[GH-ISSUE #1498] http 正常 https 无法访问 #1181

New issue

Closed

opened 2026-05-05 12:45:35 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented

2026-05-05 12:45:35 -06:00

Owner

Originally created by @millionart on GitHub (Nov 4, 2019).
Original GitHub issue: https://github.com/fatedier/frp/issues/1498

Issue is only used for submiting bug report and documents typo. If there are same issues or answers can be found in documents, we will close it directly.
(为了节约时间，提高处理问题的效率，不按照格式填写的 issue 将会直接关闭。)
(请不要在 issue 评论中出现无意义的加1，我也是 等内容，将会被直接删除。)
(由于个人精力有限，和系统环境，网络环境等相关的求助问题请转至其他论坛或社交平台。)

Use the commands below to provide key information from your environment:
You do NOT have to include this information if this is a FEATURE REQUEST

What version of frp are you using (./frpc -v or ./frps -v)?
0.29.0

What operating system and processor architecture are you using (go env)?
公网 ubuntu 18.04
内网 debian 10（openmediavault 5）

Configures you used:
frps.ini

[common]
bind_port = 7700
token = 123456
vhost_http_port = 80
vhost_https_port = 443

frpc.ini

[common]
server_addr = xx.xx.xx.xx
server_port = 7700
token = 123456

[http1]
type = http
local_port = 8080
custom_domains = 123456.com

[https1]
type = https
local_port = 8443
use_encryption = false
use_compression = false
custom_domains = 123456.com

nginx.conf 原公网使用正常

server {
	listen 8443 ssl http2 fastopen=3 reuseport;
	listen [::]:8443 ssl http2 fastopen=3 reuseport;

	server_name 123456.com www.123456.com;

    ssl_certificate /etc/letsencrypt/live/123456.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/123456.com/privkey.pem; # managed by Certbot
    ssl_session_cache shared:le_nginx_SSL:1m;
    ssl_session_timeout 1440m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";

    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    add_header Strict-Transport-Security max-age=15768000;

    ssl_stapling on;
    ssl_stapling_verify on;

    resolver	8.8.8.8;

	index index.html index.htm index.php;
	root  /var/www/wordpress;

Steps to reproduce the issue:

使用 nginx 1.16.1 搭建，http 正常访问
使用 certbot-auto 自动签名 Let's Encrypt 证书成功
nginx 切换成 https 配置（见上）

Describe the results you received:
连接失败
Firefox 无法建立到 123456.com 服务器的连接。

访问 frp 公网 https 失败，dashboard 显示无任何流量，nginx 切换回 http 访问正常
直接访问内网 https 正常

Describe the results you expected:

Additional information you deem important (e.g. issue happens only occasionally):

Can you point out what caused this issue (optional)

Originally created by @millionart on GitHub (Nov 4, 2019). Original GitHub issue: https://github.com/fatedier/frp/issues/1498 Issue is only used for submiting bug report and documents typo. If there are same issues or answers can be found in documents, we will close it directly. (为了节约时间，提高处理问题的效率，不按照格式填写的 issue 将会直接关闭。) (请不要在 issue 评论中出现无意义的 **加1**，**我也是** 等内容，将会被直接删除。) (由于个人精力有限，和系统环境，网络环境等相关的求助问题请转至其他论坛或社交平台。) Use the commands below to provide key information from your environment: You do NOT have to include this information if this is a FEATURE REQUEST **What version of frp are you using (./frpc -v or ./frps -v)?** 0.29.0 **What operating system and processor architecture are you using (`go env`)?** 公网 ubuntu 18.04 内网 debian 10（openmediavault 5） **Configures you used:** frps.ini ``` [common] bind_port = 7700 token = 123456 vhost_http_port = 80 vhost_https_port = 443 ``` frpc.ini ``` [common] server_addr = xx.xx.xx.xx server_port = 7700 token = 123456 [http1] type = http local_port = 8080 custom_domains = 123456.com [https1] type = https local_port = 8443 use_encryption = false use_compression = false custom_domains = 123456.com ``` nginx.conf 原公网使用正常 ``` server { listen 8443 ssl http2 fastopen=3 reuseport; listen [::]:8443 ssl http2 fastopen=3 reuseport; server_name 123456.com www.123456.com; ssl_certificate /etc/letsencrypt/live/123456.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/123456.com/privkey.pem; # managed by Certbot ssl_session_cache shared:le_nginx_SSL:1m; ssl_session_timeout 1440m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot add_header Strict-Transport-Security max-age=15768000; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8; index index.html index.htm index.php; root /var/www/wordpress; ``` **Steps to reproduce the issue:** 1. 使用 nginx 1.16.1 搭建，http 正常访问 2. 使用 certbot-auto 自动签名 Let's Encrypt 证书成功 3. nginx 切换成 https 配置（见上） **Describe the results you received:** 连接失败 Firefox 无法建立到 123456.com 服务器的连接。访问 frp 公网 https 失败，dashboard 显示无任何流量，nginx 切换回 http 访问正常直接访问内网 https 正常 **Describe the results you expected:** **Additional information you deem important (e.g. issue happens only occasionally):** **Can you point out what caused this issue (optional)**