UPDATE: Add '-no-sys' flag to skip certificate installation and system proxy setup; update README with usage examples; increment release version to 1.2-02

UPDATE: Consolidate release upload steps for Windows and macOS in build workflow
2026-05-26 14:27:36 +07:00 · 2026-05-24 10:25:05 +07:00
5 changed files with 41 additions and 44 deletions
@@ -36,29 +36,11 @@ jobs:
        run: |
          chmod +x ./script/release-uploader

-      - name: Upload Windows release
+      - name: Upload release
        env:
          REPO_TOKEN: ${{ secrets.REPO_TOKEN }}
        run: |
          script/release-uploader \
            -token="$REPO_TOKEN" \
            -release-url="https://git.kain.io.vn/api/v1/repos/Firefly-Shelter/FireflyGo_Proxy/releases" \
-            -files="firefly-go-proxy.exe"
-
-      - name: Upload macOS Intel release
-        env:
-          REPO_TOKEN: ${{ secrets.REPO_TOKEN }}
-        run: |
-          script/release-uploader \
-            -token="$REPO_TOKEN" \
-            -release-url="https://git.kain.io.vn/api/v1/repos/Firefly-Shelter/FireflyGo_Proxy/releases" \
-            -files="firefly-go-proxy-macos-amd64"
-
-      - name: Upload macOS ARM release
-        env:
-          REPO_TOKEN: ${{ secrets.REPO_TOKEN }}
-        run: |
-          script/release-uploader \
-            -token="$REPO_TOKEN" \
-            -release-url="https://git.kain.io.vn/api/v1/repos/Firefly-Shelter/FireflyGo_Proxy/releases" \
-            -files="firefly-go-proxy-macos-arm64"
+            -files="firefly-go-proxy.exe,firefly-go-proxy-macos-amd64,firefly-go-proxy-macos-arm64"
@@ -41,6 +41,7 @@ go build
 - `-b`: Comma-separated list of blocked ports
 - `-p`: Proxy listen port (default: auto)
 - `-e`: Path to an executable to run with admin privileges
+- `-no-sys`: Run only the proxy server; skip certificate installation, system proxy setup, and macOS/Linux admin relaunch

 ### Examples

@@ -76,6 +77,12 @@ go build

   On macOS/Linux, if the proxy is not already running as root, it relaunches with an administrator prompt. On Linux, logs from the elevated process are written to `/tmp/firefly-go-proxy.log`; on macOS, elevated process output is discarded.

+6. Start only the proxy server without changing system settings:
+   ```bash
+   ./firefly-proxy -no-sys -p 8888 //linux|macos
+   ./firefly-proxy.exe -no-sys -p 8888 //windows
+   ```
+
 ## How it works

 The proxy intercepts HTTP/HTTPS traffic and can:
@@ -10,7 +10,11 @@ import (

 const caCertName = "firefly-go-proxy-ca.crt"

-func setupCertificate() (*tls.Certificate, error) {
+func setupCertificate(installSystemCA bool) (*tls.Certificate, error) {
+	if !installSystemCA {
+		return &goproxy.GoproxyCa, nil
+	}
+
 	if _, err := os.Stat(caCertName); os.IsNotExist(err) {
 		if err := os.WriteFile(caCertName, goproxy.GoproxyCa.Certificate[0], 0644); err != nil {
 			return nil, err
@@ -38,8 +38,10 @@ func main() {
 	proxyPort := flag.Int("p", 0, "proxy listen port (default: auto)")
 	exePath := flag.String("e", "", "path to the executable")
 	parentPID := flag.Int("parent-pid", 0, "parent process id to watch")
+	noSys := flag.Bool("no-sys", false, "skip certificate installation and system proxy setup")
 	flag.Parse()

+	if !*noSys {
 		relaunched, err := relaunchWithAdminIfNeeded()
 		if err != nil {
 			zlog.Error().Err(err).Msg("Failed to relaunch with admin privileges")
@@ -49,6 +51,7 @@ func main() {
 			zlog.Info().Msg("Relaunched with admin privileges")
 			return
 		}
+	}

 	blockedPorts := parseBlockedPorts(*blockedStr)
 	port := ""
@@ -66,7 +69,7 @@ func main() {
 		return
 	}

-	cert, err := setupCertificate()
+	cert, err := setupCertificate(!*noSys)
 	if err != nil {
 		zlog.Error().Err(err).Msg("Failed setup certificate")
 		return
@@ -74,29 +77,30 @@ func main() {
 	addr := ":" + port
 	proxyAddr := "127.0.0.1"
 	proxyEndpoint := proxyAddr + ":" + port
-	proxyEnabled := false
-	stopProxyRefresh := func() {}

 	defer func() {
-		stopProxyRefresh()
 		if r := recover(); r != nil {
 			zlog.Error().
 				Interface("panic", r).
 				Msg("Unexpected panic")
 		}
-		if proxyEnabled {
-			if err := setProxy(false, "", ""); err != nil {
-				zlog.Error().Err(err).Msg("Failed to reset system proxy")
-			}
-		}
 	}()

+	if !*noSys {
 		if err := setProxy(true, proxyAddr, port); err != nil {
 			zlog.Error().Err(err).Msg("Failed to set system proxy")
 			return
 		}
-	proxyEnabled = true
-	stopProxyRefresh = startProxyRefreshLoop(proxyAddr, port)
+		stopProxyRefresh := startProxyRefreshLoop(proxyAddr, port)
+		defer func() {
+			stopProxyRefresh()
+			if err := setProxy(false, "", ""); err != nil {
+				zlog.Error().Err(err).Msg("Failed to reset system proxy")
+			}
+		}()
+	} else {
+		zlog.Info().Msg("System certificate and proxy setup skipped")
+	}

 	customCaMitm := &goproxy.ConnectAction{Action: goproxy.ConnectMitm, TLSConfig: goproxy.TLSConfigFromCA(cert)}
 	var customAlwaysMitm goproxy.FuncHttpsHandler = func(host string, ctx *goproxy.ProxyCtx) (*goproxy.ConnectAction, string) {
@@ -1,5 +1,5 @@
 {
-    "tag": "1.2-01",
-    "title": "PreBuild Version 1.2 - 01"
+    "tag": "1.2-02",
+    "title": "PreBuild Version 1.2 - 02"
 }
Author	SHA1	Message	Date
Kain344	7bcd8b43d9	UPDATE: Add '-no-sys' flag to skip certificate installation and system proxy setup; update README with usage examples; increment release version to 1.2-02 Build and Release / release (push) Successful in 43s Details	2026-05-26 14:27:36 +07:00
Kain344	77d5a09021	UPDATE: Consolidate release upload steps for Windows and macOS in build workflow Build and Release / release (push) Successful in 41s Details	2026-05-24 10:25:05 +07:00