github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #4693] [Feature Request] 使用nginx反向代理frps时,客户端使用proxy protocol无法获取真实ip的问题 #3707

New issue
Closed
opened 2026-05-05 14:22:37 -06:00 by gitea-mirror · 1 comment
gitea-mirror commented 2026-05-05 14:22:37 -06:00
Owner
Copy link

Originally created by @1332881954 on GitHub (Mar 4, 2025).
Original GitHub issue: https://github.com/fatedier/frp/issues/4693

Describe the feature request

流量路径:浏览器->云服务器nginx(port 80)->frps (vhostHTTPPort 7080)->frpc->内网nginx

问题描述:公网服务器上nginx监听80端口,nginx反向代理frps的7080端口,frpc上开启proxy_protocol_v2,访问时,内网nginx服务器$proxy_protocol_addr获取到的ip总是为127.0.0.1

配置文件:
公网nginx:

server {
    listen 80;
    listen [::]:80;
    server_name _;
    # root /var/www/;
    # index index.html index.htm index.php;
    port_in_redirect off;
    location / {
        proxy_pass http://127.0.0.1:7080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

frps:

bindAddr = "0.0.0.0"
bindPort = 7070

auth.method = "token"
auth.token = "xxx"

transport.tls.force = true

vhostHTTPPort = 7080
vhostHTTPSPort = 7443

log.to = "/var/log/frp/frps.log"
log.level = "info"
log.maxDays = 7

frpc:

[[proxies]]
name = "test"
type = "http"
localIP = "172.16.64.156"
localPort = 80
transport.useEncryption = true
transport.useCompression = true
customDomains = ["test.xxx.com"]
transport.proxyProtocolVersion = "v2"

内网nginx:

    server {
        listen 80 proxy_protocol;
        server_name _;
        location /{
                add_header X-Proxy-Protocol-IP $proxy_protocol_addr;
               (省略)
        }

Describe alternatives you've considered

个人猜测问题的原因在于真正请求frps的是本机上的nginx(80端口反向代理7080),因此frps认为用户ip为127.0.0.1,修改云服务器nginx的proxy_pass一行(例如[::1],云服务器内网ip 10.78.xx.xx等),发现内网nginx获取到的proxy_protocol的ip也会随之改变。
这种设计其实本身没有问题,但是我想问一下有没有一种方法可以将客户端的ip传递过去,例如在反向代理的时候增加一项配置(或者直接读取X-Real-IP),可以额外将客户端的ip发送给frps,frps使用此地址作为proxy protocol的source ip,而不是实际请求frps的ip。搜索了相关issue,没有找到一个很好的解决方案,thanks!

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @1332881954 on GitHub (Mar 4, 2025). Original GitHub issue: https://github.com/fatedier/frp/issues/4693 ### Describe the feature request 流量路径:浏览器->云服务器nginx(port 80)->frps (vhostHTTPPort 7080)->frpc->内网nginx 问题描述:公网服务器上nginx监听80端口,nginx反向代理frps的7080端口,frpc上开启proxy_protocol_v2,访问时,内网nginx服务器$proxy_protocol_addr获取到的ip总是为127.0.0.1 配置文件: 公网nginx: ``` server { listen 80; listen [::]:80; server_name _; # root /var/www/; # index index.html index.htm index.php; port_in_redirect off; location / { proxy_pass http://127.0.0.1:7080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ``` frps: ``` bindAddr = "0.0.0.0" bindPort = 7070 auth.method = "token" auth.token = "xxx" transport.tls.force = true vhostHTTPPort = 7080 vhostHTTPSPort = 7443 log.to = "/var/log/frp/frps.log" log.level = "info" log.maxDays = 7 ``` frpc: ``` [[proxies]] name = "test" type = "http" localIP = "172.16.64.156" localPort = 80 transport.useEncryption = true transport.useCompression = true customDomains = ["test.xxx.com"] transport.proxyProtocolVersion = "v2" ``` 内网nginx: ``` server { listen 80 proxy_protocol; server_name _; location /{ add_header X-Proxy-Protocol-IP $proxy_protocol_addr; (省略) } ``` ### Describe alternatives you've considered 个人猜测问题的原因在于真正请求frps的是本机上的nginx(80端口反向代理7080),因此frps认为用户ip为127.0.0.1,修改云服务器nginx的proxy_pass一行(例如[::1],云服务器内网ip 10.78.xx.xx等),发现内网nginx获取到的proxy_protocol的ip也会随之改变。 这种设计其实本身没有问题,但是我想问一下有没有一种方法可以将客户端的ip传递过去,例如在反向代理的时候增加一项配置(或者直接读取X-Real-IP),可以额外将客户端的ip发送给frps,frps使用此地址作为proxy protocol的source ip,而不是实际请求frps的ip。搜索了相关issue,没有找到一个很好的解决方案,thanks! ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [x] Security - [x] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others
gitea-mirror commented 2026-05-05 14:22:40 -06:00
Author
Owner
Copy link

@xqzr commented on GitHub (Mar 4, 2025):

使用 X-Forwarded-For
https://gofrp.org/zh-cn/docs/features/common/realip/
Nginx http 模块 proxy_pass 不支持 Proxy Protocol

<!-- gh-comment-id:2697979588 --> @xqzr commented on GitHub (Mar 4, 2025): 使用 `X-Forwarded-For` https://gofrp.org/zh-cn/docs/features/common/realip/ Nginx http 模块 `proxy_pass` 不支持 Proxy Protocol
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3707
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?