diff --git a/README.md b/README.md index 9122de1e..915e1e8e 100644 --- a/README.md +++ b/README.md @@ -10,12 +10,23 @@
+ + + +
+- + + +
++ +
diff --git a/README_zh.md b/README_zh.md index f71a5794..95ede3ee 100644 --- a/README_zh.md +++ b/README_zh.md @@ -12,12 +12,23 @@ frp 是一个专注于内网穿透的高性能的反向代理应用,支持 TCP+ + + +
+- + + +
++ +
diff --git a/Release.md b/Release.md index a1fa993a..6e142def 100644 --- a/Release.md +++ b/Release.md @@ -1,9 +1,8 @@ -### Fixes +### Features -* Fixed an issue where HTTP/2 was not enabled for https2http and https2https plugins. -* Fixed the issue where the default values of INI configuration parameters are inconsistent with other configuration formats. +* Added a new plugin "http2http" which allows forwarding HTTP requests to another HTTP server, supporting options like local address binding, host header rewrite, and custom request headers. +* Added `enableHTTP2` option to control whether to enable HTTP/2 in plugin https2http and https2https, default is true. ### Changes -* Updated the default value of `transport.tcpMuxKeepaliveInterval` from 60 to 30. -* On the Android platform, the Google DNS server is used only when the default DNS server cannot be obtained. +* Plugin https2http & https2https: return 421 `Misdirected Request` if host not match sni. diff --git a/conf/frpc_full_example.toml b/conf/frpc_full_example.toml index c88087a1..51b89c2a 100644 --- a/conf/frpc_full_example.toml +++ b/conf/frpc_full_example.toml @@ -315,6 +315,16 @@ localAddr = "127.0.0.1:443" hostHeaderRewrite = "127.0.0.1" requestHeaders.set.x-from-where = "frp" +[[proxies]] +name = "plugin_http2http" +type = "tcp" +remotePort = 6007 +[proxies.plugin] +type = "http2http" +localAddr = "127.0.0.1:80" +hostHeaderRewrite = "127.0.0.1" +requestHeaders.set.x-from-where = "frp" + [[proxies]] name = "secret_tcp" # If the type is secret tcp, remotePort is useless diff --git a/doc/pic/donate-wechatpay.png b/doc/pic/donate-wechatpay.png deleted file mode 100644 index d8fef587..00000000 Binary files a/doc/pic/donate-wechatpay.png and /dev/null differ diff --git a/doc/pic/sponsor_daytona.png b/doc/pic/sponsor_daytona.png index b00f9327..a5271cc9 100644 Binary files a/doc/pic/sponsor_daytona.png and b/doc/pic/sponsor_daytona.png differ diff --git a/doc/pic/sponsor_doppler.png b/doc/pic/sponsor_doppler.png deleted file mode 100644 index 0d66038b..00000000 Binary files a/doc/pic/sponsor_doppler.png and /dev/null differ diff --git a/doc/pic/sponsor_lokal.png b/doc/pic/sponsor_lokal.png new file mode 100644 index 00000000..82386356 Binary files /dev/null and b/doc/pic/sponsor_lokal.png differ diff --git a/doc/pic/sponsor_nango.png b/doc/pic/sponsor_nango.png deleted file mode 100644 index 4b835656..00000000 Binary files a/doc/pic/sponsor_nango.png and /dev/null differ diff --git a/doc/pic/sponsor_terminusos.jpeg b/doc/pic/sponsor_terminusos.jpeg new file mode 100644 index 00000000..798302ab Binary files /dev/null and b/doc/pic/sponsor_terminusos.jpeg differ diff --git a/pkg/config/v1/plugin.go b/pkg/config/v1/plugin.go index 3a7c8344..7ae4a4d4 100644 --- a/pkg/config/v1/plugin.go +++ b/pkg/config/v1/plugin.go @@ -20,9 +20,15 @@ import ( "errors" "fmt" "reflect" + + "github.com/samber/lo" + + "github.com/fatedier/frp/pkg/util/util" ) -type ClientPluginOptions interface{} +type ClientPluginOptions interface { + Complete() +} type TypedClientPluginOptions struct { Type string `json:"type"` @@ -73,6 +79,7 @@ const ( PluginHTTPProxy = "http_proxy" PluginHTTPS2HTTP = "https2http" PluginHTTPS2HTTPS = "https2https" + PluginHTTP2HTTP = "http2http" PluginSocks5 = "socks5" PluginStaticFile = "static_file" PluginUnixDomainSocket = "unix_domain_socket" @@ -83,6 +90,7 @@ var clientPluginOptionsTypeMap = map[string]reflect.Type{ PluginHTTPProxy: reflect.TypeOf(HTTPProxyPluginOptions{}), PluginHTTPS2HTTP: reflect.TypeOf(HTTPS2HTTPPluginOptions{}), PluginHTTPS2HTTPS: reflect.TypeOf(HTTPS2HTTPSPluginOptions{}), + PluginHTTP2HTTP: reflect.TypeOf(HTTP2HTTPPluginOptions{}), PluginSocks5: reflect.TypeOf(Socks5PluginOptions{}), PluginStaticFile: reflect.TypeOf(StaticFilePluginOptions{}), PluginUnixDomainSocket: reflect.TypeOf(UnixDomainSocketPluginOptions{}), @@ -95,36 +103,61 @@ type HTTP2HTTPSPluginOptions struct { RequestHeaders HeaderOperations `json:"requestHeaders,omitempty"` } +func (o *HTTP2HTTPSPluginOptions) Complete() {} + type HTTPProxyPluginOptions struct { Type string `json:"type,omitempty"` HTTPUser string `json:"httpUser,omitempty"` HTTPPassword string `json:"httpPassword,omitempty"` } +func (o *HTTPProxyPluginOptions) Complete() {} + type HTTPS2HTTPPluginOptions struct { Type string `json:"type,omitempty"` LocalAddr string `json:"localAddr,omitempty"` HostHeaderRewrite string `json:"hostHeaderRewrite,omitempty"` RequestHeaders HeaderOperations `json:"requestHeaders,omitempty"` + EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` CrtPath string `json:"crtPath,omitempty"` KeyPath string `json:"keyPath,omitempty"` } +func (o *HTTPS2HTTPPluginOptions) Complete() { + o.EnableHTTP2 = util.EmptyOr(o.EnableHTTP2, lo.ToPtr(true)) +} + type HTTPS2HTTPSPluginOptions struct { Type string `json:"type,omitempty"` LocalAddr string `json:"localAddr,omitempty"` HostHeaderRewrite string `json:"hostHeaderRewrite,omitempty"` RequestHeaders HeaderOperations `json:"requestHeaders,omitempty"` + EnableHTTP2 *bool `json:"enableHTTP2,omitempty"` CrtPath string `json:"crtPath,omitempty"` KeyPath string `json:"keyPath,omitempty"` } +func (o *HTTPS2HTTPSPluginOptions) Complete() { + o.EnableHTTP2 = util.EmptyOr(o.EnableHTTP2, lo.ToPtr(true)) +} + +type HTTP2HTTPPluginOptions struct { + Type string `json:"type,omitempty"` + LocalAddr string `json:"localAddr,omitempty"` + HostHeaderRewrite string `json:"hostHeaderRewrite,omitempty"` + RequestHeaders HeaderOperations `json:"requestHeaders,omitempty"` +} + +func (o *HTTP2HTTPPluginOptions) Complete() {} + type Socks5PluginOptions struct { Type string `json:"type,omitempty"` Username string `json:"username,omitempty"` Password string `json:"password,omitempty"` } +func (o *Socks5PluginOptions) Complete() {} + type StaticFilePluginOptions struct { Type string `json:"type,omitempty"` LocalPath string `json:"localPath,omitempty"` @@ -133,7 +166,11 @@ type StaticFilePluginOptions struct { HTTPPassword string `json:"httpPassword,omitempty"` } +func (o *StaticFilePluginOptions) Complete() {} + type UnixDomainSocketPluginOptions struct { Type string `json:"type,omitempty"` UnixPath string `json:"unixPath,omitempty"` } + +func (o *UnixDomainSocketPluginOptions) Complete() {} diff --git a/pkg/config/v1/proxy.go b/pkg/config/v1/proxy.go index 45c489f6..d53d05e3 100644 --- a/pkg/config/v1/proxy.go +++ b/pkg/config/v1/proxy.go @@ -127,6 +127,10 @@ func (c *ProxyBaseConfig) Complete(namePrefix string) { c.Name = lo.Ternary(namePrefix == "", "", namePrefix+".") + c.Name c.LocalIP = util.EmptyOr(c.LocalIP, "127.0.0.1") c.Transport.BandwidthLimitMode = util.EmptyOr(c.Transport.BandwidthLimitMode, types.BandwidthLimitModeClient) + + if c.Plugin.ClientPluginOptions != nil { + c.Plugin.ClientPluginOptions.Complete() + } } func (c *ProxyBaseConfig) MarshalToMsg(m *msg.NewProxy) { diff --git a/pkg/plugin/client/http2http.go b/pkg/plugin/client/http2http.go new file mode 100644 index 00000000..689b90b6 --- /dev/null +++ b/pkg/plugin/client/http2http.go @@ -0,0 +1,91 @@ +// Copyright 2024 The frp Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package plugin + +import ( + "io" + stdlog "log" + "net" + "net/http" + "net/http/httputil" + + "github.com/fatedier/golib/pool" + + v1 "github.com/fatedier/frp/pkg/config/v1" + "github.com/fatedier/frp/pkg/util/log" + netpkg "github.com/fatedier/frp/pkg/util/net" +) + +func init() { + Register(v1.PluginHTTP2HTTP, NewHTTP2HTTPPlugin) +} + +type HTTP2HTTPPlugin struct { + opts *v1.HTTP2HTTPPluginOptions + + l *Listener + s *http.Server +} + +func NewHTTP2HTTPPlugin(options v1.ClientPluginOptions) (Plugin, error) { + opts := options.(*v1.HTTP2HTTPPluginOptions) + + listener := NewProxyListener() + + p := &HTTP2HTTPPlugin{ + opts: opts, + l: listener, + } + + rp := &httputil.ReverseProxy{ + Rewrite: func(r *httputil.ProxyRequest) { + req := r.Out + req.URL.Scheme = "http" + req.URL.Host = p.opts.LocalAddr + if p.opts.HostHeaderRewrite != "" { + req.Host = p.opts.HostHeaderRewrite + } + for k, v := range p.opts.RequestHeaders.Set { + req.Header.Set(k, v) + } + }, + BufferPool: pool.NewBuffer(32 * 1024), + ErrorLog: stdlog.New(log.NewWriteLogger(log.WarnLevel, 2), "", 0), + } + + p.s = &http.Server{ + Handler: rp, + ReadHeaderTimeout: 0, + } + + go func() { + _ = p.s.Serve(listener) + }() + + return p, nil +} + +func (p *HTTP2HTTPPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) { + wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn) + _ = p.l.PutConn(wrapConn) +} + +func (p *HTTP2HTTPPlugin) Name() string { + return v1.PluginHTTP2HTTP +} + +func (p *HTTP2HTTPPlugin) Close() error { + return p.s.Close() +} diff --git a/pkg/plugin/client/https2http.go b/pkg/plugin/client/https2http.go index 6d686361..3bb12c22 100644 --- a/pkg/plugin/client/https2http.go +++ b/pkg/plugin/client/https2http.go @@ -27,9 +27,11 @@ import ( "time" "github.com/fatedier/golib/pool" + "github.com/samber/lo" v1 "github.com/fatedier/frp/pkg/config/v1" "github.com/fatedier/frp/pkg/transport" + httppkg "github.com/fatedier/frp/pkg/util/http" "github.com/fatedier/frp/pkg/util/log" netpkg "github.com/fatedier/frp/pkg/util/net" ) @@ -71,6 +73,17 @@ func NewHTTPS2HTTPPlugin(options v1.ClientPluginOptions) (Plugin, error) { BufferPool: pool.NewBuffer(32 * 1024), ErrorLog: stdlog.New(log.NewWriteLogger(log.WarnLevel, 2), "", 0), } + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.TLS != nil { + tlsServerName, _ := httppkg.CanonicalHost(r.TLS.ServerName) + host, _ := httppkg.CanonicalHost(r.Host) + if tlsServerName != "" && tlsServerName != host { + w.WriteHeader(http.StatusMisdirectedRequest) + return + } + } + rp.ServeHTTP(w, r) + }) var ( tlsConfig *tls.Config @@ -87,10 +100,13 @@ func NewHTTPS2HTTPPlugin(options v1.ClientPluginOptions) (Plugin, error) { } p.s = &http.Server{ - Handler: rp, + Handler: handler, ReadHeaderTimeout: 60 * time.Second, TLSConfig: tlsConfig, } + if !lo.FromPtr(opts.EnableHTTP2) { + p.s.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler)) + } go func() { _ = p.s.ServeTLS(listener, "", "") diff --git a/pkg/plugin/client/https2https.go b/pkg/plugin/client/https2https.go index 5ddd4dd6..c315c8e3 100644 --- a/pkg/plugin/client/https2https.go +++ b/pkg/plugin/client/https2https.go @@ -27,9 +27,11 @@ import ( "time" "github.com/fatedier/golib/pool" + "github.com/samber/lo" v1 "github.com/fatedier/frp/pkg/config/v1" "github.com/fatedier/frp/pkg/transport" + httppkg "github.com/fatedier/frp/pkg/util/http" "github.com/fatedier/frp/pkg/util/log" netpkg "github.com/fatedier/frp/pkg/util/net" ) @@ -77,6 +79,17 @@ func NewHTTPS2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) { BufferPool: pool.NewBuffer(32 * 1024), ErrorLog: stdlog.New(log.NewWriteLogger(log.WarnLevel, 2), "", 0), } + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.TLS != nil { + tlsServerName, _ := httppkg.CanonicalHost(r.TLS.ServerName) + host, _ := httppkg.CanonicalHost(r.Host) + if tlsServerName != "" && tlsServerName != host { + w.WriteHeader(http.StatusMisdirectedRequest) + return + } + } + rp.ServeHTTP(w, r) + }) var ( tlsConfig *tls.Config @@ -93,10 +106,13 @@ func NewHTTPS2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) { } p.s = &http.Server{ - Handler: rp, + Handler: handler, ReadHeaderTimeout: 60 * time.Second, TLSConfig: tlsConfig, } + if !lo.FromPtr(opts.EnableHTTP2) { + p.s.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler)) + } go func() { _ = p.s.ServeTLS(listener, "", "") diff --git a/pkg/util/version/version.go b/pkg/util/version/version.go index 11d140eb..561a52e7 100644 --- a/pkg/util/version/version.go +++ b/pkg/util/version/version.go @@ -14,7 +14,7 @@ package version -var version = "0.58.1" +var version = "0.59.0" func Full() string { return version diff --git a/test/e2e/v1/plugin/client.go b/test/e2e/v1/plugin/client.go index 476adb89..3499e882 100644 --- a/test/e2e/v1/plugin/client.go +++ b/test/e2e/v1/plugin/client.go @@ -3,6 +3,7 @@ package plugin import ( "crypto/tls" "fmt" + "net/http" "strconv" "github.com/onsi/ginkgo/v2" @@ -329,4 +330,76 @@ var _ = ginkgo.Describe("[Feature: Client-Plugins]", func() { ExpectResp([]byte("test")). Ensure() }) + + ginkgo.Describe("http2http", func() { + ginkgo.It("host header rewrite", func() { + serverConf := consts.DefaultServerConfig + + localPort := f.AllocPort() + remotePort := f.AllocPort() + clientConf := consts.DefaultClientConfig + fmt.Sprintf(` + [[proxies]] + name = "http2http" + type = "tcp" + remotePort = %d + [proxies.plugin] + type = "http2http" + localAddr = "127.0.0.1:%d" + hostHeaderRewrite = "rewrite.test.com" + `, remotePort, localPort) + + f.RunProcesses([]string{serverConf}, []string{clientConf}) + + localServer := httpserver.New( + httpserver.WithBindPort(localPort), + httpserver.WithHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + _, _ = w.Write([]byte(req.Host)) + })), + ) + f.RunServer("", localServer) + + framework.NewRequestExpect(f). + Port(remotePort). + RequestModify(func(r *request.Request) { + r.HTTP().HTTPHost("example.com") + }). + ExpectResp([]byte("rewrite.test.com")). + Ensure() + }) + + ginkgo.It("set request header", func() { + serverConf := consts.DefaultServerConfig + + localPort := f.AllocPort() + remotePort := f.AllocPort() + clientConf := consts.DefaultClientConfig + fmt.Sprintf(` + [[proxies]] + name = "http2http" + type = "tcp" + remotePort = %d + [proxies.plugin] + type = "http2http" + localAddr = "127.0.0.1:%d" + requestHeaders.set.x-from-where = "frp" + `, remotePort, localPort) + + f.RunProcesses([]string{serverConf}, []string{clientConf}) + + localServer := httpserver.New( + httpserver.WithBindPort(localPort), + httpserver.WithHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + _, _ = w.Write([]byte(req.Header.Get("x-from-where"))) + })), + ) + f.RunServer("", localServer) + + framework.NewRequestExpect(f). + Port(remotePort). + RequestModify(func(r *request.Request) { + r.HTTP().HTTPHost("example.com") + }). + ExpectResp([]byte("frp")). + Ensure() + }) + }) })