support tls

2026-04-04 06:16:59 +08:00 · 2023-09-11 18:02:10 +08:00
parent 3528d6ed17
commit 058756af0a
5 changed files with 205 additions and 33 deletions
--- a/cmd/frps-panel/cmd.go
+++ b/cmd/frps-panel/cmd.go
@@ -40,23 +40,17 @@ var rootCmd = &cobra.Command{
 		}
 		rootDir := filepath.Dir(executable)

-		common, tokens, ports, domains, subdomains, iniFile, err := ParseConfigFile(configFile)
+		config, tls, err := ParseConfigFile(configFile)
 		if err != nil {
 			log.Printf("fail to start frps-panel : %v", err)
 			return err
 		}
+
 		s, err := server.New(
 			rootDir,
-			controller.HandleController{
-				CommonInfo: common,
-				Tokens:     tokens,
-				Ports:      ports,
-				Domains:    domains,
-				Subdomains: subdomains,
-				ConfigFile: configFile,
-				IniFile:    iniFile,
-				Version:    version,
-			})
+			config,
+			tls,
+		)
 		if err != nil {
 			return err
 		}
@@ -74,12 +68,16 @@ func Execute() {
 	}
 }

-func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.TokenInfo, map[string][]string, map[string][]string, map[string][]string, *ini.File, error) {
+func ParseConfigFile(file string) (controller.HandleController, server.TLS, error) {
 	common := controller.CommonInfo{}
 	users := make(map[string]controller.TokenInfo)
 	ports := make(map[string][]string)
 	domains := make(map[string][]string)
 	subdomains := make(map[string][]string)
+	tls := server.TLS{
+		Enable:   false,
+		Protocol: "HTTP",
+	}

 	iniFile, err := ini.LoadSources(ini.LoadOptions{
 		Insensitive:         false,
@@ -95,13 +93,27 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.
 		} else {
 			log.Printf("fail to parse token file %s : %v", file, err)
 		}
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}

 	commonSection, err := iniFile.GetSection("common")
 	if err != nil {
 		log.Printf("fail to get [common] section from file %s : %v", file, err)
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}
 	common.PluginAddr = commonSection.Key("plugin_addr").MustString("0.0.0.0")
 	common.PluginPort = commonSection.Key("plugin_port").MustInt(7200)
@@ -112,10 +124,24 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.
 	common.DashboardUser = commonSection.Key("dashboard_user").Value()
 	common.DashboardPwd = commonSection.Key("dashboard_pwd").Value()

+	tls.Enable = commonSection.Key("dashboard_tls_mode").MustBool(false)
+	tls.Cert = commonSection.Key("dashboard_tls_cert_file").MustString("")
+	tls.Key = commonSection.Key("dashboard_tls_key_file").MustString("")
+	if tls.Enable {
+		tls.Protocol = "HTTPS"
+	}
+
 	portsSection, err := iniFile.GetSection("ports")
 	if err != nil {
 		log.Printf("fail to get [ports] section from file %s : %v", file, err)
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}
 	for _, key := range portsSection.Keys() {
 		user := key.Name()
@@ -127,7 +153,14 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.
 	domainsSection, err := iniFile.GetSection("domains")
 	if err != nil {
 		log.Printf("fail to get [domains] section from file %s : %v", file, err)
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}
 	for _, key := range domainsSection.Keys() {
 		user := key.Name()
@@ -139,7 +172,14 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.
 	subdomainsSection, err := iniFile.GetSection("subdomains")
 	if err != nil {
 		log.Printf("fail to get [subdomains] section from file %s : %v", file, err)
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}
 	for _, key := range subdomainsSection.Keys() {
 		user := key.Name()
@@ -151,13 +191,27 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.
 	usersSection, err := iniFile.GetSection("users")
 	if err != nil {
 		log.Printf("fail to get [users] section from file %s : %v", file, err)
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}

 	disabledSection, err := iniFile.GetSection("disabled")
 	if err != nil {
 		log.Printf("fail to get [disabled] section from file %s : %v", file, err)
-		return common, nil, nil, nil, nil, iniFile, err
+		return controller.HandleController{
+			CommonInfo: common,
+			Tokens:     nil,
+			Ports:      nil,
+			Domains:    nil,
+			Subdomains: nil,
+			IniFile:    iniFile,
+		}, tls, err
 	}

 	keys := usersSection.Keys()
@@ -177,6 +231,14 @@ func ParseConfigFile(file string) (controller.CommonInfo, map[string]controller.
 		}
 		users[token.User] = token
 	}
-
-	return common, users, ports, domains, subdomains, iniFile, nil
+	return controller.HandleController{
+		CommonInfo: common,
+		Tokens:     users,
+		Ports:      ports,
+		Domains:    domains,
+		Subdomains: subdomains,
+		ConfigFile: configFile,
+		IniFile:    iniFile,
+		Version:    version,
+	}, tls, nil
 }
--- a/config/cert.crt
+++ b/config/cert.crt
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIDwDCCAqigAwIBAgIIYb+7dG3vm+swDQYJKoZIhvcNAQELBQAwejELMAkGA1UE
+BhMCQ04xFzAVBgNVBAoTDktleU1hbmFnZXIub3JnMTEwLwYDVQQLEyhLZXlNYW5h
+Z2VyIFRlc3QgUm9vdCAtIEZvciBUZXN0IFVzZSBPbmx5MR8wHQYDVQQDExZLZXlN
+YW5hZ2VyIFRlc3QgUlNBIENBMB4XDTIzMDkxMTA5NTY0NloXDTI0MDkxMTA5NTY0
+NlowJjELMAkGA1UEBhMCQ04xFzAVBgNVBAMTDmxvY2FsaG9zdDo3MjAwMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqp/BNnNx4OGqJHNLN0GX8MDUO4PI
+WJ9rq6by65i2RXd4t51yyOH68l/TNmfCXcUQ91SvBBD+P2dK2gkZOlprDOS3tO+G
+sCTAAEf/tv1+N2ZqDUPKwaIH60seDJd2a3A97KtfySFVrCUrlTeB/tPL5XMBFwTT
+xPvfV6RULAaK6lJGdrM9/k/vYfneE+ZY5Bo1b7kaqZLOz9LW3icarPGcFDIes/Lu
+d3sCbpjza0bAKFy594vIdwqjRY4OHdubwXV3wV/AxgA0tQNyYADFwa3YeSvBsfFq
+PortWOAYKrg86RJJ8ilQumNiEs6FSYnSatbjMkKh7q9EerJf/exlW1IzDQIDAQAB
+o4GdMIGaMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
+BQUHAwIwHQYDVR0OBBYEFJFGsaMxKCw1E2r2NC+PxdiI4p/VMB8GA1UdIwQYMBaA
+FIBNaqqKRqtaWv5Us+XACf5jiY2rMCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo3MjAw
+gg4xMjcuMC4wLjE6NzIwMDANBgkqhkiG9w0BAQsFAAOCAQEAhuNAScvlzJKL4aAm
+bPl6Yru85GZZk+QmL8tICT9rxfq5L/5RhZXuTIqBDLB+ETHq5yQdiUJTphMpq2i3
+UZUzSMkUFokLROKWaENJz82RWYPUGNLqUO7vTIy2HGd4qOYjWDlHba7d9UIRTcKx
+1pd4rqXRTka1rprmoBcSNgcFDcKmctgliOPFqa9V89xrWSznahNqRqdkvbzuuHFz
+oZHKsTBzZ65Mk/E5+EdOYgEPg4kBfBMP7LXabUYCON1ArekRUHS1QJ0yCrzDpUxu
+0XnFTHaoBtP2o7tqmRQk78/8UkqOkz8241p2Tl8n3YZDiJbrv6okTPe+c/m9xD37
+2kwdDg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID2jCCAsKgAwIBAgIIcAbJXpLHgDkwDQYJKoZIhvcNAQELBQAwezELMAkGA1UE
+BhMCQ04xFzAVBgNVBAoTDktleU1hbmFnZXIub3JnMTEwLwYDVQQLEyhLZXlNYW5h
+Z2VyIFRlc3QgUm9vdCAtIEZvciBUZXN0IFVzZSBPbmx5MSAwHgYDVQQDExdLZXlN
+YW5hZ2VyIFRlc3QgUm9vdCBDQTAeFw0yMzA5MTEwOTEzNTFaFw0zMzA5MTEwOTEz
+NTFaMHoxCzAJBgNVBAYTAkNOMRcwFQYDVQQKEw5LZXlNYW5hZ2VyLm9yZzExMC8G
+A1UECxMoS2V5TWFuYWdlciBUZXN0IFJvb3QgLSBGb3IgVGVzdCBVc2UgT25seTEf
+MB0GA1UEAxMWS2V5TWFuYWdlciBUZXN0IFJTQSBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBANfE1y7r94k5LeDncCnOfjItWXWWuNAzJFXsd0620cON
+5jXCYfVGdRqPkpHtLml1OiMtnSyxxqIASCsxn+puvXPy12FJkTq8D5GtuuLk/8oI
+iiGvFTbVR1C63ZwYQ/MOjMbmlICNVNFYDZfPbALLaZbvtd2q9xc/bq0zd9P6cfW4
+GKZyGNwmrNukUtXkIdPIaUiNRiseHwwyR//bJh9GFhCw5jpVK5bnDT1PZYFKww0J
+qv5kA9fCY/Xm635MfRsvNI+2RMOBhKgblWGmDCaJMOglgyao3AVK8ajrNrlAoTHC
+9Lcm4dQc2p0KUVfRitLio2ANKM3oh8q2qHPFrAnvjzcCAwEAAaNjMGEwDgYDVR0P
+AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIBNaqqKRqtaWv5U
+s+XACf5jiY2rMB8GA1UdIwQYMBaAFEOl8mT1ZXKyUe00w/jyQQKMYUQAMA0GCSqG
+SIb3DQEBCwUAA4IBAQCouCabkdzZKiGMKlrCE0y/eDNqBUwdERWD+Xrxhm/K13bg
+gJJXZsWWr2/iumbWkc3N9W5J2gyFc+iO79VrVMzlq2Kfbhy5XY5gioC8n1BL4FPs
+lmOGtO/8NubZhjTVrE/wH2iDcC9vfE5EAM/axnQXA1DjuEhyRnZe40lTXnA37vc1
+f0hizePrPiMNpzJLZ9kj9pvOYRc7h+Oe04fz+iG5iSlJ/s4y81o0oOJkDLatfveC
+L2ZqbiagZTsBYiL68Y612n7UDH2tUpyE6hCxYlNb+hCMFLakRHfp/IHcz6oHxvV
+kyJ5FwVvwn9fy4QOi/NsfASdb4AnyqRkJKNSlqWw
+-----END CERTIFICATE-----
--- a/config/cert.key
+++ b/config/cert.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAqp/BNnNx4OGqJHNLN0GX8MDUO4PIWJ9rq6by65i2RXd4t51y
+yOH68l/TNmfCXcUQ91SvBBD+P2dK2gkZOlprDOS3tO+GsCTAAEf/tv1+N2ZqDUPK
+waIH60seDJd2a3A97KtfySFVrCUrlTeB/tPL5XMBFwTTxPvfV6RULAaK6lJGdrM9
+/k/vYfneE+ZY5Bo1b7kaqZLOz9LW3icarPGcFDIes/Lud3sCbpjza0bAKFy594vI
+dwqjRY4OHdubwXV3wV/AxgA0tQNyYADFwa3YeSvBsfFqPortWOAYKrg86RJJ8ilQ
+umNiEs6FSYnSatbjMkKh7q9EerJf/exlW1IzDQIDAQABAoIBAFcIGBEDQAI6eYQQ
+PzyXO751TYxyAv6Zit1K0jw0cDzs3Omj6UnoYw3ArUbiFDWqcKYITyGe3WFP+dFP
+tMucFWDFRaOITkaI6Fr8XsZjdT8jAVN00faFBM8TSOeZVrEk1qFjJP+9/ipJ53o8
+jxWByU5npBWuw6qF432b98dhKvisW5Uu1hw8z935ld7uk3nF2mWAxzrTq8GE+Mn5
+Ic0yDmxnd/6rgUuAVtfGMDsKCks7P0J4bvxIG8fDnWh40SwNffrlHZ1Fz/yqJCCl
+tzkbQnX7lp4JGq1NkubgIchQ5pJzoqzWSShr72tyipjpTBIKDWT6TMapp0Y+veJX
+jl4fXs0CgYEA2kBFyO+/BSjOLmlftvos1YqrJD9eSy9ydSY9jRF/6qX1AWbbmH2c
+rIN+kLeQtoFP87BMpMU1qDhmqbXx+WLaMYU0RTB8oNhriUbXE2hs7ndGm/FS8yzu
+wG0xHBT8Bm8WA/5/bmFbjUCA7eSKYczYrHFd/aaf5HKGtGFJx8jz4t8CgYEAyCKm
+vqJ1WGK2Ql/hN1Gw3/rmyzgPqMgfq0gi7cQ3bRY/txK5vWHcDQdIywpxmmMWpkzy
+UX3m9hMb2ao01riFngIhBJslong0ExLSv50bi9evCAL0dZCQFPaBCgjNoMRjofGq
+SE0fJMDEOqcEt2fEAH8Fa4FUw9MKAypV++H7s5MCgYEA1gZpaN8Sp/CYIJNdNYao
+KNDPe8BYq8pfp9pUSd57XpRYa4N+nU+xMMvSdgBNfWvaB9M/leV+9PQ6WPr/y9vQ
+tPc3hxJBZUpWSkyZ5YJmMIPvTkWdXrMVfsaVfkBl1bliEZClTo1SxnYW+TNBMR88
+6/5QecnIyrI0vvcY7z51TGkCgYB8CpYEc5Z9WHkUPG7PJY+V0uE2tSFnf9m5BDW5
+3jJoJzEIW8/JJB0J6ijgxzFP+fgwzGInxfvfKkrJpqenKaiPHUyvmSVDRHMqGzGJ
+12saSmzOb15qe1YB2CJ0QK6J5Q7HcYwT0dDqq5szqw7OSb7+e7u1POx3jpaXDadL
+PW4OhwKBgHcZWsXJUaKesNJbeGeRKmQHooSdrE69gika1HU7GYmTV3JwvAFrHSNF
+EGMMTmWc6nTh63ADO/f+dpAoJVOQM/OhEVVyfvlByLEFeieGegwyREWVYajW+6Dt
+Ztrafmyvn+r3yhWN9g+p1yQTeVLw23ir9cYhP8OqnL4d89c3o+r3
+-----END RSA PRIVATE KEY-----
--- a/config/frps-panel.ini
+++ b/config/frps-panel.ini
@@ -1,15 +1,19 @@
 ; basic options
 [common]
 ; frps panel config info
-plugin_addr    = 127.0.0.1
-plugin_port    = 7200
-admin_user     = admin
-admin_pwd      = admin
+plugin_addr = 127.0.0.1
+plugin_port = 7200
+admin_user = admin
+admin_pwd = admin
 ; frp dashboard info
 dashboard_addr = 127.0.0.1
 dashboard_port = 7500
 dashboard_user = admin
-dashboard_pwd  = admin
+dashboard_pwd = admin
+; enable tls
+dashboard_tls_mode = false
+dashboard_tls_cert_file = cert.crt
+dashboard_tls_key_file = cert.key

 ; user tokens
 [users]
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@@ -22,16 +22,26 @@ import (
 type Server struct {
 	cfg     controller.HandleController
 	s       *http.Server
+	tls     TLS
 	done    chan struct{}
 	rootDir string
 }

-func New(rootDir string, cfg controller.HandleController) (*Server, error) {
+type TLS struct {
+	Enable   bool
+	Cert     string
+	Key      string
+	Protocol string
+}
+
+func New(rootDir string, cfg controller.HandleController, tls TLS) (*Server, error) {
 	s := &Server{
 		cfg:     cfg,
 		done:    make(chan struct{}),
 		rootDir: rootDir,
+		tls:     tls,
 	}
+
 	if err := s.init(); err != nil {
 		return nil, err
 	}
@@ -44,10 +54,32 @@ func (s *Server) Run() error {
 	if err != nil {
 		return err
 	}
-	log.Printf("HTTP server listen on %s", l.Addr().String())
+	log.Printf("%s server listen on %s", s.tls.Protocol, l.Addr().String())
 	go func() {
-		if err = s.s.Serve(l); !errors.Is(http.ErrServerClosed, err) {
-			log.Printf("error shutdown HTTP server: %v", err)
+		if s.tls.Enable {
+			configDir := filepath.Dir(s.cfg.ConfigFile)
+
+			cert := filepath.Join(configDir, s.tls.Cert)
+			_, err := os.Stat(cert)
+			if err != nil && !os.IsExist(err) {
+				cert = s.tls.Cert
+			}
+
+			key := filepath.Join(configDir, s.tls.Key)
+			_, err = os.Stat(key)
+			if err != nil && !os.IsExist(err) {
+				key = s.tls.Key
+			}
+
+			if err = s.s.ServeTLS(l, cert, key); !errors.Is(http.ErrServerClosed, err) {
+				log.Printf("error shutdown %s server: %v", s.tls.Protocol, err)
+				_ = s.Stop()
+			}
+		} else {
+			if err = s.s.Serve(l); !errors.Is(http.ErrServerClosed, err) {
+				log.Printf("error shutdown %s server: %v", s.tls.Protocol, err)
+				_ = s.Stop()
+			}
 		}
 	}()
 	<-s.done
@@ -58,16 +90,17 @@ func (s *Server) Stop() error {
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()
 	if err := s.s.Shutdown(ctx); err != nil {
-		log.Fatalf("shutdown HTTP server error: %v", err)
+		log.Fatalf("shutdown %s server error: %v", s.tls.Protocol, err)
 	}
-	log.Printf("HTTP server exited")
+	log.Printf("%s server exited", s.tls.Protocol)
+
 	close(s.done)
 	return nil
 }

 func (s *Server) init() error {
 	if err := s.initHTTPServer(); err != nil {
-		log.Printf("init HTTP server error: %v", err)
+		log.Printf("init %s server error: %v", s.tls.Protocol, err)
 		return err
 	}
 	return nil