What version of frp are you using (./frpc -v or ./frps -v)?
0.16
What operating system and processor architecture are you using (go env)?
centos 7.4
Configures you used:
Steps to reproduce the issue:
一,启动frps;
frps.ini
bind_port = 7000
vhost_http_port = 7080
vhost_https_port = 7443
subdomain_host = testtest.com
二,nginx的配置 nginx.ini;
server {
server_name *.testtest.com;
listen 443;
ssl on;
ssl_certificate /etc/ssl/testtest.com/fullchain.pem;
ssl_certificate_key /etc/ssl/testtest.com/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://127.0.0.1:7443;
#proxy_ssl_server_name on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
三,启动frpc,启动本机8009的https服务;
[test1]
type = https
local_ip = 127.0.0.1
local_port = 8009
subdomain = test1
Describe the results you received:
访问 https://test1.testtest.com:7443正常
访问 https://test1.testtest.com错误,日志输出
get hostname from http/https request error: Unknow error
Additional information you deem important (e.g. issue happens only occasionally):
虽然可以按照(https://github.com/fatedier/frp/issues/610)
写死nginx.ini为:
server_name test1.testtest.com;
proxy_pass https://test1.testtest.com:7443;
这样https://test1.testtest.com:7443和https://test1.testtest.com也都能正常,但这样frps配置了subdomain_host且frpc用subdomain 的话就很不方便了.
各大婶有已经解决了的么?
@fatedier @312102021
update20180322:已经在某大神的指点下解决.
你用的免费的ssl证书,免费的证书应该不能绑泛域名,类似*.baidu.com ,一个免费证书只能绑一个一级域名或者一个二级域名,如果你有a.baidu.com和b.baidu.com的话,应该需要申请两个证书
@wxlg1117 请问您怎么解决的?
同问您怎么解决的?
折腾了一下,https转发算是能正常用了,证书用的是免费的let's encrypt,支持泛域名。
可访问形如 https://xxxxx.frp.yourdomain.com 的域名
nginx.conf
server {
listen 443 ssl http2;
server_name *.frp.yourdomain.com;
ssl_certificate ../ssl/cert.pem;
ssl_certificate_key ../ssl/privkey.pem;
location / {
resolver 127.0.0.1; #通过配置/etc/dnsmasq.conf,本地解析域名
proxy_ssl_server_name on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://$host:7443; #通过域名访问frp服务
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
}
在本地映射域名解析
/etc/dnsmasq.conf
address=/.yourdomain.com/127.0.0.1
address=/.frp.yourdomain.com/127.0.0.1
frps.ini
[common]
bind_port = 7000
subdomain_host = frp.yourdomain.com
vhost_http_port = 7080
vhost_https_port = 7443
dashboard_port = 7500
token=yourtoken
@wxlg1117,您好,想向您请教一下,请问您这个能够正常工作,是不是必须要云端服务器(具有公网IP,运行frps和nginx)和内网的服务器(运行frpc)具有相同的let's encrypt证书(fullchain.pem和privkey.pem),才可以?我个人觉得应该是这样,那么证书是不是要从云端服务器直接拷贝到内网服务器,严格说来,是不是会有潜在的网络安全风险,谢谢!
1、服务器不需要运行frpc,frpc是运行在客户端的
2、SSL安装都是服务器端就可以,客户端不需要安装
在 2018年10月14日,11:44,whdlut notifications@github.com 写道:
@wxlg1117 https://github.com/wxlg1117,您好,想向您请教一下,请问您这个能够正常工作,是不是必须要云端服务器(具有公网IP,运行frps和nginx)和内网的服务器(运行frpc)具有相同的let's encrypt证书(fullchain.pem和privkey.pem),才可以?我个人觉得应该是这样,那么证书是不是要从云端服务器直接拷贝到内网服务器,严格说来,是不是会有潜在的网络安全风险,谢谢!
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/fatedier/frp/issues/671#issuecomment-429594075, or mute the thread https://github.com/notifications/unsubscribe-auth/AJUFNHjoM5dMHkJRVVugSizjZ8dagfqhks5ukrMngaJpZM4SzJ4I.
Most helpful comment
折腾了一下,https转发算是能正常用了,证书用的是免费的let's encrypt,支持泛域名。
可访问形如 https://xxxxx.frp.yourdomain.com 的域名
nginx.conf
在本地映射域名解析
/etc/dnsmasq.conf
frps.ini