mirror of
https://github.com/fatedier/frp.git
synced 2024-11-08 09:04:52 +01:00
Add basic auth to dashboard
This commit is contained in:
parent
b403e4142b
commit
4dadaac905
19
README.md
19
README.md
@ -6,14 +6,14 @@
|
|||||||
|
|
||||||
## What is frp?
|
## What is frp?
|
||||||
|
|
||||||
frp is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.Now, it supports tcp, http and https protocol when requests can be forwarded by domains to backward web services.
|
frp is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet. Now, it supports tcp, http and https protocol when requests can be forwarded by domains to backward web services.
|
||||||
|
|
||||||
## Catalog
|
## Catalog
|
||||||
|
|
||||||
* [What can I do with frp?](#what-can-i-do-with-frp)
|
* [What can I do with frp?](#what-can-i-do-with-frp)
|
||||||
* [Status](#status)
|
* [Status](#status)
|
||||||
* [Architecture](#architecture)
|
* [Architecture](#architecture)
|
||||||
* [Example Usage](#example-usage)
|
* [Example Usage](#example-usage)
|
||||||
* [Communicate with your computer in LAN by SSH](#communicate-with-your-computer-in-lan-by-ssh)
|
* [Communicate with your computer in LAN by SSH](#communicate-with-your-computer-in-lan-by-ssh)
|
||||||
* [Visit your web service in LAN by custom domains](#visit-your-web-service-in-lan-by-custom-domains)
|
* [Visit your web service in LAN by custom domains](#visit-your-web-service-in-lan-by-custom-domains)
|
||||||
* [Features](#features)
|
* [Features](#features)
|
||||||
@ -37,9 +37,9 @@ frp is a fast reverse proxy to help you expose a local server behind a NAT or fi
|
|||||||
|
|
||||||
## Status
|
## Status
|
||||||
|
|
||||||
frp is under development and you can try it with latest release version.Master branch for releasing stable version when dev branch for developing.
|
frp is under development and you can try it with latest release version. Master branch for releasing stable version when dev branch for developing.
|
||||||
|
|
||||||
**We may change any protocol and can't promise backward compatible.Please check the release log when upgrading.**
|
**We may change any protocol and can't promise backward compatible. Please check the release log when upgrading.**
|
||||||
|
|
||||||
## Architecture
|
## Architecture
|
||||||
|
|
||||||
@ -149,9 +149,12 @@ Configure a port for dashboard to enable this feature:
|
|||||||
```ini
|
```ini
|
||||||
[common]
|
[common]
|
||||||
dashboard_port = 7500
|
dashboard_port = 7500
|
||||||
|
# dashboard's username and password are both optional,if not set, default is admin.
|
||||||
|
dashboard_username = abc
|
||||||
|
dashboard_password = abc
|
||||||
```
|
```
|
||||||
|
|
||||||
Then visit `http://[server_addr]:7500` to see dashboard.
|
Then visit `http://[server_addr]:7500` to see dashboard, default username and password are both `admin`.
|
||||||
|
|
||||||
![dashboard](/doc/pic/dashboard.png)
|
![dashboard](/doc/pic/dashboard.png)
|
||||||
|
|
||||||
@ -286,9 +289,9 @@ This feature is fit for a large number of short connections.
|
|||||||
|
|
||||||
2. Enable and specify the number of connection pool:
|
2. Enable and specify the number of connection pool:
|
||||||
|
|
||||||
```ini
|
```ini
|
||||||
# frpc.ini
|
# frpc.ini
|
||||||
[ssh]
|
[ssh]
|
||||||
type = tcp
|
type = tcp
|
||||||
local_port = 22
|
local_port = 22
|
||||||
pool_count = 10
|
pool_count = 10
|
||||||
@ -300,7 +303,7 @@ When forwarding to a local port, frp does not modify the tunneled HTTP requests
|
|||||||
|
|
||||||
```ini
|
```ini
|
||||||
# frpc.ini
|
# frpc.ini
|
||||||
[web]
|
[web]
|
||||||
privilege_mode = true
|
privilege_mode = true
|
||||||
type = http
|
type = http
|
||||||
local_port = 80
|
local_port = 80
|
||||||
|
@ -146,9 +146,12 @@ frp 目前正在前期开发阶段,master 分支用于发布稳定版本,dev
|
|||||||
```ini
|
```ini
|
||||||
[common]
|
[common]
|
||||||
dashboard_port = 7500
|
dashboard_port = 7500
|
||||||
|
# dashboard 用户名密码可选,默认都为 admin
|
||||||
|
dashboard_username = abc
|
||||||
|
dashboard_password = abc
|
||||||
```
|
```
|
||||||
|
|
||||||
打开浏览器通过 `http://[server_addr]:7500` 访问 dashboard 界面。
|
打开浏览器通过 `http://[server_addr]:7500` 访问 dashboard 界面,用户名密码默认为 `admin`。
|
||||||
|
|
||||||
![dashboard](/doc/pic/dashboard.png)
|
![dashboard](/doc/pic/dashboard.png)
|
||||||
|
|
||||||
|
@ -9,6 +9,9 @@ vhost_http_port = 80
|
|||||||
vhost_https_port = 443
|
vhost_https_port = 443
|
||||||
# if you want to configure or reload frps by dashboard, dashboard_port must be set
|
# if you want to configure or reload frps by dashboard, dashboard_port must be set
|
||||||
dashboard_port = 7500
|
dashboard_port = 7500
|
||||||
|
# dashboard username and password for basic protect, if not set, both default value is admin
|
||||||
|
dashboard_username = abc
|
||||||
|
dashboard_password = abc
|
||||||
# dashboard assets directory(only for debug mode)
|
# dashboard assets directory(only for debug mode)
|
||||||
# assets_dir = ./static
|
# assets_dir = ./static
|
||||||
# console or real logFile path like ./frps.log
|
# console or real logFile path like ./frps.log
|
||||||
|
@ -30,19 +30,21 @@ import (
|
|||||||
|
|
||||||
// common config
|
// common config
|
||||||
var (
|
var (
|
||||||
ConfigFile string = "./frps.ini"
|
ConfigFile string = "./frps.ini"
|
||||||
BindAddr string = "0.0.0.0"
|
BindAddr string = "0.0.0.0"
|
||||||
BindPort int64 = 7000
|
BindPort int64 = 7000
|
||||||
VhostHttpPort int64 = 0 // if VhostHttpPort equals 0, don't listen a public port for http protocol
|
VhostHttpPort int64 = 0 // if VhostHttpPort equals 0, don't listen a public port for http protocol
|
||||||
VhostHttpsPort int64 = 0 // if VhostHttpsPort equals 0, don't listen a public port for https protocol
|
VhostHttpsPort int64 = 0 // if VhostHttpsPort equals 0, don't listen a public port for https protocol
|
||||||
DashboardPort int64 = 0 // if DashboardPort equals 0, dashboard is not available
|
DashboardPort int64 = 0 // if DashboardPort equals 0, dashboard is not available
|
||||||
AssetsDir string = ""
|
DashboardUsername string = "admin"
|
||||||
LogFile string = "console"
|
DashboardPassword string = "admin"
|
||||||
LogWay string = "console" // console or file
|
AssetsDir string = ""
|
||||||
LogLevel string = "info"
|
LogFile string = "console"
|
||||||
LogMaxDays int64 = 3
|
LogWay string = "console" // console or file
|
||||||
PrivilegeMode bool = false
|
LogLevel string = "info"
|
||||||
PrivilegeToken string = ""
|
LogMaxDays int64 = 3
|
||||||
|
PrivilegeMode bool = false
|
||||||
|
PrivilegeToken string = ""
|
||||||
|
|
||||||
// if PrivilegeAllowPorts is not nil, tcp proxies which remote port exist in this map can be connected
|
// if PrivilegeAllowPorts is not nil, tcp proxies which remote port exist in this map can be connected
|
||||||
PrivilegeAllowPorts map[int64]struct{}
|
PrivilegeAllowPorts map[int64]struct{}
|
||||||
@ -119,6 +121,16 @@ func loadCommonConf(confFile string) error {
|
|||||||
DashboardPort = 0
|
DashboardPort = 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tmpStr, ok = conf.Get("common", "dashboard_username")
|
||||||
|
if ok {
|
||||||
|
DashboardUsername = tmpStr
|
||||||
|
}
|
||||||
|
|
||||||
|
tmpStr, ok = conf.Get("common", "dashboard_password")
|
||||||
|
if ok {
|
||||||
|
DashboardPassword = tmpStr
|
||||||
|
}
|
||||||
|
|
||||||
tmpStr, ok = conf.Get("common", "assets_dir")
|
tmpStr, ok = conf.Get("common", "assets_dir")
|
||||||
if ok {
|
if ok {
|
||||||
AssetsDir = tmpStr
|
AssetsDir = tmpStr
|
||||||
|
@ -15,9 +15,11 @@
|
|||||||
package server
|
package server
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/base64"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/fatedier/frp/src/assets"
|
"github.com/fatedier/frp/src/assets"
|
||||||
@ -38,7 +40,7 @@ func RunDashboardServer(addr string, port int64) (err error) {
|
|||||||
// view, see dashboard_view.go
|
// view, see dashboard_view.go
|
||||||
mux.Handle("/favicon.ico", http.FileServer(assets.FileSystem))
|
mux.Handle("/favicon.ico", http.FileServer(assets.FileSystem))
|
||||||
mux.Handle("/static/", http.StripPrefix("/static/", http.FileServer(assets.FileSystem)))
|
mux.Handle("/static/", http.StripPrefix("/static/", http.FileServer(assets.FileSystem)))
|
||||||
mux.HandleFunc("/", viewDashboard)
|
mux.HandleFunc("/", use(viewDashboard, basicAuth))
|
||||||
|
|
||||||
address := fmt.Sprintf("%s:%d", addr, port)
|
address := fmt.Sprintf("%s:%d", addr, port)
|
||||||
server := &http.Server{
|
server := &http.Server{
|
||||||
@ -58,3 +60,43 @@ func RunDashboardServer(addr string, port int64) (err error) {
|
|||||||
go server.Serve(ln)
|
go server.Serve(ln)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func use(h http.HandlerFunc, middleware ...func(http.HandlerFunc) http.HandlerFunc) http.HandlerFunc {
|
||||||
|
for _, m := range middleware {
|
||||||
|
h = m(h)
|
||||||
|
}
|
||||||
|
|
||||||
|
return h
|
||||||
|
}
|
||||||
|
|
||||||
|
func basicAuth(h http.HandlerFunc) http.HandlerFunc {
|
||||||
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
|
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
||||||
|
|
||||||
|
s := strings.SplitN(r.Header.Get("Authorization"), " ", 2)
|
||||||
|
if len(s) != 2 {
|
||||||
|
http.Error(w, "Not authorized", 401)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
b, err := base64.StdEncoding.DecodeString(s[1])
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, err.Error(), 401)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
pair := strings.SplitN(string(b), ":", 2)
|
||||||
|
if len(pair) != 2 {
|
||||||
|
http.Error(w, "Not authorized", 401)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if pair[0] != DashboardUsername || pair[1] != DashboardPassword {
|
||||||
|
http.Error(w, "Not authorized", 401)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
h.ServeHTTP(w, r)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user