[GH-ISSUE #888] nginx https反向代理到frp https 报 502错误，说说我的解决方法 #700

New issue

Closed

opened 2026-05-05 12:27:04 -06:00 by gitea-mirror · 16 comments

gitea-mirror commented 2026-05-05 12:27:04 -06:00

Owner

Copy link

Originally created by @wangxianfeng on GitHub (Aug 12, 2018).
Original GitHub issue: https://github.com/fatedier/frp/issues/888

首先声明，这不是个问题贴，而是给出了解决方法。看到很多人使用nginx https转发frp https的时候都像我一样，遇到了nginx报502错误的问题，在网上找了一圈，也没有找到解决方式。经过一段时间的摸索，解决了自己的问题，把解决方法分享出来，以求像我一样遇到该问题的人能够快速地解决自己的问题。

What version of frp are you using (./frpc -v or ./frps -v)?
0.20.0

What operating system and processor architecture are you using (go env)?
[root@host frp]# go env
GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/root/go"
GORACE=""
GOROOT="/usr/lib/golang"
GOTOOLDIR="/usr/lib/golang/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build188604123=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"

Configures you used:
frps.ini关键配置

[common]

# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
bind_addr = 0.0.0.0
 bind_port = 7000
……
# if you want to support virtual host, you must set the http port for listening (optional)
 # Note: http port and https port can be same with bind_port
vhost_http_port = 8680
vhost_https_port = 8643

frpc.ini关键配置：

[es]
type=https
custom_domains=es.aiuyo.com
local_ip=192.168.2.99
local_port=9200
use_encryption=true
use_compression=true

[kb]
type=https
custom_domains=kb.aiuyo.com
local_ip=192.168.2.99
local_port=5601
use_encryption=true
use_compression=true

Steps to reproduce the issue:

1. 请求发送给nginx
2. 由nginx转发请求给frp
3. frp处理请求，转发到对应的内网服务商

nginx https关键配置：

server{ 

        listen 443 ssl; 
        ssl on;
        server_name *.aiuyo.com;
        ssl_certificate /root/.acme.sh/aiuyo.com/fullchain.cer;
        ssl_certificate_key  /root/.acme.sh/aiuyo.com/aiuyo.com.key;
        ssl_trusted_certificate /root/.acme.sh/aiuyo.com/ca.cer;

        location / {
                proxy_ssl_server_name on;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $host:$server_port;
                proxy_pass https://$host:8643; #通过域名访问frp服务
        }

        location ~* \.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|woff|woff2|ttf|otf|eot)$ {
                proxy_ssl_server_name on;
                proxy_pass https://$host:8643;
                proxy_redirect https://$host/ https://$http_host/;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-proto https;
                proxy_cache frp_cache;
                proxy_cache_key $uri$is_args$args;
                proxy_cache_valid 200 206 301 302 304 3d;
                expires 30d;
        }
}

Describe the results you received:

对于nginx https代理frp https的理解

我的理解是这样的：
如果使用了自定义域名，frp是根据$host值判断该往哪个内网服务转发请求的，因此转给frp的请求中一定要包含$host，否则frp无法正常处理请求。
因此以下2个配置很重要：

proxy_ssl_server_name on;
proxy_pass https://$host:8643; #通过域名访问frp服务

proxy_pass中不能写成IP的形式。

nginx反向代理frp缓存加速http+https 可以参考我的博文，已经根据最新的理解做了更新。
http://www.wangxianfeng.cn/wordpress/2018/06/10/nginx%e5%8f%8d%e5%90%91%e4%bb%a3%e7%90%86frp%e7%bc%93%e5%ad%98%e5%8a%a0%e9%80%9fhttphttps/

有什么不对的地方，还请各位指正。

Originally created by @wangxianfeng on GitHub (Aug 12, 2018). Original GitHub issue: https://github.com/fatedier/frp/issues/888 首先声明，这不是个问题贴，而是给出了解决方法。看到很多人使用nginx https转发frp https的时候都像我一样，遇到了nginx报502错误的问题，在网上找了一圈，也没有找到解决方式。经过一段时间的摸索，解决了自己的问题，把解决方法分享出来，以求像我一样遇到该问题的人能够快速地解决自己的问题。 **What version of frp are you using (./frpc -v or ./frps -v)?** 0.20.0 **What operating system and processor architecture are you using (`go env`)?** [root@host frp]# go env GOARCH="amd64" GOBIN="" GOEXE="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOOS="linux" GOPATH="/root/go" GORACE="" GOROOT="/usr/lib/golang" GOTOOLDIR="/usr/lib/golang/pkg/tool/linux_amd64" GCCGO="gccgo" CC="gcc" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build188604123=/tmp/go-build -gno-record-gcc-switches" CXX="g++" CGO_ENABLED="1" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" **Configures you used:** frps.ini关键配置 ``` [common] # A literal address or host name for IPv6 must be enclosed # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" bind_addr = 0.0.0.0 bind_port = 7000 …… # if you want to support virtual host, you must set the http port for listening (optional) # Note: http port and https port can be same with bind_port vhost_http_port = 8680 vhost_https_port = 8643 ``` frpc.ini关键配置： ``` [es] type=https custom_domains=es.aiuyo.com local_ip=192.168.2.99 local_port=9200 use_encryption=true use_compression=true [kb] type=https custom_domains=kb.aiuyo.com local_ip=192.168.2.99 local_port=5601 use_encryption=true use_compression=true ``` **Steps to reproduce the issue:** 1. 请求发送给nginx 2. 由nginx转发请求给frp 3. frp处理请求，转发到对应的内网服务商 nginx https关键配置： ``` server{ listen 443 ssl; ssl on; server_name *.aiuyo.com; ssl_certificate /root/.acme.sh/aiuyo.com/fullchain.cer; ssl_certificate_key /root/.acme.sh/aiuyo.com/aiuyo.com.key; ssl_trusted_certificate /root/.acme.sh/aiuyo.com/ca.cer; location / { proxy_ssl_server_name on; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host:$server_port; proxy_pass https://$host:8643; #通过域名访问frp服务 } location ~* \.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|woff|woff2|ttf|otf|eot)$ { proxy_ssl_server_name on; proxy_pass https://$host:8643; proxy_redirect https://$host/ https://$http_host/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-proto https; proxy_cache frp_cache; proxy_cache_key $uri$is_args$args; proxy_cache_valid 200 206 301 302 304 3d; expires 30d; } } ``` **Describe the results you received:** # 对于nginx https代理frp https的理解 我的理解是这样的： 如果使用了自定义域名，frp是根据$host值判断该往哪个内网服务转发请求的，因此转给frp的请求中一定要包含$host，否则frp无法正常处理请求。 因此以下2个配置很重要： ``` proxy_ssl_server_name on; proxy_pass https://$host:8643; #通过域名访问frp服务 ``` proxy_pass中不能写成IP的形式。 nginx反向代理frp缓存加速http+https 可以参考我的博文，已经根据最新的理解做了更新。 http://www.wangxianfeng.cn/wordpress/2018/06/10/nginx%e5%8f%8d%e5%90%91%e4%bb%a3%e7%90%86frp%e7%bc%93%e5%ad%98%e5%8a%a0%e9%80%9fhttphttps/ 有什么不对的地方，还请各位指正。

gitea-mirror closed this issue 2026-05-05 12:27:04 -06:00

gitea-mirror commented 2026-05-05 12:27:07 -06:00

Author

Owner

Copy link

@yflwz commented on GitHub (Apr 15, 2019):

我按上面的配置了，
location / {
proxy_ssl_server_name on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host:$server_port;
proxy_pass https://$host:10053;
}
只是用https://自定义域名访问不了，用https://自定义域名:端口可以

<!-- gh-comment-id:483164256 --> @yflwz commented on GitHub (Apr 15, 2019): 我按上面的配置了， location / { proxy_ssl_server_name on; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host:$server_port; proxy_pass https://$host:10053; } 只是用https://自定义域名访问不了，用https://自定义域名:端口可以

gitea-mirror commented 2026-05-05 12:27:08 -06:00

Author

Owner

Copy link

@wangxianfeng commented on GitHub (Apr 15, 2019):

可以看看nginx及frp的日志排查一下

<!-- gh-comment-id:483167284 --> @wangxianfeng commented on GitHub (Apr 15, 2019): 可以看看nginx及frp的日志排查一下

gitea-mirror commented 2026-05-05 12:27:08 -06:00

Author

Owner

Copy link

@662 commented on GitHub (Feb 4, 2020):

注意： $host是你客户端访问的主机头，也即是*.aiuyo.com

你只是把 https://*.aiuyo.com 代理到了 https://*.aiuyo.com:8643 相当于你任然是访问的 https://*.aiuyo.com:8643，而一旦防火墙不开放 8643 你这个配置就挂了，因为你的反向代理是到公网去找DNS解析IP；

你这个配置并没有达到 网内直达 https://127.0.0.1:8643 ；

如果frps真的是直接拿的 request url 而不是拿的 http header的话，你这个方法倒是可行，只不过需要修改本地 hosts 让 本地解析*.aiuyo.com；

<!-- gh-comment-id:582047965 --> @662 commented on GitHub (Feb 4, 2020): 注意： `$host`是你客户端访问的主机头，也即是`*.aiuyo.com` 你只是把 `https://*.aiuyo.com` 代理到了 `https://*.aiuyo.com:8643` 相当于你任然是访问的 `https://*.aiuyo.com:8643`，而一旦防火墙不开放 `8643` 你这个配置就挂了，因为你的反向代理是到公网去找DNS解析IP； 你这个配置并没有达到 网内直达 `https://127.0.0.1:8643` ； 如果`frps`真的是直接拿的 `request url` 而不是拿的 `http header`的话，你这个方法倒是可行，只不过需要修改本地 `hosts` 让 本地解析`*.aiuyo.com`；

gitea-mirror commented 2026-05-05 12:27:09 -06:00

Author

Owner

Copy link

@662 commented on GitHub (Feb 4, 2020):

我用 0.20(lede只有这个版本) 测试了一下，https反代确实是拿的url，http header里头的主机头直接被无视了，这或许是个bug。 @fatedier

<!-- gh-comment-id:582053108 --> @662 commented on GitHub (Feb 4, 2020): 我用 `0.20`(lede只有这个版本) 测试了一下，https反代确实是拿的url，`http header`里头的主机头直接被无视了，这或许是个bug。 @fatedier

gitea-mirror commented 2026-05-05 12:27:10 -06:00

Author

Owner

Copy link

@cnyasin commented on GitHub (Mar 19, 2020):

首先声明，这不是个问题贴，而是给出了解决方法。看到很多人使用nginx https转发frp https的时候都像我一样，遇到了nginx报502错误的问题，在网上找了一圈，也没有找到解决方式。经过一段时间的摸索，解决了自己的问题，把解决方法分享出来，以求像我一样遇到该问题的人能够快速地解决自己的问题。

What version of frp are you using (./frpc -v or ./frps -v)?
0.20.0

What operating system and processor architecture are you using (go env)?
[root@host frp]# go env
GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/root/go"
GORACE=""
GOROOT="/usr/lib/golang"
GOTOOLDIR="/usr/lib/golang/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build188604123=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"

Configures you used:
frps.ini关键配置

[common]

# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
bind_addr = 0.0.0.0
 bind_port = 7000
……
# if you want to support virtual host, you must set the http port for listening (optional)
 # Note: http port and https port can be same with bind_port
vhost_http_port = 8680
vhost_https_port = 8643

frpc.ini关键配置：

[es]
type=https
custom_domains=es.aiuyo.com
local_ip=192.168.2.99
local_port=9200
use_encryption=true
use_compression=true

[kb]
type=https
custom_domains=kb.aiuyo.com
local_ip=192.168.2.99
local_port=5601
use_encryption=true
use_compression=true

Steps to reproduce the issue:

1. 请求发送给nginx
2. 由nginx转发请求给frp
3. frp处理请求，转发到对应的内网服务商

nginx https关键配置：

server{ 

        listen 443 ssl; 
        ssl on;
        server_name *.aiuyo.com;
        ssl_certificate /root/.acme.sh/aiuyo.com/fullchain.cer;
        ssl_certificate_key  /root/.acme.sh/aiuyo.com/aiuyo.com.key;
        ssl_trusted_certificate /root/.acme.sh/aiuyo.com/ca.cer;

        location / {
                proxy_ssl_server_name on;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $host:$server_port;
                proxy_pass https://$host:8643; #通过域名访问frp服务
        }

        location ~* \.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|woff|woff2|ttf|otf|eot)$ {
                proxy_ssl_server_name on;
                proxy_pass https://$host:8643;
                proxy_redirect https://$host/ https://$http_host/;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-proto https;
                proxy_cache frp_cache;
                proxy_cache_key $uri$is_args$args;
                proxy_cache_valid 200 206 301 302 304 3d;
                expires 30d;
        }
}

Describe the results you received:

对于nginx https代理frp https的理解

我的理解是这样的：
如果使用了自定义域名，frp是根据$host值判断该往哪个内网服务转发请求的，因此转给frp的请求中一定要包含$host，否则frp无法正常处理请求。
因此以下2个配置很重要：

proxy_ssl_server_name on;
proxy_pass https://$host:8643; #通过域名访问frp服务

proxy_pass中不能写成IP的形式。

nginx反向代理frp缓存加速http+https 可以参考我的博文，已经根据最新的理解做了更新。
http://www.wangxianfeng.cn/wordpress/2018/06/10/nginx%e5%8f%8d%e5%90%91%e4%bb%a3%e7%90%86frp%e7%bc%93%e5%ad%98%e5%8a%a0%e9%80%9fhttphttps/

有什么不对的地方，还请各位指正。

成功！感谢楼主！特来回复！

<!-- gh-comment-id:600986533 --> @cnyasin commented on GitHub (Mar 19, 2020): > 首先声明，这不是个问题贴，而是给出了解决方法。看到很多人使用nginx https转发frp https的时候都像我一样，遇到了nginx报502错误的问题，在网上找了一圈，也没有找到解决方式。经过一段时间的摸索，解决了自己的问题，把解决方法分享出来，以求像我一样遇到该问题的人能够快速地解决自己的问题。 > > **What version of frp are you using (./frpc -v or ./frps -v)?** > 0.20.0 > > **What operating system and processor architecture are you using (`go env`)?** > [root@host frp]# go env > GOARCH="amd64" > GOBIN="" > GOEXE="" > GOHOSTARCH="amd64" > GOHOSTOS="linux" > GOOS="linux" > GOPATH="/root/go" > GORACE="" > GOROOT="/usr/lib/golang" > GOTOOLDIR="/usr/lib/golang/pkg/tool/linux_amd64" > GCCGO="gccgo" > CC="gcc" > GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build188604123=/tmp/go-build -gno-record-gcc-switches" > CXX="g++" > CGO_ENABLED="1" > CGO_CFLAGS="-g -O2" > CGO_CPPFLAGS="" > CGO_CXXFLAGS="-g -O2" > CGO_FFLAGS="-g -O2" > CGO_LDFLAGS="-g -O2" > PKG_CONFIG="pkg-config" > > **Configures you used:** > frps.ini关键配置 > > ``` > [common] > > # A literal address or host name for IPv6 must be enclosed > # in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80" > bind_addr = 0.0.0.0 > bind_port = 7000 > …… > # if you want to support virtual host, you must set the http port for listening (optional) > # Note: http port and https port can be same with bind_port > vhost_http_port = 8680 > vhost_https_port = 8643 > ``` > > frpc.ini关键配置： > > ``` > [es] > type=https > custom_domains=es.aiuyo.com > local_ip=192.168.2.99 > local_port=9200 > use_encryption=true > use_compression=true > > [kb] > type=https > custom_domains=kb.aiuyo.com > local_ip=192.168.2.99 > local_port=5601 > use_encryption=true > use_compression=true > ``` > > **Steps to reproduce the issue:** > > 1. 请求发送给nginx > 2. 由nginx转发请求给frp > 3. frp处理请求，转发到对应的内网服务商 > > nginx https关键配置： > > ``` > server{ > > listen 443 ssl; > ssl on; > server_name *.aiuyo.com; > ssl_certificate /root/.acme.sh/aiuyo.com/fullchain.cer; > ssl_certificate_key /root/.acme.sh/aiuyo.com/aiuyo.com.key; > ssl_trusted_certificate /root/.acme.sh/aiuyo.com/ca.cer; > > location / { > proxy_ssl_server_name on; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto $scheme; > proxy_set_header Host $host:$server_port; > proxy_pass https://$host:8643; #通过域名访问frp服务 > } > > location ~* \.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|woff|woff2|ttf|otf|eot)$ { > proxy_ssl_server_name on; > proxy_pass https://$host:8643; > proxy_redirect https://$host/ https://$http_host/; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Host $host; > proxy_set_header X-Forwarded-proto https; > proxy_cache frp_cache; > proxy_cache_key $uri$is_args$args; > proxy_cache_valid 200 206 301 302 304 3d; > expires 30d; > } > } > ``` > > **Describe the results you received:** > > # 对于nginx https代理frp https的理解 > 我的理解是这样的： > 如果使用了自定义域名，frp是根据$host值判断该往哪个内网服务转发请求的，因此转给frp的请求中一定要包含$host，否则frp无法正常处理请求。 > 因此以下2个配置很重要： > > ``` > proxy_ssl_server_name on; > proxy_pass https://$host:8643; #通过域名访问frp服务 > ``` > > proxy_pass中不能写成IP的形式。 > > nginx反向代理frp缓存加速http+https 可以参考我的博文，已经根据最新的理解做了更新。 > http://www.wangxianfeng.cn/wordpress/2018/06/10/nginx%e5%8f%8d%e5%90%91%e4%bb%a3%e7%90%86frp%e7%bc%93%e5%ad%98%e5%8a%a0%e9%80%9fhttphttps/ > > 有什么不对的地方，还请各位指正。 成功！感谢楼主！特来回复！

gitea-mirror commented 2026-05-05 12:27:10 -06:00

Author

Owner

Copy link

@Eminlin commented on GitHub (Jun 23, 2020):

搜了整个互联网 ， 只有你这个解决了问题 ，感谢分享:)

<!-- gh-comment-id:648284110 --> @Eminlin commented on GitHub (Jun 23, 2020): 搜了整个互联网 ， 只有你这个解决了问题 ，感谢分享:)

gitea-mirror commented 2026-05-05 12:27:10 -06:00

Author

Owner

Copy link

@wangxianfeng commented on GitHub (Jun 24, 2020):

搜了整个互联网 ， 只有你这个解决了问题 ，感谢分享:)

很欣慰我的分享帮助了一些人

<!-- gh-comment-id:648530963 --> @wangxianfeng commented on GitHub (Jun 24, 2020): > > > 搜了整个互联网 ， 只有你这个解决了问题 ，感谢分享:) 很欣慰我的分享帮助了一些人

gitea-mirror commented 2026-05-05 12:27:11 -06:00

Author

Owner

Copy link

@ggboypro commented on GitHub (Jun 23, 2021):

用了楼主的方法也不行，加上了 resolver 8.8.8.8; 就通了

 location / {
                resolver 8.8.8.8;
                proxy_ssl_server_name on;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $host:$server_port;
                proxy_pass https://$host:7443; #通过域名访问frp服务
        }

<!-- gh-comment-id:866614628 --> @ggboypro commented on GitHub (Jun 23, 2021): 用了楼主的方法也不行，加上了 resolver 8.8.8.8; 就通了 ```nginx location / { resolver 8.8.8.8; proxy_ssl_server_name on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host:$server_port; proxy_pass https://$host:7443; #通过域名访问frp服务 } ```

gitea-mirror commented 2026-05-05 12:27:11 -06:00

Author

Owner

Copy link

@569258yin commented on GitHub (Oct 17, 2021):

注意： $host是你客户端访问的主机头，也即是*.aiuyo.com

你只是把 https://*.aiuyo.com 代理到了 https://*.aiuyo.com:8643 相当于你任然是访问的 https://*.aiuyo.com:8643，而一旦防火墙不开放 8643 你这个配置就挂了，因为你的反向代理是到公网去找DNS解析IP；

你这个配置并没有达到 网内直达 https://127.0.0.1:8643 ；

如果frps真的是直接拿的 request url 而不是拿的 http header的话，你这个方法倒是可行，只不过需要修改本地 hosts 让 本地解析*.aiuyo.com；

说的太对了，【而一旦防火墙不开放 8643 你这个配置就挂了，因为你的反向代理是到公网去找DNS解析IP】
这个确实无法解析host 导致无法查询，需要在防火墙开启端口才可以

<!-- gh-comment-id:945082729 --> @569258yin commented on GitHub (Oct 17, 2021): > 注意： `$host`是你客户端访问的主机头，也即是`*.aiuyo.com` > > 你只是把 `https://*.aiuyo.com` 代理到了 `https://*.aiuyo.com:8643` 相当于你任然是访问的 `https://*.aiuyo.com:8643`，而一旦防火墙不开放 `8643` 你这个配置就挂了，因为你的反向代理是到公网去找DNS解析IP； > > 你这个配置并没有达到 网内直达 `https://127.0.0.1:8643` ； > > 如果`frps`真的是直接拿的 `request url` 而不是拿的 `http header`的话，你这个方法倒是可行，只不过需要修改本地 `hosts` 让 本地解析`*.aiuyo.com`； 说的太对了，【而一旦防火墙不开放 `8643` 你这个配置就挂了，因为你的反向代理是到公网去找DNS解析IP】 这个确实无法解析host 导致无法查询，需要在防火墙开启端口才可以

gitea-mirror commented 2026-05-05 12:27:12 -06:00

Author

Owner

Copy link

@lysssssss commented on GitHub (Jan 21, 2022):

感谢方法，同时也遇到了另一个坑，如果要代理爱快https的话，记得加上proxy_http_version 1.1; 否则静态资源会404

<!-- gh-comment-id:1018293177 --> @lysssssss commented on GitHub (Jan 21, 2022): 感谢方法，同时也遇到了另一个坑，如果要代理爱快https的话，记得加上proxy_http_version 1.1; 否则静态资源会404

gitea-mirror commented 2026-05-05 12:27:12 -06:00

Author

Owner

Copy link

@baiyz0825 commented on GitHub (Jan 6, 2023):

用了楼主的方法也不行，加上了 resolver 8.8.8.8; 就通了

 location / {
                resolver 8.8.8.8;
                proxy_ssl_server_name on;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $host:$server_port;
                proxy_pass https://$host:7443; #通过域名访问frp服务
        }

查看日志确实是解析不到域名的问题，加上解析就可以

但是配置了缓存的话，不知道为什么静态文件访问不到了

server部分
        location ~* \.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|woff|woff2|ttf|otf|eot)$ {
                proxy_ssl_server_name on;
                proxy_pass https://$host:8643;
                proxy_redirect https://$host/ https://$http_host/;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-proto https;
                proxy_cache frp_cache;
                proxy_cache_key $uri$is_args$args;
                proxy_cache_valid 200 206 301 302 304 3d;
                expires 30d;
        }
http部分
       proxy_cache_path /usr/local/nginx/cache keys_zone=STATIC:100m inactive=24h  max_size=1g;

<!-- gh-comment-id:1373128526 --> @baiyz0825 commented on GitHub (Jan 6, 2023): > 用了楼主的方法也不行，加上了 resolver 8.8.8.8; 就通了 > > ```nginx > location / { > resolver 8.8.8.8; > proxy_ssl_server_name on; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto $scheme; > proxy_set_header Host $host:$server_port; > proxy_pass https://$host:7443; #通过域名访问frp服务 > } > ``` 查看日志确实是解析不到域名的问题，加上解析就可以  但是配置了缓存的话，不知道为什么静态文件访问不到了 ```conf server部分 location ~* \.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|woff|woff2|ttf|otf|eot)$ { proxy_ssl_server_name on; proxy_pass https://$host:8643; proxy_redirect https://$host/ https://$http_host/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-proto https; proxy_cache frp_cache; proxy_cache_key $uri$is_args$args; proxy_cache_valid 200 206 301 302 304 3d; expires 30d; } http部分 proxy_cache_path /usr/local/nginx/cache keys_zone=STATIC:100m inactive=24h max_size=1g; ```

gitea-mirror commented 2026-05-05 12:27:12 -06:00

Author

Owner

Copy link

@baiyz0825 commented on GitHub (Jan 6, 2023):

用了楼主的方法也不行，加上了 resolver 8.8.8.8; 就通了

 location / {
                resolver 8.8.8.8;
                proxy_ssl_server_name on;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $host:$server_port;
                proxy_pass https://$host:7443; #通过域名访问frp服务
        }

查看日志确实是解析不到域名的问题，加上解析就可以

但是配置了缓存的话，不知道为什么静态文件访问不到了

server部分
        location ~* \.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|woff|woff2|ttf|otf|eot)$ {
                proxy_ssl_server_name on;
                proxy_pass https://$host:8643;
                proxy_redirect https://$host/ https://$http_host/;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-proto https;
                proxy_cache frp_cache;
                proxy_cache_key $uri$is_args$args;
                proxy_cache_valid 200 206 301 302 304 3d;
                expires 30d;
        }
http部分
       proxy_cache_path /usr/local/nginx/cache keys_zone=STATIC:100m inactive=24h  max_size=1g;

检查之后还是需要添加一个resolver来进行解析，就跟https://github.com/fatedier/frp/issues/888#issuecomment-945082729这条描述一样，楼主在博客中添加了相应的解析，issues上面没有粘贴全，然后我出现的缓存无法命中或者无法生成原因是因为

nginx doc

仅当源服务器包含具有未来日期和时间的标头或将max-age指令设置为非零值的Cache-Control标头时，NGINX才会缓存响应。Expires
默认情况下，NGINX 遵循 Cache-Control 标头中的其他指令：当标头包含 、No-Cache 或 No-Store 指令时，它不会缓存响应。它也不会使用 Set-Cookie 标头缓存响应。此外，它仅缓存对响应和请求的响应。您可以覆盖这些默认值，如以下答案中所述。

所以如果需要强制开启缓存需要增加

proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
### 强制缓存后端文件，忽略后端服务器的相关头信息，确保Cookie有效负载不包括在缓存的有效负载中。这对于避免通过NGINX缓存泄漏cookie非常重要。
proxy_hide_header Cache-Control;
proxy_hide_header Set-Cookie;

之后可以设置请求头 add_header Nginx-Cache “$upstream_cache_status”;检查是否命中缓存
完整配置如下：

server部分
server {
    listen       80;
    listen       [::]80; # ipv6
    server_name *.xxxx.same.top;
    location ~*\.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|flv|html|htm)$ {
        #resolver 8.8.8.8;
        proxy_pass http://$host:8088;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-proto https;
        proxy_cache STATIC_SITE;
        proxy_cache_key $uri$is_args$args;
        proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
        proxy_redirect http://$host/ http://$http_host/;
        proxy_cache_valid 200 302 1h; #[不同http状态缓存时间不同]
        proxy_cache_valid 301 1d;
        proxy_cache_valid any 1m;
        ### 强制缓存后端文件，忽略后端服务器的相关头信息
        proxy_hide_header Cache-Control;
        proxy_hide_header Set-Cookie;
        ###
        expires 10h;  #[告诉浏览器缓存有效期-- 10h可以直接访问浏览器缓存i]
        add_header Nginx-Cache “$upstream_cache_status”;
        }
        location / {
            proxy_pass http://$host:8088;
            proxy_redirect http://$host/ http://$http_host/;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
    }
}


server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name *.xxxx.same.top;
    ssl_certificate /ssl/bighouse/cert.pem;
    ssl_certificate_key /ssl/bighouse/cert.key;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1  TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 10m;
    ssl_session_cache builtin:1000 shared:SSL:1m;
    add_header Strict-Transport-Security max-age=15768000;
    location ~*\.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|flv|html|htm)$ {
        proxy_ssl_server_name on;
        proxy_pass https://$host:4433;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-proto https;
        proxy_cache STATIC_SITE;
        proxy_cache_key $uri$is_args$args;
        proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
        proxy_redirect https://$host/ https://$http_host/;
        proxy_cache_valid 200 302 1h; #[不同http状态缓存时间不同]
        proxy_cache_valid 301 1d;
        proxy_cache_valid any 1m;
        ### 强制缓存后端文件，忽略后端服务器的相关头信息
        proxy_hide_header Cache-Control;
        proxy_hide_header Set-Cookie;
        ###
        expires 10h;  #[告诉浏览器缓存有效期-- 10h可以直接访问浏览器缓存i]
        add_header Nginx-Cache “$upstream_cache_status”;
        }

    location / {
        proxy_set_header Host  $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_ssl_server_name on;
        proxy_pass https://$host:4433; #通过域名访问frp服务
    }
}


http部分：

proxy_cache_path /usr/local/nginx/cache levels=1:2  keys_zone=STATIC_SITE:100m inactive=24h  max_size=1g;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

其余优化：源自segment

sendfile on;
tcp_nodelay on;
tcp_nopush on;
# 限制连接数
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
#gzip压缩
gzip  on;           
gzip_min_length 1k; 
gzip_buffers 4 16k;   
gzip_comp_level 2;  #压缩级别:1-10   越大越好时间长
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; 
gzip_vary off;
gzip_disable "MSIE [1-6]\.";  #IE1-6版本不支持gzip压缩   

爱快代理开启页面缓存产生的404问题
原因未知：这里新增加一个server模块可以解决

#爱快关闭缓存
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name aikuai.xxx.xxx.top;
    ssl_certificate /ssl/bighouse/cert.pem;
    ssl_certificate_key /ssl/bighouse/cert.key;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1  TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 10m;
    ssl_session_cache builtin:1000 shared:SSL:1m;
    add_header Strict-Transport-Security max-age=15768000;
    location / {
        proxy_set_header Host  $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_ssl_server_name on;
        proxy_pass https://$host:4433; #通过域名访问frp服务
    }
}

<!-- gh-comment-id:1373979663 --> @baiyz0825 commented on GitHub (Jan 6, 2023): > > 用了楼主的方法也不行，加上了 resolver 8.8.8.8; 就通了 > > ```nginx > > location / { > > resolver 8.8.8.8; > > proxy_ssl_server_name on; > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header X-Forwarded-Proto $scheme; > > proxy_set_header Host $host:$server_port; > > proxy_pass https://$host:7443; #通过域名访问frp服务 > > } > > ``` > > 查看日志确实是解析不到域名的问题，加上解析就可以  > > 但是配置了缓存的话，不知道为什么静态文件访问不到了 > > ``` > server部分 > location ~* \.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|woff|woff2|ttf|otf|eot)$ { > proxy_ssl_server_name on; > proxy_pass https://$host:8643; > proxy_redirect https://$host/ https://$http_host/; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Host $host; > proxy_set_header X-Forwarded-proto https; > proxy_cache frp_cache; > proxy_cache_key $uri$is_args$args; > proxy_cache_valid 200 206 301 302 304 3d; > expires 30d; > } > http部分 > proxy_cache_path /usr/local/nginx/cache keys_zone=STATIC:100m inactive=24h max_size=1g; > ``` 检查之后还是需要添加一个resolver来进行解析，就跟https://github.com/fatedier/frp/issues/888#issuecomment-945082729这条描述一样，楼主在博客中添加了相应的解析，issues上面没有粘贴全，然后我出现的缓存无法命中或者无法生成原因是因为 > [nginx doc](https://www.nginx.com/blog/nginx-caching-guide/) ```txt 仅当源服务器包含具有未来日期和时间的标头或将max-age指令设置为非零值的Cache-Control标头时，NGINX才会缓存响应。Expires 默认情况下，NGINX 遵循 Cache-Control 标头中的其他指令：当标头包含 、No-Cache 或 No-Store 指令时，它不会缓存响应。它也不会使用 Set-Cookie 标头缓存响应。此外，它仅缓存对响应和请求的响应。您可以覆盖这些默认值，如以下答案中所述。 ``` 所以如果需要强制开启缓存需要增加 ```conf proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; ### 强制缓存后端文件，忽略后端服务器的相关头信息，确保Cookie有效负载不包括在缓存的有效负载中。这对于避免通过NGINX缓存泄漏cookie非常重要。 proxy_hide_header Cache-Control; proxy_hide_header Set-Cookie; ``` 之后可以设置请求头` add_header Nginx-Cache “$upstream_cache_status”;`检查是否命中缓存 完整配置如下： ```conf server部分 server { listen 80; listen [::]80; # ipv6 server_name *.xxxx.same.top; location ~*\.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|flv|html|htm)$ { #resolver 8.8.8.8; proxy_pass http://$host:8088; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-proto https; proxy_cache STATIC_SITE; proxy_cache_key $uri$is_args$args; proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; proxy_redirect http://$host/ http://$http_host/; proxy_cache_valid 200 302 1h; #[不同http状态缓存时间不同] proxy_cache_valid 301 1d; proxy_cache_valid any 1m; ### 强制缓存后端文件，忽略后端服务器的相关头信息 proxy_hide_header Cache-Control; proxy_hide_header Set-Cookie; ### expires 10h; #[告诉浏览器缓存有效期-- 10h可以直接访问浏览器缓存i] add_header Nginx-Cache “$upstream_cache_status”; } location / { proxy_pass http://$host:8088; proxy_redirect http://$host/ http://$http_host/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name *.xxxx.same.top; ssl_certificate /ssl/bighouse/cert.pem; ssl_certificate_key /ssl/bighouse/cert.key; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_timeout 10m; ssl_session_cache builtin:1000 shared:SSL:1m; add_header Strict-Transport-Security max-age=15768000; location ~*\.(jpg|jpeg|gif|png|svg|css|scss|js|ico|xml|flv|html|htm)$ { proxy_ssl_server_name on; proxy_pass https://$host:4433; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-proto https; proxy_cache STATIC_SITE; proxy_cache_key $uri$is_args$args; proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; proxy_redirect https://$host/ https://$http_host/; proxy_cache_valid 200 302 1h; #[不同http状态缓存时间不同] proxy_cache_valid 301 1d; proxy_cache_valid any 1m; ### 强制缓存后端文件，忽略后端服务器的相关头信息 proxy_hide_header Cache-Control; proxy_hide_header Set-Cookie; ### expires 10h; #[告诉浏览器缓存有效期-- 10h可以直接访问浏览器缓存i] add_header Nginx-Cache “$upstream_cache_status”; } location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_ssl_server_name on; proxy_pass https://$host:4433; #通过域名访问frp服务 } } http部分： proxy_cache_path /usr/local/nginx/cache levels=1:2 keys_zone=STATIC_SITE:100m inactive=24h max_size=1g; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; ``` 其余优化：源自[segment](https://segmentfault.com/a/1190000040157653?utm_source=sf-similar-article) ```conf sendfile on; tcp_nodelay on; tcp_nopush on; # 限制连接数 limit_conn_zone $binary_remote_addr zone=perip:10m; limit_conn_zone $server_name zone=perserver:10m; #gzip压缩 gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_comp_level 2; #压缩级别:1-10 越大越好时间长 gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; gzip_vary off; gzip_disable "MSIE [1-6]\."; #IE1-6版本不支持gzip压缩 ``` **爱快代理开启页面缓存产生的404问题** 原因未知：这里新增加一个server模块可以解决 ```conf #爱快关闭缓存 server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name aikuai.xxx.xxx.top; ssl_certificate /ssl/bighouse/cert.pem; ssl_certificate_key /ssl/bighouse/cert.key; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_timeout 10m; ssl_session_cache builtin:1000 shared:SSL:1m; add_header Strict-Transport-Security max-age=15768000; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_ssl_server_name on; proxy_pass https://$host:4433; #通过域名访问frp服务 } } ```

gitea-mirror commented 2026-05-05 12:27:13 -06:00

Author

Owner

Copy link

@GodFox commented on GitHub (Dec 31, 2023):

我也通过这个方法搞定了，感谢！

<!-- gh-comment-id:1872859930 --> @GodFox commented on GitHub (Dec 31, 2023): 我也通过这个方法搞定了，感谢！

gitea-mirror commented 2026-05-05 12:27:13 -06:00

Author

Owner

Copy link

@kbitlive commented on GitHub (Feb 7, 2024):

感谢 此方法有效

<!-- gh-comment-id:1932457740 --> @kbitlive commented on GitHub (Feb 7, 2024): 感谢 此方法有效

gitea-mirror commented 2026-05-05 12:27:14 -06:00

Author

Owner

Copy link

@JackShi1991 commented on GitHub (Jun 28, 2024):

感谢方法，同时也遇到了另一个坑，如果要代理爱https的话，记得加上proxy_http_version 1.1;否则静态资源会404

感谢，确实有效。

<!-- gh-comment-id:2196090382 --> @JackShi1991 commented on GitHub (Jun 28, 2024): > 感谢方法，同时也遇到了另一个坑，如果要代理爱https的话，记得加上proxy_http_version 1.1;否则静态资源会404 感谢，确实有效。

gitea-mirror commented 2026-05-05 12:27:14 -06:00

Author

Owner

Copy link

@JackShi1991 commented on GitHub (Jun 28, 2024):

我没有域名，只有公网IP，相同配置下其他都正常，只有爱快和青龙面板502，测试加上了proxy_http_version 1.1 后爱快倒是能打开，但是页面卡点了半天没反应。不太懂这些搜了几个网上的教程又加了两行代码，可以了，分享下：

##proxy_pass 要对应http或https

server {
    listen 14431 ssl;
    server_name localhost;
    ssl_certificate /etc/nginx/ssl/zerossl_ip.crt;
    ssl_certificate_key /etc/nginx/ssl/zerossl_ip.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';

    location / {
        proxy_http_version 1.1;      #加1
        proxy_set_header Upgrade $http_upgrade;  #加2
        proxy_set_header Connection "upgrade";    #加3
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        proxy_pass http://localhost:1431;
        proxy_ssl_verify off;  # 关闭 SSL 验证，如果需要的话
    }
}

<!-- gh-comment-id:2196119349 --> @JackShi1991 commented on GitHub (Jun 28, 2024): 我没有域名，只有公网IP，相同配置下其他都正常，只有爱快和青龙面板502，测试加上了proxy_http_version 1.1 后爱快倒是能打开，但是页面卡点了半天没反应。不太懂这些搜了几个网上的教程又加了两行代码，可以了，分享下： ##proxy_pass 要对应http或https ``` server { listen 14431 ssl; server_name localhost; ssl_certificate /etc/nginx/ssl/zerossl_ip.crt; ssl_certificate_key /etc/nginx/ssl/zerossl_ip.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; location / { proxy_http_version 1.1; #加1 proxy_set_header Upgrade $http_upgrade; #加2 proxy_set_header Connection "upgrade"; #加3 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://localhost:1431; proxy_ssl_verify off; # 关闭 SSL 验证，如果需要的话 } } ```

gitea-mirror referenced this issue 2026-05-05 14:38:15 -06:00

[PR #718] [MERGED] more cmds #4238

gitea-mirror referenced this issue 2026-05-05 14:38:19 -06:00

[PR #720] [MERGED] bump version to v0.17.0 #4239

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#700

No description provided.