github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #3316] changing from http to tcp - failed send request from another pod in the pubic server #2657

New issue
Closed
opened 2026-05-05 13:42:52 -06:00 by gitea-mirror · 3 comments
gitea-mirror commented 2026-05-05 13:42:52 -06:00
Owner
Copy link

Originally created by @zaalgol on GitHub (Feb 16, 2023).
Original GitHub issue: https://github.com/fatedier/frp/issues/3316

Bug Description

(It is worth emphasizing that I opened a similar issue in the past, and it was not resolved
But since then I have made a reduction of the components involved, so the issue is also clearer. I clodes the old issue)

In our application, we create a frp tunnel from the local-server to the public server, so the public server can send data to the local-server. In the config we defined the type to be http, and defined a domain.
The public server sits in a kubernetes cluster. The frp sits in one container, and I send a request from another container to the local server via the frp
curl -i -H "Host: <GENERATED SECRET>.<RAW SUB DOMAIN>" -H "Upgrade: websocket" -H "Connection: Upgrade" http://<KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER>:8080/<REQUEST>

It works great.

We have a customer that wants to add his private proxy, that all data from public server to local-server should pass through it. Because frp supports http_proxy only with type=tcp, as a beginning I changed config to type=tcp, but because the type=tpc doesn’t support domains, I get a error in the public server frp:
[http.go:92] do http proxy request error: no such domain: <GENERATED SECRET>.<RAW SUB DOMAIN> <request>

I also tried with port 8081:
curl -i -H "Host: <GENERATED SECRET>.<RAW SUB DOMAIN>" -H "Upgrade: websocket" -H "Connection: Upgrade" http://<KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER>:8081/<REQUEST>
But it just gets a timeout, and even not passed to the frp pod.

frpc Version

0.35.1

frps Version

0.35.1

System Architecture

linux VM on a cloud. public server in kubernetes. local server in docker compose

Configurations

frp.ini :

[common]
server_addr = 0.0.0.0
server_port = 5223

#LOGGING
log_file = /var/log/supervisor/frpc.log
log_level = debug
log_max_days = 3
disable_log_color = false

#AUTHEXTRAS
authenticate_heartbeats = false
authenticate_new_work_conns = false
token = TOKEN

#set admin address for control frpc's action by http api such as reload
admin_addr = 0.0.0.0
admin_port = 7400

#connections will be established in advance, default value is zero
pool_count = 2

#if tcp stream multiplexing is used, default is true, it must be same with frps
tcp_mux = true

#decide if exit program when first login failed, otherwise continuous relogin to frps
login_fail_exit = false

#communication protocol used to connect to server
#now it supports tcp, kcp and websocket, default is tcp
protocol = tcp

#TLS
tls_enable = true
tls_cert_file = /certs/client.crt
tls_key_file = /certs/client.key

[<GENERATED SECRET>] 
type = http ### error when changed to tcp
local_ip = gateway-service
local_port = 8081
remote_port = 8081
use_encryption = true
use_compression = true
subdomain = <GENERATED SECRET>

frps.ini:

[common]
bind_addr = 0.0.0.0
bind_port = 5223
vhost_http_port = 8080

dashboard_addr = 0.0.0.0
dashboard_port = 7400
dashboard_user =
dashboard_pwd =
enable_prometheus = false

#console or real logFile path like ./frps.log
log_file = /var/log/supervisor/frps.log
log_level = debug
log_max_days = 3
disable_log_color = false
detailed_errors_to_client = true

#auth token

token = TOKEN
tls_only = true
tls_cert_file = /certs/server.pem
tls_key_file = /certs/server.pem
tls_trusted_ca_file = /certs/ca.crt

#pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 10000
#max ports can be used for each client, default value is 0 means no limit
max_ports_per_client = 0

#if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
#when subdomain is test, the host used by routing is test.frps.com
subdomain_host = <RAW SUB DOMAIN>

#if tcp stream multiplexing is used, default is true
tcp_mux = true

#custom 404 page for HTTP requests
custom_404_page = /ops/404.htmlbash-5

Logs

with type = http:

logs of local server frp:

2023/02/17 07:55:12 [I] [proxy_manager.go:144] [0a20b89ac86512ea] proxy added: [<GENERATED SECRET>]
2023/02/17 07:55:12 [I] [control.go:180] [0a20b89ac86512ea] [<GENERATED SECRET>] start proxy success

logs of public server frp pod:

2023/02/17 07:55:12 [I] [http.go:124] [0a20b89ac86512ea] [<GENERATED SECRET>] http proxy listen for host [<GENERATED SECRET>.<RAW SUB DOMAIN>] location [] group []
2023/02/17 07:55:12 [I] [control.go:446] [0a20b89ac86512ea] new proxy [<SGENERATED SECRET>] succes

With type = tcp:

logs of local server frp:

2023/02/17 07:59:21 [I] [proxy_manager.go:144] [892cd90ba063609c] proxy added: [<GENERATED SECRET>]
2023/02/17 07:59:21 [I] [service.go:135] admin server listen on 0.0.0.0:7400
2023/02/17 07:59:21 [I] [control.go:180] [892cd90ba063609c] [<GENERATED SECRET>] start proxy success

logs of public server frp pod:

2023/02/17 07:59:23 [I] [tcp.go:63] [f074e95975f6d9df] [<GENERATED SECRET>] tcp proxy listen port [8081]
2023/02/17 07:59:23 [I] [control.go:446] [f074e95975f6d9df] new proxy [<GENERATED SECRET>] success

running curl with port 8080 as before:
curl -i -H "Host: <GENERATED SECRET>.<RAW SUB DOMAIN>" -H "Upgrade: websocket" -H "Connection: Upgrade" http://<KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER>:8080/<REQUEST>
result in public server frp:
[http.go:92] do http proxy request error: no such domain: <GENERATED SECRET> <request>

running with port 8001 as remote_port:
curl -i -H "Host: <GENERATED SECRET>.<RAW SUB DOMAIN>" -H "Upgrade: websocket" -H "Connection: Upgrade" http://<KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER>:8081/<REQUEST>
result in the pod I ran the curl command:
curl: (7) Failed to connect to <KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER> port 8081: Connection timed out
The request doesn't passes to the frp pod.

Steps to reproduce

...

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @zaalgol on GitHub (Feb 16, 2023). Original GitHub issue: https://github.com/fatedier/frp/issues/3316 ### Bug Description (It is worth emphasizing that I opened a similar issue in the past, and it was not resolved But since then I have made a reduction of the components involved, so the issue is also clearer. I clodes the old issue) In our application, we create a frp tunnel from the local-server to the public server, so the public server can send data to the local-server. In the config we defined the type to be http, and defined a domain. The public server sits in a kubernetes cluster. The frp sits in one container, and I send a request from another container to the local server via the frp `curl -i -H "Host: <GENERATED SECRET>.<RAW SUB DOMAIN>" -H "Upgrade: websocket" -H "Connection: Upgrade" http://<KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER>:8080/<REQUEST>` It works great. We have a customer that wants to add his private proxy, that all data from public server to local-server should pass through it. Because frp supports http_proxy only with type=tcp, as a beginning I changed config to type=tcp, but because the type=tpc doesn’t support domains, I get a error in the public server frp: `[http.go:92] do http proxy request error: no such domain: <GENERATED SECRET>.<RAW SUB DOMAIN> <request>` I also tried with port 8081: `curl -i -H "Host: <GENERATED SECRET>.<RAW SUB DOMAIN>" -H "Upgrade: websocket" -H "Connection: Upgrade" http://<KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER>:8081/<REQUEST>` But it just gets a timeout, and even not passed to the frp pod. ### frpc Version 0.35.1 ### frps Version 0.35.1 ### System Architecture linux VM on a cloud. public server in kubernetes. local server in docker compose ### Configurations frp.ini : ``` [common] server_addr = 0.0.0.0 server_port = 5223 #LOGGING log_file = /var/log/supervisor/frpc.log log_level = debug log_max_days = 3 disable_log_color = false #AUTHEXTRAS authenticate_heartbeats = false authenticate_new_work_conns = false token = TOKEN #set admin address for control frpc's action by http api such as reload admin_addr = 0.0.0.0 admin_port = 7400 #connections will be established in advance, default value is zero pool_count = 2 #if tcp stream multiplexing is used, default is true, it must be same with frps tcp_mux = true #decide if exit program when first login failed, otherwise continuous relogin to frps login_fail_exit = false #communication protocol used to connect to server #now it supports tcp, kcp and websocket, default is tcp protocol = tcp #TLS tls_enable = true tls_cert_file = /certs/client.crt tls_key_file = /certs/client.key [<GENERATED SECRET>] type = http ### error when changed to tcp local_ip = gateway-service local_port = 8081 remote_port = 8081 use_encryption = true use_compression = true subdomain = <GENERATED SECRET> ``` frps.ini: ``` [common] bind_addr = 0.0.0.0 bind_port = 5223 vhost_http_port = 8080 dashboard_addr = 0.0.0.0 dashboard_port = 7400 dashboard_user = dashboard_pwd = enable_prometheus = false #console or real logFile path like ./frps.log log_file = /var/log/supervisor/frps.log log_level = debug log_max_days = 3 disable_log_color = false detailed_errors_to_client = true #auth token token = TOKEN tls_only = true tls_cert_file = /certs/server.pem tls_key_file = /certs/server.pem tls_trusted_ca_file = /certs/ca.crt #pool_count in each proxy will change to max_pool_count if they exceed the maximum value max_pool_count = 10000 #max ports can be used for each client, default value is 0 means no limit max_ports_per_client = 0 #if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file #when subdomain is test, the host used by routing is test.frps.com subdomain_host = <RAW SUB DOMAIN> #if tcp stream multiplexing is used, default is true tcp_mux = true #custom 404 page for HTTP requests custom_404_page = /ops/404.htmlbash-5 ``` ### Logs **with type = http:** logs of local server frp: ``` 2023/02/17 07:55:12 [I] [proxy_manager.go:144] [0a20b89ac86512ea] proxy added: [<GENERATED SECRET>] 2023/02/17 07:55:12 [I] [control.go:180] [0a20b89ac86512ea] [<GENERATED SECRET>] start proxy success ``` logs of public server frp pod: ``` 2023/02/17 07:55:12 [I] [http.go:124] [0a20b89ac86512ea] [<GENERATED SECRET>] http proxy listen for host [<GENERATED SECRET>.<RAW SUB DOMAIN>] location [] group [] 2023/02/17 07:55:12 [I] [control.go:446] [0a20b89ac86512ea] new proxy [<SGENERATED SECRET>] succes ``` **With type = tcp:** logs of local server frp: ``` 2023/02/17 07:59:21 [I] [proxy_manager.go:144] [892cd90ba063609c] proxy added: [<GENERATED SECRET>] 2023/02/17 07:59:21 [I] [service.go:135] admin server listen on 0.0.0.0:7400 2023/02/17 07:59:21 [I] [control.go:180] [892cd90ba063609c] [<GENERATED SECRET>] start proxy success ``` logs of public server frp pod: ``` 2023/02/17 07:59:23 [I] [tcp.go:63] [f074e95975f6d9df] [<GENERATED SECRET>] tcp proxy listen port [8081] 2023/02/17 07:59:23 [I] [control.go:446] [f074e95975f6d9df] new proxy [<GENERATED SECRET>] success ``` running curl with port 8080 as before: `curl -i -H "Host: <GENERATED SECRET>.<RAW SUB DOMAIN>" -H "Upgrade: websocket" -H "Connection: Upgrade" http://<KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER>:8080/<REQUEST>` result in public server frp: `[http.go:92] do http proxy request error: no such domain: <GENERATED SECRET> <request> ` running with port 8001 as remote_port: `curl -i -H "Host: <GENERATED SECRET>.<RAW SUB DOMAIN>" -H "Upgrade: websocket" -H "Connection: Upgrade" http://<KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER>:8081/<REQUEST>` result in the pod I ran the curl command: `curl: (7) Failed to connect to <KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER> port 8081: Connection timed out` The request doesn't passes to the frp pod. ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [X] Security - [X] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [X] Others
gitea-mirror commented 2026-05-05 13:42:55 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Feb 17, 2023):

https://github.com/fatedier/frp#access-your-computer-in-lan-by-ssh

Connect remote port for tcp.

<!-- gh-comment-id:1434035837 --> @fatedier commented on GitHub (Feb 17, 2023): https://github.com/fatedier/frp#access-your-computer-in-lan-by-ssh Connect remote port for `tcp`.
gitea-mirror commented 2026-05-05 13:42:56 -06:00
Author
Owner
Copy link

@zaalgol commented on GitHub (Feb 17, 2023):

Thanks @fatedier for your answer.

I tried it before. I ran
curl -i -H "Host: <GENERATED SECRET>.<RAW SUB DOMAIN>" -H "Upgrade: websocket" -H "Connection: Upgrade" http://<KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER>:8081/<REQUEST>
But it just gets a timeout, and even not passed to the frp pod.

curl: (7) Failed to connect to <KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER> port 8081: Connection timed out

I Will update the issue to contain this solution attempt.

<!-- gh-comment-id:1434250576 --> @zaalgol commented on GitHub (Feb 17, 2023): Thanks @fatedier for your answer. I tried it before. I ran `curl -i -H "Host: <GENERATED SECRET>.<RAW SUB DOMAIN>" -H "Upgrade: websocket" -H "Connection: Upgrade" http://<KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER>:8081/<REQUEST>` But it just gets a timeout, and even not passed to the frp pod. `curl: (7) Failed to connect to <KUBERNETES CLUSTER-IP OF FRP CONTAINER IN PUBLIC SERVER> port 8081: Connection timed out` I Will update the issue to contain this solution attempt.
gitea-mirror commented 2026-05-05 13:42:57 -06:00
Author
Owner
Copy link

@zaalgol commented on GitHub (Feb 17, 2023):

I fixed the issue.
for type = tcp, I replaced the cluster ip if the public server frp in the curl, with the container ip of public server frp, and it works with port 8080.

<!-- gh-comment-id:1434556923 --> @zaalgol commented on GitHub (Feb 17, 2023): I fixed the issue. for type = tcp, I replaced the cluster ip if the public server frp in the curl, with the container ip of public server frp, and it works with port 8080.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2657
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?