#3287 - [GH-ISSUE #4171] [QUESTION] frp inside Caddy server network - is that possible? - github-starred/frp

gitea-mirror commented

2026-05-05 14:07:17 -06:00

Owner

Originally created by @Kenya-West on GitHub (Apr 19, 2024).
Original GitHub issue: https://github.com/fatedier/frp/issues/4171

Bug Description

WhoAmI

Hi, a frontend guy that not so skilled in network stack is here.

What I try to do

I try to make FRP server fully isolated so it should work inside caddy network through Caddy server. (Is that even possible?)

Problem

The problem: since frps on VPS machine is working through Caddy server, it is accessible only by HTTP(S). While I can open dashboard in browser, any of frpc could not connect to server as they try to connect by TCP.
This problem is a ChatGPT conclusion and seems fair and adequate, I believe it.

Setup

FRP server is available on https://example.com/frp/server;
FRP server dashboard is on https://example.com/frp/dashboard.

I use lucaslorentz/caddy-docker-proxy repo that makes Caddy server setup even easier.

I just setup Caddy server by this repo and never touch it. It refreshes Caddyfile config dynamically once new Docker container in caddy network is created, modified or removed.

Architecture that I try represent:

flowchart TD
  aa(remote user) -.->|https://example.com/api/path| caddyserver
subgraph VPS
  caddyserver(Caddy server) -.-> |https://127.0.0.1:80/,\nhttps://127.0.0.1:443/| frp
  subgraph CaddyNetwork
    frp(frp) -->|https://172.27.0.4:84\nor whatever internal IP Docker gives| b(tunnel server)
  end
end
  b ===|https tunnel| c(tunnel client: 172.19.0.3)
subgraph home server
  c -->|frpc in network_host mode| d(frp)
  d -->|http| e(app)
end

Files that setup on server:

~/caddy/
└── docker-compose.yml
~/frp/
├── .env
├── config-frps
│   └── frps.toml
└── docker-compose.yml

Files that I setup on client:

~/frp/
├── config-frpc
│   └── frpc.toml
├── docker-compose.yml
└── .env

frpc Version

0.56.0

frps Version

0.56.0

System Architecture

linux/amd64

Configurations

Why does not frpc connect to frps?

SERVER

~/caddy/docker-compose.yml:

version: "3.8"
services:
  caddy:
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    container_name: caddy
    ports:
      - 80:80
      - 443:443
      - "443:443/udp"
    environment:
      - CADDY_INGRESS_NETWORKS=caddy
    networks:
      - caddy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./caddy_data:/data
      - ./config:/config
    restart: unless-stopped

networks:
  caddy:
    external: true

volumes:
  caddy_data: {}

~/frp/.env

DOMAIN=example.com                         # your domain
CADDY_PATH=frp                     # must be present, or it produces bugs. Example value: `frps`
FRPS_SERVER_PORT=7000               # the port of the server
FRPS_DASHBOARD_PORT=7500            # the port of the dashboard

~/frp/docker-compose.yml:

version: '3.8'
services:
  frps:
    image: snowdreamtech/frps
    container_name: frps
    restart: unless-stopped
    volumes:
      - ./config-frps:/etc/frp
    networks:
      - caddy
    labels:
      caddy: ${DOMAIN}
      caddy.0_handle_path: "/${CADDY_PATH}/dashboard"
      caddy.0_reverse_proxy: "{{upstreams ${FRPS_DASHBOARD_PORT}}}"
      caddy.1_handle_path: "/${CADDY_PATH}/server"
      caddy.1_reverse_proxy: "{{upstreams ${FRPS_SERVER_PORT}}}"
      caddy.2_handle_path: "/${CADDY_PATH}/server/port-22001"
      caddy.2_reverse_proxy: "{{upstreams 22001}}"
      caddy.3_handle_path: "/${CADDY_PATH}/server/port-22002"
      caddy.3_reverse_proxy: "{{upstreams 22002}}"
     # ...
      caddy.31_handle_path: "/${CADDY_PATH}/server/port-22030"
      caddy.31_reverse_proxy: "{{upstreams 22030}}"

networks:
  caddy:
    external: true

~/frp/config-frps/frps.toml

bindPort = 7000
allowPorts = [
  { start = 22001, end = 22030 }
]
webServer.addr = "0.0.0.0"
webServer.port = 7500
# dashboard's username and password are both optional
webServer.user = "admin"
webserver. Password = "password"
auth.method = "token"
auth.token = "sometoken"

CLIENT:

~/frp/config-frpc/frpc.toml

serverAddr = "example.com/frp/server"
serverPort = 443
auth.method = "token"
auth.token = "sometoken"

~/frp/docker-compose.yml:

version: '3.8'
services:
  frpc:
    image: snowdreamtech/frpc
    container_name: frpc
    restart: unless-stopped
    volumes:
      - ./config-frpc:/etc/frp
    network_mode: host

networks:
  caddy:
    external: true

Logs

Client (frpc) says:

frpc  | login to the server failed: dial tcp: lookup example.com/frp: no such host. With loginFailExit enabled, no additional retries will be attempted
frpc  | 2024-04-18 17:00:14.523 [I] [sub/root.go:142] start frpc service for config file [/etc/frp/frpc.toml]
frpc  | 2024-04-18 17:00:14.523 [I] [client/service.go:294] try to connect to server...
frpc  | 2024-04-18 17:00:14.524 [W] [client/service.go:297] connect to server error: dial tcp: lookup example.com/frp: no such host
frpc  | 2024-04-18 17:00:14.524 [I] [sub/root.go:160] frpc service for config file [/etc/frp/frpc.toml] stopped

Server (frps) displays nothing like client did not succeed to connect to it.

Since frps is inside caddy network, I check caddy and found nothing, too.

Affected area

Docs
Installation
Performance and Scalability
Security
User Experience
Test and Release
Developer Infrastructure
Client Plugin
Server Plugin
Extensions
Others

Originally created by @Kenya-West on GitHub (Apr 19, 2024). Original GitHub issue: https://github.com/fatedier/frp/issues/4171 ### Bug Description ### WhoAmI Hi, a frontend guy that not so skilled in network stack is here. ### What I try to do I try to make FRP server fully isolated so it should work inside `caddy` network through Caddy server. (Is that even possible?) ### Problem The problem: since `frps` on VPS machine is working through Caddy server, it is accessible only by HTTP(S). While I can open dashboard in browser, any of `frpc` could not connect to server as they try to connect by TCP. This problem is a ChatGPT conclusion and seems fair and adequate, I believe it. ### Setup - FRP server is available on `https://example.com/frp/server`; - FRP server dashboard is on `https://example.com/frp/dashboard`. I use [lucaslorentz/caddy-docker-proxy](https://github.com/lucaslorentz/caddy-docker-proxy) repo that makes Caddy server setup even easier. I just setup Caddy server by this repo and never touch it. It refreshes `Caddyfile` config dynamically once new Docker container in `caddy` network is created, modified or removed. Architecture that I try represent: ```mermaid flowchart TD aa(remote user) -.->|https://example.com/api/path| caddyserver subgraph VPS caddyserver(Caddy server) -.-> |https://127.0.0.1:80/,\nhttps://127.0.0.1:443/| frp subgraph CaddyNetwork frp(frp) -->|https://172.27.0.4:84\nor whatever internal IP Docker gives| b(tunnel server) end end b ===|https tunnel| c(tunnel client: 172.19.0.3) subgraph home server c -->|frpc in network_host mode| d(frp) d -->|http| e(app) end ``` 1. Files that setup on server: ```tree ~/caddy/ └── docker-compose.yml ~/frp/ ├── .env ├── config-frps │ └── frps.toml └── docker-compose.yml ``` 2. Files that I setup on client: ```tree ~/frp/ ├── config-frpc │ └── frpc.toml ├── docker-compose.yml └── .env ``` ### frpc Version 0.56.0 ### frps Version 0.56.0 ### System Architecture linux/amd64 ### Configurations Why does not frpc connect to frps? ### SERVER ~/caddy/docker-compose.yml: ```yaml version: "3.8" services: caddy: image: lucaslorentz/caddy-docker-proxy:ci-alpine container_name: caddy ports: - 80:80 - 443:443 - "443:443/udp" environment: - CADDY_INGRESS_NETWORKS=caddy networks: - caddy volumes: - /var/run/docker.sock:/var/run/docker.sock - ./caddy_data:/data - ./config:/config restart: unless-stopped networks: caddy: external: true volumes: caddy_data: {} ``` ~/frp/.env ``` DOMAIN=example.com # your domain CADDY_PATH=frp # must be present, or it produces bugs. Example value: `frps` FRPS_SERVER_PORT=7000 # the port of the server FRPS_DASHBOARD_PORT=7500 # the port of the dashboard ``` ~/frp/docker-compose.yml: ```yaml version: '3.8' services: frps: image: snowdreamtech/frps container_name: frps restart: unless-stopped volumes: - ./config-frps:/etc/frp networks: - caddy labels: caddy: ${DOMAIN} caddy.0_handle_path: "/${CADDY_PATH}/dashboard" caddy.0_reverse_proxy: "{{upstreams ${FRPS_DASHBOARD_PORT}}}" caddy.1_handle_path: "/${CADDY_PATH}/server" caddy.1_reverse_proxy: "{{upstreams ${FRPS_SERVER_PORT}}}" caddy.2_handle_path: "/${CADDY_PATH}/server/port-22001" caddy.2_reverse_proxy: "{{upstreams 22001}}" caddy.3_handle_path: "/${CADDY_PATH}/server/port-22002" caddy.3_reverse_proxy: "{{upstreams 22002}}" # ... caddy.31_handle_path: "/${CADDY_PATH}/server/port-22030" caddy.31_reverse_proxy: "{{upstreams 22030}}" networks: caddy: external: true ``` ~/frp/config-frps/frps.toml ```toml bindPort = 7000 allowPorts = [ { start = 22001, end = 22030 } ] webServer.addr = "0.0.0.0" webServer.port = 7500 # dashboard's username and password are both optional webServer.user = "admin" webserver. Password = "password" auth.method = "token" auth.token = "sometoken" ``` ### CLIENT: ~/frp/config-frpc/frpc.toml ```toml serverAddr = "example.com/frp/server" serverPort = 443 auth.method = "token" auth.token = "sometoken" ``` ~/frp/docker-compose.yml: ```yaml version: '3.8' services: frpc: image: snowdreamtech/frpc container_name: frpc restart: unless-stopped volumes: - ./config-frpc:/etc/frp network_mode: host networks: caddy: external: true ``` ### Logs Client (frpc) says: ```log frpc | login to the server failed: dial tcp: lookup example.com/frp: no such host. With loginFailExit enabled, no additional retries will be attempted frpc | 2024-04-18 17:00:14.523 [I] [sub/root.go:142] start frpc service for config file [/etc/frp/frpc.toml] frpc | 2024-04-18 17:00:14.523 [I] [client/service.go:294] try to connect to server... frpc | 2024-04-18 17:00:14.524 [W] [client/service.go:297] connect to server error: dial tcp: lookup example.com/frp: no such host frpc | 2024-04-18 17:00:14.524 [I] [sub/root.go:160] frpc service for config file [/etc/frp/frpc.toml] stopped ``` Server (frps) displays nothing like client did not succeed to connect to it. Since frps is inside `caddy` network, I check caddy and found nothing, too. ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [X] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror

2026-05-05 14:07:17 -06:00

closed this issue
added the
lifecycle/stale
label

gitea-mirror commented

2026-05-05 14:07:20 -06:00

Author

Owner

@xqzr commented on GitHub (Apr 19, 2024):

frpc 与 frps 之间的连接，使用这几种协议 885278c045/conf/frpc_full_example.toml (L82)
没有 https

@xqzr commented on GitHub (Apr 19, 2024): frpc 与 frps 之间的连接，使用这几种协议 https://github.com/fatedier/frp/blob/885278c045d6d7c865f0e7e5937f86057ce22b33/conf/frpc_full_example.toml#L82 没有 https

gitea-mirror commented

2026-05-05 14:07:20 -06:00

Author

Owner

@fatedier commented on GitHub (Apr 22, 2024):

Try websocket and wss

@fatedier commented on GitHub (Apr 22, 2024): Try websocket and wss

gitea-mirror commented

2026-05-05 14:07:21 -06:00

Author

Owner

@github-actions[bot] commented on GitHub (May 14, 2024):

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

@github-actions[bot] commented on GitHub (May 14, 2024): Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

gitea-mirror referenced this issue

2026-05-05 14:47:21 -06:00

[PR #3287] [MERGED] support go1.20 #4714

gitea-mirror referenced this issue

2026-05-05 14:47:27 -06:00

[PR #3299] [MERGED] sync #4720