https2https.go 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138
  1. // Copyright 2019 fatedier, fatedier@gmail.com
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. package plugin
  15. import (
  16. "crypto/tls"
  17. "fmt"
  18. "io"
  19. "net"
  20. "net/http"
  21. "net/http/httputil"
  22. "strings"
  23. frpNet "github.com/fatedier/frp/pkg/util/net"
  24. )
  25. const PluginHTTPS2HTTPS = "https2https"
  26. func init() {
  27. Register(PluginHTTPS2HTTPS, NewHTTPS2HTTPSPlugin)
  28. }
  29. type HTTPS2HTTPSPlugin struct {
  30. crtPath string
  31. keyPath string
  32. hostHeaderRewrite string
  33. localAddr string
  34. headers map[string]string
  35. l *Listener
  36. s *http.Server
  37. }
  38. func NewHTTPS2HTTPSPlugin(params map[string]string) (Plugin, error) {
  39. crtPath := params["plugin_crt_path"]
  40. keyPath := params["plugin_key_path"]
  41. localAddr := params["plugin_local_addr"]
  42. hostHeaderRewrite := params["plugin_host_header_rewrite"]
  43. headers := make(map[string]string)
  44. for k, v := range params {
  45. if !strings.HasPrefix(k, "plugin_header_") {
  46. continue
  47. }
  48. if k = strings.TrimPrefix(k, "plugin_header_"); k != "" {
  49. headers[k] = v
  50. }
  51. }
  52. if crtPath == "" {
  53. return nil, fmt.Errorf("plugin_crt_path is required")
  54. }
  55. if keyPath == "" {
  56. return nil, fmt.Errorf("plugin_key_path is required")
  57. }
  58. if localAddr == "" {
  59. return nil, fmt.Errorf("plugin_local_addr is required")
  60. }
  61. listener := NewProxyListener()
  62. p := &HTTPS2HTTPSPlugin{
  63. crtPath: crtPath,
  64. keyPath: keyPath,
  65. localAddr: localAddr,
  66. hostHeaderRewrite: hostHeaderRewrite,
  67. headers: headers,
  68. l: listener,
  69. }
  70. tr := &http.Transport{
  71. TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
  72. }
  73. rp := &httputil.ReverseProxy{
  74. Director: func(req *http.Request) {
  75. req.URL.Scheme = "https"
  76. req.URL.Host = p.localAddr
  77. if p.hostHeaderRewrite != "" {
  78. req.Host = p.hostHeaderRewrite
  79. }
  80. for k, v := range p.headers {
  81. req.Header.Set(k, v)
  82. }
  83. },
  84. Transport: tr,
  85. }
  86. p.s = &http.Server{
  87. Handler: rp,
  88. }
  89. tlsConfig, err := p.genTLSConfig()
  90. if err != nil {
  91. return nil, fmt.Errorf("gen TLS config error: %v", err)
  92. }
  93. ln := tls.NewListener(listener, tlsConfig)
  94. go p.s.Serve(ln)
  95. return p, nil
  96. }
  97. func (p *HTTPS2HTTPSPlugin) genTLSConfig() (*tls.Config, error) {
  98. cert, err := tls.LoadX509KeyPair(p.crtPath, p.keyPath)
  99. if err != nil {
  100. return nil, err
  101. }
  102. config := &tls.Config{Certificates: []tls.Certificate{cert}}
  103. return config, nil
  104. }
  105. func (p *HTTPS2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
  106. wrapConn := frpNet.WrapReadWriteCloserToConn(conn, realConn)
  107. p.l.PutConn(wrapConn)
  108. }
  109. func (p *HTTPS2HTTPSPlugin) Name() string {
  110. return PluginHTTPS2HTTP
  111. }
  112. func (p *HTTPS2HTTPSPlugin) Close() error {
  113. if err := p.s.Close(); err != nil {
  114. return err
  115. }
  116. return nil
  117. }