From 058756af0ada04982998f33dc411918a3a63eb4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=A8=E9=BB=84=E6=9E=97?= Date: Mon, 11 Sep 2023 18:02:10 +0800 Subject: [PATCH] support tls --- cmd/frps-panel/cmd.go | 104 +++++++++++++++++++++++++++++++++--------- config/cert.crt | 46 +++++++++++++++++++ config/cert.key | 27 +++++++++++ config/frps-panel.ini | 14 ++++-- pkg/server/server.go | 47 ++++++++++++++++--- 5 files changed, 205 insertions(+), 33 deletions(-) create mode 100644 config/cert.crt create mode 100644 config/cert.key diff --git a/cmd/frps-panel/cmd.go b/cmd/frps-panel/cmd.go index 3268c43..9533944 100644 --- a/cmd/frps-panel/cmd.go +++ b/cmd/frps-panel/cmd.go @@ -40,23 +40,17 @@ var rootCmd = &cobra.Command{ } rootDir := filepath.Dir(executable) - common, tokens, ports, domains, subdomains, iniFile, err := ParseConfigFile(configFile) + config, tls, err := ParseConfigFile(configFile) if err != nil { log.Printf("fail to start frps-panel : %v", err) return err } + s, err := server.New( rootDir, - controller.HandleController{ - CommonInfo: common, - Tokens: tokens, - Ports: ports, - Domains: domains, - Subdomains: subdomains, - ConfigFile: configFile, - IniFile: iniFile, - Version: version, - }) + config, + tls, + ) if err != nil { return err } @@ -74,12 +68,16 @@ func Execute() { } } -func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.TokenInfo, map[string][]string, map[string][]string, map[string][]string, *ini.File, error) { +func ParseConfigFile(file string) (controller.HandleController, server.TLS, error) { common := controller.CommonInfo{} users := make(map[string]controller.TokenInfo) ports := make(map[string][]string) domains := make(map[string][]string) subdomains := make(map[string][]string) + tls := server.TLS{ + Enable: false, + Protocol: "HTTP", + } iniFile, err := ini.LoadSources(ini.LoadOptions{ Insensitive: false, @@ -95,13 +93,27 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller. } else { log.Printf("fail to parse token file %s : %v", file, err) } - return common, nil, nil, nil, nil, iniFile, err + return controller.HandleController{ + CommonInfo: common, + Tokens: nil, + Ports: nil, + Domains: nil, + Subdomains: nil, + IniFile: iniFile, + }, tls, err } commonSection, err := iniFile.GetSection("common") if err != nil { log.Printf("fail to get [common] section from file %s : %v", file, err) - return common, nil, nil, nil, nil, iniFile, err + return controller.HandleController{ + CommonInfo: common, + Tokens: nil, + Ports: nil, + Domains: nil, + Subdomains: nil, + IniFile: iniFile, + }, tls, err } common.PluginAddr = commonSection.Key("plugin_addr").MustString("0.0.0.0") common.PluginPort = commonSection.Key("plugin_port").MustInt(7200) @@ -112,10 +124,24 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller. common.DashboardUser = commonSection.Key("dashboard_user").Value() common.DashboardPwd = commonSection.Key("dashboard_pwd").Value() + tls.Enable = commonSection.Key("dashboard_tls_mode").MustBool(false) + tls.Cert = commonSection.Key("dashboard_tls_cert_file").MustString("") + tls.Key = commonSection.Key("dashboard_tls_key_file").MustString("") + if tls.Enable { + tls.Protocol = "HTTPS" + } + portsSection, err := iniFile.GetSection("ports") if err != nil { log.Printf("fail to get [ports] section from file %s : %v", file, err) - return common, nil, nil, nil, nil, iniFile, err + return controller.HandleController{ + CommonInfo: common, + Tokens: nil, + Ports: nil, + Domains: nil, + Subdomains: nil, + IniFile: iniFile, + }, tls, err } for _, key := range portsSection.Keys() { user := key.Name() @@ -127,7 +153,14 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller. domainsSection, err := iniFile.GetSection("domains") if err != nil { log.Printf("fail to get [domains] section from file %s : %v", file, err) - return common, nil, nil, nil, nil, iniFile, err + return controller.HandleController{ + CommonInfo: common, + Tokens: nil, + Ports: nil, + Domains: nil, + Subdomains: nil, + IniFile: iniFile, + }, tls, err } for _, key := range domainsSection.Keys() { user := key.Name() @@ -139,7 +172,14 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller. subdomainsSection, err := iniFile.GetSection("subdomains") if err != nil { log.Printf("fail to get [subdomains] section from file %s : %v", file, err) - return common, nil, nil, nil, nil, iniFile, err + return controller.HandleController{ + CommonInfo: common, + Tokens: nil, + Ports: nil, + Domains: nil, + Subdomains: nil, + IniFile: iniFile, + }, tls, err } for _, key := range subdomainsSection.Keys() { user := key.Name() @@ -151,13 +191,27 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller. usersSection, err := iniFile.GetSection("users") if err != nil { log.Printf("fail to get [users] section from file %s : %v", file, err) - return common, nil, nil, nil, nil, iniFile, err + return controller.HandleController{ + CommonInfo: common, + Tokens: nil, + Ports: nil, + Domains: nil, + Subdomains: nil, + IniFile: iniFile, + }, tls, err } disabledSection, err := iniFile.GetSection("disabled") if err != nil { log.Printf("fail to get [disabled] section from file %s : %v", file, err) - return common, nil, nil, nil, nil, iniFile, err + return controller.HandleController{ + CommonInfo: common, + Tokens: nil, + Ports: nil, + Domains: nil, + Subdomains: nil, + IniFile: iniFile, + }, tls, err } keys := usersSection.Keys() @@ -177,6 +231,14 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller. } users[token.User] = token } - - return common, users, ports, domains, subdomains, iniFile, nil + return controller.HandleController{ + CommonInfo: common, + Tokens: users, + Ports: ports, + Domains: domains, + Subdomains: subdomains, + ConfigFile: configFile, + IniFile: iniFile, + Version: version, + }, tls, nil } diff --git a/config/cert.crt b/config/cert.crt new file mode 100644 index 0000000..73516d8 --- /dev/null +++ b/config/cert.crt @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIDwDCCAqigAwIBAgIIYb+7dG3vm+swDQYJKoZIhvcNAQELBQAwejELMAkGA1UE +BhMCQ04xFzAVBgNVBAoTDktleU1hbmFnZXIub3JnMTEwLwYDVQQLEyhLZXlNYW5h +Z2VyIFRlc3QgUm9vdCAtIEZvciBUZXN0IFVzZSBPbmx5MR8wHQYDVQQDExZLZXlN +YW5hZ2VyIFRlc3QgUlNBIENBMB4XDTIzMDkxMTA5NTY0NloXDTI0MDkxMTA5NTY0 +NlowJjELMAkGA1UEBhMCQ04xFzAVBgNVBAMTDmxvY2FsaG9zdDo3MjAwMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqp/BNnNx4OGqJHNLN0GX8MDUO4PI +WJ9rq6by65i2RXd4t51yyOH68l/TNmfCXcUQ91SvBBD+P2dK2gkZOlprDOS3tO+G +sCTAAEf/tv1+N2ZqDUPKwaIH60seDJd2a3A97KtfySFVrCUrlTeB/tPL5XMBFwTT +xPvfV6RULAaK6lJGdrM9/k/vYfneE+ZY5Bo1b7kaqZLOz9LW3icarPGcFDIes/Lu +d3sCbpjza0bAKFy594vIdwqjRY4OHdubwXV3wV/AxgA0tQNyYADFwa3YeSvBsfFq +PortWOAYKrg86RJJ8ilQumNiEs6FSYnSatbjMkKh7q9EerJf/exlW1IzDQIDAQAB +o4GdMIGaMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB +BQUHAwIwHQYDVR0OBBYEFJFGsaMxKCw1E2r2NC+PxdiI4p/VMB8GA1UdIwQYMBaA +FIBNaqqKRqtaWv5Us+XACf5jiY2rMCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo3MjAw +gg4xMjcuMC4wLjE6NzIwMDANBgkqhkiG9w0BAQsFAAOCAQEAhuNAScvlzJKL4aAm +bPl6Yru85GZZk+QmL8tICT9rxfq5L/5RhZXuTIqBDLB+ETHq5yQdiUJTphMpq2i3 +UZUzSMkUFokLROKWaENJz82RWYPUGNLqUO7vTIy2HGd4qOYjWDlHba7d9UIRTcKx +1pd4rqXRTka1rprmoBcSNgcFDcKmctgliOPFqa9V89xrWSznahNqRqdkvbzuuHFz +oZHKsTBzZ65Mk/E5+EdOYgEPg4kBfBMP7LXabUYCON1ArekRUHS1QJ0yCrzDpUxu +0XnFTHaoBtP2o7tqmRQk78/8UkqOkz8241p2Tl8n3YZDiJbrv6okTPe+c/m9xD37 +2kwdDg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID2jCCAsKgAwIBAgIIcAbJXpLHgDkwDQYJKoZIhvcNAQELBQAwezELMAkGA1UE +BhMCQ04xFzAVBgNVBAoTDktleU1hbmFnZXIub3JnMTEwLwYDVQQLEyhLZXlNYW5h +Z2VyIFRlc3QgUm9vdCAtIEZvciBUZXN0IFVzZSBPbmx5MSAwHgYDVQQDExdLZXlN +YW5hZ2VyIFRlc3QgUm9vdCBDQTAeFw0yMzA5MTEwOTEzNTFaFw0zMzA5MTEwOTEz +NTFaMHoxCzAJBgNVBAYTAkNOMRcwFQYDVQQKEw5LZXlNYW5hZ2VyLm9yZzExMC8G +A1UECxMoS2V5TWFuYWdlciBUZXN0IFJvb3QgLSBGb3IgVGVzdCBVc2UgT25seTEf +MB0GA1UEAxMWS2V5TWFuYWdlciBUZXN0IFJTQSBDQTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANfE1y7r94k5LeDncCnOfjItWXWWuNAzJFXsd0620cON +5jXCYfVGdRqPkpHtLml1OiMtnSyxxqIASCsxn+puvXPy12FJkTq8D5GtuuLk/8oI +iiGvFTbVR1C63ZwYQ/MOjMbmlICNVNFYDZfPbALLaZbvtd2q9xc/bq0zd9P6cfW4 +GKZyGNwmrNukUtXkIdPIaUiNRiseHwwyR//bJh9GFhCw5jpVK5bnDT1PZYFKww0J +qv5kA9fCY/Xm635MfRsvNI+2RMOBhKgblWGmDCaJMOglgyao3AVK8ajrNrlAoTHC +9Lcm4dQc2p0KUVfRitLio2ANKM3oh8q2qHPFrAnvjzcCAwEAAaNjMGEwDgYDVR0P +AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIBNaqqKRqtaWv5U +s+XACf5jiY2rMB8GA1UdIwQYMBaAFEOl8mT1ZXKyUe00w/jyQQKMYUQAMA0GCSqG +SIb3DQEBCwUAA4IBAQCouCabkdzZKiGMKlrCE0y/eDNqBUwdERWD+Xrxhm/K13bg +gJJXZsWWr2/iumbWkc3N9W5J2gyFc+iO79VrVMzlq2Kfbhy5XY5gioC8n1BL4FPs +lmOGtO/8NubZhjTVrE/wH2iDcC9vfE5EAM/axnQXA1DjuEhyRnZe40lTXnA37vc1 +f0hizePrPiMNpzJLZ9kj9pvOYRc7h+Oe04fz+iG5iSlJ/s4y81o0oOJkDLatfveC ++L2ZqbiagZTsBYiL68Y612n7UDH2tUpyE6hCxYlNb+hCMFLakRHfp/IHcz6oHxvV +kyJ5FwVvwn9fy4QOi/NsfASdb4AnyqRkJKNSlqWw +-----END CERTIFICATE----- diff --git a/config/cert.key b/config/cert.key new file mode 100644 index 0000000..ab436f4 --- /dev/null +++ b/config/cert.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAqp/BNnNx4OGqJHNLN0GX8MDUO4PIWJ9rq6by65i2RXd4t51y +yOH68l/TNmfCXcUQ91SvBBD+P2dK2gkZOlprDOS3tO+GsCTAAEf/tv1+N2ZqDUPK +waIH60seDJd2a3A97KtfySFVrCUrlTeB/tPL5XMBFwTTxPvfV6RULAaK6lJGdrM9 +/k/vYfneE+ZY5Bo1b7kaqZLOz9LW3icarPGcFDIes/Lud3sCbpjza0bAKFy594vI +dwqjRY4OHdubwXV3wV/AxgA0tQNyYADFwa3YeSvBsfFqPortWOAYKrg86RJJ8ilQ +umNiEs6FSYnSatbjMkKh7q9EerJf/exlW1IzDQIDAQABAoIBAFcIGBEDQAI6eYQQ +PzyXO751TYxyAv6Zit1K0jw0cDzs3Omj6UnoYw3ArUbiFDWqcKYITyGe3WFP+dFP +tMucFWDFRaOITkaI6Fr8XsZjdT8jAVN00faFBM8TSOeZVrEk1qFjJP+9/ipJ53o8 +jxWByU5npBWuw6qF432b98dhKvisW5Uu1hw8z935ld7uk3nF2mWAxzrTq8GE+Mn5 +Ic0yDmxnd/6rgUuAVtfGMDsKCks7P0J4bvxIG8fDnWh40SwNffrlHZ1Fz/yqJCCl +tzkbQnX7lp4JGq1NkubgIchQ5pJzoqzWSShr72tyipjpTBIKDWT6TMapp0Y+veJX +jl4fXs0CgYEA2kBFyO+/BSjOLmlftvos1YqrJD9eSy9ydSY9jRF/6qX1AWbbmH2c +rIN+kLeQtoFP87BMpMU1qDhmqbXx+WLaMYU0RTB8oNhriUbXE2hs7ndGm/FS8yzu +wG0xHBT8Bm8WA/5/bmFbjUCA7eSKYczYrHFd/aaf5HKGtGFJx8jz4t8CgYEAyCKm +vqJ1WGK2Ql/hN1Gw3/rmyzgPqMgfq0gi7cQ3bRY/txK5vWHcDQdIywpxmmMWpkzy +UX3m9hMb2ao01riFngIhBJslong0ExLSv50bi9evCAL0dZCQFPaBCgjNoMRjofGq +SE0fJMDEOqcEt2fEAH8Fa4FUw9MKAypV++H7s5MCgYEA1gZpaN8Sp/CYIJNdNYao +KNDPe8BYq8pfp9pUSd57XpRYa4N+nU+xMMvSdgBNfWvaB9M/leV+9PQ6WPr/y9vQ +tPc3hxJBZUpWSkyZ5YJmMIPvTkWdXrMVfsaVfkBl1bliEZClTo1SxnYW+TNBMR88 +6/5QecnIyrI0vvcY7z51TGkCgYB8CpYEc5Z9WHkUPG7PJY+V0uE2tSFnf9m5BDW5 +3jJoJzEIW8/JJB0J6ijgxzFP+fgwzGInxfvfKkrJpqenKaiPHUyvmSVDRHMqGzGJ +12saSmzOb15qe1YB2CJ0QK6J5Q7HcYwT0dDqq5szqw7OSb7+e7u1POx3jpaXDadL +PW4OhwKBgHcZWsXJUaKesNJbeGeRKmQHooSdrE69gika1HU7GYmTV3JwvAFrHSNF +EGMMTmWc6nTh63ADO/f+dpAoJVOQM/OhEVVyfvlByLEFeieGegwyREWVYajW+6Dt +Ztrafmyvn+r3yhWN9g+p1yQTeVLw23ir9cYhP8OqnL4d89c3o+r3 +-----END RSA PRIVATE KEY----- diff --git a/config/frps-panel.ini b/config/frps-panel.ini index fa36c15..2a881a2 100644 --- a/config/frps-panel.ini +++ b/config/frps-panel.ini @@ -1,15 +1,19 @@ ; basic options [common] ; frps panel config info -plugin_addr = 127.0.0.1 -plugin_port = 7200 -admin_user = admin -admin_pwd = admin +plugin_addr = 127.0.0.1 +plugin_port = 7200 +admin_user = admin +admin_pwd = admin ; frp dashboard info dashboard_addr = 127.0.0.1 dashboard_port = 7500 dashboard_user = admin -dashboard_pwd = admin +dashboard_pwd = admin +; enable tls +dashboard_tls_mode = false +dashboard_tls_cert_file = cert.crt +dashboard_tls_key_file = cert.key ; user tokens [users] diff --git a/pkg/server/server.go b/pkg/server/server.go index bfb4152..581b98a 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -22,16 +22,26 @@ import ( type Server struct { cfg controller.HandleController s *http.Server + tls TLS done chan struct{} rootDir string } -func New(rootDir string, cfg controller.HandleController) (*Server, error) { +type TLS struct { + Enable bool + Cert string + Key string + Protocol string +} + +func New(rootDir string, cfg controller.HandleController, tls TLS) (*Server, error) { s := &Server{ cfg: cfg, done: make(chan struct{}), rootDir: rootDir, + tls: tls, } + if err := s.init(); err != nil { return nil, err } @@ -44,10 +54,32 @@ func (s *Server) Run() error { if err != nil { return err } - log.Printf("HTTP server listen on %s", l.Addr().String()) + log.Printf("%s server listen on %s", s.tls.Protocol, l.Addr().String()) go func() { - if err = s.s.Serve(l); !errors.Is(http.ErrServerClosed, err) { - log.Printf("error shutdown HTTP server: %v", err) + if s.tls.Enable { + configDir := filepath.Dir(s.cfg.ConfigFile) + + cert := filepath.Join(configDir, s.tls.Cert) + _, err := os.Stat(cert) + if err != nil && !os.IsExist(err) { + cert = s.tls.Cert + } + + key := filepath.Join(configDir, s.tls.Key) + _, err = os.Stat(key) + if err != nil && !os.IsExist(err) { + key = s.tls.Key + } + + if err = s.s.ServeTLS(l, cert, key); !errors.Is(http.ErrServerClosed, err) { + log.Printf("error shutdown %s server: %v", s.tls.Protocol, err) + _ = s.Stop() + } + } else { + if err = s.s.Serve(l); !errors.Is(http.ErrServerClosed, err) { + log.Printf("error shutdown %s server: %v", s.tls.Protocol, err) + _ = s.Stop() + } } }() <-s.done @@ -58,16 +90,17 @@ func (s *Server) Stop() error { ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() if err := s.s.Shutdown(ctx); err != nil { - log.Fatalf("shutdown HTTP server error: %v", err) + log.Fatalf("shutdown %s server error: %v", s.tls.Protocol, err) } - log.Printf("HTTP server exited") + log.Printf("%s server exited", s.tls.Protocol) + close(s.done) return nil } func (s *Server) init() error { if err := s.initHTTPServer(); err != nil { - log.Printf("init HTTP server error: %v", err) + log.Printf("init %s server error: %v", s.tls.Protocol, err) return err } return nil