github-starred/frp

Fork 0

mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00

[GH-ISSUE #359] nginx 反向代理到 https 报 502 #263

New issue

Closed

opened 2026-05-05 12:04:00 -06:00 by gitea-mirror · 10 comments

gitea-mirror commented

2026-05-05 12:04:00 -06:00

Owner

Originally created by @JaynLau on GitHub (Jun 11, 2017).
Original GitHub issue: https://github.com/fatedier/frp/issues/359

What version of frp are you using (./frpc -v or ./frps -v)?
0.10, 0.11, 0.12(解决0.10和0.11不能加密传输的测试版)

What operating system and processor architecture are you using (go env)?
server: CentOS 7.3 amd64
client: Windows 10 amd64

Configures you used:
frps.ini

[common]
bind_addr = 0.0.0.0
bind_port = 7000
vhost_http_port = 7080
vhost_https_port = 7443
privilege_token = 12345678
subdomain_host = example.com

frpc.ini

[common]
server_addr = x.x.x.x
server_port = 7000
privilege_token = 12345678

[test-http]
type = http
local_ip = 127.0.0.1
local_port = 8080
use_encryption = true
use_compression = true
subdomain = test

[test-https]
type = https
local_ip = 127.0.0.1
local_port = 8443
use_compression = true
subdomain = test

[test-tcp-ssl]
type = tcp
local_ip = 127.0.0.1
local_port = 8443
remote_port = 17443
use_compression = true

Steps to reproduce the issue:

配置 nginx 反向代理并重新加载 nginx 配置

server {
  listen 80;
  server_name *.example.com;
  location / {
    proxy_pass        http://127.0.0.1:7080;
    proxy_set_header  Host    $host;
    proxy_set_header  Connection keep-alive;
    proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
  }
}
server {
  listen 443 ssl http2;
  server_name *.example.com;
  location / {
    proxy_pass        https://127.0.0.1:7443;  # frpc.ini: [test-https]
    #proxy_pass        https://127.0.0.1:17443;  # frpc.ini: [test-tcp-ssl]
    proxy_set_header  Host    $host;
    proxy_set_header  Connection keep-alive;
    proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
  }
}

本地使用 tomcat 或 jetty 开启 8080 监听 http, 8443 监听 https, 启动 tomcat 或 jetty
分别在浏览器里面输入地址 http://test.example.com 和 https://test.example.com

Describe the results you received:
http 能正常出数据，https 浏览器就显示 502 错误 (proxy_pass https://127.0.0.1:7443) (frp https)
http 和 https 都正常出数据 (proxy_pass https://127.0.0.1:17443) (frp tcp)
所有配置直接访问公网服务器 frps 的端口都能正常出数据

Describe the results you expected:
http 和 https 都应该正常出数据

Additional information you deem important (e.g. issue happens only occasionally):

Can you point out what caused this issue (optional)
猜测在 frp 处理 https 的时候出问题了

Originally created by @JaynLau on GitHub (Jun 11, 2017). Original GitHub issue: https://github.com/fatedier/frp/issues/359 **What version of frp are you using (./frpc -v or ./frps -v)?** 0.10, 0.11, 0.12(解决0.10和0.11不能加密传输的测试版) **What operating system and processor architecture are you using (`go env`)?** server: CentOS 7.3 amd64 client: Windows 10 amd64 **Configures you used:** frps.ini ``` [common] bind_addr = 0.0.0.0 bind_port = 7000 vhost_http_port = 7080 vhost_https_port = 7443 privilege_token = 12345678 subdomain_host = example.com ``` frpc.ini ``` [common] server_addr = x.x.x.x server_port = 7000 privilege_token = 12345678 [test-http] type = http local_ip = 127.0.0.1 local_port = 8080 use_encryption = true use_compression = true subdomain = test [test-https] type = https local_ip = 127.0.0.1 local_port = 8443 use_compression = true subdomain = test [test-tcp-ssl] type = tcp local_ip = 127.0.0.1 local_port = 8443 remote_port = 17443 use_compression = true ``` **Steps to reproduce the issue:** 1. 配置 nginx 反向代理并重新加载 nginx 配置 ``` server { listen 80; server_name *.example.com; location / { proxy_pass http://127.0.0.1:7080; proxy_set_header Host $host; proxy_set_header Connection keep-alive; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 443 ssl http2; server_name *.example.com; location / { proxy_pass https://127.0.0.1:7443; # frpc.ini: [test-https] #proxy_pass https://127.0.0.1:17443; # frpc.ini: [test-tcp-ssl] proxy_set_header Host $host; proxy_set_header Connection keep-alive; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ``` 2. 本地使用 tomcat 或 jetty 开启 8080 监听 http, 8443 监听 https, 启动 tomcat 或 jetty 3. 分别在浏览器里面输入地址 `http://test.example.com` 和 `https://test.example.com` **Describe the results you received:** http 能正常出数据，https 浏览器就显示 502 错误 (`proxy_pass https://127.0.0.1:7443`) (frp https) http 和 https 都正常出数据 (`proxy_pass https://127.0.0.1:17443`) (frp tcp) 所有配置直接访问公网服务器 frps 的端口都能正常出数据 **Describe the results you expected:** http 和 https 都应该正常出数据 **Additional information you deem important (e.g. issue happens only occasionally):** **Can you point out what caused this issue (optional)** 猜测在 frp 处理 https 的时候出问题了

gitea-mirror closed this issue

2026-05-05 12:04:01 -06:00

gitea-mirror commented

2026-05-05 12:04:04 -06:00

Author

Owner

@fatedier commented on GitHub (Jun 11, 2017):

不要反馈 nginx 的错误，直接访问 frps 的 https 端口。

@fatedier commented on GitHub (Jun 11, 2017): 不要反馈 nginx 的错误，直接访问 frps 的 https 端口。

gitea-mirror commented

2026-05-05 12:04:06 -06:00

Author

Owner

@JaynLau commented on GitHub (Jun 12, 2017):

可是很多情况下都需要转发443以共享443端口，直接代理到frp的tcp端口是没有问题的，该端口在客户端映射的也是ssl协议，tcp和https在客户端映射的端口都是ssl协议，但是nginx代理到https端口就有问题

@JaynLau commented on GitHub (Jun 12, 2017): 可是很多情况下都需要转发443以共享443端口，直接代理到frp的tcp端口是没有问题的，该端口在客户端映射的也是ssl协议，tcp和https在客户端映射的端口都是ssl协议，但是nginx代理到https端口就有问题

gitea-mirror commented

2026-05-05 12:04:08 -06:00

Author

Owner

@fatedier commented on GitHub (Jun 12, 2017):

如果通过 nginx 中转访问有问题，请搜索 nginx 相关问题的解决方案，或者给 nginx 提 issue。

如果直接访问 frp 的端口存在问题，log_level 设置为 trace，给出详细日志，最好能通过抓包分析。

@fatedier commented on GitHub (Jun 12, 2017): 如果通过 nginx 中转访问有问题，请搜索 nginx 相关问题的解决方案，或者给 nginx 提 issue。如果直接访问 frp 的端口存在问题，log_level 设置为 trace，给出详细日志，最好能通过抓包分析。

gitea-mirror commented

2026-05-05 12:04:09 -06:00

Author

Owner

@JaynLau commented on GitHub (Jun 12, 2017):

nginx 代理到 https 的时候 frp 获取不到 hostname

[E] [vhost.go:131] get hostname from http/https request error: Unknow error

https://github.com/fatedier/frp/blob/master/utils/vhost/vhost.go#L131

@JaynLau commented on GitHub (Jun 12, 2017): nginx 代理到 https 的时候 frp 获取不到 hostname ``` [E] [vhost.go:131] get hostname from http/https request error: Unknow error ``` [https://github.com/fatedier/frp/blob/master/utils/vhost/vhost.go#L131](url)

gitea-mirror commented

2026-05-05 12:04:10 -06:00

Author

Owner

@fatedier commented on GitHub (Jun 14, 2017):

尝试不要经过 nginx 代理，否则仔细研究下 nginx 相关的配置问题，这方面没有专业性，无法提供帮助。

@fatedier commented on GitHub (Jun 14, 2017): 尝试不要经过 nginx 代理，否则仔细研究下 nginx 相关的配置问题，这方面没有专业性，无法提供帮助。

gitea-mirror commented

2026-05-05 12:04:12 -06:00

Author

Owner

@WordlessEcho commented on GitHub (Jun 24, 2017):

把反代地址改为你的域名试试

@WordlessEcho commented on GitHub (Jun 24, 2017): 把反代地址改为你的域名试试

gitea-mirror commented

2026-05-05 12:04:13 -06:00

Author

Owner

@zc57520 commented on GitHub (Jul 5, 2017):

我也遇到这个问题

@zc57520 commented on GitHub (Jul 5, 2017): 我也遇到这个问题

gitea-mirror commented

2026-05-05 12:04:13 -06:00

Author

Owner

@kujingzaidi commented on GitHub (Jul 25, 2017):

同样遇到这个问题，有解决了的吗

@kujingzaidi commented on GitHub (Jul 25, 2017): 同样遇到这个问题，有解决了的吗

gitea-mirror commented

2026-05-05 12:04:14 -06:00

Author

Owner

@wxlg1117 commented on GitHub (Jul 26, 2017):

我也碰到这个问题了,死活无法解决啊,应该是nginx没有正常传递http request host
get hostname from http/https request error: Unknow error

感觉和那个直接用frps的ip地址来访问做的https转发然后得到的错误一样

@wxlg1117 commented on GitHub (Jul 26, 2017): 我也碰到这个问题了,死活无法解决啊,应该是nginx没有正常传递http request host get hostname from http/https request error: Unknow error 感觉和那个直接用frps的ip地址来访问做的https转发然后得到的错误一样

gitea-mirror commented

2026-05-05 12:04:15 -06:00

Author

Owner

@Acris commented on GitHub (Jul 31, 2017):

同样的问题，还没找到解决办法。。。

@Acris commented on GitHub (Jul 31, 2017): 同样的问题，还没找到解决办法。。。