[GH-ISSUE #1910] error in proxy HTTPS #1514

New issue

Closed

opened 2026-05-05 12:57:23 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 12:57:23 -06:00

Owner

Originally created by @MasamiYui on GitHub (Jul 20, 2020).
Original GitHub issue: https://github.com/fatedier/frp/issues/1910

Issue is only used for submiting bug report and documents typo. If there are same issues or answers can be found in documents, we will close it directly.

Use the commands below to provide key information from your environment:
You do NOT have to include this information if this is a FEATURE REQUEST

What version of frp are you using (./frpc -v or ./frps -v)?
0.33.0

What operating system and processor architecture are you using (go env)?

Configures you used:
server:
[common]
bind_port = 7000
vhost_https_port = 442
vhost_http_port = 80

client:
[common]
server_addr = 10.44.239.60
server_port = 7000

[web]
type = https
local_port = 443
custom_domains = 10.44.239.60

Steps to reproduce the issue:
1.服务端和客户端都处于内网环境，其中客户端可以访问服务端，服务端不能访问客户端
2.配置完成，正常启动客户端，服务端未报错

Describe the results you received:
1.现在我正在使用服务端，并访问服务端的URL：https://10.44.239.60:442 服务端显示：

[W] [vhost.go:139] get hostname from http/https request error: Unknow error

2.当我试图进行调试，发现utils.vhost.https.go中的readHandshake总是不能匹配条件来找到host，io.Reader信息如下

Describe the results you expected:
https能够正常的实现转发

Additional information you deem important (e.g. issue happens only occasionally):
1.使用http正常
2.我尝试将utils.vhost.https.go中GetHttpsHostname方法里的reqInfoMap写死：reqInfoMap["Host"] = "10.44.239.60"，此时能正常转发https
3.我使用的判断能否正常转发的依据是：我在客户端部署了一个nginx的https服务器，nginx仅仅当成一个简单的https服务器，并不进行反向代理等操作，如果能通过https://[server-ip]:442访问到客户端的nginx服务器即为成功

Can you point out what caused this issue (optional)

Originally created by @MasamiYui on GitHub (Jul 20, 2020). Original GitHub issue: https://github.com/fatedier/frp/issues/1910 Issue is only used for submiting bug report and documents typo. If there are same issues or answers can be found in documents, we will close it directly. Use the commands below to provide key information from your environment: You do NOT have to include this information if this is a FEATURE REQUEST **What version of frp are you using (./frpc -v or ./frps -v)?** 0.33.0 **What operating system and processor architecture are you using (`go env`)?** **Configures you used:** server: [common] bind_port = 7000 vhost_https_port = 442 vhost_http_port = 80 client: [common] server_addr = 10.44.239.60 server_port = 7000 [web] type = https local_port = 443 custom_domains = 10.44.239.60 **Steps to reproduce the issue:** 1.服务端和客户端都处于内网环境，其中客户端可以访问服务端，服务端不能访问客户端 2.配置完成，正常启动客户端，服务端未报错 **Describe the results you received:** 1.现在我正在使用服务端，并访问服务端的URL：https://10.44.239.60:442 服务端显示： > [W] [vhost.go:139] get hostname from http/https request error: Unknow error 2.当我试图进行调试，发现utils.vhost.https.go中的readHandshake总是不能匹配条件来找到host，io.Reader信息如下 ![image](https://user-images.githubusercontent.com/22274133/87919536-84d4a180-caaa-11ea-943a-96b19fefcc13.png) **Describe the results you expected:** https能够正常的实现转发 **Additional information you deem important (e.g. issue happens only occasionally):** 1.使用http正常 2.我尝试将utils.vhost.https.go中GetHttpsHostname方法里的reqInfoMap写死：reqInfoMap["Host"] = "10.44.239.60"，此时能正常转发https 3.我使用的判断能否正常转发的依据是：我在客户端部署了一个nginx的https服务器，nginx仅仅当成一个简单的https服务器，并不进行反向代理等操作，如果能通过https://[server-ip]:442访问到客户端的nginx服务器即为成功 **Can you point out what caused this issue (optional)**

gitea-mirror closed this issue

2026-05-05 12:57:25 -06:00

gitea-mirror commented

2026-05-05 12:57:27 -06:00

Author

Owner

@fatedier commented on GitHub (Jul 20, 2020):

HTTPS 的转发依赖于 SNI，可以确认下发送的请求是否包含了 SNI 信息。

@fatedier commented on GitHub (Jul 20, 2020): HTTPS 的转发依赖于 SNI，可以确认下发送的请求是否包含了 SNI 信息。

gitea-mirror commented

2026-05-05 12:57:28 -06:00

Author

Owner

@MasamiYui commented on GitHub (Jul 20, 2020):

HTTPS 的转发依赖于 SNI，可以确认下发送的请求是否包含了 SNI 信息。

我尝试使用curl添加SNI，但是问题依旧，其中windows下出现了using IP address, SNI is not supported by OS，linux显示依旧，是不是我添加SNI的方法有问题？我该怎样发送包含SNI的信息
windows：

linux:

@MasamiYui commented on GitHub (Jul 20, 2020): > HTTPS 的转发依赖于 SNI，可以确认下发送的请求是否包含了 SNI 信息。我尝试使用curl添加SNI，但是问题依旧，其中windows下出现了using IP address, SNI is not supported by OS，linux显示依旧，是不是我添加SNI的方法有问题？我该怎样发送包含SNI的信息 windows： ![image](https://user-images.githubusercontent.com/22274133/87926055-bb62ea00-cab3-11ea-81b0-e69a8842c2ab.png) linux: ![image](https://user-images.githubusercontent.com/22274133/87926019-af772800-cab3-11ea-839f-202a2d7bf301.png)

gitea-mirror commented

2026-05-05 12:57:28 -06:00

Author

Owner

@MasamiYui commented on GitHub (Jul 20, 2020):

自行在/etc/host下添加host解析后解决，SNI hostname不支持IP地址
FC 3546 "Transport Layer Security (TLS) Extensions" section 3.1 spells it out quite clearly:

Literal IPv4 and IPv6 addresses are not permitted in "HostName".

@MasamiYui commented on GitHub (Jul 20, 2020): 自行在/etc/host下添加host解析后解决，SNI hostname不支持IP地址 FC 3546 "Transport Layer Security (TLS) Extensions" section 3.1 spells it out quite clearly: Literal IPv4 and IPv6 addresses are not permitted in "HostName".