github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #1164] get real user's ip in https environment by using proxy protocol #910

New issue
Closed
opened 2026-05-05 12:34:44 -06:00 by gitea-mirror · 7 comments
gitea-mirror commented 2026-05-05 12:34:44 -06:00
Owner
Copy link

Originally created by @dreamren on GitHub (Mar 27, 2019).
Original GitHub issue: https://github.com/fatedier/frp/issues/1164

Because I only have an HTTPS service in an Intranet environment, I want to get the user's real IP when the FRP-side inexistence webserver. FRP can support that by proxy protocol. Nginx has long provided proxy protocol support. Note that in this case the Intranet webserver does not provide the standard HTTPS service, but the FRP server can provide the standard HTTPS service.

Thanks.

Originally created by @dreamren on GitHub (Mar 27, 2019). Original GitHub issue: https://github.com/fatedier/frp/issues/1164 Because I only have an HTTPS service in an Intranet environment, I want to get the user's real IP when the FRP-side inexistence webserver. FRP can support that by proxy protocol. Nginx has long provided proxy protocol support. Note that in this case the Intranet webserver does not provide the standard HTTPS service, but the FRP server can provide the standard HTTPS service. Thanks.
gitea-mirror 2026-05-05 12:34:44 -06:00
  • closed this issue
  • added the
    todo
         label
gitea-mirror commented 2026-05-05 12:34:47 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Mar 27, 2019):

Your https service in the Intranet support proxy protocol ?

I think it's not widely used, but it's ok to support it with a low priority.

<!-- gh-comment-id:477000408 --> @fatedier commented on GitHub (Mar 27, 2019): Your https service in the Intranet support proxy protocol ? I think it's not widely used, but it's ok to support it with a low priority.
gitea-mirror commented 2026-05-05 12:34:47 -06:00
Author
Owner
Copy link

@dreamren commented on GitHub (Mar 27, 2019):

Your https service in the Intranet support proxy protocol ?

I think it's not widely used, but it's ok to support it with a low priority.

Yes. I use these config in my Intranet nginx server:
http{
server{
listen unix:/dev/shm/localweb.sock ssl http2 proxy_protocol;
port_in_redirect off;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
real_ip_recursive on;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Fowarded-For $proxy_protocol_addr;
#...
}
}

It's really not widely used, thanks for the support plan!

<!-- gh-comment-id:477005599 --> @dreamren commented on GitHub (Mar 27, 2019): > Your https service in the Intranet support proxy protocol ? > > I think it's not widely used, but it's ok to support it with a low priority. Yes. I use these config in my Intranet nginx server: http{ server{ listen unix:/dev/shm/localweb.sock ssl http2 proxy_protocol; port_in_redirect off; set_real_ip_from unix:; real_ip_header proxy_protocol; real_ip_recursive on; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Fowarded-For $proxy_protocol_addr; #... } } It's really not widely used, thanks for the support plan!
gitea-mirror commented 2026-05-05 12:34:49 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Apr 10, 2019):

Supported in v0.26.0 .

<!-- gh-comment-id:481568251 --> @fatedier commented on GitHub (Apr 10, 2019): Supported in v0.26.0 .
gitea-mirror commented 2026-05-05 12:34:49 -06:00
Author
Owner
Copy link

@nimeia commented on GitHub (Apr 13, 2019):

in v0.26.0 . not work
the nginx error log
2019/04/12 11:12:15 [error] 29287#0: 73 broken header: "GET /zh-cn/download/ HTTP/1.1^M
Host: xxxxxx
Connection: keep-alive^M
Cache-Control: max-age=0^M
Upgrade-Insecure-Requests: 1^M
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36^M
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/*;q=0.8,application/signed-exchange;v=b3^M
Referer: http://xxxxxx/zh-cn/about/^M
Accept-Encoding: gzip, deflate^M
Accept-Language: zh-CN,zh;q=0.9^M
Cookie: _ga=GA1.2.1963277611.1554879062; _gid=GA1.2.2122501751.1554879062; Hm_lvt_0651a3006aeb268825e1fac075608b40=1554879071; Hm_lpvt_0651a3006aeb268825e1fac075608b40=1554994467^M
^M
" while reading PROXY protocol, client: x.x.x.x, server: 0.0.0.0:80
2019/04/12 11:12:40 [notice] 29318#0: signal process started

<!-- gh-comment-id:482782291 --> @nimeia commented on GitHub (Apr 13, 2019): in v0.26.0 . not work the nginx error log 2019/04/12 11:12:15 [error] 29287#0: *73 broken header: "GET /zh-cn/download/ HTTP/1.1^M Host: xxxxxx Connection: keep-alive^M Cache-Control: max-age=0^M Upgrade-Insecure-Requests: 1^M User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36^M Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3^M Referer: http://xxxxxx/zh-cn/about/^M Accept-Encoding: gzip, deflate^M Accept-Language: zh-CN,zh;q=0.9^M Cookie: _ga=GA1.2.1963277611.1554879062; _gid=GA1.2.2122501751.1554879062; Hm_lvt_0651a3006aeb268825e1fac075608b40=1554879071; Hm_lpvt_0651a3006aeb268825e1fac075608b40=1554994467^M ^M " while reading PROXY protocol, client: x.x.x.x, server: 0.0.0.0:80 2019/04/12 11:12:40 [notice] 29318#0: signal process started
gitea-mirror commented 2026-05-05 12:34:50 -06:00
Author
Owner
Copy link

@dreamren commented on GitHub (Apr 17, 2019):

Supported in v0.26.0 .

Thanks, When my nginx listens on a port, it works. But when nginx listens on a UNIX domain socket, it has a problem.

Nginx configuration:

http{
    server{
        listen unix:/dev/shm/localweb.sock ssl http2 proxy_protocol;
        listen 1443 ssl http2 proxy_protocol;
        port_in_redirect off;
        set_real_ip_from unix:;
        set_real_ip_from 127.0.0.1;
        real_ip_header proxy_protocol;
        real_ip_recursive on;
        proxy_set_header X-Real-IP $proxy_protocol_addr;
        proxy_set_header X-Fowarded-For $proxy_protocol_addr;
        server_name xxx.xxx;
        root /www/xxx.xxx;
        include php-fpm.conf;
        index index.html index.htm index.php;
        include ssl.conf;
        ssl_certificate /etc/nginx/ssl/xxx.xxx.crt;
        ssl_certificate_key /etc/nginx/ssl/xxx.xxx.key;
    }
}

frpc.ini:

[web]
type = tcp
remote_port = 433
local_port = 1443
proxy_protocol_version = v2
[web1]
type = tcp
remote_port = 1433
plugin = unix_domain_socket
plugin_unix_path = /dev/shm/localweb.sock
proxy_protocol_version = v1
[web2]
type = tcp
remote_port = 2433
plugin = unix_domain_socket
plugin_unix_path = /dev/shm/localweb.sock
proxy_protocol_version = v2

Browser access to port 433 is normal, but port 1433 and 2433 don't work.
Attachment is nginx error log(The domain name involved has been replaced with xxx.xxx)
nginx_error.log

<!-- gh-comment-id:483923733 --> @dreamren commented on GitHub (Apr 17, 2019): > Supported in v0.26.0 . Thanks, When my nginx listens on a port, it works. But when nginx listens on a UNIX domain socket, it has a problem. Nginx configuration: http{ server{ listen unix:/dev/shm/localweb.sock ssl http2 proxy_protocol; listen 1443 ssl http2 proxy_protocol; port_in_redirect off; set_real_ip_from unix:; set_real_ip_from 127.0.0.1; real_ip_header proxy_protocol; real_ip_recursive on; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Fowarded-For $proxy_protocol_addr; server_name xxx.xxx; root /www/xxx.xxx; include php-fpm.conf; index index.html index.htm index.php; include ssl.conf; ssl_certificate /etc/nginx/ssl/xxx.xxx.crt; ssl_certificate_key /etc/nginx/ssl/xxx.xxx.key; } } frpc.ini: ``` [web] type = tcp remote_port = 433 local_port = 1443 proxy_protocol_version = v2 [web1] type = tcp remote_port = 1433 plugin = unix_domain_socket plugin_unix_path = /dev/shm/localweb.sock proxy_protocol_version = v1 [web2] type = tcp remote_port = 2433 plugin = unix_domain_socket plugin_unix_path = /dev/shm/localweb.sock proxy_protocol_version = v2 ``` Browser access to port 433 is normal, but port 1433 and 2433 don't work. Attachment is nginx error log(The domain name involved has been replaced with xxx.xxx) [nginx_error.log](https://github.com/fatedier/frp/files/3087809/nginx_error.log)
gitea-mirror commented 2026-05-05 12:34:51 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Apr 17, 2019):

Not suppoted with plugin.

I need to consider how to implement it.

<!-- gh-comment-id:483926217 --> @fatedier commented on GitHub (Apr 17, 2019): Not suppoted with plugin. I need to consider how to implement it.
gitea-mirror commented 2026-05-05 12:34:51 -06:00
Author
Owner
Copy link

@nimeia commented on GitHub (Apr 19, 2019):

i find it can`t work in openresty (nginx sub tree), it work when i change to nginx. thank you

<!-- gh-comment-id:484812436 --> @nimeia commented on GitHub (Apr 19, 2019): i find it can`t work in openresty (nginx sub tree), it work when i change to nginx. thank you
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#910
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?