Merge pull request #3722 from fatedier/dev

bump version

README.md

@@ -459,9 +459,11 @@ Read the full example configuration files to find out even more features not des
 
 Examples use TOML format, but you can still use YAML or JSON.
 
-[Full configuration file for frps (Server)](./conf/frps.toml)
+These configuration files is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
 
-[Full configuration file for frpc (Client)](./conf/frpc.toml)
+[Full configuration file for frps (Server)](./conf/frps_full_example.toml)
+
+[Full configuration file for frpc (Client)](./conf/frpc_full_example.toml)
 
 ### Using Environment Variables
 

Release.md

@@ -1,3 +1,3 @@
 ### Fixes
 
-* Encryption and compression are not displayed correctly in the dashboard.
+* `admin_user` is not effective in the INI configuration.

conf/frpc.toml

@@ -1,361 +1,9 @@
-# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
-
-# your proxy name will be changed to {user}.{proxy}
-user = "your_name"
-
-# A literal address or host name for IPv6 must be enclosed
-# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
-# For single serverAddr field, no need square brackets, like serverAddr = "::".
-serverAddr = "0.0.0.0"
+serverAddr = "127.0.0.1"
 serverPort = 7000
 
-# STUN server to help penetrate NAT hole.
-# natHoleStunServer = "stun.easyvoip.com:3478"
-
-# Decide if exit program when first login failed, otherwise continuous relogin to frps
-# default is true
-loginFailExit = true
-
-# console or real logFile path like ./frpc.log
-log.to = "./frpc.log"
-# trace, debug, info, warn, error
-log.level = "info"
-log.maxDays = 3
-# disable log colors when log.to is console, default is false
-log.disablePrintColor = false
-
-auth.method = "token"
-# auth.additionalScopes specifies additional scopes to include authentication information.
-# Optional values are HeartBeats, NewWorkConns.
-# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
-
-# auth token
-auth.token = "12345678"
-
-# oidc.clientID specifies the client ID to use to get a token in OIDC authentication.
-# auth.oidc.clientID = ""
-# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication.
-# auth.oidc.clientSecret = ""
-# oidc.audience specifies the audience of the token in OIDC authentication.
-# auth.oidc.audience = ""
-# oidc.scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
-# auth.oidc.scope = ""
-# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
-# It will be used to get an OIDC token.
-# auth.oidc.tokenEndpointURL = ""
-
-# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint.
-# For example, if you want to specify the "audience" parameter, you can set as follow.
-# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
-# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/"
-# auth.oidc.additionalEndpointParams.var1 = "foobar"
-
-# Set admin address for control frpc's action by http api such as reload
-webServer.addr = "127.0.0.1"
-webServer.port = 7400
-webServer.user = "admin"
-webServer.password = "admin"
-# Admin assets directory. By default, these assets are bundled with frpc.
-# webServer.assetsDir = "./static"
-
-# Enable golang pprof handlers in admin listener.
-webServer.pprofEnable = false
-
-# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.
-# transport.dialServerTimeout = 10
-
-# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
-# If negative, keep-alive probes are disabled.
-# transport.dialServerKeepalive = 7200
-
-# connections will be established in advance, default value is zero
-transport.poolCount = 5
-
-# If tcp stream multiplexing is used, default is true, it must be same with frps
-# transport.tcpMux = true
-
-# Specify keep alive interval for tcp mux.
-# only valid if tcpMux is enabled.
-# transport.tcpMuxKeepaliveInterval = 60
-
-# Communication protocol used to connect to server
-# supports tcp, kcp, quic, websocket and wss now, default is tcp
-transport.protocol = "tcp"
-
-# set client binding ip when connect server, default is empty.
-# only when protocol = tcp or websocket, the value will be used.
-transport.connectServerLocalIP = "0.0.0.0"
-
-# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables
-# it only works when protocol is tcp
-# transport.proxyURL = "http://user:passwd@192.168.1.128:8080"
-# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080"
-# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080"
-
-# quic protocol options
-# transport.quic.keepalivePeriod = 10
-# transport.quic.maxIdleTimeout = 30
-# transport.quic.maxIncomingStreams = 100000
-
-# If tls.enable is true, frpc will connect frps by tls.
-# Since v0.50.0, the default value has been changed to true, and tls is enabled by default.
-transport.tls.enable = true
-
-# transport.tls.certFile = "client.crt"
-# transport.tls.keyFile = "client.key"
-# transport.tls.trustedCaFile = "ca.crt"
-# transport.tls.serverName = "example.com"
-
-# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the
-# first custom byte when tls is enabled.
-# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.
-# transport.tls.disableCustomTLSFirstByte = true
-
-# Heartbeat configure, it's not recommended to modify the default value.
-# The default value of heartbeatInterval is 10 and heartbeatTimeout is 90. Set negative value
-# to disable it.
-# transport.heartbeatInterval = 30
-# transport.heartbeatTimeout = 90
-
-# Specify a dns server, so frpc will use this instead of default one
-# dnsServer = "8.8.8.8"
-
-# Proxy names you want to start.
-# Default is empty, means all proxies.
-# start = ["ssh", "dns"]
-
-# Specify udp packet size, unit is byte. If not set, the default value is 1500.
-# This parameter should be same between client and server.
-# It affects the udp and sudp proxy.
-udpPacketSize = 1500
-
-# Additional metadatas for client.
-metadatas.var1 = "abc"
-metadatas.var2 = "123"
-
-# Include other config files for proxies.
-# includes = ["./confd/*.ini"]
-
-[[proxies]]
-# 'ssh' is the unique proxy name
-# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
-name = "ssh"
-type = "tcp"
-localIP = "127.0.0.1"
-localPort = 22
-# Limit bandwidth for this proxy, unit is KB and MB
-transport.bandwidthLimit = "1MB"
-# Where to limit bandwidth, can be 'client' or 'server', default is 'client'
-transport.bandwidthLimitMode = "client"
-# If true, traffic of this proxy will be encrypted, default is false
-transport.useEncryption = false
-# If true, traffic will be compressed
-transport.useCompression = false
-# Remote port listen by frps
-remotePort = 6001
-# frps will load balancing connections for proxies in same group
-loadBalancer.group = "test_group"
-# group should have same group key
-loadBalancer.groupKey = "123456"
-# Enable health check for the backend service, it supports 'tcp' and 'http' now.
-# frpc will connect local service's port to detect it's healthy status
-healthCheck.type = "tcp"
-# Health check connection timeout
-healthCheck.timeoutSeconds = 3
-# If continuous failed in 3 times, the proxy will be removed from frps
-healthCheck.maxFailed = 3
-# every 10 seconds will do a health check
-healthCheck.intervalSeconds = 10
-# additional meta info for each proxy
-metadatas.var1 = "abc"
-metadatas.var2 = "123"
-
-[[proxies]]
-name = "ssh_random"
-type = "tcp"
-localIP = "192.168.31.100"
-localPort = 22
-# If remotePort is 0, frps will assign a random port for you
-remotePort = 0
-
-[[proxies]]
-name = "dns"
-type = "udp"
-localIP = "114.114.114.114"
-localPort = 53
-remotePort = 6002
-
-# Resolve your domain names to [serverAddr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
-[[proxies]]
-name = "web01"
-type = "http"
-localIP = "127.0.0.1"
-localPort = 80
-# http username and password are safety certification for http protocol
-# if not set, you can access this customDomains without certification
-httpUser = "admin"
-httpPassword = "admin"
-# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
-subdomain = "web01"
-customDomains = ["web01.yourdomain.com"]
-# locations is only available for http type
-locations = ["/", "/pic"]
-# route requests to this service if http basic auto user is abc
-# routeByHTTPUser = abc
-hostHeaderRewrite = "example.com"
-requestHeaders.set.x-from-where = "frp"
-healthCheck.type = "http"
-# frpc will send a GET http request '/status' to local http service
-# http service is alive when it return 2xx http response code
-healthCheck.path = "/status"
-healthCheck.intervalSeconds = 10
-healthCheck.maxFailed = 3
-healthCheck.timeoutSeconds = 3
-
-[[proxies]]
-name = "web02"
-type = "https"
-localIP = "127.0.0.1"
-localPort = 8000
-subdomain = "web02"
-customDomains = ["web02.yourdomain.com"]
-# if not empty, frpc will use proxy protocol to transfer connection info to your local service
-# v1 or v2 or empty
-transport.proxyProtocolVersion = "v2"
-
-[[proxies]]
-name = "tcpmuxhttpconnect"
-type = "tcpmux"
-multiplexer = "httpconnect"
-localIP = "127.0.0.1"
-localPort = 10701
-customDomains = ["tunnel1"]
-# routeByHTTPUser = "user1"
-
-[[proxies]]
-name = "plugin_unix_domain_socket"
-type = "tcp"
-remotePort = 6003
-# if plugin is defined, localIP and localPort is useless
-# plugin will handle connections got from frps
-[proxies.plugin]
-type = "unix_domain_socket"
-unixPath = "/var/run/docker.sock"
-
-[[proxies]]
-name = "plugin_http_proxy"
-type = "tcp"
-remotePort = 6004
-[proxies.plugin]
-type = "http_proxy"
-httpUser = "abc"
-httpPassword = "abc"
-
 [[proxies]]
-name = "plugin_socks5"
+name = "test-tcp"
 type = "tcp"
-remotePort = 6005
-[proxies.plugin]
-type = "socks5"
-username = "abc"
-password = "abc"
-
-[[proxies]]
-name = "plugin_static_file"
-type = "tcp"
-remotePort = 6006
-[proxies.plugin]
-type = "static_file"
-localPath = "/var/www/blog"
-stripPrefix = "static"
-httpUser = "abc"
-httpPassword = "abc"
-
-[[proxies]]
-name = "plugin_https2http"
-type = "https"
-customDomains = ["test.yourdomain.com"]
-[proxies.plugin]
-type = "https2http"
-localAddr = "127.0.0.1:80"
-crtPath = "./server.crt"
-keyPath = "./server.key"
-hostHeaderRewrite = "127.0.0.1"
-requestHeaders.set.x-from-where = "frp"
-
-[[proxies]]
-name = "plugin_https2https"
-type = "https"
-customDomains = ["test.yourdomain.com"]
-[proxies.plugin]
-type = "https2https"
-localAddr = "127.0.0.1:443"
-crtPath = "./server.crt"
-keyPath = "./server.key"
-hostHeaderRewrite = "127.0.0.1"
-requestHeaders.set.x-from-where = "frp"
-
-[[proxies]]
-name = "plugin_http2https"
-type = "http"
-customDomains = ["test.yourdomain.com"]
-[proxies.plugin]
-type = "http2https"
-localAddr = "127.0.0.1:443"
-hostHeaderRewrite = "127.0.0.1"
-requestHeaders.set.x-from-where = "frp"
-
-[[proxies]]
-name = "secret_tcp"
-# If the type is secret tcp, remotePort is useless
-# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
-type = "stcp"
-# secretKey is used for authentication for visitors
-secretKey = "abcdefg"
 localIP = "127.0.0.1"
 localPort = 22
-# If not empty, only visitors from specified users can connect.
-# Otherwise, visitors from same user can connect. '*' means allow all users.
-allowUsers = ["*"]
-
-[[proxies]]
-name = "p2p_tcp"
-type = "xtcp"
-secretKey = "abcdefg"
-localIP = "127.0.0.1"
-localPort = 22
-# If not empty, only visitors from specified users can connect.
-# Otherwise, visitors from same user can connect. '*' means allow all users.
-allowUsers = ["user1", "user2"]
-
-# frpc role visitor -> frps -> frpc role server
-[[visitors]]
-name = "secret_tcp_visitor"
-type = "stcp"
-# the server name you want to visitor
-serverName = "secret_tcp"
-secretKey = "abcdefg"
-# connect this address to visitor stcp server
-bindAddr = "127.0.0.1"
-# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
-# other visitors. (This is not supported for SUDP now)
-bindPort = 9000
-
-[[visitors]]
-name = "p2p_tcp_visitor"
-type = "xtcp"
-# if the server user is not set, it defaults to the current user
-serverUser = "user1"
-serverName = "p2p_tcp"
-secretKey = "abcdefg"
-bindAddr = "127.0.0.1"
-# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
-# other visitors. (This is not supported for SUDP now)
-bindPort = 9001
-# when automatic tunnel persistence is required, set it to true
-keepTunnelOpen = false
-# effective when keepTunnelOpen is set to true, the number of attempts to punch through per hour
-maxRetriesAnHour = 8
-minRetryInterval = 90
-# fallbackTo = "stcp_visitor"
-# fallbackTimeoutMs = 500
+remotePort = 6000

conf/frpc_full_example.toml

@@ -0,0 +1,361 @@
+# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
+
+# your proxy name will be changed to {user}.{proxy}
+user = "your_name"
+
+# A literal address or host name for IPv6 must be enclosed
+# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
+# For single serverAddr field, no need square brackets, like serverAddr = "::".
+serverAddr = "0.0.0.0"
+serverPort = 7000
+
+# STUN server to help penetrate NAT hole.
+# natHoleStunServer = "stun.easyvoip.com:3478"
+
+# Decide if exit program when first login failed, otherwise continuous relogin to frps
+# default is true
+loginFailExit = true
+
+# console or real logFile path like ./frpc.log
+log.to = "./frpc.log"
+# trace, debug, info, warn, error
+log.level = "info"
+log.maxDays = 3
+# disable log colors when log.to is console, default is false
+log.disablePrintColor = false
+
+auth.method = "token"
+# auth.additionalScopes specifies additional scopes to include authentication information.
+# Optional values are HeartBeats, NewWorkConns.
+# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
+
+# auth token
+auth.token = "12345678"
+
+# oidc.clientID specifies the client ID to use to get a token in OIDC authentication.
+# auth.oidc.clientID = ""
+# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication.
+# auth.oidc.clientSecret = ""
+# oidc.audience specifies the audience of the token in OIDC authentication.
+# auth.oidc.audience = ""
+# oidc.scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
+# auth.oidc.scope = ""
+# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
+# It will be used to get an OIDC token.
+# auth.oidc.tokenEndpointURL = ""
+
+# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint.
+# For example, if you want to specify the "audience" parameter, you can set as follow.
+# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
+# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/"
+# auth.oidc.additionalEndpointParams.var1 = "foobar"
+
+# Set admin address for control frpc's action by http api such as reload
+webServer.addr = "127.0.0.1"
+webServer.port = 7400
+webServer.user = "admin"
+webServer.password = "admin"
+# Admin assets directory. By default, these assets are bundled with frpc.
+# webServer.assetsDir = "./static"
+
+# Enable golang pprof handlers in admin listener.
+webServer.pprofEnable = false
+
+# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.
+# transport.dialServerTimeout = 10
+
+# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
+# If negative, keep-alive probes are disabled.
+# transport.dialServerKeepalive = 7200
+
+# connections will be established in advance, default value is zero
+transport.poolCount = 5
+
+# If tcp stream multiplexing is used, default is true, it must be same with frps
+# transport.tcpMux = true
+
+# Specify keep alive interval for tcp mux.
+# only valid if tcpMux is enabled.
+# transport.tcpMuxKeepaliveInterval = 60
+
+# Communication protocol used to connect to server
+# supports tcp, kcp, quic, websocket and wss now, default is tcp
+transport.protocol = "tcp"
+
+# set client binding ip when connect server, default is empty.
+# only when protocol = tcp or websocket, the value will be used.
+transport.connectServerLocalIP = "0.0.0.0"
+
+# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables
+# it only works when protocol is tcp
+# transport.proxyURL = "http://user:passwd@192.168.1.128:8080"
+# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080"
+# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080"
+
+# quic protocol options
+# transport.quic.keepalivePeriod = 10
+# transport.quic.maxIdleTimeout = 30
+# transport.quic.maxIncomingStreams = 100000
+
+# If tls.enable is true, frpc will connect frps by tls.
+# Since v0.50.0, the default value has been changed to true, and tls is enabled by default.
+transport.tls.enable = true
+
+# transport.tls.certFile = "client.crt"
+# transport.tls.keyFile = "client.key"
+# transport.tls.trustedCaFile = "ca.crt"
+# transport.tls.serverName = "example.com"
+
+# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the
+# first custom byte when tls is enabled.
+# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.
+# transport.tls.disableCustomTLSFirstByte = true
+
+# Heartbeat configure, it's not recommended to modify the default value.
+# The default value of heartbeatInterval is 10 and heartbeatTimeout is 90. Set negative value
+# to disable it.
+# transport.heartbeatInterval = 30
+# transport.heartbeatTimeout = 90
+
+# Specify a dns server, so frpc will use this instead of default one
+# dnsServer = "8.8.8.8"
+
+# Proxy names you want to start.
+# Default is empty, means all proxies.
+# start = ["ssh", "dns"]
+
+# Specify udp packet size, unit is byte. If not set, the default value is 1500.
+# This parameter should be same between client and server.
+# It affects the udp and sudp proxy.
+udpPacketSize = 1500
+
+# Additional metadatas for client.
+metadatas.var1 = "abc"
+metadatas.var2 = "123"
+
+# Include other config files for proxies.
+# includes = ["./confd/*.ini"]
+
+[[proxies]]
+# 'ssh' is the unique proxy name
+# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
+name = "ssh"
+type = "tcp"
+localIP = "127.0.0.1"
+localPort = 22
+# Limit bandwidth for this proxy, unit is KB and MB
+transport.bandwidthLimit = "1MB"
+# Where to limit bandwidth, can be 'client' or 'server', default is 'client'
+transport.bandwidthLimitMode = "client"
+# If true, traffic of this proxy will be encrypted, default is false
+transport.useEncryption = false
+# If true, traffic will be compressed
+transport.useCompression = false
+# Remote port listen by frps
+remotePort = 6001
+# frps will load balancing connections for proxies in same group
+loadBalancer.group = "test_group"
+# group should have same group key
+loadBalancer.groupKey = "123456"
+# Enable health check for the backend service, it supports 'tcp' and 'http' now.
+# frpc will connect local service's port to detect it's healthy status
+healthCheck.type = "tcp"
+# Health check connection timeout
+healthCheck.timeoutSeconds = 3
+# If continuous failed in 3 times, the proxy will be removed from frps
+healthCheck.maxFailed = 3
+# every 10 seconds will do a health check
+healthCheck.intervalSeconds = 10
+# additional meta info for each proxy
+metadatas.var1 = "abc"
+metadatas.var2 = "123"
+
+[[proxies]]
+name = "ssh_random"
+type = "tcp"
+localIP = "192.168.31.100"
+localPort = 22
+# If remotePort is 0, frps will assign a random port for you
+remotePort = 0
+
+[[proxies]]
+name = "dns"
+type = "udp"
+localIP = "114.114.114.114"
+localPort = 53
+remotePort = 6002
+
+# Resolve your domain names to [serverAddr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
+[[proxies]]
+name = "web01"
+type = "http"
+localIP = "127.0.0.1"
+localPort = 80
+# http username and password are safety certification for http protocol
+# if not set, you can access this customDomains without certification
+httpUser = "admin"
+httpPassword = "admin"
+# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
+subdomain = "web01"
+customDomains = ["web01.yourdomain.com"]
+# locations is only available for http type
+locations = ["/", "/pic"]
+# route requests to this service if http basic auto user is abc
+# routeByHTTPUser = abc
+hostHeaderRewrite = "example.com"
+requestHeaders.set.x-from-where = "frp"
+healthCheck.type = "http"
+# frpc will send a GET http request '/status' to local http service
+# http service is alive when it return 2xx http response code
+healthCheck.path = "/status"
+healthCheck.intervalSeconds = 10
+healthCheck.maxFailed = 3
+healthCheck.timeoutSeconds = 3
+
+[[proxies]]
+name = "web02"
+type = "https"
+localIP = "127.0.0.1"
+localPort = 8000
+subdomain = "web02"
+customDomains = ["web02.yourdomain.com"]
+# if not empty, frpc will use proxy protocol to transfer connection info to your local service
+# v1 or v2 or empty
+transport.proxyProtocolVersion = "v2"
+
+[[proxies]]
+name = "tcpmuxhttpconnect"
+type = "tcpmux"
+multiplexer = "httpconnect"
+localIP = "127.0.0.1"
+localPort = 10701
+customDomains = ["tunnel1"]
+# routeByHTTPUser = "user1"
+
+[[proxies]]
+name = "plugin_unix_domain_socket"
+type = "tcp"
+remotePort = 6003
+# if plugin is defined, localIP and localPort is useless
+# plugin will handle connections got from frps
+[proxies.plugin]
+type = "unix_domain_socket"
+unixPath = "/var/run/docker.sock"
+
+[[proxies]]
+name = "plugin_http_proxy"
+type = "tcp"
+remotePort = 6004
+[proxies.plugin]
+type = "http_proxy"
+httpUser = "abc"
+httpPassword = "abc"
+
+[[proxies]]
+name = "plugin_socks5"
+type = "tcp"
+remotePort = 6005
+[proxies.plugin]
+type = "socks5"
+username = "abc"
+password = "abc"
+
+[[proxies]]
+name = "plugin_static_file"
+type = "tcp"
+remotePort = 6006
+[proxies.plugin]
+type = "static_file"
+localPath = "/var/www/blog"
+stripPrefix = "static"
+httpUser = "abc"
+httpPassword = "abc"
+
+[[proxies]]
+name = "plugin_https2http"
+type = "https"
+customDomains = ["test.yourdomain.com"]
+[proxies.plugin]
+type = "https2http"
+localAddr = "127.0.0.1:80"
+crtPath = "./server.crt"
+keyPath = "./server.key"
+hostHeaderRewrite = "127.0.0.1"
+requestHeaders.set.x-from-where = "frp"
+
+[[proxies]]
+name = "plugin_https2https"
+type = "https"
+customDomains = ["test.yourdomain.com"]
+[proxies.plugin]
+type = "https2https"
+localAddr = "127.0.0.1:443"
+crtPath = "./server.crt"
+keyPath = "./server.key"
+hostHeaderRewrite = "127.0.0.1"
+requestHeaders.set.x-from-where = "frp"
+
+[[proxies]]
+name = "plugin_http2https"
+type = "http"
+customDomains = ["test.yourdomain.com"]
+[proxies.plugin]
+type = "http2https"
+localAddr = "127.0.0.1:443"
+hostHeaderRewrite = "127.0.0.1"
+requestHeaders.set.x-from-where = "frp"
+
+[[proxies]]
+name = "secret_tcp"
+# If the type is secret tcp, remotePort is useless
+# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
+type = "stcp"
+# secretKey is used for authentication for visitors
+secretKey = "abcdefg"
+localIP = "127.0.0.1"
+localPort = 22
+# If not empty, only visitors from specified users can connect.
+# Otherwise, visitors from same user can connect. '*' means allow all users.
+allowUsers = ["*"]
+
+[[proxies]]
+name = "p2p_tcp"
+type = "xtcp"
+secretKey = "abcdefg"
+localIP = "127.0.0.1"
+localPort = 22
+# If not empty, only visitors from specified users can connect.
+# Otherwise, visitors from same user can connect. '*' means allow all users.
+allowUsers = ["user1", "user2"]
+
+# frpc role visitor -> frps -> frpc role server
+[[visitors]]
+name = "secret_tcp_visitor"
+type = "stcp"
+# the server name you want to visitor
+serverName = "secret_tcp"
+secretKey = "abcdefg"
+# connect this address to visitor stcp server
+bindAddr = "127.0.0.1"
+# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
+# other visitors. (This is not supported for SUDP now)
+bindPort = 9000
+
+[[visitors]]
+name = "p2p_tcp_visitor"
+type = "xtcp"
+# if the server user is not set, it defaults to the current user
+serverUser = "user1"
+serverName = "p2p_tcp"
+secretKey = "abcdefg"
+bindAddr = "127.0.0.1"
+# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
+# other visitors. (This is not supported for SUDP now)
+bindPort = 9001
+# when automatic tunnel persistence is required, set it to true
+keepTunnelOpen = false
+# effective when keepTunnelOpen is set to true, the number of attempts to punch through per hour
+maxRetriesAnHour = 8
+minRetryInterval = 90
+# fallbackTo = "stcp_visitor"
+# fallbackTimeoutMs = 500

conf/frps.toml

@@ -1,156 +1 @@
-# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
-
-# A literal address or host name for IPv6 must be enclosed
-# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
-# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`.
-bindAddr = "0.0.0.0"
 bindPort = 7000
-
-# udp port used for kcp protocol, it can be same with 'bindPort'.
-# if not set, kcp is disabled in frps.
-kcpBindPort = 7000
-
-# udp port used for quic protocol.
-# if not set, quic is disabled in frps.
-# quicBindPort = 7002
-
-# Specify which address proxy will listen for, default value is same with bindAddr
-# proxyBindAddr = "127.0.0.1"
-
-# quic protocol options
-# transport.quic.keepalivePeriod = 10
-# transport.quic.maxIdleTimeout = 30
-# transport.quic.maxIncomingStreams = 100000
-
-# Heartbeat configure, it's not recommended to modify the default value
-# The default value of heartbeatTimeout is 90. Set negative value to disable it.
-# transport.heartbeatTimeout = 90
-
-# Pool count in each proxy will keep no more than maxPoolCount.
-transport.maxPoolCount = 5
-
-# If tcp stream multiplexing is used, default is true
-# transport.tcpMux = true
-
-# Specify keep alive interval for tcp mux.
-# only valid if tcpMux is true.
-# transport.tcpMuxKeepaliveInterval = 60
-
-# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
-# If negative, keep-alive probes are disabled.
-# transport.tcpKeepalive = 7200
-
-# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false.
-tls.force = false
-
-# transport.tls.certFile = "server.crt"
-# transport.tls.keyFile = "server.key"
-# transport.tls.trustedCaFile = "ca.crt"
-
-# If you want to support virtual host, you must set the http port for listening (optional)
-# Note: http port and https port can be same with bindPort
-vhostHTTPPort = 80
-vhostHTTPSPort = 443
-
-# Response header timeout(seconds) for vhost http server, default is 60s
-# vhostHTTPTimeout = 60
-
-# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP
-# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
-# requests on one single port. If it's not - it will listen on this value for
-# HTTP CONNECT requests. By default, this value is 0.
-# tcpmuxHTTPConnectPort = 1337
-
-# If tcpmuxPassthrough is true, frps won't do any update on traffic.
-# tcpmuxPassthrough = false
-
-# Configure the web server to enable the dashboard for frps.
-# dashboard is available only if webServer.port is set.
-webServer.addr = "127.0.0.1"
-webServer.port = 7500
-webServer.user = "admin"
-webServer.password = "admin"
-# webServer.tls.certFile = "server.crt"
-# webServer.tls.keyFile = "server.key"
-# dashboard assets directory(only for debug mode)
-# webServer.assetsDir = "./static"
-
-# Enable golang pprof handlers in dashboard listener.
-# Dashboard port must be set first
-webServer.pprofEnable = false
-
-# enablePrometheus will export prometheus metrics on webServer in /metrics api.
-enablePrometheus = true
-
-# console or real logFile path like ./frps.log
-log.to = "./frps.log"
-# trace, debug, info, warn, error
-log.level = "info"
-log.maxDays = 3
-# disable log colors when log.to is console, default is false
-log.disablePrintColor = false
-
-# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
-detailedErrorsToClient = true
-
-# auth.method specifies what authentication method to use authenticate frpc with frps.
-# If "token" is specified - token will be read into login message.
-# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
-auth.method = "token"
-
-# auth.additionalScopes specifies additional scopes to include authentication information.
-# Optional values are HeartBeats, NewWorkConns.
-# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
-
-# auth token
-auth.token = "12345678"
-
-# oidc issuer specifies the issuer to verify OIDC tokens with.
-auth.oidc.issuer = ""
-# oidc audience specifies the audience OIDC tokens should contain when validated.
-auth.oidc.audience = ""
-# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired.
-auth.oidc.skipExpiryCheck = false
-# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
-auth.oidc.skipIssuerCheck = false
-
-# userConnTimeout specifies the maximum time to wait for a work connection.
-# userConnTimeout = 10
-
-# Only allow frpc to bind ports you list. By default, there won't be any limit.
-allowPorts = [
-  { start = 2000, end = 3000 },
-  { single = 3001 },
-  { single = 3003 },
-  { start = 4000, end = 50000 }
-]
-
-# Max ports can be used for each client, default value is 0 means no limit
-maxPortsPerClient = 0
-
-# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file
-# When subdomain is est, the host used by routing is test.frps.com
-subDomainHost = "frps.com"
-
-# custom 404 page for HTTP requests
-# custom404Page = "/path/to/404.html"
-
-# specify udp packet size, unit is byte. If not set, the default value is 1500.
-# This parameter should be same between client and server.
-# It affects the udp and sudp proxy.
-udpPacketSize = 1500
-
-# Retention time for NAT hole punching strategy data.
-natholeAnalysisDataReserveHours = 168
-
-[[httpPlugins]]
-name = "user-manager"
-addr = "127.0.0.1:9000"
-path = "/handler"
-ops = ["Login"]
-
-[[httpPlugins]]
-name = "port-manager"
-addr = "127.0.0.1:9001"
-path = "/handler"
-ops = ["NewProxy"]

conf/frps_full_example.toml

@@ -0,0 +1,156 @@
+# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
+
+# A literal address or host name for IPv6 must be enclosed
+# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
+# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`.
+bindAddr = "0.0.0.0"
+bindPort = 7000
+
+# udp port used for kcp protocol, it can be same with 'bindPort'.
+# if not set, kcp is disabled in frps.
+kcpBindPort = 7000
+
+# udp port used for quic protocol.
+# if not set, quic is disabled in frps.
+# quicBindPort = 7002
+
+# Specify which address proxy will listen for, default value is same with bindAddr
+# proxyBindAddr = "127.0.0.1"
+
+# quic protocol options
+# transport.quic.keepalivePeriod = 10
+# transport.quic.maxIdleTimeout = 30
+# transport.quic.maxIncomingStreams = 100000
+
+# Heartbeat configure, it's not recommended to modify the default value
+# The default value of heartbeatTimeout is 90. Set negative value to disable it.
+# transport.heartbeatTimeout = 90
+
+# Pool count in each proxy will keep no more than maxPoolCount.
+transport.maxPoolCount = 5
+
+# If tcp stream multiplexing is used, default is true
+# transport.tcpMux = true
+
+# Specify keep alive interval for tcp mux.
+# only valid if tcpMux is true.
+# transport.tcpMuxKeepaliveInterval = 60
+
+# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
+# If negative, keep-alive probes are disabled.
+# transport.tcpKeepalive = 7200
+
+# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false.
+tls.force = false
+
+# transport.tls.certFile = "server.crt"
+# transport.tls.keyFile = "server.key"
+# transport.tls.trustedCaFile = "ca.crt"
+
+# If you want to support virtual host, you must set the http port for listening (optional)
+# Note: http port and https port can be same with bindPort
+vhostHTTPPort = 80
+vhostHTTPSPort = 443
+
+# Response header timeout(seconds) for vhost http server, default is 60s
+# vhostHTTPTimeout = 60
+
+# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP
+# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
+# requests on one single port. If it's not - it will listen on this value for
+# HTTP CONNECT requests. By default, this value is 0.
+# tcpmuxHTTPConnectPort = 1337
+
+# If tcpmuxPassthrough is true, frps won't do any update on traffic.
+# tcpmuxPassthrough = false
+
+# Configure the web server to enable the dashboard for frps.
+# dashboard is available only if webServer.port is set.
+webServer.addr = "127.0.0.1"
+webServer.port = 7500
+webServer.user = "admin"
+webServer.password = "admin"
+# webServer.tls.certFile = "server.crt"
+# webServer.tls.keyFile = "server.key"
+# dashboard assets directory(only for debug mode)
+# webServer.assetsDir = "./static"
+
+# Enable golang pprof handlers in dashboard listener.
+# Dashboard port must be set first
+webServer.pprofEnable = false
+
+# enablePrometheus will export prometheus metrics on webServer in /metrics api.
+enablePrometheus = true
+
+# console or real logFile path like ./frps.log
+log.to = "./frps.log"
+# trace, debug, info, warn, error
+log.level = "info"
+log.maxDays = 3
+# disable log colors when log.to is console, default is false
+log.disablePrintColor = false
+
+# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
+detailedErrorsToClient = true
+
+# auth.method specifies what authentication method to use authenticate frpc with frps.
+# If "token" is specified - token will be read into login message.
+# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
+auth.method = "token"
+
+# auth.additionalScopes specifies additional scopes to include authentication information.
+# Optional values are HeartBeats, NewWorkConns.
+# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
+
+# auth token
+auth.token = "12345678"
+
+# oidc issuer specifies the issuer to verify OIDC tokens with.
+auth.oidc.issuer = ""
+# oidc audience specifies the audience OIDC tokens should contain when validated.
+auth.oidc.audience = ""
+# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired.
+auth.oidc.skipExpiryCheck = false
+# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
+auth.oidc.skipIssuerCheck = false
+
+# userConnTimeout specifies the maximum time to wait for a work connection.
+# userConnTimeout = 10
+
+# Only allow frpc to bind ports you list. By default, there won't be any limit.
+allowPorts = [
+  { start = 2000, end = 3000 },
+  { single = 3001 },
+  { single = 3003 },
+  { start = 4000, end = 50000 }
+]
+
+# Max ports can be used for each client, default value is 0 means no limit
+maxPortsPerClient = 0
+
+# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file
+# When subdomain is est, the host used by routing is test.frps.com
+subDomainHost = "frps.com"
+
+# custom 404 page for HTTP requests
+# custom404Page = "/path/to/404.html"
+
+# specify udp packet size, unit is byte. If not set, the default value is 1500.
+# This parameter should be same between client and server.
+# It affects the udp and sudp proxy.
+udpPacketSize = 1500
+
+# Retention time for NAT hole punching strategy data.
+natholeAnalysisDataReserveHours = 168
+
+[[httpPlugins]]
+name = "user-manager"
+addr = "127.0.0.1:9000"
+path = "/handler"
+ops = ["Login"]
+
+[[httpPlugins]]
+name = "port-manager"
+addr = "127.0.0.1:9001"
+path = "/handler"
+ops = ["NewProxy"]

package.sh

@@ -46,6 +46,8 @@ for os in $os_all; do
             mv ./frps_${os}_${arch} ${frp_path}/frps
         fi  
         cp ../LICENSE ${frp_path}
+        cp -f ../conf/frpc.toml ${frp_path}
+        cp -f ../conf/frps.toml ${frp_path}
 
         # packages
         cd ./packages

pkg/config/legacy/conversion.go

@@ -71,6 +71,7 @@ func Convert_ClientCommonConf_To_v1(conf *ClientCommonConf) *v1.ClientCommonConf
 
 	out.WebServer.Addr = conf.AdminAddr
 	out.WebServer.Port = conf.AdminPort
+	out.WebServer.User = conf.AdminUser
 	out.WebServer.Password = conf.AdminPwd
 	out.WebServer.AssetsDir = conf.AssetsDir
 	out.WebServer.PprofEnable = conf.PprofEnable

pkg/util/version/version.go

@@ -19,7 +19,7 @@ import (
 	"strings"
 )
 
-var version = "0.52.2"
+var version = "0.52.3"
 
 func Full() string {
 	return version