From 396e148f805fd83626868303f041f82c6d6f83db Mon Sep 17 00:00:00 2001 From: Maodanping <673698750@qq.com> Date: Sat, 5 Nov 2016 14:15:16 +0800 Subject: [PATCH 1/4] add subdomain configuration; add conn auth timeout --- conf/frpc.ini | 3 +++ conf/frps.ini | 4 ++++ src/cmd/frpc/control.go | 1 + src/cmd/frps/control.go | 13 +++++++++---- src/models/client/config.go | 8 ++++++++ src/models/config/config.go | 1 + src/models/msg/msg.go | 1 + src/models/server/config.go | 12 ++++++++++++ src/models/server/server.go | 6 ++++++ 9 files changed, 45 insertions(+), 4 deletions(-) diff --git a/conf/frpc.ini b/conf/frpc.ini index 083f84f0..e9aa2ee5 100644 --- a/conf/frpc.ini +++ b/conf/frpc.ini @@ -40,6 +40,8 @@ pool_count = 20 # if not set, you can access this custom_domains without certification http_username = admin http_password = admin +# if domain for frps is frps.com, then you can access [web01] proxy by URL http://test.frps.com +subdomain = test [web02] type = http @@ -64,3 +66,4 @@ local_port = 80 use_gzip = true custom_domains = web03.yourdomain.com host_header_rewrite = example.com +subdomain = dev diff --git a/conf/frps.ini b/conf/frps.ini index 6163bc98..8835f634 100644 --- a/conf/frps.ini +++ b/conf/frps.ini @@ -26,6 +26,10 @@ privilege_token = 12345678 privilege_allow_ports = 2000-3000,3001,3003,4000-50000 # pool_count in each proxy will change to max_pool_count if they exceed the maximum value max_pool_count = 100 +# conn_timeout set the timeout interval (seconds) when the frpc connects frps +conn_timeout = 10 +# domain for frps +domain = codermao.com # ssh is the proxy name, client will use this name and auth_token to connect to server [ssh] diff --git a/src/cmd/frpc/control.go b/src/cmd/frpc/control.go index dcb8b0d7..db9929e4 100644 --- a/src/cmd/frpc/control.go +++ b/src/cmd/frpc/control.go @@ -152,6 +152,7 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) { HostHeaderRewrite: cli.HostHeaderRewrite, HttpUserName: cli.HttpUserName, HttpPassWord: cli.HttpPassWord, + SubDomain: cli.SubDomain, Timestamp: nowTime, } if cli.PrivilegeMode { diff --git a/src/cmd/frps/control.go b/src/cmd/frps/control.go index f2b25eab..851ceee1 100644 --- a/src/cmd/frps/control.go +++ b/src/cmd/frps/control.go @@ -221,8 +221,8 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) { nowTime := time.Now().Unix() if req.PrivilegeMode { privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeToken + fmt.Sprintf("%d", req.Timestamp)) - // privilegeKey avaiable in 15 minutes - if nowTime-req.Timestamp > 15*60 { + // privilegeKey unavaiable after server.CtrlConnTimeout seconds + if server.CtrlConnTimeout != 0 && nowTime-req.Timestamp > server.CtrlConnTimeout { info = fmt.Sprintf("ProxyName [%s], privilege mode authorization timeout", req.ProxyName) log.Warn(info) return @@ -234,8 +234,8 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) { } } else { authKey := pcrypto.GetAuthKey(req.ProxyName + s.AuthToken + fmt.Sprintf("%d", req.Timestamp)) - // authKey avaiable in 15 minutes - if nowTime-req.Timestamp > 15*60 { + // privilegeKey unavaiable after server.CtrlConnTimeout seconds + if server.CtrlConnTimeout != 0 && nowTime-req.Timestamp > server.CtrlConnTimeout { info = fmt.Sprintf("ProxyName [%s], authorization timeout", req.ProxyName) log.Warn(info) return @@ -289,6 +289,10 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) { s.HostHeaderRewrite = req.HostHeaderRewrite s.HttpUserName = req.HttpUserName s.HttpPassWord = req.HttpPassWord + // package URL + if req.SubDomain != "" { + s.SubDomain = req.SubDomain + "." + server.Domain + } if req.PoolCount > server.MaxPoolCount { s.PoolCount = server.MaxPoolCount } else if req.PoolCount < 0 { @@ -302,6 +306,7 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) { log.Warn(info) return } + log.Info("serverProxy: %+v", s) // update metric's proxy status metric.SetProxyInfo(s.Name, s.Type, s.BindAddr, s.UseEncryption, s.UseGzip, s.PrivilegeMode, s.CustomDomains, s.ListenPort) diff --git a/src/models/client/config.go b/src/models/client/config.go index 417ea3b2..e26ca782 100644 --- a/src/models/client/config.go +++ b/src/models/client/config.go @@ -166,6 +166,11 @@ func LoadConf(confFile string) (err error) { if ok { proxyClient.HttpPassWord = tmpStr } + // subdomain + tmpStr, ok = section["subdomain"] + if ok { + proxyClient.SubDomain = tmpStr + } } // privilege_mode @@ -219,6 +224,9 @@ func LoadConf(confFile string) (err error) { } else { return fmt.Errorf("Parse conf error: proxy [%s] custom_domains must be set when type equals http", proxyClient.Name) } + + // subdomain + proxyClient.SubDomain, ok = section["subdomain"] } else if proxyClient.Type == "https" { // custom_domains domainStr, ok := section["custom_domains"] diff --git a/src/models/config/config.go b/src/models/config/config.go index 9cf0071e..f71d24af 100644 --- a/src/models/config/config.go +++ b/src/models/config/config.go @@ -26,4 +26,5 @@ type BaseConf struct { HostHeaderRewrite string HttpUserName string HttpPassWord string + SubDomain string } diff --git a/src/models/msg/msg.go b/src/models/msg/msg.go index f065df13..64119ec5 100644 --- a/src/models/msg/msg.go +++ b/src/models/msg/msg.go @@ -37,6 +37,7 @@ type ControlReq struct { HostHeaderRewrite string `json:"host_header_rewrite"` HttpUserName string `json:"http_username"` HttpPassWord string `json:"http_password"` + SubDomain string `json:"subdomain"` Timestamp int64 `json:"timestamp"` } diff --git a/src/models/server/config.go b/src/models/server/config.go index 58ae0da3..d7f06215 100644 --- a/src/models/server/config.go +++ b/src/models/server/config.go @@ -45,6 +45,8 @@ var ( LogMaxDays int64 = 3 PrivilegeMode bool = false PrivilegeToken string = "" + CtrlConnTimeout int64 = 10 + Domain string = "" // if PrivilegeAllowPorts is not nil, tcp proxies which remote port exist in this map can be connected PrivilegeAllowPorts map[int64]struct{} @@ -222,6 +224,16 @@ func loadCommonConf(confFile string) error { MaxPoolCount = v } } + tmpStr, ok = conf.Get("common", "conn_timeout") + if ok { + v, err := strconv.ParseInt(tmpStr, 10, 64) + if err != nil { + return fmt.Errorf("Parse conf error: conn_timeout is incorrect") + } else { + CtrlConnTimeout = v + } + } + Domain, ok = conf.Get("common", "domain") return nil } diff --git a/src/models/server/server.go b/src/models/server/server.go index 2e2618d5..ec3fcad3 100644 --- a/src/models/server/server.go +++ b/src/models/server/server.go @@ -130,6 +130,12 @@ func (p *ProxyServer) Start(c *conn.Conn) (err error) { } p.listeners = append(p.listeners, l) } + l, err := VhostHttpMuxer.Listen(p.SubDomain, p.HostHeaderRewrite, p.HttpUserName, p.HttpPassWord) + if err != nil { + return err + } + p.listeners = append(p.listeners, l) + } else if p.Type == "https" { for _, domain := range p.CustomDomains { l, err := VhostHttpsMuxer.Listen(domain, p.HostHeaderRewrite, p.HttpUserName, p.HttpPassWord) From 54beb19435eee0200ce6ebe1ab0a1117cafb1669 Mon Sep 17 00:00:00 2001 From: Maodanping <673698750@qq.com> Date: Sat, 5 Nov 2016 14:26:04 +0800 Subject: [PATCH 2/4] frps/control.go remove log info --- src/cmd/frps/control.go | 1 - 1 file changed, 1 deletion(-) diff --git a/src/cmd/frps/control.go b/src/cmd/frps/control.go index 851ceee1..6dc43441 100644 --- a/src/cmd/frps/control.go +++ b/src/cmd/frps/control.go @@ -306,7 +306,6 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) { log.Warn(info) return } - log.Info("serverProxy: %+v", s) // update metric's proxy status metric.SetProxyInfo(s.Name, s.Type, s.BindAddr, s.UseEncryption, s.UseGzip, s.PrivilegeMode, s.CustomDomains, s.ListenPort) From 7cc5d03f351bfb9576ec7c173257d8c648cfeb8f Mon Sep 17 00:00:00 2001 From: Maodanping <673698750@qq.com> Date: Mon, 7 Nov 2016 09:51:27 +0800 Subject: [PATCH 3/4] conf/frps.ini modify domain field --- conf/frps.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/frps.ini b/conf/frps.ini index 8835f634..e17ab11a 100644 --- a/conf/frps.ini +++ b/conf/frps.ini @@ -29,7 +29,7 @@ max_pool_count = 100 # conn_timeout set the timeout interval (seconds) when the frpc connects frps conn_timeout = 10 # domain for frps -domain = codermao.com +domain = frps.com # ssh is the proxy name, client will use this name and auth_token to connect to server [ssh] From c70235566952d14e4a0816d6bdc058f2958938a2 Mon Sep 17 00:00:00 2001 From: Maodanping <673698750@qq.com> Date: Tue, 8 Nov 2016 13:40:40 +0800 Subject: [PATCH 4/4] frps/control rename authTimeout; add judgement for subdomain --- conf/frps.ini | 5 +++-- src/cmd/frps/control.go | 13 +++++++++---- src/models/server/config.go | 8 ++++---- src/models/server/server.go | 10 ++++++---- 4 files changed, 22 insertions(+), 14 deletions(-) diff --git a/conf/frps.ini b/conf/frps.ini index e17ab11a..3a3b14a8 100644 --- a/conf/frps.ini +++ b/conf/frps.ini @@ -26,8 +26,9 @@ privilege_token = 12345678 privilege_allow_ports = 2000-3000,3001,3003,4000-50000 # pool_count in each proxy will change to max_pool_count if they exceed the maximum value max_pool_count = 100 -# conn_timeout set the timeout interval (seconds) when the frpc connects frps -conn_timeout = 10 +# authentication_timeout means the timeout interval (minute units) when the frpc connects frps +# if authentication_timeout set zero, the time is not verified +authentication_timeout = 15 # domain for frps domain = frps.com diff --git a/src/cmd/frps/control.go b/src/cmd/frps/control.go index 6dc43441..db5c4087 100644 --- a/src/cmd/frps/control.go +++ b/src/cmd/frps/control.go @@ -18,6 +18,7 @@ import ( "encoding/json" "fmt" "io" + "strings" "time" "github.com/fatedier/frp/src/models/consts" @@ -221,8 +222,8 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) { nowTime := time.Now().Unix() if req.PrivilegeMode { privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeToken + fmt.Sprintf("%d", req.Timestamp)) - // privilegeKey unavaiable after server.CtrlConnTimeout seconds - if server.CtrlConnTimeout != 0 && nowTime-req.Timestamp > server.CtrlConnTimeout { + // privilegeKey unavaiable after server.AuthTimeout minutes + if server.AuthTimeout != 0 && nowTime-req.Timestamp > server.AuthTimeout { info = fmt.Sprintf("ProxyName [%s], privilege mode authorization timeout", req.ProxyName) log.Warn(info) return @@ -234,8 +235,7 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) { } } else { authKey := pcrypto.GetAuthKey(req.ProxyName + s.AuthToken + fmt.Sprintf("%d", req.Timestamp)) - // privilegeKey unavaiable after server.CtrlConnTimeout seconds - if server.CtrlConnTimeout != 0 && nowTime-req.Timestamp > server.CtrlConnTimeout { + if server.AuthTimeout != 0 && nowTime-req.Timestamp > server.AuthTimeout { info = fmt.Sprintf("ProxyName [%s], authorization timeout", req.ProxyName) log.Warn(info) return @@ -291,6 +291,11 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) { s.HttpPassWord = req.HttpPassWord // package URL if req.SubDomain != "" { + if strings.Contains(req.SubDomain, ".") || strings.Contains(req.SubDomain, "*") { + info = fmt.Sprintf("ProxyName [%s], type [%s] not support when subdomain is not set", req.ProxyName, req.Type) + log.Warn(info) + return + } s.SubDomain = req.SubDomain + "." + server.Domain } if req.PoolCount > server.MaxPoolCount { diff --git a/src/models/server/config.go b/src/models/server/config.go index d7f06215..c246c6a8 100644 --- a/src/models/server/config.go +++ b/src/models/server/config.go @@ -45,7 +45,7 @@ var ( LogMaxDays int64 = 3 PrivilegeMode bool = false PrivilegeToken string = "" - CtrlConnTimeout int64 = 10 + AuthTimeout int64 = 15 Domain string = "" // if PrivilegeAllowPorts is not nil, tcp proxies which remote port exist in this map can be connected @@ -224,13 +224,13 @@ func loadCommonConf(confFile string) error { MaxPoolCount = v } } - tmpStr, ok = conf.Get("common", "conn_timeout") + tmpStr, ok = conf.Get("common", "authentication_timeout") if ok { v, err := strconv.ParseInt(tmpStr, 10, 64) if err != nil { - return fmt.Errorf("Parse conf error: conn_timeout is incorrect") + return fmt.Errorf("Parse conf error: authentication_timeout is incorrect") } else { - CtrlConnTimeout = v + AuthTimeout = v } } Domain, ok = conf.Get("common", "domain") diff --git a/src/models/server/server.go b/src/models/server/server.go index ec3fcad3..9fb8db16 100644 --- a/src/models/server/server.go +++ b/src/models/server/server.go @@ -130,11 +130,13 @@ func (p *ProxyServer) Start(c *conn.Conn) (err error) { } p.listeners = append(p.listeners, l) } - l, err := VhostHttpMuxer.Listen(p.SubDomain, p.HostHeaderRewrite, p.HttpUserName, p.HttpPassWord) - if err != nil { - return err + if p.SubDomain != "" { + l, err := VhostHttpMuxer.Listen(p.SubDomain, p.HostHeaderRewrite, p.HttpUserName, p.HttpPassWord) + if err != nil { + return err + } + p.listeners = append(p.listeners, l) } - p.listeners = append(p.listeners, l) } else if p.Type == "https" { for _, domain := range p.CustomDomains {