fbi-proxy 1.6.1 → 1.7.0

package/README.md

@@ -2,6 +2,37 @@
 
 FBI-Proxy provides easy HTTPS access to your local services with intelligent domain routing.
 
+## Features
+
+### Current Features ✅
+
+- **Intelligent Domain Routing**: Multiple routing patterns for flexible service access
+  - Port-based routing (e.g., `3000.fbi.com` → `localhost:3000`)
+  - Host--Port routing (e.g., `api--3001.fbi.com` → `api:3001`)
+  - Subdomain routing with Host headers (e.g., `admin.app.fbi.com` → `app:80`)
+  - Direct host forwarding (e.g., `myserver.fbi.com` → `myserver:80`)
+- **WebSocket Support**: Full WebSocket connection support for all routing patterns
+- **High Performance**: Built with Rust for optimal performance and low resource usage
+- **Easy Setup**: Simple one-command installation and startup
+- **Docker Support**: Available as a Docker image for containerized deployments
+- **Flexible Configuration**: Environment variables and CLI options for customization
+- **Cross-Platform**: Works on macOS, Linux, and Windows
+- **Integration Ready**: Compatible with reverse proxies like Caddy for HTTPS
+
+## Roadmap
+
+### Next Up 🚧
+- [ ] **Configuration File Support** - YAML/JSON config for persistent routing rules
+- [ ] **Access Control** - Domain filtering, host/port whitelisting
+- [ ] **Request Logging** - Basic access logs for debugging
+- [ ] **Health Checks** - Simple upstream service availability monitoring
+
+### Future Improvements 🔮
+- [ ] **Load Balancing** - Round-robin between multiple upstream targets
+- [ ] **Metrics** - Basic statistics (requests, response times, errors)
+- [ ] **Hot Reload** - Update configuration without restart
+- [ ] **Custom Headers** - Add/modify headers for specific routes
+
 ## Routing Examples
 
 ```bash
@@ -32,13 +63,53 @@ bunx fbi-proxy
 # expose to LAN
 bunx fbi-proxy --host 0.0.0.0 --port=2432
 
-# with caddy, forwarding *.fbi.com
-bunx fbi-proxy --caddy=fbi.com
+# run with docker
+docker run --rm --name fbi-proxy --network=host snomiao/fbi-proxy
+```
+
+## Using with Caddy (Optional)
+
+FBI-Proxy focuses on the core proxy functionality. For HTTPS and advanced routing, you can use Caddy as a reverse proxy:
+
+### Install Caddy
 
-# run with docker, forwarding *.your-domain.com to host.
-docker run --rm --name fbi-proxy --network=host -v caddy_data:/etc/caddy/data snomiao/fbi-proxy --reverse-proxy=your-domain.com
+```bash
+# macOS
+brew install caddy
+
+# Ubuntu/Debian
+sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
+sudo apt update
+sudo apt install caddy
+
+# Or download from https://caddyserver.com/download
 ```
 
+### Caddyfile Example
+
+Create a `Caddyfile` to route `*.fbi.com` to FBI-Proxy:
+
+```caddyfile
+*.fbi.com {
+    reverse_proxy localhost:2432
+    tls internal
+}
+```
+
+### Run Both Services
+
+```bash
+# Terminal 1: Start FBI-Proxy
+bunx fbi-proxy
+
+# Terminal 2: Start Caddy
+caddy run --config Caddyfile
+```
+
+Now you can access your services via HTTPS at `https://*.fbi.com`!
+
 ## Development
 
 ```bash
@@ -56,7 +127,6 @@ bun run build && bun run start
 
 - **Bun**: https://bun.sh/
 - **Rust**: https://rustup.rs/
-- **Caddy**: Auto-downloaded if not found
 
 ### Configuration
 

package/dist/cli.js

@@ -4989,6 +4989,7 @@ var yargs_default = Yargs;
 
 // ts/buildFbiProxy.ts
 import { existsSync } from "fs";
+import { chmod } from "fs/promises";
 
 // ts/getProxyFilename.ts
 function getFbiProxyFilename() {
@@ -5124,13 +5125,18 @@ async function getFbiProxyBinary({ rebuild = false } = {}) {
   const release = "./release/" + binaryName;
   const built = `./target/release/fbi-proxy${isWin ? ".exe" : ""}`;
   if (!rebuild && existsSync(built)) {
+    await chmod(built, 493).catch(() => {});
     return built;
   }
-  if (!rebuild && existsSync(release))
+  if (!rebuild && existsSync(release)) {
+    await chmod(release, 493).catch(() => {});
     return release;
+  }
   await $`cargo build --release`;
-  if (existsSync(built))
+  if (existsSync(built)) {
+    await chmod(built, 493).catch(() => {});
     return built;
+  }
   throw new Error("Oops, failed to build fbi-proxy binary. Please check your Rust setup.");
 }
 
@@ -5217,37 +5223,15 @@ var $2 = Object.assign(dSpawn2(), {
   cwd: (path) => dSpawn2({ cwd: path })
 });
 
-// ts/downloadCaddy.ts
-import { existsSync as existsSync2 } from "fs";
-if (false) {}
-async function downloadCaddy() {
-  const pwdCaddy = "./node_modules/.bin/caddy";
-  if (existsSync2(pwdCaddy))
-    return pwdCaddy;
-  if (await $`caddy --version`.catch(() => false)) {
-    return "caddy";
-  }
-  throw new Error("Failed to download Caddy. Please install Caddy manually or check your network connection.");
-}
-
 // ts/cli.ts
 process.chdir(path.resolve(import.meta.dir, ".."));
-var argv = await yargs_default(hideBin(process.argv)).option("fbihost", {
-  type: "string",
-  default: "fbi.com",
-  description: "Set the FBI host"
-}).option("caddy", {
-  type: "boolean",
-  default: false,
-  description: "Start Caddy server"
-}).option("dev", {
+await yargs_default(hideBin(process.argv)).option("dev", {
   alias: "d",
   type: "boolean",
   default: false,
   description: "Run in development mode"
 }).help().argv;
 console.log("Preparing Binaries");
-var FBIHOST = argv.fbihost;
 var FBIPROXY_PORT = String(await getPorts({ port: 2432 }));
 var proxyProcess = await hotMemo(async () => {
   const proxy = await getFbiProxyBinary();
@@ -5264,35 +5248,12 @@ var proxyProcess = await hotMemo(async () => {
   });
   return p;
 });
-var caddyProcess = null;
-if (argv.caddy) {
-  const caddy = await downloadCaddy();
-  caddyProcess = await hotMemo(async () => {
-    const p = $2.opt({
-      env: {
-        ...process.env,
-        FBIPROXY_PORT,
-        FBIHOST
-      }
-    })`${caddy} run`.process;
-    p.on("exit", (code) => {
-      console.log(`Caddy exited with code ${code}`);
-      process.exit(code || 0);
-    });
-    return p;
-  });
-}
 console.log("All services started successfully!");
 console.log(`Proxy server PID: ${proxyProcess.pid}`);
-if (caddyProcess) {
-  console.log(`Caddy server PID: ${caddyProcess.pid}`);
-} else {
-  console.log("Caddy server not started (use --caddy to start it)");
-}
+console.log(`Proxy server running on port: ${FBIPROXY_PORT}`);
 var exit = () => {
   console.log("Shutting down...");
   proxyProcess?.kill?.();
-  caddyProcess?.kill?.();
   process.exit(0);
 };
 process.on("SIGINT", exit);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fbi-proxy",
-  "version": "1.6.1",
+  "version": "1.7.0",
   "description": "FBI-Proxy provides easy HTTPS access to your local services with intelligent domain routing",
   "keywords": [
     "development-tools",
@@ -24,7 +24,6 @@
     "fbi-proxy": "dist/cli.js"
   },
   "files": [
-    "Caddyfile",
     "dist",
     "release",
     "rs",
@@ -75,7 +74,5 @@
       "bun --bun prettier --write"
     ]
   },
-  "trustedDependencies": [
-    "@radically-straightforward/caddy"
-  ]
+  "trustedDependencies": []
 }

package/rs/fbi-proxy.rs

@@ -1,20 +1,27 @@
 use clap::{Arg, Command};
 use futures_util::{SinkExt, StreamExt};
+use http_body_util::{BodyExt, Full};
+use hyper::body::{Bytes, Incoming};
 use hyper::header::{HeaderValue, HOST};
-use hyper::service::{make_service_fn, service_fn};
-use hyper::{Body, Client, Request, Response, Server, StatusCode, Uri};
+use hyper::server::conn::http1;
+use hyper::service::service_fn;
+use hyper::{Request, Response, StatusCode, Uri};
 use hyper_tungstenite::{HyperWebsocket, WebSocketStream};
+use hyper_util::client::legacy::{Client, connect::HttpConnector};
+use hyper_util::rt::TokioIo;
 use log::{error, info};
 use regex::Regex;
 use std::convert::Infallible;
 use std::net::SocketAddr;
 use std::sync::Arc;
+use tokio::net::TcpListener;
 use tokio_tungstenite::connect_async;
 
 type BoxError = Box<dyn std::error::Error + Send + Sync>;
+type BoxBody = http_body_util::combinators::BoxBody<Bytes, hyper::Error>;
 
 pub struct FBIProxy {
-    client: Client<hyper::client::HttpConnector>,
+    client: Client<HttpConnector, BoxBody>,
     number_regex: Regex,
     domain_filter: Option<String>,
 }
@@ -51,8 +58,12 @@ for subdomains
 */
 impl FBIProxy {
     pub fn new(domain_filter: Option<String>) -> Self {
+        let connector = HttpConnector::new();
+        let client = Client::builder(hyper_util::rt::TokioExecutor::new())
+            .build(connector);
+
         Self {
-            client: Client::new(),
+            client,
             number_regex: Regex::new(r"^\d+$").unwrap(),
             domain_filter,
         }
@@ -131,7 +142,7 @@ impl FBIProxy {
         Some((format!("{}:80", host), host.to_string()))
     }
 
-    pub async fn handle_request(&self, mut req: Request<Body>) -> Result<Response<Body>, BoxError> {
+    pub async fn handle_request(&self, req: Request<Incoming>) -> Result<Response<BoxBody>, BoxError> {
         // Extract host from headers and process according to rules
         let host_header = req
             .headers()
@@ -157,7 +168,7 @@ impl FBIProxy {
                 );
                 return Ok(Response::builder()
                     .status(StatusCode::BAD_GATEWAY)
-                    .body(Body::from("Bad Gateway: Host not allowed"))?);
+                    .body(Full::new(Bytes::from("Bad Gateway: Host not allowed")).map_err(|e| match e {}).boxed())?);
             }
         };
         
@@ -180,17 +191,22 @@ impl FBIProxy {
         );
         let target_uri: Uri = target_url.parse()?;
 
+        // Convert incoming body to a format the client can use
+        let (mut parts, incoming_body) = req.into_parts();
+        let body = incoming_body.map_err(|e| e).boxed();
+
         // Update request URI and headers
-        *req.uri_mut() = target_uri;
-        req.headers_mut()
-            .insert(HOST, HeaderValue::from_str(&new_host)?);
-        req.headers_mut().remove("content-encoding");
+        parts.uri = target_uri;
+        parts.headers.insert(HOST, HeaderValue::from_str(&new_host)?);
+        // Preserve content-encoding header to maintain compression
+
+        // Rebuild the request with the converted body
+        let new_req = Request::from_parts(parts, body);
 
         // Forward the request
-        match self.client.request(req).await {
-            Ok(mut response) => {
-                // Remove content-encoding header from response
-                response.headers_mut().remove("content-encoding");
+        match self.client.request(new_req).await {
+            Ok(response) => {
+                // Preserve content-encoding header in response to maintain compression
                 let status = response.status();
                 info!(
                     "{} {}@{}{} {}",
@@ -200,7 +216,10 @@ impl FBIProxy {
                     original_uri,
                     status.as_u16()
                 );
-                Ok(response)
+                // Convert the response body back to BoxBody
+                let (parts, body) = response.into_parts();
+                let boxed_body = body.map_err(|e| e).boxed();
+                Ok(Response::from_parts(parts, boxed_body))
             }
             Err(e) => {
                 error!(
@@ -213,17 +232,17 @@ impl FBIProxy {
                 );
                 Ok(Response::builder()
                     .status(StatusCode::BAD_GATEWAY)
-                    .body(Body::from("FBIPROXY ERROR"))?)
+                    .body(Full::new(Bytes::from("FBIPROXY ERROR")).map_err(|e| match e {}).boxed())?)
             }
         }
     }
 
     async fn handle_websocket_upgrade(
         &self,
-        req: Request<Body>,
+        req: Request<Incoming>,
         target_host: &str,
         _new_host: &str, // Currently not used for WebSocket connections, but kept for consistency
-    ) -> Result<Response<Body>, BoxError> {
+    ) -> Result<Response<BoxBody>, BoxError> {
         let uri = req.uri().clone();
         let ws_url = format!(
             "ws://{}{}",
@@ -241,7 +260,7 @@ impl FBIProxy {
                 error!("WS :ws:{} => :ws:{}{} 502 ({})", target_host, target_host, uri, e);
                 return Ok(Response::builder()
                     .status(StatusCode::BAD_GATEWAY)
-                    .body(Body::from("WebSocket connection failed"))?);
+                    .body(Full::new(Bytes::from("WebSocket connection failed")).map_err(|e| match e {}).boxed())?);
             }
         };
 
@@ -254,7 +273,9 @@ impl FBIProxy {
         });
 
         info!("WS :ws:{} => :ws:{}{} 101", target_host, target_host, uri);
-        Ok(response)
+        let (parts, body) = response.into_parts();
+        let boxed_body = body.map_err(|_: std::convert::Infallible| unreachable!()).boxed();
+        Ok(Response::from_parts(parts, boxed_body))
     }
 }
 
@@ -305,39 +326,27 @@ async fn handle_websocket_forwarding(
 }
 
 async fn handle_connection(
-    req: Request<Body>,
+    req: Request<Incoming>,
     proxy: Arc<FBIProxy>,
-) -> Result<Response<Body>, Infallible> {
+) -> Result<Response<BoxBody>, Infallible> {
     match proxy.handle_request(req).await {
         Ok(response) => Ok(response),
         Err(e) => {
             error!("Request handling error: {}", e);
             Ok(Response::builder()
                 .status(StatusCode::INTERNAL_SERVER_ERROR)
-                .body(Body::from("Internal Server Error"))
+                .body(Full::new(Bytes::from("Internal Server Error")).map_err(|e| match e {}).boxed())
                 .unwrap())
         }
     }
 }
 
-pub async fn start_proxy_server(port: u16) -> Result<(), BoxError> {
-    start_proxy_server_with_options("127.0.0.1", port, None).await
-}
-
-pub async fn start_proxy_server_with_host(host: &str, port: u16) -> Result<(), BoxError> {
-    start_proxy_server_with_options(host, port, None).await
-}
-
-pub async fn start_proxy_server_with_options(host: &str, port: u16, domain_filter: Option<String>) -> Result<(), BoxError> {
+pub async fn start_proxy_server(host: Option<&str>, port: u16, domain_filter: Option<String>) -> Result<(), BoxError> {
+    let host = host.unwrap_or("127.0.0.1");
     let addr: SocketAddr = format!("{}:{}", host, port).parse()?;
     let proxy = Arc::new(FBIProxy::new(domain_filter.clone()));
 
-    let make_svc = make_service_fn(move |_conn: &hyper::server::conn::AddrStream| {
-        let proxy = proxy.clone();
-        async move { Ok::<_, Infallible>(service_fn(move |req| handle_connection(req, proxy.clone()))) }
-    });
-
-    let server = Server::bind(&addr).serve(make_svc);
+    let listener = TcpListener::bind(addr).await?;
 
     info!("FBI Proxy server running on http://{}", addr);
     println!("FBI Proxy listening on: http://{}", addr);
@@ -351,17 +360,31 @@ pub async fn start_proxy_server_with_options(host: &str, port: u16, domain_filte
 
     info!("Features: HTTP proxying + WebSocket forwarding + Port encoding + Domain filtering");
 
-    if let Err(e) = server.await {
-        error!("Server error: {}", e);
-    }
+    loop {
+        let (stream, _) = listener.accept().await?;
+        let io = TokioIo::new(stream);
+        let proxy = proxy.clone();
 
-    Ok(())
+        tokio::task::spawn(async move {
+            let service = service_fn(move |req| handle_connection(req, proxy.clone()));
+
+            if let Err(err) = http1::Builder::new()
+                .preserve_header_case(true)
+                .title_case_headers(true)
+                .serve_connection(io, service)
+                .with_upgrades()
+                .await
+            {
+                error!("Error serving connection: {:?}", err);
+            }
+        });
+    }
 }
 
 fn main() {
     env_logger::init();
 
-    let matches = Command::new("fbi-proxy")
+    let matches = Command::new(env!("CARGO_CRATE_NAME"))
         .version("0.1.1")
         .about("A fast and flexible proxy server with smart host header parsing and WebSocket support")
         .long_about(
@@ -454,7 +477,7 @@ TRY RUN:
             "Starting FBI-Proxy on {}:{} with domain filter: {:?}",
             host, port, domain_filter
         );
-        if let Err(e) = start_proxy_server_with_options(host, port, domain_filter).await {
+        if let Err(e) = start_proxy_server(Some(host), port, domain_filter).await {
             error!("Failed to start proxy server: {}", e);
         }
     });

package/ts/buildFbiProxy.ts

@@ -1,9 +1,7 @@
-import fsp from "fs/promises";
 import { existsSync } from "fs";
+import { chmod } from "fs/promises";
 import { getFbiProxyFilename } from "./getProxyFilename";
-import { copyFile } from "fs/promises";
 import { $ } from "./dSpawn";
-import { mkdir } from "fs/promises";
 
 if (import.meta.main) {
   await getFbiProxyBinary();
@@ -24,15 +22,25 @@ export async function getFbiProxyBinary({ rebuild = false } = {}) {
 
   // return built if exists
   if (!rebuild && existsSync(built)) {
+    // Ensure the binary has execute permissions
+    await chmod(built, 0o755).catch(() => {}); // Ignore errors if we can't change permissions
     return built;
   }
 
   // return release if exists
-  if (!rebuild && existsSync(release)) return release;
+  if (!rebuild && existsSync(release)) {
+    // Ensure the binary has execute permissions
+    await chmod(release, 0o755).catch(() => {}); // Ignore errors if we can't change permissions
+    return release;
+  }
 
   // build and return built target
   await $`cargo build --release`;
-  if (existsSync(built)) return built;
+  if (existsSync(built)) {
+    // Ensure the binary has execute permissions
+    await chmod(built, 0o755).catch(() => {}); // Ignore errors if we can't change permissions
+    return built;
+  }
 
   throw new Error(
     "Oops, failed to build fbi-proxy binary. Please check your Rust setup.",

package/ts/cli.ts

@@ -6,22 +6,11 @@ import yargs from "yargs";
 import { hideBin } from "yargs/helpers";
 import { getFbiProxyBinary } from "./buildFbiProxy";
 import { $ } from "./dSpawn";
-import { downloadCaddy } from "./downloadCaddy";
 
 process.chdir(path.resolve(import.meta.dir, "..")); // Change to project root directory
 
 // Parse command line arguments with yargs
-const argv = await yargs(hideBin(process.argv))
-  .option("fbihost", {
-    type: "string",
-    default: "fbi.com",
-    description: "Set the FBI host",
-  })
-  .option("caddy", {
-    type: "boolean",
-    default: false,
-    description: "Start Caddy server",
-  })
+await yargs(hideBin(process.argv))
   .option("dev", {
     alias: "d",
     type: "boolean",
@@ -32,7 +21,6 @@ const argv = await yargs(hideBin(process.argv))
 
 console.log("Preparing Binaries");
 
-const FBIHOST = argv.fbihost;
 const FBIPROXY_PORT = String(await getPort({ port: 2432 }));
 
 const proxyProcess = await hotMemo(async () => {
@@ -52,40 +40,13 @@ const proxyProcess = await hotMemo(async () => {
   return p;
 });
 
-let caddyProcess: any = null;
-
-// Only start Caddy if --caddy flag is passed
-if (argv.caddy) {
-  const caddy = await downloadCaddy();
-  caddyProcess = await hotMemo(async () => {
-    const p = $.opt({
-      env: {
-        ...process.env,
-        FBIPROXY_PORT, // Rust proxy server port
-        FBIHOST,
-      },
-    })`${caddy} run`.process;
-    p.on("exit", (code) => {
-      console.log(`Caddy exited with code ${code}`);
-      process.exit(code || 0);
-    });
-    return p;
-  });
-}
-
 console.log("All services started successfully!");
-// show process pids
 console.log(`Proxy server PID: ${proxyProcess.pid}`);
-if (caddyProcess) {
-  console.log(`Caddy server PID: ${caddyProcess.pid}`);
-} else {
-  console.log("Caddy server not started (use --caddy to start it)");
-}
+console.log(`Proxy server running on port: ${FBIPROXY_PORT}`);
 
 const exit = () => {
   console.log("Shutting down...");
   proxyProcess?.kill?.();
-  caddyProcess?.kill?.();
   process.exit(0);
 };
 process.on("SIGINT", exit);

package/Caddyfile

@@ -1,47 +0,0 @@
-{
-	admin off
-	# TODO: add ondemand tls endpoint to cli.ts
-	# - [Global options (Caddyfile) — Caddy Documentation]( https://caddyserver.com/docs/caddyfile/options#on-demand-tls )
-	# make a endpoint to handle /CHECK_TLS?domain=..., and return 200 if domain is valid
-	# 
-	# on_demand_tls {
-	# 	ask http://localhost:{$PROX}/CHECK_TLS
-	# }
-	servers {
-		trusted_proxies static private_ranges
-		trusted_proxies_strict
-	}
-	# auto_https disable_redirects
-}
-
-# unwrap all https
-http://*, http://*.*, http://*.*.*, http://*.*.*.*, https://*, https://*.*, https://*.*.*, https://*.*.*.* {
-	tls internal {
-		on_demand
-	}
-	# match **.fbi.com use regex match against to host
-	@subhost {
-		header_regexp subhost Host ^((?:(.+)\.)?{$FBIHOST:fbi.com})$
-	}
-	@fullhost {
-		header_regexp fullhost Host ^(.+)$
-	}
-	# debug
-	# handle @subhost {
-	# 	respond "https://{re.subhost.1}{uri} => http://{re.subhost.2}{uri}"
-	# }
-
-	reverse_proxy @subhost :{$FBIPROXY_PORT:24306} {
-		# strip the fbi.com part from the host
-		header_up Host {re.subhost.2}
-		# header_up X-Forwarded-Host {re.subhost.1}
-	}
-	reverse_proxy @fullhost :{$FBIPROXY_PORT:24306} {
-		header_up Host {re.fullhost.1}
-	}
-
-	# 3000.amd.fbi.com => *.amd.fbi.com goes to amd.fbi.com with 3000.localhost host
-
-	# for all other hosts, 404
-	# respond 404
-}

package/ts/downloadCaddy.ts

@@ -1,24 +0,0 @@
-import { existsSync } from "fs";
-import { $ } from "./dSpawn";
-
-if (import.meta.main) {
-  // if this file is run directly, download caddy
-  const caddy = await downloadCaddy();
-  console.log(`Caddy downloaded to: ${caddy}`);
-  process.exit(0);
-}
-
-export async function downloadCaddy() {
-  // use pwdCaddy if already downloaded
-  const pwdCaddy = "./node_modules/.bin/caddy";
-  if (existsSync(pwdCaddy)) return pwdCaddy;
-
-  // // or use system caddy if installed, run `caddy --version` to check
-  if (await $`caddy --version`.catch(() => false)) {
-    return "caddy";
-  }
-
-  throw new Error(
-    "Failed to download Caddy. Please install Caddy manually or check your network connection.",
-  );
-}