[GH-ISSUE #86] https 似乎无法正常工作

gitea-mirror commented

2026-05-05 11:35:29 -06:00

Owner

Originally created by @mengbingrock on GitHub (Aug 22, 2016).
Original GitHub issue: https://github.com/fatedier/frp/issues/86

Originally assigned to: @maodanp on GitHub.

首先感谢开发者。
经测试ssh和80端口的http协议都正常工作。可是443端口的https协议似乎有问题。

客户端

# frpc.ini
[web02]
type = https
local_ip = 127.0.0.1
local_port = 443

[privilege_web]
privilege_mode = true
type = https
local_ip = 127.0.0.1
local_port = 443
use_gzip = true
custom_domains = 192.168.1.3
#web03.yourdomain.com
host_header_rewrite = 192.168.1.3
#example.com

服务端 frps.ini

vhost_http_port = 80
vhost_https_port = 443

[web02]
type = https
auth_token = 123
custom_domains = 144.172.70.47
#web02.yourdomain.com

尝试https连接似乎客户端和服务端都没有感知：
frpc.log

2016/08/22 15:05:47 [control.go:185][I] ProxyName [privilege_web], connect to server [144.172.70.47:7000] success!
2016/08/22 15:05:47 [control.go:193][I] Start to send heartbeat to frps
2016/08/22 15:05:47 [control.go:185][I] ProxyName [ssh], connect to server [144.172.70.47:7000] success!
2016/08/22 15:05:47 [control.go:193][I] Start to send heartbeat to frps
2016/08/22 15:05:47 [control.go:185][I] ProxyName [web01], connect to server [144.172.70.47:7000] success!
2016/08/22 15:05:47 [control.go:193][I] Start to send heartbeat to frps
2016/08/22 15:05:47 [control.go:185][I] ProxyName [privilege_ssh], connect to server [144.172.70.47:7000] success!
2016/08/22 15:05:47 [control.go:193][I] Start to send heartbeat to frps
2016/08/22 15:05:47 [control.go:185][I] ProxyName [web02], connect to server [144.172.70.47:7000] success!
2016/08/22 15:05:47 [control.go:193][I] Start to send heartbeat to frps

frps.log

2016/08/22 01:05:46 [main.go:182][I] Start frps success
2016/08/22 01:05:46 [main.go:184][I] PrivilegeMode is enabled, you should pay more attention to security issues
2016/08/22 01:05:52 [control.go:308][I] ProxyName [privilege_web], start proxy success
2016/08/22 01:05:52 [control.go:310][I] ProxyName [privilege_web], created by PrivilegeMode
2016/08/22 01:05:52 [control.go:308][I] ProxyName [ssh], start proxy success
2016/08/22 01:05:52 [control.go:308][I] ProxyName [web01], start proxy success
2016/08/22 01:05:52 [control.go:308][I] ProxyName [web02], start proxy success
2016/08/22 01:05:52 [control.go:308][I] ProxyName [privilege_ssh], start proxy success
2016/08/22 01:05:52 [control.go:310][I] ProxyName [privilege_ssh], created by PrivilegeMode

不知道domain那里我是不是写错了，或者问题出在我本地的路由器，有端口转发。可是http并未出问题。
谢谢

Originally created by @mengbingrock on GitHub (Aug 22, 2016). Original GitHub issue: https://github.com/fatedier/frp/issues/86 Originally assigned to: @maodanp on GitHub. 首先感谢开发者。经测试ssh和80端口的http协议都正常工作。可是443端口的https协议似乎有问题。客户端 ``` ini # frpc.ini [web02] type = https local_ip = 127.0.0.1 local_port = 443 [privilege_web] privilege_mode = true type = https local_ip = 127.0.0.1 local_port = 443 use_gzip = true custom_domains = 192.168.1.3 #web03.yourdomain.com host_header_rewrite = 192.168.1.3 #example.com ``` 服务端 frps.ini ``` ini vhost_http_port = 80 vhost_https_port = 443 [web02] type = https auth_token = 123 custom_domains = 144.172.70.47 #web02.yourdomain.com ``` 尝试https连接似乎客户端和服务端都没有感知： frpc.log ``` 2016/08/22 15:05:47 [control.go:185][I] ProxyName [privilege_web], connect to server [144.172.70.47:7000] success! 2016/08/22 15:05:47 [control.go:193][I] Start to send heartbeat to frps 2016/08/22 15:05:47 [control.go:185][I] ProxyName [ssh], connect to server [144.172.70.47:7000] success! 2016/08/22 15:05:47 [control.go:193][I] Start to send heartbeat to frps 2016/08/22 15:05:47 [control.go:185][I] ProxyName [web01], connect to server [144.172.70.47:7000] success! 2016/08/22 15:05:47 [control.go:193][I] Start to send heartbeat to frps 2016/08/22 15:05:47 [control.go:185][I] ProxyName [privilege_ssh], connect to server [144.172.70.47:7000] success! 2016/08/22 15:05:47 [control.go:193][I] Start to send heartbeat to frps 2016/08/22 15:05:47 [control.go:185][I] ProxyName [web02], connect to server [144.172.70.47:7000] success! 2016/08/22 15:05:47 [control.go:193][I] Start to send heartbeat to frps ``` frps.log ``` 2016/08/22 01:05:46 [main.go:182][I] Start frps success 2016/08/22 01:05:46 [main.go:184][I] PrivilegeMode is enabled, you should pay more attention to security issues 2016/08/22 01:05:52 [control.go:308][I] ProxyName [privilege_web], start proxy success 2016/08/22 01:05:52 [control.go:310][I] ProxyName [privilege_web], created by PrivilegeMode 2016/08/22 01:05:52 [control.go:308][I] ProxyName [ssh], start proxy success 2016/08/22 01:05:52 [control.go:308][I] ProxyName [web01], start proxy success 2016/08/22 01:05:52 [control.go:308][I] ProxyName [web02], start proxy success 2016/08/22 01:05:52 [control.go:308][I] ProxyName [privilege_ssh], start proxy success 2016/08/22 01:05:52 [control.go:310][I] ProxyName [privilege_ssh], created by PrivilegeMode ``` 不知道domain那里我是不是写错了，或者问题出在我本地的路由器，有端口转发。可是http并未出问题。谢谢

gitea-mirror closed this issue

2026-05-05 11:35:31 -06:00

gitea-mirror commented

2026-05-05 11:35:35 -06:00

Author

Owner

@mengbingrock commented on GitHub (Aug 22, 2016):

很抱歉我是新手，不是很熟悉markdown语法。上面的格式有问题。

@mengbingrock commented on GitHub (Aug 22, 2016): 很抱歉我是新手，不是很熟悉markdown语法。上面的格式有问题。

gitea-mirror commented

2026-05-05 11:35:39 -06:00

Author

Owner

@maodanp commented on GitHub (Aug 22, 2016):

首先确认下你的frpc的机器是否生成了证书？通过curl能否正常访问到frpc的443端口？
通过frps访问的HTTPS的域名是什么？
如果能够正常通过HTTPS访问，希望能够开启debug的日志模式，方便提供给我们更多的日志信息

@maodanp commented on GitHub (Aug 22, 2016): - 首先确认下你的`frpc`的机器是否生成了证书？通过`curl`能否正常访问到`frpc`的443端口？ - 通过frps访问的`HTTPS`的域名是什么？ - 如果能够正常通过`HTTPS`访问，希望能够开启debug的日志模式，方便提供给我们更多的日志信息

gitea-mirror commented

2026-05-05 11:35:42 -06:00

Author

Owner

@mengbingrock commented on GitHub (Aug 22, 2016):

感谢 @maodanp 提供的思路，发现是我的self-asinged证书的锅。本地是owncloud服务器，在内网通过浏览器访问时，会有证书警告，点击继续可以正常访问。
生成证书的时候，域名填写的就是我的私有ip地址:192.168.1.3
在本地 curl有如下结果

curl  -vvv https://192.168.1.3 

* Rebuilt URL to: https://192.168.1.3/
*   Trying 192.168.1.3...
* Connected to 192.168.1.3 (192.168.1.3) port 443 (#0)
* WARNING: using IP address, SNI is being disabled by the OS.
* SSL certificate problem: Invalid certificate chain
* Closing connection 0
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

于是加上 -k 选项：

curl -k -vvv https://192.168.1.3 

* Rebuilt URL to: https://192.168.1.3/
*   Trying 192.168.1.3...
* Connected to 192.168.1.3 (192.168.1.3) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: mengbing
> GET / HTTP/1.1
> Host: 192.168.1.3
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 302 Moved Temporarily
< Server: nginx/1.6.2
< Date: Mon, 22 Aug 2016 15:59:30 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: oco7v2ykwhi8=q50942kbem13o7qk5sgd4vrih4; path=/; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Set-Cookie: oc_sessionPassphrase=QKxx1ruCYuc9sLfh8csCRHbWgY1%2FcGKyg6R6vk3R0Byi2fweQ5RdvBG7e5PGnggxVkgf7kgNNobQGHvOue7FQf7w%2B4xezUM924tUjovZMq1GOuvNUc043beF%2FJA1uwoR; path=/; secure; httponly
< Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: Sameorigin
< X-Robots-Tag: none
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Location: https://192.168.1.3/index.php/login
< 
* Connection #0 to host 192.168.1.3 left intact

似乎是正常的。
curl frps 的https://ip 的结果如下：

curl -k -vvv https://144.172.70.47 
* Rebuilt URL to: https://144.172.70.47/
*   Trying 144.172.70.47...
* Connected to 144.172.70.47 (144.172.70.47) port 443 (#0)
* Server aborted the SSL handshake
* Closing connection 0
curl: (35) Server aborted the SSL handshake

如果使用命令 openssl s_client -connect frps的ip :443 -prexit，

CONNECTED(00000003)
140686674577056:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

在对本地私有ip执行执行同样的命令：

CONNECTED(00000003)
depth=0 /C=cn/ST=shanghai/L=shanghai/
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=cn/ST=shanghai/L=shanghai/
verify return:1
---
Certificate chain
 0 s:/C=cn/ST=shanghai/L=shanghai/
   i:/C=cn/ST=shanghai/L=shanghai/
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID7TCCAtWgAwIBAgIJAK5Y6nkqFIufMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD
VQQGEwJjbjERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
DAYDVQQKDAVmdWRhbjEQMA4GA1UECwwHcGh5c2ljczERMA8GA1UEAwwIbWVuZ2Jp
c9iBczaLdUHZiYfJHrPZKFitt3eruXgLf44UjuJfHdPE7v7+zDSiJRV6o1Gc6Z8q
XM5o
-----END CERTIFICATE-----
subject=/C=cn/ST=shanghai/L=shanghai/
issuer=/C=cn/ST=shanghai/L=shanghai/
---
No client certificate CA names sent
---
SSL handshake has read 1708 bytes and written 328 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 010567436F468B2ADFB9CE50D40B157E39628AD5C
    Session-ID-ctx: 
    Master-Key: FD70A12676A21C2A00456565544B222EAEE513030BE10109E34D5349B52DA1ABA1479B5875CBCEE1FB
    Key-Arg   : None
    Start Time: 1471881922
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
closed
---
Certificate chain
 0 s:/C=cn/ST=shanghai/L=shanghai/
   i:/C=cn/ST=shanghai/L=shanghai/
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID7TCCAtWgAwIBAgIJAK5Y6nkqFIufMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD
f3BaSCYnTArIaq8RhwESSeGMDRvr2O9cARGAEcZOOQnSXf0OJdHszDp4bpCN4TgL
cuoSM3LIMOAGUSRD86LXmUdB/y5xIJG4mEIRQwGoJdAhp3c1ks4twKAuG1PuxHnX
sA==
-----END CERTIFICATE-----
subject=/C=cn/ST=shanghai/L=shanghai/
issuer=/C=cn/ST=shanghai/L=shanghai/
---
No client certificate CA names sent
---
SSL handshake has read 1745 bytes and written 365 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 010567436F468B239FD52D192F9CEC9155040B157E39628AD5C
    Session-ID-ctx: 
    Master-Key: FD70A12676E1FB
    Key-Arg   : None
    Start Time: 1471881922
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---

可以看到完整的证书信息，其中我删除了一些个人信息字段。

也许将证书替换成正规的证书可以解决，是否可以理解成frps对证书的要求比较严格？

（看到格式还是不对，感谢你们帮我改格式，我看去看看上面的帖子是怎么改的，看能不能改好。可是我加 ```ini 还是没有效果啊）

@mengbingrock commented on GitHub (Aug 22, 2016): 感谢 @maodanp 提供的思路，发现是我的self-asinged证书的锅。本地是owncloud服务器，在内网通过浏览器访问时，会有证书警告，点击继续可以正常访问。生成证书的时候，域名填写的就是我的私有ip地址:192.168.1.3 在本地 curl有如下结果 ``` curl -vvv https://192.168.1.3 * Rebuilt URL to: https://192.168.1.3/ * Trying 192.168.1.3... * Connected to 192.168.1.3 (192.168.1.3) port 443 (#0) * WARNING: using IP address, SNI is being disabled by the OS. * SSL certificate problem: Invalid certificate chain * Closing connection 0 curl: (60) SSL certificate problem: Invalid certificate chain More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. ``` 于是加上 `-k` 选项： ``` curl -k -vvv https://192.168.1.3 * Rebuilt URL to: https://192.168.1.3/ * Trying 192.168.1.3... * Connected to 192.168.1.3 (192.168.1.3) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: mengbing > GET / HTTP/1.1 > Host: 192.168.1.3 > User-Agent: curl/7.43.0 > Accept: */* > < HTTP/1.1 302 Moved Temporarily < Server: nginx/1.6.2 < Date: Mon, 22 Aug 2016 15:59:30 GMT < Content-Type: text/html; charset=UTF-8 < Transfer-Encoding: chunked < Connection: keep-alive < Set-Cookie: oco7v2ykwhi8=q50942kbem13o7qk5sgd4vrih4; path=/; HttpOnly < Expires: Thu, 19 Nov 1981 08:52:00 GMT < Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 < Pragma: no-cache < Set-Cookie: oc_sessionPassphrase=QKxx1ruCYuc9sLfh8csCRHbWgY1%2FcGKyg6R6vk3R0Byi2fweQ5RdvBG7e5PGnggxVkgf7kgNNobQGHvOue7FQf7w%2B4xezUM924tUjovZMq1GOuvNUc043beF%2FJA1uwoR; path=/; secure; httponly < Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src * < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < X-Frame-Options: Sameorigin < X-Robots-Tag: none < X-Download-Options: noopen < X-Permitted-Cross-Domain-Policies: none < Location: https://192.168.1.3/index.php/login < * Connection #0 to host 192.168.1.3 left intact ``` 似乎是正常的。 curl frps 的https://ip 的结果如下： ``` curl -k -vvv https://144.172.70.47 * Rebuilt URL to: https://144.172.70.47/ * Trying 144.172.70.47... * Connected to 144.172.70.47 (144.172.70.47) port 443 (#0) * Server aborted the SSL handshake * Closing connection 0 curl: (35) Server aborted the SSL handshake ``` 如果使用命令 `openssl s_client -connect frps的ip :443 -prexit`， ``` CONNECTED(00000003) 140686674577056:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 295 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 295 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ``` 在对本地私有ip执行执行同样的命令： ``` CONNECTED(00000003) depth=0 /C=cn/ST=shanghai/L=shanghai/ verify error:num=18:self signed certificate verify return:1 depth=0 /C=cn/ST=shanghai/L=shanghai/ verify return:1 --- Certificate chain 0 s:/C=cn/ST=shanghai/L=shanghai/ i:/C=cn/ST=shanghai/L=shanghai/ --- Server certificate -----BEGIN CERTIFICATE----- MIID7TCCAtWgAwIBAgIJAK5Y6nkqFIufMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD VQQGEwJjbjERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w DAYDVQQKDAVmdWRhbjEQMA4GA1UECwwHcGh5c2ljczERMA8GA1UEAwwIbWVuZ2Jp c9iBczaLdUHZiYfJHrPZKFitt3eruXgLf44UjuJfHdPE7v7+zDSiJRV6o1Gc6Z8q XM5o -----END CERTIFICATE----- subject=/C=cn/ST=shanghai/L=shanghai/ issuer=/C=cn/ST=shanghai/L=shanghai/ --- No client certificate CA names sent --- SSL handshake has read 1708 bytes and written 328 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 010567436F468B2ADFB9CE50D40B157E39628AD5C Session-ID-ctx: Master-Key: FD70A12676A21C2A00456565544B222EAEE513030BE10109E34D5349B52DA1ABA1479B5875CBCEE1FB Key-Arg : None Start Time: 1471881922 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- closed --- Certificate chain 0 s:/C=cn/ST=shanghai/L=shanghai/ i:/C=cn/ST=shanghai/L=shanghai/ --- Server certificate -----BEGIN CERTIFICATE----- MIID7TCCAtWgAwIBAgIJAK5Y6nkqFIufMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD f3BaSCYnTArIaq8RhwESSeGMDRvr2O9cARGAEcZOOQnSXf0OJdHszDp4bpCN4TgL cuoSM3LIMOAGUSRD86LXmUdB/y5xIJG4mEIRQwGoJdAhp3c1ks4twKAuG1PuxHnX sA== -----END CERTIFICATE----- subject=/C=cn/ST=shanghai/L=shanghai/ issuer=/C=cn/ST=shanghai/L=shanghai/ --- No client certificate CA names sent --- SSL handshake has read 1745 bytes and written 365 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 010567436F468B239FD52D192F9CEC9155040B157E39628AD5C Session-ID-ctx: Master-Key: FD70A12676E1FB Key-Arg : None Start Time: 1471881922 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- ``` 可以看到完整的证书信息，其中我删除了一些个人信息字段。也许将证书替换成正规的证书可以解决，是否可以理解成frps对证书的要求比较严格？（看到格式还是不对，感谢你们帮我改格式，我看去看看上面的帖子是怎么改的，看能不能改好。可是我加 ```ini 还是没有效果啊）

gitea-mirror commented

2026-05-05 11:35:47 -06:00

Author

Owner

@maodanp commented on GitHub (Aug 23, 2016):

首先生成证书的域名需要指定(假设为www.example.com)。假设frps的IP地址144.172.70.47、frpc的IP地址192.168.1.3准确配置方式是在访问客户端的host中配置：

144.172.70.47 www.example.com

frpc.ini 配置如下：

[privilege_web]
privilege_mode = true
type = https
local_ip = www.example.com
local_port = 443
use_gzip = true
custom_domains = www.example.com

另外frps对证书是不感知的，只是将数据透传。关键是你访问的域名需要与生成证书的域名与配置文件中的域名一致

@maodanp commented on GitHub (Aug 23, 2016): 首先生成证书的域名需要指定(假设为`www.example.com`)。假设`frps`的IP地址**144.172.70.47**、`frpc`的IP地址**192.168.1.3**准确配置方式是在访问客户端的host中配置： ``` 144.172.70.47 www.example.com ``` `frpc.ini` 配置如下： ``` [privilege_web] privilege_mode = true type = https local_ip = www.example.com local_port = 443 use_gzip = true custom_domains = www.example.com ``` 另外`frps`对证书是不感知的，只是将数据透传。关键是你**访问的域名**需要与**生成证书的域名**与**配置文件**中的域名一致

gitea-mirror commented

2026-05-05 11:35:49 -06:00

Author

Owner

@mengbingrock commented on GitHub (Aug 23, 2016):

谢谢，我将
local_ip = 127.0.0.1
改成证书对应的域名：
local_ip = 192.168.1.3
之后可以成功访问https啦！
感谢开发者的耐心回答。
以前试用过一个国内程序员搭建的ngrok服务器，出于安全性和稳定性想着也不是长久之计。今天使用这个解决了困扰我好久的问题。非常感谢！
顺问如何make donation呢？

@mengbingrock commented on GitHub (Aug 23, 2016): 谢谢，我将 `local_ip = 127.0.0.1` 改成证书对应的域名： `local_ip = 192.168.1.3` 之后可以成功访问https啦！感谢开发者的耐心回答。以前试用过一个国内程序员搭建的ngrok服务器，出于安全性和稳定性想着也不是长久之计。今天使用这个解决了困扰我好久的问题。非常感谢！顺问如何make donation呢？

gitea-mirror commented

2026-05-05 11:35:49 -06:00

Author

Owner

@mengbingrock commented on GitHub (Aug 23, 2016):

发现一个及其奇怪的问题，用safari浏览器没问题，Chrome或其他电脑上的IE等都不行。无法理解是什么原因。
http协议则不会出现这样的问题。
我没有在hosts 文件中加入
144.172.70.47 192.168.1.3
不知道这样写是否合法，有可能是这里出问题。
curl 的结果还是报错
curl: (35) Server aborted the SSL handshake

@mengbingrock commented on GitHub (Aug 23, 2016): 发现一个及其奇怪的问题，用safari浏览器没问题，Chrome或其他电脑上的IE等都不行。无法理解是什么原因。 http协议则不会出现这样的问题。我没有在hosts 文件中加入 `144.172.70.47 192.168.1.3` 不知道这样写是否合法，有可能是这里出问题。 curl 的结果还是报错 `curl: (35) Server aborted the SSL handshake`

gitea-mirror commented

2026-05-05 11:35:51 -06:00

Author

Owner

@maodanp commented on GitHub (Aug 24, 2016):

不能通过hosts中增加IP之间的映射关系，需要通过定义域名方式实现。
我这边也测试过你的情况，发现浏览器对HTTPS协议支持是不同，fprs内部需要解析HTTPS的serverName, 如果解析不到就直接返回失败了。
以下提供两种解决方式：

144.172.70.47指定域名方式，直接通过域名访问
通过tcp连接，这样就不需要域名了。
方法2的配置如下：
frpc主要配置如下

[ssh]
# tcp | http, default is tcp
type = tcp
local_ip = 192.168.1.3
local_port = 443

frps主要配置如下：

[ssh]
type = tcp
auth_token = 123
bind_addr = 0.0.0.0
listen_port = 443

当然，frps中的vhost_https_port需要改端口，防止端口冲突。

@maodanp commented on GitHub (Aug 24, 2016): 不能通过`hosts`中增加IP之间的映射关系，需要通过定义域名方式实现。我这边也测试过你的情况，发现浏览器对`HTTPS`协议支持是不同，`fprs`内部需要解析`HTTPS`的serverName, 如果解析不到就直接返回失败了。以下提供两种解决方式： 1. **144.172.70.47**指定域名方式，直接通过域名访问 2. 通过`tcp`连接，这样就不需要域名了。方法`2`的配置如下： `frpc`主要配置如下 ``` [ssh] # tcp | http, default is tcp type = tcp local_ip = 192.168.1.3 local_port = 443 ``` `frps`主要配置如下： ``` [ssh] type = tcp auth_token = 123 bind_addr = 0.0.0.0 listen_port = 443 ``` 当然，frps中的vhost_https_port需要改端口，防止端口冲突。

gitea-mirror referenced this issue

2026-05-05 14:36:32 -06:00

[PR #183] [MERGED] support udp type #4147

Rows
Columns

[GH-ISSUE #86] https 似乎无法正常工作 #37