[GH-ISSUE #3176] [Feature Request] 更改 frps 上的 https 证书 (Change https-certificats on frps)

gitea-mirror commented

2026-05-05 13:38:22 -06:00

Owner

Originally created by @cedricbieder on GitHub (Nov 17, 2022).
Original GitHub issue: https://github.com/fatedier/frp/issues/3176

Describe the feature request

Hi I am not sure if this features exist alreasy, but I cannot find it. I want to proxy a local-https port over my frps and change the used certificates on the frps so they match the domain of the tunnel.
For example:
tunnel my local webpage running wit the cert: "firstdomain.com"

frpc:

[8443]
type=https
local_ip=127.0.0.1
local_port=8443
subdomain=sub

[common]
server_addr=serverdomain.com
server_port=80
authentication_method=token
token=megasecret

frps:

[common]
subdomain_host = serverdomain.com
bind_port = 80
vhost_https_port = 80
token = megasecret

If I call now https://sub.serverdomain.com I get my local running page but still have the certificate of firstdomain.com which end in a not so pretty warning/error of the browser. It would be nice if you can swap here the certs to *.serverdomain.com or something.

Can it be that this is already implemented for tls?

I am kind of new to the project so please forgive me if this is already solved. :)

Describe alternatives you've considered

No response

Affected area

Docs
Installation
Performance and Scalability
Security
User Experience
Test and Release
Developer Infrastructure
Client Plugin
Server Plugin
Extensions
Others

Originally created by @cedricbieder on GitHub (Nov 17, 2022). Original GitHub issue: https://github.com/fatedier/frp/issues/3176 ### Describe the feature request Hi I am not sure if this features exist alreasy, but I cannot find it. I want to proxy a local-https port over my frps and change the used certificates on the frps so they match the domain of the tunnel. For example: tunnel my local webpage running wit the cert: "firstdomain.com" frpc: ``` [8443] type=https local_ip=127.0.0.1 local_port=8443 subdomain=sub [common] server_addr=serverdomain.com server_port=80 authentication_method=token token=megasecret ``` frps: ``` [common] subdomain_host = serverdomain.com bind_port = 80 vhost_https_port = 80 token = megasecret ``` If I call now https://sub.serverdomain.com I get my local running page but still have the certificate of firstdomain.com which end in a not so pretty warning/error of the browser. It would be nice if you can swap here the certs to *.serverdomain.com or something. Can it be that this is already implemented for tls? I am kind of new to the project so please forgive me if this is already solved. :) ### Describe alternatives you've considered _No response_ ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [X] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [X] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror

2026-05-05 13:38:22 -06:00

closed this issue
added the
lifecycle/stale
label

gitea-mirror commented

2026-05-05 13:38:25 -06:00

Author

Owner

@fatedier commented on GitHub (Nov 18, 2022):

Not supported now.

You can use plugin https2http and put your certs on frpc's machine.

@fatedier commented on GitHub (Nov 18, 2022): Not supported now. You can use plugin [https2http](https://github.com/fatedier/frp#enable-https-for-local-https-service) and put your certs on frpc's machine.

gitea-mirror commented

2026-05-05 13:38:26 -06:00

Author

Owner

@github-actions[bot] commented on GitHub (Dec 19, 2022):

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

@github-actions[bot] commented on GitHub (Dec 19, 2022): Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.