mirror of
https://gitee.com/IrisVega/frp.git
synced 2024-11-01 22:31:29 +08:00
frps: remove auth timeout
This commit is contained in:
parent
611d063e1f
commit
f76deb8898
@ -396,10 +396,6 @@ Then visit `http://[server_addr]:7500` to see dashboard, default username and pa
|
|||||||
|
|
||||||
Since v0.10.0, you only need to set `token` in frps.ini and frpc.ini.
|
Since v0.10.0, you only need to set `token` in frps.ini and frpc.ini.
|
||||||
|
|
||||||
Note that time duration between server of frpc and frps mustn't exceed 15 minutes because timestamp is used for authentication.
|
|
||||||
|
|
||||||
Howerver, this timeout duration can be modified by setting `authentication_timeout` in frps's configure file. It's defalut value is 900, means 15 minutes. If it is equals 0, then frps will not check authentication timeout.
|
|
||||||
|
|
||||||
### Encryption and Compression
|
### Encryption and Compression
|
||||||
|
|
||||||
Defalut value is false, you could decide if the proxy will use encryption or compression:
|
Defalut value is false, you could decide if the proxy will use encryption or compression:
|
||||||
|
@ -412,10 +412,6 @@ dashboard_pwd = admin
|
|||||||
|
|
||||||
从 v0.10.0 版本开始,所有 proxy 配置全部放在客户端(也就是之前版本的特权模式),服务端和客户端的 common 配置中的 `token` 参数一致则身份验证通过。
|
从 v0.10.0 版本开始,所有 proxy 配置全部放在客户端(也就是之前版本的特权模式),服务端和客户端的 common 配置中的 `token` 参数一致则身份验证通过。
|
||||||
|
|
||||||
需要注意的是 frpc 所在机器和 frps 所在机器的时间相差不能超过 15 分钟,因为时间戳会被用于加密验证中,防止报文被劫持后被其他人利用。
|
|
||||||
|
|
||||||
这个超时时间可以在配置文件中通过 `authentication_timeout` 这个参数来修改,单位为秒,默认值为 900,即 15 分钟。如果修改为 0,则 frps 将不对身份验证报文的时间戳进行超时校验。
|
|
||||||
|
|
||||||
### 加密与压缩
|
### 加密与压缩
|
||||||
|
|
||||||
这两个功能默认是不开启的,需要在 frpc.ini 中通过配置来为指定的代理启用加密与压缩的功能,压缩算法使用 snappy:
|
这两个功能默认是不开启的,需要在 frpc.ini 中通过配置来为指定的代理启用加密与压缩的功能,压缩算法使用 snappy:
|
||||||
|
@ -54,7 +54,6 @@ var (
|
|||||||
logLevel string
|
logLevel string
|
||||||
logMaxDays int64
|
logMaxDays int64
|
||||||
token string
|
token string
|
||||||
authTimeout int64
|
|
||||||
subDomainHost string
|
subDomainHost string
|
||||||
tcpMux bool
|
tcpMux bool
|
||||||
allowPorts string
|
allowPorts string
|
||||||
@ -82,7 +81,6 @@ func init() {
|
|||||||
rootCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
|
rootCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
|
||||||
rootCmd.PersistentFlags().Int64VarP(&logMaxDays, "log_max_days", "", 3, "log_max_days")
|
rootCmd.PersistentFlags().Int64VarP(&logMaxDays, "log_max_days", "", 3, "log_max_days")
|
||||||
rootCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
|
rootCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
|
||||||
rootCmd.PersistentFlags().Int64VarP(&authTimeout, "auth_timeout", "", 900, "auth timeout")
|
|
||||||
rootCmd.PersistentFlags().StringVarP(&subDomainHost, "subdomain_host", "", "", "subdomain host")
|
rootCmd.PersistentFlags().StringVarP(&subDomainHost, "subdomain_host", "", "", "subdomain host")
|
||||||
rootCmd.PersistentFlags().StringVarP(&allowPorts, "allow_ports", "", "", "allow ports")
|
rootCmd.PersistentFlags().StringVarP(&allowPorts, "allow_ports", "", "", "allow ports")
|
||||||
rootCmd.PersistentFlags().Int64VarP(&maxPortsPerClient, "max_ports_per_client", "", 0, "max ports per client")
|
rootCmd.PersistentFlags().Int64VarP(&maxPortsPerClient, "max_ports_per_client", "", 0, "max ports per client")
|
||||||
@ -173,7 +171,6 @@ func parseServerCommonCfgFromCmd() (err error) {
|
|||||||
g.GlbServerCfg.LogLevel = logLevel
|
g.GlbServerCfg.LogLevel = logLevel
|
||||||
g.GlbServerCfg.LogMaxDays = logMaxDays
|
g.GlbServerCfg.LogMaxDays = logMaxDays
|
||||||
g.GlbServerCfg.Token = token
|
g.GlbServerCfg.Token = token
|
||||||
g.GlbServerCfg.AuthTimeout = authTimeout
|
|
||||||
g.GlbServerCfg.SubDomainHost = subDomainHost
|
g.GlbServerCfg.SubDomainHost = subDomainHost
|
||||||
if len(allowPorts) > 0 {
|
if len(allowPorts) > 0 {
|
||||||
// e.g. 1000-2000,2001,2002,3000-4000
|
// e.g. 1000-2000,2001,2002,3000-4000
|
||||||
|
@ -59,10 +59,6 @@ max_pool_count = 5
|
|||||||
# max ports can be used for each client, default value is 0 means no limit
|
# max ports can be used for each client, default value is 0 means no limit
|
||||||
max_ports_per_client = 0
|
max_ports_per_client = 0
|
||||||
|
|
||||||
# authentication_timeout means the timeout interval (seconds) when the frpc connects frps
|
|
||||||
# if authentication_timeout is zero, the time is not verified, default is 900s
|
|
||||||
authentication_timeout = 900
|
|
||||||
|
|
||||||
# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
|
# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
|
||||||
# when subdomain is test, the host used by routing is test.frps.com
|
# when subdomain is test, the host used by routing is test.frps.com
|
||||||
subdomain_host = frps.com
|
subdomain_host = frps.com
|
||||||
|
@ -67,7 +67,6 @@ type ServerCommonConf struct {
|
|||||||
LogLevel string `json:"log_level"`
|
LogLevel string `json:"log_level"`
|
||||||
LogMaxDays int64 `json:"log_max_days"`
|
LogMaxDays int64 `json:"log_max_days"`
|
||||||
Token string `json:"token"`
|
Token string `json:"token"`
|
||||||
AuthTimeout int64 `json:"auth_timeout"`
|
|
||||||
SubDomainHost string `json:"subdomain_host"`
|
SubDomainHost string `json:"subdomain_host"`
|
||||||
TcpMux bool `json:"tcp_mux"`
|
TcpMux bool `json:"tcp_mux"`
|
||||||
|
|
||||||
@ -98,7 +97,6 @@ func GetDefaultServerConf() *ServerCommonConf {
|
|||||||
LogLevel: "info",
|
LogLevel: "info",
|
||||||
LogMaxDays: 3,
|
LogMaxDays: 3,
|
||||||
Token: "",
|
Token: "",
|
||||||
AuthTimeout: 900,
|
|
||||||
SubDomainHost: "",
|
SubDomainHost: "",
|
||||||
TcpMux: true,
|
TcpMux: true,
|
||||||
AllowPorts: make(map[int]struct{}),
|
AllowPorts: make(map[int]struct{}),
|
||||||
@ -285,16 +283,6 @@ func UnmarshalServerConfFromIni(defaultCfg *ServerCommonConf, content string) (c
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if tmpStr, ok = conf.Get("common", "authentication_timeout"); ok {
|
|
||||||
v, errRet := strconv.ParseInt(tmpStr, 10, 64)
|
|
||||||
if errRet != nil {
|
|
||||||
err = fmt.Errorf("Parse conf error: authentication_timeout is incorrect")
|
|
||||||
return
|
|
||||||
} else {
|
|
||||||
cfg.AuthTimeout = v
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if tmpStr, ok = conf.Get("common", "subdomain_host"); ok {
|
if tmpStr, ok = conf.Get("common", "subdomain_host"); ok {
|
||||||
cfg.SubDomainHost = strings.ToLower(strings.TrimSpace(tmpStr))
|
cfg.SubDomainHost = strings.ToLower(strings.TrimSpace(tmpStr))
|
||||||
}
|
}
|
||||||
|
@ -41,7 +41,6 @@ type ServerInfoResp struct {
|
|||||||
VhostHttpPort int `json:"vhost_http_port"`
|
VhostHttpPort int `json:"vhost_http_port"`
|
||||||
VhostHttpsPort int `json:"vhost_https_port"`
|
VhostHttpsPort int `json:"vhost_https_port"`
|
||||||
KcpBindPort int `json:"kcp_bind_port"`
|
KcpBindPort int `json:"kcp_bind_port"`
|
||||||
AuthTimeout int64 `json:"auth_timeout"`
|
|
||||||
SubdomainHost string `json:"subdomain_host"`
|
SubdomainHost string `json:"subdomain_host"`
|
||||||
MaxPoolCount int64 `json:"max_pool_count"`
|
MaxPoolCount int64 `json:"max_pool_count"`
|
||||||
MaxPortsPerClient int64 `json:"max_ports_per_client"`
|
MaxPortsPerClient int64 `json:"max_ports_per_client"`
|
||||||
@ -74,7 +73,6 @@ func (svr *Service) ApiServerInfo(w http.ResponseWriter, r *http.Request) {
|
|||||||
VhostHttpPort: cfg.VhostHttpPort,
|
VhostHttpPort: cfg.VhostHttpPort,
|
||||||
VhostHttpsPort: cfg.VhostHttpsPort,
|
VhostHttpsPort: cfg.VhostHttpsPort,
|
||||||
KcpBindPort: cfg.KcpBindPort,
|
KcpBindPort: cfg.KcpBindPort,
|
||||||
AuthTimeout: cfg.AuthTimeout,
|
|
||||||
SubdomainHost: cfg.SubDomainHost,
|
SubdomainHost: cfg.SubDomainHost,
|
||||||
MaxPoolCount: cfg.MaxPoolCount,
|
MaxPoolCount: cfg.MaxPoolCount,
|
||||||
MaxPortsPerClient: cfg.MaxPortsPerClient,
|
MaxPortsPerClient: cfg.MaxPortsPerClient,
|
||||||
|
@ -324,11 +324,6 @@ func (svr *Service) RegisterControl(ctlConn frpNet.Conn, loginMsg *msg.Login) (e
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Check auth.
|
// Check auth.
|
||||||
nowTime := time.Now().Unix()
|
|
||||||
if g.GlbServerCfg.AuthTimeout != 0 && nowTime-loginMsg.Timestamp > g.GlbServerCfg.AuthTimeout {
|
|
||||||
err = fmt.Errorf("authorization timeout")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if util.GetAuthKey(g.GlbServerCfg.Token, loginMsg.Timestamp) != loginMsg.PrivilegeKey {
|
if util.GetAuthKey(g.GlbServerCfg.Token, loginMsg.Timestamp) != loginMsg.PrivilegeKey {
|
||||||
err = fmt.Errorf("authorization failed")
|
err = fmt.Errorf("authorization failed")
|
||||||
return
|
return
|
||||||
|
@ -19,9 +19,6 @@
|
|||||||
<el-form-item label="Https Port">
|
<el-form-item label="Https Port">
|
||||||
<span>{{ vhost_https_port }}</span>
|
<span>{{ vhost_https_port }}</span>
|
||||||
</el-form-item>
|
</el-form-item>
|
||||||
<el-form-item label="Auth Timeout">
|
|
||||||
<span>{{ auth_timeout }}</span>
|
|
||||||
</el-form-item>
|
|
||||||
<el-form-item label="Subdomain Host">
|
<el-form-item label="Subdomain Host">
|
||||||
<span>{{ subdomain_host }}</span>
|
<span>{{ subdomain_host }}</span>
|
||||||
</el-form-item>
|
</el-form-item>
|
||||||
@ -64,7 +61,6 @@
|
|||||||
bind_udp_port: '',
|
bind_udp_port: '',
|
||||||
vhost_http_port: '',
|
vhost_http_port: '',
|
||||||
vhost_https_port: '',
|
vhost_https_port: '',
|
||||||
auth_timeout: '',
|
|
||||||
subdomain_host: '',
|
subdomain_host: '',
|
||||||
max_pool_count: '',
|
max_pool_count: '',
|
||||||
max_ports_per_client: '',
|
max_ports_per_client: '',
|
||||||
@ -100,7 +96,6 @@
|
|||||||
if (this.vhost_https_port == 0) {
|
if (this.vhost_https_port == 0) {
|
||||||
this.vhost_https_port = "disable"
|
this.vhost_https_port = "disable"
|
||||||
}
|
}
|
||||||
this.auth_timeout = json.auth_timeout
|
|
||||||
this.subdomain_host = json.subdomain_host
|
this.subdomain_host = json.subdomain_host
|
||||||
this.max_pool_count = json.max_pool_count
|
this.max_pool_count = json.max_pool_count
|
||||||
this.max_ports_per_client = json.max_ports_per_client
|
this.max_ports_per_client = json.max_ports_per_client
|
||||||
|
Loading…
Reference in New Issue
Block a user