Merge pull request #2426 from fatedier/dev

update workflow file
update build image go version
2026-03-25 03:09:15 +08:00 · 2021-06-03 00:59:21 +08:00 · 2021-06-03 00:56:07 +08:00 · 2021-06-03 00:46:56 +08:00 · 2021-06-03 00:14:32 +08:00 · 2021-06-03 00:10:35 +08:00
129 changed files with 12867 additions and 23042 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -0,0 +1,25 @@
 version: 2
 jobs:
  test1:
    docker:
      - image: circleci/golang:1.16-node
    working_directory: /go/src/github.com/fatedier/frp
    steps:
      - checkout
      - run: make
      - run: make alltest
  test2:
    docker:
      - image: circleci/golang:1.15-node
    working_directory: /go/src/github.com/fatedier/frp
    steps:
      - checkout
      - run: make
      - run: make alltest
 workflows:
  version: 2
  build_and_test:
    jobs:
      - test1
      - test2
--- a/.github/ISSUE_TEMPLATE
+++ b/.github/ISSUE_TEMPLATE
@@ -1,29 +0,0 @@
 Issue is only used for submiting bug report and documents typo. If there are same issues or answers can be found in documents, we will close it directly.
 Use the commands below to provide key information from your environment:
 You do NOT have to include this information if this is a FEATURE REQUEST
 **What version of frp are you using (./frpc -v or ./frps -v)?**
 **What operating system and processor architecture are you using (`go env`)?**
 **Configures you used:**
 **Steps to reproduce the issue:**
 1.
 2.
 3.
 **Describe the results you received:**
 **Describe the results you expected:**
 **Additional information you deem important (e.g. issue happens only occasionally):**
 **Can you point out what caused this issue (optional)**
--- a/.github/ISSUE_TEMPLATE/bug-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-report.md
@@ -0,0 +1,44 @@
 ---
 name: Bug Report
 about: Bug Report for FRP
 title: ''
 labels: Requires Testing
 assignees: ''
 ---
 <!-- From Chinese to English by machine translation, welcome to revise and polish. -->
 <!-- ⚠️⚠️ Incomplete reports will be marked as invalid, and closed, with few exceptions ⚠️⚠️ -->
 <!-- in addition, please use search well so that the same solution can be found in the feedback, we will close it directly -->
 <!-- for convenience of differentiation, use FRPS or FRPC to refer to the FRP server or client -->
 **[REQUIRED] hat version of frp are you using** 
 <!-- Use ./frpc -v or ./frps -v -->
 Version:
 **[REQUIRED] What operating system and processor architecture are you using**
 OS:
 CPU architecture:
 **[REQUIRED] description of errors**
 **confile**
 <!-- Please pay attention to hiding the token, server_addr and other privacy information -->
 **log file**
 <!--  If the file is too large, use Pastebin, for example https://pastebin.ubuntu.com/ -->
 **Steps to reproduce the issue**
 1. 
 2. 
 3. 
 **Supplementary information**
 **Can you guess what caused this issue**
 **Checklist**:
 <!--- Make sure you've completed the following steps (put an "X" between of brackets): -->
 - [] I included all information required in the sections above
 - [] I made sure there are no duplicates of this report [(Use Search)](https://github.com/fatedier/frp/issues?q=is%3Aissue)
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
 blank_issues_enabled: false
 contact_links:
  - name: DOCS
    url: https://github.com/fatedier/frp
    about: Here you can find out how to configure frp.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,22 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
 title: ''
 labels: "[+] Enhancement"
 assignees: ''
 ---
 <!-- From Chinese to English by machine translation, welcome to revise and polish. -->
 **The solution you want**
 <!--A clear and concise description of the solution you want. -->
 **Alternatives considered**
 <!--A clear and concise description of any alternative solutions or features you have considered. -->
 **How to implement this function**
 <!--Implementation steps for the solution you want. -->
 **Application scenarios of this function**
 <!--Make a clear and concise description of the application scenario of the solution you want. -->
--- a/.github/workflows/build-and-push-image.yml
+++ b/.github/workflows/build-and-push-image.yml
@@ -14,27 +14,30 @@ jobs:
    name: Build Golang project
    runs-on: ubuntu-latest
    steps:
-      -
+      - name: Set up Go 1.x
        name: Set up Go 1.x
        uses: actions/setup-go@v2
        with:
-          go-version: 1.15
+          go-version: 1.16
-      -
+
-        run: go version
+      - run: |
-      -
+          # https://github.com/actions/setup-go/issues/107
-        name: Check out code into the Go module directory
+          cp -f `which go` /usr/bin/go
      - run: go version
      - name: Check out code into the Go module directory
        uses: actions/checkout@v2
-      -
+
-        name: Build
+      - name: Build
        run: make build
-      -
+
-        name: Archive artifacts for frpc
+      - name: Archive artifacts for frpc
        uses: actions/upload-artifact@v1
        with:
          name: frpc
          path: bin/frpc
-      -
+
-        name: Archive artifacts for frps
+      - name: Archive artifacts for frps
        uses: actions/upload-artifact@v1
        with:
          name: frps
@@ -46,70 +49,69 @@ jobs:
    needs: binary
    steps:
      # environment
-      -
+      - name: Checkout
        name: Checkout
        uses: actions/checkout@v2
        with:
          fetch-depth: '0'
-      -
+
-        name: Set up QEMU
+      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
-      -
+
-        name: Set up Docker Buildx
+      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      # download binaries of frpc and frps
-      -
+      - name: Download binary of frpc
        name: Download binary of frpc
        uses: actions/download-artifact@v2
        with:
          name: frpc
          path: bin/frpc
-      -
+
-        name: Download binary of frps
+      - name: Download binary of frps
        uses: actions/download-artifact@v2
        with:
          name: frps
          path: bin/frps
      # get image tag name
-      -
+      - name: Get Image Tag Name
        name: Get Image Tag Name
        run: |
          if [ x${{ github.event.inputs.tag }} == x"" ]; then
-            echo ::set-env name=TAG_NAME::${GITHUB_REF#refs/*/}
+            echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
          else
-            echo ::set-env name=TAG_NAME::${{ github.event.inputs.tag }}
+            echo "TAG_NAME=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
          fi
      # prepare image tags
-      -
+      - name: Prepare Image Tags
        name: Prepare Image Tags
        run: |
-          echo ::set-env name=DOCKERFILE_FRPC_PATH::dockerfiles/Dockerfile-for-frpc
+          echo "DOCKERFILE_FRPC_PATH=dockerfiles/Dockerfile-for-frpc" >> $GITHUB_ENV
-          echo ::set-env name=DOCKERFILE_FRPS_PATH::dockerfiles/Dockerfile-for-frps
+          echo "DOCKERFILE_FRPS_PATH=dockerfiles/Dockerfile-for-frps" >> $GITHUB_ENV
-          echo ::set-env name=TAG_FRPC::fatedier/frpc:$TAG_NAME
+          echo "TAG_FRPC=fatedier/frpc:${{ env.TAG_NAME }}" >> $GITHUB_ENV
-          echo ::set-env name=TAG_FRPS::fatedier/frps:$TAG_NAME
+          echo "TAG_FRPS=fatedier/frps:${{ env.TAG_NAME }}" >> $GITHUB_ENV
-          echo ::set-env name=TAG_FRPC_GPR::ghcr.io/fatedier/frpc:$TAG_NAME
+          echo "TAG_FRPC_GPR=ghcr.io/fatedier/frpc:${{ env.TAG_NAME }}" >> $GITHUB_ENV
-          echo ::set-env name=TAG_FRPS_GPR::ghcr.io/fatedier/frps:$TAG_NAME
+          echo "TAG_FRPS_GPR=ghcr.io/fatedier/frps:${{ env.TAG_NAME }}" >> $GITHUB_ENV
      # build images
-      -
+      - name: Build Images
        name: Build Images
        run: |
          # for Docker hub
-          docker build --file $DOCKERFILE_FRPC_PATH --tag $TAG_FRPC .
+          docker build --file ${{ env.DOCKERFILE_FRPC_PATH }} --tag ${{ env.TAG_FRPC }} .
-          docker build --file $DOCKERFILE_FRPS_PATH --tag $TAG_FRPS .
+          docker build --file ${{ env.DOCKERFILE_FRPS_PATH }} --tag ${{ env.TAG_FRPS }} .
          # for GPR
-          docker build --file $DOCKERFILE_FRPC_PATH --tag $TAG_FRPC_GPR .
+          docker build --file ${{ env.DOCKERFILE_FRPC_PATH }} --tag ${{ env.TAG_FRPC_GPR }} .
-          docker build --file $DOCKERFILE_FRPS_PATH --tag $TAG_FRPS_GPR .
+          docker build --file ${{ env.DOCKERFILE_FRPS_PATH }} --tag ${{ env.TAG_FRPS_GPR }} .
      # push to dockerhub
-      -
+      - name: Publish to Dockerhub
        name: Publish to Dockerhub
        run: |
          echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login --username ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
-          docker push $TAG_FRPC
+          docker push ${{ env.TAG_FRPC }}
-          docker push $TAG_FRPS
+          docker push ${{ env.TAG_FRPS }}
      # push to gpr
-      -
+      - name: Publish to GPR
        name: Publish to GPR
        run: |
          echo ${{ secrets.GPR_TOKEN }} | docker login ghcr.io --username ${{ github.repository_owner }} --password-stdin
-          docker push $TAG_FRPC_GPR
+          docker push ${{ env.TAG_FRPC_GPR }}
-          docker push $TAG_FRPS_GPR
+          docker push ${{ env.TAG_FRPS_GPR }}
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -0,0 +1,34 @@
 name: goreleaser
 on:
  workflow_dispatch:
 jobs:
  goreleaser:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.16
      - run: |
          # https://github.com/actions/setup-go/issues/107
          cp -f `which go` /usr/bin/go
      - name: Make All
        run: |
          ./package.sh
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v2
        with:
          version: latest
          args: release --rm-dist --release-notes=./Release.md
        env:
          GITHUB_TOKEN: ${{ secrets.GPR_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -29,6 +29,8 @@ packages/
 release/
 test/bin/
 vendor/
 dist/
 .idea/
 # Cache
 *.swp
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -0,0 +1,19 @@
 builds:
  - skip: true
 checksum:
  name_template: 'checksums.txt'
 release:
  # Same as for github
  # Note: it can only be one: either github, gitlab or gitea
  github:
    owner: fatedier
    name: frp
  draft: false
  # You can add extra pre-existing files to the release.
  # The filename on the release will be the last part of the path (base). If
  # another file with the same name exists, the latest one found will be used.
  # Defaults to empty.
  extra_files:
    - glob: ./release/packages/*
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,12 +0,0 @@
 sudo: false
 language: go
 go:
    - 1.13.x
    - 1.14.x
 install:
    - make
 script:
    - make alltest
--- a/4
+++ b/4
@@ -20,10 +20,10 @@ fmt:
 	go fmt ./...
 frps:
-	env CGO_ENABLED=0 go build -ldflags "$(LDFLAGS)" -o bin/frps ./cmd/frps
+	env CGO_ENABLED=0 go build -trimpath -ldflags "$(LDFLAGS)" -o bin/frps ./cmd/frps
 frpc:
-	env CGO_ENABLED=0 go build -ldflags "$(LDFLAGS)" -o bin/frpc ./cmd/frpc
+	env CGO_ENABLED=0 go build -trimpath -ldflags "$(LDFLAGS)" -o bin/frpc ./cmd/frpc
 test: gotest
--- a/Makefile.cross-compiles
+++ b/Makefile.cross-compiles
@@ -2,37 +2,24 @@ export PATH := $(GOPATH)/bin:$(PATH)
 export GO111MODULE=on
 LDFLAGS := -s -w
 os-archs=darwin:amd64 darwin:arm64 freebsd:386 freebsd:amd64 linux:386 linux:amd64 linux:arm linux:arm64 windows:386 windows:amd64 linux:mips64 linux:mips64le linux:mips:softfloat linux:mipsle:softfloat
 all: build
 build: app
 app:
-	env CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./release/frpc_darwin_amd64 ./cmd/frpc
+	@$(foreach n, $(os-archs),\
-	env CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./release/frps_darwin_amd64 ./cmd/frps
+		os=$(shell echo "$(n)" | cut -d : -f 1);\
-	env CGO_ENABLED=0 GOOS=freebsd GOARCH=386 go build -ldflags "$(LDFLAGS)" -o ./release/frpc_freebsd_386 ./cmd/frpc
+		arch=$(shell echo "$(n)" | cut -d : -f 2);\
-	env CGO_ENABLED=0 GOOS=freebsd GOARCH=386 go build -ldflags "$(LDFLAGS)" -o ./release/frps_freebsd_386 ./cmd/frps
+		gomips=$(shell echo "$(n)" | cut -d : -f 3);\
-	env CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./release/frpc_freebsd_amd64 ./cmd/frpc
+		target_suffix=$${os}_$${arch};\
-	env CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./release/frps_freebsd_amd64 ./cmd/frps
+		echo "Build $${os}-$${arch}...";\
-	env CGO_ENABLED=0 GOOS=linux GOARCH=386 go build -ldflags "$(LDFLAGS)" -o ./release/frpc_linux_386 ./cmd/frpc
+		env CGO_ENABLED=0 GOOS=$${os} GOARCH=$${arch} GOMIPS=$${gomips} go build -trimpath -ldflags "$(LDFLAGS)" -o ./release/frpc_$${target_suffix} ./cmd/frpc;\
-	env CGO_ENABLED=0 GOOS=linux GOARCH=386 go build -ldflags "$(LDFLAGS)" -o ./release/frps_linux_386 ./cmd/frps
+		env CGO_ENABLED=0 GOOS=$${os} GOARCH=$${arch} GOMIPS=$${gomips} go build -trimpath -ldflags "$(LDFLAGS)" -o ./release/frps_$${target_suffix} ./cmd/frps;\
-	env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./release/frpc_linux_amd64 ./cmd/frpc
+		echo "Build $${os}-$${arch} done";\
-	env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./release/frps_linux_amd64 ./cmd/frps
+	)
-	env CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "$(LDFLAGS)" -o ./release/frpc_linux_arm ./cmd/frpc
+	@mv ./release/frpc_windows_386 ./release/frpc_windows_386.exe
-	env CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "$(LDFLAGS)" -o ./release/frps_linux_arm ./cmd/frps
+	@mv ./release/frps_windows_386 ./release/frps_windows_386.exe
-	env CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "$(LDFLAGS)" -o ./release/frpc_linux_arm64 ./cmd/frpc
+	@mv ./release/frpc_windows_amd64 ./release/frpc_windows_amd64.exe
-	env CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "$(LDFLAGS)" -o ./release/frps_linux_arm64 ./cmd/frps
+	@mv ./release/frps_windows_amd64 ./release/frps_windows_amd64.exe
 	env CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -ldflags "$(LDFLAGS)" -o ./release/frpc_windows_386.exe ./cmd/frpc
 	env CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -ldflags "$(LDFLAGS)" -o ./release/frps_windows_386.exe ./cmd/frps
 	env CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./release/frpc_windows_amd64.exe ./cmd/frpc
 	env CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./release/frps_windows_amd64.exe ./cmd/frps
 	env CGO_ENABLED=0 GOOS=linux GOARCH=mips64 go build -ldflags "$(LDFLAGS)" -o ./release/frpc_linux_mips64 ./cmd/frpc
 	env CGO_ENABLED=0 GOOS=linux GOARCH=mips64 go build -ldflags "$(LDFLAGS)" -o ./release/frps_linux_mips64 ./cmd/frps
 	env CGO_ENABLED=0 GOOS=linux GOARCH=mips64le go build -ldflags "$(LDFLAGS)" -o ./release/frpc_linux_mips64le ./cmd/frpc
 	env CGO_ENABLED=0 GOOS=linux GOARCH=mips64le go build -ldflags "$(LDFLAGS)" -o ./release/frps_linux_mips64le ./cmd/frps
 	env CGO_ENABLED=0 GOOS=linux GOARCH=mips GOMIPS=softfloat go build -ldflags "$(LDFLAGS)" -o ./release/frpc_linux_mips ./cmd/frpc
 	env CGO_ENABLED=0 GOOS=linux GOARCH=mips GOMIPS=softfloat go build -ldflags "$(LDFLAGS)" -o ./release/frps_linux_mips ./cmd/frps
 	env CGO_ENABLED=0 GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build -ldflags "$(LDFLAGS)" -o ./release/frpc_linux_mipsle ./cmd/frpc
 	env CGO_ENABLED=0 GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build -ldflags "$(LDFLAGS)" -o ./release/frps_linux_mipsle ./cmd/frps
 temp:
 	env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(LDFLAGS)" -o ./frps_linux_amd64 ./cmd/frps
--- a/README.md
+++ b/README.md
@@ -1,6 +1,7 @@
 # frp
-[![Build Status](https://travis-ci.org/fatedier/frp.svg?branch=master)](https://travis-ci.org/fatedier/frp)
+[![Build Status](https://circleci.com/gh/fatedier/frp.svg?style=shield)](https://circleci.com/gh/fatedier/frp)
 [![GitHub release](https://img.shields.io/github/tag/fatedier/frp.svg?label=release)](https://github.com/fatedier/frp/releases)
 [README](README.md) | [中文文档](README_zh.md)
@@ -23,12 +24,13 @@ frp also has a P2P connect mode.
    * [Forward DNS query request](#forward-dns-query-request)
    * [Forward Unix domain socket](#forward-unix-domain-socket)
    * [Expose a simple HTTP file server](#expose-a-simple-http-file-server)
-    * [Enable HTTPS for local HTTP service](#enable-https-for-local-http-service)
+    * [Enable HTTPS for local HTTP(S) service](#enable-https-for-local-https-service)
    * [Expose your service privately](#expose-your-service-privately)
    * [P2P Mode](#p2p-mode)
 * [Features](#features)
    * [Configuration Files](#configuration-files)
    * [Using Environment Variables](#using-environment-variables)
    * [Split Configures Into Different Files](#split-configures-into-different-files)
    * [Dashboard](#dashboard)
    * [Admin UI](#admin-ui)
    * [Monitor](#monitor)
@@ -67,7 +69,7 @@ frp also has a P2P connect mode.
 * [Donation](#donation)
    * [AliPay](#alipay)
    * [Wechat Pay](#wechat-pay)
-    * [Paypal](#paypal)
+    * [PayPal](#paypal)
 <!-- vim-markdown-toc -->
@@ -257,7 +259,9 @@ Configure `frps` same as above.
 2. Visit `http://x.x.x.x:6000/static/` from your browser and specify correct user and password to view files in `/tmp/files` on the `frpc` machine.
-### Enable HTTPS for local HTTP service
+### Enable HTTPS for local HTTP(S) service
 You may substitute `https2https` for the plugin, and point the `plugin_local_addr` to a HTTPS endpoint.
 1. Start `frpc` with configuration:
@@ -409,6 +413,27 @@ export FRP_SSH_REMOTE_PORT="6000"
 `frpc` will render configuration file template using OS environment variables. Remember to prefix your reference with `.Envs`.
 ### Split Configures Into Different Files
 You can split multiple proxy configs into different files and include them in the main file.
 ```ini
 # frpc.ini
 [common]
 server_addr = x.x.x.x
 server_port = 7000
 includes=./confd/*.ini
 ```
 ```ini
 # ./confd/test.ini
 [ssh]
 type = tcp
 local_ip = 127.0.0.1
 local_port = 22
 remote_port = 6000
 ```
 ### Dashboard
 Check frp's status and proxies' statistics information by Dashboard.
@@ -418,12 +443,12 @@ Configure a port for dashboard to enable this feature:
 ```ini
 [common]
 dashboard_port = 7500
-# dashboard's username and password are both optional，if not set, default is admin.
+# dashboard's username and password are both optional
 dashboard_user = admin
 dashboard_pwd = admin
 ```
-Then visit `http://[server_addr]:7500` to see the dashboard, with username and password both being `admin` by default.
+Then visit `http://[server_addr]:7500` to see the dashboard, with username and password both being `admin`.
 ![dashboard](/doc/pic/dashboard.png)
@@ -441,7 +466,7 @@ admin_user = admin
 admin_pwd = admin
 ```
-Then visit `http://127.0.0.1:7400` to see admin UI, with username and password both being `admin` by default.
+Then visit `http://127.0.0.1:7400` to see admin UI, with username and password both being `admin`.
 ### Monitor
@@ -515,11 +540,100 @@ use_compression = true
 frp supports the TLS protocol between `frpc` and `frps` since v0.25.0.
 Config `tls_enable = true` in the `[common]` section to `frpc.ini` to enable this feature.
 For port multiplexing, frp sends a first byte `0x17` to dial a TLS connection.
-To enforce `frps` to only accept TLS connections - configure `tls_only = true` in the `[common]` section in `frps.ini`.
+Configure `tls_enable = true` in the `[common]` section to `frpc.ini` to enable this feature.
 To **enforce** `frps` to only accept TLS connections - configure `tls_only = true` in the `[common]` section in `frps.ini`. **This is optional.**
 **`frpc` TLS settings (under the `[common]` section):**
 ```ini
 tls_enable = true
 tls_cert_file = certificate.crt
 tls_key_file = certificate.key
 tls_trusted_ca_file = ca.crt
 ```
 **`frps` TLS settings (under the `[common]` section):**
 ```ini
 tls_only = true
 tls_enable = true
 tls_cert_file = certificate.crt
 tls_key_file = certificate.key
 tls_trusted_ca_file = ca.crt
 ```
 You will need **a root CA cert** and **at least one SSL/TLS certificate**. It **can** be self-signed or regular (such as Let's Encrypt or another SSL/TLS certificate provider).
 If you using `frp` via IP address and not hostname, make sure to set the appropriate IP address in the Subject Alternative Name (SAN) area when generating SSL/TLS Certificates.
 Given an example:
 * Prepare openssl config file. It exists at `/etc/pki/tls/openssl.cnf` in Linux System and `/System/Library/OpenSSL/openssl.cnf` in MacOS, and you can copy it to current path, like `cp /etc/pki/tls/openssl.cnf ./my-openssl.cnf`. If not, you can build it by yourself, like:
 ```
 cat > my-openssl.cnf << EOF
 [ ca ]
 default_ca = CA_default
 [ CA_default ]
 x509_extensions = usr_cert
 [ req ]
 default_bits        = 2048
 default_md          = sha256
 default_keyfile     = privkey.pem
 distinguished_name  = req_distinguished_name
 attributes          = req_attributes
 x509_extensions     = v3_ca
 string_mask         = utf8only
 [ req_distinguished_name ]
 [ req_attributes ]
 [ usr_cert ]
 basicConstraints       = CA:FALSE
 nsComment              = "OpenSSL Generated Certificate"
 subjectKeyIdentifier   = hash
 authorityKeyIdentifier = keyid,issuer
 [ v3_ca ]
 subjectKeyIdentifier   = hash
 authorityKeyIdentifier = keyid:always,issuer
 basicConstraints       = CA:true
 EOF
 ```
 * build ca certificates:
 ```
 openssl genrsa -out ca.key 2048
 openssl req -x509 -new -nodes -key ca.key -subj "/CN=example.ca.com" -days 5000 -out ca.crt
 ```
 * build frps certificates:
 ```
 openssl genrsa -out server.key 2048
 openssl req -new -sha256 -key server.key \
    -subj "/C=XX/ST=DEFAULT/L=DEFAULT/O=DEFAULT/CN=server.com" \
    -reqexts SAN \
    -config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:localhost,IP:127.0.0.1,DNS:example.server.com")) \
    -out server.csr
 openssl x509 -req -days 365 \
 	-in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
 	-extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1,DNS:example.server.com") \
 	-out server.crt
 ```
 * build frpc certificates：
 ```
 openssl genrsa -out client.key 2048
 openssl req -new -sha256 -key client.key \
    -subj "/C=XX/ST=DEFAULT/L=DEFAULT/O=DEFAULT/CN=client.com" \
    -reqexts SAN \
    -config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:client.com,DNS:example.client.com")) \
    -out client.csr
 openssl x509 -req -days 365 \
    -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
 	-extfile <(printf "subjectAltName=DNS:client.com,DNS:example.client.com") \
 	-out client.crt
 ```
 ### Hot-Reloading frpc configuration
@@ -532,10 +646,12 @@ admin_addr = 127.0.0.1
 admin_port = 7400
 ```
-Then run command `frpc reload -c ./frpc.ini` and wait for about 10 seconds to let `frpc` create or update or delete proxies.
+Then run command `frpc reload -c ./frpc.ini` and wait for about 10 seconds to let `frpc` create or update or remove proxies.
 **Note that parameters in [common] section won't be modified except 'start'.**
 You can run command `frpc verify -c ./frpc.ini` before reloading to check if there are config errors.
 ### Get proxy status from client
 Use `frpc status -c ./frpc.ini` to get status of all proxies. The `admin_addr` and `admin_port` fields are required for enabling HTTP API.
@@ -640,7 +756,7 @@ This feature is suitable for a large number of short connections.
 Load balancing is supported by `group`.
-This feature is only available for types `tcp` and `http` now.
+This feature is only available for types `tcp`, `http`, `tcpmux` now.
 ```ini
 # frpc.ini
@@ -914,7 +1030,7 @@ frpc will generate 8 proxies like `test_tcp_0`, `test_tcp_1`, ..., `test_tcp_7`.
 frpc only forwards requests to local TCP or UDP ports by default.
-Plugins are used for providing rich features. There are built-in plugins such as `unix_domain_socket`, `http_proxy`, `socks5`, `static_file` and you can see [example usage](#example-usage).
+Plugins are used for providing rich features. There are built-in plugins such as `unix_domain_socket`, `http_proxy`, `socks5`, `static_file`, `http2https`, `https2http`, `https2https` and you can see [example usage](#example-usage).
 Specify which plugin to use with the `plugin` parameter. Configuration parameters of plugin should be started with `plugin_`. `local_ip` and `local_port` are not used for plugin.
@@ -967,6 +1083,6 @@ frp QQ group: 606194980
 ![donation-wechatpay](/doc/pic/donate-wechatpay.png)
-### Paypal
+### PayPal
-Donate money by [paypal](https://www.paypal.me/fatedier) to my account **fatedier@gmail.com**.
+Donate money by [PayPal](https://www.paypal.me/fatedier) to my account **fatedier@gmail.com**.
--- a/Release.md
+++ b/Release.md
--- a/assets/frpc/static/535877f50039c0cb49a6196a5b7517cd.woff
+++ b/assets/frpc/static/535877f50039c0cb49a6196a5b7517cd.woff
--- a/assets/frpc/static/6f0a76321d30f3c8120915e57f7bd77e.ttf
+++ b/assets/frpc/static/6f0a76321d30f3c8120915e57f7bd77e.ttf
--- a/assets/frpc/static/732389ded34cb9c52dd88271f1345af9.ttf
+++ b/assets/frpc/static/732389ded34cb9c52dd88271f1345af9.ttf
--- a/assets/frpc/static/index.html
+++ b/assets/frpc/static/index.html
@@ -1 +1 @@
-<!doctype html> <html lang=en> <head> <meta charset=utf-8> <title>frp client admin UI</title> <link rel="shortcut icon" href="favicon.ico"></head> <body> <div id=app></div> <script type="text/javascript" src="manifest.js?d2cd6337d30c7b22e836"></script><script type="text/javascript" src="vendor.js?edb271e1d9c81f857840"></script></body> </html> 
+<!doctype html> <html lang=en> <head> <meta charset=utf-8> <title>frp client admin UI</title> <link rel="shortcut icon" href="favicon.ico"></head> <body> <div id=app></div> <script type="text/javascript" src="manifest.js?5a0eb52788515d02ca46"></script><script type="text/javascript" src="vendor.js?3e5221f064f1295497bf"></script></body> </html> 
--- a/assets/frpc/static/manifest.js
+++ b/assets/frpc/static/manifest.js
@@ -1 +1 @@
-!function(e){function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}var r=window.webpackJsonp;window.webpackJsonp=function(t,c,u){for(var i,a,f,l=0,s=[];l<t.length;l++)a=t[l],o[a]&&s.push(o[a][0]),o[a]=0;for(i in c)Object.prototype.hasOwnProperty.call(c,i)&&(e[i]=c[i]);for(r&&r(t,c,u);s.length;)s.shift()();if(u)for(l=0;l<u.length;l++)f=n(n.s=u[l]);return f};var t={},o={1:0};n.e=function(e){function r(){i.onerror=i.onload=null,clearTimeout(a);var n=o[e];0!==n&&(n&&n[1](new Error("Loading chunk "+e+" failed.")),o[e]=void 0)}var t=o[e];if(0===t)return new Promise(function(e){e()});if(t)return t[2];var c=new Promise(function(n,r){t=o[e]=[n,r]});t[2]=c;var u=document.getElementsByTagName("head")[0],i=document.createElement("script");i.type="text/javascript",i.charset="utf-8",i.async=!0,i.timeout=12e4,n.nc&&i.setAttribute("nonce",n.nc),i.src=n.p+""+e+".js?"+{0:"edb271e1d9c81f857840"}[e];var a=setTimeout(r,12e4);return i.onerror=i.onload=r,u.appendChild(i),c},n.m=e,n.c=t,n.i=function(e){return e},n.d=function(e,r,t){n.o(e,r)||Object.defineProperty(e,r,{configurable:!1,enumerable:!0,get:t})},n.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(r,"a",r),r},n.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},n.p="",n.oe=function(e){throw console.error(e),e}}([]);
+!function(e){function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}var r=window.webpackJsonp;window.webpackJsonp=function(t,u,c){for(var i,a,f,l=0,s=[];l<t.length;l++)a=t[l],o[a]&&s.push(o[a][0]),o[a]=0;for(i in u)Object.prototype.hasOwnProperty.call(u,i)&&(e[i]=u[i]);for(r&&r(t,u,c);s.length;)s.shift()();if(c)for(l=0;l<c.length;l++)f=n(n.s=c[l]);return f};var t={},o={1:0};n.e=function(e){function r(){i.onerror=i.onload=null,clearTimeout(a);var n=o[e];0!==n&&(n&&n[1](new Error("Loading chunk "+e+" failed.")),o[e]=void 0)}var t=o[e];if(0===t)return new Promise(function(e){e()});if(t)return t[2];var u=new Promise(function(n,r){t=o[e]=[n,r]});t[2]=u;var c=document.getElementsByTagName("head")[0],i=document.createElement("script");i.type="text/javascript",i.charset="utf-8",i.async=!0,i.timeout=12e4,n.nc&&i.setAttribute("nonce",n.nc),i.src=n.p+""+e+".js?"+{0:"3e5221f064f1295497bf"}[e];var a=setTimeout(r,12e4);return i.onerror=i.onload=r,c.appendChild(i),u},n.m=e,n.c=t,n.i=function(e){return e},n.d=function(e,r,t){n.o(e,r)||Object.defineProperty(e,r,{configurable:!1,enumerable:!0,get:t})},n.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(r,"a",r),r},n.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},n.p="",n.oe=function(e){throw console.error(e),e}}([]);
--- a/assets/frpc/static/vendor.js
+++ b/assets/frpc/static/vendor.js
--- a/assets/frpc/statik/statik.go
+++ b/assets/frpc/statik/statik.go
--- a/assets/frps/static/535877f50039c0cb49a6196a5b7517cd.woff
+++ b/assets/frps/static/535877f50039c0cb49a6196a5b7517cd.woff
--- a/assets/frps/static/6f0a76321d30f3c8120915e57f7bd77e.ttf
+++ b/assets/frps/static/6f0a76321d30f3c8120915e57f7bd77e.ttf
--- a/assets/frps/static/732389ded34cb9c52dd88271f1345af9.ttf
+++ b/assets/frps/static/732389ded34cb9c52dd88271f1345af9.ttf
--- a/assets/frps/static/index.html
+++ b/assets/frps/static/index.html
@@ -1 +1 @@
-<!DOCTYPE html> <html lang=en> <head> <meta charset=utf-8> <title>frps dashboard</title> <link rel="shortcut icon" href="favicon.ico"></head> <body> <div id=app></div> <script type="text/javascript" src="manifest.js?14bea8276eef86cc7c61"></script><script type="text/javascript" src="vendor.js?51925ec1a77936b64d61"></script></body> </html> 
+<!doctype html> <html lang=en> <head> <meta charset=utf-8> <title>frps dashboard</title> <link rel="shortcut icon" href="favicon.ico"></head> <body> <div id=app></div> <script type="text/javascript" src="manifest.js?41dbccdbc87e6bcbd79c"></script><script type="text/javascript" src="vendor.js?d7109b07f8f86bab2eeb"></script></body> </html> 
--- a/assets/frps/static/manifest.js
+++ b/assets/frps/static/manifest.js
@@ -1 +1 @@
-!function(e){function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}var r=window.webpackJsonp;window.webpackJsonp=function(t,c,u){for(var i,a,f,l=0,s=[];l<t.length;l++)a=t[l],o[a]&&s.push(o[a][0]),o[a]=0;for(i in c)Object.prototype.hasOwnProperty.call(c,i)&&(e[i]=c[i]);for(r&&r(t,c,u);s.length;)s.shift()();if(u)for(l=0;l<u.length;l++)f=n(n.s=u[l]);return f};var t={},o={1:0};n.e=function(e){function r(){i.onerror=i.onload=null,clearTimeout(a);var n=o[e];0!==n&&(n&&n[1](new Error("Loading chunk "+e+" failed.")),o[e]=void 0)}var t=o[e];if(0===t)return new Promise(function(e){e()});if(t)return t[2];var c=new Promise(function(n,r){t=o[e]=[n,r]});t[2]=c;var u=document.getElementsByTagName("head")[0],i=document.createElement("script");i.type="text/javascript",i.charset="utf-8",i.async=!0,i.timeout=12e4,n.nc&&i.setAttribute("nonce",n.nc),i.src=n.p+""+e+".js?"+{0:"51925ec1a77936b64d61"}[e];var a=setTimeout(r,12e4);return i.onerror=i.onload=r,u.appendChild(i),c},n.m=e,n.c=t,n.i=function(e){return e},n.d=function(e,r,t){n.o(e,r)||Object.defineProperty(e,r,{configurable:!1,enumerable:!0,get:t})},n.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(r,"a",r),r},n.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},n.p="",n.oe=function(e){throw console.error(e),e}}([]);
+!function(e){function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}var r=window.webpackJsonp;window.webpackJsonp=function(t,u,c){for(var i,a,f,l=0,s=[];l<t.length;l++)a=t[l],o[a]&&s.push(o[a][0]),o[a]=0;for(i in u)Object.prototype.hasOwnProperty.call(u,i)&&(e[i]=u[i]);for(r&&r(t,u,c);s.length;)s.shift()();if(c)for(l=0;l<c.length;l++)f=n(n.s=c[l]);return f};var t={},o={1:0};n.e=function(e){function r(){i.onerror=i.onload=null,clearTimeout(a);var n=o[e];0!==n&&(n&&n[1](new Error("Loading chunk "+e+" failed.")),o[e]=void 0)}var t=o[e];if(0===t)return new Promise(function(e){e()});if(t)return t[2];var u=new Promise(function(n,r){t=o[e]=[n,r]});t[2]=u;var c=document.getElementsByTagName("head")[0],i=document.createElement("script");i.type="text/javascript",i.charset="utf-8",i.async=!0,i.timeout=12e4,n.nc&&i.setAttribute("nonce",n.nc),i.src=n.p+""+e+".js?"+{0:"d7109b07f8f86bab2eeb"}[e];var a=setTimeout(r,12e4);return i.onerror=i.onload=r,c.appendChild(i),u},n.m=e,n.c=t,n.i=function(e){return e},n.d=function(e,r,t){n.o(e,r)||Object.defineProperty(e,r,{configurable:!1,enumerable:!0,get:t})},n.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(r,"a",r),r},n.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},n.p="",n.oe=function(e){throw console.error(e),e}}([]);
--- a/assets/frps/static/vendor.js
+++ b/assets/frps/static/vendor.js
--- a/assets/frps/statik/statik.go
+++ b/assets/frps/statik/statik.go
--- a/client/admin.go
+++ b/client/admin.go
@@ -15,7 +15,6 @@
 package client
 import (
 	"fmt"
 	"net"
 	"net/http"
 	"time"
@@ -31,7 +30,7 @@ var (
 	httpServerWriteTimeout = 10 * time.Second
 )
-func (svr *Service) RunAdminServer(addr string, port int) (err error) {
+func (svr *Service) RunAdminServer(address string) (err error) {
 	// url router
 	router := mux.NewRouter()
@@ -51,7 +50,6 @@ func (svr *Service) RunAdminServer(addr string, port int) (err error) {
 		http.Redirect(w, r, "/static/", http.StatusMovedPermanently)
 	})
 	address := fmt.Sprintf("%s:%d", addr, port)
 	server := &http.Server{
 		Addr:         address,
 		Handler:      router,
--- a/client/admin_api.go
+++ b/client/admin_api.go
@@ -33,36 +33,19 @@ type GeneralResponse struct {
 }
 // GET api/reload
 func (svr *Service) apiReload(w http.ResponseWriter, r *http.Request) {
 	res := GeneralResponse{Code: 200}
-	log.Info("Http request [/api/reload]")
+	log.Info("api request [/api/reload]")
 	defer func() {
-		log.Info("Http response [/api/reload], code [%d]", res.Code)
+		log.Info("api response [/api/reload], code [%d]", res.Code)
 		w.WriteHeader(res.Code)
 		if len(res.Msg) > 0 {
 			w.Write([]byte(res.Msg))
 		}
 	}()
-	content, err := config.GetRenderedConfFromFile(svr.cfgFile)
+	_, pxyCfgs, visitorCfgs, err := config.ParseClientConfig(svr.cfgFile)
 	if err != nil {
 		res.Code = 400
 		res.Msg = err.Error()
 		log.Warn("reload frpc config file error: %s", res.Msg)
 		return
 	}
 	newCommonCfg, err := config.UnmarshalClientConfFromIni(content)
 	if err != nil {
 		res.Code = 400
 		res.Msg = err.Error()
 		log.Warn("reload frpc common section error: %s", res.Msg)
 		return
 	}
 	pxyCfgs, visitorCfgs, err := config.LoadAllConfFromIni(svr.cfg.User, content, newCommonCfg.Start)
 	if err != nil {
 		res.Code = 400
 		res.Msg = err.Error()
@@ -70,8 +53,7 @@ func (svr *Service) apiReload(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	err = svr.ReloadConf(pxyCfgs, visitorCfgs)
+	if err = svr.ReloadConf(pxyCfgs, visitorCfgs); err != nil {
 	if err != nil {
 		res.Code = 500
 		res.Msg = err.Error()
 		log.Warn("reload frpc proxy config error: %s", res.Msg)
@@ -243,7 +225,7 @@ func (svr *Service) apiGetConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	rows := strings.Split(content, "\n")
+	rows := strings.Split(string(content), "\n")
 	newRows := make([]string, 0, len(rows))
 	for _, row := range rows {
 		row = strings.TrimSpace(row)
--- a/client/control.go
+++ b/client/control.go
@@ -17,10 +17,10 @@ package client
 import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	"io"
 	"net"
 	"runtime/debug"
 	"strconv"
 	"sync"
 	"time"
@@ -209,21 +209,27 @@ func (ctl *Control) connectServer() (conn net.Conn, err error) {
 		conn = stream
 	} else {
 		var tlsConfig *tls.Config
 		sn := ctl.clientCfg.TLSServerName
 		if sn == "" {
 			sn = ctl.clientCfg.ServerAddr
 		}
 		if ctl.clientCfg.TLSEnable {
 			tlsConfig, err = transport.NewClientTLSConfig(
 				ctl.clientCfg.TLSCertFile,
 				ctl.clientCfg.TLSKeyFile,
 				ctl.clientCfg.TLSTrustedCaFile,
-				ctl.clientCfg.ServerAddr)
+				sn)
 			if err != nil {
 				xl.Warn("fail to build tls configuration when connecting to server, err: %v", err)
 				return
 			}
 		}
-		conn, err = frpNet.ConnectServerByProxyWithTLS(ctl.clientCfg.HTTPProxy, ctl.clientCfg.Protocol,
+
-			fmt.Sprintf("%s:%d", ctl.clientCfg.ServerAddr, ctl.clientCfg.ServerPort), tlsConfig)
+		address := net.JoinHostPort(ctl.clientCfg.ServerAddr, strconv.Itoa(ctl.clientCfg.ServerPort))
 		conn, err = frpNet.ConnectServerByProxyWithTLS(ctl.clientCfg.HTTPProxy, ctl.clientCfg.Protocol, address, tlsConfig)
 		if err != nil {
 			xl.Warn("start new connection to server error: %v", err)
 			return
@@ -295,7 +301,7 @@ func (ctl *Control) msgHandler() {
 	}()
 	defer ctl.msgHandlerShutdown.Done()
-	hbSend := time.NewTicker(time.Duration(ctl.clientCfg.HeartBeatInterval) * time.Second)
+	hbSend := time.NewTicker(time.Duration(ctl.clientCfg.HeartbeatInterval) * time.Second)
 	defer hbSend.Stop()
 	hbCheck := time.NewTicker(time.Second)
 	defer hbCheck.Stop()
@@ -314,7 +320,7 @@ func (ctl *Control) msgHandler() {
 			}
 			ctl.sendCh <- pingMsg
 		case <-hbCheck.C:
-			if time.Since(ctl.lastPong) > time.Duration(ctl.clientCfg.HeartBeatTimeout)*time.Second {
+			if time.Since(ctl.lastPong) > time.Duration(ctl.clientCfg.HeartbeatTimeout)*time.Second {
 				xl.Warn("heartbeat timeout")
 				// let reader() stop
 				ctl.conn.Close()
--- a/client/proxy/proxy.go
+++ b/client/proxy/proxy.go
@@ -148,7 +148,7 @@ func (pxy *TCPProxy) Close() {
 }
 func (pxy *TCPProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
-	HandleTCPWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, &pxy.cfg.BaseProxyConf, pxy.limiter,
+	HandleTCPWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, pxy.cfg.GetBaseInfo(), pxy.limiter,
 		conn, []byte(pxy.clientCfg.Token), m)
 }
@@ -177,7 +177,7 @@ func (pxy *TCPMuxProxy) Close() {
 }
 func (pxy *TCPMuxProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
-	HandleTCPWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, &pxy.cfg.BaseProxyConf, pxy.limiter,
+	HandleTCPWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, pxy.cfg.GetBaseInfo(), pxy.limiter,
 		conn, []byte(pxy.clientCfg.Token), m)
 }
@@ -206,7 +206,7 @@ func (pxy *HTTPProxy) Close() {
 }
 func (pxy *HTTPProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
-	HandleTCPWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, &pxy.cfg.BaseProxyConf, pxy.limiter,
+	HandleTCPWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, pxy.cfg.GetBaseInfo(), pxy.limiter,
 		conn, []byte(pxy.clientCfg.Token), m)
 }
@@ -235,7 +235,7 @@ func (pxy *HTTPSProxy) Close() {
 }
 func (pxy *HTTPSProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
-	HandleTCPWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, &pxy.cfg.BaseProxyConf, pxy.limiter,
+	HandleTCPWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, pxy.cfg.GetBaseInfo(), pxy.limiter,
 		conn, []byte(pxy.clientCfg.Token), m)
 }
@@ -264,7 +264,7 @@ func (pxy *STCPProxy) Close() {
 }
 func (pxy *STCPProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
-	HandleTCPWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, &pxy.cfg.BaseProxyConf, pxy.limiter,
+	HandleTCPWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, pxy.cfg.GetBaseInfo(), pxy.limiter,
 		conn, []byte(pxy.clientCfg.Token), m)
 }
@@ -309,6 +309,10 @@ func (pxy *XTCPProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
 	raddr, _ := net.ResolveUDPAddr("udp",
 		fmt.Sprintf("%s:%d", pxy.clientCfg.ServerAddr, pxy.serverUDPPort))
 	clientConn, err := net.DialUDP("udp", nil, raddr)
 	if err != nil {
 		xl.Error("dial server udp addr error: %v", err)
 		return
 	}
 	defer clientConn.Close()
 	err = msg.WriteMsg(clientConn, natHoleClientMsg)
@@ -410,7 +414,7 @@ func (pxy *XTCPProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
 		return
 	}
-	HandleTCPWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, &pxy.cfg.BaseProxyConf, pxy.limiter,
+	HandleTCPWorkConnection(pxy.ctx, &pxy.cfg.LocalSvrConf, pxy.proxyPlugin, pxy.cfg.GetBaseInfo(), pxy.limiter,
 		muxConn, []byte(pxy.cfg.Sk), m)
 }
--- a/client/proxy/proxy_wrapper.go
+++ b/client/proxy/proxy_wrapper.go
@@ -227,7 +227,7 @@ func (pw *Wrapper) InWorkConn(workConn net.Conn, m *msg.StartWorkConn) {
 	pw.mu.RLock()
 	pxy := pw.pxy
 	pw.mu.RUnlock()
-	if pxy != nil {
+	if pxy != nil && pw.Phase == ProxyPhaseRunning {
 		xl.Debug("start a new work connection, localAddr: %s remoteAddr: %s", workConn.LocalAddr().String(), workConn.RemoteAddr().String())
 		go pxy.InWorkConn(workConn, m)
 	} else {
--- a/client/service.go
+++ b/client/service.go
@@ -17,10 +17,12 @@ package client
 import (
 	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
 	"io/ioutil"
 	"net"
 	"runtime"
 	"strconv"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -127,7 +129,8 @@ func (svr *Service) Run() error {
 			return fmt.Errorf("Load assets error: %v", err)
 		}
-		err = svr.RunAdminServer(svr.cfg.AdminAddr, svr.cfg.AdminPort)
+		address := net.JoinHostPort(svr.cfg.AdminAddr, strconv.Itoa(svr.cfg.AdminPort))
 		err = svr.RunAdminServer(address)
 		if err != nil {
 			log.Warn("run admin server error: %v", err)
 		}
@@ -176,9 +179,16 @@ func (svr *Service) keepControllerWorking() {
 			if err != nil {
 				xl.Warn("reconnect to server error: %v", err)
 				time.Sleep(delayTime)
-				delayTime = delayTime * 2
+
-				if delayTime > maxDelayTime {
+				opErr := &net.OpError{}
-					delayTime = maxDelayTime
+				// quick retry for dial error
 				if errors.As(err, &opErr) && opErr.Op == "dial" {
 					delayTime = 2 * time.Second
 				} else {
 					delayTime = delayTime * 2
 					if delayTime > maxDelayTime {
 						delayTime = maxDelayTime
 					}
 				}
 				continue
 			}
@@ -205,18 +215,24 @@ func (svr *Service) login() (conn net.Conn, session *fmux.Session, err error) {
 	xl := xlog.FromContextSafe(svr.ctx)
 	var tlsConfig *tls.Config
 	if svr.cfg.TLSEnable {
 		sn := svr.cfg.TLSServerName
 		if sn == "" {
 			sn = svr.cfg.ServerAddr
 		}
 		tlsConfig, err = transport.NewClientTLSConfig(
 			svr.cfg.TLSCertFile,
 			svr.cfg.TLSKeyFile,
 			svr.cfg.TLSTrustedCaFile,
-			svr.cfg.ServerAddr)
+			sn)
 		if err != nil {
 			xl.Warn("fail to build tls configuration when service login, err: %v", err)
 			return
 		}
 	}
-	conn, err = frpNet.ConnectServerByProxyWithTLS(svr.cfg.HTTPProxy, svr.cfg.Protocol,
+
-		fmt.Sprintf("%s:%d", svr.cfg.ServerAddr, svr.cfg.ServerPort), tlsConfig)
+	address := net.JoinHostPort(svr.cfg.ServerAddr, strconv.Itoa(svr.cfg.ServerPort))
 	conn, err = frpNet.ConnectServerByProxyWithTLS(svr.cfg.HTTPProxy, svr.cfg.Protocol, address, tlsConfig)
 	if err != nil {
 		return
 	}
--- a/client/visitor.go
+++ b/client/visitor.go
@@ -366,7 +366,7 @@ func (sv *SUDPVisitor) Run() (err error) {
 	sv.sendCh = make(chan *msg.UDPPacket, 1024)
 	sv.readCh = make(chan *msg.UDPPacket, 1024)
-	xl.Info("sudp start to work")
+	xl.Info("sudp start to work, listen on %s", addr)
 	go sv.dispatcher()
 	go udp.ForwardUserConn(sv.udpConn, sv.readCh, sv.sendCh, int(sv.ctl.clientCfg.UDPPacketSize))
@@ -446,7 +446,7 @@ func (sv *SUDPVisitor) worker(workConn net.Conn) {
 			case *msg.UDPPacket:
 				if errRet := errors.PanicToError(func() {
 					sv.readCh <- m
-					xl.Trace("frpc visitor get udp packet from frpc")
+					xl.Trace("frpc visitor get udp packet from workConn: %s", m.Content)
 				}); errRet != nil {
 					xl.Info("reader goroutine for udp work connection closed")
 					return
@@ -475,6 +475,7 @@ func (sv *SUDPVisitor) worker(workConn net.Conn) {
 					xl.Warn("sender goroutine for udp work connection closed: %v", errRet)
 					return
 				}
 				xl.Trace("send udp package to workConn: %s", udpMsg.Content)
 			case <-closeCh:
 				return
 			}
--- a/cmd/frpc/sub/http.go
+++ b/cmd/frpc/sub/http.go
@@ -47,7 +47,7 @@ var httpCmd = &cobra.Command{
 	Use:   "http",
 	Short: "Run frpc with a single http proxy",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		clientCfg, err := parseClientCommonCfgFromCmd()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
--- a/cmd/frpc/sub/https.go
+++ b/cmd/frpc/sub/https.go
@@ -43,7 +43,7 @@ var httpsCmd = &cobra.Command{
 	Use:   "https",
 	Short: "Run frpc with a single https proxy",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		clientCfg, err := parseClientCommonCfgFromCmd()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
--- a/cmd/frpc/sub/reload.go
+++ b/cmd/frpc/sub/reload.go
@@ -35,19 +35,13 @@ var reloadCmd = &cobra.Command{
 	Use:   "reload",
 	Short: "Hot-Reload frpc configuration",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		iniContent, err := config.GetRenderedConfFromFile(cfgFile)
+		cfg, _, _, err := config.ParseClientConfig(cfgFile)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		clientCfg, err := parseClientCommonCfg(CfgFileTypeIni, iniContent)
+		err = reload(cfg)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
 		err = reload(clientCfg)
 		if err != nil {
 			fmt.Printf("frpc reload error: %v\n", err)
 			os.Exit(1)
--- a/cmd/frpc/sub/root.go
+++ b/cmd/frpc/sub/root.go
@@ -129,45 +129,19 @@ func handleSignal(svr *client.Service) {
 	close(kcpDoneCh)
 }
 func parseClientCommonCfg(fileType int, content string) (cfg config.ClientCommonConf, err error) {
 	if fileType == CfgFileTypeIni {
 		cfg, err = parseClientCommonCfgFromIni(content)
 	} else if fileType == CfgFileTypeCmd {
 		cfg, err = parseClientCommonCfgFromCmd()
 	}
 	if err != nil {
 		return
 	}
 	err = cfg.Check()
 	if err != nil {
 		return
 	}
 	return
 }
 func parseClientCommonCfgFromIni(content string) (config.ClientCommonConf, error) {
 	cfg, err := config.UnmarshalClientConfFromIni(content)
 	if err != nil {
 		return config.ClientCommonConf{}, err
 	}
 	return cfg, err
 }
 func parseClientCommonCfgFromCmd() (cfg config.ClientCommonConf, err error) {
 	cfg = config.GetDefaultClientConf()
-	strs := strings.Split(serverAddr, ":")
+	ipStr, portStr, err := net.SplitHostPort(serverAddr)
-	if len(strs) < 2 {
+	if err != nil {
-		err = fmt.Errorf("invalid server_addr")
+		err = fmt.Errorf("invalid server_addr: %v", err)
 		return
 	}
-	if strs[0] != "" {
+
-		cfg.ServerAddr = strs[0]
+	cfg.ServerAddr = ipStr
-	}
+	cfg.ServerPort, err = strconv.Atoi(portStr)
 	cfg.ServerPort, err = strconv.Atoi(strs[1])
 	if err != nil {
-		err = fmt.Errorf("invalid server_addr")
+		err = fmt.Errorf("invalid server_addr: %v", err)
 		return
 	}
@@ -176,11 +150,6 @@ func parseClientCommonCfgFromCmd() (cfg config.ClientCommonConf, err error) {
 	cfg.LogLevel = logLevel
 	cfg.LogFile = logFile
 	cfg.LogMaxDays = int64(logMaxDays)
 	if logFile == "console" {
 		cfg.LogWay = "console"
 	} else {
 		cfg.LogWay = "file"
 	}
 	cfg.DisableLogColor = disableLogColor
 	// Only token authentication is supported in cmd mode
@@ -188,28 +157,20 @@ func parseClientCommonCfgFromCmd() (cfg config.ClientCommonConf, err error) {
 	cfg.Token = token
 	cfg.TLSEnable = tlsEnable
 	cfg.Complete()
 	if err = cfg.Validate(); err != nil {
 		err = fmt.Errorf("Parse config error: %v", err)
 		return
 	}
 	return
 }
-func runClient(cfgFilePath string) (err error) {
+func runClient(cfgFilePath string) error {
-	var content string
+	cfg, pxyCfgs, visitorCfgs, err := config.ParseClientConfig(cfgFilePath)
 	content, err = config.GetRenderedConfFromFile(cfgFilePath)
 	if err != nil {
 		return
 	}
 	cfg, err := parseClientCommonCfg(CfgFileTypeIni, content)
 	if err != nil {
 		return
 	}
 	pxyCfgs, visitorCfgs, err := config.LoadAllConfFromIni(cfg.User, content, cfg.Start)
 	if err != nil {
 		return err
 	}
-
+	return startService(cfg, pxyCfgs, visitorCfgs, cfgFilePath)
 	err = startService(cfg, pxyCfgs, visitorCfgs, cfgFilePath)
 	return
 }
 func startService(
@@ -247,7 +208,7 @@ func startService(
 	}
 	err = svr.Run()
-	if cfg.Protocol == "kcp" {
+	if err == nil && cfg.Protocol == "kcp" {
 		<-kcpDoneCh
 	}
 	return
--- a/cmd/frpc/sub/status.go
+++ b/cmd/frpc/sub/status.go
@@ -38,20 +38,13 @@ var statusCmd = &cobra.Command{
 	Use:   "status",
 	Short: "Overview of all proxies status",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		iniContent, err := config.GetRenderedConfFromFile(cfgFile)
+		cfg, _, _, err := config.ParseClientConfig(cfgFile)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		clientCfg, err := parseClientCommonCfg(CfgFileTypeIni, iniContent)
+		if err = status(cfg); err != nil {
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
 		err = status(clientCfg)
 		if err != nil {
 			fmt.Printf("frpc get status error: %v\n", err)
 			os.Exit(1)
 		}
--- a/cmd/frpc/sub/stcp.go
+++ b/cmd/frpc/sub/stcp.go
@@ -45,7 +45,7 @@ var stcpCmd = &cobra.Command{
 	Use:   "stcp",
 	Short: "Run frpc with a single stcp proxy",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		clientCfg, err := parseClientCommonCfgFromCmd()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
--- a/cmd/frpc/sub/sudp.go
+++ b/cmd/frpc/sub/sudp.go
@@ -45,7 +45,7 @@ var sudpCmd = &cobra.Command{
 	Use:   "sudp",
 	Short: "Run frpc with a single sudp proxy",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		clientCfg, err := parseClientCommonCfgFromCmd()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
--- a/cmd/frpc/sub/tcp.go
+++ b/cmd/frpc/sub/tcp.go
@@ -41,7 +41,7 @@ var tcpCmd = &cobra.Command{
 	Use:   "tcp",
 	Short: "Run frpc with a single tcp proxy",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		clientCfg, err := parseClientCommonCfgFromCmd()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
--- a/cmd/frpc/sub/tcpmux.go
+++ b/cmd/frpc/sub/tcpmux.go
@@ -44,7 +44,7 @@ var tcpMuxCmd = &cobra.Command{
 	Use:   "tcpmux",
 	Short: "Run frpc with a single tcpmux proxy",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		clientCfg, err := parseClientCommonCfgFromCmd()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
--- a/cmd/frpc/sub/udp.go
+++ b/cmd/frpc/sub/udp.go
@@ -41,7 +41,7 @@ var udpCmd = &cobra.Command{
 	Use:   "udp",
 	Short: "Run frpc with a single udp proxy",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		clientCfg, err := parseClientCommonCfgFromCmd()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
--- a/cmd/frpc/sub/verify.go
+++ b/cmd/frpc/sub/verify.go
@@ -0,0 +1,43 @@
 // Copyright 2021 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package sub
 import (
 	"fmt"
 	"os"
 	"github.com/fatedier/frp/pkg/config"
 	"github.com/spf13/cobra"
 )
 func init() {
 	rootCmd.AddCommand(verifyCmd)
 }
 var verifyCmd = &cobra.Command{
 	Use:   "verify",
 	Short: "Verify that the configures is valid",
 	RunE: func(cmd *cobra.Command, args []string) error {
 		_, _, _, err := config.ParseClientConfig(cfgFile)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
 		fmt.Printf("frpc: the configuration file %s syntax is ok\n", cfgFile)
 		return nil
 	},
 }
--- a/cmd/frpc/sub/xtcp.go
+++ b/cmd/frpc/sub/xtcp.go
@@ -45,7 +45,7 @@ var xtcpCmd = &cobra.Command{
 	Use:   "xtcp",
 	Short: "Run frpc with a single xtcp proxy",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		clientCfg, err := parseClientCommonCfg(CfgFileTypeCmd, "")
+		clientCfg, err := parseClientCommonCfgFromCmd()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
--- a/cmd/frps/root.go
+++ b/cmd/frps/root.go
@@ -49,6 +49,7 @@ var (
 	dashboardPort     int
 	dashboardUser     string
 	dashboardPwd      string
 	enablePrometheus  bool
 	assetsDir         string
 	logFile           string
 	logLevel          string
@@ -79,6 +80,7 @@ func init() {
 	rootCmd.PersistentFlags().IntVarP(&dashboardPort, "dashboard_port", "", 0, "dashboard port")
 	rootCmd.PersistentFlags().StringVarP(&dashboardUser, "dashboard_user", "", "admin", "dashboard user")
 	rootCmd.PersistentFlags().StringVarP(&dashboardPwd, "dashboard_pwd", "", "admin", "dashboard password")
 	rootCmd.PersistentFlags().BoolVarP(&enablePrometheus, "enable_prometheus", "", false, "enable prometheus dashboard")
 	rootCmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "log file")
 	rootCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
 	rootCmd.PersistentFlags().Int64VarP(&logMaxDays, "log_max_days", "", 3, "log max days")
@@ -103,14 +105,14 @@ var rootCmd = &cobra.Command{
 		var cfg config.ServerCommonConf
 		var err error
 		if cfgFile != "" {
-			var content string
+			var content []byte
 			content, err = config.GetRenderedConfFromFile(cfgFile)
 			if err != nil {
 				return err
 			}
 			cfg, err = parseServerCommonCfg(CfgFileTypeIni, content)
 		} else {
-			cfg, err = parseServerCommonCfg(CfgFileTypeCmd, "")
+			cfg, err = parseServerCommonCfg(CfgFileTypeCmd, nil)
 		}
 		if err != nil {
 			return err
@@ -131,31 +133,24 @@ func Execute() {
 	}
 }
-func parseServerCommonCfg(fileType int, content string) (cfg config.ServerCommonConf, err error) {
+func parseServerCommonCfg(fileType int, source []byte) (cfg config.ServerCommonConf, err error) {
 	if fileType == CfgFileTypeIni {
-		cfg, err = parseServerCommonCfgFromIni(content)
+		cfg, err = config.UnmarshalServerConfFromIni(source)
 	} else if fileType == CfgFileTypeCmd {
 		cfg, err = parseServerCommonCfgFromCmd()
 	}
 	if err != nil {
 		return
 	}
-
+	cfg.Complete()
-	err = cfg.Check()
+	err = cfg.Validate()
 	if err != nil {
 		err = fmt.Errorf("Parse config error: %v", err)
 		return
 	}
 	return
 }
 func parseServerCommonCfgFromIni(content string) (config.ServerCommonConf, error) {
 	cfg, err := config.UnmarshalServerConfFromIni(content)
 	if err != nil {
 		return config.ServerCommonConf{}, err
 	}
 	return cfg, nil
 }
 func parseServerCommonCfgFromCmd() (cfg config.ServerCommonConf, err error) {
 	cfg = config.GetDefaultServerConf()
@@ -171,6 +166,7 @@ func parseServerCommonCfgFromCmd() (cfg config.ServerCommonConf, err error) {
 	cfg.DashboardPort = dashboardPort
 	cfg.DashboardUser = dashboardUser
 	cfg.DashboardPwd = dashboardPwd
 	cfg.EnablePrometheus = enablePrometheus
 	cfg.LogFile = logFile
 	cfg.LogLevel = logLevel
 	cfg.LogMaxDays = logMaxDays
@@ -193,23 +189,24 @@ func parseServerCommonCfgFromCmd() (cfg config.ServerCommonConf, err error) {
 		}
 	}
 	cfg.MaxPortsPerClient = maxPortsPerClient
 	if logFile == "console" {
 		cfg.LogWay = "console"
 	} else {
 		cfg.LogWay = "file"
 	}
 	cfg.DisableLogColor = disableLogColor
 	return
 }
 func runServer(cfg config.ServerCommonConf) (err error) {
 	log.InitLog(cfg.LogWay, cfg.LogFile, cfg.LogLevel, cfg.LogMaxDays, cfg.DisableLogColor)
 	if cfgFile != "" {
 		log.Info("frps uses config file: %s", cfgFile)
 	} else {
 		log.Info("frps uses command line arguments for config")
 	}
 	svr, err := server.NewService(cfg)
 	if err != nil {
 		return err
 	}
-	log.Info("start frps success")
+	log.Info("frps started successfully")
 	svr.Run()
 	return
 }
--- a/cmd/frps/verify.go
+++ b/cmd/frps/verify.go
@@ -0,0 +1,53 @@
 // Copyright 2021 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package main
 import (
 	"fmt"
 	"os"
 	"github.com/fatedier/frp/pkg/config"
 	"github.com/spf13/cobra"
 )
 func init() {
 	rootCmd.AddCommand(verifyCmd)
 }
 var verifyCmd = &cobra.Command{
 	Use:   "verify",
 	Short: "Verify that the configures is valid",
 	RunE: func(cmd *cobra.Command, args []string) error {
 		if cfgFile == "" {
 			fmt.Println("no config file is specified")
 			return nil
 		}
 		iniContent, err := config.GetRenderedConfFromFile(cfgFile)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
 		_, err = parseServerCommonCfg(CfgFileTypeIni, iniContent)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
 		fmt.Printf("frps: the configuration file %s syntax is ok\n", cfgFile)
 		return nil
 	},
 }
--- a/conf/frpc_full.ini
+++ b/conf/frpc_full.ini
@@ -2,6 +2,7 @@
 [common]
 # A literal address or host name for IPv6 must be enclosed
 # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
 # For single "server_addr" field, no need square brackets, like "server_addr = ::".
 server_addr = 0.0.0.0
 server_port = 7000
@@ -23,15 +24,30 @@ log_max_days = 3
 disable_log_color = false
 # for authentication, should be same as your frps.ini
-# AuthenticateHeartBeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
+# authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
 authenticate_heartbeats = false
-# AuthenticateNewWorkConns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
+# authenticate_new_work_conns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
 authenticate_new_work_conns = false
 # auth token
 token = 12345678
 # oidc_client_id specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
 # By default, this value is "".
 oidc_client_id =
 # oidc_client_secret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
 # By default, this value is "".
 oidc_client_secret =
 # oidc_audience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
 oidc_audience =
 # oidc_token_endpoint_url specifies the URL which implements OIDC Token Endpoint.
 # It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
 oidc_token_endpoint_url =
 # set admin address for control frpc's action by http api such as reload
 admin_addr = 127.0.0.1
 admin_port = 7400
@@ -63,6 +79,7 @@ tls_enable = true
 # tls_cert_file = client.crt
 # tls_key_file = client.key
 # tls_trusted_ca_file = ca.crt
 # tls_server_name = example.com
 # specify a dns server, so frpc will use this instead of default one
 # dns_server = 8.8.8.8
@@ -85,6 +102,9 @@ meta_var2 = 234
 # It affects the udp and sudp proxy.
 udp_packet_size = 1500
 # include other config files for proxies.
 # includes = ./confd/*.ini
 # 'ssh' is the unique proxy name
 # if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
 [ssh]
@@ -231,6 +251,16 @@ plugin_key_path = ./server.key
 plugin_host_header_rewrite = 127.0.0.1
 plugin_header_X-From-Where = frp
 [plugin_https2https]
 type = https
 custom_domains = test.yourdomain.com
 plugin = https2https
 plugin_local_addr = 127.0.0.1:443
 plugin_crt_path = ./server.crt
 plugin_key_path = ./server.key
 plugin_host_header_rewrite = 127.0.0.1
 plugin_header_X-From-Where = frp
 [plugin_http2https]
 type = http
 custom_domains = test.yourdomain.com
--- a/conf/frps_full.ini
+++ b/conf/frps_full.ini
@@ -2,6 +2,7 @@
 [common]
 # A literal address or host name for IPv6 must be enclosed
 # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
 # For single "bind_addr" field, no need square brackets, like "bind_addr = ::".
 bind_addr = 0.0.0.0
 bind_port = 7000
@@ -23,7 +24,7 @@ vhost_https_port = 443
 # response header timeout(seconds) for vhost http server, default is 60s
 # vhost_http_timeout = 60
-# TcpMuxHttpConnectPort specifies the port that the server listens for TCP
+# tcpmux_httpconnect_port specifies the port that the server listens for TCP
 # HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
 # requests on one single port. If it's not - it will listen on this value for
 # HTTP CONNECT requests. By default, this value is 0.
@@ -44,6 +45,7 @@ enable_prometheus = true
 # dashboard assets directory(only for debug mode)
 # assets_dir = ./static
 # console or real logFile path like ./frps.log
 log_file = ./frps.log
@@ -58,12 +60,12 @@ disable_log_color = false
 # DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
 detailed_errors_to_client = true
-# AuthenticationMethod specifies what authentication method to use authenticate frpc with frps.
+# authentication_method specifies what authentication method to use authenticate frpc with frps.
 # If "token" is specified - token will be read into login message.
 # If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
 authentication_method = token
-# AuthenticateHeartBeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
+# authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
 authenticate_heartbeats = false
 # AuthenticateNewWorkConns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
@@ -72,25 +74,31 @@ authenticate_new_work_conns = false
 # auth token
 token = 12345678
-# OidcClientId specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
+# oidc_issuer specifies the issuer to verify OIDC tokens with.
 # By default, this value is "".
-oidc_client_id =
+oidc_issuer =
-# OidcClientSecret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
+# oidc_audience specifies the audience OIDC tokens should contain when validated.
 # By default, this value is "".
-oidc_client_secret = 
+oidc_audience =
-# OidcAudience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
+# oidc_skip_expiry_check specifies whether to skip checking if the OIDC token is expired.
-oidc_audience = 
+# By default, this value is false.
 oidc_skip_expiry_check = false
-# OidcTokenEndpointUrl specifies the URL which implements OIDC Token Endpoint.
+
-# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
+# oidc_skip_issuer_check specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
-oidc_token_endpoint_url = 
+# By default, this value is false.
 oidc_skip_issuer_check = false
 # heartbeat configure, it's not recommended to modify the default value
 # the default value of heartbeat_timeout is 90
 # heartbeat_timeout = 90
 # user_conn_timeout configure, it's not recommended to modify the default value
 # the default value of user_conn_timeout is 10
 # user_conn_timeout = 10
 # only allow frpc to bind ports you list, if you set nothing, there won't be any limit
 allow_ports = 2000-3000,3001,3003,4000-50000
@@ -100,7 +108,7 @@ max_pool_count = 5
 # max ports can be used for each client, default value is 0 means no limit
 max_ports_per_client = 0
-# TlsOnly specifies whether to only accept TLS-encrypted connections. By default, the value is false.
+# tls_only specifies whether to only accept TLS-encrypted connections. By default, the value is false.
 tls_only = false
 # tls_cert_file = server.crt
--- a/doc/server_plugin.md
+++ b/doc/server_plugin.md
@@ -209,9 +209,10 @@ path = /handler
 ops = NewProxy
 ```
-addr: the address where the external RPC service listens on.
+- addr: the address where the external RPC service listens. Defaults to http. For https, specify the schema: `addr = https://127.0.0.1:9001`.
-path: http request url path for the POST request.
+- path: http request url path for the POST request.
-ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...).
+- ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...).
 - tls_verify: When the schema is https, we verify by default. Set this value to false if you want to skip verification.
 ### Metadata
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/fatedier/frp
-go 1.12
+go 1.16
 require (
 	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
@@ -11,7 +11,7 @@ require (
 	github.com/google/uuid v1.1.1
 	github.com/gorilla/mux v1.7.3
 	github.com/gorilla/websocket v1.4.0
-	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d
+	github.com/hashicorp/yamux v0.0.0-20210316155119-a95892c5f864
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/klauspost/cpuid v1.2.0 // indirect
 	github.com/klauspost/reedsolomon v1.9.1 // indirect
@@ -23,17 +23,18 @@ require (
 	github.com/prometheus/client_golang v1.4.1
 	github.com/rakyll/statik v0.1.1
 	github.com/rodaine/table v1.0.0
 	github.com/smartystreets/goconvey v1.6.4 // indirect
 	github.com/spf13/cobra v0.0.3
 	github.com/stretchr/testify v1.4.0
 	github.com/templexxx/cpufeat v0.0.0-20170927014610-3794dfbfb047 // indirect
 	github.com/templexxx/xor v0.0.0-20170926022130-0af8e873c554 // indirect
 	github.com/tjfoc/gmsm v0.0.0-20171124023159-98aa888b79d8 // indirect
 	github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec
 	github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae // indirect
 	golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7
 	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 	golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980 // indirect
 	golang.org/x/time v0.0.0-20191024005414-555d28b269f0
 	gopkg.in/ini.v1 v1.62.0
 	gopkg.in/square/go-jose.v2 v2.4.1 // indirect
 	k8s.io/apimachinery v0.18.3
 )
--- a/go.sum
+++ b/go.sum
@@ -51,7 +51,6 @@ github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4er
 github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
@@ -72,19 +71,23 @@ github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
 github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
 github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH/Q=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ=
+github.com/hashicorp/yamux v0.0.0-20210316155119-a95892c5f864 h1:Y4V+SFe7d3iH+9pJCoeWIOS5/xBJIFsltS7E+KJSsJY=
-github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
+github.com/hashicorp/yamux v0.0.0-20210316155119-a95892c5f864/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
@@ -154,6 +157,10 @@ github.com/rodaine/table v1.0.0 h1:UaCJG5Axc/cNXVGXqnCrffm1KxP0OfYLe1HuJLf5sFY=
 github.com/rodaine/table v1.0.0/go.mod h1:YAUzwPOji0DUJNEvggdxyQcUAl4g3hDRcFlyjnnR51I=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
@@ -171,8 +178,6 @@ github.com/templexxx/xor v0.0.0-20170926022130-0af8e873c554 h1:pexgSe+JCFuxG+uoM
 github.com/templexxx/xor v0.0.0-20170926022130-0af8e873c554/go.mod h1:5XA7W9S6mni3h5uvOC75dA3m9CCCaS83lltmc0ukdi4=
 github.com/tjfoc/gmsm v0.0.0-20171124023159-98aa888b79d8 h1:6CNSDqI1wiE+JqyOy5Qt/yo/DoNI2/QmmOZeiCid2Nw=
 github.com/tjfoc/gmsm v0.0.0-20171124023159-98aa888b79d8/go.mod h1:XxO4hdhhrzAd+G4CjDqaOkd0hUzmtPR/d3EiBBMn/wc=
 github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec h1:DGmKwyZwEB8dI7tbLt/I/gQuP559o/0FrAkHKlQM/Ks=
 github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec/go.mod h1:owBmyHYMLkxyrugmfwE/DLJyW8Ro9mkphwuVErQ0iUw=
 github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae h1:J0GxkO96kL4WF+AIT3M4mfUVinOCPgf2uUWYFUzN0sM=
 github.com/xtaci/lossyconn v0.0.0-20190602105132-8df528c0c9ae/go.mod h1:gXtu8J62kEgmN++bm9BVICuT/e8yiLI2KFobd/TRFsE=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -185,6 +190,7 @@ golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190228165749-92fc7df08ae7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 h1:AeiKBIuRw3UomYXSbLy0Mc2dDLfdtbT/IVn4keq83P0=
@@ -205,10 +211,8 @@ golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82 h1:ywK/j/KkyTHcdyYSZNXGjMwgmDSfjglYZ3vStQ/gSCU=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980 h1:OjiUf46hAmXblsZdnoSXsEUSKU8r1UEzcL5RVZ4gO9Y=
 golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -221,6 +225,7 @@ golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
@@ -239,6 +244,8 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogR
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/square/go-jose.v2 v2.4.1 h1:H0TmLt7/KmzlrDOpa1F+zr0Tk90PbJYBfsVUmRLrf9Y=
 gopkg.in/square/go-jose.v2 v2.4.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
@@ -246,7 +253,6 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5 h1:ymVxjfMaHvXD8RqPRmzHHsB3VvucivSkIAvJFDI5O3c=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
--- a/hack/run-e2e.sh
+++ b/hack/run-e2e.sh
@@ -5,7 +5,7 @@ ROOT=$(unset CDPATH && cd $(dirname "${BASH_SOURCE[0]}")/.. && pwd)
 which ginkgo &> /dev/null
 if [ $? -ne 0 ]; then
    echo "ginkgo not found, try to install..."
-    go get -u github.com/onsi/ginkgo/ginkgo
+    go install github.com/onsi/ginkgo/ginkgo
 fi
 debug=false
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -19,101 +19,58 @@ import (
 	"github.com/fatedier/frp/pkg/consts"
 	"github.com/fatedier/frp/pkg/msg"
 	"github.com/vaughan0/go-ini"
 )
-type baseConfig struct {
+type BaseConfig struct {
 	// AuthenticationMethod specifies what authentication method to use to
 	// authenticate frpc with frps. If "token" is specified - token will be
 	// read into login message. If "oidc" is specified - OIDC (Open ID Connect)
 	// token will be issued using OIDC settings. By default, this value is "token".
-	AuthenticationMethod string `json:"authentication_method"`
+	AuthenticationMethod string `ini:"authentication_method" json:"authentication_method"`
 	// AuthenticateHeartBeats specifies whether to include authentication token in
 	// heartbeats sent to frps. By default, this value is false.
-	AuthenticateHeartBeats bool `json:"authenticate_heartbeats"`
+	AuthenticateHeartBeats bool `ini:"authenticate_heartbeats" json:"authenticate_heartbeats"`
 	// AuthenticateNewWorkConns specifies whether to include authentication token in
 	// new work connections sent to frps. By default, this value is false.
-	AuthenticateNewWorkConns bool `json:"authenticate_new_work_conns"`
+	AuthenticateNewWorkConns bool `ini:"authenticate_new_work_conns" json:"authenticate_new_work_conns"`
 }
-func getDefaultBaseConf() baseConfig {
+func getDefaultBaseConf() BaseConfig {
-	return baseConfig{
+	return BaseConfig{
 		AuthenticationMethod:     "token",
 		AuthenticateHeartBeats:   false,
 		AuthenticateNewWorkConns: false,
 	}
 }
 func unmarshalBaseConfFromIni(conf ini.File) baseConfig {
 	var (
 		tmpStr string
 		ok     bool
 	)
 	cfg := getDefaultBaseConf()
 	if tmpStr, ok = conf.Get("common", "authentication_method"); ok {
 		cfg.AuthenticationMethod = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "authenticate_heartbeats"); ok && tmpStr == "true" {
 		cfg.AuthenticateHeartBeats = true
 	} else {
 		cfg.AuthenticateHeartBeats = false
 	}
 	if tmpStr, ok = conf.Get("common", "authenticate_new_work_conns"); ok && tmpStr == "true" {
 		cfg.AuthenticateNewWorkConns = true
 	} else {
 		cfg.AuthenticateNewWorkConns = false
 	}
 	return cfg
 }
 type ClientConfig struct {
-	baseConfig
+	BaseConfig       `ini:",extends"`
-	oidcClientConfig
+	OidcClientConfig `ini:",extends"`
-	tokenConfig
+	TokenConfig      `ini:",extends"`
 }
 func GetDefaultClientConf() ClientConfig {
 	return ClientConfig{
-		baseConfig:       getDefaultBaseConf(),
+		BaseConfig:       getDefaultBaseConf(),
-		oidcClientConfig: getDefaultOidcClientConf(),
+		OidcClientConfig: getDefaultOidcClientConf(),
-		tokenConfig:      getDefaultTokenConf(),
+		TokenConfig:      getDefaultTokenConf(),
 	}
 }
 func UnmarshalClientConfFromIni(conf ini.File) (cfg ClientConfig) {
 	cfg.baseConfig = unmarshalBaseConfFromIni(conf)
 	cfg.oidcClientConfig = unmarshalOidcClientConfFromIni(conf)
 	cfg.tokenConfig = unmarshalTokenConfFromIni(conf)
 	return cfg
 }
 type ServerConfig struct {
-	baseConfig
+	BaseConfig       `ini:",extends"`
-	oidcServerConfig
+	OidcServerConfig `ini:",extends"`
-	tokenConfig
+	TokenConfig      `ini:",extends"`
 }
 func GetDefaultServerConf() ServerConfig {
 	return ServerConfig{
-		baseConfig:       getDefaultBaseConf(),
+		BaseConfig:       getDefaultBaseConf(),
-		oidcServerConfig: getDefaultOidcServerConf(),
+		OidcServerConfig: getDefaultOidcServerConf(),
-		tokenConfig:      getDefaultTokenConf(),
+		TokenConfig:      getDefaultTokenConf(),
 	}
 }
 func UnmarshalServerConfFromIni(conf ini.File) (cfg ServerConfig) {
 	cfg.baseConfig = unmarshalBaseConfFromIni(conf)
 	cfg.oidcServerConfig = unmarshalOidcServerConfFromIni(conf)
 	cfg.tokenConfig = unmarshalTokenConfFromIni(conf)
 	return cfg
 }
 type Setter interface {
 	SetLogin(*msg.Login) error
 	SetPing(*msg.Ping) error
@@ -123,9 +80,9 @@ type Setter interface {
 func NewAuthSetter(cfg ClientConfig) (authProvider Setter) {
 	switch cfg.AuthenticationMethod {
 	case consts.TokenAuthMethod:
-		authProvider = NewTokenAuth(cfg.baseConfig, cfg.tokenConfig)
+		authProvider = NewTokenAuth(cfg.BaseConfig, cfg.TokenConfig)
 	case consts.OidcAuthMethod:
-		authProvider = NewOidcAuthSetter(cfg.baseConfig, cfg.oidcClientConfig)
+		authProvider = NewOidcAuthSetter(cfg.BaseConfig, cfg.OidcClientConfig)
 	default:
 		panic(fmt.Sprintf("wrong authentication method: '%s'", cfg.AuthenticationMethod))
 	}
@@ -142,9 +99,9 @@ type Verifier interface {
 func NewAuthVerifier(cfg ServerConfig) (authVerifier Verifier) {
 	switch cfg.AuthenticationMethod {
 	case consts.TokenAuthMethod:
-		authVerifier = NewTokenAuth(cfg.baseConfig, cfg.tokenConfig)
+		authVerifier = NewTokenAuth(cfg.BaseConfig, cfg.TokenConfig)
 	case consts.OidcAuthMethod:
-		authVerifier = NewOidcAuthVerifier(cfg.baseConfig, cfg.oidcServerConfig)
+		authVerifier = NewOidcAuthVerifier(cfg.BaseConfig, cfg.OidcServerConfig)
 	}
 	return authVerifier
--- a/pkg/auth/oidc.go
+++ b/pkg/auth/oidc.go
@@ -21,30 +21,29 @@ import (
 	"github.com/fatedier/frp/pkg/msg"
 	"github.com/coreos/go-oidc"
 	"github.com/vaughan0/go-ini"
 	"golang.org/x/oauth2/clientcredentials"
 )
-type oidcClientConfig struct {
+type OidcClientConfig struct {
 	// OidcClientID specifies the client ID to use to get a token in OIDC
 	// authentication if AuthenticationMethod == "oidc". By default, this value
 	// is "".
-	OidcClientID string `json:"oidc_client_id"`
+	OidcClientID string `ini:"oidc_client_id" json:"oidc_client_id"`
 	// OidcClientSecret specifies the client secret to use to get a token in OIDC
 	// authentication if AuthenticationMethod == "oidc". By default, this value
 	// is "".
-	OidcClientSecret string `json:"oidc_client_secret"`
+	OidcClientSecret string `ini:"oidc_client_secret" json:"oidc_client_secret"`
 	// OidcAudience specifies the audience of the token in OIDC authentication
 	//if AuthenticationMethod == "oidc". By default, this value is "".
-	OidcAudience string `json:"oidc_audience"`
+	OidcAudience string `ini:"oidc_audience" json:"oidc_audience"`
 	// OidcTokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
 	// It will be used to get an OIDC token if AuthenticationMethod == "oidc".
 	// By default, this value is "".
-	OidcTokenEndpointURL string `json:"oidc_token_endpoint_url"`
+	OidcTokenEndpointURL string `ini:"oidc_token_endpoint_url" json:"oidc_token_endpoint_url"`
 }
-func getDefaultOidcClientConf() oidcClientConfig {
+func getDefaultOidcClientConf() OidcClientConfig {
-	return oidcClientConfig{
+	return OidcClientConfig{
 		OidcClientID:         "",
 		OidcClientSecret:     "",
 		OidcAudience:         "",
@@ -52,56 +51,29 @@ func getDefaultOidcClientConf() oidcClientConfig {
 	}
 }
-func unmarshalOidcClientConfFromIni(conf ini.File) oidcClientConfig {
+type OidcServerConfig struct {
 	var (
 		tmpStr string
 		ok     bool
 	)
 	cfg := getDefaultOidcClientConf()
 	if tmpStr, ok = conf.Get("common", "oidc_client_id"); ok {
 		cfg.OidcClientID = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "oidc_client_secret"); ok {
 		cfg.OidcClientSecret = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "oidc_audience"); ok {
 		cfg.OidcAudience = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "oidc_token_endpoint_url"); ok {
 		cfg.OidcTokenEndpointURL = tmpStr
 	}
 	return cfg
 }
 type oidcServerConfig struct {
 	// OidcIssuer specifies the issuer to verify OIDC tokens with. This issuer
 	// will be used to load public keys to verify signature and will be compared
 	// with the issuer claim in the OIDC token. It will be used if
 	// AuthenticationMethod == "oidc". By default, this value is "".
-	OidcIssuer string `json:"oidc_issuer"`
+	OidcIssuer string `ini:"oidc_issuer" json:"oidc_issuer"`
 	// OidcAudience specifies the audience OIDC tokens should contain when validated.
 	// If this value is empty, audience ("client ID") verification will be skipped.
 	// It will be used when AuthenticationMethod == "oidc". By default, this
 	// value is "".
-	OidcAudience string `json:"oidc_audience"`
+	OidcAudience string `ini:"oidc_audience" json:"oidc_audience"`
 	// OidcSkipExpiryCheck specifies whether to skip checking if the OIDC token is
 	// expired. It will be used when AuthenticationMethod == "oidc". By default, this
 	// value is false.
-	OidcSkipExpiryCheck bool `json:"oidc_skip_expiry_check"`
+	OidcSkipExpiryCheck bool `ini:"oidc_skip_expiry_check" json:"oidc_skip_expiry_check"`
 	// OidcSkipIssuerCheck specifies whether to skip checking if the OIDC token's
 	// issuer claim matches the issuer specified in OidcIssuer. It will be used when
 	// AuthenticationMethod == "oidc". By default, this value is false.
-	OidcSkipIssuerCheck bool `json:"oidc_skip_issuer_check"`
+	OidcSkipIssuerCheck bool `ini:"oidc_skip_issuer_check" json:"oidc_skip_issuer_check"`
 }
-func getDefaultOidcServerConf() oidcServerConfig {
+func getDefaultOidcServerConf() OidcServerConfig {
-	return oidcServerConfig{
+	return OidcServerConfig{
 		OidcIssuer:          "",
 		OidcAudience:        "",
 		OidcSkipExpiryCheck: false,
@@ -109,44 +81,13 @@ func getDefaultOidcServerConf() oidcServerConfig {
 	}
 }
 func unmarshalOidcServerConfFromIni(conf ini.File) oidcServerConfig {
 	var (
 		tmpStr string
 		ok     bool
 	)
 	cfg := getDefaultOidcServerConf()
 	if tmpStr, ok = conf.Get("common", "oidc_issuer"); ok {
 		cfg.OidcIssuer = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "oidc_audience"); ok {
 		cfg.OidcAudience = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "oidc_skip_expiry_check"); ok && tmpStr == "true" {
 		cfg.OidcSkipExpiryCheck = true
 	} else {
 		cfg.OidcSkipExpiryCheck = false
 	}
 	if tmpStr, ok = conf.Get("common", "oidc_skip_issuer_check"); ok && tmpStr == "true" {
 		cfg.OidcSkipIssuerCheck = true
 	} else {
 		cfg.OidcSkipIssuerCheck = false
 	}
 	return cfg
 }
 type OidcAuthProvider struct {
-	baseConfig
+	BaseConfig
 	tokenGenerator *clientcredentials.Config
 }
-func NewOidcAuthSetter(baseCfg baseConfig, cfg oidcClientConfig) *OidcAuthProvider {
+func NewOidcAuthSetter(baseCfg BaseConfig, cfg OidcClientConfig) *OidcAuthProvider {
 	tokenGenerator := &clientcredentials.Config{
 		ClientID:     cfg.OidcClientID,
 		ClientSecret: cfg.OidcClientSecret,
@@ -155,7 +96,7 @@ func NewOidcAuthSetter(baseCfg baseConfig, cfg oidcClientConfig) *OidcAuthProvid
 	}
 	return &OidcAuthProvider{
-		baseConfig:     baseCfg,
+		BaseConfig:     baseCfg,
 		tokenGenerator: tokenGenerator,
 	}
 }
@@ -192,13 +133,13 @@ func (auth *OidcAuthProvider) SetNewWorkConn(newWorkConnMsg *msg.NewWorkConn) (e
 }
 type OidcAuthConsumer struct {
-	baseConfig
+	BaseConfig
 	verifier         *oidc.IDTokenVerifier
 	subjectFromLogin string
 }
-func NewOidcAuthVerifier(baseCfg baseConfig, cfg oidcServerConfig) *OidcAuthConsumer {
+func NewOidcAuthVerifier(baseCfg BaseConfig, cfg OidcServerConfig) *OidcAuthConsumer {
 	provider, err := oidc.NewProvider(context.Background(), cfg.OidcIssuer)
 	if err != nil {
 		panic(err)
@@ -210,7 +151,7 @@ func NewOidcAuthVerifier(baseCfg baseConfig, cfg oidcServerConfig) *OidcAuthCons
 		SkipIssuerCheck:   cfg.OidcSkipIssuerCheck,
 	}
 	return &OidcAuthConsumer{
-		baseConfig: baseCfg,
+		BaseConfig: baseCfg,
 		verifier:   provider.Verifier(&verifierConf),
 	}
 }
--- a/pkg/auth/token.go
+++ b/pkg/auth/token.go
@@ -20,47 +20,30 @@ import (
 	"github.com/fatedier/frp/pkg/msg"
 	"github.com/fatedier/frp/pkg/util/util"
 	"github.com/vaughan0/go-ini"
 )
-type tokenConfig struct {
+type TokenConfig struct {
 	// Token specifies the authorization token used to create keys to be sent
 	// to the server. The server must have a matching token for authorization
 	// to succeed.  By default, this value is "".
-	Token string `json:"token"`
+	Token string `ini:"token" json:"token"`
 }
-func getDefaultTokenConf() tokenConfig {
+func getDefaultTokenConf() TokenConfig {
-	return tokenConfig{
+	return TokenConfig{
 		Token: "",
 	}
 }
 func unmarshalTokenConfFromIni(conf ini.File) tokenConfig {
 	var (
 		tmpStr string
 		ok     bool
 	)
 	cfg := getDefaultTokenConf()
 	if tmpStr, ok = conf.Get("common", "token"); ok {
 		cfg.Token = tmpStr
 	}
 	return cfg
 }
 type TokenAuthSetterVerifier struct {
-	baseConfig
+	BaseConfig
 	token string
 }
-func NewTokenAuth(baseCfg baseConfig, cfg tokenConfig) *TokenAuthSetterVerifier {
+func NewTokenAuth(baseCfg BaseConfig, cfg TokenConfig) *TokenAuthSetterVerifier {
 	return &TokenAuthSetterVerifier{
-		baseConfig: baseCfg,
+		BaseConfig: baseCfg,
 		token:      cfg.Token,
 	}
 }
--- a/pkg/config/README.md
+++ b/pkg/config/README.md
@@ -0,0 +1,12 @@
 So far, there is no mature Go project that does well in parsing `*.ini` files. 
 By comparison, we have selected an open source project: `https://github.com/go-ini/ini`.
 This library helped us solve most of the key-value matching, but there are still some problems, such as not supporting parsing `map`.
 We add our own logic on the basis of this library. In the current situationwhich, we need to complete the entire `Unmarshal` in two steps:
 * Step#1, use `go-ini` to complete the basic parameter matching;
 * Step#2, parse our custom parameters to realize parsing special structure, like `map`, `array`.
 Some of the keywords in `tag`(like inline, extends, etc.) may be different from standard libraries such as `json` and `protobuf` in Go. For details, please refer to the library documentation: https://ini.unknwon.io/docs/intro.
--- a/pkg/config/client.go
+++ b/pkg/config/client.go
@@ -0,0 +1,396 @@
 // Copyright 2020 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package config
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"github.com/fatedier/frp/pkg/auth"
 	"github.com/fatedier/frp/pkg/util/util"
 	"gopkg.in/ini.v1"
 )
 // ClientCommonConf contains information for a client service. It is
 // recommended to use GetDefaultClientConf instead of creating this object
 // directly, so that all unspecified fields have reasonable default values.
 type ClientCommonConf struct {
 	auth.ClientConfig `ini:",extends"`
 	// ServerAddr specifies the address of the server to connect to. By
 	// default, this value is "0.0.0.0".
 	ServerAddr string `ini:"server_addr" josn:"server_addr"`
 	// ServerPort specifies the port to connect to the server on. By default,
 	// this value is 7000.
 	ServerPort int `ini:"server_port" json:"server_port"`
 	// HTTPProxy specifies a proxy address to connect to the server through. If
 	// this value is "", the server will be connected to directly. By default,
 	// this value is read from the "http_proxy" environment variable.
 	HTTPProxy string `ini:"http_proxy" json:"http_proxy"`
 	// LogFile specifies a file where logs will be written to. This value will
 	// only be used if LogWay is set appropriately. By default, this value is
 	// "console".
 	LogFile string `ini:"log_file" json:"log_file"`
 	// LogWay specifies the way logging is managed. Valid values are "console"
 	// or "file". If "console" is used, logs will be printed to stdout. If
 	// "file" is used, logs will be printed to LogFile. By default, this value
 	// is "console".
 	LogWay string `ini:"log_way" json:"log_way"`
 	// LogLevel specifies the minimum log level. Valid values are "trace",
 	// "debug", "info", "warn", and "error". By default, this value is "info".
 	LogLevel string `ini:"log_level" json:"log_level"`
 	// LogMaxDays specifies the maximum number of days to store log information
 	// before deletion. This is only used if LogWay == "file". By default, this
 	// value is 0.
 	LogMaxDays int64 `ini:"log_max_days" json:"log_max_days"`
 	// DisableLogColor disables log colors when LogWay == "console" when set to
 	// true. By default, this value is false.
 	DisableLogColor bool `ini:"disable_log_color" json:"disable_log_color"`
 	// AdminAddr specifies the address that the admin server binds to. By
 	// default, this value is "127.0.0.1".
 	AdminAddr string `ini:"admin_addr" json:"admin_addr"`
 	// AdminPort specifies the port for the admin server to listen on. If this
 	// value is 0, the admin server will not be started. By default, this value
 	// is 0.
 	AdminPort int `ini:"admin_port" json:"admin_port"`
 	// AdminUser specifies the username that the admin server will use for
 	// login.
 	AdminUser string `ini:"admin_user" json:"admin_user"`
 	// AdminPwd specifies the password that the admin server will use for
 	// login.
 	AdminPwd string `ini:"admin_pwd" json:"admin_pwd"`
 	// AssetsDir specifies the local directory that the admin server will load
 	// resources from. If this value is "", assets will be loaded from the
 	// bundled executable using statik. By default, this value is "".
 	AssetsDir string `ini:"assets_dir" json:"assets_dir"`
 	// PoolCount specifies the number of connections the client will make to
 	// the server in advance. By default, this value is 0.
 	PoolCount int `ini:"pool_count" json:"pool_count"`
 	// TCPMux toggles TCP stream multiplexing. This allows multiple requests
 	// from a client to share a single TCP connection. If this value is true,
 	// the server must have TCP multiplexing enabled as well. By default, this
 	// value is true.
 	TCPMux bool `ini:"tcp_mux" json:"tcp_mux"`
 	// User specifies a prefix for proxy names to distinguish them from other
 	// clients. If this value is not "", proxy names will automatically be
 	// changed to "{user}.{proxy_name}". By default, this value is "".
 	User string `ini:"user" json:"user"`
 	// DNSServer specifies a DNS server address for FRPC to use. If this value
 	// is "", the default DNS will be used. By default, this value is "".
 	DNSServer string `ini:"dns_server" json:"dns_server"`
 	// LoginFailExit controls whether or not the client should exit after a
 	// failed login attempt. If false, the client will retry until a login
 	// attempt succeeds. By default, this value is true.
 	LoginFailExit bool `ini:"login_fail_exit" json:"login_fail_exit"`
 	// Start specifies a set of enabled proxies by name. If this set is empty,
 	// all supplied proxies are enabled. By default, this value is an empty
 	// set.
 	Start []string `ini:"start" json:"start"`
 	//Start map[string]struct{} `json:"start"`
 	// Protocol specifies the protocol to use when interacting with the server.
 	// Valid values are "tcp", "kcp" and "websocket". By default, this value
 	// is "tcp".
 	Protocol string `ini:"protocol" json:"protocol"`
 	// TLSEnable specifies whether or not TLS should be used when communicating
 	// with the server. If "tls_cert_file" and "tls_key_file" are valid,
 	// client will load the supplied tls configuration.
 	TLSEnable bool `ini:"tls_enable" json:"tls_enable"`
 	// TLSCertPath specifies the path of the cert file that client will
 	// load. It only works when "tls_enable" is true and "tls_key_file" is valid.
 	TLSCertFile string `ini:"tls_cert_file" json:"tls_cert_file"`
 	// TLSKeyPath specifies the path of the secret key file that client
 	// will load. It only works when "tls_enable" is true and "tls_cert_file"
 	// are valid.
 	TLSKeyFile string `ini:"tls_key_file" json:"tls_key_file"`
 	// TLSTrustedCaFile specifies the path of the trusted ca file that will load.
 	// It only works when "tls_enable" is valid and tls configuration of server
 	// has been specified.
 	TLSTrustedCaFile string `ini:"tls_trusted_ca_file" json:"tls_trusted_ca_file"`
 	// TLSServerName specifices the custom server name of tls certificate. By
 	// default, server name if same to ServerAddr.
 	TLSServerName string `ini:"tls_server_name" json:"tls_server_name"`
 	// HeartBeatInterval specifies at what interval heartbeats are sent to the
 	// server, in seconds. It is not recommended to change this value. By
 	// default, this value is 30.
 	HeartbeatInterval int64 `ini:"heartbeat_interval" json:"heartbeat_interval"`
 	// HeartBeatTimeout specifies the maximum allowed heartbeat response delay
 	// before the connection is terminated, in seconds. It is not recommended
 	// to change this value. By default, this value is 90.
 	HeartbeatTimeout int64 `ini:"heartbeat_timeout" json:"heartbeat_timeout"`
 	// Client meta info
 	Metas map[string]string `ini:"-" json:"metas"`
 	// UDPPacketSize specifies the udp packet size
 	// By default, this value is 1500
 	UDPPacketSize int64 `ini:"udp_packet_size" json:"udp_packet_size"`
 	// Include other config files for proxies.
 	IncludeConfigFiles []string `ini:"includes" json:"includes"`
 }
 // GetDefaultClientConf returns a client configuration with default values.
 func GetDefaultClientConf() ClientCommonConf {
 	return ClientCommonConf{
 		ClientConfig:       auth.GetDefaultClientConf(),
 		ServerAddr:         "0.0.0.0",
 		ServerPort:         7000,
 		HTTPProxy:          os.Getenv("http_proxy"),
 		LogFile:            "console",
 		LogWay:             "console",
 		LogLevel:           "info",
 		LogMaxDays:         3,
 		DisableLogColor:    false,
 		AdminAddr:          "127.0.0.1",
 		AdminPort:          0,
 		AdminUser:          "",
 		AdminPwd:           "",
 		AssetsDir:          "",
 		PoolCount:          1,
 		TCPMux:             true,
 		User:               "",
 		DNSServer:          "",
 		LoginFailExit:      true,
 		Start:              make([]string, 0),
 		Protocol:           "tcp",
 		TLSEnable:          false,
 		TLSCertFile:        "",
 		TLSKeyFile:         "",
 		TLSTrustedCaFile:   "",
 		HeartbeatInterval:  30,
 		HeartbeatTimeout:   90,
 		Metas:              make(map[string]string),
 		UDPPacketSize:      1500,
 		IncludeConfigFiles: make([]string, 0),
 	}
 }
 func (cfg *ClientCommonConf) Complete() {
 	if cfg.LogFile == "console" {
 		cfg.LogWay = "console"
 	} else {
 		cfg.LogWay = "file"
 	}
 }
 func (cfg *ClientCommonConf) Validate() error {
 	if cfg.HeartbeatInterval <= 0 {
 		return fmt.Errorf("invalid heartbeat_interval")
 	}
 	if cfg.HeartbeatTimeout < cfg.HeartbeatInterval {
 		return fmt.Errorf("invalid heartbeat_timeout, heartbeat_timeout is less than heartbeat_interval")
 	}
 	if cfg.TLSEnable == false {
 		if cfg.TLSCertFile != "" {
 			fmt.Println("WARNING! tls_cert_file is invalid when tls_enable is false")
 		}
 		if cfg.TLSKeyFile != "" {
 			fmt.Println("WARNING! tls_key_file is invalid when tls_enable is false")
 		}
 		if cfg.TLSTrustedCaFile != "" {
 			fmt.Println("WARNING! tls_trusted_ca_file is invalid when tls_enable is false")
 		}
 	}
 	if cfg.Protocol != "tcp" && cfg.Protocol != "kcp" && cfg.Protocol != "websocket" {
 		return fmt.Errorf("invalid protocol")
 	}
 	for _, f := range cfg.IncludeConfigFiles {
 		absDir, err := filepath.Abs(filepath.Dir(f))
 		if err != nil {
 			return fmt.Errorf("include: parse directory of %s failed: %v", f, absDir)
 		}
 		if _, err := os.Stat(absDir); os.IsNotExist(err) {
 			return fmt.Errorf("include: directory of %s not exist", f)
 		}
 	}
 	return nil
 }
 // Supported sources including: string(file path), []byte, Reader interface.
 func UnmarshalClientConfFromIni(source interface{}) (ClientCommonConf, error) {
 	f, err := ini.LoadSources(ini.LoadOptions{
 		Insensitive:         false,
 		InsensitiveSections: false,
 		InsensitiveKeys:     false,
 		IgnoreInlineComment: true,
 		AllowBooleanKeys:    true,
 	}, source)
 	if err != nil {
 		return ClientCommonConf{}, err
 	}
 	s, err := f.GetSection("common")
 	if err != nil {
 		return ClientCommonConf{}, fmt.Errorf("invalid configuration file, not found [common] section")
 	}
 	common := GetDefaultClientConf()
 	err = s.MapTo(&common)
 	if err != nil {
 		return ClientCommonConf{}, err
 	}
 	common.Metas = GetMapWithoutPrefix(s.KeysHash(), "meta_")
 	return common, nil
 }
 // if len(startProxy) is 0, start all
 // otherwise just start proxies in startProxy map
 func LoadAllProxyConfsFromIni(
 	prefix string,
 	source interface{},
 	start []string,
 ) (map[string]ProxyConf, map[string]VisitorConf, error) {
 	f, err := ini.LoadSources(ini.LoadOptions{
 		Insensitive:         false,
 		InsensitiveSections: false,
 		InsensitiveKeys:     false,
 		IgnoreInlineComment: true,
 		AllowBooleanKeys:    true,
 	}, source)
 	if err != nil {
 		return nil, nil, err
 	}
 	proxyConfs := make(map[string]ProxyConf)
 	visitorConfs := make(map[string]VisitorConf)
 	if prefix != "" {
 		prefix += "."
 	}
 	startProxy := make(map[string]struct{})
 	for _, s := range start {
 		startProxy[s] = struct{}{}
 	}
 	startAll := true
 	if len(startProxy) > 0 {
 		startAll = false
 	}
 	// Build template sections from range section And append to ini.File.
 	rangeSections := make([]*ini.Section, 0)
 	for _, section := range f.Sections() {
 		if !strings.HasPrefix(section.Name(), "range:") {
 			continue
 		}
 		rangeSections = append(rangeSections, section)
 	}
 	for _, section := range rangeSections {
 		err = renderRangeProxyTemplates(f, section)
 		if err != nil {
 			return nil, nil, fmt.Errorf("failed to render template for proxy %s: %v", section.Name(), err)
 		}
 	}
 	for _, section := range f.Sections() {
 		name := section.Name()
 		if name == ini.DefaultSection || name == "common" || strings.HasPrefix(name, "range:") {
 			continue
 		}
 		_, shouldStart := startProxy[name]
 		if !startAll && !shouldStart {
 			continue
 		}
 		roleType := section.Key("role").String()
 		if roleType == "" {
 			roleType = "server"
 		}
 		switch roleType {
 		case "server":
 			newConf, newErr := NewProxyConfFromIni(prefix, name, section)
 			if newErr != nil {
 				return nil, nil, fmt.Errorf("failed to parse proxy %s, err: %v", name, newErr)
 			}
 			proxyConfs[prefix+name] = newConf
 		case "visitor":
 			newConf, newErr := NewVisitorConfFromIni(prefix, name, section)
 			if newErr != nil {
 				return nil, nil, newErr
 			}
 			visitorConfs[prefix+name] = newConf
 		default:
 			return nil, nil, fmt.Errorf("proxy %s role should be 'server' or 'visitor'", name)
 		}
 	}
 	return proxyConfs, visitorConfs, nil
 }
 func renderRangeProxyTemplates(f *ini.File, section *ini.Section) error {
 	// Validation
 	localPortStr := section.Key("local_port").String()
 	remotePortStr := section.Key("remote_port").String()
 	if localPortStr == "" || remotePortStr == "" {
 		return fmt.Errorf("local_port or remote_port is empty")
 	}
 	localPorts, err := util.ParseRangeNumbers(localPortStr)
 	if err != nil {
 		return err
 	}
 	remotePorts, err := util.ParseRangeNumbers(remotePortStr)
 	if err != nil {
 		return err
 	}
 	if len(localPorts) != len(remotePorts) {
 		return fmt.Errorf("local ports number should be same with remote ports number")
 	}
 	if len(localPorts) == 0 {
 		return fmt.Errorf("local_port and remote_port is necessary")
 	}
 	// Templates
 	prefix := strings.TrimSpace(strings.TrimPrefix(section.Name(), "range:"))
 	for i := range localPorts {
 		tmpname := fmt.Sprintf("%s_%d", prefix, i)
 		tmpsection, err := f.NewSection(tmpname)
 		if err != nil {
 			return err
 		}
 		copySection(section, tmpsection)
 		tmpsection.NewKey("local_port", fmt.Sprintf("%d", localPorts[i]))
 		tmpsection.NewKey("remote_port", fmt.Sprintf("%d", remotePorts[i]))
 	}
 	return nil
 }
 func copySection(source, target *ini.Section) {
 	for key, value := range source.KeysHash() {
 		target.NewKey(key, value)
 	}
 }
--- a/pkg/config/client_common.go
+++ b/pkg/config/client_common.go
@@ -1,365 +0,0 @@
 // Copyright 2016 fatedier, fatedier@gmail.com
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package config
 import (
 	"fmt"
 	"os"
 	"strconv"
 	"strings"
 	"github.com/fatedier/frp/pkg/auth"
 	ini "github.com/vaughan0/go-ini"
 )
 // ClientCommonConf contains information for a client service. It is
 // recommended to use GetDefaultClientConf instead of creating this object
 // directly, so that all unspecified fields have reasonable default values.
 type ClientCommonConf struct {
 	auth.ClientConfig
 	// ServerAddr specifies the address of the server to connect to. By
 	// default, this value is "0.0.0.0".
 	ServerAddr string `json:"server_addr"`
 	// ServerPort specifies the port to connect to the server on. By default,
 	// this value is 7000.
 	ServerPort int `json:"server_port"`
 	// HTTPProxy specifies a proxy address to connect to the server through. If
 	// this value is "", the server will be connected to directly. By default,
 	// this value is read from the "http_proxy" environment variable.
 	HTTPProxy string `json:"http_proxy"`
 	// LogFile specifies a file where logs will be written to. This value will
 	// only be used if LogWay is set appropriately. By default, this value is
 	// "console".
 	LogFile string `json:"log_file"`
 	// LogWay specifies the way logging is managed. Valid values are "console"
 	// or "file". If "console" is used, logs will be printed to stdout. If
 	// "file" is used, logs will be printed to LogFile. By default, this value
 	// is "console".
 	LogWay string `json:"log_way"`
 	// LogLevel specifies the minimum log level. Valid values are "trace",
 	// "debug", "info", "warn", and "error". By default, this value is "info".
 	LogLevel string `json:"log_level"`
 	// LogMaxDays specifies the maximum number of days to store log information
 	// before deletion. This is only used if LogWay == "file". By default, this
 	// value is 0.
 	LogMaxDays int64 `json:"log_max_days"`
 	// DisableLogColor disables log colors when LogWay == "console" when set to
 	// true. By default, this value is false.
 	DisableLogColor bool `json:"disable_log_color"`
 	// AdminAddr specifies the address that the admin server binds to. By
 	// default, this value is "127.0.0.1".
 	AdminAddr string `json:"admin_addr"`
 	// AdminPort specifies the port for the admin server to listen on. If this
 	// value is 0, the admin server will not be started. By default, this value
 	// is 0.
 	AdminPort int `json:"admin_port"`
 	// AdminUser specifies the username that the admin server will use for
 	// login. By default, this value is "admin".
 	AdminUser string `json:"admin_user"`
 	// AdminPwd specifies the password that the admin server will use for
 	// login. By default, this value is "admin".
 	AdminPwd string `json:"admin_pwd"`
 	// AssetsDir specifies the local directory that the admin server will load
 	// resources from. If this value is "", assets will be loaded from the
 	// bundled executable using statik. By default, this value is "".
 	AssetsDir string `json:"assets_dir"`
 	// PoolCount specifies the number of connections the client will make to
 	// the server in advance. By default, this value is 0.
 	PoolCount int `json:"pool_count"`
 	// TCPMux toggles TCP stream multiplexing. This allows multiple requests
 	// from a client to share a single TCP connection. If this value is true,
 	// the server must have TCP multiplexing enabled as well. By default, this
 	// value is true.
 	TCPMux bool `json:"tcp_mux"`
 	// User specifies a prefix for proxy names to distinguish them from other
 	// clients. If this value is not "", proxy names will automatically be
 	// changed to "{user}.{proxy_name}". By default, this value is "".
 	User string `json:"user"`
 	// DNSServer specifies a DNS server address for FRPC to use. If this value
 	// is "", the default DNS will be used. By default, this value is "".
 	DNSServer string `json:"dns_server"`
 	// LoginFailExit controls whether or not the client should exit after a
 	// failed login attempt. If false, the client will retry until a login
 	// attempt succeeds. By default, this value is true.
 	LoginFailExit bool `json:"login_fail_exit"`
 	// Start specifies a set of enabled proxies by name. If this set is empty,
 	// all supplied proxies are enabled. By default, this value is an empty
 	// set.
 	Start map[string]struct{} `json:"start"`
 	// Protocol specifies the protocol to use when interacting with the server.
 	// Valid values are "tcp", "kcp" and "websocket". By default, this value
 	// is "tcp".
 	Protocol string `json:"protocol"`
 	// TLSEnable specifies whether or not TLS should be used when communicating
 	// with the server. If "tls_cert_file" and "tls_key_file" are valid,
 	// client will load the supplied tls configuration.
 	TLSEnable bool `json:"tls_enable"`
 	// ClientTLSCertPath specifies the path of the cert file that client will
 	// load. It only works when "tls_enable" is true and "tls_key_file" is valid.
 	TLSCertFile string `json:"tls_cert_file"`
 	// ClientTLSKeyPath specifies the path of the secret key file that client
 	// will load. It only works when "tls_enable" is true and "tls_cert_file"
 	// are valid.
 	TLSKeyFile string `json:"tls_key_file"`
 	// TrustedCaFile specifies the path of the trusted ca file that will load.
 	// It only works when "tls_enable" is valid and tls configuration of server
 	// has been specified.
 	TLSTrustedCaFile string `json:"tls_trusted_ca_file"`
 	// HeartBeatInterval specifies at what interval heartbeats are sent to the
 	// server, in seconds. It is not recommended to change this value. By
 	// default, this value is 30.
 	HeartBeatInterval int64 `json:"heartbeat_interval"`
 	// HeartBeatTimeout specifies the maximum allowed heartbeat response delay
 	// before the connection is terminated, in seconds. It is not recommended
 	// to change this value. By default, this value is 90.
 	HeartBeatTimeout int64 `json:"heartbeat_timeout"`
 	// Client meta info
 	Metas map[string]string `json:"metas"`
 	// UDPPacketSize specifies the udp packet size
 	// By default, this value is 1500
 	UDPPacketSize int64 `json:"udp_packet_size"`
 }
 // GetDefaultClientConf returns a client configuration with default values.
 func GetDefaultClientConf() ClientCommonConf {
 	return ClientCommonConf{
 		ServerAddr:        "0.0.0.0",
 		ServerPort:        7000,
 		HTTPProxy:         os.Getenv("http_proxy"),
 		LogFile:           "console",
 		LogWay:            "console",
 		LogLevel:          "info",
 		LogMaxDays:        3,
 		DisableLogColor:   false,
 		AdminAddr:         "127.0.0.1",
 		AdminPort:         0,
 		AdminUser:         "",
 		AdminPwd:          "",
 		AssetsDir:         "",
 		PoolCount:         1,
 		TCPMux:            true,
 		User:              "",
 		DNSServer:         "",
 		LoginFailExit:     true,
 		Start:             make(map[string]struct{}),
 		Protocol:          "tcp",
 		TLSEnable:         false,
 		TLSCertFile:       "",
 		TLSKeyFile:        "",
 		TLSTrustedCaFile:  "",
 		HeartBeatInterval: 30,
 		HeartBeatTimeout:  90,
 		Metas:             make(map[string]string),
 		UDPPacketSize:     1500,
 	}
 }
 func UnmarshalClientConfFromIni(content string) (cfg ClientCommonConf, err error) {
 	cfg = GetDefaultClientConf()
 	conf, err := ini.Load(strings.NewReader(content))
 	if err != nil {
 		return ClientCommonConf{}, fmt.Errorf("parse ini conf file error: %v", err)
 	}
 	cfg.ClientConfig = auth.UnmarshalClientConfFromIni(conf)
 	var (
 		tmpStr string
 		ok     bool
 		v      int64
 	)
 	if tmpStr, ok = conf.Get("common", "server_addr"); ok {
 		cfg.ServerAddr = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "server_port"); ok {
 		v, err = strconv.ParseInt(tmpStr, 10, 64)
 		if err != nil {
 			err = fmt.Errorf("Parse conf error: invalid server_port")
 			return
 		}
 		cfg.ServerPort = int(v)
 	}
 	if tmpStr, ok = conf.Get("common", "disable_log_color"); ok && tmpStr == "true" {
 		cfg.DisableLogColor = true
 	}
 	if tmpStr, ok = conf.Get("common", "http_proxy"); ok {
 		cfg.HTTPProxy = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "log_file"); ok {
 		cfg.LogFile = tmpStr
 		if cfg.LogFile == "console" {
 			cfg.LogWay = "console"
 		} else {
 			cfg.LogWay = "file"
 		}
 	}
 	if tmpStr, ok = conf.Get("common", "log_level"); ok {
 		cfg.LogLevel = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "log_max_days"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err == nil {
 			cfg.LogMaxDays = v
 		}
 	}
 	if tmpStr, ok = conf.Get("common", "admin_addr"); ok {
 		cfg.AdminAddr = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "admin_port"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err == nil {
 			cfg.AdminPort = int(v)
 		} else {
 			err = fmt.Errorf("Parse conf error: invalid admin_port")
 			return
 		}
 	}
 	if tmpStr, ok = conf.Get("common", "admin_user"); ok {
 		cfg.AdminUser = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "admin_pwd"); ok {
 		cfg.AdminPwd = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "assets_dir"); ok {
 		cfg.AssetsDir = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "pool_count"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err == nil {
 			cfg.PoolCount = int(v)
 		}
 	}
 	if tmpStr, ok = conf.Get("common", "tcp_mux"); ok && tmpStr == "false" {
 		cfg.TCPMux = false
 	} else {
 		cfg.TCPMux = true
 	}
 	if tmpStr, ok = conf.Get("common", "user"); ok {
 		cfg.User = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "dns_server"); ok {
 		cfg.DNSServer = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "start"); ok {
 		proxyNames := strings.Split(tmpStr, ",")
 		for _, name := range proxyNames {
 			cfg.Start[strings.TrimSpace(name)] = struct{}{}
 		}
 	}
 	if tmpStr, ok = conf.Get("common", "login_fail_exit"); ok && tmpStr == "false" {
 		cfg.LoginFailExit = false
 	} else {
 		cfg.LoginFailExit = true
 	}
 	if tmpStr, ok = conf.Get("common", "protocol"); ok {
 		// Now it only support tcp and kcp and websocket.
 		if tmpStr != "tcp" && tmpStr != "kcp" && tmpStr != "websocket" {
 			err = fmt.Errorf("Parse conf error: invalid protocol")
 			return
 		}
 		cfg.Protocol = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "tls_enable"); ok && tmpStr == "true" {
 		cfg.TLSEnable = true
 	} else {
 		cfg.TLSEnable = false
 	}
 	if tmpStr, ok = conf.Get("common", "tls_cert_file"); ok {
 		cfg.TLSCertFile = tmpStr
 	}
 	if tmpStr, ok := conf.Get("common", "tls_key_file"); ok {
 		cfg.TLSKeyFile = tmpStr
 	}
 	if tmpStr, ok := conf.Get("common", "tls_trusted_ca_file"); ok {
 		cfg.TLSTrustedCaFile = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "heartbeat_timeout"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid heartbeat_timeout")
 			return
 		}
 		cfg.HeartBeatTimeout = v
 	}
 	if tmpStr, ok = conf.Get("common", "heartbeat_interval"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid heartbeat_interval")
 			return
 		}
 		cfg.HeartBeatInterval = v
 	}
 	for k, v := range conf.Section("common") {
 		if strings.HasPrefix(k, "meta_") {
 			cfg.Metas[strings.TrimPrefix(k, "meta_")] = v
 		}
 	}
 	if tmpStr, ok = conf.Get("common", "udp_packet_size"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid udp_packet_size")
 			return
 		}
 		cfg.UDPPacketSize = v
 	}
 	return
 }
 func (cfg *ClientCommonConf) Check() (err error) {
 	if cfg.HeartBeatInterval <= 0 {
 		err = fmt.Errorf("Parse conf error: invalid heartbeat_interval")
 		return
 	}
 	if cfg.HeartBeatTimeout < cfg.HeartBeatInterval {
 		err = fmt.Errorf("Parse conf error: invalid heartbeat_timeout, heartbeat_timeout is less than heartbeat_interval")
 		return
 	}
 	if cfg.TLSEnable == false {
 		if cfg.TLSCertFile != "" {
 			fmt.Println("WARNING! tls_cert_file is invalid when tls_enable is false")
 		}
 		if cfg.TLSKeyFile != "" {
 			fmt.Println("WARNING! tls_key_file is invalid when tls_enable is false")
 		}
 		if cfg.TLSTrustedCaFile != "" {
 			fmt.Println("WARNING! tls_trusted_ca_file is invalid when tls_enable is false")
 		}
 	}
 	return
 }
--- a/pkg/config/client_test.go
+++ b/pkg/config/client_test.go
@@ -0,0 +1,645 @@
 // Copyright 2020 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package config
 import (
 	"testing"
 	"github.com/fatedier/frp/pkg/auth"
 	"github.com/fatedier/frp/pkg/consts"
 	"github.com/stretchr/testify/assert"
 )
 const (
 	testUser = "test"
 )
 var (
 	testClientBytesWithFull = []byte(`
 		# [common] is integral section
 		[common]
 		server_addr = 0.0.0.9
 		server_port = 7009
 		http_proxy = http://user:passwd@192.168.1.128:8080
 		log_file = ./frpc.log9
 		log_way = file
 		log_level = info9
 		log_max_days = 39
 		disable_log_color = false
 		authenticate_heartbeats = false
 		authenticate_new_work_conns = false
 		token = 12345678
 		oidc_client_id = client-id
 		oidc_client_secret = client-secret
 		oidc_audience = audience
 		oidc_token_endpoint_url = endpoint_url
 		admin_addr = 127.0.0.9
 		admin_port = 7409
 		admin_user = admin9
 		admin_pwd = admin9
 		assets_dir = ./static9
 		pool_count = 59
 		tcp_mux
 		user = your_name
 		login_fail_exit
 		protocol = tcp
 		tls_enable = true
 		tls_cert_file = client.crt
 		tls_key_file = client.key
 		tls_trusted_ca_file = ca.crt
 		tls_server_name = example.com
 		dns_server = 8.8.8.9
 		start = ssh,dns
 		heartbeat_interval = 39
 		heartbeat_timeout = 99
 		meta_var1 = 123
 		meta_var2 = 234
 		udp_packet_size = 1509
 		# all proxy
 		[ssh]
 		type = tcp
 		local_ip = 127.0.0.9
 		local_port = 29
 		bandwidth_limit = 19MB
 		use_encryption
 		use_compression
 		remote_port = 6009
 		group = test_group
 		group_key = 123456
 		health_check_type = tcp
 		health_check_timeout_s = 3
 		health_check_max_failed = 3
 		health_check_interval_s = 19
 		meta_var1 = 123
 		meta_var2 = 234
 		[ssh_random]
 		type = tcp
 		local_ip = 127.0.0.9
 		local_port = 29
 		remote_port = 9
 		[range:tcp_port]
 		type = tcp
 		local_ip = 127.0.0.9
 		local_port = 6010-6011,6019
 		remote_port = 6010-6011,6019
 		use_encryption = false
 		use_compression = false
 		[dns]
 		type = udp
 		local_ip = 114.114.114.114
 		local_port = 59
 		remote_port = 6009
 		use_encryption
 		use_compression
 		[range:udp_port]
 		type = udp
 		local_ip = 114.114.114.114
 		local_port = 6000,6010-6011
 		remote_port = 6000,6010-6011
 		use_encryption
 		use_compression
 		[web01]
 		type = http
 		local_ip = 127.0.0.9
 		local_port = 89
 		use_encryption
 		use_compression
 		http_user = admin
 		http_pwd = admin
 		subdomain = web01
 		custom_domains = web02.yourdomain.com
 		locations = /,/pic
 		host_header_rewrite = example.com
 		header_X-From-Where = frp
 		health_check_type = http
 		health_check_url = /status
 		health_check_interval_s = 19
 		health_check_max_failed = 3
 		health_check_timeout_s = 3
 		[web02]
 		type = https
 		local_ip = 127.0.0.9
 		local_port = 8009
 		use_encryption
 		use_compression
 		subdomain = web01
 		custom_domains = web02.yourdomain.com
 		proxy_protocol_version = v2
 		[secret_tcp]
 		type = stcp
 		sk = abcdefg
 		local_ip = 127.0.0.1
 		local_port = 22
 		use_encryption = false
 		use_compression = false
 		[p2p_tcp]
 		type = xtcp
 		sk = abcdefg
 		local_ip = 127.0.0.1
 		local_port = 22
 		use_encryption = false
 		use_compression = false
 		[tcpmuxhttpconnect]
 		type = tcpmux
 		multiplexer = httpconnect
 		local_ip = 127.0.0.1
 		local_port = 10701
 		custom_domains = tunnel1
 		[plugin_unix_domain_socket]
 		type = tcp
 		remote_port = 6003
 		plugin = unix_domain_socket
 		plugin_unix_path = /var/run/docker.sock
 		[plugin_http_proxy]
 		type = tcp
 		remote_port = 6004
 		plugin = http_proxy
 		plugin_http_user = abc
 		plugin_http_passwd = abc
 		[plugin_socks5]
 		type = tcp
 		remote_port = 6005
 		plugin = socks5
 		plugin_user = abc
 		plugin_passwd = abc
 		[plugin_static_file]
 		type = tcp
 		remote_port = 6006
 		plugin = static_file
 		plugin_local_path = /var/www/blog
 		plugin_strip_prefix = static
 		plugin_http_user = abc
 		plugin_http_passwd = abc
 		[plugin_https2http]
 		type = https
 		custom_domains = test.yourdomain.com
 		plugin = https2http
 		plugin_local_addr = 127.0.0.1:80
 		plugin_crt_path = ./server.crt
 		plugin_key_path = ./server.key
 		plugin_host_header_rewrite = 127.0.0.1
 		plugin_header_X-From-Where = frp
 		[plugin_http2https]
 		type = http
 		custom_domains = test.yourdomain.com
 		plugin = http2https
 		plugin_local_addr = 127.0.0.1:443
 		plugin_host_header_rewrite = 127.0.0.1
 		plugin_header_X-From-Where = frp
 		# visitor
 		[secret_tcp_visitor]
 		role = visitor
 		type = stcp
 		server_name = secret_tcp
 		sk = abcdefg
 		bind_addr = 127.0.0.1
 		bind_port = 9000
 		use_encryption = false
 		use_compression = false
 		[p2p_tcp_visitor]
 		role = visitor
 		type = xtcp
 		server_name = p2p_tcp
 		sk = abcdefg
 		bind_addr = 127.0.0.1
 		bind_port = 9001
 		use_encryption = false
 		use_compression = false
 	`)
 )
 func Test_LoadClientCommonConf(t *testing.T) {
 	assert := assert.New(t)
 	expected := ClientCommonConf{
 		ClientConfig: auth.ClientConfig{
 			BaseConfig: auth.BaseConfig{
 				AuthenticationMethod:     "token",
 				AuthenticateHeartBeats:   false,
 				AuthenticateNewWorkConns: false,
 			},
 			TokenConfig: auth.TokenConfig{
 				Token: "12345678",
 			},
 			OidcClientConfig: auth.OidcClientConfig{
 				OidcClientID:         "client-id",
 				OidcClientSecret:     "client-secret",
 				OidcAudience:         "audience",
 				OidcTokenEndpointURL: "endpoint_url",
 			},
 		},
 		ServerAddr:        "0.0.0.9",
 		ServerPort:        7009,
 		HTTPProxy:         "http://user:passwd@192.168.1.128:8080",
 		LogFile:           "./frpc.log9",
 		LogWay:            "file",
 		LogLevel:          "info9",
 		LogMaxDays:        39,
 		DisableLogColor:   false,
 		AdminAddr:         "127.0.0.9",
 		AdminPort:         7409,
 		AdminUser:         "admin9",
 		AdminPwd:          "admin9",
 		AssetsDir:         "./static9",
 		PoolCount:         59,
 		TCPMux:            true,
 		User:              "your_name",
 		LoginFailExit:     true,
 		Protocol:          "tcp",
 		TLSEnable:         true,
 		TLSCertFile:       "client.crt",
 		TLSKeyFile:        "client.key",
 		TLSTrustedCaFile:  "ca.crt",
 		TLSServerName:     "example.com",
 		DNSServer:         "8.8.8.9",
 		Start:             []string{"ssh", "dns"},
 		HeartbeatInterval: 39,
 		HeartbeatTimeout:  99,
 		Metas: map[string]string{
 			"var1": "123",
 			"var2": "234",
 		},
 		UDPPacketSize:      1509,
 		IncludeConfigFiles: []string{},
 	}
 	common, err := UnmarshalClientConfFromIni(testClientBytesWithFull)
 	assert.NoError(err)
 	assert.EqualValues(expected, common)
 }
 func Test_LoadClientBasicConf(t *testing.T) {
 	assert := assert.New(t)
 	proxyExpected := map[string]ProxyConf{
 		testUser + ".ssh": &TCPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName:      testUser + ".ssh",
 				ProxyType:      consts.TCPProxy,
 				UseCompression: true,
 				UseEncryption:  true,
 				Group:          "test_group",
 				GroupKey:       "123456",
 				BandwidthLimit: MustBandwidthQuantity("19MB"),
 				Metas: map[string]string{
 					"var1": "123",
 					"var2": "234",
 				},
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "127.0.0.9",
 					LocalPort: 29,
 				},
 				HealthCheckConf: HealthCheckConf{
 					HealthCheckType:      consts.TCPProxy,
 					HealthCheckTimeoutS:  3,
 					HealthCheckMaxFailed: 3,
 					HealthCheckIntervalS: 19,
 					HealthCheckAddr:      "127.0.0.9:29",
 				},
 			},
 			RemotePort: 6009,
 		},
 		testUser + ".ssh_random": &TCPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".ssh_random",
 				ProxyType: consts.TCPProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "127.0.0.9",
 					LocalPort: 29,
 				},
 			},
 			RemotePort: 9,
 		},
 		testUser + ".tcp_port_0": &TCPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".tcp_port_0",
 				ProxyType: consts.TCPProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "127.0.0.9",
 					LocalPort: 6010,
 				},
 			},
 			RemotePort: 6010,
 		},
 		testUser + ".tcp_port_1": &TCPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".tcp_port_1",
 				ProxyType: consts.TCPProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "127.0.0.9",
 					LocalPort: 6011,
 				},
 			},
 			RemotePort: 6011,
 		},
 		testUser + ".tcp_port_2": &TCPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".tcp_port_2",
 				ProxyType: consts.TCPProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "127.0.0.9",
 					LocalPort: 6019,
 				},
 			},
 			RemotePort: 6019,
 		},
 		testUser + ".dns": &UDPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName:      testUser + ".dns",
 				ProxyType:      consts.UDPProxy,
 				UseEncryption:  true,
 				UseCompression: true,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "114.114.114.114",
 					LocalPort: 59,
 				},
 			},
 			RemotePort: 6009,
 		},
 		testUser + ".udp_port_0": &UDPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName:      testUser + ".udp_port_0",
 				ProxyType:      consts.UDPProxy,
 				UseEncryption:  true,
 				UseCompression: true,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "114.114.114.114",
 					LocalPort: 6000,
 				},
 			},
 			RemotePort: 6000,
 		},
 		testUser + ".udp_port_1": &UDPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName:      testUser + ".udp_port_1",
 				ProxyType:      consts.UDPProxy,
 				UseEncryption:  true,
 				UseCompression: true,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "114.114.114.114",
 					LocalPort: 6010,
 				},
 			},
 			RemotePort: 6010,
 		},
 		testUser + ".udp_port_2": &UDPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName:      testUser + ".udp_port_2",
 				ProxyType:      consts.UDPProxy,
 				UseEncryption:  true,
 				UseCompression: true,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "114.114.114.114",
 					LocalPort: 6011,
 				},
 			},
 			RemotePort: 6011,
 		},
 		testUser + ".web01": &HTTPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName:      testUser + ".web01",
 				ProxyType:      consts.HTTPProxy,
 				UseCompression: true,
 				UseEncryption:  true,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "127.0.0.9",
 					LocalPort: 89,
 				},
 				HealthCheckConf: HealthCheckConf{
 					HealthCheckType:      consts.HTTPProxy,
 					HealthCheckTimeoutS:  3,
 					HealthCheckMaxFailed: 3,
 					HealthCheckIntervalS: 19,
 					HealthCheckURL:       "http://127.0.0.9:89/status",
 				},
 			},
 			DomainConf: DomainConf{
 				CustomDomains: []string{"web02.yourdomain.com"},
 				SubDomain:     "web01",
 			},
 			Locations:         []string{"/", "/pic"},
 			HTTPUser:          "admin",
 			HTTPPwd:           "admin",
 			HostHeaderRewrite: "example.com",
 			Headers: map[string]string{
 				"X-From-Where": "frp",
 			},
 		},
 		testUser + ".web02": &HTTPSProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName:      testUser + ".web02",
 				ProxyType:      consts.HTTPSProxy,
 				UseCompression: true,
 				UseEncryption:  true,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "127.0.0.9",
 					LocalPort: 8009,
 				},
 				ProxyProtocolVersion: "v2",
 			},
 			DomainConf: DomainConf{
 				CustomDomains: []string{"web02.yourdomain.com"},
 				SubDomain:     "web01",
 			},
 		},
 		testUser + ".secret_tcp": &STCPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".secret_tcp",
 				ProxyType: consts.STCPProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "127.0.0.1",
 					LocalPort: 22,
 				},
 			},
 			Role: "server",
 			Sk:   "abcdefg",
 		},
 		testUser + ".p2p_tcp": &XTCPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".p2p_tcp",
 				ProxyType: consts.XTCPProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "127.0.0.1",
 					LocalPort: 22,
 				},
 			},
 			Role: "server",
 			Sk:   "abcdefg",
 		},
 		testUser + ".tcpmuxhttpconnect": &TCPMuxProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".tcpmuxhttpconnect",
 				ProxyType: consts.TCPMuxProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP:   "127.0.0.1",
 					LocalPort: 10701,
 				},
 			},
 			DomainConf: DomainConf{
 				CustomDomains: []string{"tunnel1"},
 				SubDomain:     "",
 			},
 			Multiplexer: "httpconnect",
 		},
 		testUser + ".plugin_unix_domain_socket": &TCPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".plugin_unix_domain_socket",
 				ProxyType: consts.TCPProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP: "127.0.0.1",
 					Plugin:  "unix_domain_socket",
 					PluginParams: map[string]string{
 						"plugin_unix_path": "/var/run/docker.sock",
 					},
 				},
 			},
 			RemotePort: 6003,
 		},
 		testUser + ".plugin_http_proxy": &TCPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".plugin_http_proxy",
 				ProxyType: consts.TCPProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP: "127.0.0.1",
 					Plugin:  "http_proxy",
 					PluginParams: map[string]string{
 						"plugin_http_user":   "abc",
 						"plugin_http_passwd": "abc",
 					},
 				},
 			},
 			RemotePort: 6004,
 		},
 		testUser + ".plugin_socks5": &TCPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".plugin_socks5",
 				ProxyType: consts.TCPProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP: "127.0.0.1",
 					Plugin:  "socks5",
 					PluginParams: map[string]string{
 						"plugin_user":   "abc",
 						"plugin_passwd": "abc",
 					},
 				},
 			},
 			RemotePort: 6005,
 		},
 		testUser + ".plugin_static_file": &TCPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".plugin_static_file",
 				ProxyType: consts.TCPProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP: "127.0.0.1",
 					Plugin:  "static_file",
 					PluginParams: map[string]string{
 						"plugin_local_path":   "/var/www/blog",
 						"plugin_strip_prefix": "static",
 						"plugin_http_user":    "abc",
 						"plugin_http_passwd":  "abc",
 					},
 				},
 			},
 			RemotePort: 6006,
 		},
 		testUser + ".plugin_https2http": &HTTPSProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".plugin_https2http",
 				ProxyType: consts.HTTPSProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP: "127.0.0.1",
 					Plugin:  "https2http",
 					PluginParams: map[string]string{
 						"plugin_local_addr":          "127.0.0.1:80",
 						"plugin_crt_path":            "./server.crt",
 						"plugin_key_path":            "./server.key",
 						"plugin_host_header_rewrite": "127.0.0.1",
 						"plugin_header_X-From-Where": "frp",
 					},
 				},
 			},
 			DomainConf: DomainConf{
 				CustomDomains: []string{"test.yourdomain.com"},
 			},
 		},
 		testUser + ".plugin_http2https": &HTTPProxyConf{
 			BaseProxyConf: BaseProxyConf{
 				ProxyName: testUser + ".plugin_http2https",
 				ProxyType: consts.HTTPProxy,
 				LocalSvrConf: LocalSvrConf{
 					LocalIP: "127.0.0.1",
 					Plugin:  "http2https",
 					PluginParams: map[string]string{
 						"plugin_local_addr":          "127.0.0.1:443",
 						"plugin_host_header_rewrite": "127.0.0.1",
 						"plugin_header_X-From-Where": "frp",
 					},
 				},
 			},
 			DomainConf: DomainConf{
 				CustomDomains: []string{"test.yourdomain.com"},
 			},
 		},
 	}
 	visitorExpected := map[string]VisitorConf{
 		testUser + ".secret_tcp_visitor": &STCPVisitorConf{
 			BaseVisitorConf: BaseVisitorConf{
 				ProxyName:  testUser + ".secret_tcp_visitor",
 				ProxyType:  consts.STCPProxy,
 				Role:       "visitor",
 				Sk:         "abcdefg",
 				ServerName: testVisitorPrefix + "secret_tcp",
 				BindAddr:   "127.0.0.1",
 				BindPort:   9000,
 			},
 		},
 		testUser + ".p2p_tcp_visitor": &XTCPVisitorConf{
 			BaseVisitorConf: BaseVisitorConf{
 				ProxyName:  testUser + ".p2p_tcp_visitor",
 				ProxyType:  consts.XTCPProxy,
 				Role:       "visitor",
 				Sk:         "abcdefg",
 				ServerName: testProxyPrefix + "p2p_tcp",
 				BindAddr:   "127.0.0.1",
 				BindPort:   9001,
 			},
 		},
 	}
 	proxyActual, visitorActual, err := LoadAllProxyConfsFromIni(testUser, testClientBytesWithFull, nil)
 	assert.NoError(err)
 	assert.Equal(proxyExpected, proxyActual)
 	assert.Equal(visitorExpected, visitorActual)
 }
--- a/pkg/config/parse.go
+++ b/pkg/config/parse.go
@@ -0,0 +1,100 @@
 // Copyright 2021 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package config
 import (
 	"bytes"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 )
 func ParseClientConfig(filePath string) (
 	cfg ClientCommonConf,
 	pxyCfgs map[string]ProxyConf,
 	visitorCfgs map[string]VisitorConf,
 	err error,
 ) {
 	var content []byte
 	content, err = GetRenderedConfFromFile(filePath)
 	if err != nil {
 		return
 	}
 	configBuffer := bytes.NewBuffer(nil)
 	configBuffer.Write(content)
 	// Parse common section.
 	cfg, err = UnmarshalClientConfFromIni(content)
 	if err != nil {
 		return
 	}
 	cfg.Complete()
 	if err = cfg.Validate(); err != nil {
 		err = fmt.Errorf("Parse config error: %v", err)
 		return
 	}
 	// Aggregate proxy configs from include files.
 	var buf []byte
 	buf, err = getIncludeContents(cfg.IncludeConfigFiles)
 	if err != nil {
 		err = fmt.Errorf("getIncludeContents error: %v", err)
 		return
 	}
 	configBuffer.WriteString("\n")
 	configBuffer.Write(buf)
 	// Parse all proxy and visitor configs.
 	pxyCfgs, visitorCfgs, err = LoadAllProxyConfsFromIni(cfg.User, configBuffer.Bytes(), cfg.Start)
 	if err != nil {
 		return
 	}
 	return
 }
 // getIncludeContents renders all configs from paths.
 // files format can be a single file path or directory or regex path.
 func getIncludeContents(paths []string) ([]byte, error) {
 	out := bytes.NewBuffer(nil)
 	for _, path := range paths {
 		absDir, err := filepath.Abs(filepath.Dir(path))
 		if err != nil {
 			return nil, err
 		}
 		if _, err := os.Stat(absDir); os.IsNotExist(err) {
 			return nil, err
 		}
 		files, err := ioutil.ReadDir(absDir)
 		if err != nil {
 			return nil, err
 		}
 		for _, fi := range files {
 			if fi.IsDir() {
 				continue
 			}
 			absFile := filepath.Join(absDir, fi.Name())
 			if matched, _ := filepath.Match(filepath.Join(absDir, filepath.Base(path)), absFile); matched {
 				tmpContent, err := GetRenderedConfFromFile(absFile)
 				if err != nil {
 					return nil, fmt.Errorf("render extra config %s error: %v", absFile, err)
 				}
 				out.Write(tmpContent)
 				out.WriteString("\n")
 			}
 		}
 	}
 	return out.Bytes(), nil
 }
--- a/pkg/config/proxy.go
+++ b/pkg/config/proxy.go
--- a/pkg/config/proxy_test.go
+++ b/pkg/config/proxy_test.go
@@ -0,0 +1,461 @@
 // Copyright 2020 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package config
 import (
 	"testing"
 	"github.com/fatedier/frp/pkg/consts"
 	"github.com/stretchr/testify/assert"
 	"gopkg.in/ini.v1"
 )
 var (
 	testLoadOptions = ini.LoadOptions{
 		Insensitive:         false,
 		InsensitiveSections: false,
 		InsensitiveKeys:     false,
 		IgnoreInlineComment: true,
 		AllowBooleanKeys:    true,
 	}
 	testProxyPrefix = "test."
 )
 func Test_Proxy_Interface(t *testing.T) {
 	for name := range proxyConfTypeMap {
 		NewConfByType(name)
 	}
 }
 func Test_Proxy_UnmarshalFromIni(t *testing.T) {
 	assert := assert.New(t)
 	testcases := []struct {
 		sname    string
 		source   []byte
 		expected ProxyConf
 	}{
 		{
 			sname: "ssh",
 			source: []byte(`
 				[ssh]
 				# tcp | udp | http | https | stcp | xtcp, default is tcp
 				type = tcp
 				local_ip = 127.0.0.9
 				local_port = 29
 				bandwidth_limit = 19MB
 				use_encryption
 				use_compression
 				remote_port = 6009
 				group = test_group
 				group_key = 123456
 				health_check_type = tcp
 				health_check_timeout_s = 3
 				health_check_max_failed = 3
 				health_check_interval_s = 19
 				meta_var1 = 123
 				meta_var2 = 234`),
 			expected: &TCPProxyConf{
 				BaseProxyConf: BaseProxyConf{
 					ProxyName:      testProxyPrefix + "ssh",
 					ProxyType:      consts.TCPProxy,
 					UseCompression: true,
 					UseEncryption:  true,
 					Group:          "test_group",
 					GroupKey:       "123456",
 					BandwidthLimit: MustBandwidthQuantity("19MB"),
 					Metas: map[string]string{
 						"var1": "123",
 						"var2": "234",
 					},
 					LocalSvrConf: LocalSvrConf{
 						LocalIP:   "127.0.0.9",
 						LocalPort: 29,
 					},
 					HealthCheckConf: HealthCheckConf{
 						HealthCheckType:      consts.TCPProxy,
 						HealthCheckTimeoutS:  3,
 						HealthCheckMaxFailed: 3,
 						HealthCheckIntervalS: 19,
 						HealthCheckAddr:      "127.0.0.9:29",
 					},
 				},
 				RemotePort: 6009,
 			},
 		},
 		{
 			sname: "ssh_random",
 			source: []byte(`
 				[ssh_random]
 				type = tcp
 				local_ip = 127.0.0.9
 				local_port = 29
 				remote_port = 9
 			`),
 			expected: &TCPProxyConf{
 				BaseProxyConf: BaseProxyConf{
 					ProxyName: testProxyPrefix + "ssh_random",
 					ProxyType: consts.TCPProxy,
 					LocalSvrConf: LocalSvrConf{
 						LocalIP:   "127.0.0.9",
 						LocalPort: 29,
 					},
 				},
 				RemotePort: 9,
 			},
 		},
 		{
 			sname: "dns",
 			source: []byte(`
 				[dns]
 				type = udp
 				local_ip = 114.114.114.114
 				local_port = 59
 				remote_port = 6009
 				use_encryption
 				use_compression
 			`),
 			expected: &UDPProxyConf{
 				BaseProxyConf: BaseProxyConf{
 					ProxyName:      testProxyPrefix + "dns",
 					ProxyType:      consts.UDPProxy,
 					UseEncryption:  true,
 					UseCompression: true,
 					LocalSvrConf: LocalSvrConf{
 						LocalIP:   "114.114.114.114",
 						LocalPort: 59,
 					},
 				},
 				RemotePort: 6009,
 			},
 		},
 		{
 			sname: "web01",
 			source: []byte(`
 				[web01]
 				type = http
 				local_ip = 127.0.0.9
 				local_port = 89
 				use_encryption
 				use_compression
 				http_user = admin
 				http_pwd = admin
 				subdomain = web01
 				custom_domains = web02.yourdomain.com
 				locations = /,/pic
 				host_header_rewrite = example.com
 				header_X-From-Where = frp
 				health_check_type = http
 				health_check_url = /status
 				health_check_interval_s = 19
 				health_check_max_failed = 3
 				health_check_timeout_s = 3
 			`),
 			expected: &HTTPProxyConf{
 				BaseProxyConf: BaseProxyConf{
 					ProxyName:      testProxyPrefix + "web01",
 					ProxyType:      consts.HTTPProxy,
 					UseCompression: true,
 					UseEncryption:  true,
 					LocalSvrConf: LocalSvrConf{
 						LocalIP:   "127.0.0.9",
 						LocalPort: 89,
 					},
 					HealthCheckConf: HealthCheckConf{
 						HealthCheckType:      consts.HTTPProxy,
 						HealthCheckTimeoutS:  3,
 						HealthCheckMaxFailed: 3,
 						HealthCheckIntervalS: 19,
 						HealthCheckURL:       "http://127.0.0.9:89/status",
 					},
 				},
 				DomainConf: DomainConf{
 					CustomDomains: []string{"web02.yourdomain.com"},
 					SubDomain:     "web01",
 				},
 				Locations:         []string{"/", "/pic"},
 				HTTPUser:          "admin",
 				HTTPPwd:           "admin",
 				HostHeaderRewrite: "example.com",
 				Headers: map[string]string{
 					"X-From-Where": "frp",
 				},
 			},
 		},
 		{
 			sname: "web02",
 			source: []byte(`
 				[web02]
 				type = https
 				local_ip = 127.0.0.9
 				local_port = 8009
 				use_encryption
 				use_compression
 				subdomain = web01
 				custom_domains = web02.yourdomain.com
 				proxy_protocol_version = v2
 			`),
 			expected: &HTTPSProxyConf{
 				BaseProxyConf: BaseProxyConf{
 					ProxyName:      testProxyPrefix + "web02",
 					ProxyType:      consts.HTTPSProxy,
 					UseCompression: true,
 					UseEncryption:  true,
 					LocalSvrConf: LocalSvrConf{
 						LocalIP:   "127.0.0.9",
 						LocalPort: 8009,
 					},
 					ProxyProtocolVersion: "v2",
 				},
 				DomainConf: DomainConf{
 					CustomDomains: []string{"web02.yourdomain.com"},
 					SubDomain:     "web01",
 				},
 			},
 		},
 		{
 			sname: "secret_tcp",
 			source: []byte(`
 				[secret_tcp]
 				type = stcp
 				sk = abcdefg
 				local_ip = 127.0.0.1
 				local_port = 22
 				use_encryption = false
 				use_compression = false
 			`),
 			expected: &STCPProxyConf{
 				BaseProxyConf: BaseProxyConf{
 					ProxyName: testProxyPrefix + "secret_tcp",
 					ProxyType: consts.STCPProxy,
 					LocalSvrConf: LocalSvrConf{
 						LocalIP:   "127.0.0.1",
 						LocalPort: 22,
 					},
 				},
 				Role: "server",
 				Sk:   "abcdefg",
 			},
 		},
 		{
 			sname: "p2p_tcp",
 			source: []byte(`
 				[p2p_tcp]
 				type = xtcp
 				sk = abcdefg
 				local_ip = 127.0.0.1
 				local_port = 22
 				use_encryption = false
 				use_compression = false
 			`),
 			expected: &XTCPProxyConf{
 				BaseProxyConf: BaseProxyConf{
 					ProxyName: testProxyPrefix + "p2p_tcp",
 					ProxyType: consts.XTCPProxy,
 					LocalSvrConf: LocalSvrConf{
 						LocalIP:   "127.0.0.1",
 						LocalPort: 22,
 					},
 				},
 				Role: "server",
 				Sk:   "abcdefg",
 			},
 		},
 		{
 			sname: "tcpmuxhttpconnect",
 			source: []byte(`
 				[tcpmuxhttpconnect]
 				type = tcpmux
 				multiplexer = httpconnect
 				local_ip = 127.0.0.1
 				local_port = 10701
 				custom_domains = tunnel1
 			`),
 			expected: &TCPMuxProxyConf{
 				BaseProxyConf: BaseProxyConf{
 					ProxyName: testProxyPrefix + "tcpmuxhttpconnect",
 					ProxyType: consts.TCPMuxProxy,
 					LocalSvrConf: LocalSvrConf{
 						LocalIP:   "127.0.0.1",
 						LocalPort: 10701,
 					},
 				},
 				DomainConf: DomainConf{
 					CustomDomains: []string{"tunnel1"},
 					SubDomain:     "",
 				},
 				Multiplexer: "httpconnect",
 			},
 		},
 	}
 	for _, c := range testcases {
 		f, err := ini.LoadSources(testLoadOptions, c.source)
 		assert.NoError(err)
 		proxyType := f.Section(c.sname).Key("type").String()
 		assert.NotEmpty(proxyType)
 		actual := DefaultProxyConf(proxyType)
 		assert.NotNil(actual)
 		err = actual.UnmarshalFromIni(testProxyPrefix, c.sname, f.Section(c.sname))
 		assert.NoError(err)
 		assert.Equal(c.expected, actual)
 	}
 }
 func Test_RangeProxy_UnmarshalFromIni(t *testing.T) {
 	assert := assert.New(t)
 	testcases := []struct {
 		sname    string
 		source   []byte
 		expected map[string]ProxyConf
 	}{
 		{
 			sname: "range:tcp_port",
 			source: []byte(`
 				[range:tcp_port]
 				type = tcp
 				local_ip = 127.0.0.9
 				local_port = 6010-6011,6019
 				remote_port = 6010-6011,6019
 				use_encryption = false
 				use_compression = false
 			`),
 			expected: map[string]ProxyConf{
 				"tcp_port_0": &TCPProxyConf{
 					BaseProxyConf: BaseProxyConf{
 						ProxyName: testProxyPrefix + "tcp_port_0",
 						ProxyType: consts.TCPProxy,
 						LocalSvrConf: LocalSvrConf{
 							LocalIP:   "127.0.0.9",
 							LocalPort: 6010,
 						},
 					},
 					RemotePort: 6010,
 				},
 				"tcp_port_1": &TCPProxyConf{
 					BaseProxyConf: BaseProxyConf{
 						ProxyName: testProxyPrefix + "tcp_port_1",
 						ProxyType: consts.TCPProxy,
 						LocalSvrConf: LocalSvrConf{
 							LocalIP:   "127.0.0.9",
 							LocalPort: 6011,
 						},
 					},
 					RemotePort: 6011,
 				},
 				"tcp_port_2": &TCPProxyConf{
 					BaseProxyConf: BaseProxyConf{
 						ProxyName: testProxyPrefix + "tcp_port_2",
 						ProxyType: consts.TCPProxy,
 						LocalSvrConf: LocalSvrConf{
 							LocalIP:   "127.0.0.9",
 							LocalPort: 6019,
 						},
 					},
 					RemotePort: 6019,
 				},
 			},
 		},
 		{
 			sname: "range:udp_port",
 			source: []byte(`
 				[range:udp_port]
 				type = udp
 				local_ip = 114.114.114.114
 				local_port = 6000,6010-6011
 				remote_port = 6000,6010-6011
 				use_encryption
 				use_compression
 			`),
 			expected: map[string]ProxyConf{
 				"udp_port_0": &UDPProxyConf{
 					BaseProxyConf: BaseProxyConf{
 						ProxyName:      testProxyPrefix + "udp_port_0",
 						ProxyType:      consts.UDPProxy,
 						UseEncryption:  true,
 						UseCompression: true,
 						LocalSvrConf: LocalSvrConf{
 							LocalIP:   "114.114.114.114",
 							LocalPort: 6000,
 						},
 					},
 					RemotePort: 6000,
 				},
 				"udp_port_1": &UDPProxyConf{
 					BaseProxyConf: BaseProxyConf{
 						ProxyName:      testProxyPrefix + "udp_port_1",
 						ProxyType:      consts.UDPProxy,
 						UseEncryption:  true,
 						UseCompression: true,
 						LocalSvrConf: LocalSvrConf{
 							LocalIP:   "114.114.114.114",
 							LocalPort: 6010,
 						},
 					},
 					RemotePort: 6010,
 				},
 				"udp_port_2": &UDPProxyConf{
 					BaseProxyConf: BaseProxyConf{
 						ProxyName:      testProxyPrefix + "udp_port_2",
 						ProxyType:      consts.UDPProxy,
 						UseEncryption:  true,
 						UseCompression: true,
 						LocalSvrConf: LocalSvrConf{
 							LocalIP:   "114.114.114.114",
 							LocalPort: 6011,
 						},
 					},
 					RemotePort: 6011,
 				},
 			},
 		},
 	}
 	for _, c := range testcases {
 		f, err := ini.LoadSources(testLoadOptions, c.source)
 		assert.NoError(err)
 		actual := make(map[string]ProxyConf)
 		s := f.Section(c.sname)
 		err = renderRangeProxyTemplates(f, s)
 		assert.NoError(err)
 		f.DeleteSection(ini.DefaultSection)
 		f.DeleteSection(c.sname)
 		for _, section := range f.Sections() {
 			proxyType := section.Key("type").String()
 			newsname := section.Name()
 			tmp := DefaultProxyConf(proxyType)
 			err = tmp.UnmarshalFromIni(testProxyPrefix, newsname, section)
 			assert.NoError(err)
 			actual[newsname] = tmp
 		}
 		assert.Equal(c.expected, actual)
 	}
 }
--- a/pkg/config/server.go
+++ b/pkg/config/server.go
@@ -0,0 +1,299 @@
 // Copyright 2020 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package config
 import (
 	"fmt"
 	"strings"
 	"github.com/fatedier/frp/pkg/auth"
 	plugin "github.com/fatedier/frp/pkg/plugin/server"
 	"github.com/fatedier/frp/pkg/util/util"
 	"gopkg.in/ini.v1"
 )
 // ServerCommonConf contains information for a server service. It is
 // recommended to use GetDefaultServerConf instead of creating this object
 // directly, so that all unspecified fields have reasonable default values.
 type ServerCommonConf struct {
 	auth.ServerConfig `ini:",extends"`
 	// BindAddr specifies the address that the server binds to. By default,
 	// this value is "0.0.0.0".
 	BindAddr string `ini:"bind_addr" json:"bind_addr"`
 	// BindPort specifies the port that the server listens on. By default, this
 	// value is 7000.
 	BindPort int `ini:"bind_port" json:"bind_port"`
 	// BindUDPPort specifies the UDP port that the server listens on. If this
 	// value is 0, the server will not listen for UDP connections. By default,
 	// this value is 0
 	BindUDPPort int `ini:"bind_udp_port" json:"bind_udp_port"`
 	// KCPBindPort specifies the KCP port that the server listens on. If this
 	// value is 0, the server will not listen for KCP connections. By default,
 	// this value is 0.
 	KCPBindPort int `ini:"kcp_bind_port" json:"kcp_bind_port"`
 	// ProxyBindAddr specifies the address that the proxy binds to. This value
 	// may be the same as BindAddr.
 	ProxyBindAddr string `ini:"proxy_bind_addr" json:"proxy_bind_addr"`
 	// VhostHTTPPort specifies the port that the server listens for HTTP Vhost
 	// requests. If this value is 0, the server will not listen for HTTP
 	// requests. By default, this value is 0.
 	VhostHTTPPort int `ini:"vhost_http_port" json:"vhost_http_port"`
 	// VhostHTTPSPort specifies the port that the server listens for HTTPS
 	// Vhost requests. If this value is 0, the server will not listen for HTTPS
 	// requests. By default, this value is 0.
 	VhostHTTPSPort int `ini:"vhost_https_port" json:"vhost_https_port"`
 	// TCPMuxHTTPConnectPort specifies the port that the server listens for TCP
 	// HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
 	// requests on one single port. If it's not - it will listen on this value for
 	// HTTP CONNECT requests. By default, this value is 0.
 	TCPMuxHTTPConnectPort int `ini:"tcpmux_httpconnect_port" json:"tcpmux_httpconnect_port"`
 	// VhostHTTPTimeout specifies the response header timeout for the Vhost
 	// HTTP server, in seconds. By default, this value is 60.
 	VhostHTTPTimeout int64 `ini:"vhost_http_timeout" json:"vhost_http_timeout"`
 	// DashboardAddr specifies the address that the dashboard binds to. By
 	// default, this value is "0.0.0.0".
 	DashboardAddr string `ini:"dashboard_addr" json:"dashboard_addr"`
 	// DashboardPort specifies the port that the dashboard listens on. If this
 	// value is 0, the dashboard will not be started. By default, this value is
 	// 0.
 	DashboardPort int `ini:"dashboard_port" json:"dashboard_port"`
 	// DashboardUser specifies the username that the dashboard will use for
 	// login.
 	DashboardUser string `ini:"dashboard_user" json:"dashboard_user"`
 	// DashboardPwd specifies the password that the dashboard will use for
 	// login.
 	DashboardPwd string `ini:"dashboard_pwd" json:"dashboard_pwd"`
 	// EnablePrometheus will export prometheus metrics on {dashboard_addr}:{dashboard_port}
 	// in /metrics api.
 	EnablePrometheus bool `ini:"enable_prometheus" json:"enable_prometheus"`
 	// AssetsDir specifies the local directory that the dashboard will load
 	// resources from. If this value is "", assets will be loaded from the
 	// bundled executable using statik. By default, this value is "".
 	AssetsDir string `ini:"assets_dir" json:"assets_dir"`
 	// LogFile specifies a file where logs will be written to. This value will
 	// only be used if LogWay is set appropriately. By default, this value is
 	// "console".
 	LogFile string `ini:"log_file" json:"log_file"`
 	// LogWay specifies the way logging is managed. Valid values are "console"
 	// or "file". If "console" is used, logs will be printed to stdout. If
 	// "file" is used, logs will be printed to LogFile. By default, this value
 	// is "console".
 	LogWay string `ini:"log_way" json:"log_way"`
 	// LogLevel specifies the minimum log level. Valid values are "trace",
 	// "debug", "info", "warn", and "error". By default, this value is "info".
 	LogLevel string `ini:"log_level" json:"log_level"`
 	// LogMaxDays specifies the maximum number of days to store log information
 	// before deletion. This is only used if LogWay == "file". By default, this
 	// value is 0.
 	LogMaxDays int64 `ini:"log_max_days" json:"log_max_days"`
 	// DisableLogColor disables log colors when LogWay == "console" when set to
 	// true. By default, this value is false.
 	DisableLogColor bool `ini:"disable_log_color" json:"disable_log_color"`
 	// DetailedErrorsToClient defines whether to send the specific error (with
 	// debug info) to frpc. By default, this value is true.
 	DetailedErrorsToClient bool `ini:"detailed_errors_to_client" json:"detailed_errors_to_client"`
 	// SubDomainHost specifies the domain that will be attached to sub-domains
 	// requested by the client when using Vhost proxying. For example, if this
 	// value is set to "frps.com" and the client requested the subdomain
 	// "test", the resulting URL would be "test.frps.com". By default, this
 	// value is "".
 	SubDomainHost string `ini:"subdomain_host" json:"subdomain_host"`
 	// TCPMux toggles TCP stream multiplexing. This allows multiple requests
 	// from a client to share a single TCP connection. By default, this value
 	// is true.
 	TCPMux bool `ini:"tcp_mux" json:"tcp_mux"`
 	// Custom404Page specifies a path to a custom 404 page to display. If this
 	// value is "", a default page will be displayed. By default, this value is
 	// "".
 	Custom404Page string `ini:"custom_404_page" json:"custom_404_page"`
 	// AllowPorts specifies a set of ports that clients are able to proxy to.
 	// If the length of this value is 0, all ports are allowed. By default,
 	// this value is an empty set.
 	AllowPorts map[int]struct{} `ini:"-" json:"-"`
 	// MaxPoolCount specifies the maximum pool size for each proxy. By default,
 	// this value is 5.
 	MaxPoolCount int64 `ini:"max_pool_count" json:"max_pool_count"`
 	// MaxPortsPerClient specifies the maximum number of ports a single client
 	// may proxy to. If this value is 0, no limit will be applied. By default,
 	// this value is 0.
 	MaxPortsPerClient int64 `ini:"max_ports_per_client" json:"max_ports_per_client"`
 	// TLSOnly specifies whether to only accept TLS-encrypted connections.
 	// By default, the value is false.
 	TLSOnly bool `ini:"tls_only" json:"tls_only"`
 	// TLSCertFile specifies the path of the cert file that the server will
 	// load. If "tls_cert_file", "tls_key_file" are valid, the server will use this
 	// supplied tls configuration. Otherwise, the server will use the tls
 	// configuration generated by itself.
 	TLSCertFile string `ini:"tls_cert_file" json:"tls_cert_file"`
 	// TLSKeyFile specifies the path of the secret key that the server will
 	// load. If "tls_cert_file", "tls_key_file" are valid, the server will use this
 	// supplied tls configuration. Otherwise, the server will use the tls
 	// configuration generated by itself.
 	TLSKeyFile string `ini:"tls_key_file" json:"tls_key_file"`
 	// TLSTrustedCaFile specifies the paths of the client cert files that the
 	// server will load. It only works when "tls_only" is true. If
 	// "tls_trusted_ca_file" is valid, the server will verify each client's
 	// certificate.
 	TLSTrustedCaFile string `ini:"tls_trusted_ca_file" json:"tls_trusted_ca_file"`
 	// HeartBeatTimeout specifies the maximum time to wait for a heartbeat
 	// before terminating the connection. It is not recommended to change this
 	// value. By default, this value is 90.
 	HeartbeatTimeout int64 `ini:"heartbeat_timeout" json:"heartbeat_timeout"`
 	// UserConnTimeout specifies the maximum time to wait for a work
 	// connection. By default, this value is 10.
 	UserConnTimeout int64 `ini:"user_conn_timeout" json:"user_conn_timeout"`
 	// HTTPPlugins specify the server plugins support HTTP protocol.
 	HTTPPlugins map[string]plugin.HTTPPluginOptions `ini:"-" json:"http_plugins"`
 	// UDPPacketSize specifies the UDP packet size
 	// By default, this value is 1500
 	UDPPacketSize int64 `ini:"udp_packet_size" json:"udp_packet_size"`
 }
 // GetDefaultServerConf returns a server configuration with reasonable
 // defaults.
 func GetDefaultServerConf() ServerCommonConf {
 	return ServerCommonConf{
 		ServerConfig:           auth.GetDefaultServerConf(),
 		BindAddr:               "0.0.0.0",
 		BindPort:               7000,
 		BindUDPPort:            0,
 		KCPBindPort:            0,
 		ProxyBindAddr:          "",
 		VhostHTTPPort:          0,
 		VhostHTTPSPort:         0,
 		TCPMuxHTTPConnectPort:  0,
 		VhostHTTPTimeout:       60,
 		DashboardAddr:          "0.0.0.0",
 		DashboardPort:          0,
 		DashboardUser:          "",
 		DashboardPwd:           "",
 		EnablePrometheus:       false,
 		AssetsDir:              "",
 		LogFile:                "console",
 		LogWay:                 "console",
 		LogLevel:               "info",
 		LogMaxDays:             3,
 		DisableLogColor:        false,
 		DetailedErrorsToClient: true,
 		SubDomainHost:          "",
 		TCPMux:                 true,
 		AllowPorts:             make(map[int]struct{}),
 		MaxPoolCount:           5,
 		MaxPortsPerClient:      0,
 		TLSOnly:                false,
 		TLSCertFile:            "",
 		TLSKeyFile:             "",
 		TLSTrustedCaFile:       "",
 		HeartbeatTimeout:       90,
 		UserConnTimeout:        10,
 		Custom404Page:          "",
 		HTTPPlugins:            make(map[string]plugin.HTTPPluginOptions),
 		UDPPacketSize:          1500,
 	}
 }
 func UnmarshalServerConfFromIni(source interface{}) (ServerCommonConf, error) {
 	f, err := ini.LoadSources(ini.LoadOptions{
 		Insensitive:         false,
 		InsensitiveSections: false,
 		InsensitiveKeys:     false,
 		IgnoreInlineComment: true,
 		AllowBooleanKeys:    true,
 	}, source)
 	if err != nil {
 		return ServerCommonConf{}, err
 	}
 	s, err := f.GetSection("common")
 	if err != nil {
 		return ServerCommonConf{}, err
 	}
 	common := GetDefaultServerConf()
 	err = s.MapTo(&common)
 	if err != nil {
 		return ServerCommonConf{}, err
 	}
 	// allow_ports
 	allowPortStr := s.Key("allow_ports").String()
 	if allowPortStr != "" {
 		allowPorts, err := util.ParseRangeNumbers(allowPortStr)
 		if err != nil {
 			return ServerCommonConf{}, fmt.Errorf("invalid allow_ports: %v", err)
 		}
 		for _, port := range allowPorts {
 			common.AllowPorts[int(port)] = struct{}{}
 		}
 	}
 	// plugin.xxx
 	pluginOpts := make(map[string]plugin.HTTPPluginOptions)
 	for _, section := range f.Sections() {
 		name := section.Name()
 		if !strings.HasPrefix(name, "plugin.") {
 			continue
 		}
 		opt, err := loadHTTPPluginOpt(section)
 		if err != nil {
 			return ServerCommonConf{}, err
 		}
 		pluginOpts[opt.Name] = *opt
 	}
 	common.HTTPPlugins = pluginOpts
 	return common, nil
 }
 func (cfg *ServerCommonConf) Complete() {
 	if cfg.LogFile == "console" {
 		cfg.LogWay = "console"
 	} else {
 		cfg.LogWay = "file"
 	}
 	if cfg.ProxyBindAddr == "" {
 		cfg.ProxyBindAddr = cfg.BindAddr
 	}
 	if cfg.TLSTrustedCaFile != "" {
 		cfg.TLSOnly = true
 	}
 }
 func (cfg *ServerCommonConf) Validate() error {
 	return nil
 }
 func loadHTTPPluginOpt(section *ini.Section) (*plugin.HTTPPluginOptions, error) {
 	name := strings.TrimSpace(strings.TrimPrefix(section.Name(), "plugin."))
 	opt := new(plugin.HTTPPluginOptions)
 	err := section.MapTo(opt)
 	if err != nil {
 		return nil, err
 	}
 	opt.Name = name
 	return opt, nil
 }
--- a/pkg/config/server_common.go
+++ b/pkg/config/server_common.go
@@ -1,477 +0,0 @@
 // Copyright 2016 fatedier, fatedier@gmail.com
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package config
 import (
 	"fmt"
 	"strconv"
 	"strings"
 	"github.com/fatedier/frp/pkg/auth"
 	plugin "github.com/fatedier/frp/pkg/plugin/server"
 	"github.com/fatedier/frp/pkg/util/util"
 	ini "github.com/vaughan0/go-ini"
 )
 // ServerCommonConf contains information for a server service. It is
 // recommended to use GetDefaultServerConf instead of creating this object
 // directly, so that all unspecified fields have reasonable default values.
 type ServerCommonConf struct {
 	auth.ServerConfig
 	// BindAddr specifies the address that the server binds to. By default,
 	// this value is "0.0.0.0".
 	BindAddr string `json:"bind_addr"`
 	// BindPort specifies the port that the server listens on. By default, this
 	// value is 7000.
 	BindPort int `json:"bind_port"`
 	// BindUDPPort specifies the UDP port that the server listens on. If this
 	// value is 0, the server will not listen for UDP connections. By default,
 	// this value is 0
 	BindUDPPort int `json:"bind_udp_port"`
 	// KCPBindPort specifies the KCP port that the server listens on. If this
 	// value is 0, the server will not listen for KCP connections. By default,
 	// this value is 0.
 	KCPBindPort int `json:"kcp_bind_port"`
 	// ProxyBindAddr specifies the address that the proxy binds to. This value
 	// may be the same as BindAddr. By default, this value is "0.0.0.0".
 	ProxyBindAddr string `json:"proxy_bind_addr"`
 	// VhostHTTPPort specifies the port that the server listens for HTTP Vhost
 	// requests. If this value is 0, the server will not listen for HTTP
 	// requests. By default, this value is 0.
 	VhostHTTPPort int `json:"vhost_http_port"`
 	// VhostHTTPSPort specifies the port that the server listens for HTTPS
 	// Vhost requests. If this value is 0, the server will not listen for HTTPS
 	// requests. By default, this value is 0.
 	VhostHTTPSPort int `json:"vhost_https_port"`
 	// TCPMuxHTTPConnectPort specifies the port that the server listens for TCP
 	// HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
 	// requests on one single port. If it's not - it will listen on this value for
 	// HTTP CONNECT requests. By default, this value is 0.
 	TCPMuxHTTPConnectPort int `json:"tcpmux_httpconnect_port"`
 	// VhostHTTPTimeout specifies the response header timeout for the Vhost
 	// HTTP server, in seconds. By default, this value is 60.
 	VhostHTTPTimeout int64 `json:"vhost_http_timeout"`
 	// DashboardAddr specifies the address that the dashboard binds to. By
 	// default, this value is "0.0.0.0".
 	DashboardAddr string `json:"dashboard_addr"`
 	// DashboardPort specifies the port that the dashboard listens on. If this
 	// value is 0, the dashboard will not be started. By default, this value is
 	// 0.
 	DashboardPort int `json:"dashboard_port"`
 	// DashboardUser specifies the username that the dashboard will use for
 	// login. By default, this value is "admin".
 	DashboardUser string `json:"dashboard_user"`
 	// DashboardUser specifies the password that the dashboard will use for
 	// login. By default, this value is "admin".
 	DashboardPwd string `json:"dashboard_pwd"`
 	// EnablePrometheus will export prometheus metrics on {dashboard_addr}:{dashboard_port}
 	// in /metrics api.
 	EnablePrometheus bool `json:"enable_prometheus"`
 	// AssetsDir specifies the local directory that the dashboard will load
 	// resources from. If this value is "", assets will be loaded from the
 	// bundled executable using statik. By default, this value is "".
 	AssetsDir string `json:"asserts_dir"`
 	// LogFile specifies a file where logs will be written to. This value will
 	// only be used if LogWay is set appropriately. By default, this value is
 	// "console".
 	LogFile string `json:"log_file"`
 	// LogWay specifies the way logging is managed. Valid values are "console"
 	// or "file". If "console" is used, logs will be printed to stdout. If
 	// "file" is used, logs will be printed to LogFile. By default, this value
 	// is "console".
 	LogWay string `json:"log_way"`
 	// LogLevel specifies the minimum log level. Valid values are "trace",
 	// "debug", "info", "warn", and "error". By default, this value is "info".
 	LogLevel string `json:"log_level"`
 	// LogMaxDays specifies the maximum number of days to store log information
 	// before deletion. This is only used if LogWay == "file". By default, this
 	// value is 0.
 	LogMaxDays int64 `json:"log_max_days"`
 	// DisableLogColor disables log colors when LogWay == "console" when set to
 	// true. By default, this value is false.
 	DisableLogColor bool `json:"disable_log_color"`
 	// DetailedErrorsToClient defines whether to send the specific error (with
 	// debug info) to frpc. By default, this value is true.
 	DetailedErrorsToClient bool `json:"detailed_errors_to_client"`
 	// SubDomainHost specifies the domain that will be attached to sub-domains
 	// requested by the client when using Vhost proxying. For example, if this
 	// value is set to "frps.com" and the client requested the subdomain
 	// "test", the resulting URL would be "test.frps.com". By default, this
 	// value is "".
 	SubDomainHost string `json:"subdomain_host"`
 	// TCPMux toggles TCP stream multiplexing. This allows multiple requests
 	// from a client to share a single TCP connection. By default, this value
 	// is true.
 	TCPMux bool `json:"tcp_mux"`
 	// Custom404Page specifies a path to a custom 404 page to display. If this
 	// value is "", a default page will be displayed. By default, this value is
 	// "".
 	Custom404Page string `json:"custom_404_page"`
 	// AllowPorts specifies a set of ports that clients are able to proxy to.
 	// If the length of this value is 0, all ports are allowed. By default,
 	// this value is an empty set.
 	AllowPorts map[int]struct{}
 	// MaxPoolCount specifies the maximum pool size for each proxy. By default,
 	// this value is 5.
 	MaxPoolCount int64 `json:"max_pool_count"`
 	// MaxPortsPerClient specifies the maximum number of ports a single client
 	// may proxy to. If this value is 0, no limit will be applied. By default,
 	// this value is 0.
 	MaxPortsPerClient int64 `json:"max_ports_per_client"`
 	// TLSOnly specifies whether to only accept TLS-encrypted connections.
 	// By default, the value is false.
 	TLSOnly bool `json:"tls_only"`
 	// TLSCertFile specifies the path of the cert file that the server will
 	// load. If "tls_cert_file", "tls_key_file" are valid, the server will use this
 	// supplied tls configuration. Otherwise, the server will use the tls
 	// configuration generated by itself.
 	TLSCertFile string `json:"tls_cert_file"`
 	// TLSKeyFile specifies the path of the secret key that the server will
 	// load. If "tls_cert_file", "tls_key_file" are valid, the server will use this
 	// supplied tls configuration. Otherwise, the server will use the tls
 	// configuration generated by itself.
 	TLSKeyFile string `json:"tls_key_file"`
 	// TLSTrustedCaFile specifies the paths of the client cert files that the
 	// server will load. It only works when "tls_only" is true. If
 	// "tls_trusted_ca_file" is valid, the server will verify each client's
 	// certificate.
 	TLSTrustedCaFile string `json:"tls_trusted_ca_file"`
 	// HeartBeatTimeout specifies the maximum time to wait for a heartbeat
 	// before terminating the connection. It is not recommended to change this
 	// value. By default, this value is 90.
 	HeartBeatTimeout int64 `json:"heart_beat_timeout"`
 	// UserConnTimeout specifies the maximum time to wait for a work
 	// connection. By default, this value is 10.
 	UserConnTimeout int64 `json:"user_conn_timeout"`
 	// HTTPPlugins specify the server plugins support HTTP protocol.
 	HTTPPlugins map[string]plugin.HTTPPluginOptions `json:"http_plugins"`
 	// UDPPacketSize specifies the UDP packet size
 	// By default, this value is 1500
 	UDPPacketSize int64 `json:"udp_packet_size"`
 }
 // GetDefaultServerConf returns a server configuration with reasonable
 // defaults.
 func GetDefaultServerConf() ServerCommonConf {
 	return ServerCommonConf{
 		BindAddr:               "0.0.0.0",
 		BindPort:               7000,
 		BindUDPPort:            0,
 		KCPBindPort:            0,
 		ProxyBindAddr:          "0.0.0.0",
 		VhostHTTPPort:          0,
 		VhostHTTPSPort:         0,
 		TCPMuxHTTPConnectPort:  0,
 		VhostHTTPTimeout:       60,
 		DashboardAddr:          "0.0.0.0",
 		DashboardPort:          0,
 		DashboardUser:          "admin",
 		DashboardPwd:           "admin",
 		EnablePrometheus:       false,
 		AssetsDir:              "",
 		LogFile:                "console",
 		LogWay:                 "console",
 		LogLevel:               "info",
 		LogMaxDays:             3,
 		DisableLogColor:        false,
 		DetailedErrorsToClient: true,
 		SubDomainHost:          "",
 		TCPMux:                 true,
 		AllowPorts:             make(map[int]struct{}),
 		MaxPoolCount:           5,
 		MaxPortsPerClient:      0,
 		TLSOnly:                false,
 		TLSCertFile:            "",
 		TLSKeyFile:             "",
 		TLSTrustedCaFile:       "",
 		HeartBeatTimeout:       90,
 		UserConnTimeout:        10,
 		Custom404Page:          "",
 		HTTPPlugins:            make(map[string]plugin.HTTPPluginOptions),
 		UDPPacketSize:          1500,
 	}
 }
 // UnmarshalServerConfFromIni parses the contents of a server configuration ini
 // file and returns the resulting server configuration.
 func UnmarshalServerConfFromIni(content string) (cfg ServerCommonConf, err error) {
 	cfg = GetDefaultServerConf()
 	conf, err := ini.Load(strings.NewReader(content))
 	if err != nil {
 		err = fmt.Errorf("parse ini conf file error: %v", err)
 		return ServerCommonConf{}, err
 	}
 	UnmarshalPluginsFromIni(conf, &cfg)
 	cfg.ServerConfig = auth.UnmarshalServerConfFromIni(conf)
 	var (
 		tmpStr string
 		ok     bool
 		v      int64
 	)
 	if tmpStr, ok = conf.Get("common", "bind_addr"); ok {
 		cfg.BindAddr = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "bind_port"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid bind_port")
 			return
 		}
 		cfg.BindPort = int(v)
 	}
 	if tmpStr, ok = conf.Get("common", "bind_udp_port"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid bind_udp_port")
 			return
 		}
 		cfg.BindUDPPort = int(v)
 	}
 	if tmpStr, ok = conf.Get("common", "kcp_bind_port"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid kcp_bind_port")
 			return
 		}
 		cfg.KCPBindPort = int(v)
 	}
 	if tmpStr, ok = conf.Get("common", "proxy_bind_addr"); ok {
 		cfg.ProxyBindAddr = tmpStr
 	} else {
 		cfg.ProxyBindAddr = cfg.BindAddr
 	}
 	if tmpStr, ok = conf.Get("common", "vhost_http_port"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid vhost_http_port")
 			return
 		}
 		cfg.VhostHTTPPort = int(v)
 	} else {
 		cfg.VhostHTTPPort = 0
 	}
 	if tmpStr, ok = conf.Get("common", "vhost_https_port"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid vhost_https_port")
 			return
 		}
 		cfg.VhostHTTPSPort = int(v)
 	} else {
 		cfg.VhostHTTPSPort = 0
 	}
 	if tmpStr, ok = conf.Get("common", "tcpmux_httpconnect_port"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid tcpmux_httpconnect_port")
 			return
 		}
 		cfg.TCPMuxHTTPConnectPort = int(v)
 	} else {
 		cfg.TCPMuxHTTPConnectPort = 0
 	}
 	if tmpStr, ok = conf.Get("common", "vhost_http_timeout"); ok {
 		v, errRet := strconv.ParseInt(tmpStr, 10, 64)
 		if errRet != nil || v < 0 {
 			err = fmt.Errorf("Parse conf error: invalid vhost_http_timeout")
 			return
 		}
 		cfg.VhostHTTPTimeout = v
 	}
 	if tmpStr, ok = conf.Get("common", "dashboard_addr"); ok {
 		cfg.DashboardAddr = tmpStr
 	} else {
 		cfg.DashboardAddr = cfg.BindAddr
 	}
 	if tmpStr, ok = conf.Get("common", "dashboard_port"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid dashboard_port")
 			return
 		}
 		cfg.DashboardPort = int(v)
 	} else {
 		cfg.DashboardPort = 0
 	}
 	if tmpStr, ok = conf.Get("common", "dashboard_user"); ok {
 		cfg.DashboardUser = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "dashboard_pwd"); ok {
 		cfg.DashboardPwd = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "enable_prometheus"); ok && tmpStr == "true" {
 		cfg.EnablePrometheus = true
 	}
 	if tmpStr, ok = conf.Get("common", "assets_dir"); ok {
 		cfg.AssetsDir = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "log_file"); ok {
 		cfg.LogFile = tmpStr
 		if cfg.LogFile == "console" {
 			cfg.LogWay = "console"
 		} else {
 			cfg.LogWay = "file"
 		}
 	}
 	if tmpStr, ok = conf.Get("common", "log_level"); ok {
 		cfg.LogLevel = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "log_max_days"); ok {
 		v, err = strconv.ParseInt(tmpStr, 10, 64)
 		if err == nil {
 			cfg.LogMaxDays = v
 		}
 	}
 	if tmpStr, ok = conf.Get("common", "disable_log_color"); ok && tmpStr == "true" {
 		cfg.DisableLogColor = true
 	}
 	if tmpStr, ok = conf.Get("common", "detailed_errors_to_client"); ok && tmpStr == "false" {
 		cfg.DetailedErrorsToClient = false
 	} else {
 		cfg.DetailedErrorsToClient = true
 	}
 	if allowPortsStr, ok := conf.Get("common", "allow_ports"); ok {
 		// e.g. 1000-2000,2001,2002,3000-4000
 		ports, errRet := util.ParseRangeNumbers(allowPortsStr)
 		if errRet != nil {
 			err = fmt.Errorf("Parse conf error: allow_ports: %v", errRet)
 			return
 		}
 		for _, port := range ports {
 			cfg.AllowPorts[int(port)] = struct{}{}
 		}
 	}
 	if tmpStr, ok = conf.Get("common", "max_pool_count"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid max_pool_count")
 			return
 		}
 		if v < 0 {
 			err = fmt.Errorf("Parse conf error: invalid max_pool_count")
 			return
 		}
 		cfg.MaxPoolCount = v
 	}
 	if tmpStr, ok = conf.Get("common", "max_ports_per_client"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid max_ports_per_client")
 			return
 		}
 		if v < 0 {
 			err = fmt.Errorf("Parse conf error: invalid max_ports_per_client")
 			return
 		}
 		cfg.MaxPortsPerClient = v
 	}
 	if tmpStr, ok = conf.Get("common", "subdomain_host"); ok {
 		cfg.SubDomainHost = strings.ToLower(strings.TrimSpace(tmpStr))
 	}
 	if tmpStr, ok = conf.Get("common", "tcp_mux"); ok && tmpStr == "false" {
 		cfg.TCPMux = false
 	} else {
 		cfg.TCPMux = true
 	}
 	if tmpStr, ok = conf.Get("common", "custom_404_page"); ok {
 		cfg.Custom404Page = tmpStr
 	}
 	if tmpStr, ok = conf.Get("common", "heartbeat_timeout"); ok {
 		v, errRet := strconv.ParseInt(tmpStr, 10, 64)
 		if errRet != nil {
 			err = fmt.Errorf("Parse conf error: heartbeat_timeout is incorrect")
 			return
 		}
 		cfg.HeartBeatTimeout = v
 	}
 	if tmpStr, ok = conf.Get("common", "tls_only"); ok && tmpStr == "true" {
 		cfg.TLSOnly = true
 	} else {
 		cfg.TLSOnly = false
 	}
 	if tmpStr, ok = conf.Get("common", "udp_packet_size"); ok {
 		if v, err = strconv.ParseInt(tmpStr, 10, 64); err != nil {
 			err = fmt.Errorf("Parse conf error: invalid udp_packet_size")
 			return
 		}
 		cfg.UDPPacketSize = v
 	}
 	if tmpStr, ok := conf.Get("common", "tls_cert_file"); ok {
 		cfg.TLSCertFile = tmpStr
 	}
 	if tmpStr, ok := conf.Get("common", "tls_key_file"); ok {
 		cfg.TLSKeyFile = tmpStr
 	}
 	if tmpStr, ok := conf.Get("common", "tls_trusted_ca_file"); ok {
 		cfg.TLSTrustedCaFile = tmpStr
 		cfg.TLSOnly = true
 	}
 	return
 }
 func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) {
 	for name, section := range sections {
 		if strings.HasPrefix(name, "plugin.") {
 			name = strings.TrimSpace(strings.TrimPrefix(name, "plugin."))
 			options := plugin.HTTPPluginOptions{
 				Name: name,
 				Addr: section["addr"],
 				Path: section["path"],
 				Ops:  strings.Split(section["ops"], ","),
 			}
 			for i := range options.Ops {
 				options.Ops[i] = strings.TrimSpace(options.Ops[i])
 			}
 			cfg.HTTPPlugins[name] = options
 		}
 	}
 }
 func (cfg *ServerCommonConf) Check() error {
 	return nil
 }
--- a/pkg/config/server_test.go
+++ b/pkg/config/server_test.go
@@ -0,0 +1,208 @@
 // Copyright 2020 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package config
 import (
 	"testing"
 	"github.com/fatedier/frp/pkg/auth"
 	plugin "github.com/fatedier/frp/pkg/plugin/server"
 	"github.com/stretchr/testify/assert"
 )
 func Test_LoadServerCommonConf(t *testing.T) {
 	assert := assert.New(t)
 	testcases := []struct {
 		source   []byte
 		expected ServerCommonConf
 	}{
 		{
 			source: []byte(`
 				# [common] is integral section
 				[common]
 				bind_addr = 0.0.0.9
 				bind_port = 7009
 				bind_udp_port = 7008
 				kcp_bind_port = 7007
 				proxy_bind_addr = 127.0.0.9
 				vhost_http_port = 89
 				vhost_https_port = 449
 				vhost_http_timeout = 69
 				tcpmux_httpconnect_port = 1339
 				dashboard_addr = 0.0.0.9
 				dashboard_port = 7509
 				dashboard_user = admin9
 				dashboard_pwd = admin9
 				enable_prometheus
 				assets_dir = ./static9
 				log_file = ./frps.log9
 				log_way = file
 				log_level = info9
 				log_max_days = 39
 				disable_log_color = false
 				detailed_errors_to_client
 				authentication_method = token
 				authenticate_heartbeats = false
 				authenticate_new_work_conns = false
 				token = 123456789
 				oidc_issuer = test9
 				oidc_audience = test9
 				oidc_skip_expiry_check
 				oidc_skip_issuer_check
 				heartbeat_timeout = 99
 				user_conn_timeout = 9
 				allow_ports = 10-12,99
 				max_pool_count = 59
 				max_ports_per_client = 9
 				tls_only = false
 				tls_cert_file = server.crt
 				tls_key_file = server.key
 				tls_trusted_ca_file = ca.crt
 				subdomain_host = frps.com
 				tcp_mux
 				udp_packet_size = 1509
 				[plugin.user-manager]
 				addr = 127.0.0.1:9009
 				path = /handler
 				ops = Login
 				[plugin.port-manager]
 				addr = 127.0.0.1:9009
 				path = /handler
 				ops = NewProxy
 				tls_verify
 			`),
 			expected: ServerCommonConf{
 				ServerConfig: auth.ServerConfig{
 					BaseConfig: auth.BaseConfig{
 						AuthenticationMethod:     "token",
 						AuthenticateHeartBeats:   false,
 						AuthenticateNewWorkConns: false,
 					},
 					TokenConfig: auth.TokenConfig{
 						Token: "123456789",
 					},
 					OidcServerConfig: auth.OidcServerConfig{
 						OidcIssuer:          "test9",
 						OidcAudience:        "test9",
 						OidcSkipExpiryCheck: true,
 						OidcSkipIssuerCheck: true,
 					},
 				},
 				BindAddr:               "0.0.0.9",
 				BindPort:               7009,
 				BindUDPPort:            7008,
 				KCPBindPort:            7007,
 				ProxyBindAddr:          "127.0.0.9",
 				VhostHTTPPort:          89,
 				VhostHTTPSPort:         449,
 				VhostHTTPTimeout:       69,
 				TCPMuxHTTPConnectPort:  1339,
 				DashboardAddr:          "0.0.0.9",
 				DashboardPort:          7509,
 				DashboardUser:          "admin9",
 				DashboardPwd:           "admin9",
 				EnablePrometheus:       true,
 				AssetsDir:              "./static9",
 				LogFile:                "./frps.log9",
 				LogWay:                 "file",
 				LogLevel:               "info9",
 				LogMaxDays:             39,
 				DisableLogColor:        false,
 				DetailedErrorsToClient: true,
 				HeartbeatTimeout:       99,
 				UserConnTimeout:        9,
 				AllowPorts: map[int]struct{}{
 					10: struct{}{},
 					11: struct{}{},
 					12: struct{}{},
 					99: struct{}{},
 				},
 				MaxPoolCount:      59,
 				MaxPortsPerClient: 9,
 				TLSOnly:           true,
 				TLSCertFile:       "server.crt",
 				TLSKeyFile:        "server.key",
 				TLSTrustedCaFile:  "ca.crt",
 				SubDomainHost:     "frps.com",
 				TCPMux:            true,
 				UDPPacketSize:     1509,
 				HTTPPlugins: map[string]plugin.HTTPPluginOptions{
 					"user-manager": {
 						Name: "user-manager",
 						Addr: "127.0.0.1:9009",
 						Path: "/handler",
 						Ops:  []string{"Login"},
 					},
 					"port-manager": {
 						Name:      "port-manager",
 						Addr:      "127.0.0.1:9009",
 						Path:      "/handler",
 						Ops:       []string{"NewProxy"},
 						TLSVerify: true,
 					},
 				},
 			},
 		},
 		{
 			source: []byte(`
 				# [common] is integral section
 				[common]
 				bind_addr = 0.0.0.9
 				bind_port = 7009
 				bind_udp_port = 7008
 			`),
 			expected: ServerCommonConf{
 				ServerConfig: auth.ServerConfig{
 					BaseConfig: auth.BaseConfig{
 						AuthenticationMethod:     "token",
 						AuthenticateHeartBeats:   false,
 						AuthenticateNewWorkConns: false,
 					},
 				},
 				BindAddr:               "0.0.0.9",
 				BindPort:               7009,
 				BindUDPPort:            7008,
 				ProxyBindAddr:          "0.0.0.9",
 				VhostHTTPTimeout:       60,
 				DashboardAddr:          "0.0.0.0",
 				DashboardUser:          "",
 				DashboardPwd:           "",
 				EnablePrometheus:       false,
 				LogFile:                "console",
 				LogWay:                 "console",
 				LogLevel:               "info",
 				LogMaxDays:             3,
 				DetailedErrorsToClient: true,
 				TCPMux:                 true,
 				AllowPorts:             make(map[int]struct{}),
 				MaxPoolCount:           5,
 				HeartbeatTimeout:       90,
 				UserConnTimeout:        10,
 				HTTPPlugins:            make(map[string]plugin.HTTPPluginOptions),
 				UDPPacketSize:          1500,
 			},
 		},
 	}
 	for _, c := range testcases {
 		actual, err := UnmarshalServerConfFromIni(c.source)
 		assert.NoError(err)
 		actual.Complete()
 		assert.Equal(c.expected, actual)
 	}
 }
--- a/pkg/config/types.go
+++ b/pkg/config/types.go
@@ -41,6 +41,15 @@ func NewBandwidthQuantity(s string) (BandwidthQuantity, error) {
 	return q, nil
 }
 func MustBandwidthQuantity(s string) BandwidthQuantity {
 	q := BandwidthQuantity{}
 	err := q.UnmarshalString(s)
 	if err != nil {
 		panic(err)
 	}
 	return q
 }
 func (q *BandwidthQuantity) Equal(u *BandwidthQuantity) bool {
 	if q == nil && u == nil {
 		return true
--- a/pkg/config/utils.go
+++ b/pkg/config/utils.go
@@ -0,0 +1,51 @@
 // Copyright 2020 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package config
 import (
 	"strings"
 )
 func GetMapWithoutPrefix(set map[string]string, prefix string) map[string]string {
 	m := make(map[string]string)
 	for key, value := range set {
 		if strings.HasPrefix(key, prefix) {
 			m[strings.TrimPrefix(key, prefix)] = value
 		}
 	}
 	if len(m) == 0 {
 		return nil
 	}
 	return m
 }
 func GetMapByPrefix(set map[string]string, prefix string) map[string]string {
 	m := make(map[string]string)
 	for key, value := range set {
 		if strings.HasPrefix(key, prefix) {
 			m[key] = value
 		}
 	}
 	if len(m) == 0 {
 		return nil
 	}
 	return m
 }
--- a/pkg/config/value.go
+++ b/pkg/config/value.go
@@ -1,3 +1,17 @@
 // Copyright 2020 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package config
 import (
@@ -34,8 +48,8 @@ func GetValues() *Values {
 	}
 }
-func RenderContent(in string) (out string, err error) {
+func RenderContent(in []byte) (out []byte, err error) {
-	tmpl, errRet := template.New("frp").Parse(in)
+	tmpl, errRet := template.New("frp").Parse(string(in))
 	if errRet != nil {
 		err = errRet
 		return
@@ -47,18 +61,17 @@ func RenderContent(in string) (out string, err error) {
 	if err != nil {
 		return
 	}
-	out = buffer.String()
+	out = buffer.Bytes()
 	return
 }
-func GetRenderedConfFromFile(path string) (out string, err error) {
+func GetRenderedConfFromFile(path string) (out []byte, err error) {
 	var b []byte
 	b, err = ioutil.ReadFile(path)
 	if err != nil {
 		return
 	}
 	content := string(b)
-	out, err = RenderContent(content)
+	out, err = RenderContent(b)
 	return
 }
--- a/pkg/config/visitor.go
+++ b/pkg/config/visitor.go
@@ -17,72 +17,89 @@ package config
 import (
 	"fmt"
 	"reflect"
 	"strconv"
 	"github.com/fatedier/frp/pkg/consts"
-	ini "github.com/vaughan0/go-ini"
+	"gopkg.in/ini.v1"
 )
 // Visitor
 var (
-	visitorConfTypeMap map[string]reflect.Type
+	visitorConfTypeMap = map[string]reflect.Type{
 		consts.STCPProxy: reflect.TypeOf(STCPVisitorConf{}),
 		consts.XTCPProxy: reflect.TypeOf(XTCPVisitorConf{}),
 		consts.SUDPProxy: reflect.TypeOf(SUDPVisitorConf{}),
 	}
 )
 func init() {
 	visitorConfTypeMap = make(map[string]reflect.Type)
 	visitorConfTypeMap[consts.STCPProxy] = reflect.TypeOf(STCPVisitorConf{})
 	visitorConfTypeMap[consts.XTCPProxy] = reflect.TypeOf(XTCPVisitorConf{})
 	visitorConfTypeMap[consts.SUDPProxy] = reflect.TypeOf(SUDPVisitorConf{})
 }
 type VisitorConf interface {
 	GetBaseInfo() *BaseVisitorConf
 	Compare(cmp VisitorConf) bool
-	UnmarshalFromIni(prefix string, name string, section ini.Section) error
+	UnmarshalFromIni(prefix string, name string, section *ini.Section) error
 	Check() error
 }
-func NewVisitorConfByType(cfgType string) VisitorConf {
+type BaseVisitorConf struct {
-	v, ok := visitorConfTypeMap[cfgType]
+	ProxyName      string `ini:"name" json:"name"`
 	ProxyType      string `ini:"type" json:"type"`
 	UseEncryption  bool   `ini:"use_encryption" json:"use_encryption"`
 	UseCompression bool   `ini:"use_compression" json:"use_compression"`
 	Role           string `ini:"role" json:"role"`
 	Sk             string `ini:"sk" json:"sk"`
 	ServerName     string `ini:"server_name" json:"server_name"`
 	BindAddr       string `ini:"bind_addr" json:"bind_addr"`
 	BindPort       int    `ini:"bind_port" json:"bind_port"`
 }
 type SUDPVisitorConf struct {
 	BaseVisitorConf `ini:",extends"`
 }
 type STCPVisitorConf struct {
 	BaseVisitorConf `ini:",extends"`
 }
 type XTCPVisitorConf struct {
 	BaseVisitorConf `ini:",extends"`
 }
 // DefaultVisitorConf creates a empty VisitorConf object by visitorType.
 // If visitorType doesn't exist, return nil.
 func DefaultVisitorConf(visitorType string) VisitorConf {
 	v, ok := visitorConfTypeMap[visitorType]
 	if !ok {
 		return nil
 	}
-	cfg := reflect.New(v).Interface().(VisitorConf)
+
-	return cfg
+	return reflect.New(v).Interface().(VisitorConf)
 }
-func NewVisitorConfFromIni(prefix string, name string, section ini.Section) (cfg VisitorConf, err error) {
+// Visitor loaded from ini
-	cfgType := section["type"]
+func NewVisitorConfFromIni(prefix string, name string, section *ini.Section) (VisitorConf, error) {
-	if cfgType == "" {
+	// section.Key: if key not exists, section will set it with default value.
-		err = fmt.Errorf("visitor [%s] type shouldn't be empty", name)
+	visitorType := section.Key("type").String()
-		return
+
 	if visitorType == "" {
 		return nil, fmt.Errorf("visitor [%s] type shouldn't be empty", name)
 	}
-	cfg = NewVisitorConfByType(cfgType)
+
-	if cfg == nil {
+	conf := DefaultVisitorConf(visitorType)
-		err = fmt.Errorf("visitor [%s] type [%s] error", name, cfgType)
+	if conf == nil {
-		return
+		return nil, fmt.Errorf("visitor [%s] type [%s] error", name, visitorType)
 	}
-	if err = cfg.UnmarshalFromIni(prefix, name, section); err != nil {
+
-		return
+	if err := conf.UnmarshalFromIni(prefix, name, section); err != nil {
 		return nil, fmt.Errorf("visitor [%s] type [%s] error", name, visitorType)
 	}
-	if err = cfg.Check(); err != nil {
+
-		return
+	if err := conf.Check(); err != nil {
 		return nil, err
 	}
-	return
+
-}
+	return conf, nil
 type BaseVisitorConf struct {
 	ProxyName      string `json:"proxy_name"`
 	ProxyType      string `json:"proxy_type"`
 	UseEncryption  bool   `json:"use_encryption"`
 	UseCompression bool   `json:"use_compression"`
 	Role           string `json:"role"`
 	Sk             string `json:"sk"`
 	ServerName     string `json:"server_name"`
 	BindAddr       string `json:"bind_addr"`
 	BindPort       int    `json:"bind_port"`
 }
 // Base
 func (cfg *BaseVisitorConf) GetBaseInfo() *BaseVisitorConf {
 	return cfg
 }
@@ -118,45 +135,40 @@ func (cfg *BaseVisitorConf) check() (err error) {
 	return
 }
-func (cfg *BaseVisitorConf) UnmarshalFromIni(prefix string, name string, section ini.Section) (err error) {
+func (cfg *BaseVisitorConf) unmarshalFromIni(prefix string, name string, section *ini.Section) error {
-	var (
+
-		tmpStr string
+	// Custom decoration after basic unmarshal:
-		ok     bool
+	// proxy name
 	)
 	cfg.ProxyName = prefix + name
 	cfg.ProxyType = section["type"]
-	if tmpStr, ok = section["use_encryption"]; ok && tmpStr == "true" {
+	// server_name
-		cfg.UseEncryption = true
+	cfg.ServerName = prefix + cfg.ServerName
 	}
 	if tmpStr, ok = section["use_compression"]; ok && tmpStr == "true" {
 		cfg.UseCompression = true
 	}
-	cfg.Role = section["role"]
+	// bind_addr
-	if cfg.Role != "visitor" {
+	if cfg.BindAddr == "" {
 		return fmt.Errorf("Parse conf error: proxy [%s] incorrect role [%s]", name, cfg.Role)
 	}
 	cfg.Sk = section["sk"]
 	cfg.ServerName = prefix + section["server_name"]
 	if cfg.BindAddr = section["bind_addr"]; cfg.BindAddr == "" {
 		cfg.BindAddr = "127.0.0.1"
 	}
 	if tmpStr, ok = section["bind_port"]; ok {
 		if cfg.BindPort, err = strconv.Atoi(tmpStr); err != nil {
 			return fmt.Errorf("Parse conf error: proxy [%s] bind_port incorrect", name)
 		}
 	} else {
 		return fmt.Errorf("Parse conf error: proxy [%s] bind_port not found", name)
 	}
 	return nil
 }
-type SUDPVisitorConf struct {
+func preVisitorUnmarshalFromIni(cfg VisitorConf, prefix string, name string, section *ini.Section) error {
-	BaseVisitorConf
+	err := section.MapTo(cfg)
 	if err != nil {
 		return err
 	}
 	err = cfg.GetBaseInfo().unmarshalFromIni(prefix, name, section)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 // SUDP
 var _ VisitorConf = &SUDPVisitorConf{}
 func (cfg *SUDPVisitorConf) Compare(cmp VisitorConf) bool {
 	cmpConf, ok := cmp.(*SUDPVisitorConf)
 	if !ok {
@@ -166,13 +178,20 @@ func (cfg *SUDPVisitorConf) Compare(cmp VisitorConf) bool {
 	if !cfg.BaseVisitorConf.compare(&cmpConf.BaseVisitorConf) {
 		return false
 	}
 	// Add custom login equal, if exists
 	return true
 }
-func (cfg *SUDPVisitorConf) UnmarshalFromIni(prefix string, name string, section ini.Section) (err error) {
+func (cfg *SUDPVisitorConf) UnmarshalFromIni(prefix string, name string, section *ini.Section) (err error) {
-	if err = cfg.BaseVisitorConf.UnmarshalFromIni(prefix, name, section); err != nil {
+	err = preVisitorUnmarshalFromIni(cfg, prefix, name, section)
 	if err != nil {
 		return
 	}
 	// Add custom logic unmarshal, if exists
 	return
 }
@@ -180,12 +199,14 @@ func (cfg *SUDPVisitorConf) Check() (err error) {
 	if err = cfg.BaseVisitorConf.check(); err != nil {
 		return
 	}
 	// Add custom logic validate, if exists
 	return
 }
-type STCPVisitorConf struct {
+// STCP
-	BaseVisitorConf
+var _ VisitorConf = &STCPVisitorConf{}
 }
 func (cfg *STCPVisitorConf) Compare(cmp VisitorConf) bool {
 	cmpConf, ok := cmp.(*STCPVisitorConf)
@@ -196,13 +217,20 @@ func (cfg *STCPVisitorConf) Compare(cmp VisitorConf) bool {
 	if !cfg.BaseVisitorConf.compare(&cmpConf.BaseVisitorConf) {
 		return false
 	}
 	// Add custom login equal, if exists
 	return true
 }
-func (cfg *STCPVisitorConf) UnmarshalFromIni(prefix string, name string, section ini.Section) (err error) {
+func (cfg *STCPVisitorConf) UnmarshalFromIni(prefix string, name string, section *ini.Section) (err error) {
-	if err = cfg.BaseVisitorConf.UnmarshalFromIni(prefix, name, section); err != nil {
+	err = preVisitorUnmarshalFromIni(cfg, prefix, name, section)
 	if err != nil {
 		return
 	}
 	// Add custom logic unmarshal, if exists
 	return
 }
@@ -210,12 +238,14 @@ func (cfg *STCPVisitorConf) Check() (err error) {
 	if err = cfg.BaseVisitorConf.check(); err != nil {
 		return
 	}
 	// Add custom logic validate, if exists
 	return
 }
-type XTCPVisitorConf struct {
+// XTCP
-	BaseVisitorConf
+var _ VisitorConf = &XTCPVisitorConf{}
 }
 func (cfg *XTCPVisitorConf) Compare(cmp VisitorConf) bool {
 	cmpConf, ok := cmp.(*XTCPVisitorConf)
@@ -226,13 +256,20 @@ func (cfg *XTCPVisitorConf) Compare(cmp VisitorConf) bool {
 	if !cfg.BaseVisitorConf.compare(&cmpConf.BaseVisitorConf) {
 		return false
 	}
 	// Add custom login equal, if exists
 	return true
 }
-func (cfg *XTCPVisitorConf) UnmarshalFromIni(prefix string, name string, section ini.Section) (err error) {
+func (cfg *XTCPVisitorConf) UnmarshalFromIni(prefix string, name string, section *ini.Section) (err error) {
-	if err = cfg.BaseVisitorConf.UnmarshalFromIni(prefix, name, section); err != nil {
+	err = preVisitorUnmarshalFromIni(cfg, prefix, name, section)
 	if err != nil {
 		return
 	}
 	// Add custom logic unmarshal, if exists
 	return
 }
@@ -240,5 +277,8 @@ func (cfg *XTCPVisitorConf) Check() (err error) {
 	if err = cfg.BaseVisitorConf.check(); err != nil {
 		return
 	}
 	// Add custom logic validate, if exists
 	return
 }
--- a/pkg/config/visitor_test.go
+++ b/pkg/config/visitor_test.go
@@ -0,0 +1,108 @@
 // Copyright 2020 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package config
 import (
 	"testing"
 	"github.com/fatedier/frp/pkg/consts"
 	"github.com/stretchr/testify/assert"
 	"gopkg.in/ini.v1"
 )
 const testVisitorPrefix = "test."
 func Test_Visitor_Interface(t *testing.T) {
 	for name := range visitorConfTypeMap {
 		DefaultVisitorConf(name)
 	}
 }
 func Test_Visitor_UnmarshalFromIni(t *testing.T) {
 	assert := assert.New(t)
 	testcases := []struct {
 		sname    string
 		source   []byte
 		expected VisitorConf
 	}{
 		{
 			sname: "secret_tcp_visitor",
 			source: []byte(`
 				[secret_tcp_visitor]
 				role = visitor
 				type = stcp
 				server_name = secret_tcp
 				sk = abcdefg
 				bind_addr = 127.0.0.1
 				bind_port = 9000
 				use_encryption = false
 				use_compression = false
 			`),
 			expected: &STCPVisitorConf{
 				BaseVisitorConf: BaseVisitorConf{
 					ProxyName:  testVisitorPrefix + "secret_tcp_visitor",
 					ProxyType:  consts.STCPProxy,
 					Role:       "visitor",
 					Sk:         "abcdefg",
 					ServerName: testVisitorPrefix + "secret_tcp",
 					BindAddr:   "127.0.0.1",
 					BindPort:   9000,
 				},
 			},
 		},
 		{
 			sname: "p2p_tcp_visitor",
 			source: []byte(`
 				[p2p_tcp_visitor]
 				role = visitor
 				type = xtcp
 				server_name = p2p_tcp
 				sk = abcdefg
 				bind_addr = 127.0.0.1
 				bind_port = 9001
 				use_encryption = false
 				use_compression = false
 			`),
 			expected: &XTCPVisitorConf{
 				BaseVisitorConf: BaseVisitorConf{
 					ProxyName:  testVisitorPrefix + "p2p_tcp_visitor",
 					ProxyType:  consts.XTCPProxy,
 					Role:       "visitor",
 					Sk:         "abcdefg",
 					ServerName: testProxyPrefix + "p2p_tcp",
 					BindAddr:   "127.0.0.1",
 					BindPort:   9001,
 				},
 			},
 		},
 	}
 	for _, c := range testcases {
 		f, err := ini.LoadSources(testLoadOptions, c.source)
 		assert.NoError(err)
 		visitorType := f.Section(c.sname).Key("type").String()
 		assert.NotEmpty(visitorType)
 		actual := DefaultVisitorConf(visitorType)
 		assert.NotNil(actual)
 		err = actual.UnmarshalFromIni(testVisitorPrefix, c.sname, f.Section(c.sname))
 		assert.NoError(err)
 		assert.Equal(c.expected, actual)
 	}
 }
--- a/pkg/plugin/client/https2https.go
+++ b/pkg/plugin/client/https2https.go
@@ -0,0 +1,138 @@
 // Copyright 2019 fatedier, fatedier@gmail.com
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package plugin
 import (
 	"crypto/tls"
 	"fmt"
 	"io"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"strings"
 	frpNet "github.com/fatedier/frp/pkg/util/net"
 )
 const PluginHTTPS2HTTPS = "https2https"
 func init() {
 	Register(PluginHTTPS2HTTPS, NewHTTPS2HTTPSPlugin)
 }
 type HTTPS2HTTPSPlugin struct {
 	crtPath           string
 	keyPath           string
 	hostHeaderRewrite string
 	localAddr         string
 	headers           map[string]string
 	l *Listener
 	s *http.Server
 }
 func NewHTTPS2HTTPSPlugin(params map[string]string) (Plugin, error) {
 	crtPath := params["plugin_crt_path"]
 	keyPath := params["plugin_key_path"]
 	localAddr := params["plugin_local_addr"]
 	hostHeaderRewrite := params["plugin_host_header_rewrite"]
 	headers := make(map[string]string)
 	for k, v := range params {
 		if !strings.HasPrefix(k, "plugin_header_") {
 			continue
 		}
 		if k = strings.TrimPrefix(k, "plugin_header_"); k != "" {
 			headers[k] = v
 		}
 	}
 	if crtPath == "" {
 		return nil, fmt.Errorf("plugin_crt_path is required")
 	}
 	if keyPath == "" {
 		return nil, fmt.Errorf("plugin_key_path is required")
 	}
 	if localAddr == "" {
 		return nil, fmt.Errorf("plugin_local_addr is required")
 	}
 	listener := NewProxyListener()
 	p := &HTTPS2HTTPSPlugin{
 		crtPath:           crtPath,
 		keyPath:           keyPath,
 		localAddr:         localAddr,
 		hostHeaderRewrite: hostHeaderRewrite,
 		headers:           headers,
 		l:                 listener,
 	}
 	tr := &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 	}
 	rp := &httputil.ReverseProxy{
 		Director: func(req *http.Request) {
 			req.URL.Scheme = "https"
 			req.URL.Host = p.localAddr
 			if p.hostHeaderRewrite != "" {
 				req.Host = p.hostHeaderRewrite
 			}
 			for k, v := range p.headers {
 				req.Header.Set(k, v)
 			}
 		},
 		Transport: tr,
 	}
 	p.s = &http.Server{
 		Handler: rp,
 	}
 	tlsConfig, err := p.genTLSConfig()
 	if err != nil {
 		return nil, fmt.Errorf("gen TLS config error: %v", err)
 	}
 	ln := tls.NewListener(listener, tlsConfig)
 	go p.s.Serve(ln)
 	return p, nil
 }
 func (p *HTTPS2HTTPSPlugin) genTLSConfig() (*tls.Config, error) {
 	cert, err := tls.LoadX509KeyPair(p.crtPath, p.keyPath)
 	if err != nil {
 		return nil, err
 	}
 	config := &tls.Config{Certificates: []tls.Certificate{cert}}
 	return config, nil
 }
 func (p *HTTPS2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
 	wrapConn := frpNet.WrapReadWriteCloserToConn(conn, realConn)
 	p.l.PutConn(wrapConn)
 }
 func (p *HTTPS2HTTPSPlugin) Name() string {
 	return PluginHTTPS2HTTP
 }
 func (p *HTTPS2HTTPSPlugin) Close() error {
 	if err := p.s.Close(); err != nil {
 		return err
 	}
 	return nil
 }
--- a/pkg/plugin/server/http.go
+++ b/pkg/plugin/server/http.go
@@ -17,19 +17,22 @@ package plugin
 import (
 	"bytes"
 	"context"
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"reflect"
 	"strings"
 )
 type HTTPPluginOptions struct {
-	Name string
+	Name      string   `ini:"name"`
-	Addr string
+	Addr      string   `ini:"addr"`
-	Path string
+	Path      string   `ini:"path"`
-	Ops  []string
+	Ops       []string `ini:"ops"`
 	TLSVerify bool     `ini:"tls_verify"`
 }
 type httpPlugin struct {
@@ -40,10 +43,25 @@ type httpPlugin struct {
 }
 func NewHTTPPluginOptions(options HTTPPluginOptions) Plugin {
 	var url = fmt.Sprintf("%s%s", options.Addr, options.Path)
 	var client *http.Client
 	if strings.HasPrefix(url, "https://") {
 		tr := &http.Transport{
 			TLSClientConfig: &tls.Config{InsecureSkipVerify: options.TLSVerify == false},
 		}
 		client = &http.Client{Transport: tr}
 	} else {
 		client = &http.Client{}
 	}
 	if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "http://") {
 		url = "http://" + url
 	}
 	return &httpPlugin{
 		options: options,
-		url:     fmt.Sprintf("http://%s%s", options.Addr, options.Path),
+		url:     url,
-		client:  &http.Client{},
+		client:  client,
 	}
 }
--- a/pkg/transport/tls.go
+++ b/pkg/transport/tls.go
@@ -43,7 +43,7 @@ func newRandomTLSKeyPair() *tls.Certificate {
 	return &tlsCert
 }
-// Only supprt one ca file to add
+// Only support one ca file to add
 func newCertPool(caPath string) (*x509.CertPool, error) {
 	pool := x509.NewCertPool()
--- a/pkg/util/net/kcp.go
+++ b/pkg/util/net/kcp.go
@@ -27,8 +27,8 @@ type KCPListener struct {
 	closeFlag bool
 }
-func ListenKcp(bindAddr string, bindPort int) (l *KCPListener, err error) {
+func ListenKcp(address string) (l *KCPListener, err error) {
-	listener, err := kcp.ListenWithOptions(fmt.Sprintf("%s:%d", bindAddr, bindPort), nil, 10, 3)
+	listener, err := kcp.ListenWithOptions(address, nil, 10, 3)
 	if err != nil {
 		return l, err
 	}
--- a/pkg/util/util/http.go
+++ b/pkg/util/util/http.go
@@ -15,6 +15,7 @@
 package util
 import (
 	"net"
 	"net/http"
 	"strings"
 )
@@ -33,6 +34,7 @@ func OkResponse() *http.Response {
 	return res
 }
 // TODO: use "CanonicalHost" func to replace all "GetHostFromAddr" func.
 func GetHostFromAddr(addr string) (host string) {
 	strs := strings.Split(addr, ":")
 	if len(strs) > 1 {
@@ -42,3 +44,34 @@ func GetHostFromAddr(addr string) (host string) {
 	}
 	return
 }
 // canonicalHost strips port from host if present and returns the canonicalized
 // host name.
 func CanonicalHost(host string) (string, error) {
 	var err error
 	host = strings.ToLower(host)
 	if hasPort(host) {
 		host, _, err = net.SplitHostPort(host)
 		if err != nil {
 			return "", err
 		}
 	}
 	if strings.HasSuffix(host, ".") {
 		// Strip trailing dot from fully qualified domain names.
 		host = host[:len(host)-1]
 	}
 	return host, nil
 }
 // hasPort reports whether host contains a port number. host may be a host
 // name, an IPv4 or an IPv6 address.
 func hasPort(host string) bool {
 	colons := strings.Count(host, ":")
 	if colons == 0 {
 		return false
 	}
 	if colons == 1 {
 		return true
 	}
 	return host[0] == '[' && strings.Contains(host, "]:")
 }
--- a/pkg/util/version/version.go
+++ b/pkg/util/version/version.go
@@ -19,7 +19,7 @@ import (
 	"strings"
 )
-var version string = "0.34.2"
+var version string = "0.37.0"
 func Full() string {
 	return version
--- a/pkg/util/vhost/http.go
+++ b/pkg/util/vhost/http.go
@@ -17,6 +17,7 @@ package vhost
 import (
 	"bytes"
 	"context"
 	"encoding/base64"
 	"errors"
 	"fmt"
 	"log"
@@ -59,20 +60,25 @@ func NewHTTPReverseProxy(option HTTPReverseProxyOptions, vhostRouter *Routers) *
 			req.URL.Scheme = "http"
 			url := req.Context().Value(RouteInfoURL).(string)
 			oldHost := util.GetHostFromAddr(req.Context().Value(RouteInfoHost).(string))
-			host := rp.GetRealHost(oldHost, url)
+			rc := rp.GetRouteConfig(oldHost, url)
-			if host != "" {
+			if rc != nil {
-				req.Host = host
+				if rc.RewriteHost != "" {
-			}
+					req.Host = rc.RewriteHost
-			req.URL.Host = req.Host
+				}
 				// Set {domain}.{location} as URL host here to let http transport reuse connections.
 				req.URL.Host = rc.Domain + "." + base64.StdEncoding.EncodeToString([]byte(rc.Location))
-			headers := rp.GetHeaders(oldHost, url)
+				for k, v := range rc.Headers {
-			for k, v := range headers {
+					req.Header.Set(k, v)
-				req.Header.Set(k, v)
+				}
 			} else {
 				req.URL.Host = req.Host
 			}
 		},
 		Transport: &http.Transport{
 			ResponseHeaderTimeout: rp.responseHeaderTimeout,
-			DisableKeepAlives:     true,
+			IdleConnTimeout:       60 * time.Second,
 			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
 				url := ctx.Value(RouteInfoURL).(string)
 				host := util.GetHostFromAddr(ctx.Value(RouteInfoHost).(string))
@@ -107,6 +113,14 @@ func (rp *HTTPReverseProxy) UnRegister(domain string, location string) {
 	rp.vhostRouter.Del(domain, location)
 }
 func (rp *HTTPReverseProxy) GetRouteConfig(domain string, location string) *RouteConfig {
 	vr, ok := rp.getVhost(domain, location)
 	if ok {
 		return vr.payload.(*RouteConfig)
 	}
 	return nil
 }
 func (rp *HTTPReverseProxy) GetRealHost(domain string, location string) (host string) {
 	vr, ok := rp.getVhost(domain, location)
 	if ok {
--- a/pkg/util/vhost/vhost.go
+++ b/pkg/util/vhost/vhost.go
@@ -144,7 +144,7 @@ func (v *Muxer) handle(c net.Conn) {
 	sConn, reqInfoMap, err := v.vhostFunc(c)
 	if err != nil {
-		log.Warn("get hostname from http/https request error: %v", err)
+		log.Debug("get hostname from http/https request error: %v", err)
 		c.Close()
 		return
 	}
--- a/server/control.go
+++ b/server/control.go
@@ -248,12 +248,10 @@ func (ctl *Control) GetWorkConn() (workConn net.Conn, err error) {
 		xl.Debug("get work connection from pool")
 	default:
 		// no work connections available in the poll, send message to frpc to get more
-		err = errors.PanicToError(func() {
+		if err = errors.PanicToError(func() {
 			ctl.sendCh <- &msg.ReqWorkConn{}
-		})
+		}); err != nil {
-		if err != nil {
+			return nil, fmt.Errorf("control is already closed")
 			xl.Error("%v", err)
 			return
 		}
 		select {
@@ -357,15 +355,15 @@ func (ctl *Control) stoper() {
 	ctl.allShutdown.WaitStart()
 	ctl.conn.Close()
 	ctl.readerShutdown.WaitDone()
 	close(ctl.readCh)
 	ctl.managerShutdown.WaitDone()
 	close(ctl.sendCh)
 	ctl.writerShutdown.WaitDone()
 	ctl.conn.Close()
 	ctl.readerShutdown.WaitDone()
 	ctl.mu.Lock()
 	defer ctl.mu.Unlock()
@@ -408,7 +406,7 @@ func (ctl *Control) manager() {
 	for {
 		select {
 		case <-heartbeat.C:
-			if time.Since(ctl.lastPing) > time.Duration(ctl.serverCfg.HeartBeatTimeout)*time.Second {
+			if time.Since(ctl.lastPing) > time.Duration(ctl.serverCfg.HeartbeatTimeout)*time.Second {
 				xl.Warn("heartbeat timeout")
 				return
 			}
--- a/server/dashboard.go
+++ b/server/dashboard.go
@@ -15,7 +15,6 @@
 package server
 import (
 	"fmt"
 	"net"
 	"net/http"
 	"time"
@@ -32,7 +31,7 @@ var (
 	httpServerWriteTimeout = 10 * time.Second
 )
-func (svr *Service) RunDashboardServer(addr string, port int) (err error) {
+func (svr *Service) RunDashboardServer(address string) (err error) {
 	// url router
 	router := mux.NewRouter()
@@ -58,14 +57,13 @@ func (svr *Service) RunDashboardServer(addr string, port int) (err error) {
 		http.Redirect(w, r, "/static/", http.StatusMovedPermanently)
 	})
 	address := fmt.Sprintf("%s:%d", addr, port)
 	server := &http.Server{
 		Addr:         address,
 		Handler:      router,
 		ReadTimeout:  httpServerReadTimeout,
 		WriteTimeout: httpServerWriteTimeout,
 	}
-	if address == "" {
+	if address == "" || address == ":" {
 		address = ":http"
 	}
 	ln, err := net.Listen("tcp", address)
--- a/server/dashboard_api.go
+++ b/server/dashboard_api.go
@@ -74,7 +74,7 @@ func (svr *Service) APIServerInfo(w http.ResponseWriter, r *http.Request) {
 		SubdomainHost:     svr.cfg.SubDomainHost,
 		MaxPoolCount:      svr.cfg.MaxPoolCount,
 		MaxPortsPerClient: svr.cfg.MaxPortsPerClient,
-		HeartBeatTimeout:  svr.cfg.HeartBeatTimeout,
+		HeartBeatTimeout:  svr.cfg.HeartbeatTimeout,
 		TotalTrafficIn:  serverStats.TotalTrafficIn,
 		TotalTrafficOut: serverStats.TotalTrafficOut,
--- a/server/proxy/proxy.go
+++ b/server/proxy/proxy.go
@@ -100,7 +100,7 @@ func (pxy *BaseProxy) GetWorkConnFromPool(src, dst net.Addr) (workConn net.Conn,
 			xl.Warn("failed to get work connection: %v", err)
 			return
 		}
-		xl.Info("get a new work connection: [%s]", workConn.RemoteAddr().String())
+		xl.Debug("get a new work connection: [%s]", workConn.RemoteAddr().String())
 		xl.Spawn().AppendPrefix(pxy.GetName())
 		workConn = frpNet.NewContextConn(pxy.ctx, workConn)
@@ -159,7 +159,7 @@ func (pxy *BaseProxy) startListenHandler(p Proxy, handler func(Proxy, net.Conn,
 					xl.Info("listener is closed")
 					return
 				}
-				xl.Debug("get a user connection [%s]", c.RemoteAddr().String())
+				xl.Info("get a user connection [%s]", c.RemoteAddr().String())
 				go handler(p, c, pxy.serverCfg)
 			}
 		}(listener)
--- a/server/proxy/udp.go
+++ b/server/proxy/udp.go
@@ -60,7 +60,7 @@ func (pxy *UDPProxy) Run() (remoteAddr string, err error) {
 	xl := pxy.xl
 	pxy.realPort, err = pxy.rc.UDPPortManager.Acquire(pxy.name, pxy.cfg.RemotePort)
 	if err != nil {
-		return
+		return "", fmt.Errorf("acquire port %d error: %v", pxy.cfg.RemotePort, err)
 	}
 	defer func() {
 		if err != nil {
--- a/server/service.go
+++ b/server/service.go
@@ -23,6 +23,7 @@ import (
 	"net"
 	"net/http"
 	"sort"
 	"strconv"
 	"time"
 	"github.com/fatedier/frp/assets"
@@ -176,7 +177,8 @@ func NewService(cfg config.ServerCommonConf) (svr *Service, err error) {
 	}
 	// Listen for accepting connections from client.
-	ln, err := net.Listen("tcp", fmt.Sprintf("%s:%d", cfg.BindAddr, cfg.BindPort))
+	address := net.JoinHostPort(cfg.BindAddr, strconv.Itoa(cfg.BindPort))
 	ln, err := net.Listen("tcp", address)
 	if err != nil {
 		err = fmt.Errorf("Create server listener error, %v", err)
 		return
@@ -187,13 +189,14 @@ func NewService(cfg config.ServerCommonConf) (svr *Service, err error) {
 	ln = svr.muxer.DefaultListener()
 	svr.listener = ln
-	log.Info("frps tcp listen on %s:%d", cfg.BindAddr, cfg.BindPort)
+	log.Info("frps tcp listen on %s", address)
 	// Listen for accepting connections from client using kcp protocol.
 	if cfg.KCPBindPort > 0 {
-		svr.kcpListener, err = frpNet.ListenKcp(cfg.BindAddr, cfg.KCPBindPort)
+		address := net.JoinHostPort(cfg.BindAddr, strconv.Itoa(cfg.KCPBindPort))
 		svr.kcpListener, err = frpNet.ListenKcp(address)
 		if err != nil {
-			err = fmt.Errorf("Listen on kcp address udp [%s:%d] error: %v", cfg.BindAddr, cfg.KCPBindPort, err)
+			err = fmt.Errorf("Listen on kcp address udp %s error: %v", address, err)
 			return
 		}
 		log.Info("frps kcp listen on udp %s:%d", cfg.BindAddr, cfg.KCPBindPort)
@@ -213,7 +216,7 @@ func NewService(cfg config.ServerCommonConf) (svr *Service, err error) {
 		}, svr.httpVhostRouter)
 		svr.rc.HTTPReverseProxy = rp
-		address := fmt.Sprintf("%s:%d", cfg.ProxyBindAddr, cfg.VhostHTTPPort)
+		address := net.JoinHostPort(cfg.ProxyBindAddr, strconv.Itoa(cfg.VhostHTTPPort))
 		server := &http.Server{
 			Addr:    address,
 			Handler: rp,
@@ -238,11 +241,13 @@ func NewService(cfg config.ServerCommonConf) (svr *Service, err error) {
 		if httpsMuxOn {
 			l = svr.muxer.ListenHttps(1)
 		} else {
-			l, err = net.Listen("tcp", fmt.Sprintf("%s:%d", cfg.ProxyBindAddr, cfg.VhostHTTPSPort))
+			address := net.JoinHostPort(cfg.ProxyBindAddr, strconv.Itoa(cfg.VhostHTTPSPort))
 			l, err = net.Listen("tcp", address)
 			if err != nil {
 				err = fmt.Errorf("Create server listener error, %v", err)
 				return
 			}
 			log.Info("https service listen on %s", address)
 		}
 		svr.rc.VhostHTTPSMuxer, err = vhost.NewHTTPSMuxer(l, vhostReadWriteTimeout)
@@ -250,7 +255,6 @@ func NewService(cfg config.ServerCommonConf) (svr *Service, err error) {
 			err = fmt.Errorf("Create vhost httpsMuxer error, %v", err)
 			return
 		}
 		log.Info("https service listen on %s:%d", cfg.ProxyBindAddr, cfg.VhostHTTPSPort)
 	}
 	// frp tls listener
@@ -261,14 +265,14 @@ func NewService(cfg config.ServerCommonConf) (svr *Service, err error) {
 	// Create nat hole controller.
 	if cfg.BindUDPPort > 0 {
 		var nc *nathole.Controller
-		addr := fmt.Sprintf("%s:%d", cfg.BindAddr, cfg.BindUDPPort)
+		address := net.JoinHostPort(cfg.BindAddr, strconv.Itoa(cfg.BindUDPPort))
-		nc, err = nathole.NewController(addr)
+		nc, err = nathole.NewController(address)
 		if err != nil {
 			err = fmt.Errorf("Create nat hole controller error, %v", err)
 			return
 		}
 		svr.rc.NatHoleController = nc
-		log.Info("nat hole udp service listen on %s:%d", cfg.BindAddr, cfg.BindUDPPort)
+		log.Info("nat hole udp service listen on %s", address)
 	}
 	var statsEnable bool
@@ -281,7 +285,8 @@ func NewService(cfg config.ServerCommonConf) (svr *Service, err error) {
 			return
 		}
-		err = svr.RunDashboardServer(cfg.DashboardAddr, cfg.DashboardPort)
+		address := net.JoinHostPort(cfg.DashboardAddr, strconv.Itoa(cfg.DashboardPort))
 		err = svr.RunDashboardServer(address)
 		if err != nil {
 			err = fmt.Errorf("Create dashboard web server error, %v", err)
 			return
--- a/test/e2e/basic/basic.go
+++ b/test/e2e/basic/basic.go
@@ -3,16 +3,16 @@ package basic
 import (
 	"fmt"
 	"strings"
 	"time"
 	"github.com/fatedier/frp/test/e2e/framework"
 	"github.com/fatedier/frp/test/e2e/framework/consts"
 	"github.com/fatedier/frp/test/e2e/mock/server"
 	"github.com/fatedier/frp/test/e2e/pkg/port"
 	"github.com/fatedier/frp/test/e2e/pkg/request"
 	. "github.com/onsi/ginkgo"
 )
 var connTimeout = 2 * time.Second
 var _ = Describe("[Feature: Basic]", func() {
 	f := framework.NewDefaultFramework()
@@ -50,21 +50,21 @@ var _ = Describe("[Feature: Basic]", func() {
 				}{
 					{
 						proxyName: "normal",
-						portName:  framework.GenPortName("Normal"),
+						portName:  port.GenName("Normal"),
 					},
 					{
 						proxyName:   "with-encryption",
-						portName:    framework.GenPortName("WithEncryption"),
+						portName:    port.GenName("WithEncryption"),
 						extraConfig: "use_encryption = true",
 					},
 					{
 						proxyName:   "with-compression",
-						portName:    framework.GenPortName("WithCompression"),
+						portName:    port.GenName("WithCompression"),
 						extraConfig: "use_compression = true",
 					},
 					{
 						proxyName: "with-encryption-and-compression",
-						portName:  framework.GenPortName("WithEncryptionAndCompression"),
+						portName:  port.GenName("WithEncryptionAndCompression"),
 						extraConfig: `
 						use_encryption = true
 						use_compression = true
@@ -80,8 +80,11 @@ var _ = Describe("[Feature: Basic]", func() {
 				f.RunProcesses([]string{serverConf}, []string{clientConf})
 				for _, test := range tests {
-					framework.ExpectRequest(protocol, f.UsedPorts[test.portName],
+					framework.NewRequestExpect(f).
-						[]byte(consts.TestString), []byte(consts.TestString), connTimeout, test.proxyName)
+						RequestModify(framework.SetRequestProtocol(protocol)).
 						PortName(test.portName).
 						Explain(test.proxyName).
 						Ensure()
 				}
 			})
 		}
@@ -139,24 +142,24 @@ var _ = Describe("[Feature: Basic]", func() {
 				}{
 					{
 						proxyName:    "normal",
-						bindPortName: framework.GenPortName("Normal"),
+						bindPortName: port.GenName("Normal"),
 						visitorSK:    correctSK,
 					},
 					{
 						proxyName:    "with-encryption",
-						bindPortName: framework.GenPortName("WithEncryption"),
+						bindPortName: port.GenName("WithEncryption"),
 						visitorSK:    correctSK,
 						extraConfig:  "use_encryption = true",
 					},
 					{
 						proxyName:    "with-compression",
-						bindPortName: framework.GenPortName("WithCompression"),
+						bindPortName: port.GenName("WithCompression"),
 						visitorSK:    correctSK,
 						extraConfig:  "use_compression = true",
 					},
 					{
 						proxyName:    "with-encryption-and-compression",
-						bindPortName: framework.GenPortName("WithEncryptionAndCompression"),
+						bindPortName: port.GenName("WithEncryptionAndCompression"),
 						visitorSK:    correctSK,
 						extraConfig: `
 						use_encryption = true
@@ -165,7 +168,7 @@ var _ = Describe("[Feature: Basic]", func() {
 					},
 					{
 						proxyName:    "with-error-sk",
-						bindPortName: framework.GenPortName("WithErrorSK"),
+						bindPortName: port.GenName("WithErrorSK"),
 						visitorSK:    wrongSK,
 						expectError:  true,
 					},
@@ -182,17 +185,92 @@ var _ = Describe("[Feature: Basic]", func() {
 				f.RunProcesses([]string{serverConf}, []string{clientServerConf, clientVisitorConf})
 				for _, test := range tests {
-					expectResp := []byte(consts.TestString)
+					framework.NewRequestExpect(f).
-					if test.expectError {
+						RequestModify(framework.SetRequestProtocol(protocol)).
-						framework.ExpectRequestError(protocol, f.UsedPorts[test.bindPortName],
+						PortName(test.bindPortName).
-							[]byte(consts.TestString), connTimeout, test.proxyName)
+						Explain(test.proxyName).
-						continue
+						ExpectError(test.expectError).
-					}
+						Ensure()
 					framework.ExpectRequest(protocol, f.UsedPorts[test.bindPortName],
 						[]byte(consts.TestString), expectResp, connTimeout, test.proxyName)
 				}
 			})
 		}
 	})
 	Describe("TCPMUX", func() {
 		It("Type tcpmux", func() {
 			serverConf := consts.DefaultServerConfig
 			clientConf := consts.DefaultClientConfig
 			tcpmuxHTTPConnectPortName := port.GenName("TCPMUX")
 			serverConf += fmt.Sprintf(`
 			tcpmux_httpconnect_port = {{ .%s }}
 			`, tcpmuxHTTPConnectPortName)
 			getProxyConf := func(proxyName string, extra string) string {
 				return fmt.Sprintf(`
 				[%s]
 				type = tcpmux
 				multiplexer = httpconnect
 				local_port = {{ .%s }}
 				custom_domains = %s
 				`+extra, proxyName, port.GenName(proxyName), proxyName)
 			}
 			tests := []struct {
 				proxyName   string
 				extraConfig string
 			}{
 				{
 					proxyName: "normal",
 				},
 				{
 					proxyName:   "with-encryption",
 					extraConfig: "use_encryption = true",
 				},
 				{
 					proxyName:   "with-compression",
 					extraConfig: "use_compression = true",
 				},
 				{
 					proxyName: "with-encryption-and-compression",
 					extraConfig: `
 						use_encryption = true
 						use_compression = true
 					`,
 				},
 			}
 			// build all client config
 			for _, test := range tests {
 				clientConf += getProxyConf(test.proxyName, test.extraConfig) + "\n"
 				localServer := server.New(server.TCP, server.WithBindPort(f.AllocPort()), server.WithRespContent([]byte(test.proxyName)))
 				f.RunServer(port.GenName(test.proxyName), localServer)
 			}
 			// run frps and frpc
 			f.RunProcesses([]string{serverConf}, []string{clientConf})
 			// Request without HTTP connect should get error
 			framework.NewRequestExpect(f).
 				PortName(tcpmuxHTTPConnectPortName).
 				ExpectError(true).
 				Explain("request without HTTP connect expect error").
 				Ensure()
 			proxyURL := fmt.Sprintf("http://127.0.0.1:%d", f.PortByName(tcpmuxHTTPConnectPortName))
 			// Request with incorrect connect hostname
 			framework.NewRequestExpect(f).RequestModify(func(r *request.Request) {
 				r.Proxy(proxyURL, "invalid")
 			}).ExpectError(true).Explain("request without HTTP connect expect error").Ensure()
 			// Request with correct connect hostname
 			for _, test := range tests {
 				framework.NewRequestExpect(f).RequestModify(func(r *request.Request) {
 					r.Proxy(proxyURL, test.proxyName)
 				}).ExpectResp([]byte(test.proxyName)).Explain(test.proxyName).Ensure()
 			}
 		})
 	})
 })
--- a/test/e2e/basic/client_server.go
+++ b/test/e2e/basic/client_server.go
@@ -6,6 +6,7 @@ import (
 	"github.com/fatedier/frp/test/e2e/framework"
 	"github.com/fatedier/frp/test/e2e/framework/consts"
 	"github.com/fatedier/frp/test/e2e/pkg/port"
 	. "github.com/onsi/ginkgo"
 )
@@ -16,6 +17,7 @@ type generalTestConfigures struct {
 	expectError bool
 }
 // defineClientServerTest test a normal tcp and udp proxy with specified TestConfigures.
 func defineClientServerTest(desc string, f *framework.Framework, configures *generalTestConfigures) {
 	It(desc, func() {
 		serverConf := consts.DefaultServerConfig
@@ -25,6 +27,8 @@ func defineClientServerTest(desc string, f *framework.Framework, configures *gen
 				%s
 				`, configures.server)
 		tcpPortName := port.GenName("TCP")
 		udpPortName := port.GenName("UDP")
 		clientConf += fmt.Sprintf(`
 				%s
@@ -38,23 +42,15 @@ func defineClientServerTest(desc string, f *framework.Framework, configures *gen
 				local_port = {{ .%s }}
 				remote_port = {{ .%s }}
 				`, configures.client,
-			framework.TCPEchoServerPort, framework.GenPortName("TCP"),
+			framework.TCPEchoServerPort, tcpPortName,
-			framework.UDPEchoServerPort, framework.GenPortName("UDP"),
+			framework.UDPEchoServerPort, udpPortName,
 		)
 		f.RunProcesses([]string{serverConf}, []string{clientConf})
-		if !configures.expectError {
+		framework.NewRequestExpect(f).PortName(tcpPortName).ExpectError(configures.expectError).Explain("tcp proxy").Ensure()
-			framework.ExpectTCPRequest(f.UsedPorts[framework.GenPortName("TCP")],
+		framework.NewRequestExpect(f).RequestModify(framework.SetRequestProtocol("udp")).
-				[]byte(consts.TestString), []byte(consts.TestString), connTimeout, "tcp proxy")
+			PortName(udpPortName).ExpectError(configures.expectError).Explain("udp proxy").Ensure()
 			framework.ExpectUDPRequest(f.UsedPorts[framework.GenPortName("UDP")],
 				[]byte(consts.TestString), []byte(consts.TestString), connTimeout, "udp proxy")
 		} else {
 			framework.ExpectTCPRequestError(f.UsedPorts[framework.GenPortName("TCP")],
 				[]byte(consts.TestString), connTimeout, "tcp proxy")
 			framework.ExpectUDPRequestError(f.UsedPorts[framework.GenPortName("UDP")],
 				[]byte(consts.TestString), connTimeout, "udp proxy")
 		}
 	})
 }
--- a/test/e2e/basic/server.go
+++ b/test/e2e/basic/server.go
@@ -0,0 +1,79 @@
 package basic
 import (
 	"fmt"
 	"github.com/fatedier/frp/test/e2e/framework"
 	"github.com/fatedier/frp/test/e2e/framework/consts"
 	"github.com/fatedier/frp/test/e2e/pkg/port"
 	"github.com/fatedier/frp/test/e2e/pkg/request"
 	. "github.com/onsi/ginkgo"
 )
 var _ = Describe("[Feature: Server Manager]", func() {
 	f := framework.NewDefaultFramework()
 	It("Ports Whitelist", func() {
 		serverConf := consts.DefaultServerConfig
 		clientConf := consts.DefaultClientConfig
 		serverConf += `
 			allow_ports = 10000-20000,20002,30000-50000
 		`
 		tcpPortName := port.GenName("TCP", port.WithRangePorts(10000, 20000))
 		udpPortName := port.GenName("UDP", port.WithRangePorts(30000, 50000))
 		clientConf += fmt.Sprintf(`
 			[tcp-allowded-in-range]
 			type = tcp
 			local_port = {{ .%s }}
 			remote_port = {{ .%s }}
 			`, framework.TCPEchoServerPort, tcpPortName)
 		clientConf += fmt.Sprintf(`
 			[tcp-port-not-allowed]
 			type = tcp
 			local_port = {{ .%s }}
 			remote_port = 20001
 			`, framework.TCPEchoServerPort)
 		clientConf += fmt.Sprintf(`
 			[tcp-port-unavailable]
 			type = tcp
 			local_port = {{ .%s }}
 			remote_port = {{ .%s }}
 			`, framework.TCPEchoServerPort, consts.PortServerName)
 		clientConf += fmt.Sprintf(`
 			[udp-allowed-in-range]
 			type = udp
 			local_port = {{ .%s }}
 			remote_port = {{ .%s }}
 			`, framework.UDPEchoServerPort, udpPortName)
 		clientConf += fmt.Sprintf(`
 			[udp-port-not-allowed]
 			type = udp
 			local_port = {{ .%s }}
 			remote_port = 20003
 			`, framework.UDPEchoServerPort)
 		f.RunProcesses([]string{serverConf}, []string{clientConf})
 		// TCP
 		// Allowed in range
 		framework.NewRequestExpect(f).PortName(tcpPortName).Ensure()
 		// Not Allowed
 		framework.NewRequestExpect(f).RequestModify(framework.SetRequestPort(20001)).ExpectError(true).Ensure()
 		// Unavailable, already bind by frps
 		framework.NewRequestExpect(f).PortName(consts.PortServerName).ExpectError(true).Ensure()
 		// UDP
 		// Allowed in range
 		framework.NewRequestExpect(f).RequestModify(framework.SetRequestProtocol("udp")).PortName(udpPortName).Ensure()
 		// Not Allowed
 		framework.NewRequestExpect(f).RequestModify(func(r *request.Request) {
 			r.UDP().Port(20003)
 		}).ExpectError(true).Ensure()
 	})
 })
--- a/test/e2e/e2e.go
+++ b/test/e2e/e2e.go
@@ -49,7 +49,6 @@ func RunE2ETests(t *testing.T) {
 // accepting the byte array.
 func setupSuite() {
 	// Run only on Ginkgo node 1
 	// TODO
 }
 // setupSuitePerGinkgoNode is the boilerplate that can be used to setup ginkgo test suites, on the SynchronizedBeforeSuite step.
--- a/test/e2e/examples.go
+++ b/test/e2e/examples.go
@@ -2,16 +2,14 @@ package e2e
 import (
 	"fmt"
 	"time"
 	"github.com/fatedier/frp/test/e2e/framework"
 	"github.com/fatedier/frp/test/e2e/framework/consts"
 	"github.com/fatedier/frp/test/e2e/pkg/port"
 	. "github.com/onsi/ginkgo"
 )
 var connTimeout = 2 * time.Second
 var _ = Describe("[Feature: Example]", func() {
 	f := framework.NewDefaultFramework()
@@ -20,16 +18,17 @@ var _ = Describe("[Feature: Example]", func() {
 			serverConf := consts.DefaultServerConfig
 			clientConf := consts.DefaultClientConfig
 			portName := port.GenName("TCP")
 			clientConf += fmt.Sprintf(`
 			[tcp]
 			type = tcp
 			local_port = {{ .%s }}
 			remote_port = {{ .%s }}
-			`, framework.TCPEchoServerPort, framework.GenPortName("TCP"))
+			`, framework.TCPEchoServerPort, portName)
 			f.RunProcesses([]string{serverConf}, []string{clientConf})
-			framework.ExpectTCPRequest(f.UsedPorts[framework.GenPortName("TCP")], []byte(consts.TestString), []byte(consts.TestString), connTimeout)
+			framework.NewRequestExpect(f).PortName(portName).Ensure()
 		})
 	})
 })
--- a/test/e2e/framework/consts/consts.go
+++ b/test/e2e/framework/consts/consts.go
@@ -1,21 +1,38 @@
 package consts
 import (
 	"fmt"
 	"time"
 	"github.com/fatedier/frp/test/e2e/pkg/port"
 )
 const (
 	TestString = "frp is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet."
 	DefaultTimeout = 2 * time.Second
 )
-const (
+var (
-	PortServerName = "PortServer"
+	PortServerName  string
-)
+	PortClientAdmin string
 const (
 	DefaultServerConfig = `
 	[common]
-	bind_port = {{ .PortServer }}
+	bind_port = {{ .%s }}
 	log_level = trace
 	`
 	DefaultClientConfig = `
 	[common]
-	server_port = {{ .PortServer }}
+	server_port = {{ .%s }}
 	log_level = trace
 	`
 )
 func init() {
 	PortServerName = port.GenName("Server")
 	PortClientAdmin = port.GenName("ClientAdmin")
 	DefaultServerConfig = fmt.Sprintf(DefaultServerConfig, port.GenName("Server"))
 	DefaultClientConfig = fmt.Sprintf(DefaultClientConfig, port.GenName("Server"))
 }
--- a/test/e2e/framework/framework.go
+++ b/test/e2e/framework/framework.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 	"text/template"
 	"github.com/fatedier/frp/test/e2e/mock/server"
 	"github.com/fatedier/frp/test/e2e/pkg/port"
 	"github.com/fatedier/frp/test/e2e/pkg/process"
@@ -25,11 +26,14 @@ type Options struct {
 type Framework struct {
 	TempDirectory string
 	UsedPorts     map[string]int
 	// ports used in this framework indexed by port name.
 	usedPorts map[string]int
 	// portAllocator to alloc port for this test case.
 	portAllocator *port.Allocator
-	// Multiple mock servers used for e2e testing.
+	// Multiple default mock servers used for e2e testing.
 	mockServers *MockServers
 	// To make sure that this framework cleans up after itself, no matter what,
@@ -44,6 +48,9 @@ type Framework struct {
 	serverProcesses []*process.Process
 	clientConfPaths []string
 	clientProcesses []*process.Process
 	// Manual registered mock servers.
 	servers []*server.Server
 }
 func NewDefaultFramework() *Framework {
@@ -59,6 +66,7 @@ func NewDefaultFramework() *Framework {
 func NewFramework(opt Options) *Framework {
 	f := &Framework{
 		portAllocator: port.NewAllocator(opt.FromPortIndex, opt.ToPortIndex, opt.TotalParallelNode, opt.CurrentNodeIndex-1),
 		usedPorts:     make(map[string]int),
 	}
 	ginkgo.BeforeEach(f.BeforeEach)
@@ -107,9 +115,14 @@ func (f *Framework) AfterEach() {
 	f.serverProcesses = nil
 	f.clientProcesses = nil
-	// close mock servers
+	// close default mock servers
 	f.mockServers.Close()
 	// close manual registered mock servers
 	for _, s := range f.servers {
 		s.Close()
 	}
 	// clean directory
 	os.RemoveAll(f.TempDirectory)
 	f.TempDirectory = ""
@@ -117,10 +130,10 @@ func (f *Framework) AfterEach() {
 	f.clientConfPaths = nil
 	// release used ports
-	for _, port := range f.UsedPorts {
+	for _, port := range f.usedPorts {
 		f.portAllocator.Release(port)
 	}
-	f.UsedPorts = nil
+	f.usedPorts = make(map[string]int)
 }
 var portRegex = regexp.MustCompile(`{{ \.Port.*? }}`)
@@ -151,16 +164,16 @@ func (f *Framework) genPortsFromTemplates(templates []string) (ports map[string]
 	}()
 	for name := range ports {
-		port := f.portAllocator.Get()
+		port := f.portAllocator.GetByName(name)
 		if port <= 0 {
 			return nil, fmt.Errorf("can't allocate port")
 		}
 		ports[name] = port
 	}
 	return
 }
 // RenderTemplates alloc all ports for port names placeholder.
 func (f *Framework) RenderTemplates(templates []string) (outs []string, ports map[string]int, err error) {
 	ports, err = f.genPortsFromTemplates(templates)
 	if err != nil {
@@ -172,6 +185,10 @@ func (f *Framework) RenderTemplates(templates []string) (outs []string, ports ma
 		params[name] = port
 	}
 	for name, port := range f.usedPorts {
 		params[name] = port
 	}
 	for _, t := range templates {
 		tmpl, err := template.New("").Parse(t)
 		if err != nil {
@@ -185,3 +202,26 @@ func (f *Framework) RenderTemplates(templates []string) (outs []string, ports ma
 	}
 	return
 }
 func (f *Framework) PortByName(name string) int {
 	return f.usedPorts[name]
 }
 func (f *Framework) AllocPort() int {
 	port := f.portAllocator.Get()
 	ExpectTrue(port > 0, "alloc port failed")
 	return port
 }
 func (f *Framework) ReleasePort(port int) {
 	f.portAllocator.Release(port)
 }
 func (f *Framework) RunServer(portName string, s *server.Server) {
 	f.servers = append(f.servers, s)
 	if s.BindPort() > 0 {
 		f.usedPorts[portName] = s.BindPort()
 	}
 	err := s.Run()
 	ExpectNoError(err, portName)
 }
--- a/test/e2e/framework/mockservers.go
+++ b/test/e2e/framework/mockservers.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"os"
-	"github.com/fatedier/frp/test/e2e/mock/echoserver"
+	"github.com/fatedier/frp/test/e2e/mock/server"
 	"github.com/fatedier/frp/test/e2e/pkg/port"
 )
@@ -15,36 +15,22 @@ const (
 )
 type MockServers struct {
-	tcpEchoServer *echoserver.Server
+	tcpEchoServer *server.Server
-	udpEchoServer *echoserver.Server
+	udpEchoServer *server.Server
-	udsEchoServer *echoserver.Server
+	udsEchoServer *server.Server
 }
 func NewMockServers(portAllocator *port.Allocator) *MockServers {
 	s := &MockServers{}
 	tcpPort := portAllocator.Get()
 	udpPort := portAllocator.Get()
-	s.tcpEchoServer = echoserver.New(echoserver.Options{
+	s.tcpEchoServer = server.New(server.TCP, server.WithBindPort(tcpPort), server.WithEchoMode(true))
-		Type:      echoserver.TCP,
+	s.udpEchoServer = server.New(server.UDP, server.WithBindPort(udpPort), server.WithEchoMode(true))
 		BindAddr:  "127.0.0.1",
 		BindPort:  int32(tcpPort),
 		RepeatNum: 1,
 	})
 	s.udpEchoServer = echoserver.New(echoserver.Options{
 		Type:      echoserver.UDP,
 		BindAddr:  "127.0.0.1",
 		BindPort:  int32(udpPort),
 		RepeatNum: 1,
 	})
 	udsIndex := portAllocator.Get()
 	udsAddr := fmt.Sprintf("%s/frp_echo_server_%d.sock", os.TempDir(), udsIndex)
 	os.Remove(udsAddr)
-	s.udsEchoServer = echoserver.New(echoserver.Options{
+	s.udsEchoServer = server.New(server.Unix, server.WithBindAddr(udsAddr), server.WithEchoMode(true))
 		Type:      echoserver.Unix,
 		BindAddr:  udsAddr,
 		RepeatNum: 1,
 	})
 	return s
 }
@@ -65,14 +51,14 @@ func (m *MockServers) Close() {
 	m.tcpEchoServer.Close()
 	m.udpEchoServer.Close()
 	m.udsEchoServer.Close()
-	os.Remove(m.udsEchoServer.GetOptions().BindAddr)
+	os.Remove(m.udsEchoServer.BindAddr())
 }
 func (m *MockServers) GetTemplateParams() map[string]interface{} {
 	ret := make(map[string]interface{})
-	ret[TCPEchoServerPort] = m.tcpEchoServer.GetOptions().BindPort
+	ret[TCPEchoServerPort] = m.tcpEchoServer.BindPort()
-	ret[UDPEchoServerPort] = m.udpEchoServer.GetOptions().BindPort
+	ret[UDPEchoServerPort] = m.udpEchoServer.BindPort()
-	ret[UDSEchoServerAddr] = m.udsEchoServer.GetOptions().BindAddr
+	ret[UDSEchoServerAddr] = m.udsEchoServer.BindAddr()
 	return ret
 }
--- a/test/e2e/framework/process.go
+++ b/test/e2e/framework/process.go
@@ -28,7 +28,9 @@ func (f *Framework) RunProcesses(serverTemplates []string, clientTemplates []str
 	ExpectNoError(err)
 	ExpectTrue(len(templates) > 0)
-	f.UsedPorts = ports
+	for name, port := range ports {
 		f.usedPorts[name] = port
 	}
 	for i := range serverTemplates {
 		path := filepath.Join(f.TempDirectory, fmt.Sprintf("frp-e2e-server-%d", i))
@@ -40,8 +42,8 @@ func (f *Framework) RunProcesses(serverTemplates []string, clientTemplates []str
 		f.serverProcesses = append(f.serverProcesses, p)
 		err = p.Start()
 		ExpectNoError(err)
 		time.Sleep(500 * time.Millisecond)
 	}
 	time.Sleep(time.Second)
 	for i := range clientTemplates {
 		index := i + len(serverTemplates)
@@ -56,4 +58,5 @@ func (f *Framework) RunProcesses(serverTemplates []string, clientTemplates []str
 		ExpectNoError(err)
 		time.Sleep(500 * time.Millisecond)
 	}
 	time.Sleep(500 * time.Millisecond)
 }
--- a/test/e2e/framework/request.go
+++ b/test/e2e/framework/request.go
@@ -1,51 +1,90 @@
 package framework
 import (
-	"time"
+	"github.com/fatedier/frp/test/e2e/framework/consts"
 	"github.com/fatedier/frp/test/e2e/pkg/request"
 )
-func ExpectRequest(protocol string, port int, in, out []byte, timeout time.Duration, explain ...interface{}) {
+func SetRequestProtocol(protocol string) func(*request.Request) {
-	switch protocol {
+	return func(r *request.Request) {
-	case "tcp":
+		r.Protocol(protocol)
 		ExpectTCPRequest(port, in, out, timeout, explain...)
 	case "udp":
 		ExpectUDPRequest(port, in, out, timeout, explain...)
 	default:
 		Failf("ExpectRequest not support protocol: %s", protocol)
 	}
 }
-func ExpectRequestError(protocol string, port int, in []byte, timeout time.Duration, explain ...interface{}) {
+func SetRequestPort(port int) func(*request.Request) {
-	switch protocol {
+	return func(r *request.Request) {
-	case "tcp":
+		r.Port(port)
 		ExpectTCPRequestError(port, in, timeout, explain...)
 	case "udp":
 		ExpectUDPRequestError(port, in, timeout, explain...)
 	default:
 		Failf("ExpectRequestError not support protocol: %s", protocol)
 	}
 }
-func ExpectTCPRequest(port int, in, out []byte, timeout time.Duration, explain ...interface{}) {
+// NewRequest return a default TCP request with default timeout and content.
-	res, err := request.SendTCPRequest(port, in, timeout)
+func NewRequest() *request.Request {
-	ExpectNoError(err, explain...)
+	return request.New().
-	ExpectEqual(string(out), res, explain...)
+		Timeout(consts.DefaultTimeout).
 		Body([]byte(consts.TestString))
 }
-func ExpectTCPRequestError(port int, in []byte, timeout time.Duration, explain ...interface{}) {
+func ExpectResponse(req *request.Request, expectResp []byte, explain ...interface{}) {
-	_, err := request.SendTCPRequest(port, in, timeout)
+	ret, err := req.Do()
 	ExpectNoError(err, explain...)
 	ExpectEqualValues(expectResp, ret, explain...)
 }
 func ExpectResponseError(req *request.Request, explain ...interface{}) {
 	_, err := req.Do()
 	ExpectError(err, explain...)
 }
-func ExpectUDPRequest(port int, in, out []byte, timeout time.Duration, explain ...interface{}) {
+type RequestExpect struct {
-	res, err := request.SendUDPRequest(port, in, timeout)
+	req *request.Request
-	ExpectNoError(err, explain...)
+
-	ExpectEqual(string(out), res, explain...)
+	f           *Framework
 	expectResp  []byte
 	expectError bool
 	explain     []interface{}
 }
-func ExpectUDPRequestError(port int, in []byte, timeout time.Duration, explain ...interface{}) {
+func NewRequestExpect(f *Framework) *RequestExpect {
-	_, err := request.SendUDPRequest(port, in, timeout)
+	return &RequestExpect{
-	ExpectError(err, explain...)
+		req:         NewRequest(),
 		f:           f,
 		expectResp:  []byte(consts.TestString),
 		expectError: false,
 		explain:     make([]interface{}, 0),
 	}
 }
 func (e *RequestExpect) RequestModify(f func(r *request.Request)) *RequestExpect {
 	f(e.req)
 	return e
 }
 func (e *RequestExpect) PortName(name string) *RequestExpect {
 	if e.f != nil {
 		e.req.Port(e.f.PortByName(name))
 	}
 	return e
 }
 func (e *RequestExpect) ExpectResp(resp []byte) *RequestExpect {
 	e.expectResp = resp
 	return e
 }
 func (e *RequestExpect) ExpectError(expectErr bool) *RequestExpect {
 	e.expectError = expectErr
 	return e
 }
 func (e *RequestExpect) Explain(explain ...interface{}) *RequestExpect {
 	e.explain = explain
 	return e
 }
 func (e *RequestExpect) Ensure() {
 	if e.expectError {
 		ExpectResponseError(e.req, e.explain...)
 	} else {
 		ExpectResponse(e.req, e.expectResp, e.explain...)
 	}
 }
--- a/test/e2e/framework/util.go
+++ b/test/e2e/framework/util.go
@@ -12,7 +12,3 @@ func init() {
 	uuid, _ := uuid.NewUUID()
 	RunID = uuid.String()
 }
 func GenPortName(name string) string {
 	return "Port" + name
 }
--- a/test/e2e/mock/echoserver/echoserver.go
+++ b/test/e2e/mock/echoserver/echoserver.go
@@ -1,111 +0,0 @@
 package echoserver
 import (
 	"fmt"
 	"net"
 	"strings"
 	fnet "github.com/fatedier/frp/pkg/util/net"
 )
 type ServerType string
 const (
 	TCP  ServerType = "tcp"
 	UDP  ServerType = "udp"
 	Unix ServerType = "unix"
 )
 type Options struct {
 	Type              ServerType
 	BindAddr          string
 	BindPort          int32
 	RepeatNum         int
 	SpecifiedResponse string
 }
 type Server struct {
 	opt Options
 	l net.Listener
 }
 func New(opt Options) *Server {
 	if opt.Type == "" {
 		opt.Type = TCP
 	}
 	if opt.BindAddr == "" {
 		opt.BindAddr = "127.0.0.1"
 	}
 	if opt.RepeatNum <= 0 {
 		opt.RepeatNum = 1
 	}
 	return &Server{
 		opt: opt,
 	}
 }
 func (s *Server) GetOptions() Options {
 	return s.opt
 }
 func (s *Server) Run() error {
 	if err := s.initListener(); err != nil {
 		return err
 	}
 	go func() {
 		for {
 			c, err := s.l.Accept()
 			if err != nil {
 				return
 			}
 			go s.handle(c)
 		}
 	}()
 	return nil
 }
 func (s *Server) Close() error {
 	if s.l != nil {
 		return s.l.Close()
 	}
 	return nil
 }
 func (s *Server) initListener() (err error) {
 	switch s.opt.Type {
 	case TCP:
 		s.l, err = net.Listen("tcp", fmt.Sprintf("%s:%d", s.opt.BindAddr, s.opt.BindPort))
 	case UDP:
 		s.l, err = fnet.ListenUDP(s.opt.BindAddr, int(s.opt.BindPort))
 	case Unix:
 		s.l, err = net.Listen("unix", s.opt.BindAddr)
 	default:
 		return fmt.Errorf("unknown server type: %s", s.opt.Type)
 	}
 	if err != nil {
 		return
 	}
 	return nil
 }
 func (s *Server) handle(c net.Conn) {
 	defer c.Close()
 	buf := make([]byte, 2048)
 	for {
 		n, err := c.Read(buf)
 		if err != nil {
 			return
 		}
 		var response string
 		if len(s.opt.SpecifiedResponse) > 0 {
 			response = s.opt.SpecifiedResponse
 		} else {
 			response = strings.Repeat(string(buf[:n]), s.opt.RepeatNum)
 		}
 		c.Write([]byte(response))
 	}
 }
--- a/test/e2e/mock/server/server.go
+++ b/test/e2e/mock/server/server.go
@@ -0,0 +1,142 @@
 package server
 import (
 	"fmt"
 	"net"
 	libnet "github.com/fatedier/frp/pkg/util/net"
 )
 type ServerType string
 const (
 	TCP  ServerType = "tcp"
 	UDP  ServerType = "udp"
 	Unix ServerType = "unix"
 )
 type Server struct {
 	netType     ServerType
 	bindAddr    string
 	bindPort    int
 	respContent []byte
 	bufSize     int64
 	echoMode bool
 	l net.Listener
 }
 type Option func(*Server) *Server
 func New(netType ServerType, options ...Option) *Server {
 	s := &Server{
 		netType:  netType,
 		bindAddr: "127.0.0.1",
 		bufSize:  2048,
 	}
 	for _, option := range options {
 		s = option(s)
 	}
 	return s
 }
 func WithBindAddr(addr string) Option {
 	return func(s *Server) *Server {
 		s.bindAddr = addr
 		return s
 	}
 }
 func WithBindPort(port int) Option {
 	return func(s *Server) *Server {
 		s.bindPort = port
 		return s
 	}
 }
 func WithRespContent(content []byte) Option {
 	return func(s *Server) *Server {
 		s.respContent = content
 		return s
 	}
 }
 func WithBufSize(bufSize int64) Option {
 	return func(s *Server) *Server {
 		s.bufSize = bufSize
 		return s
 	}
 }
 func WithEchoMode(echoMode bool) Option {
 	return func(s *Server) *Server {
 		s.echoMode = echoMode
 		return s
 	}
 }
 func (s *Server) Run() error {
 	if err := s.initListener(); err != nil {
 		return err
 	}
 	go func() {
 		for {
 			c, err := s.l.Accept()
 			if err != nil {
 				return
 			}
 			go s.handle(c)
 		}
 	}()
 	return nil
 }
 func (s *Server) Close() error {
 	if s.l != nil {
 		return s.l.Close()
 	}
 	return nil
 }
 func (s *Server) initListener() (err error) {
 	switch s.netType {
 	case TCP:
 		s.l, err = net.Listen("tcp", fmt.Sprintf("%s:%d", s.bindAddr, s.bindPort))
 	case UDP:
 		s.l, err = libnet.ListenUDP(s.bindAddr, s.bindPort)
 	case Unix:
 		s.l, err = net.Listen("unix", s.bindAddr)
 	default:
 		return fmt.Errorf("unknown server type: %s", s.netType)
 	}
 	return err
 }
 func (s *Server) handle(c net.Conn) {
 	defer c.Close()
 	buf := make([]byte, s.bufSize)
 	for {
 		n, err := c.Read(buf)
 		if err != nil {
 			return
 		}
 		if s.echoMode {
 			c.Write(buf[:n])
 		} else {
 			c.Write(s.respContent)
 		}
 	}
 }
 func (s *Server) BindAddr() string {
 	return s.bindAddr
 }
 func (s *Server) BindPort() int {
 	return s.bindPort
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
fatedier	cfd1a3128a	Merge pull request #2426 from fatedier/dev update workflow file	2021-06-03 00:59:21 +08:00
fatedier	2393923870	update build image go version	2021-06-03 00:56:07 +08:00
fatedier	5f594e9a71	fix goreleaser	2021-06-03 00:46:56 +08:00
fatedier	57577ea044	Merge pull request #2425 from fatedier/dev bump version	2021-06-03 00:14:32 +08:00
fatedier	8637077d90	update version	2021-06-03 00:10:35 +08:00
fatedier	ccb85a9926	update README	2021-06-03 00:07:51 +08:00
fatedier	02b12df887	frpc: consider include configs for verify and reload command (#2424 )	2021-06-02 23:54:22 +08:00
fatedier	c32a2ed140	frpc: support 'includes' in common section to include proxy configs in other files(#2421 )	2021-06-02 00:39:05 +08:00
Wu Han	9ae322cccf	readme: fix toc hyperlinx (#2401 )	2021-05-17 17:29:13 +08:00
fatedier	9cebfccb39	cmd: add verify command to verify if config file syntax is valid (#2389 )	2021-05-12 12:15:22 +08:00
fatedier	630dad50ed	web: support sudp in dashboard (#2385 )	2021-05-11 13:37:14 +08:00
fatedier	0d84da91d4	change default value of dashboard_user and dashboard_pwd to empty string (#2383 )	2021-05-10 23:04:26 +08:00
fatedier	2408f1df04	frpc: fix that login_fail_exit invalid if `protocol=kcp` (#2363 )	2021-04-22 18:33:10 +08:00
fatedier	fbaa5f866e	add e2e tests (#2334 )	2021-03-31 16:57:39 +08:00
fatedier	c5c79e4148	Merge pull request #2324 from fatedier/dev bump version v0.36.2	2021-03-22 14:56:48 +08:00
fatedier	9a849a29e9	fix config parse logic (#2323 )	2021-03-22 14:53:30 +08:00
Splash	6b80861bd6	Fix log_file does not work in config files (#2316 )	2021-03-22 11:30:12 +08:00
fatedier	fa0e84382e	autogen code	2021-03-19 17:39:26 +08:00
bobo liu	1a11b28f8d	config: inline is NOT SUPPORTED in encoding/json (#2304 )	2021-03-19 17:36:39 +08:00
YK-Samgo	bed13d7ef1	Support reverseproxy to dashboard with additional parts in path (#2289 ) /api/ -> ../api/ in vendor.js Support reverseproxy to dashboard with addtional parts in path.	2021-03-19 17:31:16 +08:00
fatedier	e7d76b180d	update README.md (#2314 )	2021-03-19 16:06:22 +08:00
wuqing	dba8925eaa	makefile add arm64	2021-03-19 14:01:26 +08:00
fatedier	55da58eca4	Merge pull request #2310 from fatedier/dev bump version	2021-03-18 11:14:56 +08:00
wuqing	fdef7448a7	update version	2021-03-18 11:12:10 +08:00
Chotow	0ff27fc9ac	fix(server): listen udp port failed (#2308 ) fix #2306	2021-03-18 11:05:03 +08:00
fatedier	76a1efccd9	update	2021-03-17 11:43:23 +08:00
fatedier	9f8db314d6	update	2021-03-17 11:43:03 +08:00
fatedier	980f084ad1	Merge pull request #2302 from fatedier/dev bump version	2021-03-15 21:54:52 +08:00
fatedier	0c35863d97	bump version to v0.36.0 (#2301 )	2021-03-15 21:50:47 +08:00
fatedier	184a0ff9ab	update Makefile.cross-compiles and support darwin/arm64 (#2295 )	2021-03-15 21:02:56 +08:00
yuyulei	8e25f13201	update: support ipv6 (#2288 )	2021-03-10 20:19:58 +08:00
yuyulei	b5aee82ca9	update: support custom tls server name (#2278 )	2021-03-07 14:57:23 +08:00
iikira	0a2384a283	fix XTCP error handling (#2273 )	2021-03-03 20:54:46 +08:00
yuyulei	78b8bb7bc6	update docs: add example for building tls certificates (#2251 )	2021-02-22 13:59:21 +08:00
fatedier	8fcd4f4a95	client: reconnect more quickly if it's a dial error (#2240 )	2021-02-18 16:15:35 +08:00
Albert Zhao	976fd81d4d	modify gitignore;fix a typo (#2237 )	2021-02-07 14:07:20 +08:00
Kevin Crawley	52d5c9e25b	initial commit for https2https plugin (#2201 )	2021-01-27 13:14:16 +08:00
Asher Oto	fa89671452	Update README (#2221 ) * Updated README.md - Fixed spelling of PayPal - Added information to TLS section, fixed spelling	2021-01-27 13:07:44 +08:00
yuyulei	3621aad1c1	Reconstruct config (#2098 ) * refactoring config * Update by comments	2021-01-26 11:31:08 +08:00
fatedier	3bf1eb8565	Merge pull request #2216 from fatedier/dev bump version	2021-01-25 16:15:52 +08:00
fatedier	a821db3f45	add release note	2021-01-25 16:06:38 +08:00
fatedier	ecb6ed9258	revert web code (#2215 )	2021-01-25 16:04:33 +08:00
fatedier	b2ae433e18	Merge pull request #2206 from fatedier/dev bump version	2021-01-19 20:56:06 +08:00
fatedier	b26080589b	bump version	2021-01-19 20:51:06 +08:00
yuyulei	aff979c2b6	Merge pull request #2199 from fatedier/fix vhost: set DisableKeepAlives = false and fix websocket not work	2021-01-19 15:40:41 +08:00
fatedier	46f809d711	vhost: set DisableKeepAlives = false and fix websocket not work	2021-01-18 21:49:44 +08:00
yuyulei	72595b2da8	Add user remote address info log (#2184 )	2021-01-11 16:52:17 +08:00
XNG	c842558ace	Reduced log level of "get hostname error" (#2165 ) Reduced log level of "get hostname from http/https request error" to debug so that it won't overwhelms the log file when user is using apache/ngix as their own SSL backend	2020-12-25 13:39:26 +08:00
yuyulei	ed61049041	Bugfix: add ipv6 parsing with address of frps (#2163 )	2020-12-24 21:48:26 +08:00
fatedier	abe6f580c0	update README	2020-12-03 20:41:37 +08:00
fatedier	e940066012	auto generate web assets	2020-12-03 20:23:43 +08:00
hubery	1e846df870	some dashboard refactor (#2101 )	2020-12-03 20:20:48 +08:00
Mike Cardwell	0ab055e946	Allow server plugin to talk to https services. Option for skipping tls verification (#2103 ) * Allow server plugin to talk to https services. Option for skipping tls verification * Rename TlsVerify to TLSVerify * Server plugin should use default http transport when scheme is not https	2020-12-03 14:36:14 +08:00
fatedier	fca59c71e2	clear Release.md	2020-11-23 17:34:09 +08:00
wxiaoguang	fae2f8768d	tweak logs: (#2100 ) * show what config frps uses (config file / command line) * optimize the "start successfully" log message	2020-11-23 17:01:31 +08:00
fatedier	3d9499f554	autogen web assets	2020-11-23 15:21:07 +08:00
hubery	7adeeedd55	fix dashboard horizontal scrollbar (#2096 )	2020-11-23 14:52:55 +08:00
yuyulei	127a31ea6a	Fix typo (#2089 )	2020-11-23 11:38:21 +08:00
fatedier	a85bd9a4d9	update	2020-11-20 20:10:08 +08:00
fatedier	01d551ec8d	update	2020-11-20 18:10:33 +08:00
fatedier	16cabf4127	add .circleci	2020-11-20 18:04:44 +08:00
fatedier	968be4a2c2	use self token	2020-11-20 17:35:06 +08:00
fatedier	aa0a41ee4e	Merge pull request #2088 from fatedier/dev bump version to v0.34.3	2020-11-20 17:04:55 +08:00
fatedier	8a779eb88c	add goreleaser action (#2087 ) * add goreleaser action * change version	2020-11-20 17:00:14 +08:00
蓝云Reyes	0138dbd352	update ISSUE_TEMPLATE (#2061 )	2020-11-09 19:39:56 +08:00
yuyulei	9b45c93c14	Fix set-env in github actions of frp (#2060 )	2020-11-09 16:56:53 +08:00
fatedier	191da54980	.travis.yml add go1.15 and remove go1.13	2020-11-06 15:49:03 +08:00
Dan Ordille	c3b7575453	Add enable_prometheus option as command line flag (#2057 )	2020-11-06 15:33:59 +08:00
		`@@ -1 +1 @@`
			`<!doctype html> <html lang=en> <head> <meta charset=utf-8> <title>frp client admin UI</title> <link rel="shortcut icon" href="favicon.ico"></head> <body> <div id=app></div> <script type="text/javascript" src="manifest.js?d2cd6337d30c7b22e836"></script><script type="text/javascript" src="vendor.js?edb271e1d9c81f857840"></script></body> </html>`				`<!doctype html> <html lang=en> <head> <meta charset=utf-8> <title>frp client admin UI</title> <link rel="shortcut icon" href="favicon.ico"></head> <body> <div id=app></div> <script type="text/javascript" src="manifest.js?5a0eb52788515d02ca46"></script><script type="text/javascript" src="vendor.js?3e5221f064f1295497bf"></script></body> </html>`
		`@@ -1 +1 @@`
			!function(e){function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}var r=window.webpackJsonp;window.webpackJsonp=function(t,c,u){for(var i,a,f,l=0,s=[];l<t.length;l++)a=t[l],o[a]&&s.push(o[a][0]),o[a]=0;for(i in c)Object.prototype.hasOwnProperty.call(c,i)&&(e[i]=c[i]);for(r&&r(t,c,u);s.length;)s.shift()();if(u)for(l=0;l<u.length;l++)f=n(n.s=u[l]);return f};var t={},o={1:0};n.e=function(e){function r(){i.onerror=i.onload=null,clearTimeout(a);var n=o[e];0!==n&&(n&&n[1](new Error("Loading chunk "+e+" failed.")),o[e]=void 0)}var t=o[e];if(0===t)return new Promise(function(e){e()});if(t)return t[2];var c=new Promise(function(n,r){t=o[e]=[n,r]});t[2]=c;var u=document.getElementsByTagName("head")[0],i=document.createElement("script");i.type="text/javascript",i.charset="utf-8",i.async=!0,i.timeout=12e4,n.nc&&i.setAttribute("nonce",n.nc),i.src=n.p+""+e+".js?"+{0:"edb271e1d9c81f857840"}[e];var a=setTimeout(r,12e4);return i.onerror=i.onload=r,u.appendChild(i),c},n.m=e,n.c=t,n.i=function(e){return e},n.d=function(e,r,t){n.o(e,r)\|\|Object.defineProperty(e,r,{configurable:!1,enumerable:!0,get:t})},n.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(r,"a",r),r},n.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},n.p="",n.oe=function(e){throw console.error(e),e}}([]);				!function(e){function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}var r=window.webpackJsonp;window.webpackJsonp=function(t,u,c){for(var i,a,f,l=0,s=[];l<t.length;l++)a=t[l],o[a]&&s.push(o[a][0]),o[a]=0;for(i in u)Object.prototype.hasOwnProperty.call(u,i)&&(e[i]=u[i]);for(r&&r(t,u,c);s.length;)s.shift()();if(c)for(l=0;l<c.length;l++)f=n(n.s=c[l]);return f};var t={},o={1:0};n.e=function(e){function r(){i.onerror=i.onload=null,clearTimeout(a);var n=o[e];0!==n&&(n&&n[1](new Error("Loading chunk "+e+" failed.")),o[e]=void 0)}var t=o[e];if(0===t)return new Promise(function(e){e()});if(t)return t[2];var u=new Promise(function(n,r){t=o[e]=[n,r]});t[2]=u;var c=document.getElementsByTagName("head")[0],i=document.createElement("script");i.type="text/javascript",i.charset="utf-8",i.async=!0,i.timeout=12e4,n.nc&&i.setAttribute("nonce",n.nc),i.src=n.p+""+e+".js?"+{0:"3e5221f064f1295497bf"}[e];var a=setTimeout(r,12e4);return i.onerror=i.onload=r,c.appendChild(i),u},n.m=e,n.c=t,n.i=function(e){return e},n.d=function(e,r,t){n.o(e,r)\|\|Object.defineProperty(e,r,{configurable:!1,enumerable:!0,get:t})},n.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(r,"a",r),r},n.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},n.p="",n.oe=function(e){throw console.error(e),e}}([]);