Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nginx https转发frps #671

Closed
wxlg1117 opened this issue Mar 21, 2018 · 6 comments
Closed

nginx https转发frps #671

wxlg1117 opened this issue Mar 21, 2018 · 6 comments

Comments

@wxlg1117
Copy link

@wxlg1117 wxlg1117 commented Mar 21, 2018

What version of frp are you using (./frpc -v or ./frps -v)?
0.16

What operating system and processor architecture are you using (go env)?
centos 7.4

Configures you used:

Steps to reproduce the issue:
一,启动frps;
frps.ini
bind_port = 7000
vhost_http_port = 7080
vhost_https_port = 7443
subdomain_host = testtest.com

二,nginx的配置 nginx.ini;

server {
server_name *.testtest.com;
listen 443;
ssl on;
ssl_certificate /etc/ssl/testtest.com/fullchain.pem;
ssl_certificate_key /etc/ssl/testtest.com/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

location / {
proxy_pass https://127.0.0.1:7443;
#proxy_ssl_server_name on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

三,启动frpc,启动本机8009的https服务;
[test1]
type = https
local_ip = 127.0.0.1
local_port = 8009
subdomain = test1

Describe the results you received:
访问 https://test1.testtest.com:7443正常
访问 https://test1.testtest.com错误,日志输出

get hostname from http/https request error: Unknow error

Additional information you deem important (e.g. issue happens only occasionally):
虽然可以按照(#610)
写死nginx.ini为:

server_name test1.testtest.com;
proxy_pass https://test1.testtest.com:7443;

这样https://test1.testtest.com:7443https://test1.testtest.com也都能正常,但这样frps配置了subdomain_host且frpc用subdomain 的话就很不方便了.

各大婶有已经解决了的么?
@fatedier @312102021

update20180322:已经在某大神的指点下解决.

@wxlg1117 wxlg1117 closed this Mar 22, 2018
@rockts

This comment has been minimized.

Copy link

@rockts rockts commented May 14, 2018

你用的免费的ssl证书,免费的证书应该不能绑泛域名,类似*.baidu.com ,一个免费证书只能绑一个一级域名或者一个二级域名,如果你有a.baidu.com和b.baidu.com的话,应该需要申请两个证书

@levenkk

This comment has been minimized.

Copy link

@levenkk levenkk commented Jul 3, 2018

@wxlg1117 请问您怎么解决的?

@xiasf

This comment has been minimized.

Copy link

@xiasf xiasf commented Aug 8, 2018

同问您怎么解决的?

@levenkk

This comment has been minimized.

Copy link

@levenkk levenkk commented Aug 9, 2018

折腾了一下,https转发算是能正常用了,证书用的是免费的let's encrypt,支持泛域名。
可访问形如 https://xxxxx.frp.yourdomain.com 的域名

nginx.conf

server {
    listen 443 ssl http2;
    server_name *.frp.yourdomain.com;
    ssl_certificate ../ssl/cert.pem;
    ssl_certificate_key ../ssl/privkey.pem;
    location / {
        resolver 127.0.0.1; #通过配置/etc/dnsmasq.conf,本地解析域名
        proxy_ssl_server_name on;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        proxy_pass https://$host:7443; #通过域名访问frp服务
    }
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }
}

在本地映射域名解析
/etc/dnsmasq.conf

address=/.yourdomain.com/127.0.0.1
address=/.frp.yourdomain.com/127.0.0.1

frps.ini

[common]
bind_port = 7000
subdomain_host = frp.yourdomain.com
vhost_http_port = 7080
vhost_https_port = 7443
dashboard_port = 7500
token=yourtoken
@whdlut

This comment has been minimized.

Copy link

@whdlut whdlut commented Oct 14, 2018

@wxlg1117,您好,想向您请教一下,请问您这个能够正常工作,是不是必须要云端服务器(具有公网IP,运行frps和nginx)和内网的服务器(运行frpc)具有相同的let's encrypt证书(fullchain.pem和privkey.pem),才可以?我个人觉得应该是这样,那么证书是不是要从云端服务器直接拷贝到内网服务器,严格说来,是不是会有潜在的网络安全风险,谢谢!

@rockts

This comment has been minimized.

Copy link

@rockts rockts commented Oct 15, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.