github-starred/frp

Fork 0

mirror of https://github.com/fatedier/frp.git synced 2026-05-15 16:15:49 -06:00

[GH-ISSUE #1764] HTTPS to HTTPS #1394

New issue

Closed

opened 2026-05-05 12:52:59 -06:00 by gitea-mirror · 11 comments

gitea-mirror commented

2026-05-05 12:52:59 -06:00

Owner

Originally created by @dtreutwein on GitHub (Apr 17, 2020).
Original GitHub issue: https://github.com/fatedier/frp/issues/1764

Hello,

Is there any solution to get FRP work with HTTPS to HTTPS?
We've tried it many times with configurations out of the frp readme, but we can't establish a connection with HTTPS.
HTTPS to HTTP works fine, but we need HTTPS at the device.
I hope someone has a configuration. :)
Thanks for your help

Originally created by @dtreutwein on GitHub (Apr 17, 2020). Original GitHub issue: https://github.com/fatedier/frp/issues/1764 Hello, Is there any solution to get FRP work with HTTPS to HTTPS? We've tried it many times with configurations out of the frp readme, but we can't establish a connection with HTTPS. HTTPS to HTTP works fine, but we need HTTPS at the device. I hope someone has a configuration. :) Thanks for your help

gitea-mirror

2026-05-05 12:52:59 -06:00

closed this issue
added the
question
label

gitea-mirror commented

2026-05-05 12:53:02 -06:00

Author

Owner

@fatedier commented on GitHub (Apr 17, 2020):

https://github.com/fatedier/frp/blob/master/conf/frpc_full.ini#L163

Try this configuration.

@fatedier commented on GitHub (Apr 17, 2020): https://github.com/fatedier/frp/blob/master/conf/frpc_full.ini#L163 Try this configuration.

gitea-mirror commented

2026-05-05 12:53:03 -06:00

Author

Owner

@dtreutwein commented on GitHub (Apr 17, 2020):

https://github.com/fatedier/frp/blob/master/conf/frpc_full.ini#L163

Try this configuration.

We've tried this already, but it doesn't work.
How dies it work with an SSL Certificate ? Where can we put the SSL Certificate?

@dtreutwein commented on GitHub (Apr 17, 2020): > https://github.com/fatedier/frp/blob/master/conf/frpc_full.ini#L163 > > Try this configuration. We've tried this already, but it doesn't work. How dies it work with an SSL Certificate ? Where can we put the SSL Certificate?

gitea-mirror commented

2026-05-05 12:53:04 -06:00

Author

Owner

@fatedier commented on GitHub (Apr 17, 2020):

frps just forward HTTPS requests by SNI, not consider SSL Certificate.

@fatedier commented on GitHub (Apr 17, 2020): frps just forward HTTPS requests by SNI, not consider SSL Certificate.

gitea-mirror commented

2026-05-05 12:53:04 -06:00

Author

Owner

@dtreutwein commented on GitHub (Apr 17, 2020):

OK thanks, I will try it again.

@dtreutwein commented on GitHub (Apr 17, 2020): OK thanks, I will try it again.

gitea-mirror commented

2026-05-05 12:53:05 -06:00

Author

Owner

@dtreutwein commented on GitHub (Apr 17, 2020):

Thanks for your Help.
Now i haven't got an error but there is no connection.

@dtreutwein commented on GitHub (Apr 17, 2020): > Thanks for your Help. > Now i haven't got an error but there is no connection. > ![github_LI (2)](https://user-images.githubusercontent.com/63797966/79559936-df72f180-80a6-11ea-98a1-89b967497e8c.jpg)

gitea-mirror commented

2026-05-05 12:53:05 -06:00

Author

Owner

@fatedier commented on GitHub (Apr 19, 2020):

How can i reproduce it in my local environment?

I have tried this configure and it worked.

[https]
type = https
local_ip = manage.zenlogic.com
local_port = 443
custom_domains = www.mydomain.com

@fatedier commented on GitHub (Apr 19, 2020): How can i reproduce it in my local environment? I have tried this configure and it worked. ```ini [https] type = https local_ip = manage.zenlogic.com local_port = 443 custom_domains = www.mydomain.com ```

gitea-mirror commented

2026-05-05 12:53:05 -06:00

Author

Owner

@dtreutwein commented on GitHub (Apr 20, 2020):

This is my config:

[https]
type = https
local_ip = 127.0.0.1
local_port = 443
use_encryption = false
use_compression = false
custom_domains = frp1.mydomain.de
proxy_protocol_version = v2

@dtreutwein commented on GitHub (Apr 20, 2020): This is my config: [https] type = https local_ip = 127.0.0.1 local_port = 443 use_encryption = false use_compression = false custom_domains = frp1.mydomain.de proxy_protocol_version = v2

gitea-mirror commented

2026-05-05 12:53:06 -06:00

Author

Owner

@Becods commented on GitHub (Aug 16, 2020):

Ensure that the backend (nginx/apache/litespeed) is configured with protocol, and then turn on proxy_protocol function.

Otherwise you will get an error reminder similar to that of a protocol handshake failure (ERR_SSL_PROTOCOL_ERROR).

@Becods commented on GitHub (Aug 16, 2020): Ensure that the backend (nginx/apache/litespeed) is configured with protocol, and then turn on proxy_protocol function. Otherwise you will get an error reminder similar to that of a protocol handshake failure (ERR_SSL_PROTOCOL_ERROR).

gitea-mirror commented

2026-05-05 12:53:06 -06:00

Author

Owner

@adminBTI commented on GitHub (Nov 21, 2020):

Sorry about resurrecting closed thread but...
Litespeed / Openlitespeed has no support for proxy_protocol in https. So, it has no way of knowing actual client IP in passthrough ssl traffic. Please let me know if I am mistaken.. If so, where do I find proxy_protocol module for Openlitespeed?

@adminBTI commented on GitHub (Nov 21, 2020): Sorry about resurrecting closed thread but... Litespeed / Openlitespeed has no support for proxy_protocol in https. So, it has no way of knowing actual client IP in passthrough ssl traffic. Please let me know if I am mistaken.. If so, where do I find proxy_protocol module for Openlitespeed?

gitea-mirror commented

2026-05-05 12:53:07 -06:00

Author

Owner

@gainskills commented on GitHub (Aug 25, 2022):

custom_domains

For this configuration, r u getting a certification error? thanks,

@gainskills commented on GitHub (Aug 25, 2022): > ```ini > custom_domains > ``` For this configuration, r u getting a certification error? thanks,

gitea-mirror commented

2026-05-05 12:53:07 -06:00

Author

Owner

@hellohawaii commented on GitHub (Sep 19, 2023):

I also tried to expose a HTTPS on local network to public network but failed with frp. I think is caused by the fact that frp does not change the header of HTTPS requests.

To be more specific, assume you have a domain domain1 that can be access in the local network. And a public domain domain2 pointing to PUBLIC_IP. Need to set a domain2 as reverse proxy of domain1 in local network. Since the request frp sent to Caddy is still domain2. Or you can simply also use domain2 as the domain in local network and abort the domain1.

The following is my experiments:

I set a HTTPs on local network using Caddy, the Caddyfile is:

https://domain1.com:12001 {
	tls internal
	respond "Hello from domain1!"
}
https://domain2.com:12001 {
	tls internal
	respond "Hello from domain2!"
}

I change the hosts file on my local machine, pointing domain1.com and domain2.com to 127.0.0.1. I can get the greating message correctly on my local machine.

My frpc.ini:

[common]
server_addr = PUBLIC_IP
server_port = 7000
token = MYTOKEN

[hi]
type = https
local_ip = domain1.com
local_port = 12001
custom_domains = domain2.com

and frps.ini:

[common]
bind_port = 7000
token = MYTOKEN
vhost_https_port = 443

Note that, domain2.com points to PUBLIC_IP.

When I visited domain2.com from the public network, I got "Hello from domain2!". So even I set domain1.com in the local_ip in frpc.ini, the Caddy still got a request with host domain2.com. So if I still want to use domain1.com in local network, I have to modify the Caddyfile to add a reverse_proxy:

https://domain1.com:12001 {
	tls internal
	respond "Hello from domain1!"
}
https://domain2.com:12001 {
	tls internal
	reverse_proxy https://domain1.com:12001 {
       		header_up Host {upstream_hostport}
    	}
}

@hellohawaii commented on GitHub (Sep 19, 2023): I also tried to expose a HTTPS on local network to public network but failed with frp. I think is caused by the fact that frp does not change the header of HTTPS requests. To be more specific, assume you have a domain `domain1` that can be access in the local network. And a public domain `domain2` pointing to `PUBLIC_IP`. Need to set a `domain2` as reverse proxy of `domain1` in local network. Since the request frp sent to Caddy is still `domain2`. Or you can simply also use `domain2` as the domain in local network and abort the `domain1`. The following is my experiments: I set a HTTPs on local network using Caddy, the Caddyfile is: ``` https://domain1.com:12001 { tls internal respond "Hello from domain1!" } https://domain2.com:12001 { tls internal respond "Hello from domain2!" } ``` I change the hosts file on my local machine, pointing `domain1.com` and `domain2.com` to `127.0.0.1`. I can get the greating message correctly on my local machine. My frpc.ini: ``` [common] server_addr = PUBLIC_IP server_port = 7000 token = MYTOKEN [hi] type = https local_ip = domain1.com local_port = 12001 custom_domains = domain2.com ``` and frps.ini: ``` [common] bind_port = 7000 token = MYTOKEN vhost_https_port = 443 ``` Note that, `domain2.com` points to `PUBLIC_IP`. When I visited `domain2.com` from the public network, I got "Hello from domain2!". So even I set `domain1.com` in the `local_ip` in frpc.ini, the Caddy still got a request with host `domain2.com`. So if I still want to use `domain1.com` in local network, I have to modify the Caddyfile to add a reverse_proxy: ``` https://domain1.com:12001 { tls internal respond "Hello from domain1!" } https://domain2.com:12001 { tls internal reverse_proxy https://domain1.com:12001 { header_up Host {upstream_hostport} } } ```