fbi-proxy 1.8.1 → 1.9.1

package/README.md

@@ -1,5 +1,10 @@
 # fbi-proxy
 
+[![npm version](https://img.shields.io/npm/v/fbi-proxy)](https://www.npmjs.com/package/fbi-proxy)
+[![crates.io](https://img.shields.io/crates/v/fbi-proxy)](https://crates.io/crates/fbi-proxy)
+[![GitHub release](https://img.shields.io/github/v/release/snomiao/fbi-proxy)](https://github.com/snomiao/fbi-proxy/releases/latest)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
 FBI-Proxy provides easy HTTPS access to your local services with intelligent domain routing.
 
 ## Features
@@ -22,12 +27,14 @@ FBI-Proxy provides easy HTTPS access to your local services with intelligent dom
 ## Roadmap
 
 ### Next Up 🚧
+
 - [ ] **Configuration File Support** - YAML/JSON config for persistent routing rules
 - [ ] **Access Control** - Domain filtering, host/port whitelisting
 - [ ] **Request Logging** - Basic access logs for debugging
 - [ ] **Health Checks** - Simple upstream service availability monitoring
 
 ### Future Improvements 🔮
+
 - [ ] **Load Balancing** - Round-robin between multiple upstream targets
 - [ ] **Metrics** - Basic statistics (requests, response times, errors)
 - [ ] **Hot Reload** - Update configuration without restart
@@ -134,12 +141,12 @@ bun run build && bun run start
 
 FBI-Proxy supports the following environment variables for configuration:
 
-| Variable | Description | Default |
-|----------|-------------|---------|
-| `FBI_PROXY_PORT` | Port for the proxy server to listen on | `2432` |
-| `FBI_PROXY_HOST` | Host/IP address to bind to | `127.0.0.1` |
-| `RUST_LOG` | Log level for the Rust proxy (error, warn, info, debug, trace) | `info` |
-| `FBIPROXY_PORT` | Internal proxy port (auto-assigned) | Auto |
+| Variable         | Description                                                    | Default     |
+| ---------------- | -------------------------------------------------------------- | ----------- |
+| `FBI_PROXY_PORT` | Port for the proxy server to listen on                         | `2432`      |
+| `FBI_PROXY_HOST` | Host/IP address to bind to                                     | `127.0.0.1` |
+| `RUST_LOG`       | Log level for the Rust proxy (error, warn, info, debug, trace) | `info`      |
+| `FBIPROXY_PORT`  | Internal proxy port (auto-assigned)                            | Auto        |
 
 Command-line arguments take precedence over environment variables.
 

package/dist/cli.js

@@ -132,7 +132,7 @@ async function hotMemo(fn, args = [], key = `_HOTMEMO_${g["_HOTMEMO_SALT_"]}_${S
 hotMemo.cache = cache;
 
 // ts/cli.ts
-import path from "path";
+import path2 from "path";
 
 // node_modules/yargs/lib/platform-shims/esm.mjs
 import { notStrictEqual, strictEqual } from "assert";
@@ -4990,6 +4990,7 @@ var yargs_default = Yargs;
 // ts/buildFbiProxy.ts
 import { existsSync } from "fs";
 import { chmod } from "fs/promises";
+import path from "path";
 
 // ts/getProxyFilename.ts
 function getFbiProxyFilename() {
@@ -5117,15 +5118,27 @@ var $ = Object.assign(dSpawn(), {
 
 // ts/buildFbiProxy.ts
 if (false) {}
-async function getFbiProxyBinary({ rebuild = false } = {}) {
+async function getFbiProxyBinary({
+  rebuild = false,
+  originalCwd = ""
+} = {}) {
   const isWin = process.platform === "win32";
   const binaryName = getFbiProxyFilename();
+  const binarySuffix = isWin ? ".exe" : "";
+  if (!rebuild && originalCwd) {
+    const localBuilt = path.join(originalCwd, `target/release/fbi-proxy${binarySuffix}`);
+    if (existsSync(localBuilt)) {
+      console.log(`Using local build: ${localBuilt}`);
+      await chmod(localBuilt, 493).catch(() => {});
+      return localBuilt;
+    }
+  }
   const dockerBinary = "/app/bin/fbi-proxy";
   if (!rebuild && existsSync(dockerBinary)) {
     return dockerBinary;
   }
   const release = "./release/" + binaryName;
-  const built = `./target/release/fbi-proxy${isWin ? ".exe" : ""}`;
+  const built = `./target/release/fbi-proxy${binarySuffix}`;
   if (!rebuild && existsSync(built)) {
     await chmod(built, 493).catch(() => {});
     return built;
@@ -5222,11 +5235,12 @@ var dSpawn2 = ({
 });
 var $2 = Object.assign(dSpawn2(), {
   opt: dSpawn2,
-  cwd: (path) => dSpawn2({ cwd: path })
+  cwd: (path2) => dSpawn2({ cwd: path2 })
 });
 
 // ts/cli.ts
-process.chdir(path.resolve(import.meta.dir, ".."));
+var originalCwd = process.cwd();
+process.chdir(path2.resolve(import.meta.dir, ".."));
 await yargs_default(hideBin(process.argv)).option("dev", {
   alias: "d",
   type: "boolean",
@@ -5236,7 +5250,7 @@ await yargs_default(hideBin(process.argv)).option("dev", {
 console.log("Preparing Binaries");
 var FBI_PROXY_PORT = process.env.FBI_PROXY_PORT || String(await getPorts({ port: 2432 }));
 var proxyProcess = await hotMemo(async () => {
-  const proxy = await getFbiProxyBinary();
+  const proxy = await getFbiProxyBinary({ originalCwd });
   console.log("Starting Rust proxy server");
   const p = $2.opt({
     env: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fbi-proxy",
-  "version": "1.8.1",
+  "version": "1.9.1",
   "description": "FBI-Proxy provides easy HTTPS access to your local services with intelligent domain routing",
   "keywords": [
     "development-tools",

package/rs/fbi-proxy.rs

@@ -75,6 +75,96 @@ impl FBIProxy {
         }
     }
 
+    fn landing_page_html() -> String {
+        r#"<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>FBI-Proxy</title>
+    <style>
+        * { box-sizing: border-box; }
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, monospace;
+            max-width: 800px;
+            margin: 0 auto;
+            padding: 2rem;
+            background: #0d1117;
+            color: #c9d1d9;
+            line-height: 1.6;
+        }
+        h1 { color: #58a6ff; margin-bottom: 0.5rem; }
+        h2 { color: #8b949e; border-bottom: 1px solid #30363d; padding-bottom: 0.5rem; }
+        code {
+            background: #161b22;
+            padding: 0.2rem 0.4rem;
+            border-radius: 4px;
+            font-size: 0.9em;
+        }
+        pre {
+            background: #161b22;
+            padding: 1rem;
+            border-radius: 8px;
+            overflow-x: auto;
+        }
+        table { width: 100%; border-collapse: collapse; margin: 1rem 0; }
+        th, td {
+            text-align: left;
+            padding: 0.5rem;
+            border-bottom: 1px solid #30363d;
+        }
+        th { color: #8b949e; }
+        .arrow { color: #7ee787; }
+        a { color: #58a6ff; }
+        .warning {
+            background: #3d1f00;
+            border: 1px solid #f85149;
+            padding: 1rem;
+            border-radius: 8px;
+            margin: 1rem 0;
+        }
+    </style>
+</head>
+<body>
+    <h1>🔀 FBI-Proxy</h1>
+    <p>A reverse proxy with intelligent host header routing.</p>
+
+    <h2>How It Works</h2>
+    <p>FBI-Proxy routes requests based on the <code>Host</code> header:</p>
+    <table>
+        <tr><th>Host Header</th><th></th><th>Routes To</th><th>Description</th></tr>
+        <tr><td><code>3000</code></td><td class="arrow">→</td><td><code>localhost:3000</code></td><td>Port as host</td></tr>
+        <tr><td><code>api--8080</code></td><td class="arrow">→</td><td><code>api:8080</code></td><td>host--port syntax</td></tr>
+        <tr><td><code>3000.fbi.com</code></td><td class="arrow">→</td><td><code>localhost:3000</code></td><td>Subdomain as port</td></tr>
+        <tr><td><code>app.server</code></td><td class="arrow">→</td><td><code>server:80</code></td><td>Subdomain hoisting</td></tr>
+    </table>
+
+    <h2>Quick Start</h2>
+    <pre>npx fbi-proxy                     # Start proxy on :2432
+npx fbi-proxy -d fbi.example.com  # Only accept *.fbi.example.com</pre>
+
+    <h2>Caddy Setup</h2>
+    <p>Expose local ports via HTTPS with wildcard domain:</p>
+    <pre># Caddyfile
+*.fbi.example.com {
+    tls { dns cloudflare {env.CF_API_TOKEN} }
+    reverse_proxy localhost:2432
+}</pre>
+    <p>Then access:</p>
+    <ul>
+        <li><code>https://3000.fbi.example.com</code> → <code>localhost:3000</code></li>
+        <li><code>https://8080.fbi.example.com</code> → <code>localhost:8080</code></li>
+    </ul>
+
+    <div class="warning">
+        ⚠️ <strong>Security Warning:</strong> Set up an auth gateway before exposing to the internet.
+    </div>
+
+    <p><a href="https://github.com/snomiao/fbi-proxy">GitHub</a> · <a href="https://www.npmjs.com/package/fbi-proxy">npm</a> · <a href="https://crates.io/crates/fbi-proxy">crates.io</a></p>
+</body>
+</html>"#.to_string()
+    }
+
     fn parse_host(&self, host_header: &str, domain_filter: &Option<String>) -> Option<(String, String)> {
         // Remove port if present (e.g., "localhost:8080" -> "localhost")
         let host_without_port = if let Some(colon_pos) = host_header.find(':') {
@@ -113,9 +203,9 @@ impl FBIProxy {
             host_without_port
         };
 
-        // Handle special case: @ means root domain was accessed
+        // Handle special case: @ means root domain was accessed - serve landing page
         if host == "@" {
-            return Some(("localhost:80".to_string(), "localhost".to_string()));
+            return Some(("@LANDING".to_string(), "@LANDING".to_string()));
         }
         
         // Rule 1: number host goes to local port (e.g., "3000" => "localhost:3000")
@@ -177,7 +267,16 @@ impl FBIProxy {
                     .body(Full::new(Bytes::from("Bad Gateway: Host not allowed")).map_err(|e| match e {}).boxed())?);
             }
         };
-        
+
+        // Serve landing page for root domain access
+        if target_host == "@LANDING" {
+            info!("GET {} => LANDING 200", host_header);
+            return Ok(Response::builder()
+                .status(StatusCode::OK)
+                .header("Content-Type", "text/html; charset=utf-8")
+                .body(Full::new(Bytes::from(Self::landing_page_html())).map_err(|e| match e {}).boxed())?);
+        }
+
         let method = req.method().clone();
         let original_uri = req.uri().clone();
 
@@ -285,7 +384,8 @@ impl FBIProxy {
                     );
                     return Ok(Response::builder()
                         .status(StatusCode::BAD_GATEWAY)
-                        .body(Full::new(Bytes::from("FBIPROXY CONNECT ERROR")).map_err(|e| match e {}).boxed())?);
+                        .header("Content-Type", "text/plain")
+                        .body(Full::new(Bytes::from(format!("502 Bad Gateway: failed to connect to {}: {}", tunnel_target, e))).map_err(|e| match e {}).boxed())?);
                 }
                 Err(_) => {
                     error!(
@@ -296,7 +396,8 @@ impl FBIProxy {
                     );
                     return Ok(Response::builder()
                         .status(StatusCode::BAD_GATEWAY)
-                        .body(Full::new(Bytes::from("FBIPROXY CONNECT TIMEOUT")).map_err(|e| match e {}).boxed())?);
+                        .header("Content-Type", "text/plain")
+                        .body(Full::new(Bytes::from(format!("502 Bad Gateway: connection to {} timed out", tunnel_target))).map_err(|e| match e {}).boxed())?);
                 }
             }
         }
@@ -363,7 +464,8 @@ impl FBIProxy {
                 );
                 Ok(Response::builder()
                     .status(StatusCode::BAD_GATEWAY)
-                    .body(Full::new(Bytes::from("FBIPROXY ERROR")).map_err(|e| match e {}).boxed())?)
+                    .header("Content-Type", "text/plain")
+                    .body(Full::new(Bytes::from(format!("502 Bad Gateway: failed to connect to {}: {}", target_host, e))).map_err(|e| match e {}).boxed())?)
             }
             Err(_) => {
                 error!(
@@ -375,7 +477,8 @@ impl FBIProxy {
                 );
                 Ok(Response::builder()
                     .status(StatusCode::BAD_GATEWAY)
-                    .body(Full::new(Bytes::from("FBIPROXY TIMEOUT")).map_err(|e| match e {}).boxed())?)
+                    .header("Content-Type", "text/plain")
+                    .body(Full::new(Bytes::from(format!("502 Bad Gateway: request to {} timed out", target_host))).map_err(|e| match e {}).boxed())?)
             }
         }
     }
@@ -401,7 +504,8 @@ impl FBIProxy {
                 error!("WS :ws:{} => :ws:{}{} 502 (upstream connection failed: {})", target_host, target_host, uri, e);
                 return Ok(Response::builder()
                     .status(StatusCode::BAD_GATEWAY)
-                    .body(Full::new(Bytes::from("WebSocket upstream unavailable")).map_err(|e| match e {}).boxed())?);
+                    .header("Content-Type", "text/plain")
+                    .body(Full::new(Bytes::from(format!("502 Bad Gateway: WebSocket upstream {} unavailable: {}", target_host, e))).map_err(|e| match e {}).boxed())?);
             }
         };
 
@@ -479,7 +583,8 @@ async fn handle_connection(
             error!("Request handling error: {}", e);
             Ok(Response::builder()
                 .status(StatusCode::INTERNAL_SERVER_ERROR)
-                .body(Full::new(Bytes::from("Internal Server Error")).map_err(|e| match e {}).boxed())
+                .header("Content-Type", "text/plain")
+                .body(Full::new(Bytes::from(format!("500 Internal Server Error: {}", e))).map_err(|e| match e {}).boxed())
                 .unwrap())
         }
     }
@@ -499,6 +604,25 @@ pub async fn start_proxy_server(host: Option<&str>, port: u16, domain_filter: Op
             println!("Domain filter: Only accepting requests for *.{}", domain);
         }
     }
+    println!();
+    println!("== HOW IT WORKS ==");
+    println!("Routes requests based on Host header:");
+    println!("  3000         -> localhost:3000  (port as host)");
+    println!("  api--8080    -> api:8080        (host--port syntax)");
+    println!("  3000.fbi.com -> localhost:3000  (subdomain as port)");
+    println!("  app.server   -> server:80       (subdomain hoisting)");
+    println!();
+    println!("== CADDY SETUP ==");
+    println!("# Caddyfile - expose *.fbi.example.com to local ports");
+    println!("*.fbi.example.com {{");
+    println!("  tls {{ dns cloudflare {{env.CF_API_TOKEN}} }}");
+    println!("  reverse_proxy localhost:2432");
+    println!("}}");
+    println!();
+    println!("Then: fbi-proxy -d fbi.example.com");
+    println!("  https://3000.fbi.example.com -> localhost:3000");
+    println!("  https://8080.fbi.example.com -> localhost:8080");
+    println!();
     println!("⚠️ FBI-Proxy WARNING: ENSURE YOU KNOW WHAT YOU'RE DOING and be sure to set up an auth gateway before exposing to the internet");
     println!("   This proxy is production ready but requires proper security measures.");
 

package/ts/buildFbiProxy.ts

@@ -1,5 +1,6 @@
 import { existsSync } from "fs";
 import { chmod } from "fs/promises";
+import path from "path";
 import { getFbiProxyFilename } from "./getProxyFilename";
 import { $ } from "./dSpawn";
 
@@ -7,9 +8,27 @@ if (import.meta.main) {
   await getFbiProxyBinary();
 }
 
-export async function getFbiProxyBinary({ rebuild = false } = {}) {
+export async function getFbiProxyBinary({
+  rebuild = false,
+  originalCwd = "",
+} = {}) {
   const isWin = process.platform === "win32";
   const binaryName = getFbiProxyFilename();
+  const binarySuffix = isWin ? ".exe" : "";
+
+  // Check for local build in original working directory first
+  // This allows users to run `bunx fbi-proxy` from their local repo and use their own build
+  if (!rebuild && originalCwd) {
+    const localBuilt = path.join(
+      originalCwd,
+      `target/release/fbi-proxy${binarySuffix}`,
+    );
+    if (existsSync(localBuilt)) {
+      console.log(`Using local build: ${localBuilt}`);
+      await chmod(localBuilt, 0o755).catch(() => {});
+      return localBuilt;
+    }
+  }
 
   // Check for pre-built binary in Docker container
   const dockerBinary = "/app/bin/fbi-proxy";
@@ -18,7 +37,7 @@ export async function getFbiProxyBinary({ rebuild = false } = {}) {
   }
 
   const release = "./release/" + binaryName;
-  const built = `./target/release/fbi-proxy${isWin ? ".exe" : ""}`;
+  const built = `./target/release/fbi-proxy${binarySuffix}`;
 
   // return built if exists
   if (!rebuild && existsSync(built)) {

package/ts/cli.ts

@@ -7,6 +7,8 @@ import { hideBin } from "yargs/helpers";
 import { getFbiProxyBinary } from "./buildFbiProxy";
 import { $ } from "./dSpawn";
 
+// Save original cwd before changing (user might have local build there)
+const originalCwd = process.cwd();
 process.chdir(path.resolve(import.meta.dir, "..")); // Change to project root directory
 
 // Parse command line arguments with yargs
@@ -25,7 +27,7 @@ const FBI_PROXY_PORT =
   process.env.FBI_PROXY_PORT || String(await getPort({ port: 2432 }));
 
 const proxyProcess = await hotMemo(async () => {
-  const proxy = await getFbiProxyBinary();
+  const proxy = await getFbiProxyBinary({ originalCwd });
   console.log("Starting Rust proxy server");
   const p = $.opt({
     env: {