update
All checks were successful
Build Multi-Platform Binaries / build-frontend (push) Successful in 30s
Build Multi-Platform Binaries / build-binaries (amd64, darwin, server, false) (push) Successful in 58s
Build Multi-Platform Binaries / build-binaries (amd64, linux, client, true) (push) Successful in 48s
Build Multi-Platform Binaries / build-binaries (amd64, linux, server, true) (push) Successful in 1m23s
Build Multi-Platform Binaries / build-binaries (amd64, windows, client, true) (push) Successful in 56s
Build Multi-Platform Binaries / build-binaries (amd64, windows, server, true) (push) Successful in 58s
Build Multi-Platform Binaries / build-binaries (arm, 7, linux, client, true) (push) Successful in 52s
Build Multi-Platform Binaries / build-binaries (arm, 7, linux, server, true) (push) Successful in 1m42s
Build Multi-Platform Binaries / build-binaries (arm64, darwin, server, false) (push) Successful in 1m19s
Build Multi-Platform Binaries / build-binaries (arm64, linux, client, true) (push) Successful in 54s
Build Multi-Platform Binaries / build-binaries (arm64, linux, server, true) (push) Successful in 2m3s
Build Multi-Platform Binaries / build-binaries (arm64, windows, server, false) (push) Successful in 1m1s
All checks were successful
Build Multi-Platform Binaries / build-frontend (push) Successful in 30s
Build Multi-Platform Binaries / build-binaries (amd64, darwin, server, false) (push) Successful in 58s
Build Multi-Platform Binaries / build-binaries (amd64, linux, client, true) (push) Successful in 48s
Build Multi-Platform Binaries / build-binaries (amd64, linux, server, true) (push) Successful in 1m23s
Build Multi-Platform Binaries / build-binaries (amd64, windows, client, true) (push) Successful in 56s
Build Multi-Platform Binaries / build-binaries (amd64, windows, server, true) (push) Successful in 58s
Build Multi-Platform Binaries / build-binaries (arm, 7, linux, client, true) (push) Successful in 52s
Build Multi-Platform Binaries / build-binaries (arm, 7, linux, server, true) (push) Successful in 1m42s
Build Multi-Platform Binaries / build-binaries (arm64, darwin, server, false) (push) Successful in 1m19s
Build Multi-Platform Binaries / build-binaries (arm64, linux, client, true) (push) Successful in 54s
Build Multi-Platform Binaries / build-binaries (arm64, linux, server, true) (push) Successful in 2m3s
Build Multi-Platform Binaries / build-binaries (arm64, windows, server, false) (push) Successful in 1m1s
This commit is contained in:
Flik
67
README.md
67
README.md
@@ -54,14 +54,19 @@ GoTunnel 是一个类似 frp 的内网穿透解决方案,核心特点是**服
|
||||
### 安全性
|
||||
|
||||
- **TLS 加密** - 默认启用 TLS 加密,证书自动生成,零配置
|
||||
- **TOFU 证书验证** - 首次连接信任 (Trust On First Use),防止中间人攻击
|
||||
- **Token 认证** - 基于 Token 的身份验证机制
|
||||
- **客户端白名单** - 仅配置的客户端 ID 可以连接
|
||||
- **强制 Web 认证** - Web 控制台强制启用 JWT 认证
|
||||
- **安全审计日志** - 记录所有认证事件和安全相关操作
|
||||
- **连接数限制** - 防止资源耗尽攻击 (默认 10000 连接上限)
|
||||
- **客户端 ID 验证** - 严格的 ID 格式校验,防止注入攻击
|
||||
|
||||
### 可靠性
|
||||
|
||||
- **心跳检测** - 可配置的心跳间隔和超时时间,及时发现断线
|
||||
- **断线重连** - 客户端自动重连机制,网络恢复后自动恢复服务
|
||||
- **优雅关闭** - 客户端断开时自动释放端口资源
|
||||
- **优雅关闭** - 支持 SIGINT/SIGTERM 信号,安全关闭所有连接
|
||||
- **资源自动释放** - 客户端断开时自动释放端口资源
|
||||
|
||||
### Web 管理
|
||||
|
||||
@@ -123,6 +128,7 @@ go build -o client ./cmd/client
|
||||
| `-t` | 认证 Token | 是 |
|
||||
| `-id` | 客户端 ID | 否(服务端自动分配) |
|
||||
| `-no-tls` | 禁用 TLS 加密 | 否 |
|
||||
| `-skip-verify` | 跳过证书验证(不安全,仅测试用) | 否 |
|
||||
|
||||
## 配置系统
|
||||
|
||||
@@ -242,30 +248,55 @@ GoTunnel/
|
||||
|
||||
## 插件系统
|
||||
|
||||
GoTunnel 支持基于 WASM 的插件系统,可扩展代理协议支持。
|
||||
GoTunnel 支持灵活的插件系统,可扩展代理协议和应用功能。
|
||||
|
||||
### 架构设计
|
||||
### 插件类型
|
||||
|
||||
- **内置类型**: tcp, udp, http, https 直接在 tunnel 代码中处理,无需插件
|
||||
- **官方插件**: SOCKS5 作为官方插件提供
|
||||
- **WASM 插件**: 自定义插件可通过 wazero 运行时动态加载
|
||||
- **混合分发**: 内置插件离线可用;WASM 插件可从服务端下载
|
||||
| 类型 | 说明 | 运行位置 |
|
||||
|------|------|----------|
|
||||
| `proxy` | 代理协议插件 (如 SOCKS5) | 服务端 |
|
||||
| `app` | 应用插件 (如 HTTP 文件服务) | 客户端 |
|
||||
|
||||
### 开发自定义插件
|
||||
### 插件来源
|
||||
|
||||
插件需实现 `ProxyHandler` 接口:
|
||||
- **内置插件**: 编译在二进制中,离线可用
|
||||
- **JS 插件**: 基于 goja 运行时,支持动态加载和热更新
|
||||
- **扩展商店**: 从官方商店浏览和安装插件
|
||||
|
||||
```go
|
||||
type ProxyHandler interface {
|
||||
Metadata() PluginMetadata
|
||||
Init(config map[string]string) error
|
||||
HandleConn(conn net.Conn, dialer Dialer) error
|
||||
Close() error
|
||||
### 开发 JS 插件
|
||||
|
||||
详细的插件开发文档请参考 [PLUGINS.md](PLUGINS.md)。
|
||||
|
||||
**快速示例 - Echo 插件:**
|
||||
|
||||
```javascript
|
||||
function metadata() {
|
||||
return {
|
||||
name: "echo",
|
||||
version: "1.0.0",
|
||||
type: "app",
|
||||
description: "Echo service plugin",
|
||||
author: "GoTunnel"
|
||||
};
|
||||
}
|
||||
|
||||
function start() {
|
||||
log("Echo plugin started");
|
||||
}
|
||||
|
||||
function handleConn(conn) {
|
||||
var data = conn.Read(1024);
|
||||
if (data) {
|
||||
conn.Write(data);
|
||||
}
|
||||
conn.Close();
|
||||
}
|
||||
|
||||
function stop() {
|
||||
log("Echo plugin stopped");
|
||||
}
|
||||
```
|
||||
|
||||
参考实现:`pkg/plugin/builtin/socks5.go`
|
||||
|
||||
## Web API
|
||||
|
||||
Web 控制台提供 RESTful API 用于管理客户端和配置。配置了 `username` 和 `password` 后,API 需要 JWT 认证。
|
||||
|
||||
Reference in New Issue
Block a user