[GH-ISSUE #2642] tls: first record does not look like a TLS handshake error from frps

gitea-mirror commented

2026-05-05 13:21:14 -06:00

Owner

Originally created by @drew2323 on GitHub (Oct 31, 2021).
Original GitHub issue: https://github.com/fatedier/frp/issues/2642

Bug Description

My goal

on my home local network behind NAT I have home assistant server(running https on specific port) - (https://192.168.1.1:8123)
I want to make these pages available via my current public server on subdomain sub.domain.com but on standard port 80 and/or 443 (not 8123)
My public server which serves domain.com uses NGINX for ports 80/443 - thus i want to configure subdomain in nginx and then send it to frps

How i did it

I installed frps on public server (configured to use vhost_https_port = 44300)
I installed frpc on my local server (see conf.below)
now it works - i can access https://sub.domain1.com:44300 -and it tunnels to my local network
but i want to use port 80 and/or 443 - thus i need to use NGINX to route my subdomain port 80 and/or 443 to frps port 44300

I use simple configuration

server {
listen 80;
listen 443;
server_name sub.domain.com;

location / {
    proxy_pass http://0.0.0.0:44300;
}

}

but then i get error 502 - bad gateway error from NGINX

2021/10/31 14:49:03 [error] 1151786#1151786: *15988 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 41.15.31.118, server: sub.domain.com, request: "GET / HTTP/1.1", upstream: "http://0.0.0.0:44300/", host: "ub.domain.com"

which is this error from FRPS log:

2021/10/31 13:30:04 [D] [vhost.go:147] get hostname from http/https request error: tls: first record does not look like a TLS handshake

Any ideas how to solve this?

frpc Version

0.38

frps Version

0.38

System Architecture

linux/amd63 on server, linux/arm64 on client

Configurations

frps.ini
[common]
server_addr = 151.60.129.11
server_port = 7000
vhost_https_port = 44300

frpc.ini
[local]
type = https
local_port = 8123

Logs

2021/10/31 13:30:04 [D] [vhost.go:147] get hostname from http/https request error: tls: first record does not look like a TLS handshake

Steps to reproduce

...

Affected area

Docs
Installation
Performance and Scalability
Security
User Experience
Test and Release
Developer Infrastructure
Client Plugin
Server Plugin
Extensions
Others

Originally created by @drew2323 on GitHub (Oct 31, 2021). Original GitHub issue: https://github.com/fatedier/frp/issues/2642 ### Bug Description **My goal** 1) on my home local network behind NAT I have home assistant server(running https on specific port) - (https://192.168.1.1:8123) 2) I want to make these pages available via my current public server on subdomain sub.domain.com but on standard port 80 and/or 443 (not 8123) 3) My public server which serves domain.com uses NGINX for ports 80/443 - thus i want to configure subdomain in nginx and then send it to frps **How i did it** 1) I installed frps on public server (configured to use vhost_https_port = 44300) 2) I installed frpc on my local server (see conf.below) 3) now it works - i can access https://sub.domain1.com:44300 -and it tunnels to my local network 4) but i want to use port 80 and/or 443 - thus i need to use NGINX to route my subdomain port 80 and/or 443 to frps port 44300 I use simple configuration server { listen 80; listen 443; server_name sub.domain.com; location / { proxy_pass http://0.0.0.0:44300; } } but then i get error 502 - bad gateway error from NGINX 2021/10/31 14:49:03 [error] 1151786#1151786: *15988 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 41.15.31.118, server: sub.domain.com, request: "GET / HTTP/1.1", upstream: "http://0.0.0.0:44300/", host: "ub.domain.com" **which is this error from FRPS log:** 2021/10/31 13:30:04 [D] [vhost.go:147] get hostname from http/https request error: tls: first record does not look like a TLS handshake Any ideas how to solve this? ### frpc Version 0.38 ### frps Version 0.38 ### System Architecture linux/amd63 on server, linux/arm64 on client ### Configurations **frps.ini** [common] server_addr = 151.60.129.11 server_port = 7000 vhost_https_port = 44300 **frpc.ini** [local] type = https local_port = 8123 ### Logs 2021/10/31 13:30:04 [D] [vhost.go:147] get hostname from http/https request error: tls: first record does not look like a TLS handshake ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [X] Client Plugin - [X] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror closed this issue

2026-05-05 13:21:16 -06:00

gitea-mirror commented

2026-05-05 13:21:17 -06:00

Author

Owner

@drew2323 commented on GitHub (Oct 31, 2021):

Well I was able to do workaround by forwarding whole TCP. Still i wonder why https didnt work.

@drew2323 commented on GitHub (Oct 31, 2021): Well I was able to do workaround by forwarding whole TCP. Still i wonder why https didnt work.

gitea-mirror commented

2026-05-05 13:21:18 -06:00

Author

Owner

@fatedier commented on GitHub (Nov 1, 2021):

proxy_pass http://0.0.0.0:44300;

Nginx will send http request to frps, so you'd better configure vhost_http_port and use type http in frp.

@fatedier commented on GitHub (Nov 1, 2021): ``` proxy_pass http://0.0.0.0:44300; ``` Nginx will send http request to frps, so you'd better configure vhost_http_port and use type http in frp.

gitea-mirror commented

2026-05-05 13:21:19 -06:00

Author

Owner

@drew2323 commented on GitHub (Nov 2, 2021):

@fatedier that worked! thanks
I also had to change my local server to serve http not https (otherwise i got "http proxy request error: EOF" from frps). Now nginx takes care of certificates and communicating with client over https, reverse proxying to frp and local server over http.

@drew2323 commented on GitHub (Nov 2, 2021): @fatedier that worked! thanks I also had to change my local server to serve http not https (otherwise i got "http proxy request error: EOF" from frps). Now nginx takes care of certificates and communicating with client over https, reverse proxying to frp and local server over http.