github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #3588] 按照文档进行TLS设置,连接失败 #2863

New issue
Closed
opened 2026-05-05 13:51:13 -06:00 by gitea-mirror · 3 comments
gitea-mirror commented 2026-05-05 13:51:13 -06:00
Owner
Copy link

Originally created by @MMMMMoris on GitHub (Aug 27, 2023).
Original GitHub issue: https://github.com/fatedier/frp/issues/3588

Bug Description

我不是很懂非对称加密的原理或者过程,但我是根据文档操作的。

image

我用到的ca证书、ca.key等等完全是按文档中的OpenSSL 生成证书示例生成的,包括其中server.com,client.com等示例域名,因为我的客户端是没绑定域名的,我也不知道该用哪个域名,所以直接按照文档上给出的来。我想按照文档的做法开启双向验证,然而无论怎么尝试都不行。已知,在仅仅使用 token,不额外配置TLS的情况下,我的ssh连接是可以使用的。然而一旦加上这些TLS配置就用不了了。frpc、frps 配置和输出在下面。

frpc Version

0.51.3

frps Version

0.51.3

System Architecture

Linux/amd64

Configurations

frpc

[common]
server_addr = 123.123.123.123
server_port = 1234
token = test
tls_cert_file = /home/debian/frp/ssl/client.crt
tls_key_file = /home/debian/frp/ssl/client.key
tls_trusted_ca_file = /home/debian/frp/ssl/ca.crt
log_level = debug

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 8888
use_compression = true

frps

[common]
bind_port = 1234
token = test
tls_only = true
tls_cert_file = /home/debian/programs/frp/ssl/server.crt
tls_key_file = /home/debian/programs/frp/ssl/server.key
tls_trusted_ca_file = /home/debian/programs/frp/ssl/ca.crt
log_level = debug


dashboard_addr = 0.0.0.0
dashboard_port = 6666
dashboard_user = debian
dashboard_pwd = test
enable_prometheus = ture

Logs

frpc[122614]: 2023/08/27 17:14:22 [I] [root.go:220] start frpc service for config file [/home/debian/programs/frp/frpc.ini]
frpc[122614]: 2023/08/27 17:14:22 [W] [service.go:133] login to server failed: session shutdown
frpc[122614]: 2023/08/27 17:14:22 [I] [root.go:236] frpc service for config file [/home/debian/programs/frp/frpc.ini] stopped

Steps to reproduce

按照以上配置运行程序

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @MMMMMoris on GitHub (Aug 27, 2023). Original GitHub issue: https://github.com/fatedier/frp/issues/3588 ### Bug Description 我不是很懂非对称加密的原理或者过程,但我是根据文档操作的。 ![image](https://github.com/fatedier/frp/assets/63332824/bda2a2a8-e608-40bf-b7ee-006718cd2b14) 我用到的ca证书、ca.key等等完全是按文档中的[OpenSSL 生成证书示例](https://gofrp.org/docs/features/common/network/network-tls/#openssl-%E7%94%9F%E6%88%90%E8%AF%81%E4%B9%A6%E7%A4%BA%E4%BE%8B)生成的,包括其中server.com,client.com等示例域名,因为我的客户端是没绑定域名的,我也不知道该用哪个域名,所以直接按照文档上给出的来。我想按照文档的做法开启[双向验证](https://gofrp.org/docs/features/common/network/network-tls/#%E5%8F%8C%E5%90%91%E9%AA%8C%E8%AF%81),然而无论怎么尝试都不行。已知,在仅仅使用 token,不额外配置TLS的情况下,我的ssh连接是可以使用的。然而一旦加上这些TLS配置就用不了了。frpc、frps 配置和输出在下面。 ### frpc Version 0.51.3 ### frps Version 0.51.3 ### System Architecture Linux/amd64 ### Configurations frpc ``` [common] server_addr = 123.123.123.123 server_port = 1234 token = test tls_cert_file = /home/debian/frp/ssl/client.crt tls_key_file = /home/debian/frp/ssl/client.key tls_trusted_ca_file = /home/debian/frp/ssl/ca.crt log_level = debug [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 8888 use_compression = true ``` frps ``` [common] bind_port = 1234 token = test tls_only = true tls_cert_file = /home/debian/programs/frp/ssl/server.crt tls_key_file = /home/debian/programs/frp/ssl/server.key tls_trusted_ca_file = /home/debian/programs/frp/ssl/ca.crt log_level = debug dashboard_addr = 0.0.0.0 dashboard_port = 6666 dashboard_user = debian dashboard_pwd = test enable_prometheus = ture ``` ### Logs frpc[122614]: 2023/08/27 17:14:22 [I] [root.go:220] start frpc service for config file [/home/debian/programs/frp/frpc.ini] frpc[122614]: 2023/08/27 17:14:22 [W] [service.go:133] login to server failed: session shutdown frpc[122614]: 2023/08/27 17:14:22 [I] [root.go:236] frpc service for config file [/home/debian/programs/frp/frpc.ini] stopped ### Steps to reproduce 按照以上配置运行程序 ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [X] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [X] Others
gitea-mirror 2026-05-05 13:51:13 -06:00
gitea-mirror commented 2026-05-05 13:51:17 -06:00
Author
Owner
Copy link

@cuitz commented on GitHub (Aug 28, 2023):

将生成 frps 证书命令中的 subjectAltName 的 IP 改为你的服务器公网 IP 试试。

<!-- gh-comment-id:1695463290 --> @cuitz commented on GitHub (Aug 28, 2023): 将生成 frps 证书命令中的 subjectAltName 的 IP 改为你的服务器公网 IP 试试。
gitea-mirror commented 2026-05-05 13:51:18 -06:00
Author
Owner
Copy link

@cuitz commented on GitHub (Aug 28, 2023):

另外如果 frps.ini 的 common 中 tls_trusted_ca_file 内容是有效的话,那么默认就会开启 tls_only = true

<!-- gh-comment-id:1695466403 --> @cuitz commented on GitHub (Aug 28, 2023): 另外如果 frps.ini 的 common 中 tls_trusted_ca_file 内容是有效的话,那么默认就会开启 `tls_only = true`
gitea-mirror commented 2026-05-05 13:51:18 -06:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Sep 28, 2023):

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

<!-- gh-comment-id:1738281933 --> @github-actions[bot] commented on GitHub (Sep 28, 2023): Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2863
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?