[GH-ISSUE #2829] Cannot enable https, and get an error " first record does not look like a TLS handshake" #2265

New issue

Closed

opened 2026-05-05 13:27:33 -06:00 by gitea-mirror · 6 comments

gitea-mirror commented 2026-05-05 13:27:33 -06:00

Owner

Copy link

Originally created by @Line233 on GitHub (Mar 7, 2022).
Original GitHub issue: https://github.com/fatedier/frp/issues/2829

Bug Description

I want to enable https for my local http service, but it failed.
Detail:
I start a http service at 127.0.0.1:8000. Then I start frpc to transport 127.0.0.1:8000 to my public server using HTTPS and HTTP.
I can visit my service through my public server using HTTP, but cannot with HTTPS
I get an error from frps: "get hostname from http/https request error: tls: first record does not look like a TLS handshake"

frpc Version

0.39.1

frps Version

0.39.1

System Architecture

linux/amd64

Configurations

frpc.ini:

[common]
server_addr = {public_server_ip}
server_port = 10051
token = {my_token}
protocol=tcp
log_level=debug


[http]
type = http
local_ip =127.0.0.1
local_port = 8000


[https]
type = https
custom_domains = {public_server_ip}

plugin = https2http
plugin_local_addr = 127.0.0.1:8000
plugin_crt_path = /root/config/nginx-selfsigned.crt
plugin_key_path = /root/config/nginx-selfsigned.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp

fops.ini:

[common]
bind_port = 10051

token = {my_token}

log_level=debug
vhost_http_port=10057
vhost_https_port=10056

Logs

frpc

2022/03/07 12:56:53 [I] [service.go:327] [6c9356d5f2913d13] login to server success, get run id [6c9356d5f2913d13], server udp port [0]
2022/03/07 12:56:53 [I] [proxy_manager.go:144] [6c9356d5f2913d13] proxy added: [http https]
2022/03/07 12:56:53 [I] [control.go:181] [6c9356d5f2913d13] [https] start proxy success
2022/03/07 12:56:53 [I] [control.go:181] [6c9356d5f2913d13] [http] start proxy success

frps

2022/03/07 04:56:49 [I] [root.go:200] frps uses config file: ./frps.ini
2022/03/07 04:56:50 [I] [service.go:193] frps tcp listen on 0.0.0.0:10051
2022/03/07 04:56:50 [I] [service.go:236] http service listen on 0.0.0.0:10057
2022/03/07 04:56:50 [I] [service.go:251] https service listen on 0.0.0.0:10056
2022/03/07 04:56:50 [I] [root.go:209] frps started successfully
2022/03/07 04:56:53 [I] [service.go:449] [6c9356d5f2913d13] client login info: ip [{local_server_ip}] version [0.39.1] hostname [] os [linux] arch [amd64]
2022/03/07 04:56:53 [I] [https.go:51] [6c9356d5f2913d13] [https] https proxy listen for host [{public_server_ip}]
2022/03/07 04:56:53 [I] [control.go:451] [6c9356d5f2913d13] new proxy [https] success
2022/03/07 04:56:53 [I] [http.go:92] [6c9356d5f2913d13] [http] http proxy listen for host [{public_server_ip}] location [] group []
2022/03/07 04:56:53 [I] [control.go:451] [6c9356d5f2913d13] new proxy [http] success
2022/03/07 04:56:53 [D] [control.go:219] [6c9356d5f2913d13] new work connection registered
2022/03/07 04:57:02 [D] [vhost.go:147] get hostname from http/https request error: tls: first record does not look like a TLS handshake
2022/03/07 04:57:02 [D] [vhost.go:147] get hostname from http/https request error: tls: first record does not look like a TLS handshake
2022/03/07 04:57:03 [D] [vhost.go:147] get hostname from http/https request error: tls: first record does not look like a TLS handshake

Steps to reproduce

1. start a service on a local machine on 127.0.0.1:8000.
2. start frps on the public server with the config file above
3. start frpc on the local machine with the config file above
4. visit {public_server_ip}:{https_port}

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others

Originally created by @Line233 on GitHub (Mar 7, 2022). Original GitHub issue: https://github.com/fatedier/frp/issues/2829 ### Bug Description I want to enable https for my local http service, but it failed. Detail: I start a http service at 127.0.0.1:8000. Then I start frpc to transport 127.0.0.1:8000 to my public server using HTTPS and HTTP. I can visit my service through my public server using HTTP, but cannot with HTTPS I get an error from frps: "get hostname from http/https request error: tls: first record does not look like a TLS handshake" ### frpc Version 0.39.1 ### frps Version 0.39.1 ### System Architecture linux/amd64 ### Configurations frpc.ini: ``` [common] server_addr = {public_server_ip} server_port = 10051 token = {my_token} protocol=tcp log_level=debug [http] type = http local_ip =127.0.0.1 local_port = 8000 [https] type = https custom_domains = {public_server_ip} plugin = https2http plugin_local_addr = 127.0.0.1:8000 plugin_crt_path = /root/config/nginx-selfsigned.crt plugin_key_path = /root/config/nginx-selfsigned.key plugin_host_header_rewrite = 127.0.0.1 plugin_header_X-From-Where = frp ``` fops.ini: ``` [common] bind_port = 10051 token = {my_token} log_level=debug vhost_http_port=10057 vhost_https_port=10056 ``` ### Logs frpc ``` 2022/03/07 12:56:53 [I] [service.go:327] [6c9356d5f2913d13] login to server success, get run id [6c9356d5f2913d13], server udp port [0] 2022/03/07 12:56:53 [I] [proxy_manager.go:144] [6c9356d5f2913d13] proxy added: [http https] 2022/03/07 12:56:53 [I] [control.go:181] [6c9356d5f2913d13] [https] start proxy success 2022/03/07 12:56:53 [I] [control.go:181] [6c9356d5f2913d13] [http] start proxy success ``` frps ``` 2022/03/07 04:56:49 [I] [root.go:200] frps uses config file: ./frps.ini 2022/03/07 04:56:50 [I] [service.go:193] frps tcp listen on 0.0.0.0:10051 2022/03/07 04:56:50 [I] [service.go:236] http service listen on 0.0.0.0:10057 2022/03/07 04:56:50 [I] [service.go:251] https service listen on 0.0.0.0:10056 2022/03/07 04:56:50 [I] [root.go:209] frps started successfully 2022/03/07 04:56:53 [I] [service.go:449] [6c9356d5f2913d13] client login info: ip [{local_server_ip}] version [0.39.1] hostname [] os [linux] arch [amd64] 2022/03/07 04:56:53 [I] [https.go:51] [6c9356d5f2913d13] [https] https proxy listen for host [{public_server_ip}] 2022/03/07 04:56:53 [I] [control.go:451] [6c9356d5f2913d13] new proxy [https] success 2022/03/07 04:56:53 [I] [http.go:92] [6c9356d5f2913d13] [http] http proxy listen for host [{public_server_ip}] location [] group [] 2022/03/07 04:56:53 [I] [control.go:451] [6c9356d5f2913d13] new proxy [http] success 2022/03/07 04:56:53 [D] [control.go:219] [6c9356d5f2913d13] new work connection registered 2022/03/07 04:57:02 [D] [vhost.go:147] get hostname from http/https request error: tls: first record does not look like a TLS handshake 2022/03/07 04:57:02 [D] [vhost.go:147] get hostname from http/https request error: tls: first record does not look like a TLS handshake 2022/03/07 04:57:03 [D] [vhost.go:147] get hostname from http/https request error: tls: first record does not look like a TLS handshake ``` ### Steps to reproduce 1. start a service on a local machine on 127.0.0.1:8000. 2. start frps on the public server with the config file above 3. start frpc on the local machine with the config file above 4. visit {public_server_ip}:{https_port} ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [X] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror 2026-05-05 13:27:33 -06:00

• closed this issue
• added the
  lifecycle/stale
  label

gitea-mirror commented 2026-05-05 13:27:36 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Mar 7, 2022):

Make sure you use https to visit port 10056.

<!-- gh-comment-id:1060222380 --> @fatedier commented on GitHub (Mar 7, 2022): Make sure you use https to visit port 10056.

gitea-mirror commented 2026-05-05 13:27:37 -06:00

Author

Owner

Copy link

@Line233 commented on GitHub (Mar 7, 2022):

@fatedier
If I directly visit {sever_ip}:10056, I will get [vhost.go:147] get hostname from http/https request error: tls: first record does not look like a TLS handshake from frps.
If I visit https://{server_ip}:10056, I will get [vhost.go:158] http request for host [] path [] not found from frps.

<!-- gh-comment-id:1060228333 --> @Line233 commented on GitHub (Mar 7, 2022): @fatedier If I directly visit {sever_ip}:10056, I will get `[vhost.go:147] get hostname from http/https request error: tls: first record does not look like a TLS handshake` from frps. If I visit https://{server_ip}:10056, I will get `[vhost.go:158] http request for host [] path [] not found` from frps.

gitea-mirror commented 2026-05-05 13:27:38 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Mar 7, 2022):

server_ip -> your domain

<!-- gh-comment-id:1060231953 --> @fatedier commented on GitHub (Mar 7, 2022): server_ip -> your domain

gitea-mirror commented 2026-05-05 13:27:39 -06:00

Author

Owner

Copy link

@Line233 commented on GitHub (Mar 7, 2022):

thanks, it works if I visit my domain.
Besides, is it possible to use https only with ip address?
thx!

<!-- gh-comment-id:1060532684 --> @Line233 commented on GitHub (Mar 7, 2022): thanks, it works if I visit my domain. Besides, is it possible to use https only with ip address? thx!

gitea-mirror commented 2026-05-05 13:27:39 -06:00

Author

Owner

Copy link

@blizard863 commented on GitHub (Mar 10, 2022):

Yes, but not recommended. https://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name#:~:text=The%20short%20answer%20is%20yes,is%20a%20public%20IP%20address.

<!-- gh-comment-id:1063552354 --> @blizard863 commented on GitHub (Mar 10, 2022): > Yes, but not recommended. https://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name#:~:text=The%20short%20answer%20is%20yes,is%20a%20public%20IP%20address.

gitea-mirror commented 2026-05-05 13:27:40 -06:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Apr 10, 2022):

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

<!-- gh-comment-id:1094148710 --> @github-actions[bot] commented on GitHub (Apr 10, 2022): Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

gitea-mirror referenced this issue 2026-05-05 14:44:02 -06:00

[PR #2265] [CLOSED] Create autocloser.yml #4539

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2265

No description provided.