[GH-ISSUE #3827] [Feature Request] 现在新版本FRP 穿透 type=https 必须在FRPC端配置证书么 #3040

New issue

Closed

opened 2026-05-05 13:58:04 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 13:58:04 -06:00

Owner

Originally created by @ghost on GitHub (Dec 5, 2023).
Original GitHub issue: https://github.com/fatedier/frp/issues/3827

Describe the feature request

经过多次尝试想穿透 type=https 必须在 FRPC端配置ssl证书。 frps端则可有可无。否则frps端日志就会提示 client didnt provide a valid cert。。 frpc则是login failed：EOF
下面是我的配置，已经删除个人信息。
frps.toml

bindPort = 7000
vhostHTTPPort = 7000
vhostHTTPSPort = 7000
log.to = "/var/log/frps.log"
log.level = "trace"
log.maxDays = 15
auth.method = "token"
auth.token = ""
tls.force = true
transport.tls.certFile = ""
transport.tls.keyFile = ""
transport.tls.trustedCaFile = ""
subDomainHost = ""

frpc.toml

user = "aio"
serverAddr = ""
serverPort = 7000
loginFailExit = false
log.to = "/var/log/frpc.log"
log.level = "trace"
log.maxDays = 15
auth.method = "token"
auth.token = ""
transport.tls.enable = true
transport.tls.certFile = ""
transport.tls.keyFile = ""
transport.tls.disableCustomTLSFirstByte = false
proxies
name = "pve"
type = "https"
localIP = "127.0.0.1"
localPort = 8006
subdomain = "aio"

后续能否支持只在frps端配置好ssl证书 frpc 端免配置，这样会方便很多

另外 frps能否支持将http转换成https。个人有http/https类型的服务穿透 nginx 无法做到同端口泛域名同时反代 http/https
nginx必须对穿透http/https 中的域名进行单独的配置。

Originally created by @ghost on GitHub (Dec 5, 2023). Original GitHub issue: https://github.com/fatedier/frp/issues/3827 ### Describe the feature request 经过多次尝试想穿透 type=https 必须在 FRPC端配置ssl证书。 frps端则可有可无。否则frps端日志就会提示 client didnt provide a valid cert。。 frpc则是login failed：EOF 下面是我的配置，已经删除个人信息。 frps.toml bindPort = 7000 vhostHTTPPort = 7000 vhostHTTPSPort = 7000 log.to = "/var/log/frps.log" log.level = "trace" log.maxDays = 15 auth.method = "token" auth.token = "" tls.force = true transport.tls.certFile = "" transport.tls.keyFile = "" transport.tls.trustedCaFile = "" subDomainHost = "" frpc.toml user = "aio" serverAddr = "" serverPort = 7000 loginFailExit = false log.to = "/var/log/frpc.log" log.level = "trace" log.maxDays = 15 auth.method = "token" auth.token = "" transport.tls.enable = true transport.tls.certFile = "" transport.tls.keyFile = "" transport.tls.disableCustomTLSFirstByte = false [[proxies]] name = "pve" type = "https" localIP = "127.0.0.1" localPort = 8006 subdomain = "aio" 后续能否支持只在frps端配置好ssl证书 frpc 端免配置，这样会方便很多另外 frps能否支持将http转换成https。个人有http/https类型的服务穿透 nginx 无法做到同端口泛域名同时反代 http/https nginx必须对穿透http/https 中的域名进行单独的配置。

gitea-mirror closed this issue

2026-05-05 13:58:05 -06:00

gitea-mirror commented

2026-05-05 13:58:07 -06:00

Author

Owner

@superzjg commented on GitHub (Dec 5, 2023):

问题一：我一直都是frpc和frps双方都没配置证书，而使用https的，frp会自动生产证书。也就是下文所提到的第一种默认开启方式：
https://gofrp.org/zh-cn/docs/features/common/network/network-tls/

问题二：frps不能转换http为https，但是frpc可以实现，你可以尝试用frpc插件功能将本地服务转换为https。示例：
https://gofrp.org/zh-cn/docs/examples/https2http/
这个例中转换https时若不配置证书，也会自动生产证书。

另外你的配置：tls.force 写错了，应该为 transport.tls.force

@superzjg commented on GitHub (Dec 5, 2023): 问题一：我一直都是frpc和frps双方都没配置证书，而使用https的，frp会自动生产证书。也就是下文所提到的第一种默认开启方式： https://gofrp.org/zh-cn/docs/features/common/network/network-tls/ 问题二：frps不能转换http为https，但是frpc可以实现，你可以尝试用frpc插件功能将本地服务转换为https。示例： https://gofrp.org/zh-cn/docs/examples/https2http/ 这个例中转换https时若不配置证书，也会自动生产证书。另外你的配置：`tls.force` 写错了，应该为 `transport.tls.force`

gitea-mirror commented

2026-05-05 13:58:08 -06:00

Author

Owner

@ghost commented on GitHub (Dec 5, 2023):

感谢解答我的问题都已经解决。
我出现问题的原因是frps 配置了证书导致不信任frpc的自签。
tls.force https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml 44行这里的示例配置有误

@ghost commented on GitHub (Dec 5, 2023): 感谢解答我的问题都已经解决。我出现问题的原因是frps 配置了证书导致不信任frpc的自签。 tls.force https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml 44行这里的示例配置有误