fbi-proxy 1.14.0 → 1.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/README.md +18 -5
  2. package/dist/cli.js +2158 -1692
  3. package/package.json +3 -1
  4. package/release/fbi-proxy-linux-arm64 +0 -0
  5. package/release/fbi-proxy-linux-x64 +0 -0
  6. package/release/fbi-proxy-macos-arm64 +0 -0
  7. package/release/fbi-proxy-macos-x64 +0 -0
  8. package/release/fbi-proxy-windows-arm64.exe +0 -0
  9. package/release/fbi-proxy-windows-x64.exe +0 -0
  10. package/rs/fbi-proxy.rs +209 -20
  11. package/rs/lib.rs +4 -8
  12. package/rs/metrics.rs +111 -0
  13. package/rs/tls.rs +243 -0
  14. package/ts/auth/authConfig.ts +19 -1
  15. package/ts/cli.ts +148 -2
  16. package/ts/install-port-forward.ts +149 -0
  17. package/ts/setup.ts +370 -0
package/README.md CHANGED
@@ -42,7 +42,7 @@ FBI-Proxy provides easy HTTPS access to your local services with intelligent dom
42
42
 
43
43
  - [x] **Custom Domain Wizard polish** — Print the DNS A-records to add (`*.example.dev → <ip>`) and a Caddyfile-with-DNS-01 sample for Cloudflare during `--reconfigure` on a non-fbi.com domain
44
44
  - [x] **Hot Reload** — `routes.yaml` is watched; edits reload atomically without a restart (typos keep the previous rules live)
45
- - [ ] **Metrics** — `/varz`-style counters: requests, 2xx/4xx/5xx, upstream-connect-failures, sessions-issued, sessions-refreshed (Prometheus format)
45
+ - [x] **Metrics** — Set `FBI_PROXY_METRICS_PORT=<port>` to expose Prometheus counters on a separate 127.0.0.1-bound admin endpoint: requests, 2xx/3xx/4xx/5xx, upstream connect failures, upstream timeouts, WebSocket upgrades, host-rejected. (fbi-auth-side session counters still on the to-do.)
46
46
  - [ ] **Health Checks** — Active upstream liveness probes, not just per-request failure detection
47
47
  - [ ] **Cloudflare Tunnel / ngrok Integration** — Expose `*.your-domain` publicly without owning a static IP
48
48
 
@@ -123,16 +123,29 @@ Same shape — public wildcard apex points at _something_ — but `*.fbi.com` po
123
123
  ## Usage
124
124
 
125
125
  ```sh
126
- # launch
126
+ # Default: one-shot setup → daemon + system-trusted cert + pf :443→:8443.
127
+ # Pops a single macOS auth dialog the first time, then https://fbi.com/
128
+ # (and *.fbi.com) just works with a green lock. Re-running is idempotent.
127
129
  bunx fbi-proxy
128
130
 
129
- # expose to LAN
130
- bunx fbi-proxy --host 0.0.0.0 --port=2432
131
+ # Custom apex (any wildcard-DNS domain that resolves to 127.0.0.1)
132
+ bunx fbi-proxy --domain example.dev
133
+
134
+ # Tear it all down (oxmgr daemon + pf rule + /etc/pf.conf reference + plist)
135
+ bunx fbi-proxy setup --uninstall
131
136
 
132
- # run with docker
137
+ # Legacy foreground modes (no daemon, no system trust):
138
+ bunx fbi-proxy --with-caddy --domain example.dev # Caddy-fronted TLS
139
+ bunx fbi-proxy --dev # dev / Caddy-internal CA
140
+ bunx fbi-proxy --tls --port 443 # raw Rust TLS, foreground
141
+ FBI_PROXY_PORT=2432 bunx fbi-proxy # explicit non-default port
142
+
143
+ # Docker (foreground, no system integration)
133
144
  docker run --rm --name fbi-proxy --network=host snomiao/fbi-proxy
134
145
  ```
135
146
 
147
+ The default does the full macOS integration: registers an [oxmgr](https://github.com/oxmgr)-managed daemon on `:8443`, writes `/etc/pf.anchors/com.snomiao.fbi-proxy` plus a `/Library/LaunchDaemons/com.snomiao.fbi-proxy-pf.plist` that re-applies the pf rule at boot, and adds the cert to the System keychain. Subsequent boots restore everything without any password prompt.
148
+
136
149
  ## Using with Caddy (Optional)
137
150
 
138
151
  FBI-Proxy focuses on the core proxy functionality. For HTTPS and advanced routing, you can use Caddy as a reverse proxy: