[GH-ISSUE #4325] 如何强制HTTPS请求的端口转发

gitea-mirror commented

2026-05-05 14:11:51 -06:00

Owner

Originally created by @xhzkp on GitHub (Jul 9, 2024).
Original GitHub issue: https://github.com/fatedier/frp/issues/4325

Describe the feature request

刚上手FRP, 对有些配置看了相关文档或教程后还是不太理解, 请求路过大佬指点江山! 非常感谢!

问题描述如下:

公网的FPRS服务端配置FRPS.toml如下:
bindPort = 7000

内网的FRPC客户端配置FRPC.toml如下:
serverAddr = "1.2.3.4"
serverPort = 7000

proxies
name = "Port 2222 Server"
type = "tcp"
localIP = "192.168.1.2"
localPort = 2222
remotePort = 6000

这里假设服务器IP1.2.3.4绑定的域名是1234.com
外网通过下面的链接可以成功访问到内网192.168.1.2主机的2222端口
http://1234.com:6000

但是我想强制使用https来访问2222端口, 即:
A. 当使用 http://1234.com:6000 访问时, 不需要对这个访问进行响应
B. 只有使用 https://1234.com:6000 访问时, 内网192.168.1.2主机的2222端口才能接收响应

假设我已经有 1234.com域名的https证书, 我需要怎样调整客户端或服务器的配置文件? 感谢

Describe alternatives you've considered

No response

Affected area

Docs
Installation
Performance and Scalability
Security
User Experience
Test and Release
Developer Infrastructure
Client Plugin
Server Plugin
Extensions
Others

Originally created by @xhzkp on GitHub (Jul 9, 2024). Original GitHub issue: https://github.com/fatedier/frp/issues/4325 ### Describe the feature request 刚上手FRP, 对有些配置看了相关文档或教程后还是不太理解, 请求路过大佬指点江山! 非常感谢! 问题描述如下: 公网的FPRS服务端配置FRPS.toml如下: bindPort = 7000 ________________________________________________________ 内网的FRPC客户端配置FRPC.toml如下: serverAddr = "1.2.3.4" serverPort = 7000 [[proxies]] name = "Port 2222 Server" type = "tcp" localIP = "192.168.1.2" localPort = 2222 remotePort = 6000 ________________________________________________________ 这里假设服务器IP1.2.3.4绑定的域名是1234.com 外网通过下面的链接可以成功访问到内网192.168.1.2主机的2222端口 http://1234.com:6000 但是我想强制使用https来访问2222端口, 即: A. 当使用 http://1234.com:6000 访问时, 不需要对这个访问进行响应 B. 只有使用 **https**://1234.com:6000 访问时, 内网192.168.1.2主机的2222端口才能接收响应假设我已经有 1234.com域名的https证书, 我需要怎样调整客户端或服务器的配置文件? 感谢 ### Describe alternatives you've considered _No response_ ### Affected area - [X] Docs - [X] Installation - [ ] Performance and Scalability - [ ] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [X] Others

gitea-mirror

2026-05-05 14:11:51 -06:00

closed this issue
added the
lifecycle/stale
label

gitea-mirror commented

2026-05-05 14:11:54 -06:00

Author

Owner

@superzjg commented on GitHub (Jul 9, 2024):

https://gofrp.org/zh-cn/docs/examples/https2http/

@superzjg commented on GitHub (Jul 9, 2024): https://gofrp.org/zh-cn/docs/examples/https2http/

gitea-mirror commented

2026-05-05 14:11:55 -06:00

Author

Owner

@xhzkp commented on GitHub (Jul 9, 2024):

https://gofrp.org/zh-cn/docs/examples/https2http/

感谢大佬支招, 我看这个配置是在客户端配置的, 把证书都放在了客户端, 这个实在不方便, 也非常不现实...
不能在服务端配置吗? 如果不能在服务端实现我的需求, 那也只能放弃了...
我的想法是, 拷贝客户端到任意一台电脑上, 然后我就能访问这台电脑, 这台电脑做一下基本的token认证就行了, 但是访问要用https访问

@xhzkp commented on GitHub (Jul 9, 2024): > https://gofrp.org/zh-cn/docs/examples/https2http/ 感谢大佬支招, 我看这个配置是在客户端配置的, 把证书都放在了客户端, 这个实在不方便, 也非常不现实... 不能在服务端配置吗? 如果不能在服务端实现我的需求, 那也只能放弃了... 我的想法是, 拷贝客户端到任意一台电脑上, 然后我就能访问这台电脑, 这台电脑做一下基本的token认证就行了, 但是访问要用https访问

gitea-mirror commented

2026-05-05 14:11:55 -06:00

Author

Owner

@JsonSong89 commented on GitHub (Jul 9, 2024):

自己用nginx再转一下吧
说实话我也觉得客户端配置证书很奇怪

@JsonSong89 commented on GitHub (Jul 9, 2024): 自己用nginx再转一下吧说实话我也觉得客户端配置证书很奇怪

gitea-mirror commented

2026-05-05 14:11:56 -06:00

Author

Owner

@xhzkp commented on GitHub (Jul 9, 2024):

自己用nginx再转一下吧说实话我也觉得客户端配置证书很奇怪

现在用 serveo.net 直接支持https

@xhzkp commented on GitHub (Jul 9, 2024): > 自己用nginx再转一下吧说实话我也觉得客户端配置证书很奇怪现在用 serveo.net 直接支持https

gitea-mirror commented

2026-05-05 14:11:57 -06:00

Author

Owner

@xhzkp commented on GitHub (Jul 12, 2024):

自己用nginx再转一下吧说实话我也觉得客户端配置证书很奇怪

大佬能给指个明路吗? 怎样用nginx转? 我现在服务器有apache和php的网站, 不想影响它们, 再加个nginx, 再加上frp, 感觉太乱了
用下面这个就不支持用户面板插件了
https://gofrp.org/zh-cn/docs/examples/https2http/

@xhzkp commented on GitHub (Jul 12, 2024): > 自己用nginx再转一下吧说实话我也觉得客户端配置证书很奇怪大佬能给指个明路吗? 怎样用nginx转? 我现在服务器有apache和php的网站, 不想影响它们, 再加个nginx, 再加上frp, 感觉太乱了用下面这个就不支持用户面板插件了 https://gofrp.org/zh-cn/docs/examples/https2http/

gitea-mirror commented

2026-05-05 14:11:58 -06:00

Author

Owner

@JsonSong89 commented on GitHub (Jul 15, 2024):

apache 应该也有类似功能吧
nginx的话很简单

server {
    listen 1444 ssl;
    server_name  _;
    ssl_certificate     /etc/nginx/ca/fullchain1.pem;
    ssl_certificate_key /etc/nginx/ca/privkey1.pem;
    ssl_session_cache shared:SSL:1m;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    #设置长连接
    keepalive_timeout   60;
    root   /home/static/;

    location / {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Range $http_range;
      proxy_set_header If-Range $http_if_range;
      proxy_redirect off;
      proxy_pass http://127.0.0.1:19371/;
      client_max_body_size 200m;
    }
}

@JsonSong89 commented on GitHub (Jul 15, 2024): apache 应该也有类似功能吧 nginx的话很简单 ``` server { listen 1444 ssl; server_name _; ssl_certificate /etc/nginx/ca/fullchain1.pem; ssl_certificate_key /etc/nginx/ca/privkey1.pem; ssl_session_cache shared:SSL:1m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; #设置长连接 keepalive_timeout 60; root /home/static/; location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_redirect off; proxy_pass http://127.0.0.1:19371/; client_max_body_size 200m; } } ```

gitea-mirror commented

2026-05-05 14:11:58 -06:00

Author

Owner

@lhqiang commented on GitHub (Jul 17, 2024):

@JsonSong89 你的配置可以了吗，nginx配置基本一致，frp配置如下不行
frps.toml配置
bindPort = 8080 vhostHTTPPort = 8081 #二级域名 subdomainHost = "域名"

frpc.toml配置
`serverAddr = ""
serverPort = 8080

proxies
name = "test"
subdomain = "test"
type = "http"
localIP = "127.0.0.1"
localPort = 8080
transport.proxyProtocolVersion = "v2"`

@lhqiang commented on GitHub (Jul 17, 2024): @JsonSong89 你的配置可以了吗，nginx配置基本一致，frp配置如下不行 frps.toml配置 `bindPort = 8080 vhostHTTPPort = 8081 #二级域名 subdomainHost = "域名"` frpc.toml配置 `serverAddr = "" serverPort = 8080 [[proxies]] name = "test" subdomain = "test" type = "http" localIP = "127.0.0.1" localPort = 8080 transport.proxyProtocolVersion = "v2"`

gitea-mirror commented

2026-05-05 14:11:59 -06:00

Author

Owner

@JsonSong89 commented on GitHub (Jul 17, 2024):

@JsonSong89 你的配置可以了吗，nginx配置基本一致，frp配置如下不行 frps.toml配置 bindPort = 8080 vhostHTTPPort = 8081 #二级域名 subdomainHost = "域名"

frpc.toml配置 `serverAddr = "" serverPort = 8080

proxies name = "test" subdomain = "test" type = "http" localIP = "127.0.0.1" localPort = 8080 transport.proxyProtocolVersion = "v2"`

你和楼主的不是一回事啊
楼主是tcp ,只要能把http proxy过去就可以

你这是三级域名,应该是包含了host认证的环节吧
nginx里面手动指定host试试

@JsonSong89 commented on GitHub (Jul 17, 2024): > @JsonSong89 你的配置可以了吗，nginx配置基本一致，frp配置如下不行 frps.toml配置 `bindPort = 8080 vhostHTTPPort = 8081 #二级域名 subdomainHost = "域名"` > > frpc.toml配置 `serverAddr = "" serverPort = 8080 > > [[proxies]] name = "test" subdomain = "test" type = "http" localIP = "127.0.0.1" localPort = 8080 transport.proxyProtocolVersion = "v2"` 你和楼主的不是一回事啊楼主是tcp ,只要能把http proxy过去就可以你这是三级域名,应该是包含了host认证的环节吧 nginx里面手动指定host试试

gitea-mirror commented

2026-05-05 14:12:00 -06:00

Author

Owner

@JsonSong89 commented on GitHub (Jul 17, 2024):

类似这样的

	location /chatproxy/ {
        proxy_set_header Host api.openai.com;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass https://api.openai.com/;
        client_max_body_size 10M;
        client_body_buffer_size 128k;
        proxy_connect_timeout 600;
        proxy_send_timeout 600;
        proxy_read_timeout 600;
        proxy_buffer_size 4k;
        proxy_buffers 4 32k;
        proxy_busy_buffers_size 64k;
        proxy_temp_file_write_size 64k;
        proxy_set_body $request_body;
        proxy_ssl_server_name on;
	}

@JsonSong89 commented on GitHub (Jul 17, 2024): 类似这样的 ``` location /chatproxy/ { proxy_set_header Host api.openai.com; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass https://api.openai.com/; client_max_body_size 10M; client_body_buffer_size 128k; proxy_connect_timeout 600; proxy_send_timeout 600; proxy_read_timeout 600; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_set_body $request_body; proxy_ssl_server_name on; } ```

gitea-mirror commented

2026-05-05 14:12:01 -06:00

Author

Owner

@lhqiang commented on GitHub (Jul 17, 2024):

@JsonSong89 试过了不行，用了个旧版本可以了

@lhqiang commented on GitHub (Jul 17, 2024): @JsonSong89 试过了不行，用了个旧版本可以了

gitea-mirror commented

2026-05-05 14:12:01 -06:00

Author

Owner

@JsonSong89 commented on GitHub (Jul 17, 2024):

@JsonSong89 试过了不行，用了个旧版本可以了
frp只要能提供http服务(三级域名可以访问)
后面的事其实压根和frp没什么关系,所以不存在什么版本问题
看看你nginx配置吧

@JsonSong89 commented on GitHub (Jul 17, 2024): > @JsonSong89 试过了不行，用了个旧版本可以了 frp只要能提供http服务(三级域名可以访问) 后面的事其实压根和frp没什么关系,所以不存在什么版本问题看看你nginx配置吧

gitea-mirror commented

2026-05-05 14:12:02 -06:00

Author

Owner

@github-actions[bot] commented on GitHub (Aug 8, 2024):

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

@github-actions[bot] commented on GitHub (Aug 8, 2024): Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

Rows
Columns

[GH-ISSUE #4325] 如何强制HTTPS请求的端口转发 #3414

Describe the feature request

Describe alternatives you've considered

Affected area