github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 16:15:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #4806] No effect on remote port number in ssh command #3794

New issue
Closed
opened 2026-05-05 14:25:45 -06:00 by gitea-mirror · 3 comments
gitea-mirror commented 2026-05-05 14:25:45 -06:00
Owner
Copy link

Originally created by @itsKV on GitHub (May 21, 2025).
Original GitHub issue: https://github.com/fatedier/frp/issues/4806

Bug Description

If I use following command to forward local service to server, port gets forwarded successfully.

ssh -R :9999:127.0.0.1:80 sub.domain.tld -p 220 http -n "test-http" --sd test1 -t 12345

But the remote port mentioned here 9999 seems just a placeholder as vhostHTTPPort is coded in frps's config file itself and server serves the local hosted site on that vhostHTTPPort port only and not on 9999. Further, any number can be used at this place and server still accepts the ssh command and starts serving on port vhostHTTPPort .

Is this correct behavior of the frps or there should be error output to ssh client if this number differs from vhostHTTPPort port ?

frpc Version

windows 11 native ssh

frps Version

0.62.1

System Architecture

linux/arm64

Configurations

bindAddr = "0.0.0.0"
bindPort = 1234
kcpBindPort = 1234

webServer.addr = "127.0.0.1"
webServer.port = 7500
webServer.user = "adm"
webServer.password = "adm"

vhostHTTPPort = 8880

auth.method = "token"
auth.token = "12345"

subDomainHost = "sub.domain.tld"

allowPorts = [ { start = 10000, end = 50000 } ]

sshTunnelGateway.bindPort = 220

Logs

No response

Steps to reproduce

No response

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @itsKV on GitHub (May 21, 2025). Original GitHub issue: https://github.com/fatedier/frp/issues/4806 ### Bug Description If I use following command to forward local service to server, port gets forwarded successfully. `ssh -R :9999:127.0.0.1:80 sub.domain.tld -p 220 http -n "test-http" --sd test1 -t 12345` But the remote port mentioned here 9999 seems just a placeholder as vhostHTTPPort is coded in frps's config file itself and server serves the local hosted site on that vhostHTTPPort port only and not on 9999. Further, any number can be used at this place and server still accepts the ssh command and starts serving on port vhostHTTPPort . Is this correct behavior of the frps or there should be error output to ssh client if this number differs from vhostHTTPPort port ? ### frpc Version windows 11 native ssh ### frps Version 0.62.1 ### System Architecture linux/arm64 ### Configurations bindAddr = "0.0.0.0" bindPort = 1234 kcpBindPort = 1234 webServer.addr = "127.0.0.1" webServer.port = 7500 webServer.user = "adm" webServer.password = "adm" vhostHTTPPort = 8880 auth.method = "token" auth.token = "12345" subDomainHost = "sub.domain.tld" allowPorts = [ { start = 10000, end = 50000 } ] sshTunnelGateway.bindPort = 220 ### Logs _No response_ ### Steps to reproduce _No response_ ### Affected area - [ ] Docs - [ ] Installation - [x] Performance and Scalability - [ ] Security - [x] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others
gitea-mirror 2026-05-05 14:25:45 -06:00
gitea-mirror commented 2026-05-05 14:25:47 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (May 22, 2025):

Hi @itsKV,

The behavior you're observing is generally expected within frp's design for handling HTTP/HTTPS virtual hosts (vhosts). Here's a breakdown:

vhostHTTPPort for HTTP Proxies: When vhostHTTPPort is set in frps.toml (e.g., to 8880), frps is designed to route all HTTP requests for proxies that use subdomains (like your --sd test1) or custom domains through this single port. It then uses the HTTP Host header to direct traffic to the correct backend. This allows multiple web services to share a common entry port.

The SSH command itself is valid for tunnel creation. frps then applies its own routing rules for the proxy type. It doesn't currently treat this difference as an error because it prioritizes the vhost mechanism for these proxy types.

In summary:

For your setup, accessing the service via http://test1.sub.domain.tld:8880 is the correct and intended way.
The port 9999 in the ssh -R command is effectively ignored for determining the public listening port for this specific HTTP vhost proxy.

Hope this explanation helps!

<!-- gh-comment-id:2899817766 --> @fatedier commented on GitHub (May 22, 2025): Hi @itsKV, The behavior you're observing is generally expected within frp's design for handling HTTP/HTTPS virtual hosts (vhosts). Here's a breakdown: vhostHTTPPort for HTTP Proxies: When vhostHTTPPort is set in frps.toml (e.g., to 8880), frps is designed to route all HTTP requests for proxies that use subdomains (like your --sd test1) or custom domains through this single port. It then uses the HTTP Host header to direct traffic to the correct backend. This allows multiple web services to share a common entry port. The SSH command itself is valid for tunnel creation. frps then applies its own routing rules for the proxy type. It doesn't currently treat this difference as an error because it prioritizes the vhost mechanism for these proxy types. In summary: For your setup, accessing the service via http://test1.sub.domain.tld:8880 is the correct and intended way. The port 9999 in the ssh -R command is effectively ignored for determining the public listening port for this specific HTTP vhost proxy. Hope this explanation helps!
gitea-mirror commented 2026-05-05 14:25:48 -06:00
Author
Owner
Copy link

@itsKV commented on GitHub (May 22, 2025):

That's clear.

  • Omitting port number from the command, ssh itself throws the error as the remote port is required for -R switch to work.

  • frps will however work only with the port configured at vhostHTTPPort

We can issue the error (from server side) at the commands output itself terminating the session immediately if port number differs from vhostHTTPPort config. frps's ssh-tcp mode currently issues such error if user inputs out of the limit port than mentioned in allowPorts config.

<!-- gh-comment-id:2900164052 --> @itsKV commented on GitHub (May 22, 2025): That's clear. - Omitting port number from the command, ssh itself throws the error as the remote port is required for -R switch to work. - frps will however work only with the port configured at `vhostHTTPPort` We can issue the error (from server side) at the commands output itself terminating the session immediately if port number differs from `vhostHTTPPort` config. frps's ssh-tcp mode currently issues such error if user inputs out of the limit port than mentioned in `allowPorts` config.
gitea-mirror commented 2026-05-05 14:25:49 -06:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Jun 6, 2025):

Issues go stale after 14d of inactivity. Stale issues rot after an additional 3d of inactivity and eventually close.

<!-- gh-comment-id:2947335285 --> @github-actions[bot] commented on GitHub (Jun 6, 2025): Issues go stale after 14d of inactivity. Stale issues rot after an additional 3d of inactivity and eventually close.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3794
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?