alexsun/compose-anything
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add goose

Browse Source
This commit is contained in:
Sun-ZhenXing
2026-01-02 22:06:24 +08:00
parent ab07facdb1
commit 25c618aa2e
17 changed files with 1241 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/frpc/.env.example
View File

@@ -1,7 +1,28 @@
# FRP Client Version
FRPC_VERSION=0.64.0
# Global registry prefix for pulling images (optional)
# GLOBAL_REGISTRY=
# FRP server configuration
FRP_SERVER_ADDR=your.server.com
# Timezone setting (default: UTC)
TZ=UTC
# FRP Client Version
FRPC_VERSION=0.65.0
# FRP server connection settings
FRP_SERVER_ADDR=127.0.0.1
FRP_SERVER_PORT=7000
FRP_SERVER_TOKEN=your_token_here
FRP_SERVER_TOKEN=server_token
# Local application host (use host.docker.internal to access host machine)
FRP_APP_HOST=127.0.0.1
# Admin dashboard configuration
FRP_ADMIN_ADDR=0.0.0.0
FRP_ADMIN_PORT=7400
FRP_ADMIN_USER=admin
FRP_ADMIN_PASSWORD=password
# Resource limits
FRPC_CPU_LIMIT=0.5
FRPC_MEMORY_LIMIT=128M
FRPC_CPU_RESERVATION=0.1
FRPC_MEMORY_RESERVATION=64M

201
src/frpc/README.md
View File

@@ -1,12 +1,40 @@
# FRPC (Intranet Penetration Client)
# FRPC (FRP Client)
[English](./README.md) | [中文](./README.zh.md)
This is an FRPC (Intranet Penetration Client) service.
FRPC is a fast reverse proxy client that connects to an FRP server to expose local services to the internet. This is the client component of the FRP (Fast Reverse Proxy) tool.
## Example
## Quick Start
Taking SSH service penetration as an example, create a new `frpc.toml` configuration file with the following content:
1. Create a `.env` file from `.env.example`:
```bash
cp .env.example .env
```
2. Edit the `.env` file and configure the FRP server connection:
```properties
FRP_SERVER_ADDR=your.frp.server.com
FRP_SERVER_PORT=7000
FRP_SERVER_TOKEN=your_server_token
```
3. Create a `frpc.toml` configuration file with your proxy rules (see example below).
4. Start the service:
```bash
docker compose up -d
```
## Configuration File
The client requires a `frpc.toml` file to define proxy rules. Here are some common examples:
### Example 1: SSH Service Proxy
Expose a local SSH service to the internet:
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
@@ -14,38 +42,165 @@ serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[[proxies]]
name = "app_22"
name = "ssh"
type = "tcp"
remotePort = 23922
localIP = "192.168.10.100"
remotePort = 6000
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 22
```
Configure the remote FRPS service address in the `.env` file:
This configuration will:
```properties
FRP_SERVER_ADDR=frps.example.com
FRP_SERVER_PORT=9870
FRP_SERVER_TOKEN=password
- Connect to the FRP server at `FRP_SERVER_ADDR:FRP_SERVER_PORT`
- Expose local SSH (port 22) through the server's port 6000
- Access the service via `FRP_SERVER_ADDR:6000`
### Example 2: Web Service Proxy
Expose a local web application:
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[[proxies]]
name = "web"
type = "http"
customDomains = ["your-domain.com"]
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 8080
```
Start the service to proxy `192.168.10.100:22` to `FRP_SERVER_ADDR:23922`.
### Example 3: Multiple Services
```bash
docker compose up -d
Proxy multiple services simultaneously:
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[[proxies]]
name = "ssh"
type = "tcp"
remotePort = 6000
localIP = "192.168.1.100"
localPort = 22
[[proxies]]
name = "web"
type = "tcp"
remotePort = 8080
localIP = "192.168.1.101"
localPort = 80
```
## Services
### Example 4: Admin Dashboard
- `frpc`: The FRPC client service.
Enable the admin dashboard to monitor the client:
## Configuration
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
- `FRPC_VERSION`: The version of the FRPC image, default is `0.64.0`.
- `FRP_SERVER_ADDR`: The remote FRPS server address.
- `FRP_SERVER_PORT`: The remote FRPS server port.
- `FRP_SERVER_TOKEN`: The token for connecting to FRPS.
webServer.addr = "{{ .Envs.FRP_ADMIN_ADDR }}"
webServer.port = {{ .Envs.FRP_ADMIN_PORT }}
webServer.user = "{{ .Envs.FRP_ADMIN_USER }}"
webServer.password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"
[[proxies]]
name = "app"
type = "tcp"
remotePort = 9000
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 3000
```
Access the admin dashboard at `http://localhost:7400` (default).
## Environment Variables
### Image Configuration
- `GLOBAL_REGISTRY`: Optional global registry prefix for pulling images
- `FRPC_VERSION`: FRPC image version (default: `0.65.0`)
- `TZ`: Timezone setting (default: `UTC`)
### Server Connection
- `FRP_SERVER_ADDR`: FRP server address (**required**, e.g., `frp.example.com` or `192.168.1.1`)
- `FRP_SERVER_PORT`: FRP server port (default: `7000`)
- `FRP_SERVER_TOKEN`: Authentication token for connecting to the server (**must match server token**)
### Local Application
- `FRP_APP_HOST`: Local application host address (default: `127.0.0.1`)
- Use `host.docker.internal` to access services running on the host machine
- Use specific IP addresses for services on your local network
### Admin Dashboard (Optional)
- `FRP_ADMIN_ADDR`: Admin dashboard bind address (default: `0.0.0.0`)
- `FRP_ADMIN_PORT`: Admin dashboard port (default: `7400`)
- `FRP_ADMIN_USER`: Admin dashboard username (default: `admin`)
- `FRP_ADMIN_PASSWORD`: Admin dashboard password (default: `password`)
### Resource Limits
- `FRPC_CPU_LIMIT`: CPU limit (default: `0.5`)
- `FRPC_MEMORY_LIMIT`: Memory limit (default: `128M`)
- `FRPC_CPU_RESERVATION`: CPU reservation (default: `0.1`)
- `FRPC_MEMORY_RESERVATION`: Memory reservation (default: `64M`)
## Volumes
- `frpc.toml`: The configuration file for FRPC.
- `./frpc.toml:/etc/frp/frpc.toml`: FRPC configuration file
## Accessing Host Services
To access services running on your host machine from within the container, use `host.docker.internal`:
```properties
FRP_APP_HOST=host.docker.internal
```
Then in your `frpc.toml`:
```toml
[[proxies]]
name = "local-service"
type = "tcp"
remotePort = 8080
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 3000
```
This will expose your host's port 3000 through the FRP server's port 8080.
## Security Notes
1. **Secure your token**: Keep your `FRP_SERVER_TOKEN` secret and use a strong, random value
2. **Limit exposure**: Only expose the services you actually need
3. **Use encryption**: Consider using HTTPS/TLS for sensitive services
4. **Monitor access**: Enable the admin dashboard to monitor active connections
## Troubleshooting
### Cannot connect to FRP server
- Verify `FRP_SERVER_ADDR` and `FRP_SERVER_PORT` are correct
- Ensure the FRP server is running and accessible
- Check that `FRP_SERVER_TOKEN` matches the server configuration
### Cannot access local service
- Verify `FRP_APP_HOST` is correct
- For host services, ensure you're using `host.docker.internal`
- For network services, ensure the IP address and port are correct
- Check firewall rules on both client and server sides
## License
FRP is licensed under the Apache License 2.0. See the [FRP GitHub repository](https://github.com/fatedier/frp) for more details.

201
src/frpc/README.zh.md
View File

@@ -1,12 +1,40 @@
# FRPC (内网穿透客户端)
# FRPCFRP 客户端
[English](./README.md) | [中文](./README.zh.md)
这是一个 FRPC内网穿透客户端服务
FRPC 是一个快速反向代理客户端,连接到 FRP 服务器以将本地服务暴露到互联网。这是 FRPFast Reverse Proxy工具的客户端组件
## 示例
## 快速开始
以 SSH 服务穿透为例,新建 `frpc.toml` 配置文件,内容如下
1.`.env.example` 创建 `.env` 文件
```bash
cp .env.example .env
```
2. 编辑 `.env` 文件并配置 FRP 服务器连接:
```properties
FRP_SERVER_ADDR=your.frp.server.com
FRP_SERVER_PORT=7000
FRP_SERVER_TOKEN=your_server_token
```
3. 创建包含代理规则的 `frpc.toml` 配置文件(参见下面的示例)。
4. 启动服务:
```bash
docker compose up -d
```
## 配置文件
客户端需要一个 `frpc.toml` 文件来定义代理规则。以下是一些常见示例:
### 示例 1SSH 服务代理
将本地 SSH 服务暴露到互联网:
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
@@ -14,38 +42,165 @@ serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[[proxies]]
name = "app_22"
name = "ssh"
type = "tcp"
remotePort = 23922
localIP = "192.168.10.100"
remotePort = 6000
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 22
```
配置远程 FRPS 服务地址到 `.env` 文件中
此配置将
```properties
FRP_SERVER_ADDR=frps.example.com
FRP_SERVER_PORT=9870
FRP_SERVER_TOKEN=password
- 连接到 `FRP_SERVER_ADDR:FRP_SERVER_PORT` 的 FRP 服务器
- 通过服务器的 6000 端口暴露本地 SSH22 端口)
- 通过 `FRP_SERVER_ADDR:6000` 访问服务
### 示例 2Web 服务代理
暴露本地 Web 应用程序:
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[[proxies]]
name = "web"
type = "http"
customDomains = ["your-domain.com"]
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 8080
```
启动服务,即可代理 `192.168.10.100:22``FRP_SERVER_ADDR:23922`
### 示例 3多个服务
```bash
docker compose up -d
同时代理多个服务:
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[[proxies]]
name = "ssh"
type = "tcp"
remotePort = 6000
localIP = "192.168.1.100"
localPort = 22
[[proxies]]
name = "web"
type = "tcp"
remotePort = 8080
localIP = "192.168.1.101"
localPort = 80
```
## 服务
### 示例 4管理面板
- `frpc`: FRPC 客户端服务。
启用管理面板以监控客户端:
## 配置
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
- `FRPC_VERSION`: FRPC 镜像的版本,默认为 `0.64.0`
- `FRP_SERVER_ADDR`: 远程 FRPS 服务器地址。
- `FRP_SERVER_PORT`: 远程 FRPS 服务器端口。
- `FRP_SERVER_TOKEN`: 用于连接 FRPS 的令牌。
webServer.addr = "{{ .Envs.FRP_ADMIN_ADDR }}"
webServer.port = {{ .Envs.FRP_ADMIN_PORT }}
webServer.user = "{{ .Envs.FRP_ADMIN_USER }}"
webServer.password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"
[[proxies]]
name = "app"
type = "tcp"
remotePort = 9000
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 3000
```
在 `http://localhost:7400`(默认)访问管理面板。
## 环境变量
### 镜像配置
- `GLOBAL_REGISTRY`:可选的全局镜像仓库前缀
- `FRPC_VERSION`FRPC 镜像版本(默认:`0.65.0`
- `TZ`:时区设置(默认:`UTC`
### 服务器连接
- `FRP_SERVER_ADDR`FRP 服务器地址(**必需**,例如 `frp.example.com` 或 `192.168.1.1`
- `FRP_SERVER_PORT`FRP 服务器端口(默认:`7000`
- `FRP_SERVER_TOKEN`:连接到服务器的认证令牌(**必须与服务器令牌匹配**
### 本地应用
- `FRP_APP_HOST`:本地应用主机地址(默认:`127.0.0.1`
- 使用 `host.docker.internal` 访问运行在主机上的服务
- 使用特定 IP 地址访问本地网络上的服务
### 管理面板(可选)
- `FRP_ADMIN_ADDR`:管理面板绑定地址(默认:`0.0.0.0`
- `FRP_ADMIN_PORT`:管理面板端口(默认:`7400`
- `FRP_ADMIN_USER`:管理面板用户名(默认:`admin`
- `FRP_ADMIN_PASSWORD`:管理面板密码(默认:`password`
### 资源限制
- `FRPC_CPU_LIMIT`CPU 限制(默认:`0.5`
- `FRPC_MEMORY_LIMIT`:内存限制(默认:`128M`
- `FRPC_CPU_RESERVATION`CPU 预留(默认:`0.1`
- `FRPC_MEMORY_RESERVATION`:内存预留(默认:`64M`
## 卷
- `frpc.toml`: FRPC 配置文件
- `./frpc.toml:/etc/frp/frpc.toml`FRPC 配置文件
## 访问主机服务
要从容器内访问运行在主机上的服务,请使用 `host.docker.internal`
```properties
FRP_APP_HOST=host.docker.internal
```
然后在 `frpc.toml` 中:
```toml
[[proxies]]
name = "local-service"
type = "tcp"
remotePort = 8080
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 3000
```
这将通过 FRP 服务器的 8080 端口暴露主机的 3000 端口。
## 安全注意事项
1. **保护令牌安全**:保持 `FRP_SERVER_TOKEN` 机密并使用强随机值
2. **限制暴露**:只暴露实际需要的服务
3. **使用加密**:对于敏感服务考虑使用 HTTPS/TLS
4. **监控访问**:启用管理面板以监控活动连接
## 故障排除
### 无法连接到 FRP 服务器
- 验证 `FRP_SERVER_ADDR` 和 `FRP_SERVER_PORT` 是否正确
- 确保 FRP 服务器正在运行且可访问
- 检查 `FRP_SERVER_TOKEN` 是否与服务器配置匹配
### 无法访问本地服务
- 验证 `FRP_APP_HOST` 是否正确
- 对于主机服务,确保使用 `host.docker.internal`
- 对于网络服务,确保 IP 地址和端口正确
- 检查客户端和服务器端的防火墙规则
## 许可证
FRP 采用 Apache License 2.0 许可证。详情请参阅 [FRP GitHub 仓库](https://github.com/fatedier/frp)。

19
src/frpc/docker-compose.yaml
View File

@@ -9,14 +9,23 @@ x-defaults: &defaults
services:
frpc:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}snowdreamtech/frpc:${FRPC_VERSION:-0.64.0}
image: ${GLOBAL_REGISTRY:-}snowdreamtech/frpc:${FRPC_VERSION:-0.65.0}
ports:
- "${FRP_ADMIN_PORT:-7400}:${FRP_ADMIN_PORT:-7400}"
volumes:
- ./frpc.toml:/etc/frp/frpc.toml:ro
- ./frpc.toml:/etc/frp/frpc.toml
environment:
TZ: ${TZ:-UTC}
FRP_SERVER_ADDR: ${FRP_SERVER_ADDR}
FRP_SERVER_PORT: ${FRP_SERVER_PORT}
FRP_SERVER_TOKEN: ${FRP_SERVER_TOKEN}
FRP_SERVER_ADDR: ${FRP_SERVER_ADDR:-127.0.0.1}
FRP_SERVER_PORT: ${FRP_SERVER_PORT:-7000}
FRP_SERVER_TOKEN: ${FRP_SERVER_TOKEN:-server_token}
FRP_APP_HOST: ${FRP_APP_HOST:-127.0.0.1}
FRP_ADMIN_ADDR: ${FRP_ADMIN_ADDR:-0.0.0.0}
FRP_ADMIN_PORT: ${FRP_ADMIN_PORT:-7400}
FRP_ADMIN_USER: ${FRP_ADMIN_USER:-admin}
FRP_ADMIN_PASSWORD: ${FRP_ADMIN_PASSWORD:-password}
extra_hosts:
- "host.docker.internal:host-gateway"
deploy:
resources:
limits:

27
src/frpc/frpc.toml
View File

@@ -1,10 +1,21 @@
[common]
server_addr = {{ .Envs.FRP_SERVER_ADDR }}
server_port = {{ .Envs.FRP_SERVER_PORT }}
token = {{ .Envs.FRP_SERVER_TOKEN }}
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
[app]
[auth]
token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[transport]
protocol = "kcp"
[webServer]
addr = "{{ .Envs.FRP_ADMIN_ADDR }}"
port = {{ .Envs.FRP_ADMIN_PORT }}
user = "{{ .Envs.FRP_ADMIN_USER }}"
password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"
[[proxies]]
name = "ssh"
type = "tcp"
remote_port = 22
local_ip = {{ .Envs.APP_HOST }}
local_port = 22
localPort = 22
remotePort = 22
localIp = "{{ .Envs.FRP_APP_HOST }}"

36
src/frps/.env.example
View File

@@ -1,15 +1,31 @@
# Global registry prefix for pulling images (optional)
# GLOBAL_REGISTRY=
# Timezone setting (default: UTC)
TZ=UTC
# FRP Server Version
FRPS_VERSION=0.64.0
FRPS_VERSION=0.65.0
# FRP server configuration
FRP_SERVER_TOKEN=your_token_here
FRP_SERVER_PORT=9870
FRP_ADMIN_PORT=7890
# Authentication settings
FRP_AUTH_METHOD=token
FRP_SERVER_TOKEN=server_token
# Admin credentials
# Server port configuration
FRP_SERVER_PORT=7000
# Admin dashboard configuration
FRP_ADMIN_ADDR=0.0.0.0
FRP_ADMIN_PORT=7500
FRP_ADMIN_USER=admin
FRP_ADMIN_PASS=password
FRP_ADMIN_PASSWORD=password
# Port overrides
FRP_PORT_OVERRIDE_SERVER=9870
FRP_PORT_OVERRIDE_ADMIN=7890
# Port overrides (host ports to map to container ports)
FRP_PORT_OVERRIDE_SERVER=7000
FRP_PORT_OVERRIDE_ADMIN=7500
# Resource limits
FRPS_CPU_LIMIT=0.5
FRPS_MEMORY_LIMIT=128M
FRPS_CPU_RESERVATION=0.1
FRPS_MEMORY_RESERVATION=64M

121
src/frps/README.md
View File

@@ -1,34 +1,63 @@
# FRPS (Intranet Penetration Server)
# FRPS (FRP Server)
[English](./README.md) | [中文](./README.zh.md)
This is an FRPS (Intranet Penetration Server) service.
FRPS is a fast reverse proxy server that helps expose local servers behind NAT and firewalls to the internet. This is the server component of the FRP (Fast Reverse Proxy) tool.
## Example
## Quick Start
Create a new `frps.toml` configuration file with the following content:
1. Create a `.env` file from `.env.example`:
```bash
cp .env.example .env
```
2. Edit the `.env` file and configure authentication credentials:
```properties
FRP_SERVER_TOKEN=your_secure_token_here
FRP_ADMIN_USER=your_admin_username
FRP_ADMIN_PASSWORD=your_secure_password
```
3. Create a `frps.toml` configuration file or use the provided template.
4. Start the service:
```bash
docker compose up -d
```
The server will be accessible on:
- FRP server port: `7000` (default)
- Admin dashboard: `http://localhost:7500` (default)
## Configuration File
Example `frps.toml`:
```toml
bindPort = {{ .Envs.FRP_SERVER_PORT }}
auth.method = "{{ .Envs.FRP_AUTH_METHOD }}"
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
webServer.addr = "0.0.0.0"
webServer.addr = "{{ .Envs.FRP_ADMIN_ADDR }}"
webServer.port = {{ .Envs.FRP_ADMIN_PORT }}
webServer.user = "{{ .Envs.FRP_ADMIN_USER }}"
webServer.password = "{{ .Envs.FRP_ADMIN_PASS }}"
webServer.password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"
```
Configure secrets and other information in the `.env` file:
## Network Modes
```properties
FRP_SERVER_TOKEN=token
FRP_ADMIN_USER=admin
FRP_ADMIN_PASS=password
```
### Standard Mode (Default)
Start the service to proxy client requests. Note that you need to map the client's port. You can share the service through HOST network or shared network.
Uses port mapping as configured in `docker-compose.yaml`.
To enable HOST mode, use the following method:
### Host Network Mode
For better performance and access to all ports, use host network mode:
```yaml
services:
@@ -37,21 +66,61 @@ services:
network_mode: host
```
## Services
**Note**: When using host network mode, the `ports` section is ignored and the service directly uses host ports.
- `frps`: The FRPS server service.
## Environment Variables
## Configuration
### Image Configuration
- `FRPS_VERSION`: The version of the FRPS image, default is `0.64.0`.
- `FRP_SERVER_PORT`: The port for the FRPS server, default is `9870`.
- `FRP_ADMIN_PORT`: The port for the FRPS admin dashboard, default is `7890`.
- `FRP_PORT_OVERRIDE_SERVER`: The host port to map to the FRPS server port.
- `FRP_PORT_OVERRIDE_ADMIN`: The host port to map to the FRPS admin port.
- `FRP_SERVER_TOKEN`: The token for authenticating clients.
- `FRP_ADMIN_USER`: The username for the admin dashboard, default is `admin`.
- `FRP_ADMIN_PASS`: The password for the admin dashboard, default is `password`.
- `GLOBAL_REGISTRY`: Optional global registry prefix for pulling images
- `FRPS_VERSION`: FRPS image version (default: `0.65.0`)
- `TZ`: Timezone setting (default: `UTC`)
### Server Configuration
- `FRP_AUTH_METHOD`: Authentication method (default: `token`)
- `FRP_SERVER_TOKEN`: Token for client authentication (**change this for security**)
- `FRP_SERVER_PORT`: FRP server port (default: `7000`)
### Admin Dashboard
- `FRP_ADMIN_ADDR`: Admin dashboard bind address (default: `0.0.0.0`)
- `FRP_ADMIN_PORT`: Admin dashboard port (default: `7500`)
- `FRP_ADMIN_USER`: Admin dashboard username (default: `admin`)
- `FRP_ADMIN_PASSWORD`: Admin dashboard password (**change this for security**)
### Port Overrides
- `FRP_PORT_OVERRIDE_SERVER`: Host port to map to FRP server port (default: `7000`)
- `FRP_PORT_OVERRIDE_ADMIN`: Host port to map to admin dashboard (default: `7500`)
### Resource Limits
- `FRPS_CPU_LIMIT`: CPU limit (default: `0.5`)
- `FRPS_MEMORY_LIMIT`: Memory limit (default: `128M`)
- `FRPS_CPU_RESERVATION`: CPU reservation (default: `0.1`)
- `FRPS_MEMORY_RESERVATION`: Memory reservation (default: `64M`)
## Volumes
- `frps.toml`: The configuration file for FRPS.
- `./frps.toml:/etc/frp/frps.toml`: FRPS configuration file
## Security Notes
1. **Change default credentials**: Always change `FRP_SERVER_TOKEN`, `FRP_ADMIN_USER`, and `FRP_ADMIN_PASSWORD` from their default values
2. **Use strong passwords**: Use complex, randomly generated passwords and tokens
3. **Firewall rules**: Consider limiting access to the admin dashboard to trusted IP addresses
4. **TLS/SSL**: For production use, consider setting up TLS encryption in the FRP configuration
## Health Check
The service includes a health check that verifies the admin dashboard is accessible. The health check:
- Runs every 30 seconds
- Has a 10-second timeout
- Retries up to 3 times
- Waits 10 seconds before the first check after startup
## License
FRP is licensed under the Apache License 2.0. See the [FRP GitHub repository](https://github.com/fatedier/frp) for more details.

121
src/frps/README.zh.md
View File

@@ -1,34 +1,63 @@
# FRPS (内网穿透服务端)
# FRPSFRP 服务端
[English](./README.md) | [中文](./README.zh.md)
这是一个 FRPS内网穿透服务端服务
FRPS 是一个快速反向代理服务器,可以帮助将 NAT 和防火墙后面的本地服务器暴露到互联网。这是 FRPFast Reverse Proxy工具的服务端组件
## 示例
## 快速开始
新建 `frps.toml` 配置文件,内容如下
1.`.env.example` 创建 `.env` 文件
```bash
cp .env.example .env
```
2. 编辑 `.env` 文件并配置认证凭据:
```properties
FRP_SERVER_TOKEN=your_secure_token_here
FRP_ADMIN_USER=your_admin_username
FRP_ADMIN_PASSWORD=your_secure_password
```
3. 创建 `frps.toml` 配置文件或使用提供的模板。
4. 启动服务:
```bash
docker compose up -d
```
服务将在以下位置可访问:
- FRP 服务端口:`7000`(默认)
- 管理面板:`http://localhost:7500`(默认)
## 配置文件
示例 `frps.toml`
```toml
bindPort = {{ .Envs.FRP_SERVER_PORT }}
auth.method = "{{ .Envs.FRP_AUTH_METHOD }}"
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
webServer.addr = "0.0.0.0"
webServer.addr = "{{ .Envs.FRP_ADMIN_ADDR }}"
webServer.port = {{ .Envs.FRP_ADMIN_PORT }}
webServer.user = "{{ .Envs.FRP_ADMIN_USER }}"
webServer.password = "{{ .Envs.FRP_ADMIN_PASS }}"
webServer.password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"
```
配置密钥等信息到 `.env` 文件中:
## 网络模式
```properties
FRP_SERVER_TOKEN=token
FRP_ADMIN_USER=admin
FRP_ADMIN_PASS=password
```
### 标准模式(默认)
启动服务,即可代理客户端请求,注意需要将客户端的端口映射出来。可以通过 HOST 网络或共享网络的方式共享服务
使用 `docker-compose.yaml` 中配置的端口映射
使用如下方法启用 HOST 模式
### Host 网络模式
为了获得更好的性能和访问所有端口,可以使用 host 网络模式:
```yaml
services:
@@ -37,21 +66,61 @@ services:
network_mode: host
```
## 服务
**注意**:使用 host 网络模式时,`ports` 部分将被忽略,服务直接使用主机端口。
- `frps`: FRPS 服务端服务。
## 环境变量
## 配置
### 镜像配置
- `FRPS_VERSION`: FRPS 镜像的版本,默认为 `0.64.0`
- `FRP_SERVER_PORT`: FRPS 服务端口,默认为 `9870`
- `FRP_ADMIN_PORT`: FRPS 管理面板端口,默认为 `7890`
- `FRP_PORT_OVERRIDE_SERVER`: 映射到 FRPS 服务端口的主机端口。
- `FRP_PORT_OVERRIDE_ADMIN`: 映射到 FRPS 管理面板端口的主机端口。
- `FRP_SERVER_TOKEN`: 用于认证客户端的令牌。
- `FRP_ADMIN_USER`: 管理面板的用户名,默认为 `admin`
- `FRP_ADMIN_PASS`: 管理面板的密码,默认为 `password`
- `GLOBAL_REGISTRY`:可选的全局镜像仓库前缀
- `FRPS_VERSION`FRPS 镜像版本(默认:`0.65.0`
- `TZ`:时区设置(默认:`UTC`
### 服务器配置
- `FRP_AUTH_METHOD`:认证方法(默认:`token`
- `FRP_SERVER_TOKEN`:客户端认证令牌(**请修改以确保安全**
- `FRP_SERVER_PORT`FRP 服务端口(默认:`7000`
### 管理面板
- `FRP_ADMIN_ADDR`:管理面板绑定地址(默认:`0.0.0.0`
- `FRP_ADMIN_PORT`:管理面板端口(默认:`7500`
- `FRP_ADMIN_USER`:管理面板用户名(默认:`admin`
- `FRP_ADMIN_PASSWORD`:管理面板密码(**请修改以确保安全**
### 端口覆盖
- `FRP_PORT_OVERRIDE_SERVER`:映射到 FRP 服务端口的主机端口(默认:`7000`
- `FRP_PORT_OVERRIDE_ADMIN`:映射到管理面板的主机端口(默认:`7500`
### 资源限制
- `FRPS_CPU_LIMIT`CPU 限制(默认:`0.5`
- `FRPS_MEMORY_LIMIT`:内存限制(默认:`128M`
- `FRPS_CPU_RESERVATION`CPU 预留(默认:`0.1`
- `FRPS_MEMORY_RESERVATION`:内存预留(默认:`64M`
## 卷
- `frps.toml`: FRPS 配置文件
- `./frps.toml:/etc/frp/frps.toml`FRPS 配置文件
## 安全注意事项
1. **修改默认凭据**:务必修改 `FRP_SERVER_TOKEN`、`FRP_ADMIN_USER` 和 `FRP_ADMIN_PASSWORD` 的默认值
2. **使用强密码**:使用复杂的随机生成的密码和令牌
3. **防火墙规则**:考虑将管理面板的访问限制在受信任的 IP 地址
4. **TLS/SSL**:在生产环境中,考虑在 FRP 配置中设置 TLS 加密
## 健康检查
服务包含一个健康检查,用于验证管理面板是否可访问。健康检查:
- 每 30 秒运行一次
- 超时时间为 10 秒
- 最多重试 3 次
- 启动后等待 10 秒再进行第一次检查
## 许可证
FRP 采用 Apache License 2.0 许可证。详情请参阅 [FRP GitHub 仓库](https://github.com/fatedier/frp)。

23
src/frps/docker-compose.yaml
View File

@@ -9,19 +9,24 @@ x-defaults: &defaults
services:
frps:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}snowdreamtech/frps:${FRPS_VERSION:-0.64.0}
image: ${GLOBAL_REGISTRY:-}snowdreamtech/frps:${FRPS_VERSION:-0.65.0}
volumes:
- ./frps.toml:/etc/frp/frps.toml:ro
- ./frps.toml:/etc/frp/frps.toml
ports:
- ${FRP_PORT_OVERRIDE_SERVER:-9870}:${FRP_SERVER_PORT:-9870}
- ${FRP_PORT_OVERRIDE_ADMIN:-7890}:${FRP_ADMIN_PORT:-7890}
- ${FRP_PORT_OVERRIDE_SERVER:-7000}:${FRP_SERVER_PORT:-7000}/tcp
- ${FRP_PORT_OVERRIDE_SERVER:-7000}:${FRP_SERVER_PORT:-7000}/udp
- ${FRP_PORT_OVERRIDE_ADMIN:-7500}:${FRP_ADMIN_PORT:-7500}
environment:
TZ: ${TZ:-UTC}
FRP_SERVER_TOKEN: ${FRP_SERVER_TOKEN}
FRP_SERVER_PORT: ${FRP_SERVER_PORT:-9870}
FRP_ADMIN_PORT: ${FRP_ADMIN_PORT:-7890}
FRP_AUTH_METHOD: ${FRP_AUTH_METHOD:-token}
FRP_SERVER_TOKEN: ${FRP_SERVER_TOKEN:-server_token}
FRP_SERVER_PORT: ${FRP_SERVER_PORT:-7000}
FRP_ADMIN_ADDR: ${FRP_ADMIN_ADDR:-0.0.0.0}
FRP_ADMIN_PORT: ${FRP_ADMIN_PORT:-7500}
FRP_ADMIN_USER: ${FRP_ADMIN_USER:-admin}
FRP_ADMIN_PASS: ${FRP_ADMIN_PASS:-password}
FRP_ADMIN_PASSWORD: ${FRP_ADMIN_PASSWORD:-password}
extra_hosts:
- "host.docker.internal:host-gateway"
deploy:
resources:
limits:
@@ -31,7 +36,7 @@ services:
cpus: ${FRPS_CPU_RESERVATION:-0.1}
memory: ${FRPS_MEMORY_RESERVATION:-64M}
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:${FRP_ADMIN_PORT:-7890}/"]
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:${FRP_ADMIN_PORT:-7500}/"]
interval: 30s
timeout: 10s
retries: 3

21
src/frps/frps.toml
View File

@@ -1,8 +1,15 @@
[common]
bind_port = {{ .Envs.FRP_SERVER_PORT }}
token = {{ .Envs.FRP_SERVER_TOKEN }}
bindPort = {{ .Envs.FRP_SERVER_PORT }}
kcpBindPort = {{ .Envs.FRP_SERVER_PORT }}
dashboard_addr = 0.0.0.0
dashboard_port = {{ .Envs.FRP_ADMIN_PORT }}
dashboard_user = {{ .Envs.FRP_ADMIN_USER }}
dashboard_pwd = {{ .Envs.FRP_ADMIN_PASS }}
[auth]
method = "{{ .Envs.FRP_AUTH_METHOD }}"
token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[transport]
maxPoolCount = 20
[webServer]
addr = "{{ .Envs.FRP_ADMIN_ADDR }}"
port = {{ .Envs.FRP_ADMIN_PORT }}
user = "{{ .Envs.FRP_ADMIN_USER }}"
password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"