alexsun/compose-anything
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add goose

Browse Source
This commit is contained in:
Sun-ZhenXing
2026-01-02 22:06:24 +08:00
parent ab07facdb1
commit 25c618aa2e
17 changed files with 1241 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@@ -2,6 +2,18 @@
Compose Anything helps users quickly deploy various services by providing a set of high-quality Docker Compose configuration files. These configurations constrain resource usage, can be easily migrated to systems like K8S, and are easy to understand and modify.
## Build Services
These services require building custom Docker images from source.
| Service | Version |
| ------------------------------------------- | ------- |
| [Debian DinD](./builds/debian-dind) | 0.1.1 |
| [goose](./builds/goose) | 1.18.0 |
| [IOPaint](./builds/io-paint) | 1.6.0 |
| [K3s inside DinD](./builds/k3s-inside-dind) | 0.2.2 |
| [MinerU vLLM](./builds/mineru) | 2.7.0 |
## Supported Services
| Service | Version |
@@ -30,8 +42,8 @@ Compose Anything helps users quickly deploy various services by providing a set
| [Elasticsearch](./src/elasticsearch) | 8.16.1 |
| [etcd](./src/etcd) | 3.6.0 |
| [Firecrawl](./src/firecrawl) | latest |
| [frpc](./src/frpc) | 0.64.0 |
| [frps](./src/frps) | 0.64.0 |
| [frpc](./src/frpc) | 0.65.0 |
| [frps](./src/frps) | 0.65.0 |
| [Gitea Runner](./src/gitea-runner) | 0.2.13 |
| [Gitea](./src/gitea) | 1.24.6 |
| [GitLab Runner](./src/gitlab-runner) | 17.10.1 |
@@ -41,7 +53,6 @@ Compose Anything helps users quickly deploy various services by providing a set
| [Halo](./src/halo) | 2.21.9 |
| [Harbor](./src/harbor) | v2.12.0 |
| [HashiCorp Consul](./src/consul) | 1.20.3 |
| [IOPaint](./builds/io-paint) | latest |
| [Jenkins](./src/jenkins) | 2.486-lts |
| [JODConverter](./src/jodconverter) | latest |
| [Kestra](./src/kestra) | latest-full |
@@ -58,7 +69,6 @@ Compose Anything helps users quickly deploy various services by providing a set
| [Milvus Standalone Embed](./src/milvus-standalone-embed) | v2.6.7 |
| [Milvus Standalone](./src/milvus-standalone) | v2.6.7 |
| [Minecraft Bedrock Server](./src/minecraft-bedrock-server) | latest |
| [MinerU vLLM](./builds/mineru) | 2.7.0 |
| [MinIO](./src/minio) | 0.20251015 |
| [MLflow](./src/mlflow) | v2.20.2 |
| [MongoDB ReplicaSet Single](./src/mongodb-replicaset-single) | 8.2.3 |

18
README.zh.md
View File

@@ -2,6 +2,18 @@
Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,帮助用户快速部署各种服务。这些配置约束了资源使用,可快速迁移到 K8S 等系统,并且易于理解和修改。
## 构建服务
这些服务需要从源代码构建自定义 Docker 镜像。
| 服务 | 版本 |
| ------------------------------------------- | ------ |
| [Debian DinD](./builds/debian-dind) | 0.1.1 |
| [goose](./builds/goose) | 1.18.0 |
| [IOPaint](./builds/io-paint) | 1.6.0 |
| [K3s inside DinD](./builds/k3s-inside-dind) | 0.2.2 |
| [MinerU vLLM](./builds/mineru) | 2.7.0 |
## 已经支持的服务
| 服务 | 版本 |
@@ -30,8 +42,8 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,
| [Elasticsearch](./src/elasticsearch) | 8.16.1 |
| [etcd](./src/etcd) | 3.6.0 |
| [Firecrawl](./src/firecrawl) | latest |
| [frpc](./src/frpc) | 0.64.0 |
| [frps](./src/frps) | 0.64.0 |
| [frpc](./src/frpc) | 0.65.0 |
| [frps](./src/frps) | 0.65.0 |
| [Gitea Runner](./src/gitea-runner) | 0.2.13 |
| [Gitea](./src/gitea) | 1.24.6 |
| [GitLab Runner](./src/gitlab-runner) | 17.10.1 |
@@ -41,7 +53,6 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,
| [Halo](./src/halo) | 2.21.9 |
| [Harbor](./src/harbor) | v2.12.0 |
| [HashiCorp Consul](./src/consul) | 1.20.3 |
| [IOPaint](./builds/io-paint) | latest |
| [Jenkins](./src/jenkins) | 2.486-lts |
| [JODConverter](./src/jodconverter) | latest |
| [Kestra](./src/kestra) | latest-full |
@@ -58,7 +69,6 @@ Compose Anything 通过提供一组高质量的 Docker Compose 配置文件,
| [Milvus Standalone Embed](./src/milvus-standalone-embed) | v2.6.7 |
| [Milvus Standalone](./src/milvus-standalone) | v2.6.7 |
| [Minecraft Bedrock Server](./src/minecraft-bedrock-server) | latest |
| [MinerU vLLM](./builds/mineru) | 2.7.0 |
| [MinIO](./src/minio) | 0.20251015 |
| [MLflow](./src/mlflow) | v2.20.2 |
| [MongoDB ReplicaSet Single](./src/mongodb-replicaset-single) | 8.2.3 |

64
builds/goose/.env.example Normal file
View File

@@ -0,0 +1,64 @@
# goose Configuration
# AI-powered developer agent by Block
# Global registry prefix (optional)
# Leave empty to pull from Docker Hub
GLOBAL_REGISTRY=
# goose version
# Default: latest
GOOSE_VERSION=1.18.0
# Timezone
# Default: UTC
TZ=UTC
# ============================================
# API Configuration
# ============================================
# OpenAI API Configuration
# Required if using OpenAI provider
OPENAI_API_KEY=
# Optional: Custom API base URL (e.g., for proxy or local deployment)
OPENAI_API_BASE=
# Anthropic API Configuration
# Required if using Anthropic provider
ANTHROPIC_API_KEY=
# Google API Configuration
# Required if using Google provider
GOOGLE_API_KEY=
# ============================================
# goose Configuration
# ============================================
# AI Provider
# Options: openai, anthropic, google
# Default: openai
GOOSE_PROVIDER=openai
# AI Model
# For OpenAI: gpt-4, gpt-4-turbo, gpt-3.5-turbo
# For Anthropic: claude-3-opus, claude-3-sonnet, claude-3-haiku
# For Google: gemini-pro
# Default: gpt-4
GOOSE_MODEL=gpt-4
# ============================================
# Resource Limits
# ============================================
# CPU limits
GOOSE_CPU_LIMIT=2.00
GOOSE_CPU_RESERVATION=0.50
# Memory limits
GOOSE_MEMORY_LIMIT=2G
GOOSE_MEMORY_RESERVATION=512M
# Logging limits
GOOSE_LOG_MAX_SIZE=100m
GOOSE_LOG_MAX_FILE=3

46
builds/goose/Dockerfile Normal file
View File

@@ -0,0 +1,46 @@
FROM debian:bookworm-slim@sha256:b1a741487078b369e78119849663d7f1a5341ef2768798f7b7406c4240f86aef
ARG GOOSE_VERSION=1.18.0
ARG TARGETARCH
# Install runtime dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends \
ca-certificates \
libssl3 \
libdbus-1-3 \
libxcb1 \
curl \
bzip2 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Download and install goose binary based on architecture
RUN ARCH=${TARGETARCH:-amd64} && \
case "${ARCH}" in \
amd64) GOOSE_ARCH="x86_64" ;; \
arm64) GOOSE_ARCH="aarch64" ;; \
*) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; \
esac && \
curl -fsSL "https://github.com/block/goose/releases/download/v${GOOSE_VERSION}/goose-${GOOSE_ARCH}-unknown-linux-gnu.tar.bz2" \
-o /tmp/goose.tar.bz2 && \
tar -xjf /tmp/goose.tar.bz2 -C /usr/local/bin && \
chmod +x /usr/local/bin/goose && \
rm /tmp/goose.tar.bz2
# Create non-root user
RUN useradd -m -u 1000 -s /bin/bash goose && \
mkdir -p /home/goose/.config/goose && \
chown -R goose:goose /home/goose
# Set up environment
ENV PATH="/usr/local/bin:${PATH}"
ENV HOME="/home/goose"
# Switch to non-root user
USER goose
WORKDIR /home/goose
# Default to goose CLI
ENTRYPOINT ["/usr/local/bin/goose"]
CMD ["--help"]

195
builds/goose/README.md Normal file
View File

@@ -0,0 +1,195 @@
# goose
[中文文档](README.zh.md)
goose is an AI-powered developer agent created by Block. It helps developers with coding tasks through natural language interaction, offering intelligent code generation, debugging assistance, and project navigation.
## Features
- **AI-Powered Development**: Leverage advanced language models for coding assistance
- **Multiple AI Providers**: Support for OpenAI, Anthropic, and Google AI
- **Interactive CLI**: Engage with goose through an intuitive command-line interface
- **Project Understanding**: Analyze and understand your codebase context
- **Code Generation**: Generate code snippets and implementations
- **Debugging Help**: Assist with troubleshooting and error resolution
## Prerequisites
- Docker and Docker Compose installed
- An API key from one of the supported AI providers:
- OpenAI API key (for GPT models)
- Anthropic API key (for Claude models)
- Google API key (for Gemini models)
## Quick Start
1. Copy the example environment file:
```bash
cp .env.example .env
```
2. Edit `.env` and configure your API credentials:
```bash
# For OpenAI
OPENAI_API_KEY=your_openai_api_key_here
GOOSE_PROVIDER=openai
GOOSE_MODEL=gpt-4
# OR for Anthropic
ANTHROPIC_API_KEY=your_anthropic_api_key_here
GOOSE_PROVIDER=anthropic
GOOSE_MODEL=claude-3-sonnet
# OR for Google
GOOGLE_API_KEY=your_google_api_key_here
GOOSE_PROVIDER=google
GOOSE_MODEL=gemini-pro
```
3. Build the Docker image:
```bash
docker compose build
```
4. Run goose:
```bash
docker compose run --rm goose
```
## Usage Examples
### Interactive Session
Start an interactive session with goose:
```bash
docker compose run --rm goose session start
```
### Execute a Task
Run a specific task or query:
```bash
docker compose run --rm goose run "explain the main function in app.py"
```
### Get Help
View available commands:
```bash
docker compose run --rm goose --help
```
## Configuration
### Environment Variables
| Variable | Description | Default |
| -------------------- | --------------------------------------- | -------- |
| `GOOSE_VERSION` | goose Docker image version | `1.18.0` |
| `TZ` | Container timezone | `UTC` |
| `GOOSE_PROVIDER` | AI provider (openai, anthropic, google) | `openai` |
| `GOOSE_MODEL` | AI model to use | `gpt-4` |
| `OPENAI_API_KEY` | OpenAI API key | - |
| `OPENAI_API_BASE` | Custom OpenAI API base URL | - |
| `ANTHROPIC_API_KEY` | Anthropic API key | - |
| `GOOGLE_API_KEY` | Google API key | - |
| `GOOSE_CPU_LIMIT` | CPU limit | `2.00` |
| `GOOSE_MEMORY_LIMIT` | Memory limit | `2G` |
### Working with Your Project
Mount your project directory to work with your code:
```bash
docker compose run --rm -v $(pwd):/workspace goose
```
Or add it to the `docker-compose.yaml` volumes section:
```yaml
volumes:
- ./your-project:/workspace
- goose_config:/home/goose/.config/goose
```
## Persistent Configuration
Configuration and session data are stored in named volumes:
- `goose_config`: User configuration and preferences
- `goose_workspace`: Workspace files and project data
To reset configuration:
```bash
docker compose down -v
```
## Resource Limits
Default resource allocations:
- **CPU Limit**: 2.00 cores
- **CPU Reservation**: 0.50 cores
- **Memory Limit**: 2G
- **Memory Reservation**: 512M
Adjust these in `.env` based on your system capabilities.
## Security Considerations
1. **API Keys**: Never commit your `.env` file with API keys to version control
2. **Workspace Access**: goose has access to files in the mounted workspace directory
3. **Network**: The container runs without exposed ports by default
4. **User Privileges**: Runs as non-root user (UID 1000) for enhanced security
## Supported AI Models
### OpenAI
- `gpt-4` (recommended)
- `gpt-4-turbo`
- `gpt-3.5-turbo`
### Anthropic
- `claude-3-opus`
- `claude-3-sonnet` (recommended)
- `claude-3-haiku`
### Google
- `gemini-pro`
## Troubleshooting
### API Authentication Errors
Ensure your API key is correctly set in `.env` and matches your chosen provider.
### Out of Memory
If you encounter memory issues, increase `GOOSE_MEMORY_LIMIT` in `.env`.
### Build Failures
The initial build may take 15-30 minutes as it compiles goose from source. Ensure you have a stable internet connection.
## References
- [Official GitHub Repository](https://github.com/block/goose)
- [Documentation](https://block.github.io/goose/)
- [Contributing Guide](https://github.com/block/goose/blob/main/CONTRIBUTING.md)
## License
goose is released under the Apache-2.0 License. See the [official repository](https://github.com/block/goose) for details.
This Docker Compose configuration is provided as-is for convenience and follows the project's license terms.

195
builds/goose/README.zh.md Normal file
View File

@@ -0,0 +1,195 @@
# goose
[English Documentation](README.md)
goose 是由 Block 公司开发的 AI 驱动的开发者助手。它通过自然语言交互帮助开发者完成编码任务,提供智能代码生成、调试协助和项目导航功能。
## 功能特性
- **AI 驱动开发**:利用先进的语言模型提供编程协助
- **多 AI 提供商支持**:支持 OpenAI、Anthropic 和 Google AI
- **交互式 CLI**:通过直观的命令行界面与 goose 交互
- **项目理解**:分析和理解您的代码库上下文
- **代码生成**:生成代码片段和实现
- **调试帮助**:协助故障排查和错误解决
## 前置要求
- 已安装 Docker 和 Docker Compose
- 来自受支持的 AI 提供商之一的 API 密钥:
- OpenAI API 密钥(用于 GPT 模型)
- Anthropic API 密钥(用于 Claude 模型)
- Google API 密钥(用于 Gemini 模型)
## 快速开始
1. 复制示例环境文件:
```bash
cp .env.example .env
```
2. 编辑 `.env` 并配置您的 API 凭据:
```bash
# 使用 OpenAI
OPENAI_API_KEY=your_openai_api_key_here
GOOSE_PROVIDER=openai
GOOSE_MODEL=gpt-4
# 或使用 Anthropic
ANTHROPIC_API_KEY=your_anthropic_api_key_here
GOOSE_PROVIDER=anthropic
GOOSE_MODEL=claude-3-sonnet
# 或使用 Google
GOOGLE_API_KEY=your_google_api_key_here
GOOSE_PROVIDER=google
GOOSE_MODEL=gemini-pro
```
3. 构建 Docker 镜像:
```bash
docker compose build
```
4. 运行 goose
```bash
docker compose run --rm goose
```
## 使用示例
### 交互式会话
启动与 goose 的交互式会话:
```bash
docker compose run --rm goose session start
```
### 执行任务
运行特定任务或查询:
```bash
docker compose run --rm goose run "解释 app.py 中的主函数"
```
### 获取帮助
查看可用命令:
```bash
docker compose run --rm goose --help
```
## 配置说明
### 环境变量
| 变量 | 说明 | 默认值 |
| -------------------- | -------------------------------------- | -------- |
| `GOOSE_VERSION` | goose Docker 镜像版本 | `1.18.0` |
| `TZ` | 容器时区 | `UTC` |
| `GOOSE_PROVIDER` | AI 提供商openai、anthropic、google | `openai` |
| `GOOSE_MODEL` | 使用的 AI 模型 | `gpt-4` |
| `OPENAI_API_KEY` | OpenAI API 密钥 | - |
| `OPENAI_API_BASE` | 自定义 OpenAI API 基础 URL | - |
| `ANTHROPIC_API_KEY` | Anthropic API 密钥 | - |
| `GOOGLE_API_KEY` | Google API 密钥 | - |
| `GOOSE_CPU_LIMIT` | CPU 限制 | `2.00` |
| `GOOSE_MEMORY_LIMIT` | 内存限制 | `2G` |
### 使用您的项目
挂载您的项目目录以使用您的代码:
```bash
docker compose run --rm -v $(pwd):/workspace goose
```
或将其添加到 `docker-compose.yaml` 的 volumes 部分:
```yaml
volumes:
- ./your-project:/workspace
- goose_config:/home/goose/.config/goose
```
## 持久化配置
配置和会话数据存储在命名卷中:
- `goose_config`:用户配置和偏好设置
- `goose_workspace`:工作区文件和项目数据
重置配置:
```bash
docker compose down -v
```
## 资源限制
默认资源分配:
- **CPU 限制**2.00 核心
- **CPU 预留**0.50 核心
- **内存限制**2G
- **内存预留**512M
根据您的系统能力在 `.env` 中调整这些值。
## 安全注意事项
1. **API 密钥**:切勿将包含 API 密钥的 `.env` 文件提交到版本控制系统
2. **工作区访问**goose 可以访问挂载的工作区目录中的文件
3. **网络**:默认情况下容器不暴露端口
4. **用户权限**:以非 root 用户UID 1000运行以增强安全性
## 支持的 AI 模型
### OpenAI
- `gpt-4`(推荐)
- `gpt-4-turbo`
- `gpt-3.5-turbo`
### Anthropic
- `claude-3-opus`
- `claude-3-sonnet`(推荐)
- `claude-3-haiku`
### Google
- `gemini-pro`
## 故障排查
### API 认证错误
确保您的 API 密钥在 `.env` 中正确设置,并与您选择的提供商匹配。
### 内存不足
如果遇到内存问题,请在 `.env` 中增加 `GOOSE_MEMORY_LIMIT`。
### 构建失败
初始构建可能需要 15-30 分钟,因为它从源代码编译 goose。请确保您有稳定的互联网连接。
## 参考资料
- [官方 GitHub 仓库](https://github.com/block/goose)
- [文档](https://block.github.io/goose/)
- [贡献指南](https://github.com/block/goose/blob/main/CONTRIBUTING.md)
## 许可证
goose 在 Apache-2.0 许可证下发布。详情请参阅[官方仓库](https://github.com/block/goose)。
此 Docker Compose 配置按原样提供以方便使用,并遵循项目的许可条款。

54
builds/goose/docker-compose.yaml Normal file
View File

@@ -0,0 +1,54 @@
# Docker Compose Configuration for goose
# AI-powered developer agent by Block
# https://github.com/block/goose
x-defaults: &defaults
restart: unless-stopped
logging:
driver: json-file
options:
max-size: ${GOOSE_LOG_MAX_SIZE:-100m}
max-file: "${GOOSE_LOG_MAX_FILE:-3}"
services:
goose:
<<: *defaults
build:
context: .
dockerfile: Dockerfile
platforms:
- linux/amd64
- linux/arm64
args:
- GOOSE_VERSION=${GOOSE_VERSION:-1.18.0}
image: ${GLOBAL_REGISTRY:-}alexsuntop/goose:${GOOSE_VERSION:-1.18.0}
environment:
- TZ=${TZ:-UTC}
# OpenAI Configuration
- OPENAI_API_KEY=${OPENAI_API_KEY:-}
- OPENAI_API_BASE=${OPENAI_API_BASE:-}
# Anthropic Configuration
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
# Google Configuration
- GOOGLE_API_KEY=${GOOGLE_API_KEY:-}
# Additional environment variables
- GOOSE_PROVIDER=${GOOSE_PROVIDER:-openai}
- GOOSE_MODEL=${GOOSE_MODEL:-gpt-4}
volumes:
- goose_config:/home/goose/.config/goose
- goose_workspace:/workspace
working_dir: /workspace
stdin_open: true
tty: true
deploy:
resources:
limits:
cpus: ${GOOSE_CPU_LIMIT:-2.00}
memory: ${GOOSE_MEMORY_LIMIT:-2G}
reservations:
cpus: ${GOOSE_CPU_RESERVATION:-0.50}
memory: ${GOOSE_MEMORY_RESERVATION:-512M}
volumes:
goose_config:
goose_workspace:

31
src/frpc/.env.example
View File

@@ -1,7 +1,28 @@
# FRP Client Version
FRPC_VERSION=0.64.0
# Global registry prefix for pulling images (optional)
# GLOBAL_REGISTRY=
# FRP server configuration
FRP_SERVER_ADDR=your.server.com
# Timezone setting (default: UTC)
TZ=UTC
# FRP Client Version
FRPC_VERSION=0.65.0
# FRP server connection settings
FRP_SERVER_ADDR=127.0.0.1
FRP_SERVER_PORT=7000
FRP_SERVER_TOKEN=your_token_here
FRP_SERVER_TOKEN=server_token
# Local application host (use host.docker.internal to access host machine)
FRP_APP_HOST=127.0.0.1
# Admin dashboard configuration
FRP_ADMIN_ADDR=0.0.0.0
FRP_ADMIN_PORT=7400
FRP_ADMIN_USER=admin
FRP_ADMIN_PASSWORD=password
# Resource limits
FRPC_CPU_LIMIT=0.5
FRPC_MEMORY_LIMIT=128M
FRPC_CPU_RESERVATION=0.1
FRPC_MEMORY_RESERVATION=64M

201
src/frpc/README.md
View File

@@ -1,12 +1,40 @@
# FRPC (Intranet Penetration Client)
# FRPC (FRP Client)
[English](./README.md) | [中文](./README.zh.md)
This is an FRPC (Intranet Penetration Client) service.
FRPC is a fast reverse proxy client that connects to an FRP server to expose local services to the internet. This is the client component of the FRP (Fast Reverse Proxy) tool.
## Example
## Quick Start
Taking SSH service penetration as an example, create a new `frpc.toml` configuration file with the following content:
1. Create a `.env` file from `.env.example`:
```bash
cp .env.example .env
```
2. Edit the `.env` file and configure the FRP server connection:
```properties
FRP_SERVER_ADDR=your.frp.server.com
FRP_SERVER_PORT=7000
FRP_SERVER_TOKEN=your_server_token
```
3. Create a `frpc.toml` configuration file with your proxy rules (see example below).
4. Start the service:
```bash
docker compose up -d
```
## Configuration File
The client requires a `frpc.toml` file to define proxy rules. Here are some common examples:
### Example 1: SSH Service Proxy
Expose a local SSH service to the internet:
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
@@ -14,38 +42,165 @@ serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[[proxies]]
name = "app_22"
name = "ssh"
type = "tcp"
remotePort = 23922
localIP = "192.168.10.100"
remotePort = 6000
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 22
```
Configure the remote FRPS service address in the `.env` file:
This configuration will:
```properties
FRP_SERVER_ADDR=frps.example.com
FRP_SERVER_PORT=9870
FRP_SERVER_TOKEN=password
- Connect to the FRP server at `FRP_SERVER_ADDR:FRP_SERVER_PORT`
- Expose local SSH (port 22) through the server's port 6000
- Access the service via `FRP_SERVER_ADDR:6000`
### Example 2: Web Service Proxy
Expose a local web application:
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[[proxies]]
name = "web"
type = "http"
customDomains = ["your-domain.com"]
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 8080
```
Start the service to proxy `192.168.10.100:22` to `FRP_SERVER_ADDR:23922`.
### Example 3: Multiple Services
```bash
docker compose up -d
Proxy multiple services simultaneously:
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[[proxies]]
name = "ssh"
type = "tcp"
remotePort = 6000
localIP = "192.168.1.100"
localPort = 22
[[proxies]]
name = "web"
type = "tcp"
remotePort = 8080
localIP = "192.168.1.101"
localPort = 80
```
## Services
### Example 4: Admin Dashboard
- `frpc`: The FRPC client service.
Enable the admin dashboard to monitor the client:
## Configuration
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
- `FRPC_VERSION`: The version of the FRPC image, default is `0.64.0`.
- `FRP_SERVER_ADDR`: The remote FRPS server address.
- `FRP_SERVER_PORT`: The remote FRPS server port.
- `FRP_SERVER_TOKEN`: The token for connecting to FRPS.
webServer.addr = "{{ .Envs.FRP_ADMIN_ADDR }}"
webServer.port = {{ .Envs.FRP_ADMIN_PORT }}
webServer.user = "{{ .Envs.FRP_ADMIN_USER }}"
webServer.password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"
[[proxies]]
name = "app"
type = "tcp"
remotePort = 9000
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 3000
```
Access the admin dashboard at `http://localhost:7400` (default).
## Environment Variables
### Image Configuration
- `GLOBAL_REGISTRY`: Optional global registry prefix for pulling images
- `FRPC_VERSION`: FRPC image version (default: `0.65.0`)
- `TZ`: Timezone setting (default: `UTC`)
### Server Connection
- `FRP_SERVER_ADDR`: FRP server address (**required**, e.g., `frp.example.com` or `192.168.1.1`)
- `FRP_SERVER_PORT`: FRP server port (default: `7000`)
- `FRP_SERVER_TOKEN`: Authentication token for connecting to the server (**must match server token**)
### Local Application
- `FRP_APP_HOST`: Local application host address (default: `127.0.0.1`)
- Use `host.docker.internal` to access services running on the host machine
- Use specific IP addresses for services on your local network
### Admin Dashboard (Optional)
- `FRP_ADMIN_ADDR`: Admin dashboard bind address (default: `0.0.0.0`)
- `FRP_ADMIN_PORT`: Admin dashboard port (default: `7400`)
- `FRP_ADMIN_USER`: Admin dashboard username (default: `admin`)
- `FRP_ADMIN_PASSWORD`: Admin dashboard password (default: `password`)
### Resource Limits
- `FRPC_CPU_LIMIT`: CPU limit (default: `0.5`)
- `FRPC_MEMORY_LIMIT`: Memory limit (default: `128M`)
- `FRPC_CPU_RESERVATION`: CPU reservation (default: `0.1`)
- `FRPC_MEMORY_RESERVATION`: Memory reservation (default: `64M`)
## Volumes
- `frpc.toml`: The configuration file for FRPC.
- `./frpc.toml:/etc/frp/frpc.toml`: FRPC configuration file
## Accessing Host Services
To access services running on your host machine from within the container, use `host.docker.internal`:
```properties
FRP_APP_HOST=host.docker.internal
```
Then in your `frpc.toml`:
```toml
[[proxies]]
name = "local-service"
type = "tcp"
remotePort = 8080
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 3000
```
This will expose your host's port 3000 through the FRP server's port 8080.
## Security Notes
1. **Secure your token**: Keep your `FRP_SERVER_TOKEN` secret and use a strong, random value
2. **Limit exposure**: Only expose the services you actually need
3. **Use encryption**: Consider using HTTPS/TLS for sensitive services
4. **Monitor access**: Enable the admin dashboard to monitor active connections
## Troubleshooting
### Cannot connect to FRP server
- Verify `FRP_SERVER_ADDR` and `FRP_SERVER_PORT` are correct
- Ensure the FRP server is running and accessible
- Check that `FRP_SERVER_TOKEN` matches the server configuration
### Cannot access local service
- Verify `FRP_APP_HOST` is correct
- For host services, ensure you're using `host.docker.internal`
- For network services, ensure the IP address and port are correct
- Check firewall rules on both client and server sides
## License
FRP is licensed under the Apache License 2.0. See the [FRP GitHub repository](https://github.com/fatedier/frp) for more details.

201
src/frpc/README.zh.md
View File

@@ -1,12 +1,40 @@
# FRPC (内网穿透客户端)
# FRPCFRP 客户端
[English](./README.md) | [中文](./README.zh.md)
这是一个 FRPC内网穿透客户端服务
FRPC 是一个快速反向代理客户端,连接到 FRP 服务器以将本地服务暴露到互联网。这是 FRPFast Reverse Proxy工具的客户端组件
## 示例
## 快速开始
以 SSH 服务穿透为例,新建 `frpc.toml` 配置文件,内容如下
1.`.env.example` 创建 `.env` 文件
```bash
cp .env.example .env
```
2. 编辑 `.env` 文件并配置 FRP 服务器连接:
```properties
FRP_SERVER_ADDR=your.frp.server.com
FRP_SERVER_PORT=7000
FRP_SERVER_TOKEN=your_server_token
```
3. 创建包含代理规则的 `frpc.toml` 配置文件(参见下面的示例)。
4. 启动服务:
```bash
docker compose up -d
```
## 配置文件
客户端需要一个 `frpc.toml` 文件来定义代理规则。以下是一些常见示例:
### 示例 1SSH 服务代理
将本地 SSH 服务暴露到互联网:
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
@@ -14,38 +42,165 @@ serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[[proxies]]
name = "app_22"
name = "ssh"
type = "tcp"
remotePort = 23922
localIP = "192.168.10.100"
remotePort = 6000
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 22
```
配置远程 FRPS 服务地址到 `.env` 文件中
此配置将
```properties
FRP_SERVER_ADDR=frps.example.com
FRP_SERVER_PORT=9870
FRP_SERVER_TOKEN=password
- 连接到 `FRP_SERVER_ADDR:FRP_SERVER_PORT` 的 FRP 服务器
- 通过服务器的 6000 端口暴露本地 SSH22 端口)
- 通过 `FRP_SERVER_ADDR:6000` 访问服务
### 示例 2Web 服务代理
暴露本地 Web 应用程序:
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[[proxies]]
name = "web"
type = "http"
customDomains = ["your-domain.com"]
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 8080
```
启动服务,即可代理 `192.168.10.100:22``FRP_SERVER_ADDR:23922`
### 示例 3多个服务
```bash
docker compose up -d
同时代理多个服务:
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[[proxies]]
name = "ssh"
type = "tcp"
remotePort = 6000
localIP = "192.168.1.100"
localPort = 22
[[proxies]]
name = "web"
type = "tcp"
remotePort = 8080
localIP = "192.168.1.101"
localPort = 80
```
## 服务
### 示例 4管理面板
- `frpc`: FRPC 客户端服务。
启用管理面板以监控客户端:
## 配置
```toml
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
- `FRPC_VERSION`: FRPC 镜像的版本,默认为 `0.64.0`
- `FRP_SERVER_ADDR`: 远程 FRPS 服务器地址。
- `FRP_SERVER_PORT`: 远程 FRPS 服务器端口。
- `FRP_SERVER_TOKEN`: 用于连接 FRPS 的令牌。
webServer.addr = "{{ .Envs.FRP_ADMIN_ADDR }}"
webServer.port = {{ .Envs.FRP_ADMIN_PORT }}
webServer.user = "{{ .Envs.FRP_ADMIN_USER }}"
webServer.password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"
[[proxies]]
name = "app"
type = "tcp"
remotePort = 9000
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 3000
```
在 `http://localhost:7400`(默认)访问管理面板。
## 环境变量
### 镜像配置
- `GLOBAL_REGISTRY`:可选的全局镜像仓库前缀
- `FRPC_VERSION`FRPC 镜像版本(默认:`0.65.0`
- `TZ`:时区设置(默认:`UTC`
### 服务器连接
- `FRP_SERVER_ADDR`FRP 服务器地址(**必需**,例如 `frp.example.com` 或 `192.168.1.1`
- `FRP_SERVER_PORT`FRP 服务器端口(默认:`7000`
- `FRP_SERVER_TOKEN`:连接到服务器的认证令牌(**必须与服务器令牌匹配**
### 本地应用
- `FRP_APP_HOST`:本地应用主机地址(默认:`127.0.0.1`
- 使用 `host.docker.internal` 访问运行在主机上的服务
- 使用特定 IP 地址访问本地网络上的服务
### 管理面板(可选)
- `FRP_ADMIN_ADDR`:管理面板绑定地址(默认:`0.0.0.0`
- `FRP_ADMIN_PORT`:管理面板端口(默认:`7400`
- `FRP_ADMIN_USER`:管理面板用户名(默认:`admin`
- `FRP_ADMIN_PASSWORD`:管理面板密码(默认:`password`
### 资源限制
- `FRPC_CPU_LIMIT`CPU 限制(默认:`0.5`
- `FRPC_MEMORY_LIMIT`:内存限制(默认:`128M`
- `FRPC_CPU_RESERVATION`CPU 预留(默认:`0.1`
- `FRPC_MEMORY_RESERVATION`:内存预留(默认:`64M`
## 卷
- `frpc.toml`: FRPC 配置文件
- `./frpc.toml:/etc/frp/frpc.toml`FRPC 配置文件
## 访问主机服务
要从容器内访问运行在主机上的服务,请使用 `host.docker.internal`
```properties
FRP_APP_HOST=host.docker.internal
```
然后在 `frpc.toml` 中:
```toml
[[proxies]]
name = "local-service"
type = "tcp"
remotePort = 8080
localIP = "{{ .Envs.FRP_APP_HOST }}"
localPort = 3000
```
这将通过 FRP 服务器的 8080 端口暴露主机的 3000 端口。
## 安全注意事项
1. **保护令牌安全**:保持 `FRP_SERVER_TOKEN` 机密并使用强随机值
2. **限制暴露**:只暴露实际需要的服务
3. **使用加密**:对于敏感服务考虑使用 HTTPS/TLS
4. **监控访问**:启用管理面板以监控活动连接
## 故障排除
### 无法连接到 FRP 服务器
- 验证 `FRP_SERVER_ADDR` 和 `FRP_SERVER_PORT` 是否正确
- 确保 FRP 服务器正在运行且可访问
- 检查 `FRP_SERVER_TOKEN` 是否与服务器配置匹配
### 无法访问本地服务
- 验证 `FRP_APP_HOST` 是否正确
- 对于主机服务,确保使用 `host.docker.internal`
- 对于网络服务,确保 IP 地址和端口正确
- 检查客户端和服务器端的防火墙规则
## 许可证
FRP 采用 Apache License 2.0 许可证。详情请参阅 [FRP GitHub 仓库](https://github.com/fatedier/frp)。

19
src/frpc/docker-compose.yaml
View File

@@ -9,14 +9,23 @@ x-defaults: &defaults
services:
frpc:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}snowdreamtech/frpc:${FRPC_VERSION:-0.64.0}
image: ${GLOBAL_REGISTRY:-}snowdreamtech/frpc:${FRPC_VERSION:-0.65.0}
ports:
- "${FRP_ADMIN_PORT:-7400}:${FRP_ADMIN_PORT:-7400}"
volumes:
- ./frpc.toml:/etc/frp/frpc.toml:ro
- ./frpc.toml:/etc/frp/frpc.toml
environment:
TZ: ${TZ:-UTC}
FRP_SERVER_ADDR: ${FRP_SERVER_ADDR}
FRP_SERVER_PORT: ${FRP_SERVER_PORT}
FRP_SERVER_TOKEN: ${FRP_SERVER_TOKEN}
FRP_SERVER_ADDR: ${FRP_SERVER_ADDR:-127.0.0.1}
FRP_SERVER_PORT: ${FRP_SERVER_PORT:-7000}
FRP_SERVER_TOKEN: ${FRP_SERVER_TOKEN:-server_token}
FRP_APP_HOST: ${FRP_APP_HOST:-127.0.0.1}
FRP_ADMIN_ADDR: ${FRP_ADMIN_ADDR:-0.0.0.0}
FRP_ADMIN_PORT: ${FRP_ADMIN_PORT:-7400}
FRP_ADMIN_USER: ${FRP_ADMIN_USER:-admin}
FRP_ADMIN_PASSWORD: ${FRP_ADMIN_PASSWORD:-password}
extra_hosts:
- "host.docker.internal:host-gateway"
deploy:
resources:
limits:

27
src/frpc/frpc.toml
View File

@@ -1,10 +1,21 @@
[common]
server_addr = {{ .Envs.FRP_SERVER_ADDR }}
server_port = {{ .Envs.FRP_SERVER_PORT }}
token = {{ .Envs.FRP_SERVER_TOKEN }}
serverAddr = "{{ .Envs.FRP_SERVER_ADDR }}"
serverPort = {{ .Envs.FRP_SERVER_PORT }}
[app]
[auth]
token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[transport]
protocol = "kcp"
[webServer]
addr = "{{ .Envs.FRP_ADMIN_ADDR }}"
port = {{ .Envs.FRP_ADMIN_PORT }}
user = "{{ .Envs.FRP_ADMIN_USER }}"
password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"
[[proxies]]
name = "ssh"
type = "tcp"
remote_port = 22
local_ip = {{ .Envs.APP_HOST }}
local_port = 22
localPort = 22
remotePort = 22
localIp = "{{ .Envs.FRP_APP_HOST }}"

36
src/frps/.env.example
View File

@@ -1,15 +1,31 @@
# Global registry prefix for pulling images (optional)
# GLOBAL_REGISTRY=
# Timezone setting (default: UTC)
TZ=UTC
# FRP Server Version
FRPS_VERSION=0.64.0
FRPS_VERSION=0.65.0
# FRP server configuration
FRP_SERVER_TOKEN=your_token_here
FRP_SERVER_PORT=9870
FRP_ADMIN_PORT=7890
# Authentication settings
FRP_AUTH_METHOD=token
FRP_SERVER_TOKEN=server_token
# Admin credentials
# Server port configuration
FRP_SERVER_PORT=7000
# Admin dashboard configuration
FRP_ADMIN_ADDR=0.0.0.0
FRP_ADMIN_PORT=7500
FRP_ADMIN_USER=admin
FRP_ADMIN_PASS=password
FRP_ADMIN_PASSWORD=password
# Port overrides
FRP_PORT_OVERRIDE_SERVER=9870
FRP_PORT_OVERRIDE_ADMIN=7890
# Port overrides (host ports to map to container ports)
FRP_PORT_OVERRIDE_SERVER=7000
FRP_PORT_OVERRIDE_ADMIN=7500
# Resource limits
FRPS_CPU_LIMIT=0.5
FRPS_MEMORY_LIMIT=128M
FRPS_CPU_RESERVATION=0.1
FRPS_MEMORY_RESERVATION=64M

121
src/frps/README.md
View File

@@ -1,34 +1,63 @@
# FRPS (Intranet Penetration Server)
# FRPS (FRP Server)
[English](./README.md) | [中文](./README.zh.md)
This is an FRPS (Intranet Penetration Server) service.
FRPS is a fast reverse proxy server that helps expose local servers behind NAT and firewalls to the internet. This is the server component of the FRP (Fast Reverse Proxy) tool.
## Example
## Quick Start
Create a new `frps.toml` configuration file with the following content:
1. Create a `.env` file from `.env.example`:
```bash
cp .env.example .env
```
2. Edit the `.env` file and configure authentication credentials:
```properties
FRP_SERVER_TOKEN=your_secure_token_here
FRP_ADMIN_USER=your_admin_username
FRP_ADMIN_PASSWORD=your_secure_password
```
3. Create a `frps.toml` configuration file or use the provided template.
4. Start the service:
```bash
docker compose up -d
```
The server will be accessible on:
- FRP server port: `7000` (default)
- Admin dashboard: `http://localhost:7500` (default)
## Configuration File
Example `frps.toml`:
```toml
bindPort = {{ .Envs.FRP_SERVER_PORT }}
auth.method = "{{ .Envs.FRP_AUTH_METHOD }}"
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
webServer.addr = "0.0.0.0"
webServer.addr = "{{ .Envs.FRP_ADMIN_ADDR }}"
webServer.port = {{ .Envs.FRP_ADMIN_PORT }}
webServer.user = "{{ .Envs.FRP_ADMIN_USER }}"
webServer.password = "{{ .Envs.FRP_ADMIN_PASS }}"
webServer.password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"
```
Configure secrets and other information in the `.env` file:
## Network Modes
```properties
FRP_SERVER_TOKEN=token
FRP_ADMIN_USER=admin
FRP_ADMIN_PASS=password
```
### Standard Mode (Default)
Start the service to proxy client requests. Note that you need to map the client's port. You can share the service through HOST network or shared network.
Uses port mapping as configured in `docker-compose.yaml`.
To enable HOST mode, use the following method:
### Host Network Mode
For better performance and access to all ports, use host network mode:
```yaml
services:
@@ -37,21 +66,61 @@ services:
network_mode: host
```
## Services
**Note**: When using host network mode, the `ports` section is ignored and the service directly uses host ports.
- `frps`: The FRPS server service.
## Environment Variables
## Configuration
### Image Configuration
- `FRPS_VERSION`: The version of the FRPS image, default is `0.64.0`.
- `FRP_SERVER_PORT`: The port for the FRPS server, default is `9870`.
- `FRP_ADMIN_PORT`: The port for the FRPS admin dashboard, default is `7890`.
- `FRP_PORT_OVERRIDE_SERVER`: The host port to map to the FRPS server port.
- `FRP_PORT_OVERRIDE_ADMIN`: The host port to map to the FRPS admin port.
- `FRP_SERVER_TOKEN`: The token for authenticating clients.
- `FRP_ADMIN_USER`: The username for the admin dashboard, default is `admin`.
- `FRP_ADMIN_PASS`: The password for the admin dashboard, default is `password`.
- `GLOBAL_REGISTRY`: Optional global registry prefix for pulling images
- `FRPS_VERSION`: FRPS image version (default: `0.65.0`)
- `TZ`: Timezone setting (default: `UTC`)
### Server Configuration
- `FRP_AUTH_METHOD`: Authentication method (default: `token`)
- `FRP_SERVER_TOKEN`: Token for client authentication (**change this for security**)
- `FRP_SERVER_PORT`: FRP server port (default: `7000`)
### Admin Dashboard
- `FRP_ADMIN_ADDR`: Admin dashboard bind address (default: `0.0.0.0`)
- `FRP_ADMIN_PORT`: Admin dashboard port (default: `7500`)
- `FRP_ADMIN_USER`: Admin dashboard username (default: `admin`)
- `FRP_ADMIN_PASSWORD`: Admin dashboard password (**change this for security**)
### Port Overrides
- `FRP_PORT_OVERRIDE_SERVER`: Host port to map to FRP server port (default: `7000`)
- `FRP_PORT_OVERRIDE_ADMIN`: Host port to map to admin dashboard (default: `7500`)
### Resource Limits
- `FRPS_CPU_LIMIT`: CPU limit (default: `0.5`)
- `FRPS_MEMORY_LIMIT`: Memory limit (default: `128M`)
- `FRPS_CPU_RESERVATION`: CPU reservation (default: `0.1`)
- `FRPS_MEMORY_RESERVATION`: Memory reservation (default: `64M`)
## Volumes
- `frps.toml`: The configuration file for FRPS.
- `./frps.toml:/etc/frp/frps.toml`: FRPS configuration file
## Security Notes
1. **Change default credentials**: Always change `FRP_SERVER_TOKEN`, `FRP_ADMIN_USER`, and `FRP_ADMIN_PASSWORD` from their default values
2. **Use strong passwords**: Use complex, randomly generated passwords and tokens
3. **Firewall rules**: Consider limiting access to the admin dashboard to trusted IP addresses
4. **TLS/SSL**: For production use, consider setting up TLS encryption in the FRP configuration
## Health Check
The service includes a health check that verifies the admin dashboard is accessible. The health check:
- Runs every 30 seconds
- Has a 10-second timeout
- Retries up to 3 times
- Waits 10 seconds before the first check after startup
## License
FRP is licensed under the Apache License 2.0. See the [FRP GitHub repository](https://github.com/fatedier/frp) for more details.

121
src/frps/README.zh.md
View File

@@ -1,34 +1,63 @@
# FRPS (内网穿透服务端)
# FRPSFRP 服务端
[English](./README.md) | [中文](./README.zh.md)
这是一个 FRPS内网穿透服务端服务
FRPS 是一个快速反向代理服务器,可以帮助将 NAT 和防火墙后面的本地服务器暴露到互联网。这是 FRPFast Reverse Proxy工具的服务端组件
## 示例
## 快速开始
新建 `frps.toml` 配置文件,内容如下
1.`.env.example` 创建 `.env` 文件
```bash
cp .env.example .env
```
2. 编辑 `.env` 文件并配置认证凭据:
```properties
FRP_SERVER_TOKEN=your_secure_token_here
FRP_ADMIN_USER=your_admin_username
FRP_ADMIN_PASSWORD=your_secure_password
```
3. 创建 `frps.toml` 配置文件或使用提供的模板。
4. 启动服务:
```bash
docker compose up -d
```
服务将在以下位置可访问:
- FRP 服务端口:`7000`(默认)
- 管理面板:`http://localhost:7500`(默认)
## 配置文件
示例 `frps.toml`
```toml
bindPort = {{ .Envs.FRP_SERVER_PORT }}
auth.method = "{{ .Envs.FRP_AUTH_METHOD }}"
auth.token = "{{ .Envs.FRP_SERVER_TOKEN }}"
webServer.addr = "0.0.0.0"
webServer.addr = "{{ .Envs.FRP_ADMIN_ADDR }}"
webServer.port = {{ .Envs.FRP_ADMIN_PORT }}
webServer.user = "{{ .Envs.FRP_ADMIN_USER }}"
webServer.password = "{{ .Envs.FRP_ADMIN_PASS }}"
webServer.password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"
```
配置密钥等信息到 `.env` 文件中:
## 网络模式
```properties
FRP_SERVER_TOKEN=token
FRP_ADMIN_USER=admin
FRP_ADMIN_PASS=password
```
### 标准模式(默认)
启动服务,即可代理客户端请求,注意需要将客户端的端口映射出来。可以通过 HOST 网络或共享网络的方式共享服务
使用 `docker-compose.yaml` 中配置的端口映射
使用如下方法启用 HOST 模式
### Host 网络模式
为了获得更好的性能和访问所有端口,可以使用 host 网络模式:
```yaml
services:
@@ -37,21 +66,61 @@ services:
network_mode: host
```
## 服务
**注意**:使用 host 网络模式时,`ports` 部分将被忽略,服务直接使用主机端口。
- `frps`: FRPS 服务端服务。
## 环境变量
## 配置
### 镜像配置
- `FRPS_VERSION`: FRPS 镜像的版本,默认为 `0.64.0`
- `FRP_SERVER_PORT`: FRPS 服务端口,默认为 `9870`
- `FRP_ADMIN_PORT`: FRPS 管理面板端口,默认为 `7890`
- `FRP_PORT_OVERRIDE_SERVER`: 映射到 FRPS 服务端口的主机端口。
- `FRP_PORT_OVERRIDE_ADMIN`: 映射到 FRPS 管理面板端口的主机端口。
- `FRP_SERVER_TOKEN`: 用于认证客户端的令牌。
- `FRP_ADMIN_USER`: 管理面板的用户名,默认为 `admin`
- `FRP_ADMIN_PASS`: 管理面板的密码,默认为 `password`
- `GLOBAL_REGISTRY`:可选的全局镜像仓库前缀
- `FRPS_VERSION`FRPS 镜像版本(默认:`0.65.0`
- `TZ`:时区设置(默认:`UTC`
### 服务器配置
- `FRP_AUTH_METHOD`:认证方法(默认:`token`
- `FRP_SERVER_TOKEN`:客户端认证令牌(**请修改以确保安全**
- `FRP_SERVER_PORT`FRP 服务端口(默认:`7000`
### 管理面板
- `FRP_ADMIN_ADDR`:管理面板绑定地址(默认:`0.0.0.0`
- `FRP_ADMIN_PORT`:管理面板端口(默认:`7500`
- `FRP_ADMIN_USER`:管理面板用户名(默认:`admin`
- `FRP_ADMIN_PASSWORD`:管理面板密码(**请修改以确保安全**
### 端口覆盖
- `FRP_PORT_OVERRIDE_SERVER`:映射到 FRP 服务端口的主机端口(默认:`7000`
- `FRP_PORT_OVERRIDE_ADMIN`:映射到管理面板的主机端口(默认:`7500`
### 资源限制
- `FRPS_CPU_LIMIT`CPU 限制(默认:`0.5`
- `FRPS_MEMORY_LIMIT`:内存限制(默认:`128M`
- `FRPS_CPU_RESERVATION`CPU 预留(默认:`0.1`
- `FRPS_MEMORY_RESERVATION`:内存预留(默认:`64M`
## 卷
- `frps.toml`: FRPS 配置文件
- `./frps.toml:/etc/frp/frps.toml`FRPS 配置文件
## 安全注意事项
1. **修改默认凭据**:务必修改 `FRP_SERVER_TOKEN`、`FRP_ADMIN_USER` 和 `FRP_ADMIN_PASSWORD` 的默认值
2. **使用强密码**:使用复杂的随机生成的密码和令牌
3. **防火墙规则**:考虑将管理面板的访问限制在受信任的 IP 地址
4. **TLS/SSL**:在生产环境中,考虑在 FRP 配置中设置 TLS 加密
## 健康检查
服务包含一个健康检查,用于验证管理面板是否可访问。健康检查:
- 每 30 秒运行一次
- 超时时间为 10 秒
- 最多重试 3 次
- 启动后等待 10 秒再进行第一次检查
## 许可证
FRP 采用 Apache License 2.0 许可证。详情请参阅 [FRP GitHub 仓库](https://github.com/fatedier/frp)。

23
src/frps/docker-compose.yaml
View File

@@ -9,19 +9,24 @@ x-defaults: &defaults
services:
frps:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}snowdreamtech/frps:${FRPS_VERSION:-0.64.0}
image: ${GLOBAL_REGISTRY:-}snowdreamtech/frps:${FRPS_VERSION:-0.65.0}
volumes:
- ./frps.toml:/etc/frp/frps.toml:ro
- ./frps.toml:/etc/frp/frps.toml
ports:
- ${FRP_PORT_OVERRIDE_SERVER:-9870}:${FRP_SERVER_PORT:-9870}
- ${FRP_PORT_OVERRIDE_ADMIN:-7890}:${FRP_ADMIN_PORT:-7890}
- ${FRP_PORT_OVERRIDE_SERVER:-7000}:${FRP_SERVER_PORT:-7000}/tcp
- ${FRP_PORT_OVERRIDE_SERVER:-7000}:${FRP_SERVER_PORT:-7000}/udp
- ${FRP_PORT_OVERRIDE_ADMIN:-7500}:${FRP_ADMIN_PORT:-7500}
environment:
TZ: ${TZ:-UTC}
FRP_SERVER_TOKEN: ${FRP_SERVER_TOKEN}
FRP_SERVER_PORT: ${FRP_SERVER_PORT:-9870}
FRP_ADMIN_PORT: ${FRP_ADMIN_PORT:-7890}
FRP_AUTH_METHOD: ${FRP_AUTH_METHOD:-token}
FRP_SERVER_TOKEN: ${FRP_SERVER_TOKEN:-server_token}
FRP_SERVER_PORT: ${FRP_SERVER_PORT:-7000}
FRP_ADMIN_ADDR: ${FRP_ADMIN_ADDR:-0.0.0.0}
FRP_ADMIN_PORT: ${FRP_ADMIN_PORT:-7500}
FRP_ADMIN_USER: ${FRP_ADMIN_USER:-admin}
FRP_ADMIN_PASS: ${FRP_ADMIN_PASS:-password}
FRP_ADMIN_PASSWORD: ${FRP_ADMIN_PASSWORD:-password}
extra_hosts:
- "host.docker.internal:host-gateway"
deploy:
resources:
limits:
@@ -31,7 +36,7 @@ services:
cpus: ${FRPS_CPU_RESERVATION:-0.1}
memory: ${FRPS_MEMORY_RESERVATION:-64M}
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:${FRP_ADMIN_PORT:-7890}/"]
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:${FRP_ADMIN_PORT:-7500}/"]
interval: 30s
timeout: 10s
retries: 3

21
src/frps/frps.toml
View File

@@ -1,8 +1,15 @@
[common]
bind_port = {{ .Envs.FRP_SERVER_PORT }}
token = {{ .Envs.FRP_SERVER_TOKEN }}
bindPort = {{ .Envs.FRP_SERVER_PORT }}
kcpBindPort = {{ .Envs.FRP_SERVER_PORT }}
dashboard_addr = 0.0.0.0
dashboard_port = {{ .Envs.FRP_ADMIN_PORT }}
dashboard_user = {{ .Envs.FRP_ADMIN_USER }}
dashboard_pwd = {{ .Envs.FRP_ADMIN_PASS }}
[auth]
method = "{{ .Envs.FRP_AUTH_METHOD }}"
token = "{{ .Envs.FRP_SERVER_TOKEN }}"
[transport]
maxPoolCount = 20
[webServer]
addr = "{{ .Envs.FRP_ADMIN_ADDR }}"
port = {{ .Envs.FRP_ADMIN_PORT }}
user = "{{ .Envs.FRP_ADMIN_USER }}"
password = "{{ .Envs.FRP_ADMIN_PASSWORD }}"