frp icon indicating copy to clipboard operation
frp copied to clipboard
verified publisher icon fatedier

[Feature Request] add support for https proxy (frpc -> httpsProxy -> frps)

Open ofirc opened this issue 1 year ago • 5 comments

Describe the feature request

I saw both in the README.md, the frpc.toml sample, and the golib code itself (link1, link2) that we only support: socks5, http and ntlm:

var supportedDialProxyTypes = []string{"socks5", "http", "ntlm"}

But what if I have an https proxy, e.g. https://my.proxy.server.com:8888 rather than http://my.proxy.server.com:8888? Was wondering why isn't it supported and what would it take to support an HTTPS proxy? For the sake of clarity, I don't care about MitM (man-in-the-middle) proxies, I'm talking about a scenario where the frpc (frp client) connects to frps (frp server) through a proxy with an https:// protocol scheme.

I'm guessing that from the user's perspective we'd need to (1) pass a custom CA (as most likely it's a local proxy with a private PKI), (2) add TLS handshake support to golib and the rest should be the same, i.e. pass a CONNECT to frps over that established connection.

I know that it might not make a lot of sense to everyone to actually use an https proxy, but nevertheless wondering what's the dev effort / design considerations that were led to not supporting it.

Thanks! Ofir

Describe alternatives you've considered

No response

Affected area

  • [ ] Docs
  • [ ] Installation
  • [ ] Performance and Scalability
  • [ ] Security
  • [ ] User Experience
  • [ ] Test and Release
  • [ ] Developer Infrastructure
  • [ ] Client Plugin
  • [ ] Server Plugin
  • [ ] Extensions
  • [ ] Others

ofirc avatar Dec 15 '24 22:12 ofirc

I personally haven’t used an HTTPS proxy much myself, but if the behavior is similar to that of an HTTP proxy, we should be able to support it. Would you be able to help modify the code and test/verify it?

fatedier avatar Dec 16 '24 04:12 fatedier

Yes, I will update this issue once I change the code and test it. Thanks!

ofirc avatar Dec 16 '24 13:12 ofirc

if the behavior is similar to that of an HTTP proxy, we should be able to support it.

HTTPS 代理在 HTTP/1.1 版本下,只是添加了 TLS,即 HTTP+TLS

xqzr avatar Dec 17 '24 19:12 xqzr

@fatedier I've forked golib and added a new commit to it: https://github.com/ofirc/golib/commit/6c2503ed9c1271e76a6af6634a533d7c5b342014

Let me know what you think of the semantics of the change. I'm going to test it against stunnel + tinyproxy using this project: https://github.com/ofirc/go-mtls-proxy

It's going to be interesting to see it working in practice :-)

I'll contribute it back to the repo once it's working. Appreciate your feedback!

ofirc avatar Jan 22 '25 00:01 ofirc

You can directly submit a PR to the golib repository for easier review.

fatedier avatar Jan 22 '25 03:01 fatedier

Issues go stale after 14d of inactivity. Stale issues rot after an additional 3d of inactivity and eventually close.

github-actions[bot] avatar Nov 21 '25 00:11 github-actions[bot]