github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 16:15:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #2799] autocert support #2238

New issue
Open
opened 2026-05-05 13:26:21 -06:00 by gitea-mirror · 7 comments
gitea-mirror commented 2026-05-05 13:26:21 -06:00
Owner
Copy link

Originally created by @tcurdt on GitHub (Feb 14, 2022).
Original GitHub issue: https://github.com/fatedier/frp/issues/2799

Describe the feature request

A public facing https port needs a cert. It would be nice if the cert could automatically be obtained from letsencrypt.

Describe alternatives you've considered

I guess one could use caddy as another proxy in front - but that is less than ideal. It would be better to integrate

https://go-acme.github.io/lego/usage/library/

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @tcurdt on GitHub (Feb 14, 2022). Original GitHub issue: https://github.com/fatedier/frp/issues/2799 ### Describe the feature request A public facing https port needs a cert. It would be nice if the cert could automatically be obtained from letsencrypt. ### Describe alternatives you've considered I guess one could use caddy as another proxy in front - but that is less than ideal. It would be better to integrate https://go-acme.github.io/lego/usage/library/ ### Affected area - [X] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [ ] User Experience - [X] Test and Release - [ ] Developer Infrastructure - [X] Client Plugin - [X] Server Plugin - [X] Extensions - [ ] Others
gitea-mirror added the
todo
 label 2026-05-05 13:26:21 -06:00
gitea-mirror commented 2026-05-05 13:26:23 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Feb 15, 2022):

Can you describe more about your configures?

<!-- gh-comment-id:1039800313 --> @fatedier commented on GitHub (Feb 15, 2022): Can you describe more about your configures?
gitea-mirror commented 2026-05-05 13:26:24 -06:00
Author
Owner
Copy link

@tcurdt commented on GitHub (Feb 15, 2022):

Let's say I have a http service on the LAN and I want to expose that via https on the a public machine.

I guess one could use frp to create a tunnel and then use e.g. caddy as a reverse proxy to that. Or maybe use cert-manager in DNS mode to obtain letsencrypt certs. Both not ideal.

It seems frp already supports TLS - so why not support getting the cert via acme directly?

<!-- gh-comment-id:1040128997 --> @tcurdt commented on GitHub (Feb 15, 2022): Let's say I have a http service on the LAN and I want to expose that via https on the a public machine. I guess one could use `frp` to create a tunnel and then use e.g. `caddy` as a reverse proxy to that. Or maybe use `cert-manager` in DNS mode to obtain letsencrypt certs. Both not ideal. It seems `frp` [already supports TLS](https://github.com/fatedier/frp#enable-https-for-local-https-service) - so why not support getting the cert via acme directly?
gitea-mirror commented 2026-05-05 13:26:25 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Feb 15, 2022):

That makes sense.

I plan to support it in frp v2. Usage of HTTPS will be refactored future.

If it's easy to implement, i will add this in current release.

<!-- gh-comment-id:1040228342 --> @fatedier commented on GitHub (Feb 15, 2022): That makes sense. I plan to support it in frp v2. Usage of HTTPS will be refactored future. If it's easy to implement, i will add this in current release.
gitea-mirror commented 2026-05-05 13:26:26 -06:00
Author
Owner
Copy link

@almereyda commented on GitHub (Sep 21, 2022):

In case one wanted to adopt implementation strategies from other approaches, there is boringproxy.io, which reuses caddyserver/certmagic for the task.

<!-- gh-comment-id:1253191154 --> @almereyda commented on GitHub (Sep 21, 2022): In case one wanted to adopt implementation strategies from other approaches, there is [boringproxy.io](https://boringproxy.io/), which reuses [caddyserver/certmagic](https://github.com/caddyserver/certmagic) for the task.
gitea-mirror commented 2026-05-05 13:26:26 -06:00
Author
Owner
Copy link

@dest1n1s commented on GitHub (Aug 11, 2024):

Any progress on this? It'd be nice if frp supports automatic certificate renewal since it's cumbersome to have the certificates renewed on the relay server and then move them to the host.

<!-- gh-comment-id:2282803267 --> @dest1n1s commented on GitHub (Aug 11, 2024): Any progress on this? It'd be nice if `frp` supports automatic certificate renewal since it's cumbersome to have the certificates renewed on the relay server and then move them to the host.
gitea-mirror commented 2026-05-05 13:26:27 -06:00
Author
Owner
Copy link

@trajche commented on GitHub (Dec 25, 2025):

@fatedier I took a stab at this over here: https://github.com/trajche/frp

It works but frpc proxies must be set to http. It does not use the ACME wildcard (DNS verification), only web server one.

I added "feature gates" as a concept to server too to enable this so it doesn't cause issues with the rest.

<!-- gh-comment-id:3691666859 --> @trajche commented on GitHub (Dec 25, 2025): @fatedier I took a stab at this over here: https://github.com/trajche/frp It works but frpc proxies must be set to http. It does not use the ACME wildcard (DNS verification), only web server one. I added "feature gates" as a concept to server too to enable this so it doesn't cause issues with the rest.
gitea-mirror commented 2026-05-05 13:26:27 -06:00
Author
Owner
Copy link

@bbplatforma commented on GitHub (Mar 24, 2026):

Hi. Can this together be addressed, frps then will be near perfect :)

https://github.com/fatedier/frp/issues/2946

<!-- gh-comment-id:4115759908 --> @bbplatforma commented on GitHub (Mar 24, 2026): Hi. Can this together be addressed, frps then will be near perfect :) https://github.com/fatedier/frp/issues/2946
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2238
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?