frp

README | 中文文档

Sponsors

frp is an open source project with its ongoing development made possible entirely by the support of our awesome sponsors. If you'd like to join them, please consider sponsoring frp's development.

<h3 align="center">Gold Sponsors</h3> <!--gold sponsors start--> <div align="center">

Recall.ai - API for meeting recordings

If you're looking for a meeting recording API, consider checking out Recall.ai,

an API that records Zoom, Google Meet, Microsoft Teams, in-person meetings, and more.

</div> <p align="center"> <a href="https://requestly.com/?utm_source=github&utm_medium=partnered&utm_campaign=frp" target="_blank"> <img width="480px" src="https://github.com/user-attachments/assets/24670320-997d-4d62-9bca-955c59fe883d"> <br> <b>Requestly - Free & Open-Source alternative to Postman</b> <br> _{All-in-one platform to Test, Mock and Intercept APIs.} </a> </p> <p align="center"> <a href="https://jb.gg/frp" target="_blank"> <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_jetbrains.jpg"> <br> <b>The complete IDE crafted for professional Go developers</b> </a> </p> <p align="center"> <a href="https://github.com/beclab/Olares" target="_blank"> <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_olares.jpeg"> <br> <b>The sovereign cloud that puts you in control</b> <br> _{An open source, self-hosted alternative to public clouds, built for data ownership and privacy} </a> </p> <!--gold sponsors end-->

What is frp?

frp is a fast reverse proxy that allows you to expose a local server located behind a NAT or firewall to the Internet. It currently supports TCP and UDP, as well as HTTP and HTTPS protocols, enabling requests to be forwarded to internal services via domain name.

frp also offers a P2P connect mode.

Table of Contents

<!-- vim-markdown-toc GFM -->

• Development Status
  • About V2
• Architecture
• Example Usage
  • Access your computer in a LAN network via SSH
  • Multiple SSH services sharing the same port
  • Accessing Internal Web Services with Custom Domains in LAN
  • Forward DNS query requests
  • Forward Unix Domain Socket
  • Expose a simple HTTP file server
  • Enable HTTPS for a local HTTP(S) service
  • Expose your service privately
  • P2P Mode
• Features
  • Configuration Files
  • Using Environment Variables
  • Split Configures Into Different Files
  • Server Dashboard
  • Client Admin UI
  • Monitor
    • Prometheus
  • Authenticating the Client
    • Token Authentication
    • OIDC Authentication
  • Encryption and Compression
    • TLS
  • Hot-Reloading frpc configuration
  • Get proxy status from client
  • Only allowing certain ports on the server
  • Port Reuse
  • Bandwidth Limit
    • For Each Proxy
  • TCP Stream Multiplexing
  • Support KCP Protocol
  • Support QUIC Protocol
  • Connection Pooling
  • Load balancing
  • Service Health Check
  • Rewriting the HTTP Host Header
  • Setting other HTTP Headers
  • Get Real IP
    • HTTP X-Forwarded-For
    • Proxy Protocol
  • Require HTTP Basic Auth (Password) for Web Services
  • Custom Subdomain Names
  • URL Routing
  • TCP Port Multiplexing
  • Connecting to frps via PROXY
  • Port range mapping
  • Client Plugins
  • Server Manage Plugins
  • SSH Tunnel Gateway
  • Virtual Network (VirtualNet)
• Feature Gates
  • Available Feature Gates
  • Enabling Feature Gates
  • Feature Lifecycle
• Related Projects
• Contributing
• Donation
  • GitHub Sponsors
  • PayPal

<!-- vim-markdown-toc -->

Development Status

frp is currently under development. You can try the latest release version in the master branch, or use the dev branch to access the version currently in development.

We are currently working on version 2 and attempting to perform some code refactoring and improvements. However, please note that it will not be compatible with version 1.

We will transition from version 0 to version 1 at the appropriate time and will only accept bug fixes and improvements, rather than big feature requests.

About V2

The complexity and difficulty of the v2 version are much higher than anticipated. I can only work on its development during fragmented time periods, and the constant interruptions disrupt productivity significantly. Given this situation, we will continue to optimize and iterate on the current version until we have more free time to proceed with the major version overhaul.

The concept behind v2 is based on my years of experience and reflection in the cloud-native domain, particularly in K8s and ServiceMesh. Its core is a modernized four-layer and seven-layer proxy, similar to envoy. This proxy itself is highly scalable, not only capable of implementing the functionality of intranet penetration but also applicable to various other domains. Building upon this highly scalable core, we aim to implement all the capabilities of frp v1 while also addressing the functionalities that were previously unachievable or difficult to implement in an elegant manner. Furthermore, we will maintain efficient development and iteration capabilities.

In addition, I envision frp itself becoming a highly extensible system and platform, similar to how we can provide a range of extension capabilities based on K8s. In K8s, we can customize development according to enterprise needs, utilizing features such as CRD, controller mode, webhook, CSI, and CNI. In frp v1, we introduced the concept of server plugins, which implemented some basic extensibility. However, it relies on a simple HTTP protocol and requires users to start independent processes and manage them on their own. This approach is far from flexible and convenient, and real-world demands vary greatly. It is unrealistic to expect a non-profit open-source project maintained by a few individuals to meet everyone's needs.

Finally, we acknowledge that the current design of modules such as configuration management, permission verification, certificate management, and API management is not modern enough. While we may carry out some optimizations in the v1 version, ensuring compatibility remains a challenging issue that requires a considerable amount of effort to address.

We sincerely appreciate your support for frp.

Architecture

Example Usage

To begin, download the latest program for your operating system and architecture from the Release page.

Next, place the frps binary and server configuration file on Server A, which has a public IP address.

Finally, place the frpc binary and client configuration file on Server B, which is located on a LAN that cannot be directly accessed from the public internet.

Some antiviruses improperly mark frpc as malware and delete it. This is due to frp being a networking tool capable of creating reverse proxies. Antiviruses sometimes flag reverse proxies due to their ability to bypass firewall port restrictions. If you are using antivirus, then you may need to whitelist/exclude frpc in your antivirus settings to avoid accidental quarantine/deletion. See issue 3637 for more details.

Access your computer in a LAN network via SSH

1. Modify frps.toml on server A by setting the bindPort for frp clients to connect to:

# frps.toml
bindPort = 7000

2. Start frps on server A:

`