frp/server/service.go

523 lines
15 KiB
Go
Raw Normal View History

2017-03-23 02:01:25 +08:00
// Copyright 2017 fatedier, fatedier@gmail.com
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
2017-03-09 02:03:47 +08:00
package server
import (
2018-08-10 11:43:08 +08:00
"bytes"
2019-10-12 20:13:12 +08:00
"context"
2019-03-11 14:14:31 +08:00
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"encoding/pem"
2017-03-09 02:03:47 +08:00
"fmt"
2018-05-05 00:09:39 +08:00
"io/ioutil"
2019-03-11 14:14:31 +08:00
"math/big"
2017-12-13 03:27:43 +08:00
"net"
"net/http"
2017-03-09 02:03:47 +08:00
"time"
"github.com/fatedier/frp/assets"
"github.com/fatedier/frp/models/auth"
"github.com/fatedier/frp/models/config"
modelmetrics "github.com/fatedier/frp/models/metrics"
2017-03-09 02:03:47 +08:00
"github.com/fatedier/frp/models/msg"
2019-01-15 00:11:08 +08:00
"github.com/fatedier/frp/models/nathole"
2019-12-20 20:28:28 +08:00
plugin "github.com/fatedier/frp/models/plugin/server"
2019-01-15 00:11:08 +08:00
"github.com/fatedier/frp/server/controller"
2018-05-23 14:39:12 +08:00
"github.com/fatedier/frp/server/group"
"github.com/fatedier/frp/server/metrics"
2018-05-23 14:39:12 +08:00
"github.com/fatedier/frp/server/ports"
2019-01-15 00:11:08 +08:00
"github.com/fatedier/frp/server/proxy"
2020-05-24 11:28:57 +08:00
"github.com/fatedier/frp/server/visitor"
2017-03-09 02:03:47 +08:00
"github.com/fatedier/frp/utils/log"
frpNet "github.com/fatedier/frp/utils/net"
"github.com/fatedier/frp/utils/tcpmux"
2017-03-09 02:03:47 +08:00
"github.com/fatedier/frp/utils/util"
"github.com/fatedier/frp/utils/version"
"github.com/fatedier/frp/utils/vhost"
2019-10-12 20:13:12 +08:00
"github.com/fatedier/frp/utils/xlog"
2018-05-09 00:23:42 +08:00
"github.com/fatedier/golib/net/mux"
2018-04-25 02:34:07 +08:00
fmux "github.com/hashicorp/yamux"
2017-03-09 02:03:47 +08:00
)
2017-05-10 00:46:42 +08:00
const (
connReadTimeout time.Duration = 10 * time.Second
vhostReadWriteTimeout time.Duration = 30 * time.Second
2017-05-10 00:46:42 +08:00
)
// Server service
2017-03-09 02:03:47 +08:00
type Service struct {
// Dispatch connections to different handlers listen on same port
muxer *mux.Mux
// Accept connections from client
2019-10-12 20:13:12 +08:00
listener net.Listener
2017-03-09 02:03:47 +08:00
// Accept connections using kcp
2019-10-12 20:13:12 +08:00
kcpListener net.Listener
2017-06-04 19:56:21 +08:00
2018-08-03 19:41:54 +08:00
// Accept connections using websocket
2019-10-12 20:13:12 +08:00
websocketListener net.Listener
2018-08-03 19:41:54 +08:00
2019-03-11 14:14:31 +08:00
// Accept frp tls connections
2019-10-12 20:13:12 +08:00
tlsListener net.Listener
2019-03-11 14:14:31 +08:00
2019-01-15 00:11:08 +08:00
// Manage all controllers
ctlManager *ControlManager
// Manage all proxies
pxyManager *proxy.ProxyManager
2019-12-20 20:28:28 +08:00
// Manage all plugins
pluginManager *plugin.Manager
2019-07-31 00:41:58 +08:00
// HTTP vhost router
httpVhostRouter *vhost.VhostRouters
2019-01-10 20:53:06 +08:00
// All resource managers and controllers
2019-01-15 00:11:08 +08:00
rc *controller.ResourceController
// Verifies authentication based on selected method
authVerifier auth.Verifier
2019-03-11 14:14:31 +08:00
tlsConfig *tls.Config
cfg config.ServerCommonConf
2017-03-09 02:03:47 +08:00
}
func NewService(cfg config.ServerCommonConf) (svr *Service, err error) {
2017-03-09 02:03:47 +08:00
svr = &Service{
2019-12-20 20:28:28 +08:00
ctlManager: NewControlManager(),
pxyManager: proxy.NewProxyManager(),
pluginManager: plugin.NewManager(),
2019-01-15 00:11:08 +08:00
rc: &controller.ResourceController{
2020-05-24 11:28:57 +08:00
VisitorManager: visitor.NewVisitorManager(),
2019-01-10 20:53:06 +08:00
TcpPortManager: ports.NewPortManager("tcp", cfg.ProxyBindAddr, cfg.AllowPorts),
UdpPortManager: ports.NewPortManager("udp", cfg.ProxyBindAddr, cfg.AllowPorts),
},
2019-07-31 00:41:58 +08:00
httpVhostRouter: vhost.NewVhostRouters(),
authVerifier: auth.NewAuthVerifier(cfg.AuthServerConfig),
2019-07-31 00:41:58 +08:00
tlsConfig: generateTLSConfig(),
cfg: cfg,
2017-03-09 02:03:47 +08:00
}
2019-01-15 00:11:08 +08:00
2020-04-20 13:35:47 +08:00
// Create tcpmux httpconnect multiplexer.
if cfg.TcpMuxHttpConnectPort > 0 {
var l net.Listener
l, err = net.Listen("tcp", fmt.Sprintf("%s:%d", cfg.ProxyBindAddr, cfg.TcpMuxHttpConnectPort))
if err != nil {
err = fmt.Errorf("Create server listener error, %v", err)
return
}
svr.rc.TcpMuxHttpConnectMuxer, err = tcpmux.NewHttpConnectTcpMuxer(l, vhostReadWriteTimeout)
if err != nil {
err = fmt.Errorf("Create vhost tcpMuxer error, %v", err)
return
}
log.Info("tcpmux httpconnect multiplexer listen on %s:%d", cfg.ProxyBindAddr, cfg.TcpMuxHttpConnectPort)
}
2019-12-20 20:28:28 +08:00
// Init all plugins
for name, options := range cfg.HTTPPlugins {
svr.pluginManager.Register(plugin.NewHTTPPluginOptions(options))
log.Info("plugin [%s] has been registered", name)
}
svr.rc.PluginManager = svr.pluginManager
2019-12-20 20:28:28 +08:00
2019-01-15 00:11:08 +08:00
// Init group controller
2019-01-10 20:53:06 +08:00
svr.rc.TcpGroupCtl = group.NewTcpGroupCtl(svr.rc.TcpPortManager)
2017-03-09 02:03:47 +08:00
2019-07-31 00:41:58 +08:00
// Init HTTP group controller
svr.rc.HTTPGroupCtl = group.NewHTTPGroupController(svr.httpVhostRouter)
2020-04-20 13:35:47 +08:00
// Init TCP mux group controller
svr.rc.TcpMuxGroupCtl = group.NewTcpMuxGroupCtl(svr.rc.TcpMuxHttpConnectMuxer)
2019-04-25 12:29:34 +08:00
// Init 404 not found page
vhost.NotFoundPagePath = cfg.Custom404Page
var (
httpMuxOn bool
httpsMuxOn bool
)
if cfg.BindAddr == cfg.ProxyBindAddr {
if cfg.BindPort == cfg.VhostHttpPort {
httpMuxOn = true
}
if cfg.BindPort == cfg.VhostHttpsPort {
httpsMuxOn = true
}
}
2017-03-09 02:03:47 +08:00
// Listen for accepting connections from client.
ln, err := net.Listen("tcp", fmt.Sprintf("%s:%d", cfg.BindAddr, cfg.BindPort))
2017-03-09 02:03:47 +08:00
if err != nil {
err = fmt.Errorf("Create server listener error, %v", err)
return
}
2018-08-03 19:41:54 +08:00
2018-08-10 12:02:38 +08:00
svr.muxer = mux.NewMux(ln)
go svr.muxer.Serve()
2018-08-03 19:41:54 +08:00
ln = svr.muxer.DefaultListener()
2019-10-12 20:13:12 +08:00
svr.listener = ln
2017-10-24 18:20:07 +08:00
log.Info("frps tcp listen on %s:%d", cfg.BindAddr, cfg.BindPort)
2017-06-04 19:56:21 +08:00
// Listen for accepting connections from client using kcp protocol.
2017-10-24 18:20:07 +08:00
if cfg.KcpBindPort > 0 {
svr.kcpListener, err = frpNet.ListenKcp(cfg.BindAddr, cfg.KcpBindPort)
2017-06-04 19:56:21 +08:00
if err != nil {
2017-10-24 18:20:07 +08:00
err = fmt.Errorf("Listen on kcp address udp [%s:%d] error: %v", cfg.BindAddr, cfg.KcpBindPort, err)
2017-06-04 19:56:21 +08:00
return
}
2017-12-11 01:36:47 +08:00
log.Info("frps kcp listen on udp %s:%d", cfg.BindAddr, cfg.KcpBindPort)
2017-06-04 19:56:21 +08:00
}
2017-03-09 02:03:47 +08:00
2018-08-10 11:43:08 +08:00
// Listen for accepting connections from client using websocket protocol.
2018-08-10 14:44:14 +08:00
websocketPrefix := []byte("GET " + frpNet.FrpWebsocketPath)
2018-08-10 11:43:08 +08:00
websocketLn := svr.muxer.Listen(0, uint32(len(websocketPrefix)), func(data []byte) bool {
return bytes.Equal(data, websocketPrefix)
})
svr.websocketListener = frpNet.NewWebsocketListener(websocketLn)
2017-03-09 02:03:47 +08:00
// Create http vhost muxer.
2017-10-24 18:20:07 +08:00
if cfg.VhostHttpPort > 0 {
2018-08-08 11:18:38 +08:00
rp := vhost.NewHttpReverseProxy(vhost.HttpReverseProxyOptions{
ResponseHeaderTimeoutS: cfg.VhostHttpTimeout,
2019-07-31 00:41:58 +08:00
}, svr.httpVhostRouter)
2019-01-10 20:53:06 +08:00
svr.rc.HttpReverseProxy = rp
2017-12-13 03:27:43 +08:00
address := fmt.Sprintf("%s:%d", cfg.ProxyBindAddr, cfg.VhostHttpPort)
server := &http.Server{
Addr: address,
Handler: rp,
2017-03-09 02:03:47 +08:00
}
2017-12-13 03:27:43 +08:00
var l net.Listener
if httpMuxOn {
2018-08-10 11:43:08 +08:00
l = svr.muxer.ListenHttp(1)
} else {
l, err = net.Listen("tcp", address)
if err != nil {
err = fmt.Errorf("Create vhost http listener error, %v", err)
return
}
2017-03-09 02:03:47 +08:00
}
2017-12-13 03:27:43 +08:00
go server.Serve(l)
2017-10-24 18:20:07 +08:00
log.Info("http service listen on %s:%d", cfg.ProxyBindAddr, cfg.VhostHttpPort)
2017-03-09 02:03:47 +08:00
}
// Create https vhost muxer.
2017-10-24 18:20:07 +08:00
if cfg.VhostHttpsPort > 0 {
var l net.Listener
if httpsMuxOn {
2018-08-10 11:43:08 +08:00
l = svr.muxer.ListenHttps(1)
} else {
l, err = net.Listen("tcp", fmt.Sprintf("%s:%d", cfg.ProxyBindAddr, cfg.VhostHttpsPort))
if err != nil {
err = fmt.Errorf("Create server listener error, %v", err)
return
}
2017-03-09 02:03:47 +08:00
}
svr.rc.VhostHttpsMuxer, err = vhost.NewHttpsMuxer(l, vhostReadWriteTimeout)
2017-03-09 02:03:47 +08:00
if err != nil {
err = fmt.Errorf("Create vhost httpsMuxer error, %v", err)
return
}
2017-10-24 18:20:07 +08:00
log.Info("https service listen on %s:%d", cfg.ProxyBindAddr, cfg.VhostHttpsPort)
}
2019-03-11 14:14:31 +08:00
// frp tls listener
2019-10-12 20:13:12 +08:00
svr.tlsListener = svr.muxer.Listen(1, 1, func(data []byte) bool {
2019-03-11 14:14:31 +08:00
return int(data[0]) == frpNet.FRP_TLS_HEAD_BYTE
})
2017-10-24 18:20:07 +08:00
// Create nat hole controller.
if cfg.BindUdpPort > 0 {
2019-01-15 00:11:08 +08:00
var nc *nathole.NatHoleController
2017-10-24 18:20:07 +08:00
addr := fmt.Sprintf("%s:%d", cfg.BindAddr, cfg.BindUdpPort)
2019-01-15 00:11:08 +08:00
nc, err = nathole.NewNatHoleController(addr)
2017-10-24 18:20:07 +08:00
if err != nil {
err = fmt.Errorf("Create nat hole controller error, %v", err)
return
}
2019-01-10 20:53:06 +08:00
svr.rc.NatHoleController = nc
2017-10-24 18:20:07 +08:00
log.Info("nat hole udp service listen on %s:%d", cfg.BindAddr, cfg.BindUdpPort)
2017-03-09 02:03:47 +08:00
}
2019-01-15 00:11:08 +08:00
var statsEnable bool
2017-03-09 02:03:47 +08:00
// Create dashboard web server.
2017-10-24 18:20:07 +08:00
if cfg.DashboardPort > 0 {
// Init dashboard assets
err = assets.Load(cfg.AssetsDir)
if err != nil {
err = fmt.Errorf("Load assets error: %v", err)
return
}
2019-01-10 20:53:06 +08:00
err = svr.RunDashboardServer(cfg.DashboardAddr, cfg.DashboardPort)
2017-03-09 02:03:47 +08:00
if err != nil {
err = fmt.Errorf("Create dashboard web server error, %v", err)
return
}
2017-11-28 15:56:34 +08:00
log.Info("Dashboard listen on %s:%d", cfg.DashboardAddr, cfg.DashboardPort)
2019-01-15 00:11:08 +08:00
statsEnable = true
2017-03-09 02:03:47 +08:00
}
if statsEnable {
modelmetrics.EnableMem()
if cfg.EnablePrometheus {
modelmetrics.EnablePrometheus()
}
}
2017-03-09 02:03:47 +08:00
return
}
func (svr *Service) Run() {
2019-01-10 20:53:06 +08:00
if svr.rc.NatHoleController != nil {
go svr.rc.NatHoleController.Run()
2017-10-24 18:20:07 +08:00
}
if svr.cfg.KcpBindPort > 0 {
2017-06-04 19:56:21 +08:00
go svr.HandleListener(svr.kcpListener)
}
2018-08-10 11:43:08 +08:00
go svr.HandleListener(svr.websocketListener)
2019-03-11 14:14:31 +08:00
go svr.HandleListener(svr.tlsListener)
2018-08-10 11:43:08 +08:00
2017-06-04 19:56:21 +08:00
svr.HandleListener(svr.listener)
}
func (svr *Service) handleConnection(ctx context.Context, conn net.Conn) {
xl := xlog.FromContextSafe(ctx)
var (
rawMsg msg.Message
err error
)
conn.SetReadDeadline(time.Now().Add(connReadTimeout))
if rawMsg, err = msg.ReadMsg(conn); err != nil {
log.Trace("Failed to read message: %v", err)
conn.Close()
return
}
conn.SetReadDeadline(time.Time{})
switch m := rawMsg.(type) {
case *msg.Login:
// server plugin hook
content := &plugin.LoginContent{
Login: *m,
}
retContent, err := svr.pluginManager.Login(content)
if err == nil {
m = &retContent.Login
err = svr.RegisterControl(conn, m)
}
// If login failed, send error message there.
// Otherwise send success message in control's work goroutine.
if err != nil {
xl.Warn("register control error: %v", err)
msg.WriteMsg(conn, &msg.LoginResp{
Version: version.Full(),
Error: util.GenerateResponseErrorString("register control error", err, svr.cfg.DetailedErrorsToClient),
})
conn.Close()
}
case *msg.NewWorkConn:
if err := svr.RegisterWorkConn(conn, m); err != nil {
conn.Close()
}
case *msg.NewVisitorConn:
if err = svr.RegisterVisitorConn(conn, m); err != nil {
xl.Warn("register visitor conn error: %v", err)
msg.WriteMsg(conn, &msg.NewVisitorConnResp{
ProxyName: m.ProxyName,
Error: util.GenerateResponseErrorString("register visitor conn error", err, svr.cfg.DetailedErrorsToClient),
})
conn.Close()
} else {
msg.WriteMsg(conn, &msg.NewVisitorConnResp{
ProxyName: m.ProxyName,
Error: "",
})
}
default:
log.Warn("Error message type for the new connection [%s]", conn.RemoteAddr().String())
conn.Close()
}
}
2019-10-12 20:13:12 +08:00
func (svr *Service) HandleListener(l net.Listener) {
2017-03-09 02:03:47 +08:00
// Listen for incoming connections from client.
for {
2017-06-04 19:56:21 +08:00
c, err := l.Accept()
2017-03-09 02:03:47 +08:00
if err != nil {
log.Warn("Listener for incoming connections from client closed")
return
}
2019-10-12 20:13:12 +08:00
// inject xlog object into net.Conn context
xl := xlog.New()
ctx := context.Background()
c = frpNet.NewContextConn(c, xlog.NewContext(ctx, xl))
log.Trace("start check TLS connection...")
originConn := c
c, err = frpNet.CheckAndEnableTLSServerConnWithTimeout(c, svr.tlsConfig, svr.cfg.TlsOnly, connReadTimeout)
if err != nil {
log.Warn("CheckAndEnableTLSServerConnWithTimeout error: %v", err)
originConn.Close()
continue
}
log.Trace("success check TLS connection")
2017-03-09 02:03:47 +08:00
// Start a new goroutine for dealing connections.
go func(ctx context.Context, frpConn net.Conn) {
if svr.cfg.TcpMux {
2018-05-05 00:09:39 +08:00
fmuxCfg := fmux.DefaultConfig()
2018-12-11 15:06:54 +08:00
fmuxCfg.KeepAliveInterval = 20 * time.Second
2018-05-05 00:09:39 +08:00
fmuxCfg.LogOutput = ioutil.Discard
session, err := fmux.Server(frpConn, fmuxCfg)
2017-03-09 02:03:47 +08:00
if err != nil {
log.Warn("Failed to create mux connection: %v", err)
2017-03-09 02:03:47 +08:00
frpConn.Close()
return
}
for {
stream, err := session.AcceptStream()
if err != nil {
log.Debug("Accept new mux stream error: %v", err)
2017-05-18 01:51:32 +08:00
session.Close()
return
}
go svr.handleConnection(ctx, stream)
2017-03-09 02:03:47 +08:00
}
} else {
svr.handleConnection(ctx, frpConn)
2017-03-09 02:03:47 +08:00
}
}(ctx, c)
2017-03-09 02:03:47 +08:00
}
}
2019-10-12 20:13:12 +08:00
func (svr *Service) RegisterControl(ctlConn net.Conn, loginMsg *msg.Login) (err error) {
// If client's RunId is empty, it's a new client, we just create a new controller.
// Otherwise, we check if there is one controller has the same run id. If so, we release previous controller and start new one.
if loginMsg.RunId == "" {
loginMsg.RunId, err = util.RandId()
if err != nil {
return
}
}
ctx := frpNet.NewContextFromConn(ctlConn)
xl := xlog.FromContextSafe(ctx)
xl.AppendPrefix(loginMsg.RunId)
ctx = xlog.NewContext(ctx, xl)
xl.Info("client login info: ip [%s] version [%s] hostname [%s] os [%s] arch [%s]",
2017-03-09 02:03:47 +08:00
ctlConn.RemoteAddr().String(), loginMsg.Version, loginMsg.Hostname, loginMsg.Os, loginMsg.Arch)
// Check client version.
if ok, msg := version.Compat(loginMsg.Version); !ok {
err = fmt.Errorf("%s", msg)
return
}
// Check auth.
if err = svr.authVerifier.VerifyLogin(loginMsg); err != nil {
2017-03-09 02:03:47 +08:00
return
}
ctl := NewControl(ctx, svr.rc, svr.pxyManager, svr.pluginManager, svr.authVerifier, ctlConn, loginMsg, svr.cfg)
2019-01-15 00:11:08 +08:00
if oldCtl := svr.ctlManager.Add(loginMsg.RunId, ctl); oldCtl != nil {
2018-01-17 01:09:33 +08:00
oldCtl.allShutdown.WaitDone()
2017-03-09 02:03:47 +08:00
}
ctl.Start()
2017-03-23 02:01:25 +08:00
// for statistics
metrics.Server.NewClient()
2019-01-15 00:11:08 +08:00
go func() {
// block until control closed
ctl.WaitClosed()
2019-01-26 21:36:24 +08:00
svr.ctlManager.Del(loginMsg.RunId, ctl)
2019-01-15 00:11:08 +08:00
}()
2017-03-09 02:03:47 +08:00
return
}
// RegisterWorkConn register a new work connection to control and proxies need it.
func (svr *Service) RegisterWorkConn(workConn net.Conn, newMsg *msg.NewWorkConn) error {
2019-10-12 20:13:12 +08:00
xl := frpNet.NewLogFromConn(workConn)
2019-01-15 00:11:08 +08:00
ctl, exist := svr.ctlManager.GetById(newMsg.RunId)
2017-03-09 02:03:47 +08:00
if !exist {
2019-10-12 20:13:12 +08:00
xl.Warn("No client control found for run id [%s]", newMsg.RunId)
return fmt.Errorf("no client control found for run id [%s]", newMsg.RunId)
2017-03-09 02:03:47 +08:00
}
// server plugin hook
content := &plugin.NewWorkConnContent{
User: plugin.UserInfo{
User: ctl.loginMsg.User,
Metas: ctl.loginMsg.Metas,
RunId: ctl.loginMsg.RunId,
},
NewWorkConn: *newMsg,
}
retContent, err := svr.pluginManager.NewWorkConn(content)
if err == nil {
newMsg = &retContent.NewWorkConn
// Check auth.
err = svr.authVerifier.VerifyNewWorkConn(newMsg)
}
if err != nil {
xl.Warn("invalid NewWorkConn with run id [%s]", newMsg.RunId)
msg.WriteMsg(workConn, &msg.StartWorkConn{
Error: util.GenerateResponseErrorString("invalid NewWorkConn", err, ctl.serverCfg.DetailedErrorsToClient),
})
return fmt.Errorf("invalid NewWorkConn with run id [%s]", newMsg.RunId)
}
return ctl.RegisterWorkConn(workConn)
2017-03-09 02:03:47 +08:00
}
2019-10-12 20:13:12 +08:00
func (svr *Service) RegisterVisitorConn(visitorConn net.Conn, newMsg *msg.NewVisitorConn) error {
2019-01-10 20:53:06 +08:00
return svr.rc.VisitorManager.NewConn(newMsg.ProxyName, visitorConn, newMsg.Timestamp, newMsg.SignKey,
2017-06-26 03:02:33 +08:00
newMsg.UseEncryption, newMsg.UseCompression)
}
2019-03-11 14:14:31 +08:00
// Setup a bare-bones TLS config for the server
func generateTLSConfig() *tls.Config {
key, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
panic(err)
}
template := x509.Certificate{SerialNumber: big.NewInt(1)}
certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key)
if err != nil {
panic(err)
}
keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})
tlsCert, err := tls.X509KeyPair(certPEM, keyPEM)
if err != nil {
panic(err)
}
return &tls.Config{Certificates: []tls.Certificate{tlsCert}}
}