Merge pull request #3722 from fatedier/dev

bump version

README.md

@@ -91,8 +91,6 @@ We will transition from version 0 to version 1 at the appropriate time and will
 
 ### About V2
 
-The overall situation is currently unfavorable, and there is significant pressure in both personal and professional aspects.
-
 The complexity and difficulty of the v2 version are much higher than anticipated. I can only work on its development during fragmented time periods, and the constant interruptions disrupt productivity significantly. Given this situation, we will continue to optimize and iterate on the current version until we have more free time to proceed with the major version overhaul.
 
 The concept behind v2 is based on my years of experience and reflection in the cloud-native domain, particularly in K8s and ServiceMesh. Its core is a modernized four-layer and seven-layer proxy, similar to envoy. This proxy itself is highly scalable, not only capable of implementing the functionality of intranet penetration but also applicable to various other domains. Building upon this highly scalable core, we aim to implement all the capabilities of frp v1 while also addressing the functionalities that were previously unachievable or difficult to implement in an elegant manner. Furthermore, we will maintain efficient development and iteration capabilities.
@@ -218,7 +216,7 @@ Unfortunately, we cannot resolve a domain name to a local IP. However, we can us
   vhostHTTPPort = 8080
   ```
 
-  If you want to configure an https proxy, you need to set up the `vhost_https_port`.
+  If you want to configure an https proxy, you need to set up the `vhostHTTPSPort`.
 
 2. Start `frps`:
 
@@ -337,7 +335,7 @@ Configure `frps` as described above, then:
 
 ### Enable HTTPS for a local HTTP(S) service
 
-You may substitute `https2https` for the plugin, and point the `plugin_local_addr` to a HTTPS endpoint.
+You may substitute `https2https` for the plugin, and point the `localAddr` to a HTTPS endpoint.
 
 1. Start `frpc` with the following configuration:
 
@@ -369,7 +367,7 @@ To mitigate risks associated with exposing certain services directly to the publ
 
 Configure `frps` same as above.
 
-1. Start `frpc` on machine B with the following config. This example is for exposing the SSH service (port 22), and note the `sk` field for the preshared key, and that the `remote_port` field is removed here:
+1. Start `frpc` on machine B with the following config. This example is for exposing the SSH service (port 22), and note the `secretKey` field for the preshared key, and that the `remotePort` field is removed here:
 
   ```toml
   # frpc.toml
@@ -384,7 +382,7 @@ Configure `frps` same as above.
   localPort = 22
   ```
 
-2. Start another `frpc` (typically on another machine C) with the following config to access the SSH service with a security key (`sk` field):
+2. Start another `frpc` (typically on another machine C) with the following config to access the SSH service with a security key (`secretKey` field):
 
   ```toml
   # frpc.toml
@@ -461,9 +459,11 @@ Read the full example configuration files to find out even more features not des
 
 Examples use TOML format, but you can still use YAML or JSON.
 
-[Full configuration file for frps (Server)](./conf/frps.toml)
+These configuration files is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
 
-[Full configuration file for frpc (Client)](./conf/frpc.toml)
+[Full configuration file for frps (Server)](./conf/frps_full_example.toml)
+
+[Full configuration file for frpc (Client)](./conf/frpc_full_example.toml)
 
 ### Using Environment Variables
 
@@ -526,7 +526,7 @@ webServer.user = "admin"
 webServer.password = "admin"
 ```
 
-Then visit `http://[server_addr]:7500` to see the dashboard, with username and password both being `admin`.
+Then visit `http://[serverAddr]:7500` to see the dashboard, with username and password both being `admin`.
 
 Additionally, you can use HTTPS port by using your domains wildcard or normal SSL certificate:
 
@@ -539,7 +539,7 @@ webServer.tls.certFile = "server.crt"
 webServer.tls.keyFile = "server.key"
 ```
 
-Then visit `https://[server_addr]:7500` to see the dashboard in secure HTTPS connection, with username and password both being `admin`.
+Then visit `https://[serverAddr]:7500` to see the dashboard in secure HTTPS connection, with username and password both being `admin`.
 
 ![dashboard](/doc/pic/dashboard.png)
 
@@ -836,7 +836,7 @@ Using QUIC in frp:
   quicBindPort = 7000
   ```
 
-  The `quicBindPort` number can be the same number as `bind_port`, since `bind_port` field specifies a TCP port.
+  The `quicBindPort` number can be the same number as `bindPort`, since `bindPort` field specifies a TCP port.
 
 2. Configure `frpc.toml` to use QUIC to connect to frps:
 

README_zh.md

@@ -41,9 +41,7 @@ master 分支用于发布稳定版本，dev 分支用于开发，您可以尝试
 
 ### 关于 v2 的一些说明
 
-当前整体形势不佳，面临的生活工作压力很大。
-
-v2 版本的复杂度和难度比我们预期的要高得多。我只能利用零散的时间进行开发，而且由于上下文经常被打断，效率极低。由于这种情况可能会持续一段时间，我们仍然会在当前版本上进行一些优化和迭代，直到我们有更多空闲时间来推进大版本的重构。
+v2 版本的复杂度和难度比我们预期的要高得多。我只能利用零散的时间进行开发，而且由于上下文经常被打断，效率极低。由于这种情况可能会持续一段时间，我们仍然会在当前版本上进行一些优化和迭代，直到我们有更多空闲时间来推进大版本的重构，或者也有可能放弃一次性的重构，而是采用渐进的方式在当前版本上逐步做一些可能会导致不兼容的修改。
 
 v2 的构想是基于我多年在云原生领域，特别是在 K8s 和 ServiceMesh 方面的工作经验和思考。它的核心是一个现代化的四层和七层代理，类似于 envoy。这个代理本身高度可扩展，不仅可以用于实现内网穿透的功能，还可以应用于更多领域。在这个高度可扩展的内核基础上，我们将实现 frp v1 中的所有功能，并且能够以一种更加优雅的方式实现原先架构中无法实现或不易实现的功能。同时，我们将保持高效的开发和迭代能力。
 
@@ -55,7 +53,7 @@ v2 的构想是基于我多年在云原生领域，特别是在 K8s 和 ServiceM
 
 ## 文档
 
-完整文档已经迁移至 [https://gofrp.org](https://gofrp.org/docs)。
+完整文档已经迁移至 [https://gofrp.org](https://gofrp.org)。
 
 ## 为 frp 做贡献
 

Release.md

@@ -1,6 +1,3 @@
 ### Fixes
 
-* `transport.tls.disableCustomTLSFirstByte` doesn't have any effect.
-* The Server API did not return the data correctly.
-* The Dashboard is unable to display data.
-* `natHoleStunServer` is missing a default value.
+* `admin_user` is not effective in the INI configuration.

assets/frps/static/index.html

@@ -4,7 +4,7 @@
 <head>
     <meta charset="utf-8">
     <title>frps dashboard</title>
-  <script type="module" crossorigin src="./index-9465253b.js"></script>
+  <script type="module" crossorigin src="./index-c322b7dd.js"></script>
   <link rel="stylesheet" href="./index-1e0c7400.css">
 </head>
 

conf/frpc.toml

@@ -1,360 +1,9 @@
-# your proxy name will be changed to {user}.{proxy}
-user = "your_name"
-
-# A literal address or host name for IPv6 must be enclosed
-# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
-# For single serverAddr field, no need square brackets, like serverAddr = "::".
-serverAddr = "0.0.0.0"
+serverAddr = "127.0.0.1"
 serverPort = 7000
 
-# STUN server to help penetrate NAT hole.
-# natHoleStunServer = "stun.easyvoip.com:3478"
-
-# Decide if exit program when first login failed, otherwise continuous relogin to frps
-# default is true
-loginFailExit = true
-
-# console or real logFile path like ./frpc.log
-log.to = "./frpc.log"
-# trace, debug, info, warn, error
-log.level = "info"
-log.maxDays = 3
-# disable log colors when log.to is console, default is false
-log.disablePrintColor = false
-
-auth.method = "token"
-# auth.additionalScopes specifies additional scopes to include authentication information.
-# Optional values are HeartBeats, NewWorkConns.
-# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
-
-# auth token
-auth.token = "12345678"
-
-# oidc.clientID specifies the client ID to use to get a token in OIDC authentication.
-# auth.oidc.clientID = ""
-# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication.
-# auth.oidc.clientSecret = ""
-# oidc.audience specifies the audience of the token in OIDC authentication.
-# auth.oidc.audience = ""
-# oidc_scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
-# auth.oidc.scope = ""
-# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
-# It will be used to get an OIDC token.
-# auth.oidc.tokenEndpointURL = ""
-
-# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint.
-# For example, if you want to specify the "audience" parameter, you can set as follow.
-# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
-# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/"
-# auth.oidc.additionalEndpointParams.var1 = "foobar"
-
-# Set admin address for control frpc's action by http api such as reload
-webServer.addr = "127.0.0.1"
-webServer.port = 7400
-webServer.user = "admin"
-webServer.password = "admin"
-# Admin assets directory. By default, these assets are bundled with frpc.
-# webServer.assetsDir = "./static"
-
-# Enable golang pprof handlers in admin listener.
-webServer.pprofEnable = false
-
-# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.
-# transport.dialServerTimeout = 10
-
-# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
-# If negative, keep-alive probes are disabled.
-# transport.dialServerKeepalive = 7200
-
-# connections will be established in advance, default value is zero
-transport.poolCount = 5
-
-# If tcp stream multiplexing is used, default is true, it must be same with frps
-# transport.tcpMux = true
-
-# Specify keep alive interval for tcp mux.
-# only valid if tcpMux is enabled.
-# transport.tcpMuxKeepaliveInterval = 60
-
-# Communication protocol used to connect to server
-# supports tcp, kcp, quic, websocket and wss now, default is tcp
-transport.protocol = "tcp"
-
-# set client binding ip when connect server, default is empty.
-# only when protocol = tcp or websocket, the value will be used.
-transport.connectServerLocalIP = "0.0.0.0"
-
-# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables
-# it only works when protocol is tcp
-# transport.proxyURL = "http://user:passwd@192.168.1.128:8080"
-# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080"
-# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080"
-
-# quic protocol options
-# transport.quic.keepalivePeriod = 10
-# transport.quic.maxIdleTimeout = 30
-# transport.quic.maxIncomingStreams = 100000
-
-# If tls.enable is true, frpc will connect frps by tls.
-# Since v0.50.0, the default value has been changed to true, and tls is enabled by default.
-transport.tls.enable = true
-
-# transport.tls.certFile = "client.crt"
-# transport.tls.keyFile = "client.key"
-# transport.tls.trustedCaFile = "ca.crt"
-# transport.tls.serverName = "example.com"
-
-# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the
-# first custom byte when tls is enabled.
-# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.
-# transport.tls.disableCustomTLSFirstByte = true
-
-# Heartbeat configure, it's not recommended to modify the default value.
-# The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value
-# to disable it.
-# transport.heartbeatInterval = 30
-# transport.heartbeatTimeout = 90
-
-# Specify a dns server, so frpc will use this instead of default one
-# dnsServer = "8.8.8.8"
-
-# Proxy names you want to start.
-# Default is empty, means all proxies.
-# start = ["ssh", "dns"]
-
-# Specify udp packet size, unit is byte. If not set, the default value is 1500.
-# This parameter should be same between client and server.
-# It affects the udp and sudp proxy.
-udpPacketSize = 1500
-
-# Additional metadatas for client.
-metadatas.var1 = "abc"
-metadatas.var2 = "123"
-
-# Include other config files for proxies.
-# includes = ["./confd/*.ini"]
-
 [[proxies]]
-# 'ssh' is the unique proxy name
-# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
-name = "ssh"
+name = "test-tcp"
 type = "tcp"
 localIP = "127.0.0.1"
 localPort = 22
-# Limit bandwidth for this proxy, unit is KB and MB
-transport.bandwidthLimit = "1MB"
-# Where to limit bandwidth, can be 'client' or 'server', default is 'client'
-transport.bandwidthLimitMode = "client"
-# If true, traffic of this proxy will be encrypted, default is false
-transport.useEncryption = false
-# If true, traffic will be compressed
-transport.useCompression = false
-# Remote port listen by frps
-remotePort = 6001
-# frps will load balancing connections for proxies in same group
-loadBalancer.group = "test_group"
-# group should have same group key
-loadBalancer.groupKey = "123456"
-# Enable health check for the backend service, it supports 'tcp' and 'http' now.
-# frpc will connect local service's port to detect it's healthy status
-healthCheck.type = "tcp"
-# Health check connection timeout
-healthCheck.timeoutSeconds = 3
-# If continuous failed in 3 times, the proxy will be removed from frps
-healthCheck.maxFailed = 3
-# every 10 seconds will do a health check
-healthCheck.intervalSeconds = 10
-# additional meta info for each proxy
-metadatas.var1 = "abc"
-metadatas.var2 = "123"
-
-[[proxies]]
-name = "ssh_random"
-type = "tcp"
-localIP = "192.168.31.100"
-localPort = 22
-# If remote_port is 0, frps will assign a random port for you
-remotePort = 0
-
-[[proxies]]
-name = "dns"
-type = "udp"
-localIP = "114.114.114.114"
-localPort = 53
-remotePort = 6002
-
-# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
-[[proxies]]
-name = "web01"
-type = "http"
-localIP = "127.0.0.1"
-localPort = 80
-# http username and password are safety certification for http protocol
-# if not set, you can access this custom_domains without certification
-httpUser = "admin"
-httpPassword = "admin"
-# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
-subdomain = "web01"
-customDomains = ["web01.yourdomain.com"]
-# locations is only available for http type
-locations = ["/", "/pic"]
-# route requests to this service if http basic auto user is abc
-# route_by_http_user = abc
-hostHeaderRewrite = "example.com"
-# params with prefix "header_" will be used to update http request headers
-requestHeaders.set.x-from-where = "frp"
-healthCheck.type = "http"
-# frpc will send a GET http request '/status' to local http service
-# http service is alive when it return 2xx http response code
-healthCheck.path = "/status"
-healthCheck.intervalSeconds = 10
-healthCheck.maxFailed = 3
-healthCheck.timeoutSeconds = 3
-
-[[proxies]]
-name = "web02"
-type = "https"
-localIP = "127.0.0.1"
-localPort = 8000
-subdomain = "web02"
-customDomains = ["web02.yourdomain.com"]
-# if not empty, frpc will use proxy protocol to transfer connection info to your local service
-# v1 or v2 or empty
-transport.proxyProtocolVersion = "v2"
-
-[[proxies]]
-name = "tcpmuxhttpconnect"
-type = "tcpmux"
-multiplexer = "httpconnect"
-localIP = "127.0.0.1"
-localPort = 10701
-customDomains = ["tunnel1"]
-# routeByHTTPUser = "user1"
-
-[[proxies]]
-name = "plugin_unix_domain_socket"
-type = "tcp"
-remotePort = 6003
-# if plugin is defined, local_ip and local_port is useless
-# plugin will handle connections got from frps
-[proxies.plugin]
-type = "unix_domain_socket"
-unixPath = "/var/run/docker.sock"
-
-[[proxies]]
-name = "plugin_http_proxy"
-type = "tcp"
-remotePort = 6004
-[proxies.plugin]
-type = "http_proxy"
-httpUser = "abc"
-httpPassword = "abc"
-
-[[proxies]]
-name = "plugin_socks5"
-type = "tcp"
-remotePort = 6005
-[proxies.plugin]
-type = "socks5"
-username = "abc"
-password = "abc"
-
-[[proxies]]
-name = "plugin_static_file"
-type = "tcp"
-remotePort = 6006
-[proxies.plugin]
-type = "static_file"
-localPath = "/var/www/blog"
-stripPrefix = "static"
-httpUser = "abc"
-httpPassword = "abc"
-
-[[proxies]]
-name = "plugin_https2http"
-type = "https"
-customDomains = ["test.yourdomain.com"]
-[proxies.plugin]
-type = "https2http"
-localAddr = "127.0.0.1:80"
-crtPath = "./server.crt"
-keyPath = "./server.key"
-hostHeaderRewrite = "127.0.0.1"
-requestHeaders.set.x-from-where = "frp"
-
-[[proxies]]
-name = "plugin_https2https"
-type = "https"
-customDomains = ["test.yourdomain.com"]
-[proxies.plugin]
-type = "https2https"
-localAddr = "127.0.0.1:443"
-crtPath = "./server.crt"
-keyPath = "./server.key"
-hostHeaderRewrite = "127.0.0.1"
-requestHeaders.set.x-from-where = "frp"
-
-[[proxies]]
-name = "plugin_http2https"
-type = "http"
-customDomains = ["test.yourdomain.com"]
-[proxies.plugin]
-type = "http2https"
-localAddr = "127.0.0.1:443"
-hostHeaderRewrite = "127.0.0.1"
-requestHeaders.set.x-from-where = "frp"
-
-[[proxies]]
-name = "secret_tcp"
-# If the type is secret tcp, remote_port is useless
-# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
-type = "stcp"
-# secretKey is used for authentication for visitors
-secretKey = "abcdefg"
-localIP = "127.0.0.1"
-localPort = 22
-# If not empty, only visitors from specified users can connect.
-# Otherwise, visitors from same user can connect. '*' means allow all users.
-allowUsers = ["*"]
-
-[[proxies]]
-name = "p2p_tcp"
-type = "xtcp"
-secretKey = "abcdefg"
-localIP = "127.0.0.1"
-localPort = 22
-# If not empty, only visitors from specified users can connect.
-# Otherwise, visitors from same user can connect. '*' means allow all users.
-allowUsers = ["user1", "user2"]
-
-# frpc role visitor -> frps -> frpc role server
-[[visitors]]
-name = "secret_tcp_visitor"
-type = "stcp"
-# the server name you want to visitor
-serverName = "secret_tcp"
-secretKey = "abcdefg"
-# connect this address to visitor stcp server
-bindAddr = "127.0.0.1"
-# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
-# other visitors. (This is not supported for SUDP now)
-bindPort = 9000
-
-[[visitors]]
-name = "p2p_tcp_visitor"
-type = "xtcp"
-# if the server user is not set, it defaults to the current user
-serverUser = "user1"
-serverName = "p2p_tcp"
-secretKey = "abcdefg"
-bindAddr = "127.0.0.1"
-# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
-# other visitors. (This is not supported for SUDP now)
-bindPort = 9001
-# when automatic tunnel persistence is required, set it to true
-keepTunnelOpen = false
-# effective when keep_tunnel_open is set to true, the number of attempts to punch through per hour
-maxRetriesAnHour = 8
-minRetryInterval = 90
-# fallbackTo = "stcp_visitor"
-# fallbackTimeoutMs = 500
+remotePort = 6000

conf/frpc_full_example.toml

@@ -0,0 +1,361 @@
+# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
+
+# your proxy name will be changed to {user}.{proxy}
+user = "your_name"
+
+# A literal address or host name for IPv6 must be enclosed
+# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
+# For single serverAddr field, no need square brackets, like serverAddr = "::".
+serverAddr = "0.0.0.0"
+serverPort = 7000
+
+# STUN server to help penetrate NAT hole.
+# natHoleStunServer = "stun.easyvoip.com:3478"
+
+# Decide if exit program when first login failed, otherwise continuous relogin to frps
+# default is true
+loginFailExit = true
+
+# console or real logFile path like ./frpc.log
+log.to = "./frpc.log"
+# trace, debug, info, warn, error
+log.level = "info"
+log.maxDays = 3
+# disable log colors when log.to is console, default is false
+log.disablePrintColor = false
+
+auth.method = "token"
+# auth.additionalScopes specifies additional scopes to include authentication information.
+# Optional values are HeartBeats, NewWorkConns.
+# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
+
+# auth token
+auth.token = "12345678"
+
+# oidc.clientID specifies the client ID to use to get a token in OIDC authentication.
+# auth.oidc.clientID = ""
+# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication.
+# auth.oidc.clientSecret = ""
+# oidc.audience specifies the audience of the token in OIDC authentication.
+# auth.oidc.audience = ""
+# oidc.scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
+# auth.oidc.scope = ""
+# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
+# It will be used to get an OIDC token.
+# auth.oidc.tokenEndpointURL = ""
+
+# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint.
+# For example, if you want to specify the "audience" parameter, you can set as follow.
+# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
+# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/"
+# auth.oidc.additionalEndpointParams.var1 = "foobar"
+
+# Set admin address for control frpc's action by http api such as reload
+webServer.addr = "127.0.0.1"
+webServer.port = 7400
+webServer.user = "admin"
+webServer.password = "admin"
+# Admin assets directory. By default, these assets are bundled with frpc.
+# webServer.assetsDir = "./static"
+
+# Enable golang pprof handlers in admin listener.
+webServer.pprofEnable = false
+
+# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.
+# transport.dialServerTimeout = 10
+
+# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
+# If negative, keep-alive probes are disabled.
+# transport.dialServerKeepalive = 7200
+
+# connections will be established in advance, default value is zero
+transport.poolCount = 5
+
+# If tcp stream multiplexing is used, default is true, it must be same with frps
+# transport.tcpMux = true
+
+# Specify keep alive interval for tcp mux.
+# only valid if tcpMux is enabled.
+# transport.tcpMuxKeepaliveInterval = 60
+
+# Communication protocol used to connect to server
+# supports tcp, kcp, quic, websocket and wss now, default is tcp
+transport.protocol = "tcp"
+
+# set client binding ip when connect server, default is empty.
+# only when protocol = tcp or websocket, the value will be used.
+transport.connectServerLocalIP = "0.0.0.0"
+
+# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables
+# it only works when protocol is tcp
+# transport.proxyURL = "http://user:passwd@192.168.1.128:8080"
+# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080"
+# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080"
+
+# quic protocol options
+# transport.quic.keepalivePeriod = 10
+# transport.quic.maxIdleTimeout = 30
+# transport.quic.maxIncomingStreams = 100000
+
+# If tls.enable is true, frpc will connect frps by tls.
+# Since v0.50.0, the default value has been changed to true, and tls is enabled by default.
+transport.tls.enable = true
+
+# transport.tls.certFile = "client.crt"
+# transport.tls.keyFile = "client.key"
+# transport.tls.trustedCaFile = "ca.crt"
+# transport.tls.serverName = "example.com"
+
+# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the
+# first custom byte when tls is enabled.
+# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.
+# transport.tls.disableCustomTLSFirstByte = true
+
+# Heartbeat configure, it's not recommended to modify the default value.
+# The default value of heartbeatInterval is 10 and heartbeatTimeout is 90. Set negative value
+# to disable it.
+# transport.heartbeatInterval = 30
+# transport.heartbeatTimeout = 90
+
+# Specify a dns server, so frpc will use this instead of default one
+# dnsServer = "8.8.8.8"
+
+# Proxy names you want to start.
+# Default is empty, means all proxies.
+# start = ["ssh", "dns"]
+
+# Specify udp packet size, unit is byte. If not set, the default value is 1500.
+# This parameter should be same between client and server.
+# It affects the udp and sudp proxy.
+udpPacketSize = 1500
+
+# Additional metadatas for client.
+metadatas.var1 = "abc"
+metadatas.var2 = "123"
+
+# Include other config files for proxies.
+# includes = ["./confd/*.ini"]
+
+[[proxies]]
+# 'ssh' is the unique proxy name
+# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
+name = "ssh"
+type = "tcp"
+localIP = "127.0.0.1"
+localPort = 22
+# Limit bandwidth for this proxy, unit is KB and MB
+transport.bandwidthLimit = "1MB"
+# Where to limit bandwidth, can be 'client' or 'server', default is 'client'
+transport.bandwidthLimitMode = "client"
+# If true, traffic of this proxy will be encrypted, default is false
+transport.useEncryption = false
+# If true, traffic will be compressed
+transport.useCompression = false
+# Remote port listen by frps
+remotePort = 6001
+# frps will load balancing connections for proxies in same group
+loadBalancer.group = "test_group"
+# group should have same group key
+loadBalancer.groupKey = "123456"
+# Enable health check for the backend service, it supports 'tcp' and 'http' now.
+# frpc will connect local service's port to detect it's healthy status
+healthCheck.type = "tcp"
+# Health check connection timeout
+healthCheck.timeoutSeconds = 3
+# If continuous failed in 3 times, the proxy will be removed from frps
+healthCheck.maxFailed = 3
+# every 10 seconds will do a health check
+healthCheck.intervalSeconds = 10
+# additional meta info for each proxy
+metadatas.var1 = "abc"
+metadatas.var2 = "123"
+
+[[proxies]]
+name = "ssh_random"
+type = "tcp"
+localIP = "192.168.31.100"
+localPort = 22
+# If remotePort is 0, frps will assign a random port for you
+remotePort = 0
+
+[[proxies]]
+name = "dns"
+type = "udp"
+localIP = "114.114.114.114"
+localPort = 53
+remotePort = 6002
+
+# Resolve your domain names to [serverAddr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
+[[proxies]]
+name = "web01"
+type = "http"
+localIP = "127.0.0.1"
+localPort = 80
+# http username and password are safety certification for http protocol
+# if not set, you can access this customDomains without certification
+httpUser = "admin"
+httpPassword = "admin"
+# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
+subdomain = "web01"
+customDomains = ["web01.yourdomain.com"]
+# locations is only available for http type
+locations = ["/", "/pic"]
+# route requests to this service if http basic auto user is abc
+# routeByHTTPUser = abc
+hostHeaderRewrite = "example.com"
+requestHeaders.set.x-from-where = "frp"
+healthCheck.type = "http"
+# frpc will send a GET http request '/status' to local http service
+# http service is alive when it return 2xx http response code
+healthCheck.path = "/status"
+healthCheck.intervalSeconds = 10
+healthCheck.maxFailed = 3
+healthCheck.timeoutSeconds = 3
+
+[[proxies]]
+name = "web02"
+type = "https"
+localIP = "127.0.0.1"
+localPort = 8000
+subdomain = "web02"
+customDomains = ["web02.yourdomain.com"]
+# if not empty, frpc will use proxy protocol to transfer connection info to your local service
+# v1 or v2 or empty
+transport.proxyProtocolVersion = "v2"
+
+[[proxies]]
+name = "tcpmuxhttpconnect"
+type = "tcpmux"
+multiplexer = "httpconnect"
+localIP = "127.0.0.1"
+localPort = 10701
+customDomains = ["tunnel1"]
+# routeByHTTPUser = "user1"
+
+[[proxies]]
+name = "plugin_unix_domain_socket"
+type = "tcp"
+remotePort = 6003
+# if plugin is defined, localIP and localPort is useless
+# plugin will handle connections got from frps
+[proxies.plugin]
+type = "unix_domain_socket"
+unixPath = "/var/run/docker.sock"
+
+[[proxies]]
+name = "plugin_http_proxy"
+type = "tcp"
+remotePort = 6004
+[proxies.plugin]
+type = "http_proxy"
+httpUser = "abc"
+httpPassword = "abc"
+
+[[proxies]]
+name = "plugin_socks5"
+type = "tcp"
+remotePort = 6005
+[proxies.plugin]
+type = "socks5"
+username = "abc"
+password = "abc"
+
+[[proxies]]
+name = "plugin_static_file"
+type = "tcp"
+remotePort = 6006
+[proxies.plugin]
+type = "static_file"
+localPath = "/var/www/blog"
+stripPrefix = "static"
+httpUser = "abc"
+httpPassword = "abc"
+
+[[proxies]]
+name = "plugin_https2http"
+type = "https"
+customDomains = ["test.yourdomain.com"]
+[proxies.plugin]
+type = "https2http"
+localAddr = "127.0.0.1:80"
+crtPath = "./server.crt"
+keyPath = "./server.key"
+hostHeaderRewrite = "127.0.0.1"
+requestHeaders.set.x-from-where = "frp"
+
+[[proxies]]
+name = "plugin_https2https"
+type = "https"
+customDomains = ["test.yourdomain.com"]
+[proxies.plugin]
+type = "https2https"
+localAddr = "127.0.0.1:443"
+crtPath = "./server.crt"
+keyPath = "./server.key"
+hostHeaderRewrite = "127.0.0.1"
+requestHeaders.set.x-from-where = "frp"
+
+[[proxies]]
+name = "plugin_http2https"
+type = "http"
+customDomains = ["test.yourdomain.com"]
+[proxies.plugin]
+type = "http2https"
+localAddr = "127.0.0.1:443"
+hostHeaderRewrite = "127.0.0.1"
+requestHeaders.set.x-from-where = "frp"
+
+[[proxies]]
+name = "secret_tcp"
+# If the type is secret tcp, remotePort is useless
+# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
+type = "stcp"
+# secretKey is used for authentication for visitors
+secretKey = "abcdefg"
+localIP = "127.0.0.1"
+localPort = 22
+# If not empty, only visitors from specified users can connect.
+# Otherwise, visitors from same user can connect. '*' means allow all users.
+allowUsers = ["*"]
+
+[[proxies]]
+name = "p2p_tcp"
+type = "xtcp"
+secretKey = "abcdefg"
+localIP = "127.0.0.1"
+localPort = 22
+# If not empty, only visitors from specified users can connect.
+# Otherwise, visitors from same user can connect. '*' means allow all users.
+allowUsers = ["user1", "user2"]
+
+# frpc role visitor -> frps -> frpc role server
+[[visitors]]
+name = "secret_tcp_visitor"
+type = "stcp"
+# the server name you want to visitor
+serverName = "secret_tcp"
+secretKey = "abcdefg"
+# connect this address to visitor stcp server
+bindAddr = "127.0.0.1"
+# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
+# other visitors. (This is not supported for SUDP now)
+bindPort = 9000
+
+[[visitors]]
+name = "p2p_tcp_visitor"
+type = "xtcp"
+# if the server user is not set, it defaults to the current user
+serverUser = "user1"
+serverName = "p2p_tcp"
+secretKey = "abcdefg"
+bindAddr = "127.0.0.1"
+# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
+# other visitors. (This is not supported for SUDP now)
+bindPort = 9001
+# when automatic tunnel persistence is required, set it to true
+keepTunnelOpen = false
+# effective when keepTunnelOpen is set to true, the number of attempts to punch through per hour
+maxRetriesAnHour = 8
+minRetryInterval = 90
+# fallbackTo = "stcp_visitor"
+# fallbackTimeoutMs = 500

conf/frps.toml

@@ -1,154 +1 @@
-# A literal address or host name for IPv6 must be enclosed
-# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
-# For single "bind_addr" field, no need square brackets, like "bind_addr = ::".
-bindAddr = "0.0.0.0"
 bindPort = 7000
-
-# udp port used for kcp protocol, it can be same with 'bind_port'.
-# if not set, kcp is disabled in frps.
-kcpBindPort = 7000
-
-# udp port used for quic protocol.
-# if not set, quic is disabled in frps.
-# quicBindPort = 7002
-
-# Specify which address proxy will listen for, default value is same with bind_addr
-# proxy_bind_addr = "127.0.0.1"
-
-# quic protocol options
-# transport.quic.keepalivePeriod = 10
-# transport.quic.maxIdleTimeout = 30
-# transport.quic.maxIncomingStreams = 100000
-
-# Heartbeat configure, it's not recommended to modify the default value
-# The default value of heartbeat_timeout is 90. Set negative value to disable it.
-# transport.heartbeatTimeout = 90
-
-# Pool count in each proxy will keep no more than maxPoolCount.
-transport.maxPoolCount = 5
-
-# If tcp stream multiplexing is used, default is true
-# transport.tcpMux = true
-
-# Specify keep alive interval for tcp mux.
-# only valid if tcpMux is true.
-# transport.tcpMuxKeepaliveInterval = 60
-
-# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
-# If negative, keep-alive probes are disabled.
-# transport.tcpKeepalive = 7200
-
-# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false.
-tls.force = false
-
-# transport.tls.certFile = "server.crt"
-# transport.tls.keyFile = "server.key"
-# transport.tls.trustedCaFile = "ca.crt"
-
-# If you want to support virtual host, you must set the http port for listening (optional)
-# Note: http port and https port can be same with bind_port
-vhostHTTPPort = 80
-vhostHTTPSPort = 443
-
-# Response header timeout(seconds) for vhost http server, default is 60s
-# vhostHTTPTimeout = 60
-
-# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP
-# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
-# requests on one single port. If it's not - it will listen on this value for
-# HTTP CONNECT requests. By default, this value is 0.
-# tcpmuxHTTPConnectPort = 1337
-
-# If tcpmux_passthrough is true, frps won't do any update on traffic.
-# tcpmuxPassthrough = false
-
-# Configure the web server to enable the dashboard for frps.
-# dashboard is available only if webServer.port is set.
-webServer.addr = "127.0.0.1"
-webServer.port = 7500
-webServer.user = "admin"
-webServer.password = "admin"
-# webServer.tls.certFile = "server.crt"
-# webServer.tls.keyFile = "server.key"
-# dashboard assets directory(only for debug mode)
-# webServer.assetsDir = "./static"
-
-# Enable golang pprof handlers in dashboard listener.
-# Dashboard port must be set first
-webServer.pprofEnable = false
-
-# enablePrometheus will export prometheus metrics on webServer in /metrics api.
-enablePrometheus = true
-
-# console or real logFile path like ./frps.log
-log.to = "./frps.log"
-# trace, debug, info, warn, error
-log.level = "info"
-log.maxDays = 3
-# disable log colors when log.to is console, default is false
-log.disablePrintColor = false
-
-# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
-detailedErrorsToClient = true
-
-# auth.method specifies what authentication method to use authenticate frpc with frps.
-# If "token" is specified - token will be read into login message.
-# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
-auth.method = "token"
-
-# auth.additionalScopes specifies additional scopes to include authentication information.
-# Optional values are HeartBeats, NewWorkConns.
-# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
-
-# auth token
-auth.token = "12345678"
-
-# oidc issuer specifies the issuer to verify OIDC tokens with.
-auth.oidc.issuer = ""
-# oidc audience specifies the audience OIDC tokens should contain when validated.
-auth.oidc.audience = ""
-# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired.
-auth.oidc.skipExpiryCheck = false
-# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
-auth.oidc.skipIssuerCheck = false
-
-# userConnTimeout specifies the maximum time to wait for a work connection.
-# userConnTimeout = 10
-
-# Only allow frpc to bind ports you list. By default, there won't be any limit.
-allowPorts = [
-  { start = 2000, end = 3000 },
-  { single = 3001 },
-  { single = 3003 },
-  { start = 4000, end = 50000 }
-]
-
-# Max ports can be used for each client, default value is 0 means no limit
-maxPortsPerClient = 0
-
-# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file
-# When subdomain is est, the host used by routing is test.frps.com
-subDomainHost = "frps.com"
-
-# custom 404 page for HTTP requests
-# custom404Page = "/path/to/404.html"
-
-# specify udp packet size, unit is byte. If not set, the default value is 1500.
-# This parameter should be same between client and server.
-# It affects the udp and sudp proxy.
-udpPacketSize = 1500
-
-# Retention time for NAT hole punching strategy data.
-natholeAnalysisDataReserveHours = 168
-
-[[httpPlugins]]
-name = "user-manager"
-addr = "127.0.0.1:9000"
-path = "/handler"
-ops = ["Login"]
-
-[[httpPlugins]]
-name = "port-manager"
-addr = "127.0.0.1:9001"
-path = "/handler"
-ops = ["NewProxy"]

conf/frps_full_example.toml

@@ -0,0 +1,156 @@
+# This configuration file is for reference only. Please do not use this configuration directly to run the program as it may have various issues.
+
+# A literal address or host name for IPv6 must be enclosed
+# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
+# For single "bindAddr" field, no need square brackets, like `bindAddr = "::"`.
+bindAddr = "0.0.0.0"
+bindPort = 7000
+
+# udp port used for kcp protocol, it can be same with 'bindPort'.
+# if not set, kcp is disabled in frps.
+kcpBindPort = 7000
+
+# udp port used for quic protocol.
+# if not set, quic is disabled in frps.
+# quicBindPort = 7002
+
+# Specify which address proxy will listen for, default value is same with bindAddr
+# proxyBindAddr = "127.0.0.1"
+
+# quic protocol options
+# transport.quic.keepalivePeriod = 10
+# transport.quic.maxIdleTimeout = 30
+# transport.quic.maxIncomingStreams = 100000
+
+# Heartbeat configure, it's not recommended to modify the default value
+# The default value of heartbeatTimeout is 90. Set negative value to disable it.
+# transport.heartbeatTimeout = 90
+
+# Pool count in each proxy will keep no more than maxPoolCount.
+transport.maxPoolCount = 5
+
+# If tcp stream multiplexing is used, default is true
+# transport.tcpMux = true
+
+# Specify keep alive interval for tcp mux.
+# only valid if tcpMux is true.
+# transport.tcpMuxKeepaliveInterval = 60
+
+# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
+# If negative, keep-alive probes are disabled.
+# transport.tcpKeepalive = 7200
+
+# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false.
+tls.force = false
+
+# transport.tls.certFile = "server.crt"
+# transport.tls.keyFile = "server.key"
+# transport.tls.trustedCaFile = "ca.crt"
+
+# If you want to support virtual host, you must set the http port for listening (optional)
+# Note: http port and https port can be same with bindPort
+vhostHTTPPort = 80
+vhostHTTPSPort = 443
+
+# Response header timeout(seconds) for vhost http server, default is 60s
+# vhostHTTPTimeout = 60
+
+# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP
+# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
+# requests on one single port. If it's not - it will listen on this value for
+# HTTP CONNECT requests. By default, this value is 0.
+# tcpmuxHTTPConnectPort = 1337
+
+# If tcpmuxPassthrough is true, frps won't do any update on traffic.
+# tcpmuxPassthrough = false
+
+# Configure the web server to enable the dashboard for frps.
+# dashboard is available only if webServer.port is set.
+webServer.addr = "127.0.0.1"
+webServer.port = 7500
+webServer.user = "admin"
+webServer.password = "admin"
+# webServer.tls.certFile = "server.crt"
+# webServer.tls.keyFile = "server.key"
+# dashboard assets directory(only for debug mode)
+# webServer.assetsDir = "./static"
+
+# Enable golang pprof handlers in dashboard listener.
+# Dashboard port must be set first
+webServer.pprofEnable = false
+
+# enablePrometheus will export prometheus metrics on webServer in /metrics api.
+enablePrometheus = true
+
+# console or real logFile path like ./frps.log
+log.to = "./frps.log"
+# trace, debug, info, warn, error
+log.level = "info"
+log.maxDays = 3
+# disable log colors when log.to is console, default is false
+log.disablePrintColor = false
+
+# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
+detailedErrorsToClient = true
+
+# auth.method specifies what authentication method to use authenticate frpc with frps.
+# If "token" is specified - token will be read into login message.
+# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
+auth.method = "token"
+
+# auth.additionalScopes specifies additional scopes to include authentication information.
+# Optional values are HeartBeats, NewWorkConns.
+# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
+
+# auth token
+auth.token = "12345678"
+
+# oidc issuer specifies the issuer to verify OIDC tokens with.
+auth.oidc.issuer = ""
+# oidc audience specifies the audience OIDC tokens should contain when validated.
+auth.oidc.audience = ""
+# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired.
+auth.oidc.skipExpiryCheck = false
+# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
+auth.oidc.skipIssuerCheck = false
+
+# userConnTimeout specifies the maximum time to wait for a work connection.
+# userConnTimeout = 10
+
+# Only allow frpc to bind ports you list. By default, there won't be any limit.
+allowPorts = [
+  { start = 2000, end = 3000 },
+  { single = 3001 },
+  { single = 3003 },
+  { start = 4000, end = 50000 }
+]
+
+# Max ports can be used for each client, default value is 0 means no limit
+maxPortsPerClient = 0
+
+# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file
+# When subdomain is est, the host used by routing is test.frps.com
+subDomainHost = "frps.com"
+
+# custom 404 page for HTTP requests
+# custom404Page = "/path/to/404.html"
+
+# specify udp packet size, unit is byte. If not set, the default value is 1500.
+# This parameter should be same between client and server.
+# It affects the udp and sudp proxy.
+udpPacketSize = 1500
+
+# Retention time for NAT hole punching strategy data.
+natholeAnalysisDataReserveHours = 168
+
+[[httpPlugins]]
+name = "user-manager"
+addr = "127.0.0.1:9000"
+path = "/handler"
+ops = ["Login"]
+
+[[httpPlugins]]
+name = "port-manager"
+addr = "127.0.0.1:9001"
+path = "/handler"
+ops = ["NewProxy"]

package.sh

@@ -46,8 +46,8 @@ for os in $os_all; do
             mv ./frps_${os}_${arch} ${frp_path}/frps
         fi  
         cp ../LICENSE ${frp_path}
-        cp -rf ../conf/* ${frp_path}
-        rm -rf ${frp_path}/legacy
+        cp -f ../conf/frpc.toml ${frp_path}
+        cp -f ../conf/frps.toml ${frp_path}
 
         # packages
         cd ./packages

pkg/config/legacy/conversion.go

@@ -71,6 +71,7 @@ func Convert_ClientCommonConf_To_v1(conf *ClientCommonConf) *v1.ClientCommonConf
 
 	out.WebServer.Addr = conf.AdminAddr
 	out.WebServer.Port = conf.AdminPort
+	out.WebServer.User = conf.AdminUser
 	out.WebServer.Password = conf.AdminPwd
 	out.WebServer.AssetsDir = conf.AssetsDir
 	out.WebServer.PprofEnable = conf.PprofEnable

pkg/config/v1/server.go

@@ -150,6 +150,7 @@ type ServerTransportConfig struct {
 	// TCPMux toggles TCP stream multiplexing. This allows multiple requests
 	// from a client to share a single TCP connection. By default, this value
 	// is true.
+	// $HideFromDoc
 	TCPMux *bool `json:"tcpMux,omitempty"`
 	// TCPMuxKeepaliveInterval specifies the keep alive interval for TCP stream multipler.
 	// If TCPMux is true, heartbeat of application layer is unnecessary because it can only rely on heartbeat in TCPMux.

pkg/util/version/version.go

@@ -19,7 +19,7 @@ import (
 	"strings"
 )
 
-var version = "0.52.1"
+var version = "0.52.3"
 
 func Full() string {
 	return version

web/frps/src/utils/proxy.ts

@@ -23,12 +23,8 @@ class BaseProxy {
     this.type = ''
     this.encryption = false
     this.compression = false
-    if (proxyStats.conf != null && proxyStats.conf.useEncryption != null) {
-      this.encryption = proxyStats.conf.useEncryption
-    }
-    if (proxyStats.conf != null && proxyStats.conf.useCompression != null) {
-      this.compression = proxyStats.conf.useCompression
-    } 
+    this.encryption = (proxyStats.conf?.transport?.useEncryption) || this.encryption;
+    this.compression = (proxyStats.conf?.transport?.useCompression) || this.compression;
     this.conns = proxyStats.curConns
     this.trafficIn = proxyStats.todayTrafficIn
     this.trafficOut = proxyStats.todayTrafficOut
@@ -79,14 +75,12 @@ class HTTPProxy extends BaseProxy {
     super(proxyStats)
     this.type = 'http'
     this.port = port
-    if (proxyStats.conf != null) {
-      if (proxyStats.conf.customDomains != null) {
-        this.customDomains = proxyStats.conf.customDomains
-      }
+    if (proxyStats.conf) {
+      this.customDomains = proxyStats.conf.customDomains || this.customDomains;
       this.hostHeaderRewrite = proxyStats.conf.hostHeaderRewrite
       this.locations = proxyStats.conf.locations
-      if (proxyStats.conf.subdomain != null && proxyStats.conf.subdomain != '') {
-        this.subdomain = proxyStats.conf.subdomain + '.' + subdomainHost
+      if (proxyStats.conf.subdomain) {
+        this.subdomain = `${proxyStats.conf.subdomain}.${subdomainHost}`
       } 
     }
   }
@@ -98,11 +92,9 @@ class HTTPSProxy extends BaseProxy {
     this.type = 'https'
     this.port = port
     if (proxyStats.conf != null) {
-      if (proxyStats.conf.customDomains != null) {
-        this.customDomains = proxyStats.conf.customDomains
-      }
-      if (proxyStats.conf.subdomain != null && proxyStats.conf.subdomain != '') {
-        this.subdomain = proxyStats.conf.subdomain + '.' + subdomainHost
+      this.customDomains = proxyStats.conf.customDomains || this.customDomains;
+      if (proxyStats.conf.subdomain) {
+        this.subdomain = `${proxyStats.conf.subdomain}.${subdomainHost}`
       }
     }
   }