github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #2286] HTTPS with SSL certificate not working #1817

New issue
Closed
opened 2026-05-05 13:10:26 -06:00 by gitea-mirror · 3 comments
gitea-mirror commented 2026-05-05 13:10:26 -06:00
Owner
Copy link

Originally created by @TannerGabriel on GitHub (Mar 8, 2021).
Original GitHub issue: https://github.com/fatedier/frp/issues/2286

[REQUIRED] hat version of frp are you using

Version: 0.35.1

[REQUIRED] What operating system and processor architecture are you using
OS: Ubuntu
CPU architecture: x86

[REQUIRED] description of errors
When trying to forward a service from a local PC using HTTPS with an SSL certificate the service is not accessible. When I visit the domain that I specified I just get a 502 Nginx error code. If I try to access it directly over the IP-Address using IP_ADDRESS:vhost_https_port I get the following error messages:

2021/03/08 13:40:06 [D] [vhost.go:191] [9cc6d8983f363ef0] [axis] get new http request host [axis.hascy.at] path []
2021/03/08 13:40:06 [I] [proxy.go:162] [9cc6d8983f363ef0] [axis] get a user connection [ADDRESS]
2021/03/08 13:40:06 [D] [control.go:248] [9cc6d8983f363ef0] get work connection from pool
2021/03/08 13:40:06 [D] [proxy.go:103] [9cc6d8983f363ef0] [axis] get a new work connection: [ADDRESS]
2021/03/08 13:40:06 [D] [proxy.go:273] [9cc6d8983f363ef0] [axis] join connections, workConn(l[ADDRESS] r[ADDRESS]) userConn(l[ADDRESS] r[ADDRESS])
2021/03/08 13:40:06 [D] [proxy.go:283] [9cc6d8983f363ef0] [axis] join connections closed
2021/03/08 13:40:06 [D] [control.go:219] [9cc6d8983f363ef0] new work connection registered
2021/03/08 13:40:15 [D] [control.go:475] [0fe6663aa0adbbea] receive heartbeat
2021/03/08 13:40:26 [D] [control.go:475] [9cc6d8983f363ef0] receive heartbeat
2021/03/08 13:40:39 [D] [vhost.go:147] get hostname from http/https request error: readHandshake: type[32] is not clientHello
2021/03/08 13:40:40 [D] [vhost.go:147] get hostname from http/https request error: readHandshake: type[32] is not clientHello
2021/03/08 13:40:43 [D] [vhost.go:147] get hostname from http/https request error: Unknown error
2021/03/08 13:40:43 [D] [vhost.go:147] get hostname from http/https request error: Unknown error
2021/03/08 13:40:44 [D] [vhost.go:147] get hostname from http/https request error: Unknown error
2021/03/08 13:40:44 [D] [vhost.go:147] get hostname from http/https request error: Unknown error
2021/03/08 13:40:45 [D] [vhost.go:147] get hostname from http/https request error: Unknown error
2021/03/08 13:40:45 [D] [vhost.go:147] get hostname from http/https request error: Unknown error

confile

FRPS:

[common]
bind_port = 7000
vhost_https_port = 8300
vhost_http_port = 8400
authentication_method = token
token = test
subdomain_host = $DOMAIN
log_file = console
# debug, info, warn, error
log_level = debug

FRPC:

[common]
server_addr = ${FRP_SERVER_ADDR}
server_port = 7000
authentication_method = token
token = test
log_file = console
# debug, info, warn, error
log_level = debug
 
[axis]
type = https
local_port=9000
subdomain = axis
health_check_type = tcp
health_check_timeout_s = 3
health_check_max_failed = 3
health_check_interval_s = 10

log file

2021/03/08 14:55:18 [I] [root.go:108] frps uses config file: /tmp/frps.ini
2021/03/08 14:55:18 [I] [service.go:190] frps tcp listen on 0.0.0.0:7000
2021/03/08 14:55:18 [I] [service.go:232] http service listen on 0.0.0.0:8400
2021/03/08 14:55:18 [I] [service.go:253] https service listen on 0.0.0.0:8300
2021/03/08 14:55:18 [I] [root.go:217] frps started successfully
2021/03/08 14:55:18 [I] [service.go:444] [0fe6663aa0adbbea] client login info: ip [IP_ADDRESS] version [0.34.1] hostname [] os [linux] arch [amd64]
2021/03/08 14:55:18 [I] [service.go:444] [09b884a350dc6180] client login info: ip [IP_ADDRESS] version [0.35.1] hostname [] os [linux] arch [amd64]
2021/03/08 14:55:18 [D] [control.go:219] [09b884a350dc6180] new work connection registered
2021/03/08 14:55:18 [D] [control.go:219] [0fe6663aa0adbbea] new work connection registered
2021/03/08 14:55:19 [I] [tcp.go:63] [0fe6663aa0adbbea] [sshasc] tcp proxy listen port [8000]
2021/03/08 14:55:19 [I] [control.go:446] [0fe6663aa0adbbea] new proxy [sshasc] success
2021/03/08 14:55:19 [I] [tcp.go:63] [0fe6663aa0adbbea] [winbox] tcp proxy listen port [8291]
2021/03/08 14:55:19 [I] [control.go:446] [0fe6663aa0adbbea] new proxy [winbox] success
2021/03/08 14:55:19 [I] [tcp.go:63] [09b884a350dc6180] [ssh] tcp proxy listen port [6000]
2021/03/08 14:55:19 [I] [control.go:446] [09b884a350dc6180] new proxy [ssh] success
2021/03/08 14:55:19 [I] [https.go:63] [09b884a350dc6180] [axis] https proxy listen for host [DOMAIN]
2021/03/08 14:55:19 [I] [control.go:446] [09b884a350dc6180] new proxy [axis] success
2021/03/08 14:55:48 [D] [control.go:475] [09b884a350dc6180] receive heartbeat
2021/03/08 14:55:48 [D] [control.go:475] [0fe6663aa0adbbea] receive heartbeat
2021/03/08 14:57:36 [D] [vhost.go:147] get hostname from http/https request error: readHandshake: type[32] is not clientHello
2021/03/08 14:57:37 [D] [vhost.go:147] get hostname from http/https request error: readHandshake: type[32] is not clientHello
2021/03/08 14:57:41 [D] [vhost.go:147] get hostname from http/https request error: Unknown error
2021/03/08 14:57:41 [D] [vhost.go:147] get hostname from http/https request error: Unknown error
2021/03/08 14:57:42 [D] [vhost.go:147] get hostname from http/https request error: Unknown error
2021/03/08 14:57:42 [D] [vhost.go:147] get hostname from http/https request error: Unknown error

Steps to reproduce the issue

  1. Setup FRP using the above configs
  2. Use Nginx as a reverse proxy from the domain to the vhost_https_port
  3. Trying to access the service that FRP should forward

Supplementary information

  • FRP is run using Docker
  • Nginx-Proxy Docker container is used as a reverse proxy from the domain to the vhost_https_port defined in the FRP config.
  • I also looked at #1218, but it did not help fix my problem.

Can you guess what caused this issue

Checklist:

  • I included all information required in the sections above
  • I made sure there are no duplicates of this report (Use Search)
Originally created by @TannerGabriel on GitHub (Mar 8, 2021). Original GitHub issue: https://github.com/fatedier/frp/issues/2286 <!-- From Chinese to English by machine translation, welcome to revise and polish. --> <!-- ⚠️⚠️ Incomplete reports will be marked as invalid, and closed, with few exceptions ⚠️⚠️ --> <!-- in addition, please use search well so that the same solution can be found in the feedback, we will close it directly --> <!-- for convenience of differentiation, use FRPS or FRPC to refer to the FRP server or client --> **[REQUIRED] hat version of frp are you using** <!-- Use ./frpc -v or ./frps -v --> Version: 0.35.1 **[REQUIRED] What operating system and processor architecture are you using** OS: Ubuntu CPU architecture: x86 **[REQUIRED] description of errors** When trying to forward a service from a local PC using HTTPS with an SSL certificate the service is not accessible. When I visit the domain that I specified I just get a 502 Nginx error code. If I try to access it directly over the IP-Address using IP_ADDRESS:vhost_https_port I get the following error messages: ``` 2021/03/08 13:40:06 [D] [vhost.go:191] [9cc6d8983f363ef0] [axis] get new http request host [axis.hascy.at] path [] 2021/03/08 13:40:06 [I] [proxy.go:162] [9cc6d8983f363ef0] [axis] get a user connection [ADDRESS] 2021/03/08 13:40:06 [D] [control.go:248] [9cc6d8983f363ef0] get work connection from pool 2021/03/08 13:40:06 [D] [proxy.go:103] [9cc6d8983f363ef0] [axis] get a new work connection: [ADDRESS] 2021/03/08 13:40:06 [D] [proxy.go:273] [9cc6d8983f363ef0] [axis] join connections, workConn(l[ADDRESS] r[ADDRESS]) userConn(l[ADDRESS] r[ADDRESS]) 2021/03/08 13:40:06 [D] [proxy.go:283] [9cc6d8983f363ef0] [axis] join connections closed 2021/03/08 13:40:06 [D] [control.go:219] [9cc6d8983f363ef0] new work connection registered 2021/03/08 13:40:15 [D] [control.go:475] [0fe6663aa0adbbea] receive heartbeat 2021/03/08 13:40:26 [D] [control.go:475] [9cc6d8983f363ef0] receive heartbeat 2021/03/08 13:40:39 [D] [vhost.go:147] get hostname from http/https request error: readHandshake: type[32] is not clientHello 2021/03/08 13:40:40 [D] [vhost.go:147] get hostname from http/https request error: readHandshake: type[32] is not clientHello 2021/03/08 13:40:43 [D] [vhost.go:147] get hostname from http/https request error: Unknown error 2021/03/08 13:40:43 [D] [vhost.go:147] get hostname from http/https request error: Unknown error 2021/03/08 13:40:44 [D] [vhost.go:147] get hostname from http/https request error: Unknown error 2021/03/08 13:40:44 [D] [vhost.go:147] get hostname from http/https request error: Unknown error 2021/03/08 13:40:45 [D] [vhost.go:147] get hostname from http/https request error: Unknown error 2021/03/08 13:40:45 [D] [vhost.go:147] get hostname from http/https request error: Unknown error ``` **confile** <!-- Please pay attention to hiding the token, server_addr and other privacy information --> FRPS: ``` [common] bind_port = 7000 vhost_https_port = 8300 vhost_http_port = 8400 authentication_method = token token = test subdomain_host = $DOMAIN log_file = console # debug, info, warn, error log_level = debug ``` FRPC: ``` [common] server_addr = ${FRP_SERVER_ADDR} server_port = 7000 authentication_method = token token = test log_file = console # debug, info, warn, error log_level = debug [axis] type = https local_port=9000 subdomain = axis health_check_type = tcp health_check_timeout_s = 3 health_check_max_failed = 3 health_check_interval_s = 10 ``` **log file** <!-- If the file is too large, use Pastebin, for example https://pastebin.ubuntu.com/ --> ``` 2021/03/08 14:55:18 [I] [root.go:108] frps uses config file: /tmp/frps.ini 2021/03/08 14:55:18 [I] [service.go:190] frps tcp listen on 0.0.0.0:7000 2021/03/08 14:55:18 [I] [service.go:232] http service listen on 0.0.0.0:8400 2021/03/08 14:55:18 [I] [service.go:253] https service listen on 0.0.0.0:8300 2021/03/08 14:55:18 [I] [root.go:217] frps started successfully 2021/03/08 14:55:18 [I] [service.go:444] [0fe6663aa0adbbea] client login info: ip [IP_ADDRESS] version [0.34.1] hostname [] os [linux] arch [amd64] 2021/03/08 14:55:18 [I] [service.go:444] [09b884a350dc6180] client login info: ip [IP_ADDRESS] version [0.35.1] hostname [] os [linux] arch [amd64] 2021/03/08 14:55:18 [D] [control.go:219] [09b884a350dc6180] new work connection registered 2021/03/08 14:55:18 [D] [control.go:219] [0fe6663aa0adbbea] new work connection registered 2021/03/08 14:55:19 [I] [tcp.go:63] [0fe6663aa0adbbea] [sshasc] tcp proxy listen port [8000] 2021/03/08 14:55:19 [I] [control.go:446] [0fe6663aa0adbbea] new proxy [sshasc] success 2021/03/08 14:55:19 [I] [tcp.go:63] [0fe6663aa0adbbea] [winbox] tcp proxy listen port [8291] 2021/03/08 14:55:19 [I] [control.go:446] [0fe6663aa0adbbea] new proxy [winbox] success 2021/03/08 14:55:19 [I] [tcp.go:63] [09b884a350dc6180] [ssh] tcp proxy listen port [6000] 2021/03/08 14:55:19 [I] [control.go:446] [09b884a350dc6180] new proxy [ssh] success 2021/03/08 14:55:19 [I] [https.go:63] [09b884a350dc6180] [axis] https proxy listen for host [DOMAIN] 2021/03/08 14:55:19 [I] [control.go:446] [09b884a350dc6180] new proxy [axis] success 2021/03/08 14:55:48 [D] [control.go:475] [09b884a350dc6180] receive heartbeat 2021/03/08 14:55:48 [D] [control.go:475] [0fe6663aa0adbbea] receive heartbeat 2021/03/08 14:57:36 [D] [vhost.go:147] get hostname from http/https request error: readHandshake: type[32] is not clientHello 2021/03/08 14:57:37 [D] [vhost.go:147] get hostname from http/https request error: readHandshake: type[32] is not clientHello 2021/03/08 14:57:41 [D] [vhost.go:147] get hostname from http/https request error: Unknown error 2021/03/08 14:57:41 [D] [vhost.go:147] get hostname from http/https request error: Unknown error 2021/03/08 14:57:42 [D] [vhost.go:147] get hostname from http/https request error: Unknown error 2021/03/08 14:57:42 [D] [vhost.go:147] get hostname from http/https request error: Unknown error ``` **Steps to reproduce the issue** 1. Setup FRP using the above configs 2. Use Nginx as a reverse proxy from the domain to the `vhost_https_port` 3. Trying to access the service that FRP should forward **Supplementary information** - FRP is run using Docker - [Nginx-Proxy](https://github.com/nginx-proxy/nginx-proxy) Docker container is used as a reverse proxy from the domain to the `vhost_https_port` defined in the FRP config. - I also looked at #1218, but it did not help fix my problem. **Can you guess what caused this issue** **Checklist**: <!--- Make sure you've completed the following steps (put an "X" between of brackets): --> - [X] I included all information required in the sections above - [X] I made sure there are no duplicates of this report [(Use Search)](https://github.com/fatedier/frp/issues?q=is%3Aissue)
gitea-mirror commented 2026-05-05 13:10:29 -06:00
Author
Owner
Copy link

@yuyulei commented on GitHub (Mar 12, 2021):

2021/03/08 13:40:39 [D] [vhost.go:147] get hostname from http/https request error: readHandshake: type[32] is not clientHello

Is the schema of request that frps received http? Can you try after editing type = http ?

<!-- gh-comment-id:797206845 --> @yuyulei commented on GitHub (Mar 12, 2021): > 2021/03/08 13:40:39 [D] [vhost.go:147] get hostname from http/https request error: readHandshake: type[32] is not clientHello Is the schema of request that frps received `http`? Can you try after editing `type = http` ?
gitea-mirror commented 2026-05-05 13:10:30 -06:00
Author
Owner
Copy link

@TannerGabriel commented on GitHub (Mar 14, 2021):

Thank you for the response. I tried it out, but no change. I also tried the https2http plugin hoping that might help, but it didn't. Am I right to assume that I can use the LetsEncrypt certificates that I generated for the domain and also use in NGINX?

[axis]
type = https
custom_domains = axis.example.com
plugin = https2http
plugin_local_addr = 127.0.0.1:9000
plugin_crt_path = ./server.crt
plugin_key_path = ./server.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp
<!-- gh-comment-id:798868759 --> @TannerGabriel commented on GitHub (Mar 14, 2021): Thank you for the response. I tried it out, but no change. I also tried the `https2http` plugin hoping that might help, but it didn't. Am I right to assume that I can use the LetsEncrypt certificates that I generated for the domain and also use in NGINX? ``` [axis] type = https custom_domains = axis.example.com plugin = https2http plugin_local_addr = 127.0.0.1:9000 plugin_crt_path = ./server.crt plugin_key_path = ./server.key plugin_host_header_rewrite = 127.0.0.1 plugin_header_X-From-Where = frp ```
gitea-mirror commented 2026-05-05 13:10:30 -06:00
Author
Owner
Copy link

@TannerGabriel commented on GitHub (Mar 17, 2021):

Thank you for the help. I just found a workaround for my problem. I now use type = tcp to forward the HTTP traffic and then use an Nginx reverse proxy to get the HTTPS traffic to my service.

<!-- gh-comment-id:800844842 --> @TannerGabriel commented on GitHub (Mar 17, 2021): Thank you for the help. I just found a workaround for my problem. I now use `type = tcp` to forward the HTTP traffic and then use an Nginx reverse proxy to get the HTTPS traffic to my service.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#1817
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?