github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 16:15:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #3430] [Feature Request] Support for remote_unix_path #2746

New issue
Closed
opened 2026-05-05 13:46:13 -06:00 by gitea-mirror · 4 comments
gitea-mirror commented 2026-05-05 13:46:13 -06:00
Owner
Copy link

Originally created by @pierre-pretorius on GitHub (Apr 29, 2023).
Original GitHub issue: https://github.com/fatedier/frp/issues/3430

Describe the feature request

Below is a very simple example that is already possible:

# frpc.ini
[web]
type = tcp
local_port = 80
remote_port = 6000

It would be very useful if you can create a remote unix socket instead of a remote listening port:

# frpc.ini
[web]
type = tcp
local_port = 80
remote_unix_path = /var/run/web_6000.sock

Why? If the server is exposing these ports through something like nginx or a custom application, then it can connect via unix socket instead of TCP socket to scale to more clients. Currently if there are many clients, it will cause many listening connections and sockets:

cat /proc/net/sockstat
  sockets: used 11522
  TCP: inuse 615 orphan 23 tw 1017 alloc 11015 mem 806
  UDP: inuse 8 mem 5
  UDPLITE: inuse 0
  RAW: inuse 0
  FRAG: inuse 0 memory 0

netstat -tulpn | grep LISTEN | wc -l
  6777

Describe alternatives you've considered

No response

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @pierre-pretorius on GitHub (Apr 29, 2023). Original GitHub issue: https://github.com/fatedier/frp/issues/3430 ### Describe the feature request Below is a very simple example that is already possible: ``` # frpc.ini [web] type = tcp local_port = 80 remote_port = 6000 ``` It would be very useful if you can create a remote unix socket instead of a remote listening port: ``` # frpc.ini [web] type = tcp local_port = 80 remote_unix_path = /var/run/web_6000.sock ``` Why? If the server is exposing these ports through something like nginx or a custom application, then it can connect via unix socket instead of TCP socket to scale to more clients. Currently if there are many clients, it will cause many listening connections and sockets: ``` cat /proc/net/sockstat sockets: used 11522 TCP: inuse 615 orphan 23 tw 1017 alloc 11015 mem 806 UDP: inuse 8 mem 5 UDPLITE: inuse 0 RAW: inuse 0 FRAG: inuse 0 memory 0 netstat -tulpn | grep LISTEN | wc -l 6777 ``` ### Describe alternatives you've considered _No response_ ### Affected area - [ ] Docs - [ ] Installation - [X] Performance and Scalability - [ ] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others
gitea-mirror 2026-05-05 13:46:13 -06:00
gitea-mirror commented 2026-05-05 13:46:16 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (May 4, 2023):

I am somewhat concerned about the potential security risks. Because UDS is often used in various Linux tools, there may be a risk of hijacking.

In the scenario of intranet penetration, such optimization can be almost negligible.

Currently if there are many clients, it will cause many listening connections and sockets:

This should not be a big problem. For the HTTP protocol, there is no need to do mapping through ports, only through vhost_http_port to reuse the port. With proper configuration, Linux can handle a very high number of concurrent requests.

<!-- gh-comment-id:1534009421 --> @fatedier commented on GitHub (May 4, 2023): I am somewhat concerned about the potential security risks. Because UDS is often used in various Linux tools, there may be a risk of hijacking. In the scenario of intranet penetration, such optimization can be almost negligible. > Currently if there are many clients, it will cause many listening connections and sockets: This should not be a big problem. For the HTTP protocol, there is no need to do mapping through ports, only through `vhost_http_port` to reuse the port. With proper configuration, Linux can handle a very high number of concurrent requests.
gitea-mirror commented 2026-05-05 13:46:18 -06:00
Author
Owner
Copy link

@pierre-pretorius commented on GitHub (Jun 22, 2023):

Similar to the allow_ports setting, there could be a allow_unix_path where you could limit usage to be within a certain directory such as /var/run/some_app/.

I understand if this request is too specific to our usecase. We can consider forking the project if we run into problems with the existing TCP approach in the future. I note what you say about the vhost_http_port, we will re-evaluate this option. I believe in the past there was an issue with using websockets through it.

<!-- gh-comment-id:1603022003 --> @pierre-pretorius commented on GitHub (Jun 22, 2023): Similar to the `allow_ports` setting, there could be a `allow_unix_path` where you could limit usage to be within a certain directory such as `/var/run/some_app/`. I understand if this request is too specific to our usecase. We can consider forking the project if we run into problems with the existing TCP approach in the future. I note what you say about the `vhost_http_port`, we will re-evaluate this option. I believe in the past there was an issue with using websockets through it.
gitea-mirror commented 2026-05-05 13:46:18 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Jun 25, 2023):

Similar to the allow_ports setting, there could be a allow_unix_path where you could limit usage to be within a certain directory such as /var/run/some_app/

If this requirement is commonly present, then we can consider it.

I understand if this request is too specific to our usecase. We can consider forking the project if we run into problems with the existing TCP approach in the future. I note what you say about the vhost_http_port, we will re-evaluate this option. I believe in the past there was an issue with using websockets through it.

I tend to prefer solving the problems encountered in the current situation first, and only consider other solutions when it is truly impossible to solve them. You can provide more information about the problem and if possible, try to reproduce it locally. This will help me identify the root cause of the issue.

<!-- gh-comment-id:1605837982 --> @fatedier commented on GitHub (Jun 25, 2023): > Similar to the allow_ports setting, there could be a allow_unix_path where you could limit usage to be within a certain directory such as /var/run/some_app/ If this requirement is commonly present, then we can consider it. > I understand if this request is too specific to our usecase. We can consider forking the project if we run into problems with the existing TCP approach in the future. I note what you say about the vhost_http_port, we will re-evaluate this option. I believe in the past there was an issue with using websockets through it. I tend to prefer solving the problems encountered in the current situation first, and only consider other solutions when it is truly impossible to solve them. You can provide more information about the problem and if possible, try to reproduce it locally. This will help me identify the root cause of the issue.
gitea-mirror commented 2026-05-05 13:46:18 -06:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Oct 12, 2023):

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

<!-- gh-comment-id:1758736607 --> @github-actions[bot] commented on GitHub (Oct 12, 2023): Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2746
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?