frp is a high-performance reverse proxy designed to expose local services—such as SSH, HTTP servers, or APIs—to the internet even when behind NAT or firewalls. It operates with a client-server architecture where frps (server) runs on a publicly accessible machine and frpc (client) connects from the internal network. This enables secure, configurable tunneling without requiring public IP addresses or complex firewall rule changes. frp is widely used by developers, DevOps teams, and system administrators who need to test services locally while making them accessible externally for demos, remote access, or integration with cloud tools. Its support for TCP, UDP, HTTP/HTTPS, P2P mode, and advanced features like TLS encryption, load balancing, and plugin systems make it a robust alternative to ngrok or serveo for production-grade use cases.
What You Get
- TCP/UDP Tunneling - Expose any TCP or UDP service (e.g., SSH, databases) from behind NAT by mapping local ports to public remote ports.
- HTTP/HTTPS Reverse Proxy - Route HTTP and HTTPS traffic to local web services using custom domains or subdomains with automatic TLS support.
- P2P Mode - Establish direct peer-to-peer connections between client and server when possible, reducing latency and server load.
- Server Dashboard - Built-in web interface to monitor active proxies, connections, and system metrics in real time.
- Client Admin UI - Web-based interface to manage and inspect client-side proxy configurations and status.
- Token and OIDC Authentication - Secure communication between frpc and frps using shared tokens or OpenID Connect for enterprise environments.
- TLS Encryption - Encrypt all traffic between client and server using custom or Let’s Encrypt certificates for secure exposure.
- Hot-Reloading Configuration - Reload frpc configuration without restarting the client process, minimizing downtime.
- Port Reuse via TCPMUX - Expose multiple SSH or HTTP services over a single public port using HTTP CONNECT multiplexing.
- Bandwidth Limiting - Apply per-proxy bandwidth caps to prevent resource exhaustion on shared servers.
- HTTP Header Manipulation - Rewrite Host headers, add X-Forwarded-For, or set custom HTTP headers for downstream services.
- Proxy Protocol Support - Forward real client IPs to backend services using the Proxy Protocol v1/v2.
- HTTP Basic Auth - Protect exposed web services with username/password authentication directly in frp configuration.
- URL Routing and Custom Subdomains - Route traffic based on host or path, e.g., service1.example.com → local:8080.
- Port Range Mapping - Map entire ranges of ports (e.g., 6000-7000) with a single configuration entry.
- Client Plugins - Extend functionality via plugins (e.g., custom authentication, logging) without modifying core code.
- Service Health Check - Automatically disable unhealthy backends to improve reliability of exposed services.
- Connection Pooling and TCP Stream Multiplexing - Reduce connection overhead by reusing connections between frpc and frps.
- KCP and QUIC Protocol Support - Improve performance over unstable networks using KCP (UDP-based) or modern QUIC transport.
- Virtual Network (VirtualNet) - Create a virtual LAN between multiple frpc clients and the server for internal service discovery.
- SSH Tunnel Gateway - Use frp as a jump host to access internal machines via SSH through the public server.
- Environment Variable Configuration - Override config values dynamically using environment variables for containerized deployments.
Common Use Cases
- Building a remote development environment - Expose a local VS Code Server or Jupyter notebook running on a home PC to the internet for remote work without public IP.
- Exposing internal APIs during development - Make a local backend service accessible to mobile testers or external partners via HTTPS with custom subdomains like api.dev.example.com.
- Accessing home NAS or surveillance systems securely - Forward HTTP(S) ports from a private network to access security cameras or file shares without opening firewall ports.
- DevOps teams managing microservices across multiple cloud providers - Use frp to expose internal Kubernetes services for debugging without exposing them publicly via LoadBalancer.
- Problem → Solution flow: No public IP, need to demo a web app - Developer runs local Flask server on port 5000; configures frpc to expose it via custom domain → client connects to frps on public VPS; users access app at https://app.mycompany.frp.dev.
- Team workflow: Remote team accessing internal CI/CD logs - DevOps engineers use frp to expose Jenkins dashboard on port 8080 from behind corporate firewall, enabling team-wide access with basic auth and TLS.
Under The Hood
Fatedier-frp is a versatile reverse proxy solution designed for complex network environments, offering support for multiple protocols and a dual-client-server architecture. It combines a robust Go backend with a modern Vue.js-based web interface, enabling flexible deployment and configuration. The system emphasizes extensibility through modular design and plugin support, making it adaptable to diverse networking needs.
Architecture
This project adopts a monolithic yet modular architecture, separating client and server concerns while maintaining clear layers for presentation, logic, and data handling.
- The system uses a layered structure to isolate concerns between UI, business logic, and data operations
- Modules are organized around proxies, visitors, and control mechanisms to support flexible network routing
- Clear separation of backend (Go) and frontend (Vue/TypeScript) components enhances maintainability
- A plugin-based server design enables custom logic integration without modifying core functionality
Tech Stack
The project leverages a multi-language tech stack with Go powering the backend and Vue.js with TypeScript driving the frontend.
- Built primarily in Go for performance and reliability, complemented by a Vue 3 web dashboard with TypeScript
- Uses modern frontend tools like Vite, vue-router, and unplugin-auto-import for streamlined development
- Integrates extensive testing frameworks including end-to-end and unit tests in both Go and frontend environments
- CI/CD pipelines and linting configurations ensure code quality and consistency across the stack
Code Quality
The project demonstrates mature Go development practices with consistent structure and comprehensive testing.
- Strong test coverage across modules, including unit, integration, and end-to-end testing strategies
- Error handling follows propagation patterns with reasonable robustness in most components
- Code style and conventions are largely consistent, though some duplication and refactoring opportunities exist
- Linting and automated tooling are in place to support maintainable development practices
What Makes It Unique
Fatedier-frp stands out through its multi-protocol support, extensible architecture, and dual-language implementation.
- Offers extensive protocol handling including TCP, UDP, HTTP, HTTPS, STCP, SUDP, and XTCP with dedicated support modules
- Implements a plugin-based server architecture that allows seamless extension without core modifications
- Features a web-based admin interface built with Vue.js and TypeScript for simplified configuration and monitoring
- Supports both legacy and modern configuration formats, enabling smooth migration paths for existing users