[GH-ISSUE #3007] Terminate SSL on FRPS #2402

New issue

Closed

opened 2026-05-05 13:32:47 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 13:32:47 -06:00

Owner

Originally created by @N1v0k on GitHub (Jul 6, 2022).
Original GitHub issue: https://github.com/fatedier/frp/issues/3007

How can I terminate SSL on the FRPS Server?

I'd like to have a https connection to frps and http connection (maybe with use_encryption) between frps and frpc.

Is this possible? I don't want to distribute private keys to local machines.

I also do not understand why frpc needs keys to communicate with tls to frps.
FRPS is the Server here, why does the client need keys? Am I missing something here?

Originally created by @N1v0k on GitHub (Jul 6, 2022). Original GitHub issue: https://github.com/fatedier/frp/issues/3007 How can I terminate SSL on the FRPS Server? I'd like to have a https connection to frps and http connection (maybe with use_encryption) between frps and frpc. Is this possible? I don't want to distribute private keys to local machines. I also do not understand why frpc needs keys to communicate with tls to frps. FRPS is the Server here, why does the client need keys? Am I missing something here?

gitea-mirror

2026-05-05 13:32:47 -06:00

closed this issue
added the
lifecycle/stale
label

gitea-mirror commented

2026-05-05 13:32:50 -06:00

Author

Owner

@fatedier commented on GitHub (Jul 6, 2022):

frps just parse SNI domain and forward connection to frpc, so it doesn't terminate SSL on server.

In many scenarios, frps is provided as public service and it's unsafe for users to put their certs on untrust servers.

We plan to support more features in frp v2 including more configures for tls context.

@fatedier commented on GitHub (Jul 6, 2022): frps just parse SNI domain and forward connection to frpc, so it doesn't terminate SSL on server. In many scenarios, frps is provided as public service and it's unsafe for users to put their certs on untrust servers. We plan to support more features in frp v2 including more configures for tls context.

gitea-mirror commented

2026-05-05 13:32:51 -06:00

Author

Owner

@N1v0k commented on GitHub (Jul 6, 2022):

Ok I see, so this is another use-case.

I'm currently terminating SSL with nginx on a trusted server and forwarding the requests to frps. It then forwards via encrypted connection to frpc.

Thanks for clarifing

@N1v0k commented on GitHub (Jul 6, 2022): Ok I see, so this is another use-case. I'm currently terminating SSL with nginx on a trusted server and forwarding the requests to frps. It then forwards via encrypted connection to frpc. Thanks for clarifing

gitea-mirror commented

2026-05-05 13:32:52 -06:00

Author

Owner

@github-actions[bot] commented on GitHub (Aug 6, 2022):

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

@github-actions[bot] commented on GitHub (Aug 6, 2022): Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.