docs: update docs and sponsor

README.md

@@ -37,7 +37,7 @@ If FRP-Panel brings you value, consider sponsoring the author:
 
 - Email: me@vaala.cat
 
-Sponsored by [NodeSupport](https://github.com/NodeSeekDev/NodeSupport) / [DartNode](https://dartnode.com)
+Sponsored by [NodeSupport](https://github.com/NodeSeekDev/NodeSupport) / [DartNode](https://dartnode.com) / [DK Cloud](https://www.dkdun.cn)
 
 <div align="left">
   <a href="https://yxvm.com/">
@@ -47,6 +47,11 @@ Sponsored by [NodeSupport](https://github.com/NodeSeekDev/NodeSupport) / [DartNo
   <a href="https://dartnode.com">
     <img src="https://dartnode.com/branding/DN-Open-Source-sm.png" width="300"/>
   </a>
+</div>
+  <div align="left">
+  <a href="https://www.dkdun.cn">
+    <img src="https://www.dkdun.cn/themes/web/www/upload/local68c2dbb2ab148.png" width="300"/>
+  </a>
 </div>
 </div>
 

README_zh.md

@@ -36,13 +36,18 @@ FRP-Panel 是一款基于 FRP 的可视化管理面板，提供中心化配置
 
 -  邮箱：me@vaala.cat
 
-[NodeSupport](https://github.com/NodeSeekDev/NodeSupport) 赞助了该项目
+[NodeSupport](https://github.com/NodeSeekDev/NodeSupport) / [林枫云](https://www.dkdun.cn) 赞助了该项目
 
 <div align="left">
   <a href="https://yxvm.com/">
     <img src="https://github.com/user-attachments/assets/0bd7087a-7994-4caf-a465-a428af19c5aa" width="300" />
   </a>
 </div>
+<div align="left">
+  <a href="https://www.dkdun.cn">
+    <img src="https://www.dkdun.cn/themes/web/www/upload/local68c2dbb2ab148.png" width="300" />
+  </a>
+</div>
 
 ## 项目状态
 

docs/deploy-master.md

@@ -27,7 +27,7 @@ RPC 端口也可以处理自签名 HTTPS 的 API 连接
 
 二者都可使用反向代理服务器连接并提供TLS
 
-如果你想要使用安全的方式，请参考下图设置环境变量「`CLIENT_RPC_URL`和`CLIENT_API_URL`」。
+如果你想要使用安全的方式（反向代理），请参考下图设置环境变量「`CLIENT_RPC_URL`和`CLIENT_API_URL`」。
 
 注意⚠️：请首先使用普通部署的方式部署成功！然后再来调整这两个变量！！！！
 
@@ -66,12 +66,16 @@ services:
     image: vaalacat/frp-panel:latest
     network_mode: host
     environment:
-      APP_GLOBAL_SECRET: your_secret
-      MASTER_RPC_HOST: 1.2.3.4 #服务器的外部IP或域名
-      MASTER_RPC_PORT: 9001
-      MASTER_API_HOST: 1.2.3.4 #服务器的外部IP或域名
-      MASTER_API_PORT: 9000
-      MASTER_API_SCHEME: http
+      APP_GLOBAL_SECRET: your_secret # 随便输入一些随机字符，不要泄露
+      MASTER_RPC_HOST: 1.2.3.4 # 服务器的外部IP或域名
+      MASTER_RPC_PORT: 9001 # RPC 监听端口
+      MASTER_API_HOST: 1.2.3.4 # 服务器的外部IP或域名
+      MASTER_API_PORT: 9000 # API/WebUI监听端口
+      # CLIENT_RPC_URL和CLIENT_API_URL请根据实际情况设置，设置为外部可以通过url访问到master的形式
+      # Client 连接 master RPC 的 URL，如果使用反向代理，请设置为通过反向代理访问的 URL（如wss://example.com:443）
+      CLIENT_RPC_URL: grpc://1.2.3.4:9001）
+      # Client 连接 master API/WebUI 的 URL，如果使用反向代理，请设置为通过反向代理访问的 URL（如https://example.com:443）
+      CLIENT_API_URL: http://1.2.3.4:9000
     volumes:
       - ./data:/data # 数据存储位置
     restart: unless-stopped
@@ -84,14 +88,21 @@ services:
 
 ```bash
 # 推荐
-# MASTER_RPC_HOST要改成你服务器的外部IP
+# MASTER_RPC_HOST等0.0.0.0要改成你服务器的外部IP
 # APP_GLOBAL_SECRET注意不要泄漏，客户端和服务端的是通过Master生成的
+# CLIENT_RPC_URL和CLIENT_API_URL请根据实际情况设置
+# 如果使用反向代理，请设置为通过反向代理访问的 URL，也就是外部如何访问master
+# 如 443端口代理example.com到9000端口
+# CLIENT_RPC_URL=wss://example.com:443
+# CLIENT_API_URL=https://example.com:443
 docker run -d \
 	--network=host \
 	--restart=unless-stopped \
 	-v /opt/frp-panel:/data \
 	-e APP_GLOBAL_SECRET=your_secret \
 	-e MASTER_RPC_HOST=0.0.0.0 \
+	-e CLIENT_RPC_URL=grpc://0.0.0.0:9001 \
+	-e CLIENT_API_URL=http://0.0.0.0:9000 \
 	vaalacat/frp-panel
 ```
 
@@ -100,6 +111,8 @@ docker run -d \
 ```bash
 # 或者
 # 运行时记得删除命令中的中文
+# CLIENT_RPC_URL和CLIENT_API_URL请根据实际情况设置，设置为外部可以通过url访问到master的形式
+# 如果使用反向代理，请设置为通过反向代理访问的 URL，也就是外部如何访问master
 docker run -d -p 9000:9000 \ # API控制台端口
 	-p 9001:9001 \ # rpc端口
 	-p 7000:7000 \ # frps 端口
@@ -108,6 +121,8 @@ docker run -d -p 9000:9000 \ # API控制台端口
 	-v /opt/frp-panel:/data \ # 数据存储位置
 	-e APP_GLOBAL_SECRET=your_secret \ # Master的secret注意不要泄漏，客户端和服务端的是通过Master生成的
 	-e MASTER_RPC_HOST=0.0.0.0 \ # 这里要改成你服务器的外部IP
+	-e CLIENT_RPC_URL=grpc://0.0.0.0:9001 \
+	-e CLIENT_API_URL=http://0.0.0.0:9000 \
 	vaalacat/frp-panel
 ```
 
@@ -136,27 +151,27 @@ services:
     command:
       - --entryPoints.web.address=:80
       - --entryPoints.websecure.address=:443
-	  - --entryPoints.websecure.http2.maxConcurrentStreams=250
+      - --entryPoints.websecure.http2.maxConcurrentStreams=250
       - --providers.docker
       - --providers.docker.network=traefik
       - --api.insecure # 在生产环境请删除这一行
-	  # 这下面使用 80 端口做ACME HTTP DNS证书验证
+    # 这下面使用 80 端口做ACME HTTP DNS证书验证
       - --certificatesresolvers.le.acme.email=me@example.com
       - --certificatesresolvers.le.acme.storage=/etc/traefik/conf/acme.json
       - --certificatesresolvers.le.acme.httpchallenge=true
     ports:
       # 反向代理的 HTTP 端口
       - "80:80"
-	  # 反向代理的 HTTPS 端口
-	  - "443:443"
+      # 反向代理的 HTTPS 端口
+      - "443:443"
       # Traefik 的 Web UI (--api.insecure=true 会使用这个端口)
-	  # 生产环境请删除这个端口
+      # 生产环境请删除这个端口
       - "8080:8080"
     volumes:
       # 挂载 docker.sock，这样 Traefik 可以自动识别主机上所有 docker 容器反向代理配置
       - /var/run/docker.sock:/var/run/docker.sock
-	  # 保存 Traefik 申请的证书
-	  - ./conf:/etc/traefik/conf
+      # 保存 Traefik 申请的证书
+      - ./conf:/etc/traefik/conf
 
   frpp-master:
     image: vaalacat/frp-panel:latest # 这里换成你想使用的版本
@@ -167,8 +182,10 @@ services:
 	# 以便反向代理正确识别需要转发的协议
       MASTER_RPC_HOST: frpp.example.com
       MASTER_API_PORT: 443
-      MASTER_API_HOST: frpp-rpc.example.com
+      MASTER_API_HOST: frpp.example.com
       MASTER_API_SCHEME: https
+      CLIENT_RPC_URL: wss://frpp.example.com:443
+      CLIENT_API_URL: https://frpp.example.com:443
     networks:
       - traefik
     volumes:
@@ -185,7 +202,7 @@ services:
     restart: unless-stopped
     command: master
     labels:
-	  # API
+	  # API/WSS
       - traefik.http.routers.frp-panel-api.rule=Host(`frpp.example.com`)
       - traefik.http.routers.frp-panel-api.tls=true
       - traefik.http.routers.frp-panel-api.tls.certresolver=le
@@ -193,17 +210,9 @@ services:
       - traefik.http.routers.frp-panel-api.service=frp-panel-api
       - traefik.http.services.frp-panel-api.loadbalancer.server.port=9000
       - traefik.http.services.frp-panel-api.loadbalancer.server.scheme=http
-	  # RPC
-      - traefik.http.routers.frp-panel-rpc.rule=Host(`frpp-rpc.example.com`)
-      - traefik.http.routers.frp-panel-rpc.tls=true
-      - traefik.http.routers.frp-panel-rpc.tls.certresolver=le
-      - traefik.http.routers.frp-panel-rpc.entrypoints=websecure
-      - traefik.http.routers.frp-panel-rpc.service=frp-panel-rpc
-      - traefik.http.services.frp-panel-rpc.loadbalancer.server.port=9000
-      - traefik.http.services.frp-panel-rpc.loadbalancer.server.scheme=h2c
       # 下方如果你用不到 frps 的http代理，可以不要
-	  # 需要配置域名 *.frpp.example.com 泛解析到你服务器的公网IP
-	  # 这样可以实现使用 .frpp.example.com 结束的域名，在 443 端口，转发多个服务到多个 frpc
+      # 需要配置域名 *.frpp.example.com 泛解析到你服务器的公网IP
+      # 这样可以实现使用 .frpp.example.com 结束的域名，在 443 端口，转发多个服务到多个 frpc
       - traefik.http.routers.frp-panel-tunnel.rule=HostRegexp(`.*.frpp.example.com`)
       - traefik.http.routers.frp-panel-tunnel.tls.domains[0].sans=*.frpp.example.com
       - traefik.http.routers.frp-panel-tunnel.tls=true
@@ -238,8 +247,9 @@ networks:
 
 ```
 APP_GLOBAL_SECRET=your_secret
-MASTER_RPC_HOST=IP
 DB_DSN=data.db
+CLIENT_RPC_URL=grpc://IP:9001
+CLIENT_API_URL=http://IP:9000
 ```
 
 - master: `frp-panel-amd64.exe master`

docs/en/deploy-master.md

@@ -24,7 +24,11 @@ If you use a reverse proxy, you can ignore WEB UI and RPC ports—just open 80/4
 - The RPC port can also accept self-signed HTTPS API connections.  
 - Both can be fronted by a TLS-terminating reverse proxy.  
 
-To secure communication, set the environment variables `CLIENT_RPC_URL` and `CLIENT_API_URL`. First deploy normally, then adjust these variables.
+To secure communication (via reverse proxy), refer to the diagram below to set the environment variables `CLIENT_RPC_URL` and `CLIENT_API_URL`.
+
+**Note⚠️:** First deploy successfully using the regular method! Then adjust these two variables!!!!
+
+Orange indicates insecure, green indicates secure. You need to ensure both environment variables are set for proper operation.
 
 ![](../public/images/frp-panel-platform-connection-env.svg)
 
@@ -59,14 +63,18 @@ services:
     image: vaalacat/frp-panel:latest
     network_mode: host
     environment:
-      APP_GLOBAL_SECRET: your_secret
-      MASTER_RPC_HOST: 1.2.3.4       # external IP or domain
-      MASTER_RPC_PORT: 9001
-      MASTER_API_HOST: 1.2.3.4       # external IP or domain
-      MASTER_API_PORT: 9000
-      MASTER_API_SCHEME: http
+      APP_GLOBAL_SECRET: your_secret # Enter some random characters, do not leak
+      MASTER_RPC_HOST: 1.2.3.4 # Server's external IP or domain
+      MASTER_RPC_PORT: 9001 # RPC listening port
+      MASTER_API_HOST: 1.2.3.4 # Server's external IP or domain
+      MASTER_API_PORT: 9000 # API/WebUI listening port
+      # Set CLIENT_RPC_URL and CLIENT_API_URL according to actual situation, set as URLs accessible from outside to master
+      # Client connects to master RPC URL, if using reverse proxy, set to the URL accessible through reverse proxy (e.g. wss://example.com:443)
+      CLIENT_RPC_URL: grpc://1.2.3.4:9001
+      # Client connects to master API/WebUI URL, if using reverse proxy, set to the URL accessible through reverse proxy (e.g. https://example.com:443)
+      CLIENT_API_URL: http://1.2.3.4:9000
     volumes:
-      - ./data:/data               # data directory
+      - ./data:/data # Data storage location
     restart: unless-stopped
     command: master
 ```
@@ -76,45 +84,65 @@ services:
 Install Docker. We recommend `host` network mode:
 
 ```bash
+# Recommended
+# Change MASTER_RPC_HOST 0.0.0.0 to your server's external IP
+# APP_GLOBAL_SECRET should not be leaked, client and server secrets are generated by Master
+# Set CLIENT_RPC_URL and CLIENT_API_URL according to actual situation
+# If using reverse proxy, set to the URL accessible through reverse proxy, i.e. how to access master from outside
+# e.g. if port 443 proxies example.com to port 9000
+# CLIENT_RPC_URL=wss://example.com:443
+# CLIENT_API_URL=https://example.com:443
 docker run -d \
   --network=host \
   --restart=unless-stopped \
   -v /opt/frp-panel:/data \
   -e APP_GLOBAL_SECRET=your_secret \
   -e MASTER_RPC_HOST=0.0.0.0 \
+  -e CLIENT_RPC_URL=grpc://0.0.0.0:9001 \
+  -e CLIENT_API_URL=http://0.0.0.0:9000 \
   vaalacat/frp-panel
 ```
 
-If you cannot use `host` network mode:
+If you cannot use `host` network mode, refer to the command below:
 
 ```bash
-docker run -d \
-  -p 9000:9000 \        # API
-  -p 9001:9001 \        # RPC
-  -p 7000:7000 \        # frps API
-  -p 27000-27050:27000-27050 \  # frps service ports
+# Alternative
+# Remove Chinese comments when running
+# Set CLIENT_RPC_URL and CLIENT_API_URL according to actual situation, set as URLs accessible from outside to master
+# If using reverse proxy, set to the URL accessible through reverse proxy, i.e. how to access master from outside
+docker run -d -p 9000:9000 \ # API console port
+  -p 9001:9001 \ # rpc port
+  -p 7000:7000 \ # frps port
+  -p 27000-27050:27000-27050 \ # Reserved ports for frps
   --restart=unless-stopped \
-  -v /opt/frp-panel:/data \
-  -e APP_GLOBAL_SECRET=your_secret \
-  -e MASTER_RPC_HOST=0.0.0.0 \
+  -v /opt/frp-panel:/data \ # Data storage location
+  -e APP_GLOBAL_SECRET=your_secret \ # Master's secret, do not leak, client and server secrets are generated by Master
+  -e MASTER_RPC_HOST=0.0.0.0 \ # Change this to your server's external IP
+  -e CLIENT_RPC_URL=grpc://0.0.0.0:9001 \
+  -e CLIENT_API_URL=http://0.0.0.0:9000 \
   vaalacat/frp-panel
 ```
 
-### Option 3: Docker + Reverse-Proxy TLS (Traefik Example)
+### Option 3: Docker + Reverse-Proxy TLS Deployment
 
-Create a Docker network for Traefik:
+Here we use [Traefik](https://traefik.io/traefik/) as an example
+
+> `Traefik` can automatically detect Docker container ports in real-time and hot-reload configurations, making it ideal for Docker service reverse proxying
+
+First, create a Docker network named `traefik` for reverse proxy use:
 
 ```bash
 docker network create traefik
 ```
 
-Create `docker-compose.yaml`:
+Then start the reverse proxy and Master service
+- `docker-compose.yaml`
 
 ```yaml
 version: '3'
 
 services:
-  traefik:
+  traefk-reverse-proxy:
     image: traefik:v3.3
     restart: unless-stopped
     networks:
@@ -125,79 +153,90 @@ services:
       - --entryPoints.websecure.http2.maxConcurrentStreams=250
       - --providers.docker
       - --providers.docker.network=traefik
+      - --api.insecure # Remove this line in production
+    # Use port 80 for ACME HTTP DNS certificate validation
       - --certificatesresolvers.le.acme.email=me@example.com
       - --certificatesresolvers.le.acme.storage=/etc/traefik/conf/acme.json
       - --certificatesresolvers.le.acme.httpchallenge=true
     ports:
+      # Reverse proxy HTTP port
       - "80:80"
+      # Reverse proxy HTTPS port
       - "443:443"
-      - "8080:8080"        # Traefik dashboard (remove in production)
+      # Traefik Web UI (--api.insecure=true uses this port)
+      # Remove this port in production
+      - "8080:8080"
     volumes:
+      # Mount docker.sock so Traefik can automatically detect all docker container reverse proxy configurations on the host
       - /var/run/docker.sock:/var/run/docker.sock
+      # Save certificates obtained by Traefik
       - ./conf:/etc/traefik/conf
 
   frpp-master:
-    image: vaalacat/frp-panel:latest
+    image: vaalacat/frp-panel:latest # Change to the version you want to use
+    environment:
+      APP_GLOBAL_SECRET: your_secret
+    # Because api and rpc use different protocols
+    # We need to use two domains for api and rpc
+    # So that the reverse proxy can correctly identify the protocol to forward
+      MASTER_RPC_HOST: frpp.example.com
+      MASTER_API_PORT: 443
+      MASTER_API_HOST: frpp.example.com
+      MASTER_API_SCHEME: https
+      CLIENT_RPC_URL: wss://frpp.example.com:443
+      CLIENT_API_URL: https://frpp.example.com:443
     networks:
       - traefik
     volumes:
       - ./data:/data
-    restart: unless-stopped
-    command: master
-    environment:
-      APP_GLOBAL_SECRET: your_secret
-      MASTER_RPC_HOST: frpp-rpc.example.com
-      MASTER_API_HOST: frpp.example.com
-      MASTER_API_PORT: 443
-      MASTER_API_SCHEME: https
     ports:
+    # No need to reserve api and rpc ports for master
+    # Reserve frps api port
       - 7000:7000
       - 7000:7000/udp
+    # Reserve frps service ports
+    # Port 26999 is reserved for frps HTTP proxy
       - 26999-27050:26999-27050
       - 26999-27050:26999-27050/udp
+    restart: unless-stopped
+    command: master
     labels:
-      # API router
+    # API/WSS
       - traefik.http.routers.frp-panel-api.rule=Host(`frpp.example.com`)
       - traefik.http.routers.frp-panel-api.tls=true
       - traefik.http.routers.frp-panel-api.tls.certresolver=le
       - traefik.http.routers.frp-panel-api.entrypoints=websecure
+      - traefik.http.routers.frp-panel-api.service=frp-panel-api
       - traefik.http.services.frp-panel-api.loadbalancer.server.port=9000
       - traefik.http.services.frp-panel-api.loadbalancer.server.scheme=http
-
-      # RPC router
-      - traefik.http.routers.frp-panel-rpc.rule=Host(`frpp-rpc.example.com`)
-      - traefik.http.routers.frp-panel-rpc.tls=true
-      - traefik.http.routers.frp-panel-rpc.tls.certresolver=le
-      - traefik.http.routers.frp-panel-rpc.entrypoints=websecure
-      - traefik.http.services.frp-panel-rpc.loadbalancer.server.port=9000
-      - traefik.http.services.frp-panel-rpc.loadbalancer.server.scheme=h2c
-
-      # Tunnel router (optional HTTP proxy for frpc)
+      # If you don't need frps HTTP proxy below, you can omit this
+      # You need to configure wildcard DNS *.frpp.example.com to point to your server's public IP
+      # This enables using domains ending with .frpp.example.com on port 443 to forward multiple services to multiple frpc
       - traefik.http.routers.frp-panel-tunnel.rule=HostRegexp(`.*.frpp.example.com`)
       - traefik.http.routers.frp-panel-tunnel.tls.domains[0].sans=*.frpp.example.com
       - traefik.http.routers.frp-panel-tunnel.tls=true
       - traefik.http.routers.frp-panel-tunnel.tls.certresolver=le
       - traefik.http.routers.frp-panel-tunnel.entrypoints=websecure
+      - traefik.http.routers.frp-panel-tunnel.service=frp-panel-tunnel
       - traefik.http.services.frp-panel-tunnel.loadbalancer.server.port=26999
       - traefik.http.services.frp-panel-tunnel.loadbalancer.server.scheme=http
-
 networks:
   traefik:
     external: true
     name: traefik
 ```
 
-After starting, visit `SERVER_IP:8080` to view Traefik’s dashboard.
+After the above `docker-compose.yaml` is deployed, you can visit `SERVER_IP:8080` to view the reverse proxy status.
 
-Then configure the `default` server in the Master Web UI:
+Then configure the default server to enable frp subdomain forwarding:
 
-| Setting               | Value                  |
-|-----------------------|------------------------|
-| FRPs listen port      | 7000                   |
-| FRPs listen address   | 0.0.0.0                |
-| Proxy listen address  | 0.0.0.0                |
-| HTTP listen port      | 26999                  |
-| Domain suffix         | frpp.example.com       |
+| Configuration | Value |
+|----|----|
+| FRPs listen port | 7000 |
+| FRPs listen address | 0.0.0.0 |
+| Proxy listen address | 0.0.0.0 |
+| HTTP listen port | 26999 |
+| Domain suffix | frpp.example.com |
 
 ---
 
@@ -205,16 +244,13 @@ Then configure the `default` server in the Master Web UI:
 
 ### Direct Execution
 
-In the folder containing the executable, create a `.env` file (no extension) with:
+In the same folder as the downloaded executable, create a `.env` file (note: no file extension), then enter the following content, save, and run the corresponding command:
 
 ```
 APP_GLOBAL_SECRET=your_secret
-MASTER_RPC_HOST=IP
 DB_DSN=data.db
+CLIENT_RPC_URL=grpc://IP:9001
+CLIENT_API_URL=http://IP:9000
 ```
 
-Then run:
-
-```
-frp-panel-amd64.exe master
-```
+- master: `frp-panel-amd64.exe master`