[GH-ISSUE #3552] 泛域名证书 #2831

New issue

Closed

opened 2026-05-05 13:49:54 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented 2026-05-05 13:49:54 -06:00

Owner

Copy link

Originally created by @DavidTai780 on GitHub (Jul 25, 2023).
Original GitHub issue: https://github.com/fatedier/frp/issues/3552

Bug Description

若使用相同顶级域名的泛域名证书，将照成短时间内连续访问domain1与domain2，domain2会出现domain1的网站。（必须是使用同一张泛域名证书， 不使用SSL或使用各别域名颁发的证书则不会出现此问题）。

本人由于近期域名搬迁（有.ml至xyz）,由原来的http letsencrypt证书签发改为cloudflare dns签发泛域名，才出现此状况。

已初步尝试由泛域名修改回使用各别子域名单独签发后不会再出现此问题，使用的配置相同。

frpc Version

0.51.2

frps Version

0.51.1

System Architecture

linux/arm64

Configurations

[common]
token = xxxxx
server_addr = frp.xxx.xxx
server_port = 7000
dns_server = 8.8.8.8

[TestHttp]
type = http
local_ip = 127.0.0.1
local_port = 33002
use_encryption = true
use_compression = true
custom_domains = test1.mysite.xyz

[TestHttps]
type = https
local_ip = 127.0.0.1
local_port = 33003
use_encryption = true
use_compression = true
custom_domains = test1.mysite.xyz
proxy_protocol_version = v2

[Test2Http]
type = http
local_ip = 127.0.0.1
local_port = 2000
use_encryption = true
use_compression = true
custom_domains = test2.mysite.xyz

[Test2Https]
type = https
local_ip = 127.0.0.1
local_port = 2110
use_encryption = true
use_compression = true
custom_domains = test2.mysite.xyz
proxy_protocol_version = v2

Logs

No response

Steps to reproduce

1. 配置两个子域名网站（相同主要域名）
2. 为两个子域名网站配置泛域名证书
3. 使用FRP穿透两个子域名到相同的frps服务器
4. 多次访问以上两个子域名网站，将会发现域名与原定内容错乱，domain1 的网站出现在domain2，domain2的网站出现在domain1。
5. 该情况只会出现在短时间连续访问两个由相同frps服务器，相同泛域名证书的子域名。
   ...

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others

Originally created by @DavidTai780 on GitHub (Jul 25, 2023). Original GitHub issue: https://github.com/fatedier/frp/issues/3552 ### Bug Description 若使用相同顶级域名的泛域名证书，将照成短时间内连续访问domain1与domain2，domain2会出现domain1的网站。（必须是使用同一张泛域名证书， 不使用SSL或使用各别域名颁发的证书则不会出现此问题）。 本人由于近期域名搬迁（有.ml至xyz）,由原来的http letsencrypt证书签发改为cloudflare dns签发泛域名，才出现此状况。 已初步尝试由泛域名修改回使用各别子域名单独签发后不会再出现此问题，使用的配置相同。 ### frpc Version 0.51.2 ### frps Version 0.51.1 ### System Architecture linux/arm64 ### Configurations [common] token = xxxxx server_addr = frp.xxx.xxx server_port = 7000 dns_server = 8.8.8.8 [TestHttp] type = http local_ip = 127.0.0.1 local_port = 33002 use_encryption = true use_compression = true custom_domains = test1.mysite.xyz [TestHttps] type = https local_ip = 127.0.0.1 local_port = 33003 use_encryption = true use_compression = true custom_domains = test1.mysite.xyz proxy_protocol_version = v2 [Test2Http] type = http local_ip = 127.0.0.1 local_port = 2000 use_encryption = true use_compression = true custom_domains = test2.mysite.xyz [Test2Https] type = https local_ip = 127.0.0.1 local_port = 2110 use_encryption = true use_compression = true custom_domains = test2.mysite.xyz proxy_protocol_version = v2 ### Logs _No response_ ### Steps to reproduce 1. 配置两个子域名网站（相同主要域名） 2. 为两个子域名网站配置泛域名证书 3. 使用FRP穿透两个子域名到相同的frps服务器 4. 多次访问以上两个子域名网站，将会发现域名与原定内容错乱，domain1 的网站出现在domain2，domain2的网站出现在domain1。 5. 该情况只会出现在短时间连续访问两个由相同frps服务器，相同泛域名证书的子域名。 ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [X] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror closed this issue 2026-05-05 13:49:55 -06:00

gitea-mirror commented 2026-05-05 13:49:58 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Jul 25, 2023):

https://github.com/fatedier/frp/issues/628#issuecomment-473147400

之前 issue 有提到，看上去是一个通用的问题，简单来说就是这种情况不要使用泛域名证书。

<!-- gh-comment-id:1650119117 --> @fatedier commented on GitHub (Jul 25, 2023): https://github.com/fatedier/frp/issues/628#issuecomment-473147400 之前 issue 有提到，看上去是一个通用的问题，简单来说就是这种情况不要使用泛域名证书。

gitea-mirror commented 2026-05-05 13:49:59 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Jul 25, 2023):

frp 目前的 https，实际上是一个 sni proxy 的机制，不是请求级别的路由，所以一旦连接建立，后续的请求都在这个连接上。

<!-- gh-comment-id:1650122016 --> @fatedier commented on GitHub (Jul 25, 2023): frp 目前的 https，实际上是一个 sni proxy 的机制，不是请求级别的路由，所以一旦连接建立，后续的请求都在这个连接上。

gitea-mirror commented 2026-05-05 13:50:00 -06:00

Author

Owner

Copy link

@DavidTai780 commented on GitHub (Jul 25, 2023):

好的明白。谢谢。

<!-- gh-comment-id:1650134184 --> @DavidTai780 commented on GitHub (Jul 25, 2023): 好的明白。谢谢。

gitea-mirror referenced this issue 2026-05-05 14:45:46 -06:00

[PR #2832] [MERGED] bugfix: Issue #2831 - Cant connect to frps behind ingress with tls #4633

gitea-mirror referenced this issue 2026-05-05 14:45:50 -06:00

[PR #2834] [MERGED] bump version #4635

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2831

No description provided.