diff --git a/README.md b/README.md
index f876d13..d8a4267 100644
--- a/README.md
+++ b/README.md
@@ -37,7 +37,7 @@ If FRP-Panel brings you value, consider sponsoring the author:
- Email: me@vaala.cat
-Sponsored by [NodeSupport](https://github.com/NodeSeekDev/NodeSupport) / [DartNode](https://dartnode.com)
+Sponsored by [NodeSupport](https://github.com/NodeSeekDev/NodeSupport) / [DartNode](https://dartnode.com) / [DK Cloud](https://www.dkdun.cn)
+
diff --git a/README_zh.md b/README_zh.md
index 15014c7..2c99a70 100644
--- a/README_zh.md
+++ b/README_zh.md
@@ -36,13 +36,18 @@ FRP-Panel 是一款基于 FRP 的可视化管理面板,提供中心化配置
- 邮箱:me@vaala.cat
-[NodeSupport](https://github.com/NodeSeekDev/NodeSupport) 赞助了该项目
+[NodeSupport](https://github.com/NodeSeekDev/NodeSupport) / [林枫云](https://www.dkdun.cn) 赞助了该项目
+
## 项目状态
diff --git a/docs/deploy-master.md b/docs/deploy-master.md
index 7916310..1765b4e 100644
--- a/docs/deploy-master.md
+++ b/docs/deploy-master.md
@@ -27,7 +27,7 @@ RPC 端口也可以处理自签名 HTTPS 的 API 连接
二者都可使用反向代理服务器连接并提供TLS
-如果你想要使用安全的方式,请参考下图设置环境变量「`CLIENT_RPC_URL`和`CLIENT_API_URL`」。
+如果你想要使用安全的方式(反向代理),请参考下图设置环境变量「`CLIENT_RPC_URL`和`CLIENT_API_URL`」。
注意⚠️:请首先使用普通部署的方式部署成功!然后再来调整这两个变量!!!!
@@ -66,12 +66,16 @@ services:
image: vaalacat/frp-panel:latest
network_mode: host
environment:
- APP_GLOBAL_SECRET: your_secret
- MASTER_RPC_HOST: 1.2.3.4 #服务器的外部IP或域名
- MASTER_RPC_PORT: 9001
- MASTER_API_HOST: 1.2.3.4 #服务器的外部IP或域名
- MASTER_API_PORT: 9000
- MASTER_API_SCHEME: http
+ APP_GLOBAL_SECRET: your_secret # 随便输入一些随机字符,不要泄露
+ MASTER_RPC_HOST: 1.2.3.4 # 服务器的外部IP或域名
+ MASTER_RPC_PORT: 9001 # RPC 监听端口
+ MASTER_API_HOST: 1.2.3.4 # 服务器的外部IP或域名
+ MASTER_API_PORT: 9000 # API/WebUI监听端口
+ # CLIENT_RPC_URL和CLIENT_API_URL请根据实际情况设置,设置为外部可以通过url访问到master的形式
+ # Client 连接 master RPC 的 URL,如果使用反向代理,请设置为通过反向代理访问的 URL(如wss://example.com:443)
+ CLIENT_RPC_URL: grpc://1.2.3.4:9001)
+ # Client 连接 master API/WebUI 的 URL,如果使用反向代理,请设置为通过反向代理访问的 URL(如https://example.com:443)
+ CLIENT_API_URL: http://1.2.3.4:9000
volumes:
- ./data:/data # 数据存储位置
restart: unless-stopped
@@ -84,14 +88,21 @@ services:
```bash
# 推荐
-# MASTER_RPC_HOST要改成你服务器的外部IP
+# MASTER_RPC_HOST等0.0.0.0要改成你服务器的外部IP
# APP_GLOBAL_SECRET注意不要泄漏,客户端和服务端的是通过Master生成的
+# CLIENT_RPC_URL和CLIENT_API_URL请根据实际情况设置
+# 如果使用反向代理,请设置为通过反向代理访问的 URL,也就是外部如何访问master
+# 如 443端口代理example.com到9000端口
+# CLIENT_RPC_URL=wss://example.com:443
+# CLIENT_API_URL=https://example.com:443
docker run -d \
--network=host \
--restart=unless-stopped \
-v /opt/frp-panel:/data \
-e APP_GLOBAL_SECRET=your_secret \
-e MASTER_RPC_HOST=0.0.0.0 \
+ -e CLIENT_RPC_URL=grpc://0.0.0.0:9001 \
+ -e CLIENT_API_URL=http://0.0.0.0:9000 \
vaalacat/frp-panel
```
@@ -100,6 +111,8 @@ docker run -d \
```bash
# 或者
# 运行时记得删除命令中的中文
+# CLIENT_RPC_URL和CLIENT_API_URL请根据实际情况设置,设置为外部可以通过url访问到master的形式
+# 如果使用反向代理,请设置为通过反向代理访问的 URL,也就是外部如何访问master
docker run -d -p 9000:9000 \ # API控制台端口
-p 9001:9001 \ # rpc端口
-p 7000:7000 \ # frps 端口
@@ -108,6 +121,8 @@ docker run -d -p 9000:9000 \ # API控制台端口
-v /opt/frp-panel:/data \ # 数据存储位置
-e APP_GLOBAL_SECRET=your_secret \ # Master的secret注意不要泄漏,客户端和服务端的是通过Master生成的
-e MASTER_RPC_HOST=0.0.0.0 \ # 这里要改成你服务器的外部IP
+ -e CLIENT_RPC_URL=grpc://0.0.0.0:9001 \
+ -e CLIENT_API_URL=http://0.0.0.0:9000 \
vaalacat/frp-panel
```
@@ -136,27 +151,27 @@ services:
command:
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443
- - --entryPoints.websecure.http2.maxConcurrentStreams=250
+ - --entryPoints.websecure.http2.maxConcurrentStreams=250
- --providers.docker
- --providers.docker.network=traefik
- --api.insecure # 在生产环境请删除这一行
- # 这下面使用 80 端口做ACME HTTP DNS证书验证
+ # 这下面使用 80 端口做ACME HTTP DNS证书验证
- --certificatesresolvers.le.acme.email=me@example.com
- --certificatesresolvers.le.acme.storage=/etc/traefik/conf/acme.json
- --certificatesresolvers.le.acme.httpchallenge=true
ports:
# 反向代理的 HTTP 端口
- "80:80"
- # 反向代理的 HTTPS 端口
- - "443:443"
+ # 反向代理的 HTTPS 端口
+ - "443:443"
# Traefik 的 Web UI (--api.insecure=true 会使用这个端口)
- # 生产环境请删除这个端口
+ # 生产环境请删除这个端口
- "8080:8080"
volumes:
# 挂载 docker.sock,这样 Traefik 可以自动识别主机上所有 docker 容器反向代理配置
- /var/run/docker.sock:/var/run/docker.sock
- # 保存 Traefik 申请的证书
- - ./conf:/etc/traefik/conf
+ # 保存 Traefik 申请的证书
+ - ./conf:/etc/traefik/conf
frpp-master:
image: vaalacat/frp-panel:latest # 这里换成你想使用的版本
@@ -167,8 +182,10 @@ services:
# 以便反向代理正确识别需要转发的协议
MASTER_RPC_HOST: frpp.example.com
MASTER_API_PORT: 443
- MASTER_API_HOST: frpp-rpc.example.com
+ MASTER_API_HOST: frpp.example.com
MASTER_API_SCHEME: https
+ CLIENT_RPC_URL: wss://frpp.example.com:443
+ CLIENT_API_URL: https://frpp.example.com:443
networks:
- traefik
volumes:
@@ -185,7 +202,7 @@ services:
restart: unless-stopped
command: master
labels:
- # API
+ # API/WSS
- traefik.http.routers.frp-panel-api.rule=Host(`frpp.example.com`)
- traefik.http.routers.frp-panel-api.tls=true
- traefik.http.routers.frp-panel-api.tls.certresolver=le
@@ -193,17 +210,9 @@ services:
- traefik.http.routers.frp-panel-api.service=frp-panel-api
- traefik.http.services.frp-panel-api.loadbalancer.server.port=9000
- traefik.http.services.frp-panel-api.loadbalancer.server.scheme=http
- # RPC
- - traefik.http.routers.frp-panel-rpc.rule=Host(`frpp-rpc.example.com`)
- - traefik.http.routers.frp-panel-rpc.tls=true
- - traefik.http.routers.frp-panel-rpc.tls.certresolver=le
- - traefik.http.routers.frp-panel-rpc.entrypoints=websecure
- - traefik.http.routers.frp-panel-rpc.service=frp-panel-rpc
- - traefik.http.services.frp-panel-rpc.loadbalancer.server.port=9000
- - traefik.http.services.frp-panel-rpc.loadbalancer.server.scheme=h2c
# 下方如果你用不到 frps 的http代理,可以不要
- # 需要配置域名 *.frpp.example.com 泛解析到你服务器的公网IP
- # 这样可以实现使用 .frpp.example.com 结束的域名,在 443 端口,转发多个服务到多个 frpc
+ # 需要配置域名 *.frpp.example.com 泛解析到你服务器的公网IP
+ # 这样可以实现使用 .frpp.example.com 结束的域名,在 443 端口,转发多个服务到多个 frpc
- traefik.http.routers.frp-panel-tunnel.rule=HostRegexp(`.*.frpp.example.com`)
- traefik.http.routers.frp-panel-tunnel.tls.domains[0].sans=*.frpp.example.com
- traefik.http.routers.frp-panel-tunnel.tls=true
@@ -238,8 +247,9 @@ networks:
```
APP_GLOBAL_SECRET=your_secret
-MASTER_RPC_HOST=IP
DB_DSN=data.db
+CLIENT_RPC_URL=grpc://IP:9001
+CLIENT_API_URL=http://IP:9000
```
- master: `frp-panel-amd64.exe master`
diff --git a/docs/en/deploy-master.md b/docs/en/deploy-master.md
index d0f8e1e..887c332 100644
--- a/docs/en/deploy-master.md
+++ b/docs/en/deploy-master.md
@@ -24,7 +24,11 @@ If you use a reverse proxy, you can ignore WEB UI and RPC ports—just open 80/4
- The RPC port can also accept self-signed HTTPS API connections.
- Both can be fronted by a TLS-terminating reverse proxy.
-To secure communication, set the environment variables `CLIENT_RPC_URL` and `CLIENT_API_URL`. First deploy normally, then adjust these variables.
+To secure communication (via reverse proxy), refer to the diagram below to set the environment variables `CLIENT_RPC_URL` and `CLIENT_API_URL`.
+
+**Note⚠️:** First deploy successfully using the regular method! Then adjust these two variables!!!!
+
+Orange indicates insecure, green indicates secure. You need to ensure both environment variables are set for proper operation.
@@ -59,14 +63,18 @@ services:
image: vaalacat/frp-panel:latest
network_mode: host
environment:
- APP_GLOBAL_SECRET: your_secret
- MASTER_RPC_HOST: 1.2.3.4 # external IP or domain
- MASTER_RPC_PORT: 9001
- MASTER_API_HOST: 1.2.3.4 # external IP or domain
- MASTER_API_PORT: 9000
- MASTER_API_SCHEME: http
+ APP_GLOBAL_SECRET: your_secret # Enter some random characters, do not leak
+ MASTER_RPC_HOST: 1.2.3.4 # Server's external IP or domain
+ MASTER_RPC_PORT: 9001 # RPC listening port
+ MASTER_API_HOST: 1.2.3.4 # Server's external IP or domain
+ MASTER_API_PORT: 9000 # API/WebUI listening port
+ # Set CLIENT_RPC_URL and CLIENT_API_URL according to actual situation, set as URLs accessible from outside to master
+ # Client connects to master RPC URL, if using reverse proxy, set to the URL accessible through reverse proxy (e.g. wss://example.com:443)
+ CLIENT_RPC_URL: grpc://1.2.3.4:9001
+ # Client connects to master API/WebUI URL, if using reverse proxy, set to the URL accessible through reverse proxy (e.g. https://example.com:443)
+ CLIENT_API_URL: http://1.2.3.4:9000
volumes:
- - ./data:/data # data directory
+ - ./data:/data # Data storage location
restart: unless-stopped
command: master
```
@@ -76,45 +84,65 @@ services:
Install Docker. We recommend `host` network mode:
```bash
+# Recommended
+# Change MASTER_RPC_HOST 0.0.0.0 to your server's external IP
+# APP_GLOBAL_SECRET should not be leaked, client and server secrets are generated by Master
+# Set CLIENT_RPC_URL and CLIENT_API_URL according to actual situation
+# If using reverse proxy, set to the URL accessible through reverse proxy, i.e. how to access master from outside
+# e.g. if port 443 proxies example.com to port 9000
+# CLIENT_RPC_URL=wss://example.com:443
+# CLIENT_API_URL=https://example.com:443
docker run -d \
--network=host \
--restart=unless-stopped \
-v /opt/frp-panel:/data \
-e APP_GLOBAL_SECRET=your_secret \
-e MASTER_RPC_HOST=0.0.0.0 \
+ -e CLIENT_RPC_URL=grpc://0.0.0.0:9001 \
+ -e CLIENT_API_URL=http://0.0.0.0:9000 \
vaalacat/frp-panel
```
-If you cannot use `host` network mode:
+If you cannot use `host` network mode, refer to the command below:
```bash
-docker run -d \
- -p 9000:9000 \ # API
- -p 9001:9001 \ # RPC
- -p 7000:7000 \ # frps API
- -p 27000-27050:27000-27050 \ # frps service ports
+# Alternative
+# Remove Chinese comments when running
+# Set CLIENT_RPC_URL and CLIENT_API_URL according to actual situation, set as URLs accessible from outside to master
+# If using reverse proxy, set to the URL accessible through reverse proxy, i.e. how to access master from outside
+docker run -d -p 9000:9000 \ # API console port
+ -p 9001:9001 \ # rpc port
+ -p 7000:7000 \ # frps port
+ -p 27000-27050:27000-27050 \ # Reserved ports for frps
--restart=unless-stopped \
- -v /opt/frp-panel:/data \
- -e APP_GLOBAL_SECRET=your_secret \
- -e MASTER_RPC_HOST=0.0.0.0 \
+ -v /opt/frp-panel:/data \ # Data storage location
+ -e APP_GLOBAL_SECRET=your_secret \ # Master's secret, do not leak, client and server secrets are generated by Master
+ -e MASTER_RPC_HOST=0.0.0.0 \ # Change this to your server's external IP
+ -e CLIENT_RPC_URL=grpc://0.0.0.0:9001 \
+ -e CLIENT_API_URL=http://0.0.0.0:9000 \
vaalacat/frp-panel
```
-### Option 3: Docker + Reverse-Proxy TLS (Traefik Example)
+### Option 3: Docker + Reverse-Proxy TLS Deployment
-Create a Docker network for Traefik:
+Here we use [Traefik](https://traefik.io/traefik/) as an example
+
+> `Traefik` can automatically detect Docker container ports in real-time and hot-reload configurations, making it ideal for Docker service reverse proxying
+
+First, create a Docker network named `traefik` for reverse proxy use:
```bash
docker network create traefik
```
-Create `docker-compose.yaml`:
+Then start the reverse proxy and Master service
+- `docker-compose.yaml`
```yaml
version: '3'
services:
- traefik:
+ traefk-reverse-proxy:
image: traefik:v3.3
restart: unless-stopped
networks:
@@ -125,79 +153,90 @@ services:
- --entryPoints.websecure.http2.maxConcurrentStreams=250
- --providers.docker
- --providers.docker.network=traefik
+ - --api.insecure # Remove this line in production
+ # Use port 80 for ACME HTTP DNS certificate validation
- --certificatesresolvers.le.acme.email=me@example.com
- --certificatesresolvers.le.acme.storage=/etc/traefik/conf/acme.json
- --certificatesresolvers.le.acme.httpchallenge=true
ports:
+ # Reverse proxy HTTP port
- "80:80"
+ # Reverse proxy HTTPS port
- "443:443"
- - "8080:8080" # Traefik dashboard (remove in production)
+ # Traefik Web UI (--api.insecure=true uses this port)
+ # Remove this port in production
+ - "8080:8080"
volumes:
+ # Mount docker.sock so Traefik can automatically detect all docker container reverse proxy configurations on the host
- /var/run/docker.sock:/var/run/docker.sock
+ # Save certificates obtained by Traefik
- ./conf:/etc/traefik/conf
frpp-master:
- image: vaalacat/frp-panel:latest
+ image: vaalacat/frp-panel:latest # Change to the version you want to use
+ environment:
+ APP_GLOBAL_SECRET: your_secret
+ # Because api and rpc use different protocols
+ # We need to use two domains for api and rpc
+ # So that the reverse proxy can correctly identify the protocol to forward
+ MASTER_RPC_HOST: frpp.example.com
+ MASTER_API_PORT: 443
+ MASTER_API_HOST: frpp.example.com
+ MASTER_API_SCHEME: https
+ CLIENT_RPC_URL: wss://frpp.example.com:443
+ CLIENT_API_URL: https://frpp.example.com:443
networks:
- traefik
volumes:
- ./data:/data
- restart: unless-stopped
- command: master
- environment:
- APP_GLOBAL_SECRET: your_secret
- MASTER_RPC_HOST: frpp-rpc.example.com
- MASTER_API_HOST: frpp.example.com
- MASTER_API_PORT: 443
- MASTER_API_SCHEME: https
ports:
+ # No need to reserve api and rpc ports for master
+ # Reserve frps api port
- 7000:7000
- 7000:7000/udp
+ # Reserve frps service ports
+ # Port 26999 is reserved for frps HTTP proxy
- 26999-27050:26999-27050
- 26999-27050:26999-27050/udp
+ restart: unless-stopped
+ command: master
labels:
- # API router
+ # API/WSS
- traefik.http.routers.frp-panel-api.rule=Host(`frpp.example.com`)
- traefik.http.routers.frp-panel-api.tls=true
- traefik.http.routers.frp-panel-api.tls.certresolver=le
- traefik.http.routers.frp-panel-api.entrypoints=websecure
+ - traefik.http.routers.frp-panel-api.service=frp-panel-api
- traefik.http.services.frp-panel-api.loadbalancer.server.port=9000
- traefik.http.services.frp-panel-api.loadbalancer.server.scheme=http
-
- # RPC router
- - traefik.http.routers.frp-panel-rpc.rule=Host(`frpp-rpc.example.com`)
- - traefik.http.routers.frp-panel-rpc.tls=true
- - traefik.http.routers.frp-panel-rpc.tls.certresolver=le
- - traefik.http.routers.frp-panel-rpc.entrypoints=websecure
- - traefik.http.services.frp-panel-rpc.loadbalancer.server.port=9000
- - traefik.http.services.frp-panel-rpc.loadbalancer.server.scheme=h2c
-
- # Tunnel router (optional HTTP proxy for frpc)
+ # If you don't need frps HTTP proxy below, you can omit this
+ # You need to configure wildcard DNS *.frpp.example.com to point to your server's public IP
+ # This enables using domains ending with .frpp.example.com on port 443 to forward multiple services to multiple frpc
- traefik.http.routers.frp-panel-tunnel.rule=HostRegexp(`.*.frpp.example.com`)
- traefik.http.routers.frp-panel-tunnel.tls.domains[0].sans=*.frpp.example.com
- traefik.http.routers.frp-panel-tunnel.tls=true
- traefik.http.routers.frp-panel-tunnel.tls.certresolver=le
- traefik.http.routers.frp-panel-tunnel.entrypoints=websecure
+ - traefik.http.routers.frp-panel-tunnel.service=frp-panel-tunnel
- traefik.http.services.frp-panel-tunnel.loadbalancer.server.port=26999
- traefik.http.services.frp-panel-tunnel.loadbalancer.server.scheme=http
-
networks:
traefik:
external: true
name: traefik
```
-After starting, visit `SERVER_IP:8080` to view Traefik’s dashboard.
+After the above `docker-compose.yaml` is deployed, you can visit `SERVER_IP:8080` to view the reverse proxy status.
-Then configure the `default` server in the Master Web UI:
+Then configure the default server to enable frp subdomain forwarding:
-| Setting | Value |
-|-----------------------|------------------------|
-| FRPs listen port | 7000 |
-| FRPs listen address | 0.0.0.0 |
-| Proxy listen address | 0.0.0.0 |
-| HTTP listen port | 26999 |
-| Domain suffix | frpp.example.com |
+| Configuration | Value |
+|----|----|
+| FRPs listen port | 7000 |
+| FRPs listen address | 0.0.0.0 |
+| Proxy listen address | 0.0.0.0 |
+| HTTP listen port | 26999 |
+| Domain suffix | frpp.example.com |
---
@@ -205,16 +244,13 @@ Then configure the `default` server in the Master Web UI:
### Direct Execution
-In the folder containing the executable, create a `.env` file (no extension) with:
+In the same folder as the downloaded executable, create a `.env` file (note: no file extension), then enter the following content, save, and run the corresponding command:
```
APP_GLOBAL_SECRET=your_secret
-MASTER_RPC_HOST=IP
DB_DSN=data.db
+CLIENT_RPC_URL=grpc://IP:9001
+CLIENT_API_URL=http://IP:9000
```
-Then run:
-
-```
-frp-panel-amd64.exe master
-```
\ No newline at end of file
+- master: `frp-panel-amd64.exe master`
\ No newline at end of file
+
+