# [common] is integral section [common] # A literal address or host name for IPv6 must be enclosed # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" # For single "bind_addr" field, no need square brackets, like "bind_addr = ::". bind_addr = 0.0.0.0 bind_port = 7000 # udp port to help make udp hole to penetrate nat bind_udp_port = 7001 # udp port used for kcp protocol, it can be same with 'bind_port'. # if not set, kcp is disabled in frps. kcp_bind_port = 7000 # udp port used for quic protocol. # if not set, quic is disabled in frps. # quic_bind_port = 7002 # quic protocol options # quic_keepalive_period = 10 # quic_max_idle_timeout = 30 # quic_max_incoming_streams = 100000 # specify which address proxy will listen for, default value is same with bind_addr # proxy_bind_addr = 127.0.0.1 # if you want to support virtual host, you must set the http port for listening (optional) # Note: http port and https port can be same with bind_port # vhost_http_port = 80 # vhost_https_port = 443 vhost_http_port = 7080 vhost_https_port = 7443 # response header timeout(seconds) for vhost http server, default is 60s # vhost_http_timeout = 60 # tcpmux_httpconnect_port specifies the port that the server listens for TCP # HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP # requests on one single port. If it's not - it will listen on this value for # HTTP CONNECT requests. By default, this value is 0. # tcpmux_httpconnect_port = 1337 # If tcpmux_passthrough is true, frps won't do any update on traffic. # tcpmux_passthrough = false # set dashboard_addr and dashboard_port to view dashboard of frps # dashboard_addr's default value is same with bind_addr # dashboard is available only if dashboard_port is set dashboard_addr = 0.0.0.0 dashboard_port = 7500 # dashboard user and passwd for basic auth protect dashboard_user = admin dashboard_pwd = admin # dashboard TLS mode dashboard_tls_mode = false # dashboard_tls_cert_file = server.crt # dashboard_tls_key_file = server.key # enable_prometheus will export prometheus metrics on {dashboard_addr}:{dashboard_port} in /metrics api. enable_prometheus = true # dashboard assets directory(only for debug mode) # assets_dir = ./static # console or real logFile path like ./frps.log log_file = ./frps.log # trace, debug, info, warn, error log_level = info log_max_days = 3 # disable log colors when log_file is console, default is false disable_log_color = false # DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true. detailed_errors_to_client = true # authentication_method specifies what authentication method to use authenticate frpc with frps. # If "token" is specified - token will be read into login message. # If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token". authentication_method = token # authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false. authenticate_heartbeats = false # AuthenticateNewWorkConns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false. authenticate_new_work_conns = false # auth token token = 12345678 # oidc_issuer specifies the issuer to verify OIDC tokens with. # By default, this value is "". oidc_issuer = # oidc_audience specifies the audience OIDC tokens should contain when validated. # By default, this value is "". oidc_audience = # oidc_skip_expiry_check specifies whether to skip checking if the OIDC token is expired. # By default, this value is false. oidc_skip_expiry_check = false # oidc_skip_issuer_check specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer. # By default, this value is false. oidc_skip_issuer_check = false # heartbeat configure, it's not recommended to modify the default value # the default value of heartbeat_timeout is 90. Set negative value to disable it. # heartbeat_timeout = 90 # user_conn_timeout configure, it's not recommended to modify the default value # the default value of user_conn_timeout is 10 # user_conn_timeout = 10 # only allow frpc to bind ports you list, if you set nothing, there won't be any limit allow_ports = 2000-3000,3001,3003,4000-50000 # pool_count in each proxy will change to max_pool_count if they exceed the maximum value max_pool_count = 5 # max ports can be used for each client, default value is 0 means no limit max_ports_per_client = 0 # tls_only specifies whether to only accept TLS-encrypted connections. By default, the value is false. tls_only = false # tls_cert_file = server.crt # tls_key_file = server.key # tls_trusted_ca_file = ca.crt # if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file # when subdomain is test, the host used by routing is test.frps.com subdomain_host = frp.wcoder.com # if tcp stream multiplexing is used, default is true # tcp_mux = true # specify keep alive interval for tcp mux. # only valid if tcp_mux is true. # tcp_mux_keepalive_interval = 60 # tcp_keepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps. # If negative, keep-alive probes are disabled. # tcp_keepalive = 7200 # custom 404 page for HTTP requests # custom_404_page = /path/to/404.html # specify udp packet size, unit is byte. If not set, the default value is 1500. # This parameter should be same between client and server. # It affects the udp and sudp proxy. udp_packet_size = 1500 # Enable golang pprof handlers in dashboard listener. # Dashboard port must be set first pprof_enable = false # [plugin.user-manager] addr = 127.0.0.1:9000 # [plugin.port-manager] addr = 127.0.0.1:9001 # [plugin.user-manager] # addr = 127.0.0.1:7900 # path = /handler # ops = Login # [plugin.port-manager] # addr = 127.0.0.1:7901 # path = /handler # ops = NewProxy