add Health_check_type = TCP Or Health_check_type = http To enable health check.

With health check type TCP The service port will be pinged (TCPing):

 Wei Frpc.ini
 [test1]
 Type = TCP Local_port = 22 Remote_port = 6000 Wei Enable TCP health check
 Health_check_type = TCP Wei TCPing timeout seconds
 Health_check_timeout_s = 3 Wei If health check failed 3 times in a row, the proxy will, the
 Health_check_max_failed = 3 Wei A health check every 10 seconds
 Health_check_interval_s = 10

With health check type Http , an HTTP request will be sent to the service and an and

 Wei Frpc.ini
 [web]
 Type = http Local_ip = 127.0.0.1 Local_port = 80 Custom_domains = test.example.com Wei Enable HTTP health check
 Health_check_type = http Wei FRPC will send a GET request to'/status'
 Wei And expect an HTTP 2XX OK response
 Health_check_url = /status Health_check_timeout_s = 3 Health_check_max_failed = 3 Health_check_interval_s = 10

Rewriting the HTTP Host Header

By default FRP does not modify the tunneled HTTP requests at requests

However, speaking of web servers and HTTP requests, your web server, your Host HTTP header to determine the website to be accessed. FRP can FRP Host Header when forwarding the HTTP requests, with the Host_header_rewrite Field:

 Wei Frpc.ini
 [web]
 Type = http Local_port = 80 Custom_domains = test.example.com Host_header_rewrite = dev.example.com

The HTTP request will have the the Host Header rewritten to Host: dev.example.com When it reaches the actual web server, although the request from, the Host: test.example.com .

Setting other HTTP Headers

Similar to Host You can override other HTTP request headers with proxy type Http .

 Wei Frpc.ini
 [web]
 Type = http Local_port = 80 Custom_domains = test.example.com Host_header_rewrite = dev.example.com Header_X-From-Where = FRP

Note that parameter (s) prefixed with Header_ Will be added to HTTP request headers.

In this example, it will set header X-From-Where: FRP In the HTTP request.

Get Real IP

HTTP X-Forwarded-For

This feature is for HTTP proxy only.

You can get user's real IP from HTTP request headers X-Forwarded-For And X-Real-IP .

Proxy Protocol

FRP supports Proxy Protocol to send user's real IP to local to

Here is an example for HTTPS service:

 Wei Frpc.ini
 [web]
 Type = HTTPS Local_port = 443 Custom_domains = test.example.com Wei Now V1 and V2 are supported
 Proxy_protocol_version = V2

You can enable Proxy Protocol support in nginx to expose user's expose X-Real-IP And then read X-Real-IP Header in your web service for the real IP.

Require HTTP Basic auth (password) for Web Services

Anyone who can guess your tunnel URL can access your local your

This enforces HTTP Basic Auth on all requests with the username the

It can only be enabled when proxy type is http.

 Wei Frpc.ini
 [web]
 Type = http Local_port = 80 Custom_domains = test.example.com Http_user = ABC Http_pwd = ABC

Visit Http://test.example.com In the browser and now you are prompted to enter the enter

Custom subdomain names

It is convenient to use Subdomain Configure for HTTP and HTTPS types when many people share one share

 Wei Frps.ini
 Subdomain_host = frps.com

Resolve *.frps.com To the FRPs server's IP. This is usually called a Wildcard a

 Wei Frpc.ini
 [web]
 Type = http Local_port = 80 Subdomain = Test

Now you can visit your web service on Test.frps.com .

Note that if Subdomain_host Is not empty, Custom_domains Should not be the subdomain of Subdomain_host .

URL routing

FRP supports forwarding HTTP requests to different backend web services by services

Locations Specifies the prefix of URL used for routing. FRPs first searches for

 Wei Frpc.ini
 [web01]
 Type = http Local_port = 80 Custom_domains = web.example.com Locations = / [web02]
 Type = http Local_port = 81 Custom_domains = web.example.com Locations = /news, /about

HTTP requests with URL prefix /news Or /about Will be forwarded to Web02 And other requests to Web01 .

Connecting to FRPs via HTTP PROXY

FRPC can connect to FRPs using HTTP proxy if you set you HTTP_PROXY Or if Http_proxy Is set in frpc.ini file.

It only works when protocol is tcp.

 Wei Frpc.ini
 [common]
 Server_addr = x.x.x.x Server_port = 7000 Http_proxy = http://user:pwd@192.168.1.128:8080

Range ports mapping

Proxy with names that start with Range: Will support mapping range ports.

 Wei Frpc.ini
 [range:test_tcp]
 Type = TCP Local_ip = 127.0.0.1 Local_port = 6000-60066007 Remote_port = 6000-60066007

FRPC will generate 8 proxies like Test_tcp_0 , Test_tcp_1 ... Test_tcp_7 .

Plugins

FRPC only forwards requests to local TCP or UDP ports by ports

Plugins are used for providing rich features. There are built-in plugins built-in Unix_domain_socket , Http_proxy , Socks5 , Static_file And you can see Example usage .

Specify which plugin to use with the Plugin Parameter. Configuration parameters of plugin should be started with Plugin_ . Local_ip And Local_port Are not used for plugin.

Using plugin Http_proxy :

 Wei Frpc.ini
 [http_proxy]
 Type = TCP Remote_port = 6000 Plugin = http_proxy Plugin_http_user = ABC Plugin_http_passwd = ABC

Plugin_http_user And Plugin_http_passwd Are configuration parameters used in Http_proxy Plugin.

Development Plan

  • Log HTTP request information in frps.

Contributing

Interested in getting involved? We would like to help you!

  • Take a look at our Issues list And consider sending a Pull Request to Dev branch .
  • If you want to add a new feature, please create an an, please, please, create, an,
  • Sorry for my poor English. Improvements for this document are welcome
  • If you have great ideas, send an email to Fatedier@gmail.com .

Note: We prefer you to give your advise in Issues , so others with a same question can search it quickly and quickly

Donation

If FRP helps you a lot, you can support us by:

FRP QQ group: 606194980

AliPay

 Donation-alipay

Wechat Pay

 Donation-wechatpay

Paypal

Donate money by PayPal To my account Fatedier@gmail.com .

You can 't perform that action at this time.