fix ini configuration default values

2025-08-02 03:59:03 +00:00 · 2024-05-30 10:26:00 +08:00
54 changed files with 177 additions and 659 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,4 +1,4 @@
 # These are supported funding model platforms
 github: [fatedier]
-custom: ["https://afdian.com/a/fatedier"]
+custom: ["https://afdian.net/a/fatedier"]
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -17,13 +17,13 @@ jobs:
    - uses: actions/checkout@v4
    - uses: actions/setup-go@v5
      with:
-        go-version: '1.23'
+        go-version: '1.22'
        cache: false
    - name: golangci-lint
      uses: golangci/golangci-lint-action@v4
      with:
        # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-        version: v1.61
+        version: v1.57
        # Optional: golangci-lint command line arguments.
        # args: --issues-exit-code=0
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -15,7 +15,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
-          go-version: '1.23'
+          go-version: '1.22'
      - name: Make All
        run: |
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,5 +1,5 @@
 service:
-  golangci-lint-version: 1.61.x # use the fixed version to not introduce new linters unexpectedly
+  golangci-lint-version: 1.57.x # use the fixed version to not introduce new linters unexpectedly
 run:
  concurrency: 4
@@ -14,7 +14,7 @@ linters:
  enable:
  - unused
  - errcheck
-  - copyloopvar
+  - exportloopref
  - gocritic
  - gofumpt
  - goimports
@@ -88,9 +88,7 @@ linters-settings:
    excludes:
    - G401
    - G402
    - G404
    - G501
    - G115 # integer overflow conversion
 issues:
  # List of regexps of issue texts to exclude, empty list by default.
--- a/Makefile.cross-compiles
+++ b/Makefile.cross-compiles
@@ -2,7 +2,7 @@ export PATH := $(PATH):`go env GOPATH`/bin
 export GO111MODULE=on
 LDFLAGS := -s -w
-os-archs=darwin:amd64 darwin:arm64 freebsd:amd64 linux:amd64 linux:arm:7 linux:arm:5 linux:arm64 windows:amd64 windows:arm64 linux:mips64 linux:mips64le linux:mips:softfloat linux:mipsle:softfloat linux:riscv64 linux:loong64 android:arm64
+os-archs=darwin:amd64 darwin:arm64 freebsd:amd64 linux:amd64 linux:arm:7 linux:arm:5 linux:arm64 windows:amd64 windows:arm64 linux:mips64 linux:mips64le linux:mips:softfloat linux:mipsle:softfloat linux:riscv64 android:arm64
 all: build
--- a/README.md
+++ b/README.md
@@ -11,17 +11,11 @@
 <!--gold sponsors start-->
 <p align="center">
  <a href="https://workos.com/?utm_campaign=github_repo&utm_medium=referral&utm_content=frp&utm_source=github" target="_blank">
-    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_workos.png">
+    <img width="350px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_workos.png">
  </a>
-</p>
+  <a>&nbsp</a>
 <p align="center">
  <a href="https://github.com/daytonaio/daytona" target="_blank">
-    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_daytona.png">
+    <img width="360px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_daytona.png">
  </a>
 </p>
 <p align="center">
  <a href="https://github.com/beclab/terminus" target="_blank">
    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_terminusos.jpeg">
  </a>
 </p>
 <!--gold sponsors end-->
--- a/README_zh.md
+++ b/README_zh.md
@@ -13,17 +13,11 @@ frp 是一个专注于内网穿透的高性能的反向代理应用，支持 TCP
 <!--gold sponsors start-->
 <p align="center">
  <a href="https://workos.com/?utm_campaign=github_repo&utm_medium=referral&utm_content=frp&utm_source=github" target="_blank">
-    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_workos.png">
+    <img width="350px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_workos.png">
  </a>
-</p>
+  <a>&nbsp</a>
 <p align="center">
  <a href="https://github.com/daytonaio/daytona" target="_blank">
-    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_daytona.png">
+    <img width="360px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_daytona.png">
  </a>
 </p>
 <p align="center">
  <a href="https://github.com/beclab/terminus" target="_blank">
    <img width="420px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_terminusos.jpeg">
  </a>
 </p>
 <!--gold sponsors end-->
@@ -95,7 +89,7 @@ frp 是一个免费且开源的项目，我们欢迎任何人为其开发和进
 您可以通过 [GitHub Sponsors](https://github.com/sponsors/fatedier) 赞助我们。
-国内用户可以通过 [爱发电](https://afdian.com/a/fatedier) 赞助我们。
+国内用户可以通过 [爱发电](https://afdian.net/a/fatedier) 赞助我们。
 企业赞助者可以将贵公司的 Logo 以及链接放置在项目 README 文件中。
--- a/Release.md
+++ b/Release.md
@@ -1,4 +1,9 @@
-### Features
+### Fixes
-* The frpc visitor command-line parameter adds the `--server-user` option to specify the username of the server-side proxy to connect to.
+* Fixed an issue where HTTP/2 was not enabled for https2http and https2https plugins.
-* Support multiple frpc instances with different subjects when using oidc authentication.
+* Fixed the issue where the default values of INI configuration parameters are inconsistent with other configuration formats.
 ### Changes
 * Updated the default value of `transport.tcpMuxKeepaliveInterval` from 60 to 30.
 * On the Android platform, the Google DNS server is used only when the default DNS server cannot be obtained.
--- a/client/control.go
+++ b/client/control.go
@@ -230,7 +230,7 @@ func (ctl *Control) registerMsgHandlers() {
 	ctl.msgDispatcher.RegisterHandler(&msg.Pong{}, ctl.handlePong)
 }
-// heartbeatWorker sends heartbeat to server and check heartbeat timeout.
+// headerWorker sends heartbeat to server and check heartbeat timeout.
 func (ctl *Control) heartbeatWorker() {
 	xl := ctl.xl
--- a/client/proxy/proxy.go
+++ b/client/proxy/proxy.go
@@ -192,7 +192,7 @@ func (pxy *BaseProxy) HandleTCPWorkConnection(workConn net.Conn, m *msg.StartWor
 	if pxy.proxyPlugin != nil {
 		// if plugin is set, let plugin handle connection first
 		xl.Debugf("handle by plugin: %s", pxy.proxyPlugin.Name())
-		pxy.proxyPlugin.Handle(pxy.ctx, remote, workConn, &extraInfo)
+		pxy.proxyPlugin.Handle(remote, workConn, &extraInfo)
 		xl.Debugf("handle by plugin finished")
 		return
 	}
--- a/client/proxy/proxy_wrapper.go
+++ b/client/proxy/proxy_wrapper.go
@@ -137,7 +137,7 @@ func (pw *Wrapper) SetRunningStatus(remoteAddr string, respErr string) error {
 		pw.Phase = ProxyPhaseStartErr
 		pw.Err = respErr
 		pw.lastStartErr = time.Now()
-		return fmt.Errorf("%s", pw.Err)
+		return fmt.Errorf(pw.Err)
 	}
 	if err := pw.pxy.Run(); err != nil {
--- a/client/service.go
+++ b/client/service.go
@@ -169,15 +169,6 @@ func (svr *Service) Run(ctx context.Context) error {
 		netpkg.SetDefaultDNSAddress(svr.common.DNSServer)
 	}
 	if svr.webServer != nil {
 		go func() {
 			log.Infof("admin server listen on %s", svr.webServer.Address())
 			if err := svr.webServer.Run(); err != nil {
 				log.Warnf("admin server exit with error: %v", err)
 			}
 		}()
 	}
 	// first login to frps
 	svr.loopLoginUntilSuccess(10*time.Second, lo.FromPtr(svr.common.LoginFailExit))
 	if svr.ctl == nil {
@@ -188,6 +179,14 @@ func (svr *Service) Run(ctx context.Context) error {
 	go svr.keepControllerWorking()
 	if svr.webServer != nil {
 		go func() {
 			log.Infof("admin server listen on %s", svr.webServer.Address())
 			if err := svr.webServer.Run(); err != nil {
 				log.Warnf("admin server exit with error: %v", err)
 			}
 		}()
 	}
 	<-svr.ctx.Done()
 	svr.stop()
 	return nil
--- a/cmd/frpc/sub/admin.go
+++ b/cmd/frpc/sub/admin.go
@@ -15,11 +15,9 @@
 package sub
 import (
 	"context"
 	"fmt"
 	"os"
 	"strings"
 	"time"
 	"github.com/rodaine/table"
 	"github.com/spf13/cobra"
@@ -29,24 +27,24 @@ import (
 	clientsdk "github.com/fatedier/frp/pkg/sdk/client"
 )
 var adminAPITimeout = 30 * time.Second
 func init() {
-	commands := []struct {
+	rootCmd.AddCommand(NewAdminCommand(
-		name        string
+		"reload",
-		description string
+		"Hot-Reload frpc configuration",
-		handler     func(*v1.ClientCommonConfig) error
+		ReloadHandler,
-	}{
+	))
 		{"reload", "Hot-Reload frpc configuration", ReloadHandler},
 		{"status", "Overview of all proxies status", StatusHandler},
 		{"stop", "Stop the running frpc", StopHandler},
 	}
-	for _, cmdConfig := range commands {
+	rootCmd.AddCommand(NewAdminCommand(
-		cmd := NewAdminCommand(cmdConfig.name, cmdConfig.description, cmdConfig.handler)
+		"status",
-		cmd.Flags().DurationVar(&adminAPITimeout, "api-timeout", adminAPITimeout, "Timeout for admin API calls")
+		"Overview of all proxies status",
-		rootCmd.AddCommand(cmd)
+		StatusHandler,
-	}
+	))
 	rootCmd.AddCommand(NewAdminCommand(
 		"stop",
 		"Stop the running frpc",
 		StopHandler,
 	))
 }
 func NewAdminCommand(name, short string, handler func(*v1.ClientCommonConfig) error) *cobra.Command {
@@ -75,9 +73,7 @@ func NewAdminCommand(name, short string, handler func(*v1.ClientCommonConfig) er
 func ReloadHandler(clientCfg *v1.ClientCommonConfig) error {
 	client := clientsdk.New(clientCfg.WebServer.Addr, clientCfg.WebServer.Port)
 	client.SetAuth(clientCfg.WebServer.User, clientCfg.WebServer.Password)
-	ctx, cancel := context.WithTimeout(context.Background(), adminAPITimeout)
+	if err := client.Reload(strictConfigMode); err != nil {
 	defer cancel()
 	if err := client.Reload(ctx, strictConfigMode); err != nil {
 		return err
 	}
 	fmt.Println("reload success")
@@ -87,9 +83,7 @@ func ReloadHandler(clientCfg *v1.ClientCommonConfig) error {
 func StatusHandler(clientCfg *v1.ClientCommonConfig) error {
 	client := clientsdk.New(clientCfg.WebServer.Addr, clientCfg.WebServer.Port)
 	client.SetAuth(clientCfg.WebServer.User, clientCfg.WebServer.Password)
-	ctx, cancel := context.WithTimeout(context.Background(), adminAPITimeout)
+	res, err := client.GetAllProxyStatus()
 	defer cancel()
 	res, err := client.GetAllProxyStatus(ctx)
 	if err != nil {
 		return err
 	}
@@ -115,9 +109,7 @@ func StatusHandler(clientCfg *v1.ClientCommonConfig) error {
 func StopHandler(clientCfg *v1.ClientCommonConfig) error {
 	client := clientsdk.New(clientCfg.WebServer.Addr, clientCfg.WebServer.Port)
 	client.SetAuth(clientCfg.WebServer.User, clientCfg.WebServer.Password)
-	ctx, cancel := context.WithTimeout(context.Background(), adminAPITimeout)
+	if err := client.Stop(); err != nil {
 	defer cancel()
 	if err := client.Stop(ctx); err != nil {
 		return err
 	}
 	fmt.Println("stop success")
--- a/conf/frpc_full_example.toml
+++ b/conf/frpc_full_example.toml
@@ -315,26 +315,6 @@ localAddr = "127.0.0.1:443"
 hostHeaderRewrite = "127.0.0.1"
 requestHeaders.set.x-from-where = "frp"
 [[proxies]]
 name = "plugin_http2http"
 type = "tcp"
 remotePort = 6007
 [proxies.plugin]
 type = "http2http"
 localAddr = "127.0.0.1:80"
 hostHeaderRewrite = "127.0.0.1"
 requestHeaders.set.x-from-where = "frp"
 [[proxies]]
 name = "plugin_tls2raw"
 type = "tcp"
 remotePort = 6008
 [proxies.plugin]
 type = "tls2raw"
 localAddr = "127.0.0.1:80"
 crtPath = "./server.crt"
 keyPath = "./server.key"
 [[proxies]]
 name = "secret_tcp"
 # If the type is secret tcp, remotePort is useless
--- a/doc/pic/donate-wechatpay.png
+++ b/doc/pic/donate-wechatpay.png
--- a/doc/pic/sponsor_daytona.png
+++ b/doc/pic/sponsor_daytona.png
--- a/doc/pic/sponsor_doppler.png
+++ b/doc/pic/sponsor_doppler.png
--- a/doc/pic/sponsor_lokal.png
+++ b/doc/pic/sponsor_lokal.png
--- a/doc/pic/sponsor_nango.png
+++ b/doc/pic/sponsor_nango.png
--- a/doc/pic/sponsor_terminusos.jpeg
+++ b/doc/pic/sponsor_terminusos.jpeg
--- a/dockerfiles/Dockerfile-for-frpc
+++ b/dockerfiles/Dockerfile-for-frpc
@@ -1,4 +1,4 @@
-FROM golang:1.23 AS building
+FROM golang:1.22 AS building
 COPY . /building
 WORKDIR /building
--- a/dockerfiles/Dockerfile-for-frps
+++ b/dockerfiles/Dockerfile-for-frps
@@ -1,4 +1,4 @@
-FROM golang:1.23 AS building
+FROM golang:1.22 AS building
 COPY . /building
 WORKDIR /building
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.9.0
 	github.com/tidwall/gjson v1.17.1
-	github.com/xtaci/kcp-go/v5 v5.6.13
+	github.com/xtaci/kcp-go/v5 v5.6.8
 	golang.org/x/crypto v0.22.0
 	golang.org/x/net v0.24.0
 	golang.org/x/oauth2 v0.16.0
@@ -59,8 +59,9 @@ require (
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
-	github.com/templexxx/cpu v0.1.1 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
-	github.com/templexxx/xorsimd v0.4.3 // indirect
+	github.com/templexxx/cpu v0.1.0 // indirect
 	github.com/templexxx/xorsimd v0.4.2 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
 	github.com/tjfoc/gmsm v1.4.1 // indirect
--- a/go.sum
+++ b/go.sum
@@ -116,8 +116,8 @@ github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rodaine/table v1.2.0 h1:38HEnwK4mKSHQJIkavVj+bst1TEY7j9zhLMWu4QJrMA=
 github.com/rodaine/table v1.2.0/go.mod h1:wejb/q/Yd4T/SVmBSRMr7GCq3KlcZp3gyNYdLSBhkaE=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
-github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA=
 github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
@@ -136,10 +136,10 @@ github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/templexxx/cpu v0.1.1 h1:isxHaxBXpYFWnk2DReuKkigaZyrjs2+9ypIdGP4h+HI=
+github.com/templexxx/cpu v0.1.0 h1:wVM+WIJP2nYaxVxqgHPD4wGA2aJ9rvrQRV8CvFzNb40=
-github.com/templexxx/cpu v0.1.1/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
+github.com/templexxx/cpu v0.1.0/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
-github.com/templexxx/xorsimd v0.4.3 h1:9AQTFHd7Bhk3dIT7Al2XeBX5DWOvsUPZCuhyAtNbHjU=
+github.com/templexxx/xorsimd v0.4.2 h1:ocZZ+Nvu65LGHmCLZ7OoCtg8Fx8jnHKK37SjvngUoVI=
-github.com/templexxx/xorsimd v0.4.3/go.mod h1:oZQcD6RFDisW2Am58dSAGwwL6rHjbzrlu25VDqfWkQg=
+github.com/templexxx/xorsimd v0.4.2/go.mod h1:HgwaPoDREdi6OnULpSfxhzaiiSUY4Fi3JPn1wpt28NI=
 github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U=
 github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
@@ -148,8 +148,8 @@ github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
 github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
-github.com/xtaci/kcp-go/v5 v5.6.13 h1:FEjtz9+D4p8t2x4WjciGt/jsIuhlWjjgPCCWjrVR4Hk=
+github.com/xtaci/kcp-go/v5 v5.6.8 h1:jlI/0jAyjoOjT/SaGB58s4bQMJiNS41A2RKzR6TMWeI=
-github.com/xtaci/kcp-go/v5 v5.6.13/go.mod h1:75S1AKYYzNUSXIv30h+jPKJYZUwqpfvLshu63nCNSOM=
+github.com/xtaci/kcp-go/v5 v5.6.8/go.mod h1:oE9j2NVqAkuKO5o8ByKGch3vgVX3BNf8zqP8JiGq0bM=
 github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 h1:EWU6Pktpas0n8lLQwDsRyZfmkPeRbdgPtW609es+/9E=
 github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37/go.mod h1:HpMP7DB2CyokmAh4lp0EQnnWhmycP/TvwBGzvuie+H0=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
--- a/package.sh
+++ b/package.sh
@@ -18,7 +18,7 @@ rm -rf ./release/packages
 mkdir -p ./release/packages
 os_all='linux windows darwin freebsd android'
-arch_all='386 amd64 arm arm64 mips64 mips64le mips mipsle riscv64 loong64'
+arch_all='386 amd64 arm arm64 mips64 mips64le mips mipsle riscv64'
 extra_all='_ hf'
 cd ./release
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -50,8 +50,7 @@ func NewAuthVerifier(cfg v1.AuthServerConfig) (authVerifier Verifier) {
 	case v1.AuthMethodToken:
 		authVerifier = NewTokenAuth(cfg.AdditionalScopes, cfg.Token)
 	case v1.AuthMethodOIDC:
-		tokenVerifier := NewTokenVerifier(cfg.OIDC)
+		authVerifier = NewOidcAuthVerifier(cfg.AdditionalScopes, cfg.OIDC)
 		authVerifier = NewOidcAuthVerifier(cfg.AdditionalScopes, tokenVerifier)
 	}
 	return authVerifier
 }
--- a/pkg/auth/oidc.go
+++ b/pkg/auth/oidc.go
@@ -87,18 +87,14 @@ func (auth *OidcAuthProvider) SetNewWorkConn(newWorkConnMsg *msg.NewWorkConn) (e
 	return err
 }
 type TokenVerifier interface {
 	Verify(context.Context, string) (*oidc.IDToken, error)
 }
 type OidcAuthConsumer struct {
 	additionalAuthScopes []v1.AuthScope
-	verifier          TokenVerifier
+	verifier         *oidc.IDTokenVerifier
-	subjectsFromLogin []string
+	subjectFromLogin string
 }
-func NewTokenVerifier(cfg v1.AuthOIDCServerConfig) TokenVerifier {
+func NewOidcAuthVerifier(additionalAuthScopes []v1.AuthScope, cfg v1.AuthOIDCServerConfig) *OidcAuthConsumer {
 	provider, err := oidc.NewProvider(context.Background(), cfg.Issuer)
 	if err != nil {
 		panic(err)
@@ -109,14 +105,9 @@ func NewTokenVerifier(cfg v1.AuthOIDCServerConfig) TokenVerifier {
 		SkipExpiryCheck:   cfg.SkipExpiryCheck,
 		SkipIssuerCheck:   cfg.SkipIssuerCheck,
 	}
 	return provider.Verifier(&verifierConf)
 }
 func NewOidcAuthVerifier(additionalAuthScopes []v1.AuthScope, verifier TokenVerifier) *OidcAuthConsumer {
 	return &OidcAuthConsumer{
 		additionalAuthScopes: additionalAuthScopes,
-		verifier:             verifier,
+		verifier:             provider.Verifier(&verifierConf),
 		subjectsFromLogin:    []string{},
 	}
 }
@@ -125,9 +116,7 @@ func (auth *OidcAuthConsumer) VerifyLogin(loginMsg *msg.Login) (err error) {
 	if err != nil {
 		return fmt.Errorf("invalid OIDC token in login: %v", err)
 	}
-	if !slices.Contains(auth.subjectsFromLogin, token.Subject) {
+	auth.subjectFromLogin = token.Subject
 		auth.subjectsFromLogin = append(auth.subjectsFromLogin, token.Subject)
 	}
 	return nil
 }
@@ -136,11 +125,11 @@ func (auth *OidcAuthConsumer) verifyPostLoginToken(privilegeKey string) (err err
 	if err != nil {
 		return fmt.Errorf("invalid OIDC token in ping: %v", err)
 	}
-	if !slices.Contains(auth.subjectsFromLogin, token.Subject) {
+	if token.Subject != auth.subjectFromLogin {
 		return fmt.Errorf("received different OIDC subject in login and ping. "+
-			"original subjects: %s, "+
+			"original subject: %s, "+
 			"new subject: %s",
-			auth.subjectsFromLogin, token.Subject)
+			auth.subjectFromLogin, token.Subject)
 	}
 	return nil
 }
--- a/pkg/auth/oidc_test.go
+++ b/pkg/auth/oidc_test.go
@@ -1,64 +0,0 @@
 package auth_test
 import (
 	"context"
 	"testing"
 	"time"
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/stretchr/testify/require"
 	"github.com/fatedier/frp/pkg/auth"
 	v1 "github.com/fatedier/frp/pkg/config/v1"
 	"github.com/fatedier/frp/pkg/msg"
 )
 type mockTokenVerifier struct{}
 func (m *mockTokenVerifier) Verify(ctx context.Context, subject string) (*oidc.IDToken, error) {
 	return &oidc.IDToken{
 		Subject: subject,
 	}, nil
 }
 func TestPingWithEmptySubjectFromLoginFails(t *testing.T) {
 	r := require.New(t)
 	consumer := auth.NewOidcAuthVerifier([]v1.AuthScope{v1.AuthScopeHeartBeats}, &mockTokenVerifier{})
 	err := consumer.VerifyPing(&msg.Ping{
 		PrivilegeKey: "ping-without-login",
 		Timestamp:    time.Now().UnixMilli(),
 	})
 	r.Error(err)
 	r.Contains(err.Error(), "received different OIDC subject in login and ping")
 }
 func TestPingAfterLoginWithNewSubjectSucceeds(t *testing.T) {
 	r := require.New(t)
 	consumer := auth.NewOidcAuthVerifier([]v1.AuthScope{v1.AuthScopeHeartBeats}, &mockTokenVerifier{})
 	err := consumer.VerifyLogin(&msg.Login{
 		PrivilegeKey: "ping-after-login",
 	})
 	r.NoError(err)
 	err = consumer.VerifyPing(&msg.Ping{
 		PrivilegeKey: "ping-after-login",
 		Timestamp:    time.Now().UnixMilli(),
 	})
 	r.NoError(err)
 }
 func TestPingAfterLoginWithDifferentSubjectFails(t *testing.T) {
 	r := require.New(t)
 	consumer := auth.NewOidcAuthVerifier([]v1.AuthScope{v1.AuthScopeHeartBeats}, &mockTokenVerifier{})
 	err := consumer.VerifyLogin(&msg.Login{
 		PrivilegeKey: "login-with-first-subject",
 	})
 	r.NoError(err)
 	err = consumer.VerifyPing(&msg.Ping{
 		PrivilegeKey: "ping-with-different-subject",
 		Timestamp:    time.Now().UnixMilli(),
 	})
 	r.Error(err)
 	r.Contains(err.Error(), "received different OIDC subject in login and ping")
 }
--- a/pkg/config/flags.go
+++ b/pkg/config/flags.go
@@ -140,7 +140,6 @@ func registerVisitorBaseConfigFlags(cmd *cobra.Command, c *v1.VisitorBaseConfig,
 	cmd.Flags().BoolVarP(&c.Transport.UseCompression, "uc", "", false, "use compression")
 	cmd.Flags().StringVarP(&c.SecretKey, "sk", "", "", "secret key")
 	cmd.Flags().StringVarP(&c.ServerName, "server_name", "", "", "server name")
 	cmd.Flags().StringVarP(&c.ServerUser, "server-user", "", "", "server user")
 	cmd.Flags().StringVarP(&c.BindAddr, "bind_addr", "", "", "bind addr")
 	cmd.Flags().IntVarP(&c.BindPort, "bind_port", "", 0, "bind port")
 }
--- a/pkg/config/types/types.go
+++ b/pkg/config/types/types.go
@@ -159,18 +159,18 @@ func NewPortsRangeSliceFromString(str string) ([]PortsRange, error) {
 			out = append(out, PortsRange{Single: int(singleNum)})
 		case 2:
 			// range numbers
-			minNum, err := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
+			min, err := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
 			if err != nil {
 				return nil, fmt.Errorf("range number is invalid, %v", err)
 			}
-			maxNum, err := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
+			max, err := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
 			if err != nil {
 				return nil, fmt.Errorf("range number is invalid, %v", err)
 			}
-			if maxNum < minNum {
+			if max < min {
 				return nil, fmt.Errorf("range number is invalid")
 			}
-			out = append(out, PortsRange{Start: int(minNum), End: int(maxNum)})
+			out = append(out, PortsRange{Start: int(min), End: int(max)})
 		default:
 			return nil, fmt.Errorf("range number is invalid")
 		}
--- a/pkg/config/v1/plugin.go
+++ b/pkg/config/v1/plugin.go
@@ -20,15 +20,9 @@ import (
 	"errors"
 	"fmt"
 	"reflect"
 	"github.com/samber/lo"
 	"github.com/fatedier/frp/pkg/util/util"
 )
-type ClientPluginOptions interface {
+type ClientPluginOptions interface{}
 	Complete()
 }
 type TypedClientPluginOptions struct {
 	Type string `json:"type"`
@@ -79,11 +73,9 @@ const (
 	PluginHTTPProxy        = "http_proxy"
 	PluginHTTPS2HTTP       = "https2http"
 	PluginHTTPS2HTTPS      = "https2https"
 	PluginHTTP2HTTP        = "http2http"
 	PluginSocks5           = "socks5"
 	PluginStaticFile       = "static_file"
 	PluginUnixDomainSocket = "unix_domain_socket"
 	PluginTLS2Raw          = "tls2raw"
 )
 var clientPluginOptionsTypeMap = map[string]reflect.Type{
@@ -91,11 +83,9 @@ var clientPluginOptionsTypeMap = map[string]reflect.Type{
 	PluginHTTPProxy:        reflect.TypeOf(HTTPProxyPluginOptions{}),
 	PluginHTTPS2HTTP:       reflect.TypeOf(HTTPS2HTTPPluginOptions{}),
 	PluginHTTPS2HTTPS:      reflect.TypeOf(HTTPS2HTTPSPluginOptions{}),
 	PluginHTTP2HTTP:        reflect.TypeOf(HTTP2HTTPPluginOptions{}),
 	PluginSocks5:           reflect.TypeOf(Socks5PluginOptions{}),
 	PluginStaticFile:       reflect.TypeOf(StaticFilePluginOptions{}),
 	PluginUnixDomainSocket: reflect.TypeOf(UnixDomainSocketPluginOptions{}),
 	PluginTLS2Raw:          reflect.TypeOf(TLS2RawPluginOptions{}),
 }
 type HTTP2HTTPSPluginOptions struct {
@@ -105,61 +95,36 @@ type HTTP2HTTPSPluginOptions struct {
 	RequestHeaders    HeaderOperations `json:"requestHeaders,omitempty"`
 }
 func (o *HTTP2HTTPSPluginOptions) Complete() {}
 type HTTPProxyPluginOptions struct {
 	Type         string `json:"type,omitempty"`
 	HTTPUser     string `json:"httpUser,omitempty"`
 	HTTPPassword string `json:"httpPassword,omitempty"`
 }
 func (o *HTTPProxyPluginOptions) Complete() {}
 type HTTPS2HTTPPluginOptions struct {
 	Type              string           `json:"type,omitempty"`
 	LocalAddr         string           `json:"localAddr,omitempty"`
 	HostHeaderRewrite string           `json:"hostHeaderRewrite,omitempty"`
 	RequestHeaders    HeaderOperations `json:"requestHeaders,omitempty"`
 	EnableHTTP2       *bool            `json:"enableHTTP2,omitempty"`
 	CrtPath           string           `json:"crtPath,omitempty"`
 	KeyPath           string           `json:"keyPath,omitempty"`
 }
 func (o *HTTPS2HTTPPluginOptions) Complete() {
 	o.EnableHTTP2 = util.EmptyOr(o.EnableHTTP2, lo.ToPtr(true))
 }
 type HTTPS2HTTPSPluginOptions struct {
 	Type              string           `json:"type,omitempty"`
 	LocalAddr         string           `json:"localAddr,omitempty"`
 	HostHeaderRewrite string           `json:"hostHeaderRewrite,omitempty"`
 	RequestHeaders    HeaderOperations `json:"requestHeaders,omitempty"`
 	EnableHTTP2       *bool            `json:"enableHTTP2,omitempty"`
 	CrtPath           string           `json:"crtPath,omitempty"`
 	KeyPath           string           `json:"keyPath,omitempty"`
 }
 func (o *HTTPS2HTTPSPluginOptions) Complete() {
 	o.EnableHTTP2 = util.EmptyOr(o.EnableHTTP2, lo.ToPtr(true))
 }
 type HTTP2HTTPPluginOptions struct {
 	Type              string           `json:"type,omitempty"`
 	LocalAddr         string           `json:"localAddr,omitempty"`
 	HostHeaderRewrite string           `json:"hostHeaderRewrite,omitempty"`
 	RequestHeaders    HeaderOperations `json:"requestHeaders,omitempty"`
 }
 func (o *HTTP2HTTPPluginOptions) Complete() {}
 type Socks5PluginOptions struct {
 	Type     string `json:"type,omitempty"`
 	Username string `json:"username,omitempty"`
 	Password string `json:"password,omitempty"`
 }
 func (o *Socks5PluginOptions) Complete() {}
 type StaticFilePluginOptions struct {
 	Type         string `json:"type,omitempty"`
 	LocalPath    string `json:"localPath,omitempty"`
@@ -168,20 +133,7 @@ type StaticFilePluginOptions struct {
 	HTTPPassword string `json:"httpPassword,omitempty"`
 }
 func (o *StaticFilePluginOptions) Complete() {}
 type UnixDomainSocketPluginOptions struct {
 	Type     string `json:"type,omitempty"`
 	UnixPath string `json:"unixPath,omitempty"`
 }
 func (o *UnixDomainSocketPluginOptions) Complete() {}
 type TLS2RawPluginOptions struct {
 	Type      string `json:"type,omitempty"`
 	LocalAddr string `json:"localAddr,omitempty"`
 	CrtPath   string `json:"crtPath,omitempty"`
 	KeyPath   string `json:"keyPath,omitempty"`
 }
 func (o *TLS2RawPluginOptions) Complete() {}
--- a/pkg/config/v1/proxy.go
+++ b/pkg/config/v1/proxy.go
@@ -127,10 +127,6 @@ func (c *ProxyBaseConfig) Complete(namePrefix string) {
 	c.Name = lo.Ternary(namePrefix == "", "", namePrefix+".") + c.Name
 	c.LocalIP = util.EmptyOr(c.LocalIP, "127.0.0.1")
 	c.Transport.BandwidthLimitMode = util.EmptyOr(c.Transport.BandwidthLimitMode, types.BandwidthLimitModeClient)
 	if c.Plugin.ClientPluginOptions != nil {
 		c.Plugin.ClientPluginOptions.Complete()
 	}
 }
 func (c *ProxyBaseConfig) MarshalToMsg(m *msg.NewProxy) {
--- a/pkg/config/v1/validation/plugin.go
+++ b/pkg/config/v1/validation/plugin.go
@@ -32,8 +32,6 @@ func ValidateClientPluginOptions(c v1.ClientPluginOptions) error {
 		return validateStaticFilePluginOptions(v)
 	case *v1.UnixDomainSocketPluginOptions:
 		return validateUnixDomainSocketPluginOptions(v)
 	case *v1.TLS2RawPluginOptions:
 		return validateTLS2RawPluginOptions(v)
 	}
 	return nil
 }
@@ -72,10 +70,3 @@ func validateUnixDomainSocketPluginOptions(c *v1.UnixDomainSocketPluginOptions)
 	}
 	return nil
 }
 func validateTLS2RawPluginOptions(c *v1.TLS2RawPluginOptions) error {
 	if c.LocalAddr == "" {
 		return errors.New("localAddr is required")
 	}
 	return nil
 }
--- a/pkg/nathole/utils.go
+++ b/pkg/nathole/utils.go
@@ -78,9 +78,9 @@ func ListAllLocalIPs() ([]net.IP, error) {
 	return ips, nil
 }
-func ListLocalIPsForNatHole(maxItems int) ([]string, error) {
+func ListLocalIPsForNatHole(max int) ([]string, error) {
-	if maxItems <= 0 {
+	if max <= 0 {
-		return nil, fmt.Errorf("maxItems must be greater than 0")
+		return nil, fmt.Errorf("max must be greater than 0")
 	}
 	ips, err := ListAllLocalIPs()
@@ -88,9 +88,9 @@ func ListLocalIPsForNatHole(maxItems int) ([]string, error) {
 		return nil, err
 	}
-	filtered := make([]string, 0, maxItems)
+	filtered := make([]string, 0, max)
 	for _, ip := range ips {
-		if len(filtered) >= maxItems {
+		if len(filtered) >= max {
 			break
 		}
--- a/pkg/plugin/client/http2http.go
+++ b/pkg/plugin/client/http2http.go
@@ -1,94 +0,0 @@
 // Copyright 2024 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //go:build !frps
 package plugin
 import (
 	"context"
 	"io"
 	stdlog "log"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"github.com/fatedier/golib/pool"
 	v1 "github.com/fatedier/frp/pkg/config/v1"
 	"github.com/fatedier/frp/pkg/util/log"
 	netpkg "github.com/fatedier/frp/pkg/util/net"
 )
 func init() {
 	Register(v1.PluginHTTP2HTTP, NewHTTP2HTTPPlugin)
 }
 type HTTP2HTTPPlugin struct {
 	opts *v1.HTTP2HTTPPluginOptions
 	l *Listener
 	s *http.Server
 }
 func NewHTTP2HTTPPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 	opts := options.(*v1.HTTP2HTTPPluginOptions)
 	listener := NewProxyListener()
 	p := &HTTP2HTTPPlugin{
 		opts: opts,
 		l:    listener,
 	}
 	rp := &httputil.ReverseProxy{
 		Rewrite: func(r *httputil.ProxyRequest) {
 			req := r.Out
 			req.URL.Scheme = "http"
 			req.URL.Host = p.opts.LocalAddr
 			if p.opts.HostHeaderRewrite != "" {
 				req.Host = p.opts.HostHeaderRewrite
 			}
 			for k, v := range p.opts.RequestHeaders.Set {
 				req.Header.Set(k, v)
 			}
 		},
 		BufferPool: pool.NewBuffer(32 * 1024),
 		ErrorLog:   stdlog.New(log.NewWriteLogger(log.WarnLevel, 2), "", 0),
 	}
 	p.s = &http.Server{
 		Handler:           rp,
 		ReadHeaderTimeout: 0,
 	}
 	go func() {
 		_ = p.s.Serve(listener)
 	}()
 	return p, nil
 }
 func (p *HTTP2HTTPPlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	_ = p.l.PutConn(wrapConn)
 }
 func (p *HTTP2HTTPPlugin) Name() string {
 	return v1.PluginHTTP2HTTP
 }
 func (p *HTTP2HTTPPlugin) Close() error {
 	return p.s.Close()
 }
--- a/pkg/plugin/client/http2https.go
+++ b/pkg/plugin/client/http2https.go
@@ -17,7 +17,6 @@
 package plugin
 import (
 	"context"
 	"crypto/tls"
 	"io"
 	stdlog "log"
@@ -89,7 +88,7 @@ func NewHTTP2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 	return p, nil
 }
-func (p *HTTP2HTTPSPlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (p *HTTP2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	_ = p.l.PutConn(wrapConn)
 }
--- a/pkg/plugin/client/http_proxy.go
+++ b/pkg/plugin/client/http_proxy.go
@@ -18,7 +18,6 @@ package plugin
 import (
 	"bufio"
 	"context"
 	"encoding/base64"
 	"io"
 	"net"
@@ -69,7 +68,7 @@ func (hp *HTTPProxy) Name() string {
 	return v1.PluginHTTPProxy
 }
-func (hp *HTTPProxy) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (hp *HTTPProxy) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	sc, rd := libnet.NewSharedConn(wrapConn)
--- a/pkg/plugin/client/https2http.go
+++ b/pkg/plugin/client/https2http.go
@@ -17,7 +17,6 @@
 package plugin
 import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	"io"
@@ -28,11 +27,9 @@ import (
 	"time"
 	"github.com/fatedier/golib/pool"
 	"github.com/samber/lo"
 	v1 "github.com/fatedier/frp/pkg/config/v1"
 	"github.com/fatedier/frp/pkg/transport"
 	httppkg "github.com/fatedier/frp/pkg/util/http"
 	"github.com/fatedier/frp/pkg/util/log"
 	netpkg "github.com/fatedier/frp/pkg/util/net"
 )
@@ -74,31 +71,26 @@ func NewHTTPS2HTTPPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 		BufferPool: pool.NewBuffer(32 * 1024),
 		ErrorLog:   stdlog.New(log.NewWriteLogger(log.WarnLevel, 2), "", 0),
 	}
 	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.TLS != nil {
 			tlsServerName, _ := httppkg.CanonicalHost(r.TLS.ServerName)
 			host, _ := httppkg.CanonicalHost(r.Host)
 			if tlsServerName != "" && tlsServerName != host {
 				w.WriteHeader(http.StatusMisdirectedRequest)
 				return
 			}
 		}
 		rp.ServeHTTP(w, r)
 	})
-	tlsConfig, err := transport.NewServerTLSConfig(p.opts.CrtPath, p.opts.KeyPath, "")
+	var (
 		tlsConfig *tls.Config
 		err       error
 	)
 	if opts.CrtPath != "" || opts.KeyPath != "" {
 		tlsConfig, err = p.genTLSConfig()
 	} else {
 		tlsConfig, err = transport.NewServerTLSConfig("", "", "")
 		tlsConfig.InsecureSkipVerify = true
 	}
 	if err != nil {
 		return nil, fmt.Errorf("gen TLS config error: %v", err)
 	}
 	p.s = &http.Server{
-		Handler:           handler,
+		Handler:           rp,
 		ReadHeaderTimeout: 60 * time.Second,
 		TLSConfig:         tlsConfig,
 	}
 	if !lo.FromPtr(opts.EnableHTTP2) {
 		p.s.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
 	}
 	go func() {
 		_ = p.s.ServeTLS(listener, "", "")
@@ -106,7 +98,17 @@ func NewHTTPS2HTTPPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 	return p, nil
 }
-func (p *HTTPS2HTTPPlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo) {
+func (p *HTTPS2HTTPPlugin) genTLSConfig() (*tls.Config, error) {
 	cert, err := tls.LoadX509KeyPair(p.opts.CrtPath, p.opts.KeyPath)
 	if err != nil {
 		return nil, err
 	}
 	config := &tls.Config{Certificates: []tls.Certificate{cert}}
 	return config, nil
 }
 func (p *HTTPS2HTTPPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo) {
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	if extra.SrcAddr != nil {
 		wrapConn.SetRemoteAddr(extra.SrcAddr)
--- a/pkg/plugin/client/https2https.go
+++ b/pkg/plugin/client/https2https.go
@@ -17,7 +17,6 @@
 package plugin
 import (
 	"context"
 	"crypto/tls"
 	"fmt"
 	"io"
@@ -28,11 +27,9 @@ import (
 	"time"
 	"github.com/fatedier/golib/pool"
 	"github.com/samber/lo"
 	v1 "github.com/fatedier/frp/pkg/config/v1"
 	"github.com/fatedier/frp/pkg/transport"
 	httppkg "github.com/fatedier/frp/pkg/util/http"
 	"github.com/fatedier/frp/pkg/util/log"
 	netpkg "github.com/fatedier/frp/pkg/util/net"
 )
@@ -80,31 +77,26 @@ func NewHTTPS2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 		BufferPool: pool.NewBuffer(32 * 1024),
 		ErrorLog:   stdlog.New(log.NewWriteLogger(log.WarnLevel, 2), "", 0),
 	}
 	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.TLS != nil {
 			tlsServerName, _ := httppkg.CanonicalHost(r.TLS.ServerName)
 			host, _ := httppkg.CanonicalHost(r.Host)
 			if tlsServerName != "" && tlsServerName != host {
 				w.WriteHeader(http.StatusMisdirectedRequest)
 				return
 			}
 		}
 		rp.ServeHTTP(w, r)
 	})
-	tlsConfig, err := transport.NewServerTLSConfig(p.opts.CrtPath, p.opts.KeyPath, "")
+	var (
 		tlsConfig *tls.Config
 		err       error
 	)
 	if opts.CrtPath != "" || opts.KeyPath != "" {
 		tlsConfig, err = p.genTLSConfig()
 	} else {
 		tlsConfig, err = transport.NewServerTLSConfig("", "", "")
 		tlsConfig.InsecureSkipVerify = true
 	}
 	if err != nil {
 		return nil, fmt.Errorf("gen TLS config error: %v", err)
 	}
 	p.s = &http.Server{
-		Handler:           handler,
+		Handler:           rp,
 		ReadHeaderTimeout: 60 * time.Second,
 		TLSConfig:         tlsConfig,
 	}
 	if !lo.FromPtr(opts.EnableHTTP2) {
 		p.s.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
 	}
 	go func() {
 		_ = p.s.ServeTLS(listener, "", "")
@@ -112,7 +104,17 @@ func NewHTTPS2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 	return p, nil
 }
-func (p *HTTPS2HTTPSPlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo) {
+func (p *HTTPS2HTTPSPlugin) genTLSConfig() (*tls.Config, error) {
 	cert, err := tls.LoadX509KeyPair(p.opts.CrtPath, p.opts.KeyPath)
 	if err != nil {
 		return nil, err
 	}
 	config := &tls.Config{Certificates: []tls.Certificate{cert}}
 	return config, nil
 }
 func (p *HTTPS2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo) {
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	if extra.SrcAddr != nil {
 		wrapConn.SetRemoteAddr(extra.SrcAddr)
--- a/pkg/plugin/client/plugin.go
+++ b/pkg/plugin/client/plugin.go
@@ -15,7 +15,6 @@
 package plugin
 import (
 	"context"
 	"fmt"
 	"io"
 	"net"
@@ -58,7 +57,7 @@ type ExtraInfo struct {
 type Plugin interface {
 	Name() string
-	Handle(ctx context.Context, conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo)
+	Handle(conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo)
 	Close() error
 }
--- a/pkg/plugin/client/socks5.go
+++ b/pkg/plugin/client/socks5.go
@@ -17,7 +17,6 @@
 package plugin
 import (
 	"context"
 	"io"
 	"log"
 	"net"
@@ -51,7 +50,7 @@ func NewSocks5Plugin(options v1.ClientPluginOptions) (p Plugin, err error) {
 	return
 }
-func (sp *Socks5Plugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (sp *Socks5Plugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
 	defer conn.Close()
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	_ = sp.Server.ServeConn(wrapConn)
--- a/pkg/plugin/client/static_file.go
+++ b/pkg/plugin/client/static_file.go
@@ -17,7 +17,6 @@
 package plugin
 import (
 	"context"
 	"io"
 	"net"
 	"net/http"
@@ -70,7 +69,7 @@ func NewStaticFilePlugin(options v1.ClientPluginOptions) (Plugin, error) {
 	return sp, nil
 }
-func (sp *StaticFilePlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (sp *StaticFilePlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	_ = sp.l.PutConn(wrapConn)
 }
--- a/pkg/plugin/client/tls2raw.go
+++ b/pkg/plugin/client/tls2raw.go
@@ -1,83 +0,0 @@
 // Copyright 2024 The frp Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //go:build !frps
 package plugin
 import (
 	"context"
 	"crypto/tls"
 	"io"
 	"net"
 	libio "github.com/fatedier/golib/io"
 	v1 "github.com/fatedier/frp/pkg/config/v1"
 	"github.com/fatedier/frp/pkg/transport"
 	netpkg "github.com/fatedier/frp/pkg/util/net"
 	"github.com/fatedier/frp/pkg/util/xlog"
 )
 func init() {
 	Register(v1.PluginTLS2Raw, NewTLS2RawPlugin)
 }
 type TLS2RawPlugin struct {
 	opts *v1.TLS2RawPluginOptions
 	tlsConfig *tls.Config
 }
 func NewTLS2RawPlugin(options v1.ClientPluginOptions) (Plugin, error) {
 	opts := options.(*v1.TLS2RawPluginOptions)
 	p := &TLS2RawPlugin{
 		opts: opts,
 	}
 	tlsConfig, err := transport.NewServerTLSConfig(p.opts.CrtPath, p.opts.KeyPath, "")
 	if err != nil {
 		return nil, err
 	}
 	p.tlsConfig = tlsConfig
 	return p, nil
 }
 func (p *TLS2RawPlugin) Handle(ctx context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
 	xl := xlog.FromContextSafe(ctx)
 	wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
 	tlsConn := tls.Server(wrapConn, p.tlsConfig)
 	if err := tlsConn.Handshake(); err != nil {
 		xl.Warnf("tls handshake error: %v", err)
 		return
 	}
 	rawConn, err := net.Dial("tcp", p.opts.LocalAddr)
 	if err != nil {
 		xl.Warnf("dial to local addr error: %v", err)
 		return
 	}
 	libio.Join(tlsConn, rawConn)
 }
 func (p *TLS2RawPlugin) Name() string {
 	return v1.PluginTLS2Raw
 }
 func (p *TLS2RawPlugin) Close() error {
 	return nil
 }
--- a/pkg/plugin/client/unix_domain_socket.go
+++ b/pkg/plugin/client/unix_domain_socket.go
@@ -17,14 +17,12 @@
 package plugin
 import (
 	"context"
 	"io"
 	"net"
 	libio "github.com/fatedier/golib/io"
 	v1 "github.com/fatedier/frp/pkg/config/v1"
 	"github.com/fatedier/frp/pkg/util/xlog"
 )
 func init() {
@@ -50,11 +48,9 @@ func NewUnixDomainSocketPlugin(options v1.ClientPluginOptions) (p Plugin, err er
 	return
 }
-func (uds *UnixDomainSocketPlugin) Handle(ctx context.Context, conn io.ReadWriteCloser, _ net.Conn, extra *ExtraInfo) {
+func (uds *UnixDomainSocketPlugin) Handle(conn io.ReadWriteCloser, _ net.Conn, extra *ExtraInfo) {
 	xl := xlog.FromContextSafe(ctx)
 	localConn, err := net.DialUnix("unix", nil, uds.UnixAddr)
 	if err != nil {
 		xl.Warnf("dial to uds %s error: %v", uds.UnixAddr, err)
 		return
 	}
 	if extra.ProxyProtocolHeader != nil {
--- a/pkg/sdk/client/client.go
+++ b/pkg/sdk/client/client.go
@@ -1,7 +1,6 @@
 package client
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -32,8 +31,8 @@ func (c *Client) SetAuth(user, pwd string) {
 	c.authPwd = pwd
 }
-func (c *Client) GetProxyStatus(ctx context.Context, name string) (*client.ProxyStatusResp, error) {
+func (c *Client) GetProxyStatus(name string) (*client.ProxyStatusResp, error) {
-	req, err := http.NewRequestWithContext(ctx, "GET", "http://"+c.address+"/api/status", nil)
+	req, err := http.NewRequest("GET", "http://"+c.address+"/api/status", nil)
 	if err != nil {
 		return nil, err
 	}
@@ -55,8 +54,8 @@ func (c *Client) GetProxyStatus(ctx context.Context, name string) (*client.Proxy
 	return nil, fmt.Errorf("no proxy status found")
 }
-func (c *Client) GetAllProxyStatus(ctx context.Context) (client.StatusResp, error) {
+func (c *Client) GetAllProxyStatus() (client.StatusResp, error) {
-	req, err := http.NewRequestWithContext(ctx, "GET", "http://"+c.address+"/api/status", nil)
+	req, err := http.NewRequest("GET", "http://"+c.address+"/api/status", nil)
 	if err != nil {
 		return nil, err
 	}
@@ -71,7 +70,7 @@ func (c *Client) GetAllProxyStatus(ctx context.Context) (client.StatusResp, erro
 	return allStatus, nil
 }
-func (c *Client) Reload(ctx context.Context, strictMode bool) error {
+func (c *Client) Reload(strictMode bool) error {
 	v := url.Values{}
 	if strictMode {
 		v.Set("strictConfig", "true")
@@ -80,7 +79,7 @@ func (c *Client) Reload(ctx context.Context, strictMode bool) error {
 	if len(v) > 0 {
 		queryStr = "?" + v.Encode()
 	}
-	req, err := http.NewRequestWithContext(ctx, "GET", "http://"+c.address+"/api/reload"+queryStr, nil)
+	req, err := http.NewRequest("GET", "http://"+c.address+"/api/reload"+queryStr, nil)
 	if err != nil {
 		return err
 	}
@@ -88,8 +87,8 @@ func (c *Client) Reload(ctx context.Context, strictMode bool) error {
 	return err
 }
-func (c *Client) Stop(ctx context.Context) error {
+func (c *Client) Stop() error {
-	req, err := http.NewRequestWithContext(ctx, "POST", "http://"+c.address+"/api/stop", nil)
+	req, err := http.NewRequest("POST", "http://"+c.address+"/api/stop", nil)
 	if err != nil {
 		return err
 	}
@@ -97,16 +96,16 @@ func (c *Client) Stop(ctx context.Context) error {
 	return err
 }
-func (c *Client) GetConfig(ctx context.Context) (string, error) {
+func (c *Client) GetConfig() (string, error) {
-	req, err := http.NewRequestWithContext(ctx, "GET", "http://"+c.address+"/api/config", nil)
+	req, err := http.NewRequest("GET", "http://"+c.address+"/api/config", nil)
 	if err != nil {
 		return "", err
 	}
 	return c.do(req)
 }
-func (c *Client) UpdateConfig(ctx context.Context, content string) error {
+func (c *Client) UpdateConfig(content string) error {
-	req, err := http.NewRequestWithContext(ctx, "PUT", "http://"+c.address+"/api/config", strings.NewReader(content))
+	req, err := http.NewRequest("PUT", "http://"+c.address+"/api/config", strings.NewReader(content))
 	if err != nil {
 		return err
 	}
--- a/pkg/util/util/util.go
+++ b/pkg/util/util/util.go
@@ -85,21 +85,21 @@ func ParseRangeNumbers(rangeStr string) (numbers []int64, err error) {
 			numbers = append(numbers, singleNum)
 		case 2:
 			// range numbers
-			minValue, errRet := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
+			min, errRet := strconv.ParseInt(strings.TrimSpace(numArray[0]), 10, 64)
 			if errRet != nil {
 				err = fmt.Errorf("range number is invalid, %v", errRet)
 				return
 			}
-			maxValue, errRet := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
+			max, errRet := strconv.ParseInt(strings.TrimSpace(numArray[1]), 10, 64)
 			if errRet != nil {
 				err = fmt.Errorf("range number is invalid, %v", errRet)
 				return
 			}
-			if maxValue < minValue {
+			if max < min {
 				err = fmt.Errorf("range number is invalid")
 				return
 			}
-			for i := minValue; i <= maxValue; i++ {
+			for i := min; i <= max; i++ {
 				numbers = append(numbers, i)
 			}
 		default:
@@ -118,13 +118,13 @@ func GenerateResponseErrorString(summary string, err error, detailed bool) strin
 }
 func RandomSleep(duration time.Duration, minRatio, maxRatio float64) time.Duration {
-	minValue := int64(minRatio * 1000.0)
+	min := int64(minRatio * 1000.0)
-	maxValue := int64(maxRatio * 1000.0)
+	max := int64(maxRatio * 1000.0)
 	var n int64
-	if maxValue <= minValue {
+	if max <= min {
-		n = minValue
+		n = min
 	} else {
-		n = mathrand.Int64N(maxValue-minValue) + minValue
+		n = mathrand.Int64N(max-min) + min
 	}
 	d := duration * time.Duration(n) / time.Duration(1000)
 	time.Sleep(d)
--- a/pkg/util/version/version.go
+++ b/pkg/util/version/version.go
@@ -14,7 +14,7 @@
 package version
-var version = "0.61.0"
+var version = "0.58.1"
 func Full() string {
 	return version
--- a/server/proxy/proxy.go
+++ b/server/proxy/proxy.go
@@ -137,17 +137,17 @@ func (pxy *BaseProxy) GetWorkConnFromPool(src, dst net.Addr) (workConn net.Conn,
 			dstAddr    string
 			srcPortStr string
 			dstPortStr string
-			srcPort    uint64
+			srcPort    int
-			dstPort    uint64
+			dstPort    int
 		)
 		if src != nil {
 			srcAddr, srcPortStr, _ = net.SplitHostPort(src.String())
-			srcPort, _ = strconv.ParseUint(srcPortStr, 10, 16)
+			srcPort, _ = strconv.Atoi(srcPortStr)
 		}
 		if dst != nil {
 			dstAddr, dstPortStr, _ = net.SplitHostPort(dst.String())
-			dstPort, _ = strconv.ParseUint(dstPortStr, 10, 16)
+			dstPort, _ = strconv.Atoi(dstPortStr)
 		}
 		err := msg.WriteMsg(workConn, &msg.StartWorkConn{
 			ProxyName: pxy.GetName(),
@@ -190,8 +190,8 @@ func (pxy *BaseProxy) startCommonTCPListenersHandler() {
 						} else {
 							tempDelay *= 2
 						}
-						if maxTime := 1 * time.Second; tempDelay > maxTime {
+						if max := 1 * time.Second; tempDelay > max {
-							tempDelay = maxTime
+							tempDelay = max
 						}
 						xl.Infof("met temporary error: %s, sleep for %s ...", err, tempDelay)
 						time.Sleep(tempDelay)
--- a/test/e2e/legacy/basic/client.go
+++ b/test/e2e/legacy/basic/client.go
@@ -1,7 +1,6 @@
 package basic
 import (
 	"context"
 	"fmt"
 	"strconv"
 	"strings"
@@ -55,7 +54,7 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 		framework.NewRequestExpect(f).Port(p3Port).Ensure()
 		client := f.APIClientForFrpc(adminPort)
-		conf, err := client.GetConfig(context.Background())
+		conf, err := client.GetConfig()
 		framework.ExpectNoError(err)
 		newP2Port := f.AllocPort()
@@ -66,10 +65,10 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 			newClientConf = newClientConf[:p3Index]
 		}
-		err = client.UpdateConfig(context.Background(), newClientConf)
+		err = client.UpdateConfig(newClientConf)
 		framework.ExpectNoError(err)
-		err = client.Reload(context.Background(), true)
+		err = client.Reload(true)
 		framework.ExpectNoError(err)
 		time.Sleep(time.Second)
@@ -121,7 +120,7 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 		framework.NewRequestExpect(f).Port(testPort).Ensure()
 		client := f.APIClientForFrpc(adminPort)
-		err := client.Stop(context.Background())
+		err := client.Stop()
 		framework.ExpectNoError(err)
 		time.Sleep(3 * time.Second)
--- a/test/e2e/legacy/basic/server.go
+++ b/test/e2e/legacy/basic/server.go
@@ -1,7 +1,6 @@
 package basic
 import (
 	"context"
 	"fmt"
 	"net"
 	"strconv"
@@ -102,7 +101,7 @@ var _ = ginkgo.Describe("[Feature: Server Manager]", func() {
 		client := f.APIClientForFrpc(adminPort)
 		// tcp random port
-		status, err := client.GetProxyStatus(context.Background(), "tcp")
+		status, err := client.GetProxyStatus("tcp")
 		framework.ExpectNoError(err)
 		_, portStr, err := net.SplitHostPort(status.RemoteAddr)
@@ -113,7 +112,7 @@ var _ = ginkgo.Describe("[Feature: Server Manager]", func() {
 		framework.NewRequestExpect(f).Port(port).Ensure()
 		// udp random port
-		status, err = client.GetProxyStatus(context.Background(), "udp")
+		status, err = client.GetProxyStatus("udp")
 		framework.ExpectNoError(err)
 		_, portStr, err = net.SplitHostPort(status.RemoteAddr)
--- a/test/e2e/v1/basic/client.go
+++ b/test/e2e/v1/basic/client.go
@@ -1,7 +1,6 @@
 package basic
 import (
 	"context"
 	"fmt"
 	"strconv"
 	"strings"
@@ -58,7 +57,7 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 		framework.NewRequestExpect(f).Port(p3Port).Ensure()
 		client := f.APIClientForFrpc(adminPort)
-		conf, err := client.GetConfig(context.Background())
+		conf, err := client.GetConfig()
 		framework.ExpectNoError(err)
 		newP2Port := f.AllocPort()
@@ -69,10 +68,10 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 			newClientConf = newClientConf[:p3Index]
 		}
-		err = client.UpdateConfig(context.Background(), newClientConf)
+		err = client.UpdateConfig(newClientConf)
 		framework.ExpectNoError(err)
-		err = client.Reload(context.Background(), true)
+		err = client.Reload(true)
 		framework.ExpectNoError(err)
 		time.Sleep(time.Second)
@@ -125,7 +124,7 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 		framework.NewRequestExpect(f).Port(testPort).Ensure()
 		client := f.APIClientForFrpc(adminPort)
-		err := client.Stop(context.Background())
+		err := client.Stop()
 		framework.ExpectNoError(err)
 		time.Sleep(3 * time.Second)
--- a/test/e2e/v1/basic/config.go
+++ b/test/e2e/v1/basic/config.go
@@ -1,7 +1,6 @@
 package basic
 import (
 	"context"
 	"fmt"
 	"github.com/onsi/ginkgo/v2"
@@ -73,7 +72,7 @@ var _ = ginkgo.Describe("[Feature: Config]", func() {
 			client := f.APIClientForFrpc(adminPort)
 			checkProxyFn := func(name string, localPort, remotePort int) {
-				status, err := client.GetProxyStatus(context.Background(), name)
+				status, err := client.GetProxyStatus(name)
 				framework.ExpectNoError(err)
 				framework.ExpectContainSubstring(status.LocalAddr, fmt.Sprintf(":%d", localPort))
--- a/test/e2e/v1/basic/server.go
+++ b/test/e2e/v1/basic/server.go
@@ -1,7 +1,6 @@
 package basic
 import (
 	"context"
 	"fmt"
 	"net"
 	"strconv"
@@ -113,7 +112,7 @@ var _ = ginkgo.Describe("[Feature: Server Manager]", func() {
 		client := f.APIClientForFrpc(adminPort)
 		// tcp random port
-		status, err := client.GetProxyStatus(context.Background(), "tcp")
+		status, err := client.GetProxyStatus("tcp")
 		framework.ExpectNoError(err)
 		_, portStr, err := net.SplitHostPort(status.RemoteAddr)
@@ -124,7 +123,7 @@ var _ = ginkgo.Describe("[Feature: Server Manager]", func() {
 		framework.NewRequestExpect(f).Port(port).Ensure()
 		// udp random port
-		status, err = client.GetProxyStatus(context.Background(), "udp")
+		status, err = client.GetProxyStatus("udp")
 		framework.ExpectNoError(err)
 		_, portStr, err = net.SplitHostPort(status.RemoteAddr)
--- a/test/e2e/v1/plugin/client.go
+++ b/test/e2e/v1/plugin/client.go
@@ -3,7 +3,6 @@ package plugin
 import (
 	"crypto/tls"
 	"fmt"
 	"net/http"
 	"strconv"
 	"github.com/onsi/ginkgo/v2"
@@ -330,122 +329,4 @@ var _ = ginkgo.Describe("[Feature: Client-Plugins]", func() {
 			ExpectResp([]byte("test")).
 			Ensure()
 	})
 	ginkgo.Describe("http2http", func() {
 		ginkgo.It("host header rewrite", func() {
 			serverConf := consts.DefaultServerConfig
 			localPort := f.AllocPort()
 			remotePort := f.AllocPort()
 			clientConf := consts.DefaultClientConfig + fmt.Sprintf(`
 			[[proxies]]
 			name = "http2http"
 			type = "tcp"
 			remotePort = %d
 			[proxies.plugin]
 			type = "http2http"
 			localAddr = "127.0.0.1:%d"
 			hostHeaderRewrite = "rewrite.test.com"
 			`, remotePort, localPort)
 			f.RunProcesses([]string{serverConf}, []string{clientConf})
 			localServer := httpserver.New(
 				httpserver.WithBindPort(localPort),
 				httpserver.WithHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 					_, _ = w.Write([]byte(req.Host))
 				})),
 			)
 			f.RunServer("", localServer)
 			framework.NewRequestExpect(f).
 				Port(remotePort).
 				RequestModify(func(r *request.Request) {
 					r.HTTP().HTTPHost("example.com")
 				}).
 				ExpectResp([]byte("rewrite.test.com")).
 				Ensure()
 		})
 		ginkgo.It("set request header", func() {
 			serverConf := consts.DefaultServerConfig
 			localPort := f.AllocPort()
 			remotePort := f.AllocPort()
 			clientConf := consts.DefaultClientConfig + fmt.Sprintf(`
 			[[proxies]]
 			name = "http2http"
 			type = "tcp"
 			remotePort = %d
 			[proxies.plugin]
 			type = "http2http"
 			localAddr = "127.0.0.1:%d"
 			requestHeaders.set.x-from-where = "frp"
 			`, remotePort, localPort)
 			f.RunProcesses([]string{serverConf}, []string{clientConf})
 			localServer := httpserver.New(
 				httpserver.WithBindPort(localPort),
 				httpserver.WithHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 					_, _ = w.Write([]byte(req.Header.Get("x-from-where")))
 				})),
 			)
 			f.RunServer("", localServer)
 			framework.NewRequestExpect(f).
 				Port(remotePort).
 				RequestModify(func(r *request.Request) {
 					r.HTTP().HTTPHost("example.com")
 				}).
 				ExpectResp([]byte("frp")).
 				Ensure()
 		})
 	})
 	ginkgo.It("tls2raw", func() {
 		generator := &cert.SelfSignedCertGenerator{}
 		artifacts, err := generator.Generate("example.com")
 		framework.ExpectNoError(err)
 		crtPath := f.WriteTempFile("tls2raw_server.crt", string(artifacts.Cert))
 		keyPath := f.WriteTempFile("tls2raw_server.key", string(artifacts.Key))
 		serverConf := consts.DefaultServerConfig
 		vhostHTTPSPort := f.AllocPort()
 		serverConf += fmt.Sprintf(`
 		vhostHTTPSPort = %d
 		`, vhostHTTPSPort)
 		localPort := f.AllocPort()
 		clientConf := consts.DefaultClientConfig + fmt.Sprintf(`
 		[[proxies]]
 		name = "tls2raw-test"
 		type = "https"
 		customDomains = ["example.com"]
 		[proxies.plugin]
 		type = "tls2raw"
 		localAddr = "127.0.0.1:%d"
 		crtPath = "%s"
 		keyPath = "%s"
 		`, localPort, crtPath, keyPath)
 		f.RunProcesses([]string{serverConf}, []string{clientConf})
 		localServer := httpserver.New(
 			httpserver.WithBindPort(localPort),
 			httpserver.WithResponse([]byte("test")),
 		)
 		f.RunServer("", localServer)
 		framework.NewRequestExpect(f).
 			Port(vhostHTTPSPort).
 			RequestModify(func(r *request.Request) {
 				r.HTTPS().HTTPHost("example.com").TLSConfig(&tls.Config{
 					ServerName:         "example.com",
 					InsecureSkipVerify: true,
 				})
 			}).
 			ExpectResp([]byte("test")).
 			Ensure()
 	})
 })