Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature Request] add support for https proxy (frpc -> httpsProxy -> frps) #4584

Open
11 tasks
ofirc opened this issue Dec 15, 2024 · 5 comments
Open
11 tasks
Labels

Comments

@ofirc
Copy link

ofirc commented Dec 15, 2024

Describe the feature request

I saw both in the README.md, the frpc.toml sample, and the golib code itself (link1, link2) that we only support: socks5, http and ntlm:

var supportedDialProxyTypes = []string{"socks5", "http", "ntlm"}

But what if I have an https proxy, e.g. https://my.proxy.server.com:8888 rather than http://my.proxy.server.com:8888?
Was wondering why isn't it supported and what would it take to support an HTTPS proxy?
For the sake of clarity, I don't care about MitM (man-in-the-middle) proxies, I'm talking about a scenario where the frpc (frp client) connects to frps (frp server) through a proxy with an https:// protocol scheme.

I'm guessing that from the user's perspective we'd need to (1) pass a custom CA (as most likely it's a local proxy with a private PKI), (2) add TLS handshake support to golib and the rest should be the same, i.e. pass a CONNECT to frps over that established connection.

I know that it might not make a lot of sense to everyone to actually use an https proxy, but nevertheless wondering what's the dev effort / design considerations that were led to not supporting it.

Thanks!
Ofir

Describe alternatives you've considered

No response

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
@fatedier
Copy link
Owner

I personally haven’t used an HTTPS proxy much myself, but if the behavior is similar to that of an HTTP proxy, we should be able to support it. Would you be able to help modify the code and test/verify it?

@ofirc
Copy link
Author

ofirc commented Dec 16, 2024

Yes, I will update this issue once I change the code and test it.
Thanks!

@xqzr
Copy link

xqzr commented Dec 17, 2024

if the behavior is similar to that of an HTTP proxy, we should be able to support it.

HTTPS 代理在 HTTP/1.1 版本下,只是添加了 TLS,即 HTTP+TLS

@ofirc
Copy link
Author

ofirc commented Jan 22, 2025

@fatedier I've forked golib and added a new commit to it:
ofirc/golib@6c2503e

Let me know what you think of the semantics of the change.
I'm going to test it against stunnel + tinyproxy using this project:
https://github.com/ofirc/go-mtls-proxy

It's going to be interesting to see it working in practice :-)

I'll contribute it back to the repo once it's working. Appreciate your feedback!

@fatedier
Copy link
Owner

You can directly submit a PR to the golib repository for easier review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants