Merge pull request #2206 from fatedier/dev

bump version

.circleci/config.yml

@@ -0,0 +1,25 @@
+version: 2
+jobs:
+  test1:
+    docker:
+      - image: circleci/golang:1.15-node
+    working_directory: /go/src/github.com/fatedier/frp
+    steps:
+      - checkout
+      - run: make
+      - run: make alltest
+  test2:
+    docker:
+      - image: circleci/golang:1.14-node
+    working_directory: /go/src/github.com/fatedier/frp
+    steps:
+      - checkout
+      - run: make
+      - run: make alltest
+
+workflows:
+  version: 2
+  build_and_test:
+    jobs:
+      - test1
+      - test2

.github/workflows/goreleaser.yml

@@ -27,4 +27,4 @@ jobs:
           version: latest
           args: release --rm-dist --release-notes=./Release.md
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GPR_TOKEN }}

README.md

@@ -1,6 +1,6 @@
 # frp
 
-[![Build Status](https://travis-ci.org/fatedier/frp.svg?branch=master)](https://travis-ci.org/fatedier/frp)
+[![Build Status](https://circleci.com/gh/fatedier/frp.svg?style=shield)](https://circleci.com/gh/fatedier/frp)
 [![GitHub release](https://img.shields.io/github/tag/fatedier/frp.svg?label=release)](https://github.com/fatedier/frp/releases)
 
 [README](README.md) | [中文文档](README_zh.md)

Release.md

@@ -1,3 +1,8 @@
 ### New
 
-* Command line parameters support `enable_prometheus`.
+* Server Plugin supports HTTPS.
+
+### Fix
+
+* Fix IPv6 address parse problem.
+* HTTP type proxy can't handle websocket protocol due to error `Connection` header value.

assets/frps/static/index.html

@@ -1 +1 @@
-<!DOCTYPE html> <html lang=en> <head> <meta charset=utf-8> <title>frps dashboard</title> <link rel="shortcut icon" href="favicon.ico"></head> <body> <div id=app></div> <script type="text/javascript" src="manifest.js?14bea8276eef86cc7c61"></script><script type="text/javascript" src="vendor.js?51925ec1a77936b64d61"></script></body> </html> 
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" href="favicon.ico"><title>frps-dashboard</title><link href="css/app.808290ae.css" rel="preload" as="style"><link href="css/chunk-vendors.84bb20f7.css" rel="preload" as="style"><link href="js/app.bb942a48.js" rel="preload" as="script"><link href="js/chunk-vendors.4421b07d.js" rel="preload" as="script"><link href="css/chunk-vendors.84bb20f7.css" rel="stylesheet"><link href="css/app.808290ae.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but frps-dashboard doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div><script src="js/chunk-vendors.4421b07d.js"></script><script src="js/app.bb942a48.js"></script></body></html>

client/control.go

@@ -17,10 +17,10 @@ package client
 import (
 	"context"
 	"crypto/tls"
-	"fmt"
 	"io"
 	"net"
 	"runtime/debug"
+	"strconv"
 	"sync"
 	"time"
 
@@ -222,8 +222,10 @@ func (ctl *Control) connectServer() (conn net.Conn, err error) {
 				return
 			}
 		}
-		conn, err = frpNet.ConnectServerByProxyWithTLS(ctl.clientCfg.HTTPProxy, ctl.clientCfg.Protocol,
-			fmt.Sprintf("%s:%d", ctl.clientCfg.ServerAddr, ctl.clientCfg.ServerPort), tlsConfig)
+
+		address := net.JoinHostPort(ctl.clientCfg.ServerAddr, strconv.Itoa(ctl.clientCfg.ServerPort))
+		conn, err = frpNet.ConnectServerByProxyWithTLS(ctl.clientCfg.HTTPProxy, ctl.clientCfg.Protocol, address, tlsConfig)
+
 		if err != nil {
 			xl.Warn("start new connection to server error: %v", err)
 			return
@@ -295,7 +297,7 @@ func (ctl *Control) msgHandler() {
 	}()
 	defer ctl.msgHandlerShutdown.Done()
 
-	hbSend := time.NewTicker(time.Duration(ctl.clientCfg.HeartBeatInterval) * time.Second)
+	hbSend := time.NewTicker(time.Duration(ctl.clientCfg.HeartbeatInterval) * time.Second)
 	defer hbSend.Stop()
 	hbCheck := time.NewTicker(time.Second)
 	defer hbCheck.Stop()
@@ -314,7 +316,7 @@ func (ctl *Control) msgHandler() {
 			}
 			ctl.sendCh <- pingMsg
 		case <-hbCheck.C:
-			if time.Since(ctl.lastPong) > time.Duration(ctl.clientCfg.HeartBeatTimeout)*time.Second {
+			if time.Since(ctl.lastPong) > time.Duration(ctl.clientCfg.HeartbeatTimeout)*time.Second {
 				xl.Warn("heartbeat timeout")
 				// let reader() stop
 				ctl.conn.Close()

client/service.go

@@ -21,6 +21,7 @@ import (
 	"io/ioutil"
 	"net"
 	"runtime"
+	"strconv"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -215,8 +216,9 @@ func (svr *Service) login() (conn net.Conn, session *fmux.Session, err error) {
 			return
 		}
 	}
-	conn, err = frpNet.ConnectServerByProxyWithTLS(svr.cfg.HTTPProxy, svr.cfg.Protocol,
-		fmt.Sprintf("%s:%d", svr.cfg.ServerAddr, svr.cfg.ServerPort), tlsConfig)
+
+	address := net.JoinHostPort(svr.cfg.ServerAddr, strconv.Itoa(svr.cfg.ServerPort))
+	conn, err = frpNet.ConnectServerByProxyWithTLS(svr.cfg.HTTPProxy, svr.cfg.Protocol, address, tlsConfig)
 	if err != nil {
 		return
 	}

cmd/frpc/sub/root.go

@@ -157,17 +157,16 @@ func parseClientCommonCfgFromIni(content string) (config.ClientCommonConf, error
 func parseClientCommonCfgFromCmd() (cfg config.ClientCommonConf, err error) {
 	cfg = config.GetDefaultClientConf()
 
-	strs := strings.Split(serverAddr, ":")
-	if len(strs) < 2 {
-		err = fmt.Errorf("invalid server_addr")
+	ipStr, portStr, err := net.SplitHostPort(serverAddr)
+	if err != nil {
+		err = fmt.Errorf("invalid server_addr: %v", err)
 		return
 	}
-	if strs[0] != "" {
-		cfg.ServerAddr = strs[0]
-	}
-	cfg.ServerPort, err = strconv.Atoi(strs[1])
+
+	cfg.ServerAddr = ipStr
+	cfg.ServerPort, err = strconv.Atoi(portStr)
 	if err != nil {
-		err = fmt.Errorf("invalid server_addr")
+		err = fmt.Errorf("invalid server_addr: %v", err)
 		return
 	}
 

cmd/frps/root.go

@@ -105,13 +105,15 @@ var rootCmd = &cobra.Command{
 		var cfg config.ServerCommonConf
 		var err error
 		if cfgFile != "" {
+			log.Info("frps uses config file: %s", cfgFile)
 			var content string
 			content, err = config.GetRenderedConfFromFile(cfgFile)
 			if err != nil {
 				return err
 			}
 			cfg, err = parseServerCommonCfg(CfgFileTypeIni, content)
 		} else {
+			log.Info("frps uses command line arguments for config")
 			cfg, err = parseServerCommonCfg(CfgFileTypeCmd, "")
 		}
 		if err != nil {
@@ -212,7 +214,7 @@ func runServer(cfg config.ServerCommonConf) (err error) {
 	if err != nil {
 		return err
 	}
-	log.Info("start frps success")
+	log.Info("frps started successfully")
 	svr.Run()
 	return
 }

conf/frpc_full.ini

@@ -23,15 +23,30 @@ log_max_days = 3
 disable_log_color = false
 
 # for authentication, should be same as your frps.ini
-# AuthenticateHeartBeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
+# authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
 authenticate_heartbeats = false
 
-# AuthenticateNewWorkConns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
+# authenticate_new_work_conns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
 authenticate_new_work_conns = false
 
 # auth token
 token = 12345678
 
+# oidc_client_id specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
+# By default, this value is "".
+oidc_client_id =
+
+# oidc_client_secret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
+# By default, this value is "".
+oidc_client_secret =
+
+# oidc_audience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
+oidc_audience =
+
+# oidc_token_endpoint_url specifies the URL which implements OIDC Token Endpoint.
+# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
+oidc_token_endpoint_url =
+
 # set admin address for control frpc's action by http api such as reload
 admin_addr = 127.0.0.1
 admin_port = 7400

conf/frps_full.ini

@@ -23,7 +23,7 @@ vhost_https_port = 443
 # response header timeout(seconds) for vhost http server, default is 60s
 # vhost_http_timeout = 60
 
-# TcpMuxHttpConnectPort specifies the port that the server listens for TCP
+# tcpmux_httpconnect_port specifies the port that the server listens for TCP
 # HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
 # requests on one single port. If it's not - it will listen on this value for
 # HTTP CONNECT requests. By default, this value is 0.
@@ -44,6 +44,7 @@ enable_prometheus = true
 
 # dashboard assets directory(only for debug mode)
 # assets_dir = ./static
+
 # console or real logFile path like ./frps.log
 log_file = ./frps.log
 
@@ -58,12 +59,12 @@ disable_log_color = false
 # DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
 detailed_errors_to_client = true
 
-# AuthenticationMethod specifies what authentication method to use authenticate frpc with frps.
+# authentication_method specifies what authentication method to use authenticate frpc with frps.
 # If "token" is specified - token will be read into login message.
 # If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
 authentication_method = token
 
-# AuthenticateHeartBeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
+# authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
 authenticate_heartbeats = false
 
 # AuthenticateNewWorkConns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
@@ -72,25 +73,31 @@ authenticate_new_work_conns = false
 # auth token
 token = 12345678
 
-# OidcClientId specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
+# oidc_issuer specifies the issuer to verify OIDC tokens with.
 # By default, this value is "".
-oidc_client_id =
+oidc_issuer =
 
-# OidcClientSecret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
+# oidc_audience specifies the audience OIDC tokens should contain when validated.
 # By default, this value is "".
-oidc_client_secret = 
+oidc_audience =
+
+# oidc_skip_expiry_check specifies whether to skip checking if the OIDC token is expired.
+# By default, this value is false.
+oidc_skip_expiry_check = false
 
-# OidcAudience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
-oidc_audience = 
 
-# OidcTokenEndpointUrl specifies the URL which implements OIDC Token Endpoint.
-# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
-oidc_token_endpoint_url = 
+# oidc_skip_issuer_check specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
+# By default, this value is false.
+oidc_skip_issuer_check = false
 
 # heartbeat configure, it's not recommended to modify the default value
 # the default value of heartbeat_timeout is 90
 # heartbeat_timeout = 90
 
+# user_conn_timeout configure, it's not recommended to modify the default value
+# the default value of user_conn_timeout is 10
+# user_conn_timeout = 10
+
 # only allow frpc to bind ports you list, if you set nothing, there won't be any limit
 allow_ports = 2000-3000,3001,3003,4000-50000
 
@@ -100,7 +107,7 @@ max_pool_count = 5
 # max ports can be used for each client, default value is 0 means no limit
 max_ports_per_client = 0
 
-# TlsOnly specifies whether to only accept TLS-encrypted connections. By default, the value is false.
+# tls_only specifies whether to only accept TLS-encrypted connections. By default, the value is false.
 tls_only = false
 
 # tls_cert_file = server.crt

doc/server_plugin.md

@@ -209,9 +209,10 @@ path = /handler
 ops = NewProxy
 ```
 
-addr: the address where the external RPC service listens on.
-path: http request url path for the POST request.
-ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...).
+- addr: the address where the external RPC service listens. Defaults to http. For https, specify the schema: `addr = https://127.0.0.1:9001`.
+- path: http request url path for the POST request.
+- ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...).
+- tls_verify: When the schema is https, we verify by default. Set this value to false if you want to skip verification.
 
 ### Metadata
 

pkg/config/client_common.go

@@ -121,11 +121,11 @@ type ClientCommonConf struct {
 	// HeartBeatInterval specifies at what interval heartbeats are sent to the
 	// server, in seconds. It is not recommended to change this value. By
 	// default, this value is 30.
-	HeartBeatInterval int64 `json:"heartbeat_interval"`
+	HeartbeatInterval int64 `json:"heartbeat_interval"`
 	// HeartBeatTimeout specifies the maximum allowed heartbeat response delay
 	// before the connection is terminated, in seconds. It is not recommended
 	// to change this value. By default, this value is 90.
-	HeartBeatTimeout int64 `json:"heartbeat_timeout"`
+	HeartbeatTimeout int64 `json:"heartbeat_timeout"`
 	// Client meta info
 	Metas map[string]string `json:"metas"`
 	// UDPPacketSize specifies the udp packet size
@@ -160,8 +160,8 @@ func GetDefaultClientConf() ClientCommonConf {
 		TLSCertFile:       "",
 		TLSKeyFile:        "",
 		TLSTrustedCaFile:  "",
-		HeartBeatInterval: 30,
-		HeartBeatTimeout:  90,
+		HeartbeatInterval: 30,
+		HeartbeatTimeout:  90,
 		Metas:             make(map[string]string),
 		UDPPacketSize:     1500,
 	}
@@ -312,15 +312,15 @@ func UnmarshalClientConfFromIni(content string) (cfg ClientCommonConf, err error
 			err = fmt.Errorf("Parse conf error: invalid heartbeat_timeout")
 			return
 		}
-		cfg.HeartBeatTimeout = v
+		cfg.HeartbeatTimeout = v
 	}
 
 	if tmpStr, ok = conf.Get("common", "heartbeat_interval"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid heartbeat_interval")
 			return
 		}
-		cfg.HeartBeatInterval = v
+		cfg.HeartbeatInterval = v
 	}
 	for k, v := range conf.Section("common") {
 		if strings.HasPrefix(k, "meta_") {
@@ -338,12 +338,12 @@ func UnmarshalClientConfFromIni(content string) (cfg ClientCommonConf, err error
 }
 
 func (cfg *ClientCommonConf) Check() (err error) {
-	if cfg.HeartBeatInterval <= 0 {
+	if cfg.HeartbeatInterval <= 0 {
 		err = fmt.Errorf("Parse conf error: invalid heartbeat_interval")
 		return
 	}
 
-	if cfg.HeartBeatTimeout < cfg.HeartBeatInterval {
+	if cfg.HeartbeatTimeout < cfg.HeartbeatInterval {
 		err = fmt.Errorf("Parse conf error: invalid heartbeat_timeout, heartbeat_timeout is less than heartbeat_interval")
 		return
 	}