mirror of
https://gitee.com/IrisVega/frp.git
synced 2024-11-01 22:31:29 +08:00
483 lines
16 KiB
Go
483 lines
16 KiB
Go
// Copyright 2016 fatedier, fatedier@gmail.com
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package config
|
|
|
|
import (
|
|
"fmt"
|
|
"strconv"
|
|
"strings"
|
|
|
|
ini "github.com/vaughan0/go-ini"
|
|
|
|
"github.com/fatedier/frp/models/auth"
|
|
plugin "github.com/fatedier/frp/models/plugin/server"
|
|
"github.com/fatedier/frp/utils/util"
|
|
)
|
|
|
|
// ServerCommonConf contains information for a server service. It is
|
|
// recommended to use GetDefaultServerConf instead of creating this object
|
|
// directly, so that all unspecified fields have reasonable default values.
|
|
type ServerCommonConf struct {
|
|
auth.ServerConfig
|
|
// BindAddr specifies the address that the server binds to. By default,
|
|
// this value is "0.0.0.0".
|
|
BindAddr string `json:"bind_addr"`
|
|
// BindPort specifies the port that the server listens on. By default, this
|
|
// value is 7000.
|
|
BindPort int `json:"bind_port"`
|
|
// BindUDPPort specifies the UDP port that the server listens on. If this
|
|
// value is 0, the server will not listen for UDP connections. By default,
|
|
// this value is 0
|
|
BindUDPPort int `json:"bind_udp_port"`
|
|
// KCPBindPort specifies the KCP port that the server listens on. If this
|
|
// value is 0, the server will not listen for KCP connections. By default,
|
|
// this value is 0.
|
|
KCPBindPort int `json:"kcp_bind_port"`
|
|
// ProxyBindAddr specifies the address that the proxy binds to. This value
|
|
// may be the same as BindAddr. By default, this value is "0.0.0.0".
|
|
ProxyBindAddr string `json:"proxy_bind_addr"`
|
|
// VhostHTTPPort specifies the port that the server listens for HTTP Vhost
|
|
// requests. If this value is 0, the server will not listen for HTTP
|
|
// requests. By default, this value is 0.
|
|
VhostHTTPPort int `json:"vhost_http_port"`
|
|
// VhostHTTPSPort specifies the port that the server listens for HTTPS
|
|
// Vhost requests. If this value is 0, the server will not listen for HTTPS
|
|
// requests. By default, this value is 0.
|
|
VhostHTTPSPort int `json:"vhost_https_port"`
|
|
// TCPMuxHTTPConnectPort specifies the port that the server listens for TCP
|
|
// HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
|
|
// requests on one single port. If it's not - it will listen on this value for
|
|
// HTTP CONNECT requests. By default, this value is 0.
|
|
TCPMuxHTTPConnectPort int `json:"tcpmux_httpconnect_port"`
|
|
// VhostHTTPTimeout specifies the response header timeout for the Vhost
|
|
// HTTP server, in seconds. By default, this value is 60.
|
|
VhostHTTPTimeout int64 `json:"vhost_http_timeout"`
|
|
// DashboardAddr specifies the address that the dashboard binds to. By
|
|
// default, this value is "0.0.0.0".
|
|
DashboardAddr string `json:"dashboard_addr"`
|
|
// DashboardPort specifies the port that the dashboard listens on. If this
|
|
// value is 0, the dashboard will not be started. By default, this value is
|
|
// 0.
|
|
DashboardPort int `json:"dashboard_port"`
|
|
// DashboardUser specifies the username that the dashboard will use for
|
|
// login. By default, this value is "admin".
|
|
DashboardUser string `json:"dashboard_user"`
|
|
// DashboardUser specifies the password that the dashboard will use for
|
|
// login. By default, this value is "admin".
|
|
DashboardPwd string `json:"dashboard_pwd"`
|
|
// EnablePrometheus will export prometheus metrics on {dashboard_addr}:{dashboard_port}
|
|
// in /metrics api.
|
|
EnablePrometheus bool `json:"enable_prometheus"`
|
|
// AssetsDir specifies the local directory that the dashboard will load
|
|
// resources from. If this value is "", assets will be loaded from the
|
|
// bundled executable using statik. By default, this value is "".
|
|
AssetsDir string `json:"asserts_dir"`
|
|
// LogFile specifies a file where logs will be written to. This value will
|
|
// only be used if LogWay is set appropriately. By default, this value is
|
|
// "console".
|
|
LogFile string `json:"log_file"`
|
|
// LogWay specifies the way logging is managed. Valid values are "console"
|
|
// or "file". If "console" is used, logs will be printed to stdout. If
|
|
// "file" is used, logs will be printed to LogFile. By default, this value
|
|
// is "console".
|
|
LogWay string `json:"log_way"`
|
|
// LogLevel specifies the minimum log level. Valid values are "trace",
|
|
// "debug", "info", "warn", and "error". By default, this value is "info".
|
|
LogLevel string `json:"log_level"`
|
|
// LogMaxDays specifies the maximum number of days to store log information
|
|
// before deletion. This is only used if LogWay == "file". By default, this
|
|
// value is 0.
|
|
LogMaxDays int64 `json:"log_max_days"`
|
|
// DisableLogColor disables log colors when LogWay == "console" when set to
|
|
// true. By default, this value is false.
|
|
DisableLogColor bool `json:"disable_log_color"`
|
|
// DetailedErrorsToClient defines whether to send the specific error (with
|
|
// debug info) to frpc. By default, this value is true.
|
|
DetailedErrorsToClient bool `json:"detailed_errors_to_client"`
|
|
|
|
// SubDomainHost specifies the domain that will be attached to sub-domains
|
|
// requested by the client when using Vhost proxying. For example, if this
|
|
// value is set to "frps.com" and the client requested the subdomain
|
|
// "test", the resulting URL would be "test.frps.com". By default, this
|
|
// value is "".
|
|
SubDomainHost string `json:"subdomain_host"`
|
|
// TCPMux toggles TCP stream multiplexing. This allows multiple requests
|
|
// from a client to share a single TCP connection. By default, this value
|
|
// is true.
|
|
TCPMux bool `json:"tcp_mux"`
|
|
// Custom404Page specifies a path to a custom 404 page to display. If this
|
|
// value is "", a default page will be displayed. By default, this value is
|
|
// "".
|
|
Custom404Page string `json:"custom_404_page"`
|
|
|
|
// AllowPorts specifies a set of ports that clients are able to proxy to.
|
|
// If the length of this value is 0, all ports are allowed. By default,
|
|
// this value is an empty set.
|
|
AllowPorts map[int]struct{}
|
|
// MaxPoolCount specifies the maximum pool size for each proxy. By default,
|
|
// this value is 5.
|
|
MaxPoolCount int64 `json:"max_pool_count"`
|
|
// MaxPortsPerClient specifies the maximum number of ports a single client
|
|
// may proxy to. If this value is 0, no limit will be applied. By default,
|
|
// this value is 0.
|
|
MaxPortsPerClient int64 `json:"max_ports_per_client"`
|
|
// TLSOnly specifies whether to only accept TLS-encrypted connections.
|
|
// By default, the value is false.
|
|
TLSOnly bool `json:"tls_only"`
|
|
// TLSCertFile specifies the path of the cert file that the server will
|
|
// load. If "tls_cert_file", "tls_key_file" are valid, the server will use this
|
|
// supplied tls configuration. Otherwise, the server will use the tls
|
|
// configuration generated by itself.
|
|
TLSCertFile string `json:"tls_cert_file"`
|
|
// TLSKeyFile specifies the path of the secret key that the server will
|
|
// load. If "tls_cert_file", "tls_key_file" are valid, the server will use this
|
|
// supplied tls configuration. Otherwise, the server will use the tls
|
|
// configuration generated by itself.
|
|
TLSKeyFile string `json:"tls_key_file"`
|
|
// TLSTrustedCaFile specifies the paths of the client cert files that the
|
|
// server will load. It only works when "tls_only" is true. If
|
|
// "tls_trusted_ca_file" is valid, the server will verify each client's
|
|
// certificate.
|
|
TLSTrustedCaFile string `json:"tls_trusted_ca_file"`
|
|
// HeartBeatTimeout specifies the maximum time to wait for a heartbeat
|
|
// before terminating the connection. It is not recommended to change this
|
|
// value. By default, this value is 90.
|
|
HeartBeatTimeout int64 `json:"heart_beat_timeout"`
|
|
// UserConnTimeout specifies the maximum time to wait for a work
|
|
// connection. By default, this value is 10.
|
|
UserConnTimeout int64 `json:"user_conn_timeout"`
|
|
// HTTPPlugins specify the server plugins support HTTP protocol.
|
|
HTTPPlugins map[string]plugin.HTTPPluginOptions `json:"http_plugins"`
|
|
// UDPPacketSize specifies the UDP packet size
|
|
// By default, this value is 1500
|
|
UDPPacketSize int64 `json:"udp_packet_size"`
|
|
}
|
|
|
|
// GetDefaultServerConf returns a server configuration with reasonable
|
|
// defaults.
|
|
func GetDefaultServerConf() ServerCommonConf {
|
|
return ServerCommonConf{
|
|
BindAddr: "0.0.0.0",
|
|
BindPort: 7000,
|
|
BindUDPPort: 0,
|
|
KCPBindPort: 0,
|
|
ProxyBindAddr: "0.0.0.0",
|
|
VhostHTTPPort: 0,
|
|
VhostHTTPSPort: 0,
|
|
TCPMuxHTTPConnectPort: 0,
|
|
VhostHTTPTimeout: 60,
|
|
DashboardAddr: "0.0.0.0",
|
|
DashboardPort: 0,
|
|
DashboardUser: "admin",
|
|
DashboardPwd: "admin",
|
|
EnablePrometheus: false,
|
|
AssetsDir: "",
|
|
LogFile: "console",
|
|
LogWay: "console",
|
|
LogLevel: "info",
|
|
LogMaxDays: 3,
|
|
DisableLogColor: false,
|
|
DetailedErrorsToClient: true,
|
|
SubDomainHost: "",
|
|
TCPMux: true,
|
|
AllowPorts: make(map[int]struct{}),
|
|
MaxPoolCount: 5,
|
|
MaxPortsPerClient: 0,
|
|
TLSOnly: false,
|
|
TLSCertFile: "",
|
|
TLSKeyFile: "",
|
|
TLSTrustedCaFile: "",
|
|
HeartBeatTimeout: 90,
|
|
UserConnTimeout: 10,
|
|
Custom404Page: "",
|
|
HTTPPlugins: make(map[string]plugin.HTTPPluginOptions),
|
|
UDPPacketSize: 1500,
|
|
}
|
|
}
|
|
|
|
// UnmarshalServerConfFromIni parses the contents of a server configuration ini
|
|
// file and returns the resulting server configuration.
|
|
func UnmarshalServerConfFromIni(content string) (cfg ServerCommonConf, err error) {
|
|
cfg = GetDefaultServerConf()
|
|
|
|
conf, err := ini.Load(strings.NewReader(content))
|
|
if err != nil {
|
|
err = fmt.Errorf("parse ini conf file error: %v", err)
|
|
return ServerCommonConf{}, err
|
|
}
|
|
|
|
UnmarshalPluginsFromIni(conf, &cfg)
|
|
|
|
cfg.ServerConfig = auth.UnmarshalServerConfFromIni(conf)
|
|
|
|
var (
|
|
tmpStr string
|
|
ok bool
|
|
v int64
|
|
)
|
|
if tmpStr, ok = conf.Get("common", "bind_addr"); ok {
|
|
cfg.BindAddr = tmpStr
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "bind_port"); ok {
|
|
if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
|
|
err = fmt.Errorf("Parse conf error: invalid bind_port")
|
|
return
|
|
}
|
|
cfg.BindPort = int(v)
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "bind_udp_port"); ok {
|
|
if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
|
|
err = fmt.Errorf("Parse conf error: invalid bind_udp_port")
|
|
return
|
|
}
|
|
cfg.BindUDPPort = int(v)
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "kcp_bind_port"); ok {
|
|
if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
|
|
err = fmt.Errorf("Parse conf error: invalid kcp_bind_port")
|
|
return
|
|
}
|
|
cfg.KCPBindPort = int(v)
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "proxy_bind_addr"); ok {
|
|
cfg.ProxyBindAddr = tmpStr
|
|
} else {
|
|
cfg.ProxyBindAddr = cfg.BindAddr
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "vhost_http_port"); ok {
|
|
if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
|
|
err = fmt.Errorf("Parse conf error: invalid vhost_http_port")
|
|
return
|
|
}
|
|
cfg.VhostHTTPPort = int(v)
|
|
} else {
|
|
cfg.VhostHTTPPort = 0
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "vhost_https_port"); ok {
|
|
if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
|
|
err = fmt.Errorf("Parse conf error: invalid vhost_https_port")
|
|
return
|
|
}
|
|
cfg.VhostHTTPSPort = int(v)
|
|
} else {
|
|
cfg.VhostHTTPSPort = 0
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "tcpmux_httpconnect_port"); ok {
|
|
if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
|
|
err = fmt.Errorf("Parse conf error: invalid tcpmux_httpconnect_port")
|
|
return
|
|
}
|
|
cfg.TCPMuxHTTPConnectPort = int(v)
|
|
} else {
|
|
cfg.TCPMuxHTTPConnectPort = 0
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "vhost_http_timeout"); ok {
|
|
v, errRet := strconv.ParseInt(tmpStr, 10, 64)
|
|
if errRet != nil || v < 0 {
|
|
err = fmt.Errorf("Parse conf error: invalid vhost_http_timeout")
|
|
return
|
|
}
|
|
cfg.VhostHTTPTimeout = v
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "dashboard_addr"); ok {
|
|
cfg.DashboardAddr = tmpStr
|
|
} else {
|
|
cfg.DashboardAddr = cfg.BindAddr
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "dashboard_port"); ok {
|
|
if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
|
|
err = fmt.Errorf("Parse conf error: invalid dashboard_port")
|
|
return
|
|
}
|
|
cfg.DashboardPort = int(v)
|
|
} else {
|
|
cfg.DashboardPort = 0
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "dashboard_user"); ok {
|
|
cfg.DashboardUser = tmpStr
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "dashboard_pwd"); ok {
|
|
cfg.DashboardPwd = tmpStr
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "enable_prometheus"); ok && tmpStr == "true" {
|
|
cfg.EnablePrometheus = true
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "assets_dir"); ok {
|
|
cfg.AssetsDir = tmpStr
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "log_file"); ok {
|
|
cfg.LogFile = tmpStr
|
|
if cfg.LogFile == "console" {
|
|
cfg.LogWay = "console"
|
|
} else {
|
|
cfg.LogWay = "file"
|
|
}
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "log_level"); ok {
|
|
cfg.LogLevel = tmpStr
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "log_max_days"); ok {
|
|
v, err = strconv.ParseInt(tmpStr, 10, 64)
|
|
if err == nil {
|
|
cfg.LogMaxDays = v
|
|
}
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "disable_log_color"); ok && tmpStr == "true" {
|
|
cfg.DisableLogColor = true
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "detailed_errors_to_client"); ok && tmpStr == "false" {
|
|
cfg.DetailedErrorsToClient = false
|
|
} else {
|
|
cfg.DetailedErrorsToClient = true
|
|
}
|
|
|
|
if allowPortsStr, ok := conf.Get("common", "allow_ports"); ok {
|
|
// e.g. 1000-2000,2001,2002,3000-4000
|
|
ports, errRet := util.ParseRangeNumbers(allowPortsStr)
|
|
if errRet != nil {
|
|
err = fmt.Errorf("Parse conf error: allow_ports: %v", errRet)
|
|
return
|
|
}
|
|
|
|
for _, port := range ports {
|
|
cfg.AllowPorts[int(port)] = struct{}{}
|
|
}
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "max_pool_count"); ok {
|
|
if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
|
|
err = fmt.Errorf("Parse conf error: invalid max_pool_count")
|
|
return
|
|
}
|
|
|
|
if v < 0 {
|
|
err = fmt.Errorf("Parse conf error: invalid max_pool_count")
|
|
return
|
|
}
|
|
cfg.MaxPoolCount = v
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "max_ports_per_client"); ok {
|
|
if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
|
|
err = fmt.Errorf("Parse conf error: invalid max_ports_per_client")
|
|
return
|
|
}
|
|
|
|
if v < 0 {
|
|
err = fmt.Errorf("Parse conf error: invalid max_ports_per_client")
|
|
return
|
|
}
|
|
cfg.MaxPortsPerClient = v
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "subdomain_host"); ok {
|
|
cfg.SubDomainHost = strings.ToLower(strings.TrimSpace(tmpStr))
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "tcp_mux"); ok && tmpStr == "false" {
|
|
cfg.TCPMux = false
|
|
} else {
|
|
cfg.TCPMux = true
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "custom_404_page"); ok {
|
|
cfg.Custom404Page = tmpStr
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "heartbeat_timeout"); ok {
|
|
v, errRet := strconv.ParseInt(tmpStr, 10, 64)
|
|
if errRet != nil {
|
|
err = fmt.Errorf("Parse conf error: heartbeat_timeout is incorrect")
|
|
return
|
|
}
|
|
cfg.HeartBeatTimeout = v
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "tls_only"); ok && tmpStr == "true" {
|
|
cfg.TLSOnly = true
|
|
} else {
|
|
cfg.TLSOnly = false
|
|
}
|
|
|
|
if tmpStr, ok = conf.Get("common", "udp_packet_size"); ok {
|
|
if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
|
|
err = fmt.Errorf("Parse conf error: invalid udp_packet_size")
|
|
return
|
|
}
|
|
cfg.UDPPacketSize = v
|
|
}
|
|
|
|
if tmpStr, ok := conf.Get("common", "tls_cert_file"); ok {
|
|
cfg.TLSCertFile = tmpStr
|
|
}
|
|
|
|
if tmpStr, ok := conf.Get("common", "tls_key_file"); ok {
|
|
cfg.TLSKeyFile = tmpStr
|
|
}
|
|
|
|
if tmpStr, ok := conf.Get("common", "tls_trusted_ca_file"); ok {
|
|
cfg.TLSTrustedCaFile = tmpStr
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) {
|
|
for name, section := range sections {
|
|
if strings.HasPrefix(name, "plugin.") {
|
|
name = strings.TrimSpace(strings.TrimPrefix(name, "plugin."))
|
|
options := plugin.HTTPPluginOptions{
|
|
Name: name,
|
|
Addr: section["addr"],
|
|
Path: section["path"],
|
|
Ops: strings.Split(section["ops"], ","),
|
|
}
|
|
for i := range options.Ops {
|
|
options.Ops[i] = strings.TrimSpace(options.Ops[i])
|
|
}
|
|
cfg.HTTPPlugins[name] = options
|
|
}
|
|
}
|
|
}
|
|
|
|
func (cfg *ServerCommonConf) Check() (err error) {
|
|
if cfg.TLSOnly == false {
|
|
if cfg.TLSTrustedCaFile != "" {
|
|
err = fmt.Errorf("Parse conf error: forbidden tls_trusted_ca_file, it only works when tls_only is true")
|
|
return
|
|
}
|
|
}
|
|
return
|
|
}
|