fatedier · simplysoft · Mar 21, 2026 · Mar 21, 2026
diff --git a/pkg/config/v1/server.go b/pkg/config/v1/server.go
@@ -31,6 +31,12 @@ type ServerConfig struct {
 	// BindPort specifies the port that the server listens on. By default, this
 	// value is 7000.
 	BindPort int `json:"bindPort,omitempty"`
+	// BindProxyProtocol enables PROXY protocol (v1 and v2) parsing on the
+	// bind port listener. When true, the real client IP is extracted from
+	// the PROXY protocol header before protocol multiplexing. This is
+	// useful when frps is behind a load balancer that sends PROXY protocol.
+	// By default, this is false.
+	BindProxyProtocol bool `json:"bindProxyProtocol,omitempty"`
 	// KCPBindPort specifies the KCP port that the server listens on. If this
 	// value is 0, the server will not listen for KCP connections.
 	KCPBindPort int `json:"kcpBindPort,omitempty"`
@@ -51,6 +57,14 @@ type ServerConfig struct {
 	// Vhost requests. If this value is 0, the server will not listen for HTTPS
 	// requests.
 	VhostHTTPSPort int `json:"vhostHTTPSPort,omitempty"`
+	// VhostHTTPSProxyProtocol enables PROXY protocol (v1 and v2) parsing
+	// on the HTTPS vhost listener. When true, the real client IP is
+	// extracted from the PROXY protocol header and used as the source
+	// address for proxied connections. By default, this is false.
+	VhostHTTPSProxyProtocol bool `json:"vhostHTTPSProxyProtocol,omitempty"`
+	// VhostHTTPProxyProtocol is the same as VhostHTTPSProxyProtocol but
+	// for the HTTP vhost listener.
+	VhostHTTPProxyProtocol bool `json:"vhostHTTPProxyProtocol,omitempty"`
 	// TCPMuxHTTPConnectPort specifies the port that the server listens for TCP
 	// HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
 	// requests on one single port. If it's not - it will listen on this value for

diff --git a/server/service.go b/server/service.go
@@ -28,6 +28,7 @@ import (
 	"github.com/fatedier/golib/crypto"
 	"github.com/fatedier/golib/net/mux"
 	fmux "github.com/hashicorp/yamux"
+	pp "github.com/pires/go-proxyproto"
 	quic "github.com/quic-go/quic-go"
 	"github.com/samber/lo"
 
@@ -234,6 +235,10 @@ func NewService(cfg *v1.ServerConfig) (*Service, error) {
 	if err != nil {
 		return nil, fmt.Errorf("create server listener error, %v", err)
 	}
+	if cfg.BindProxyProtocol {
+		log.Infof("bindPort proxy protocol enabled")
+		ln = &pp.Listener{Listener: ln}
+	}
 
 	svr.muxer = mux.NewMux(ln)
 	svr.muxer.SetKeepAlive(time.Duration(cfg.Transport.TCPKeepAlive) * time.Second)
@@ -308,6 +313,10 @@ func NewService(cfg *v1.ServerConfig) (*Service, error) {
 				return nil, fmt.Errorf("create vhost http listener error, %v", err)
 			}
 		}
+		if cfg.VhostHTTPProxyProtocol {
+			log.Infof("http vhost proxy protocol enabled")
+			l = &pp.Listener{Listener: l}
+		}
 		go func() {
 			_ = server.Serve(l)
 		}()
@@ -328,6 +337,11 @@ func NewService(cfg *v1.ServerConfig) (*Service, error) {
 			log.Infof("https service listen on %s", address)
 		}
 
+		if cfg.VhostHTTPSProxyProtocol {
+			log.Infof("https vhost proxy protocol enabled")
+			l = &pp.Listener{Listener: l}
+		}
+
 		svr.rc.VhostHTTPSMuxer, err = vhost.NewHTTPSMuxer(l, vhostReadWriteTimeout)
 		if err != nil {
 			return nil, fmt.Errorf("create vhost httpsMuxer error, %v", err)