A plugin that enables multi-user support for frp, with restrictions on proxy names, proxy types, port ranges, and domain per user. Supports file token / server authentication modes.
Before using this plugin, ensure you have a basic understanding of frp usage and configuration file formats.
In a Node.js 22+ environment, install fp-multi globally:
$ npm i fp-multi -g{
"port": 7200,
"users": [
{
"user": "user1",
"token": "token1",
"name": [
"user1",
"/user1-[0-9]+/"
],
"type": [
"tcp",
"udp",
"http"
],
"port": [
"7000-7010",
"7020-7030",
"8000"
],
"domains": [
"test-*.maiyun.net"
]
}
],
"server": {
"url": "https://example.com/auth",
"auth": "auth1"
}
}If any of name, type, or port doesn't meet the rules, the connection will be rejected. name supports regular expressions, and port supports port ranges.
{
"port": 7200,
"users": [
{
"user": "user1",
"token": "token1"
}
]
}If users authentication fails, it will then request the server. If server authentication also fails, the connection will be rejected. So you can either not configure users and only configure server, or only configure users without server.
{
"port": 7200,
"server": {
"url": "https://example.com/auth",
"auth": "auth1"
}
}With the above configuration, authentication is completely handled by you.
When users is not configured or users authentication fails, data will be POSTed to the server, and it must return in the specified format.
When frpc connects to frps, it sends a login action. auth is the server.auth from fp-multi configuration file, user is the user from frpc configuration file, and token is the metadatas.token from frpc configuration file.
{
"action": "login",
"auth": "auth1",
"user": "user1",
"token": "token1",
}After frpc successfully connects to frps, it will create proxies according to [[proxies]] configuration in sequence. At this point, a new action is initiated. user and token are sent again, and you must re-validate the user's legitimacy in this action before validating other proxy fields.
port is the remotePort from frpc configuration file.
{
"action": "new",
"auth": "auth1",
"user": "user1",
"token": "token1",
"name": "user1-1",
"type": "tcp",
"port": 7000
}{
"result": 1
}A result greater than 0 indicates permission, while less than or equal to 0 indicates rejection.
The server.auth value from fp-multi will be sent as-is to prevent third parties from making unauthorized requests to your authentication interface.
[[httpPlugins]]
addr = "127.0.0.1:7200"
path = "/handler"
ops = ["Login", "NewProxy"]Port 7200 can be customized, see Configuration File.
It's recommended to set loginFailExit to false so that frpc won't exit when login fails or network connection is lost, but will continue trying to login.
serverAddr = "127.0.0.1"
loginFailExit = false
user = "user1"
metadatas.token = "token1"
[[proxies]]
name = "user1-6000"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000serverAddr = "127.0.0.1"
loginFailExit = false
user = "user2"
metadatas.token = "token2"
[[proxies]]
name = "user2"
type = "tcp"
localPort = 22
remotePort = 6001$ fpmulti -c /etc/fp-multi/config.jsonAfter starting, launch frps to begin normal usage.
- Create a service file
$ sudo nano /etc/systemd/system/fpmulti.service- Write the file content
[Unit]
Description = fp multi
After = network.target syslog.target
Wants = network.target
[Service]
Type = simple
ExecStart = fpmulti -c /etc/fp-multi/config.json
[Install]
WantedBy = multi-user.target- It's recommended to coordinate with frps service so that when frps service starts automatically, it also forces
fpmulti.serviceto start. Createfrps.servicefile:
$ sudo nano /etc/systemd/system/frps.service- Write the file content
[Unit]
Description = frp server
After = fpmulti.service
Requires = fpmulti.service
[Service]
Type = simple
# Command to start frps, modify to actual frps path
ExecStart = /path/to/frps -c /path/to/frps.toml
[Install]
WantedBy = multi-user.target
- Set
frps.serviceto start on boot
$ sudo systemctl enable frpsThis library is published under AGPL-3.0 license.