github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 16:15:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #5010] using vhosthttps with nginx inside same dockernetwork #3944

New issue
Closed
opened 2026-05-05 14:30:44 -06:00 by gitea-mirror · 1 comment
gitea-mirror commented 2026-05-05 14:30:44 -06:00
Owner
Copy link

Originally created by @Cr34t1ngH0p3 on GitHub (Oct 3, 2025).
Original GitHub issue: https://github.com/fatedier/frp/issues/5010

Hi @shabakett I currently are facing the same issue. I want to enable the server to serve http as well as https services via nginx.

For [https service] <-> [frpc] <-> [frps] <-> [nginx:433] <-> https://my.domain.com it is working with the configuration (/etc/frp/https.ini) below.

But I receive 502 Bad Gateway if I want to serve [http service] <-> [frpc] <-> [frps] <-> [nginx:433] <-> https://my.domain.com with this configuration (/etc/frp/http.ini). Can you share your final configuration?

Option 1 will not work for me as then I'm only able to serve http services on my local client.

/etc/frp/frps.ini:


[common]

bind_addr = 0.0.0.0

bind_port = 7000

proxy_bind_addr = 0.0.0.0

vhost_http_port = 7080

vhost_https_port = 7443

token = <my-token>

/etc/nginx/conf.d/tunnel.conf:


server {

    listen 443 ssl http2;

    listen [::]:443 ssl http2;

    server_name my.domain.com;



    ssl_certificate /etc/letsencrypt/my.domain.com/rsa/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/my.domain.com/rsa/key.pem;

    ssl_certificate /etc/letsencrypt/my.domain.com/ecc/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/my.domain.com/ecc/key.pem;



    ssl_trusted_certificate /etc/letsencrypt/my.domain.com/ecc/ca.pem;



    # Include SSL configuration

    include /etc/nginx/snippets/ssl.conf;



    # Include headers

    include /etc/nginx/snippets/headers.conf;



    # Important: Disable error and access log, so that no IPs get logged

    access_log  off;

    error_log off;



    location / {

        proxy_ssl_server_name on;

        proxy_ssl_name $host;

        proxy_ssl_verify off;

        proxy_pass https://127.0.0.1:7443;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header Host $http_host;

        proxy_set_header cookie $http_cookie;

        proxy_set_header Proxy-Connection "";

        proxy_http_version 1.1;

        }

}

Originally posted by @MelBourbon in #3214

I try to set up a docker network with nginx and frps. Similar to @MelBourbon [https service] <-> [frpc] <-> [frps] <-> [nginx:433] <-> https://my.domain.com to another server is working, but

[https service] <-> [frpc] <-> [frps] <-> [nginx:433] <-> https://local_docker_frps does not. I always get
peer closed connection in SSL handshake while SSL handshaking to upstream, client: 172.30.0.1, server:
even with:

proxy_ssl_server_name on;
proxy_ssl_name $host; 
proxy_ssl_verify off;

I have no ssl_trusted_certificate, is this the problem? I mean, in my nginx config, I dont know to which https service the frpc links.
Does somebody know why it does not work? I read a lot about SNI, but also I cannot bring it to work with that.

Thank you for some hints.
Best

Originally created by @Cr34t1ngH0p3 on GitHub (Oct 3, 2025). Original GitHub issue: https://github.com/fatedier/frp/issues/5010 > Hi @shabakett I currently are facing the same issue. I want to enable the server to serve http as well as https services via nginx. > > > > For `[https service] <-> [frpc] <-> [frps] <-> [nginx:433] <-> https://my.domain.com` it is working with the configuration (`/etc/frp/https.ini`) below. > > > > But I receive `502 Bad Gateway` if I want to serve `[http service] <-> [frpc] <-> [frps] <-> [nginx:433] <-> https://my.domain.com` with this configuration (`/etc/frp/http.ini`). Can you share your final configuration? > > > > Option 1 will not work for me as then I'm only able to serve http services on my local client. > > > > `/etc/frp/frps.ini`: > > ``` > > [common] > > bind_addr = 0.0.0.0 > > bind_port = 7000 > > proxy_bind_addr = 0.0.0.0 > > vhost_http_port = 7080 > > vhost_https_port = 7443 > > token = <my-token> > > ``` > > `/etc/nginx/conf.d/tunnel.conf`: > > ``` > > server { > > listen 443 ssl http2; > > listen [::]:443 ssl http2; > > server_name my.domain.com; > > > > ssl_certificate /etc/letsencrypt/my.domain.com/rsa/fullchain.pem; > > ssl_certificate_key /etc/letsencrypt/my.domain.com/rsa/key.pem; > > ssl_certificate /etc/letsencrypt/my.domain.com/ecc/fullchain.pem; > > ssl_certificate_key /etc/letsencrypt/my.domain.com/ecc/key.pem; > > > > ssl_trusted_certificate /etc/letsencrypt/my.domain.com/ecc/ca.pem; > > > > # Include SSL configuration > > include /etc/nginx/snippets/ssl.conf; > > > > # Include headers > > include /etc/nginx/snippets/headers.conf; > > > > # Important: Disable error and access log, so that no IPs get logged > > access_log off; > > error_log off; > > > > location / { > > proxy_ssl_server_name on; > > proxy_ssl_name $host; > > proxy_ssl_verify off; > > proxy_pass https://127.0.0.1:7443; > > proxy_set_header X-Real-IP $remote_addr; > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header Host $http_host; > > proxy_set_header cookie $http_cookie; > > proxy_set_header Proxy-Connection ""; > > proxy_http_version 1.1; > > } > > } > > ``` _Originally posted by @MelBourbon in [#3214](https://github.com/fatedier/frp/issues/3214#issuecomment-1425549823)_ I try to set up a docker network with nginx and frps. Similar to @MelBourbon `[https service] <-> [frpc] <-> [frps] <-> [nginx:433] <-> https://my.domain.com` to another server is working, but `[https service] <-> [frpc] <-> [frps] <-> [nginx:433] <-> https://local_docker_frps` does not. I always get `peer closed connection in SSL handshake while SSL handshaking to upstream, client: 172.30.0.1, server:` even with: ``` proxy_ssl_server_name on; proxy_ssl_name $host; proxy_ssl_verify off; ``` I have no ssl_trusted_certificate, is this the problem? I mean, in my nginx config, I dont know to which https service the frpc links. Does somebody know why it does not work? I read a lot about SNI, but also I cannot bring it to work with that. Thank you for some hints. Best
gitea-mirror commented 2026-05-05 14:30:47 -06:00
Author
Owner
Copy link

@Cr34t1ngH0p3 commented on GitHub (Oct 5, 2025):

Adding

proxy_ssl_name   ${domainname};
proxy_set_header Host ${domainname};

solved it

<!-- gh-comment-id:3369212451 --> @Cr34t1ngH0p3 commented on GitHub (Oct 5, 2025): Adding ``` proxy_ssl_name ${domainname}; proxy_set_header Host ${domainname}; ``` solved it
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3944
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?