[GH-ISSUE #3519] wss启动失败 #2810

New issue

Closed

opened 2026-05-05 13:48:57 -06:00 by gitea-mirror · 10 comments

gitea-mirror commented 2026-05-05 13:48:57 -06:00

Owner

Copy link

Originally created by @wuai1024 on GitHub (Jul 6, 2023).
Original GitHub issue: https://github.com/fatedier/frp/issues/3519

Bug Description

最新版的使用wss启动尝试失败

frpc Version

v0.51.0

frps Version

v0.51.0

System Architecture

linux/amd64

Configurations

frps

[common]
tcp_mux = true
bind_port = 8000
token = ******
disable_log_color = true
max_pool_count = 10

# tls配置，用于启动 wss
tls_cert_file = /etc/frp/server.crt
tls_key_file = /etc/frp/server.key

frpc

[common]
server_addr = ******
server_port = 8000
token = ******

# 开启加密
protocol = wss
tls_trusted_ca_file = /etc/cert/ca.crt

Logs

2023/07/06 12:04:08 [I] [root.go:220] start frpc service for config file [/etc/frp/frpc.ini]
2023/07/06 12:04:08 [W] [service.go:133] login to server failed: unexpected EOF
2023/07/06 12:04:08 [I] [root.go:236] frpc service for config file [/etc/frp/frpc.ini] stopped

Steps to reproduce

...

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others

Originally created by @wuai1024 on GitHub (Jul 6, 2023). Original GitHub issue: https://github.com/fatedier/frp/issues/3519 ### Bug Description 最新版的使用wss启动尝试失败 ### frpc Version v0.51.0 ### frps Version v0.51.0 ### System Architecture linux/amd64 ### Configurations ### frps ``` shell [common] tcp_mux = true bind_port = 8000 token = ****** disable_log_color = true max_pool_count = 10 # tls配置，用于启动 wss tls_cert_file = /etc/frp/server.crt tls_key_file = /etc/frp/server.key ``` ### frpc ``` shell [common] server_addr = ****** server_port = 8000 token = ****** # 开启加密 protocol = wss tls_trusted_ca_file = /etc/cert/ca.crt ``` ### Logs 2023/07/06 12:04:08 [I] [root.go:220] start frpc service for config file [/etc/frp/frpc.ini] 2023/07/06 12:04:08 [W] [service.go:133] login to server failed: unexpected EOF 2023/07/06 12:04:08 [I] [root.go:236] frpc service for config file [/etc/frp/frpc.ini] stopped ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror closed this issue 2026-05-05 13:48:58 -06:00

gitea-mirror commented 2026-05-05 13:49:00 -06:00

Author

Owner

Copy link

@wuai1024 commented on GitHub (Jul 6, 2023):

我也启动了控制台，并且配置了https是可以的

这个目前是可以的

dashboard_tls_cert_file = /etc/frp/frp.pem
dashboard_tls_key_file = /etc/frp/frp.key

<!-- gh-comment-id:1622943772 --> @wuai1024 commented on GitHub (Jul 6, 2023): 我也启动了控制台，并且配置了https是可以的 ### 这个目前是可以的 ``` shell dashboard_tls_cert_file = /etc/frp/frp.pem dashboard_tls_key_file = /etc/frp/frp.key ```

gitea-mirror commented 2026-05-05 13:49:01 -06:00

Author

Owner

Copy link

@aa51513 commented on GitHub (Jul 11, 2023):

Me too, I had the same problem
frps.ini

[common]
bind_port = 7000
tls_cert_file = Server.pem
tls_key_file = Server.key

frpc.ini

[common]
server_addr = 127.0.0.1
server_port = 7000
protocol = wss
tls_trusted_ca_file = GlobalSign_Root_CA.crt


[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000

logs on frpc when start

2023/07/11 10:26:43 [I] [root.go:220] start frpc service for config file [frpc.ini]
2023/07/11 10:26:43 [W] [service.go:133] login to server failed: unexpected EOF
2023/07/11 10:26:43 [I] [root.go:236] frpc service for config file [frpc.ini] stopped

<!-- gh-comment-id:1630009431 --> @aa51513 commented on GitHub (Jul 11, 2023): Me too, I had the same problem `frps.ini` ``` [common] bind_port = 7000 tls_cert_file = Server.pem tls_key_file = Server.key ``` `frpc.ini` ``` [common] server_addr = 127.0.0.1 server_port = 7000 protocol = wss tls_trusted_ca_file = GlobalSign_Root_CA.crt [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6000 ``` `logs on frpc when start` ``` 2023/07/11 10:26:43 [I] [root.go:220] start frpc service for config file [frpc.ini] 2023/07/11 10:26:43 [W] [service.go:133] login to server failed: unexpected EOF 2023/07/11 10:26:43 [I] [root.go:236] frpc service for config file [frpc.ini] stopped ```

gitea-mirror commented 2026-05-05 13:49:03 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Jul 11, 2023):

把配置里关于 tls 的配置都删除了试一下

<!-- gh-comment-id:1630017968 --> @fatedier commented on GitHub (Jul 11, 2023): 把配置里关于 tls 的配置都删除了试一下

gitea-mirror commented 2026-05-05 13:49:03 -06:00

Author

Owner

Copy link

@aa51513 commented on GitHub (Jul 11, 2023):

把配置里关于 tls 的配置都删除了试一下

I tried to delete all tls-related configurations, the running results did not change, and the log output was the same as before
我尝试删除了所有的tls相关的配置，运行结果没有任何改变，日志输出也与之前相同

As an addition, I added the tls_server_name = example.com configuration item into frpc.ini, and the frpc logs told me that the certificate did not match the domain name，which seems to indicate that there is no problem with the TLS configuration of the client and server
作为附加，我在frpc.ini，增加tls_server_name = example.com配置项，frpc运行日志告诉我，证书与域名不匹配，这似乎能说明客户端与服务端的TLS配置并没有问题

Can I suspect that TLS traffic and non-TLS traffic cannot share the same port 7000?
我们是否能够怀疑是否是TLS流量与非TLS流量不能共用同一个的7000端口？

<!-- gh-comment-id:1630048172 --> @aa51513 commented on GitHub (Jul 11, 2023): > 把配置里关于 tls 的配置都删除了试一下 I tried to delete all tls-related configurations, the running results did not change, and the log output was the same as before 我尝试删除了所有的tls相关的配置，运行结果没有任何改变，日志输出也与之前相同 As an addition, I added the `tls_server_name = example.com` configuration item into frpc.ini, and the frpc logs told me that the certificate did not match the domain name，which seems to indicate that there is no problem with the TLS configuration of the client and server 作为附加，我在frpc.ini，增加`tls_server_name = example.com`配置项，frpc运行日志告诉我，证书与域名不匹配，这似乎能说明客户端与服务端的TLS配置并没有问题 Can I suspect that TLS traffic and non-TLS traffic cannot share the same port 7000? 我们是否能够怀疑是否是TLS流量与非TLS流量不能共用同一个的7000端口？

gitea-mirror commented 2026-05-05 13:49:04 -06:00

Author

Owner

Copy link

@aa51513 commented on GitHub (Jul 11, 2023):

delete all tls-related configurations：

frps.ini

[common]
bind_port = 7000

frpc.ini

[common]
server_addr = 127.0.0.1
server_port = 7000
protocol = wss


[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000

logs on frpc when start

2023/07/11 11:27:26 [I] [root.go:220] start frpc service for config file [frpc.ini]
2023/07/11 11:27:26 [W] [service.go:133] login to server failed: unexpected EOF
2023/07/11 11:27:26 [I] [root.go:236] frpc service for config file [frpc.ini] stopped

<!-- gh-comment-id:1630050566 --> @aa51513 commented on GitHub (Jul 11, 2023): delete all tls-related configurations： `frps.ini` ``` [common] bind_port = 7000 ``` `frpc.ini` ``` [common] server_addr = 127.0.0.1 server_port = 7000 protocol = wss [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6000 ``` `logs on frpc when start` ``` 2023/07/11 11:27:26 [I] [root.go:220] start frpc service for config file [frpc.ini] 2023/07/11 11:27:26 [W] [service.go:133] login to server failed: unexpected EOF 2023/07/11 11:27:26 [I] [root.go:236] frpc service for config file [frpc.ini] stopped ```

gitea-mirror commented 2026-05-05 13:49:05 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Jul 11, 2023):

wss 不是 frpc 和 frps 之间的通信协议，不能直接连接。你需要在 frps 之前再部署一个反向代理用于终止 TLS，然后再以 websocket 协议连接 frps。

这个能力一般是为了能够复用当前的网关，通过 tls server name 路由到 frps。

<!-- gh-comment-id:1630052761 --> @fatedier commented on GitHub (Jul 11, 2023): wss 不是 frpc 和 frps 之间的通信协议，不能直接连接。你需要在 frps 之前再部署一个反向代理用于终止 TLS，然后再以 websocket 协议连接 frps。 这个能力一般是为了能够复用当前的网关，通过 tls server name 路由到 frps。

gitea-mirror commented 2026-05-05 13:49:06 -06:00

Author

Owner

Copy link

@aa51513 commented on GitHub (Jul 11, 2023):

wss 不是 frpc 和 frps 之间的通信协议，不能直接连接。你需要在 frps 之前再部署一个反向代理用于终止 TLS，然后再以 websocket 协议连接 frps。

这个能力一般是为了能够复用当前的网关，通过 tls server name 路由到 frps。

In other words, currently only frpc has the ability to transmit websockets over tls, but frps does not have the ability to transmit websockets over tls?
I sort of get what you're saying, but it's kind of confusing
也就是说，当前只有frpc具备在tls之上传输websocket的能力，但frps并不具备在tls之上传输websocket的能力？
我大概明白了您表达的意思了，但这有些让人困惑

According to your previous design ideas in the frp project, TLS is completely separated from the application layer, I think this should be the same for websocket
按照您之前在frp项目中的设计思路，tls与应用层是完全分离的，我想这对于websocket也应该是一样的

<!-- gh-comment-id:1630061876 --> @aa51513 commented on GitHub (Jul 11, 2023): > wss 不是 frpc 和 frps 之间的通信协议，不能直接连接。你需要在 frps 之前再部署一个反向代理用于终止 TLS，然后再以 websocket 协议连接 frps。 > > 这个能力一般是为了能够复用当前的网关，通过 tls server name 路由到 frps。 In other words, currently only frpc has the ability to transmit websockets over tls, but frps does not have the ability to transmit websockets over tls? I sort of get what you're saying, but it's kind of confusing 也就是说，当前只有frpc具备在tls之上传输websocket的能力，但frps并不具备在tls之上传输websocket的能力？ 我大概明白了您表达的意思了，但这有些让人困惑 According to your previous design ideas in the frp project, TLS is completely separated from the application layer, I think this should be the same for websocket 按照您之前在frp项目中的设计思路，tls与应用层是完全分离的，我想这对于websocket也应该是一样的

gitea-mirror commented 2026-05-05 13:49:06 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Jul 11, 2023):

按照您之前在frp项目中的设计思路，tls与应用层是完全分离的，我想这对于websocket也应该是一样的

是的，wss 实际上就是 tls + webscoket，websocket 才是应用层的协议，所以 frps 的协议探测，只能识别要么是 tls，要么是 websocket。如果要让 frps 也能处理 wss，就需要在 tls 终止之后，再做一层协议处理，过于复杂。

而且，本质上来说，如果你不需要在 frps 之前部署代理，frpc 直接连接 frps 本身就是 tls 协议，不需要启用 wss，引入 websocket 没有任何意义。所以，让 frpc 和 frps 同时支持 wss ，本身应该是一个伪需求。

<!-- gh-comment-id:1630091898 --> @fatedier commented on GitHub (Jul 11, 2023): > 按照您之前在frp项目中的设计思路，tls与应用层是完全分离的，我想这对于websocket也应该是一样的 是的，wss 实际上就是 tls + webscoket，websocket 才是应用层的协议，所以 frps 的协议探测，只能识别要么是 tls，要么是 websocket。如果要让 frps 也能处理 wss，就需要在 tls 终止之后，再做一层协议处理，过于复杂。 而且，本质上来说，如果你不需要在 frps 之前部署代理，frpc 直接连接 frps 本身就是 tls 协议，不需要启用 wss，引入 websocket 没有任何意义。所以，让 frpc 和 frps 同时支持 wss ，本身应该是一个伪需求。

gitea-mirror commented 2026-05-05 13:49:07 -06:00

Author

Owner

Copy link

@aa51513 commented on GitHub (Jul 11, 2023):

按照您之前在frp项目中的设计思路，tls与应用层是完全分离的，我想这对于websocket也应该是一样的

是的，wss 实际上就是 tls + webscoket，websocket 才是应用层的协议，所以 frps 的协议探测，只能识别要么是 tls，要么是 websocket。如果要让 frps 也能处理 wss，就需要在 tls 终止之后，再做一层协议处理，过于复杂。

而且，本质上来说，如果你不需要在 frps 之前部署代理，frpc 直接连接 frps 本身就是 tls 协议，不需要启用 wss，引入 websocket 没有任何意义。所以，让 frpc 和 frps 同时支持 wss ，本身应该是一个伪需求。

I just wanted to experience the features of wss before, and I wanted to see if there is any difference in the experience of wss
我在此前只是想体验一下wss特性，想看看wss是在体验上是否有什么不同

I agree with your statement, thank you for your detailed explanation
我赞同您的说法，感谢您的详细解说

<!-- gh-comment-id:1630133692 --> @aa51513 commented on GitHub (Jul 11, 2023): > > 按照您之前在frp项目中的设计思路，tls与应用层是完全分离的，我想这对于websocket也应该是一样的 > > 是的，wss 实际上就是 tls + webscoket，websocket 才是应用层的协议，所以 frps 的协议探测，只能识别要么是 tls，要么是 websocket。如果要让 frps 也能处理 wss，就需要在 tls 终止之后，再做一层协议处理，过于复杂。 > > 而且，本质上来说，如果你不需要在 frps 之前部署代理，frpc 直接连接 frps 本身就是 tls 协议，不需要启用 wss，引入 websocket 没有任何意义。所以，让 frpc 和 frps 同时支持 wss ，本身应该是一个伪需求。 I just wanted to experience the features of wss before, and I wanted to see if there is any difference in the experience of wss 我在此前只是想体验一下wss特性，想看看wss是在体验上是否有什么不同 I agree with your statement, thank you for your detailed explanation 我赞同您的说法，感谢您的详细解说

gitea-mirror commented 2026-05-05 13:49:07 -06:00

Author

Owner

Copy link

@devifish commented on GitHub (Jan 16, 2025):

wss 不是 frpc 和 frps 之间的通信协议，不能直接连接。你需要在 frps 之前再部署一个反向代理用于终止 TLS，然后再以 websocket 协议连接 frps。

这个能力一般是为了能够复用当前的网关，通过 tls server name 路由到 frps。

意思是需要在frps 前面再跑一个 nginx 或 caddy 配置好TLS证书反向代理/~!frp 回frps的bind_prot?

<!-- gh-comment-id:2594973408 --> @devifish commented on GitHub (Jan 16, 2025): > wss 不是 frpc 和 frps 之间的通信协议，不能直接连接。你需要在 frps 之前再部署一个反向代理用于终止 TLS，然后再以 websocket 协议连接 frps。 > > 这个能力一般是为了能够复用当前的网关，通过 tls server name 路由到 frps。 意思是需要在frps 前面再跑一个 nginx 或 caddy 配置好TLS证书反向代理/~!frp 回frps的bind_prot?

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2810

No description provided.