[GH-ISSUE #4576] 0.61可以提供完整的http2https, https2https的例子么 #3616

New issue

Closed

opened 2026-05-05 14:19:23 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented 2026-05-05 14:19:23 -06:00

Owner

Copy link

Originally created by @shyandsy on GitHub (Dec 9, 2024).
Original GitHub issue: https://github.com/fatedier/frp/issues/4576

Bug Description

场景

1. 内网服务器https://192.168.101.20:6443, 是k8s cluster api
2. 公网阿里云服务器 47.xx.xx.xx 是我的公网ip
3. 我希望通过公网https 50080 和 http 55000 端口，访问内网k8s cluster api

尝试http2https，tcp都无法访问内网https服务

frpc Version

0.61.0

frps Version

0.61.0

System Architecture

linux/amd64

Configurations

server配置

bindPort = 50000

vhostHTTPPort = 50080
vhostHTTPSPort = 55000

subdomainHost = "xxx.xxx.com"
log.level = "debug"

client配置

# 方式1 tcp
[[proxies]]
name = "kubectl"
type = "tcp"
localIP = "192.168.101.20"
localPort = 6443
remotePort = 52000

# 方式2 http2https
[[proxies]]
name = "k8s"
type = "http"
#customDomains = ["xxx.xxx.com"]
subDomain = "a"
[proxies.plugin]
type = "http2https"
localAddr = "192.168.101.20:6443"
hostHeaderRewrite = "192.168.101.20"
#requestHeaders.set.x-from-where = "a"

Logs

1. 尝试tcp方式访问
   server debug输出
   

client debug输出

2. 尝试http方式访问
   server debug输出
   

client debug输出

Steps to reproduce

...

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others

Originally created by @shyandsy on GitHub (Dec 9, 2024). Original GitHub issue: https://github.com/fatedier/frp/issues/4576 ### Bug Description 场景 1. 内网服务器https://192.168.101.20:6443, 是k8s cluster api 2. 公网阿里云服务器 47.xx.xx.xx 是我的公网ip 3. 我希望通过公网https 50080 和 http 55000 端口，访问内网k8s cluster api 尝试http2https，tcp都无法访问内网https服务 ### frpc Version 0.61.0 ### frps Version 0.61.0 ### System Architecture linux/amd64 ### Configurations server配置 ```toml bindPort = 50000 vhostHTTPPort = 50080 vhostHTTPSPort = 55000 subdomainHost = "xxx.xxx.com" log.level = "debug" ``` client配置 ```toml # 方式1 tcp [[proxies]] name = "kubectl" type = "tcp" localIP = "192.168.101.20" localPort = 6443 remotePort = 52000 # 方式2 http2https [[proxies]] name = "k8s" type = "http" #customDomains = ["xxx.xxx.com"] subDomain = "a" [proxies.plugin] type = "http2https" localAddr = "192.168.101.20:6443" hostHeaderRewrite = "192.168.101.20" #requestHeaders.set.x-from-where = "a" ``` ### Logs 1. 尝试tcp方式访问 server debug输出  client debug输出  2. 尝试http方式访问 server debug输出  client debug输出  ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror 2026-05-05 14:19:23 -06:00

• closed this issue
• added the
  lifecycle/stale
  label

gitea-mirror commented 2026-05-05 14:19:26 -06:00

Author

Owner

Copy link

@superzjg commented on GitHub (Dec 10, 2024):

配置基本没问题，考虑是运营商或vps服务商的问题。不信，你可以在本地不同的设备上搭建frps和frpc测试，没有公网ipv4就用ipv6测试，应该是可以通的。
现在可以尝试：
1、关闭tls看行不行：transport.tls.enable = false
2、在frps上配置 quicBindPort，采用udp传输，frpc使用 transport.protocol = "quic"
3、尝试换一个https服务试试，随便自己弄一个自签名的https。
注意所有用到的端口在vps上防火墙要打开。

<!-- gh-comment-id:2531262976 --> @superzjg commented on GitHub (Dec 10, 2024): 配置基本没问题，考虑是运营商或vps服务商的问题。不信，你可以在本地不同的设备上搭建frps和frpc测试，没有公网ipv4就用ipv6测试，应该是可以通的。 现在可以尝试： 1、关闭tls看行不行：`transport.tls.enable = false` 2、在frps上配置 `quicBindPort`，采用udp传输，frpc使用 `transport.protocol = "quic"` 3、尝试换一个https服务试试，随便自己弄一个自签名的https。 注意所有用到的端口在vps上防火墙要打开。

gitea-mirror commented 2026-05-05 14:19:27 -06:00

Author

Owner

Copy link

@shyandsy commented on GitHub (Dec 12, 2024):

@superzjg

1. 使用tcp模式时候，kubectl get ns --skip-tls-verify=true，是可以成功执行的。如果不加--skip-tls-verify=true，内网kube api server会报错，说目标地址应该是192.168.101.20，而不是47.xxxx （阿里云公网地址）。看起来请求里目标ip没有变
2. 如果使用https模式转发，我最后抓包能看到https请求到达192.168.101.20:6443目标端口，但是kubectl的双向证书认证，似乎没认证通过

<!-- gh-comment-id:2537691456 --> @shyandsy commented on GitHub (Dec 12, 2024): @superzjg 1. 使用tcp模式时候，kubectl get ns --skip-tls-verify=true，是可以成功执行的。如果不加--skip-tls-verify=true，内网kube api server会报错，说目标地址应该是192.168.101.20，而不是47.xxxx （阿里云公网地址）。看起来请求里目标ip没有变 2. 如果使用https模式转发，我最后抓包能看到https请求到达192.168.101.20:6443目标端口，但是kubectl的双向证书认证，似乎没认证通过

gitea-mirror commented 2026-05-05 14:19:28 -06:00

Author

Owner

Copy link

@superzjg commented on GitHub (Dec 12, 2024):

@superzjg

1. 使用tcp模式时候，kubectl get ns --skip-tls-verify=true，是可以成功执行的。如果不加--skip-tls-verify=true，内网kube api server会报错，说目标地址应该是192.168.101.20，而不是47.xxxx （阿里云公网地址）。看起来请求里目标ip没有变
2. 如果使用https模式转发，我最后抓包能看到https请求到达192.168.101.20:6443目标端口，但是kubectl的双向证书认证，似乎没认证通过

我不太明白你的意思，我用一个简单的 https://192.168.3.6:53412 自签名网页，测试结果没有问题。
访问下面三个网址均可以打开：
https://aaa.bbb.com:53430/
https://aaa.bbb.com:53413/
http://aaa.bbb.com:53413/

附带我的配置文件：

Frps v0.60.0：（注：因为我使用的端口一样，所以必须在frpc配置transport.tls.disableCustomTLSFirstByte，否则连不上，不一样的端口不需要）

bindPort = 53413
auth.token = "123456"
vhostHTTPPort = 53413
vhostHTTPSPort = 53413
log.to = "/var/log/frps.log"
log.maxDays = 6

Frpc v0.60.0：

serverAddr = "aaa.bbb.com"
serverPort = 53413
loginFailExit = false
auth.token = "123456"
log.to = "/var/log/frpc.log"
transport.tls.disableCustomTLSFirstByte = false

[[proxies]]
name = "tcp_web_test"
type = "tcp"
localIP = "192.168.3.6"
localPort = 53412
remotePort = 53430

[[proxies]]
name = "https_test"
type = "https"
localIP = "192.168.3.6"
localPort = 53412
customDomains = ["aaa.bbb.com"]

[[proxies]]
name = "http2https_test"
type = "http"
customDomains = ["aaa.bbb.com"]
[proxies.plugin]
type = "http2https"
localAddr = "192.168.3.6:53412"

<!-- gh-comment-id:2537958380 --> @superzjg commented on GitHub (Dec 12, 2024): > @superzjg > > 1. 使用tcp模式时候，kubectl get ns --skip-tls-verify=true，是可以成功执行的。如果不加--skip-tls-verify=true，内网kube api server会报错，说目标地址应该是192.168.101.20，而不是47.xxxx （阿里云公网地址）。看起来请求里目标ip没有变 > 2. 如果使用https模式转发，我最后抓包能看到https请求到达192.168.101.20:6443目标端口，但是kubectl的双向证书认证，似乎没认证通过 我不太明白你的意思，我用一个简单的 https://192.168.3.6:53412 自签名网页，测试结果没有问题。 访问下面三个网址均可以打开： https://aaa.bbb.com:53430/ https://aaa.bbb.com:53413/ http://aaa.bbb.com:53413/ 附带我的配置文件： Frps v0.60.0：（注：因为我使用的端口一样，所以必须在frpc配置transport.tls.disableCustomTLSFirstByte，否则连不上，不一样的端口不需要） ``` bindPort = 53413 auth.token = "123456" vhostHTTPPort = 53413 vhostHTTPSPort = 53413 log.to = "/var/log/frps.log" log.maxDays = 6 ``` Frpc v0.60.0： ``` serverAddr = "aaa.bbb.com" serverPort = 53413 loginFailExit = false auth.token = "123456" log.to = "/var/log/frpc.log" transport.tls.disableCustomTLSFirstByte = false [[proxies]] name = "tcp_web_test" type = "tcp" localIP = "192.168.3.6" localPort = 53412 remotePort = 53430 [[proxies]] name = "https_test" type = "https" localIP = "192.168.3.6" localPort = 53412 customDomains = ["aaa.bbb.com"] [[proxies]] name = "http2https_test" type = "http" customDomains = ["aaa.bbb.com"] [proxies.plugin] type = "http2https" localAddr = "192.168.3.6:53412" ```

gitea-mirror commented 2026-05-05 14:19:29 -06:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Dec 27, 2024):

Issues go stale after 14d of inactivity. Stale issues rot after an additional 3d of inactivity and eventually close.

<!-- gh-comment-id:2563195567 --> @github-actions[bot] commented on GitHub (Dec 27, 2024): Issues go stale after 14d of inactivity. Stale issues rot after an additional 3d of inactivity and eventually close.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3616

No description provided.