/en/ Recent content on frp Hugo en /en/docs/reference/common/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/reference/common/ LogConfig Field Type Description Required to string Log output file path. If set to console, logs will be printed to standard output. No level string Log level. Options are trace, debug, info, warn, error. Default level is info. No maxDays int Maximum days to retain log files, default is 3 days. No disablePrintColor bool Disable log colors in standard output. No WebServerConfig Field Type Description Required addr string webServer listening address, default is 127. /en/docs/features/common/network/network/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/network/network/ Encryption and Compression Note: When TLS is enabled between frpc and frps, traffic will be globally encrypted, and encryption on individual proxies is no longer needed. This is enabled by default in newer versions. Each proxy can choose whether to enable encryption and compression features. The encryption algorithm uses aes-128-cfb, and the compression algorithm uses snappy. Specify in each proxy’s configuration using the following parameters: [[proxies]] name = "ssh" type = "tcp" localPort = 22 remotePort = 6000 transport. /en/docs/setup/systemd/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/setup/systemd/ On Linux systems, using systemd can conveniently control the start, stop, background running configuration, and boot auto-start of the frps server. Here are the specific operation steps: Install systemd If systemd is not yet installed on your Linux server, you can use package managers like yum (for CentOS/RHEL) or apt (for Debian/Ubuntu) to install it: # Install systemd using yum (CentOS/RHEL) yum install systemd # Install systemd using apt (Debian/Ubuntu) apt install systemd Create frps. /en/docs/features/common/network/network-tls/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/network/network-tls/ transport.useEncryption and STCP functions can effectively prevent traffic content from being stolen during communication, but cannot determine whether the other party’s identity is legitimate, posing a risk of man-in-the-middle attacks. For this reason, frp supports traffic encryption between frpc and frps through TLS protocol, and supports client or server unidirectional verification, bidirectional verification, and other functions. When transport.tls.force = true in frps.toml, it means the server only accepts TLS connection clients, which is also a prerequisite for frps to verify frpc identity. /en/docs/features/http-https/header/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/http-https/header/ Modify Host Header Normally, frp will not modify any forwarded data. However, some backend services will display different websites based on the Host field in HTTP request headers, such as nginx’s virtual host service. Enabling the Host Header modification feature can dynamically modify the Host field in HTTP requests. Note that this feature is only available for HTTP type proxies. # frpc.toml [[proxies]] name = "web" type = "http" localPort = 80 customDomains = ["test. /en/docs/reference/server-configures/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/reference/server-configures/ ServerConfig Field Type Description Required auth AuthServerConfig Authentication configuration. No bindAddr string Server listening address for receiving frpc connections, default listens on 0.0.0.0. No bindPort int Server listening port, default value is 7000. No kcpBindPort int Server listening port for KCP protocol, used to receive frpc connections configured to use KCP protocol. No quicBindPort int Server listening port for QUIC protocol, used to receive frpc connections configured to use QUIC protocol. /en/docs/reference/client-configures/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/reference/client-configures/ ClientConfig Field Type Description Required ClientCommonConfig Client common configuration. Yes proxies []ProxyConfig Proxy configuration. Different proxy types correspond to different configurations, such as TCPProxyConfig or HTTPProxyConfig. No visitors []VisitorConfig Visitor configuration. Different visitor types correspond to different configurations, such as STCPVisitorConfig. No ClientCommonConfig Field Type Description Required auth AuthClientConfig Client authentication configuration. No user string Username. After setting this parameter, proxy names will be modified to {user}.{proxyName} to avoid proxy name conflicts with other users. /en/docs/features/http-https/auth/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/http-https/auth/ Since all clients share one frps HTTP service port, anyone who knows your domain name and URL can access your services deployed in the intranet. However, in some scenarios, you need to ensure that only limited users can access. frp supports protecting your web services through HTTP Basic Auth, requiring users to access your services through username and password. This feature is currently limited to HTTP type proxies and requires adding username and password settings in frpc’s proxy configuration. /en/docs/features/http-https/subdomain/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/http-https/subdomain/ When multiple people are using one frps simultaneously, using custom subdomains is more convenient. By configuring subdomainHost in frps’s configuration file, you can enable this feature. After that, in frpc’s http and https type proxies, you can configure a subdomain parameter instead of configuring customDomains. You only need to resolve *.{subdomainHost} to the server where frps is located. After that, users can specify their own subdomain for their web services through subdomain, and access their web services through {subdomain}. /en/docs/reference/proxy/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/reference/proxy/ ProxyBaseConfig Field Type Description Required name string Proxy name. Yes type string Proxy type. Options are tcp, udp, http, https, tcpmux, stcp, sudp, xtcp. Yes enabled *bool Whether this proxy is enabled, default is true. Set to false to disable this proxy, allowing individual control over each proxy’s enabled state. No annotations map[string]string Proxy annotation information that will be displayed in the server’s dashboard. No transport ProxyTransport Proxy network layer configuration. /en/docs/examples/ssh/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/examples/ssh/ Steps Deploy frps on a machine with public IP Deploy frps and edit the frps.toml file. Here is a simplified configuration where we set the port for the frp server to receive client connections: bindPort = 7000 Deploy frpc on the intranet machine that needs to be accessed Deploy frpc and edit the frpc.toml file. Assume the public IP address of the server where frps is located is x.x.x.x. Here is an example configuration: /en/docs/features/http-https/route/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/http-https/route/ URL Routing frp supports routing and forwarding to different backend services based on the URL path of the request. Specify one or more URL prefixes that a proxy can match through the locations field in the configuration file (currently only supports maximum prefix matching, regex matching will be considered later). For example, specifying locations = "/news" means all requests with URLs starting with /news will be forwarded to this service. /en/docs/reference/visitor/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/reference/visitor/ VisitorBaseConfig Field Type Description Required name string Visitor name. Yes type string Visitor type. Options are stcp, sudp, xtcp. Yes enabled *bool Whether this visitor is enabled, default is true. Set to false to disable this visitor, allowing individual control over each visitor’s enabled state. No transport VisitorTransport Visitor network layer configuration. No secretKey string Secret key. The secret key between server and access side must be consistent for the access side to access the server. /en/docs/reference/client-plugin/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/reference/client-plugin/ HTTPProxyPluginOptions Field Type Description Required type string Plugin type, set to “http_proxy”. Yes httpUser string HTTP proxy username. No httpPassword string HTTP proxy password. No Socks5PluginOptions Field Type Description Required type string Plugin type, set to “socks5”. Yes username string Username. No password string Password. No StaticFilePluginOptions Field Type Description Required type string Plugin type, set to “static_file”. Yes localPath string Local path where static files are located. Yes stripPrefix string Remove specific prefix from user HTTP request Path. /en/docs/reference/visitor-plugin/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/reference/visitor-plugin/ VirtualNetVisitorPluginOptions Field Type Description Required type string Plugin type, set to “virtual_net”. Yes destinationIP string Target virtual IP address to access. Usually the server’s virtual network address. Yes /en/docs/features/common/configure/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/configure/ Starting from v0.52.0, frp began supporting TOML, YAML, and JSON as configuration file formats. Please note that INI has been deprecated and will be removed in future releases. New features can only be used in TOML, YAML, or JSON. Users who wish to use these new features should switch their configuration format accordingly. Format You can use any format you like among TOML/YAML/JSON to write configuration files, and frp will automatically adapt and parse them. /en/docs/examples/multiple-ssh-over-same-port/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/examples/multiple-ssh-over-same-port/ Steps Deploy frps on a machine with public IP Modify the frps.toml file to include the following content (using the most simplified configuration here): bindPort = 7000 tcpmuxHTTPConnectPort = 5002 Deploy frpc on intranet machine A Create an frpc configuration file, for example frpc.toml, and add the following content to the configuration file: serverAddr = "x.x.x.x" serverPort = 7000 [[proxies]] name = "ssh1" type = "tcpmux" multiplexer = "httpconnect" customDomains = ["machine-a. /en/docs/examples/vhost-http/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/examples/vhost-http/ HTTP type proxies are very suitable for providing intranet web services to external users through custom domain names. Compared to TCP type proxies, HTTP proxies can not only reuse ports but also provide many features based on the HTTP protocol. HTTPS is similar to this, but it should be noted that frp’s HTTPS proxy requires the local service to be an HTTPS service, and frps will not perform TLS termination. You can also combine the https2http plugin to expose local HTTP services through the HTTPS protocol. /en/docs/examples/dns/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/examples/dns/ DNS query requests typically use the UDP protocol, and frp supports penetration of intranet UDP services, with configuration similar to TCP. Steps Configure frps.toml Add the following content to the frps.toml file: bindPort = 7000 Configure frpc.toml Add the following content to the frpc.toml file: serverAddr = "x.x.x.x" serverPort = 7000 [[proxies]] name = "dns" type = "udp" localIP = "8.8.8.8" localPort = 53 remotePort = 6000 Please note that this example reverse-proxies Google’s DNS query server address, which is only for testing UDP proxy and has no practical significance. /en/docs/features/common/monitor/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/monitor/ Currently, frps server supports two monitoring systems: memory monitoring and Prometheus monitoring. Memory Monitoring Monitoring data stored in memory is primarily used for Dashboard display. When the Dashboard feature is enabled in frps configuration, memory monitoring is enabled by default. Please note that monitoring data in memory will be cleared after each process restart, or retained for 7 days. Monitoring data can be obtained by sending HTTP requests to the Dashboard address, but this API is not currently standardized and direct use is not recommended. /en/docs/examples/unix-domain-socket/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/examples/unix-domain-socket/ Steps Configure frps.toml Add the following content to the frps.toml file: bindPort = 7000 Configure frpc.toml Add the following content to the frpc.toml file, ensuring the correct Unix domain socket path is set: serverAddr = "x.x.x.x" serverPort = 7000 [[proxies]] name = "unix_domain_socket" type = "tcp" remotePort = 6000 [proxies.plugin] type = "unix_domain_socket" # Unix domain socket path unixPath = "/var/run/docker.sock" Start frps and frpc Use curl to view Docker version information /en/docs/features/common/authentication/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/authentication/ Currently, frpc and frps support two authentication methods: token and oidc, with token being the default. These authentication methods allow you to verify communication between the client and server, ensuring that only authorized users can establish connections. Token Token authentication is a simple authentication method that only requires configuring the same token in both the frp client (frpc) and server (frps) configuration files. Configuration Example # frps.toml bindPort = 7000 auth. /en/docs/examples/static-file/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/examples/static-file/ By using the static_file plugin, you can easily provide an HTTP-based file access service that allows others to access your specified files. Steps Configure frps.toml Add the following content to the frps.toml file: bindPort = 7000 Configure frpc.toml Add the following content to the frpc.toml file, ensuring appropriate file paths, username, and password are set: serverAddr = "x.x.x.x" serverPort = 7000 [[proxies]] name = "test_static_file" type = "tcp" remotePort = 6000 [proxies. /en/docs/examples/https2http/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/examples/https2http/ Steps Configure frps.toml bindPort = 7000 vhostHTTPSPort = 443 Configure frpc.toml serverAddr = "x.x.x.x" serverPort = 7000 [[proxies]] name = "test_htts2http" type = "https" customDomains = ["test.yourdomain.com"] [proxies.plugin] type = "https2http" localAddr = "127.0.0.1:80" # HTTPS certificate related configuration crtPath = "./server.crt" keyPath = "./server.key" hostHeaderRewrite = "127.0.0.1" requestHeaders.set.x-from-where = "frp" Please note that you need to modify the above configuration according to your domain name and certificate path. Start frps and frpc /en/docs/examples/stcp/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/examples/stcp/ Some intranet services may pose security risks if directly exposed on the public network. Using stcp (secret tcp) type proxies allows you to securely expose intranet services to authorized users, which requires visitors to also deploy frpc clients. Steps Configure frps.toml Add the following content to the frps.toml file: bindPort = 7000 Deploy frpc client and configure Deploy frpc on the machine that needs to expose intranet services to the public network, and create the following configuration: /en/docs/features/common/ui/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/ui/ Currently, frpc and frps have built-in corresponding web interfaces for user convenience. Server Dashboard The server Dashboard allows users to view frp status and proxy statistics through a browser. Note: Dashboard has not been optimized for displaying large amounts of proxy data. If you experience slow Dashboard access, please do not enable this feature. You need to specify the port used by the dashboard service in frps.toml to enable this feature: /en/docs/examples/xtcp/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/examples/xtcp/ frp provides a new proxy type xtcp for intranet penetration when you need to transfer large amounts of data and don’t want traffic to go through the server. Similar to stcp, using xtcp requires deploying frpc on both ends to establish a direct connection. Note that xtcp is not suitable for all types of NAT devices. If penetration fails, you can try using stcp proxy. Steps Configure frpc.toml file on the machine that needs to be exposed to the external network /en/docs/examples/virtualnet/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/examples/virtualnet/ Note: VirtualNet is an Alpha-stage feature that is currently unstable. Its configuration methods and functionality may change at any time in future versions. Please do not use this feature in production environments; it is only recommended for testing and evaluation purposes. Overview Virtual Network (VirtualNet) functionality is an Alpha feature introduced in frp v0.62.0, which allows frp to create and manage virtual network connections between clients and visitors through TUN interfaces, enabling complete network connectivity between devices. /en/docs/features/common/load-balancer/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/load-balancer/ Load Balancing You can add multiple proxies of the same type to the same group to implement load balancing capabilities. Currently supported proxy types include: tcp, http, https, tcpmux. # frpc.toml [[proxies]] name = "test1" type = "tcp" localPort = 8080 remotePort = 80 loadBalancer.group = "web" loadBalancer.groupKey = "123" [[proxies]] name = "test2" type = "tcp" localPort = 8081 remotePort = 80 loadBalancer.group = "web" loadBalancer.groupKey = "123" When users connect to port 80 of the frps server, frps will randomly distribute received user connections to one of the surviving proxies. /en/docs/features/common/realip/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/realip/ HTTP X-Forwarded-For Currently, only http type proxies or proxies with https2http or https2https plugins enabled support this feature. You can get the real user IP through the X-Forwarded-For in HTTP request headers, which is enabled by default. Proxy Protocol frp supports passing the real IP of requests proxied through frp via the Proxy Protocol protocol. After the Proxy Protocol feature is enabled, frpc will first send a section of Proxy Protocol protocol content to the local service after establishing a connection with the local service. /en/docs/features/common/range/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/range/ Added in v0.56.0 We can use Go template’s range syntax combined with the built-in parseNumberRangePair function to implement port range mapping. In the example below, after the application runs, 8 proxies will be created, named test-6000, test-6001 ... test-6007, which will map remote ports to local ports respectively. {{- range $_, $v := parseNumberRangePair "6000-6006,6007" "6000-6006,6007" }} [[proxies]] name = "tcp-{{ $v.First }}" type = "tcp" localPort = {{ $v.First }} remotePort = {{ $v. /en/docs/features/common/client/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/client/ Dynamic Configuration Updates When you need to modify frpc proxy configuration, you can use the frpc reload command to achieve dynamic configuration file loading, usually completing proxy updates within seconds. To enable this feature, you need to enable webServer in frpc to provide API services. The configuration is as follows: webServer.addr = "127.0.0.1" webServer.port = 7400 Then execute the following command to reload the configuration: frpc reload -c ./frpc.toml After waiting for a period of time, the client will create, update, or delete proxies according to the new configuration file. /en/docs/features/common/server-manage/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/server-manage/ Port Whitelist To prevent port abuse, you can manually specify which ports are allowed to be used. In the server configuration, specify through allowPorts: # frps.ini allowPorts = [ { start = 2000, end = 3000 }, { single = 3001 }, { single = 3003 }, { start = 4000, end = 50000 } ] allowPorts can configure a specific port or all ports within a range to be allowed. /en/docs/features/common/client-plugin/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/client-plugin/ By default, frpc will only forward requests to local TCP or UDP ports, i.e., the local service address specified by localIP and localPort. By enabling client plugin functionality, you can build in some simple local services when only starting frpc, thereby achieving functionality that would normally require starting additional services. In each proxy’s configuration, you can configure the plugin to use and related parameters through plugin. After enabling client plugins, you no longer need to configure localIP and localPort. /en/docs/features/common/server-plugin/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/server-plugin/ The purpose of frp server plugins is to extend the capabilities of the frp server without intruding on its own code. frp server plugins run as separate processes and listen on a port, providing RPC interfaces externally to respond to frps requests. Before executing certain operations, frps will send RPC requests to server plugins according to configuration, and execute corresponding operations based on the plugin’s response. RPC Requests After receiving operation requests, server plugins can give three types of responses: /en/docs/features/common/ssh/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/ssh/ Added in v0.53.0 Concept SSH supports reverse proxy capability rfc. frp supports listening on an SSH port on the frps side, completing TCP protocol proxy through the SSH -R protocol. In this mode, there is no need to depend on frpc. SSH reverse tunnel proxy and proxying SSH ports through frp are two different concepts. SSH reverse tunnel proxy is essentially using ssh client to connect to frps to complete basic reverse proxy when you don’t want to use frpc. /en/docs/features/common/virtualnet/ Mon, 01 Jan 0001 00:00:00 +0000 /en/docs/features/common/virtualnet/ Alpha feature, added in v0.62.0 Note: VirtualNet is an Alpha stage feature that is currently unstable. Its configuration methods and functionality may change at any time in future versions. Please do not use this feature in production environments; it is only recommended for testing and evaluation purposes. Overview The Virtual Network (VirtualNet) feature allows frp to create and manage virtual network connections between clients through TUN interfaces. This feature extends frp’s capabilities beyond traditional port forwarding to achieve complete network layer communication. /en/index.json Mon, 01 Jan 0001 00:00:00 +0000 /en/index.json /en/search/ Mon, 01 Jan 0001 00:00:00 +0000 /en/search/