search

fatedier / frp

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Apache License 2.0
85.98k stars 13.31k forks source link

https配置访问不成功 #1380

Closed gongyuan303 closed 5 years ago

gongyuan303 commented 5 years ago

Issue is only used for submiting bug report and documents typo. If there are same issues or answers can be found in documents, we will close it directly. (为了节约时间,提高处理问题的效率,不按照格式填写的 issue 将会直接关闭。) (请不要在 issue 评论中出现无意义的 加1我也是 等内容,将会被直接删除。) (由于个人精力有限,和系统环境,网络环境等相关的求助问题请转至其他论坛或社交平台。)

Use the commands below to provide key information from your environment: You do NOT have to include this information if this is a FEATURE REQUEST

What version of frp are you using (./frpc -v or ./frps -v)? 0.28.1

What operating system and processor architecture are you using (go env)?

Configures you used: frps :外网阿里云服务器,CentOS系统

[common]
bind_port = 7000
vhost_http_port = 80
vhost_https_port = 443
dashboard_addr = 0.0.0.0
dashboard_port = 7050
dashboard_user = admin
dashboard_pwd =******
token = ******************
frpc,内网window10专业版
[common]
server_addr = *******
server_port = 7000
vhost_http_port = 80
vhost_https_port =443
token = *******
[osvideo]
type = https
custom_domains = osvideo.manaobei.cn
header_security = https
plugin = https2http
plugin_local_addr = 192.168.2.102:80
plugin_crt_path = C:/frp_0.28.1/key/********.crt
plugin_key_path = C:/frp_0.28.1/key/********.key
header_X-From-Where = https

Steps to reproduce the issue: 1. 2. 3.

Describe the results you received: 我在内网部署系统discuz的论坛,80端口,配置域名访问(当然不仅有这个服务),在外网阿里云部署frps直接访问到discuz的论坛。

现在通过http访问没有问题。 浏览器访问https://域名是这个效果: 无法访问此网站 ..cn 意外终止了连接。 请试试以下办法: 检查网络连接 检查代理服务器和防火墙 运行 Windows 网络诊断 ERR_CONNECTION_CLOSED 通过查看frps日志显示会提醒“new proxy [**] error: router config conflict” 不太清楚哪里出现问题。 并且对于配置项不太清楚,想请教一下,感觉问题出现这里,配置相中是否有问题。 1、https2http使用这个插件后,内网部署网站,apache的服务是否需要支持https,我现在是没有支持https的,本地访问localhost是直接可以访问论坛的 2、plugin_crt_path这个证书我是使用阿里云域名注册的证书,下载apache使用的证书,这里是否正确。 3、apache证书是.crt后缀是否这里有问题,我看大家配置都是cer的。

Describe the results you expected:

status301 commented 5 years ago

@gongyuan303 你的配置错了!https2http可以使用。 你需要删除frpc的部分配置,再检查证书是否有效

vhost_http_port = 80
vhost_https_port =443
header_security = https 
header_X-From-Where = https

启用 frpc,启用 https2http 插件,配置如下:

frpc.ini

[common]
server_addr = x.x.x.x
server_port = 7000

[test_htts2http]
type = https
custom_domains = test.yourdomain.com

plugin = https2http
plugin_local_addr = 127.0.0.1:80

# HTTPS 证书相关的配置
plugin_crt_path = ./server.crt
plugin_key_path = ./server.key
plugin_host_header_rewrite = 127.0.0.1
status301 commented 5 years ago

https 貌似没有支持header_ https://github.com/fatedier/frp/blob/master/conf/frpc_full.ini

[web02]
type = https
local_ip = 127.0.0.1
local_port = 8000
use_encryption = false
use_compression = false
subdomain = web01
custom_domains = web02.yourdomain.com
# if not empty, frpc will use proxy protocol to transfer connection info to your local service
# v1 or v2 or empty
proxy_protocol_version = v2

[plugin_https2http]
type = https
custom_domains = test.yourdomain.com
plugin = https2http
plugin_local_addr = 127.0.0.1:80
plugin_crt_path = ./server.crt
plugin_key_path = ./server.key
plugin_host_header_rewrite = 127.0.0.1
fatedier commented 5 years ago

new proxy [**] error: router config conflict 表示路由信息已存在,通常是域名重复了。

gongyuan303 commented 5 years ago

@fatedier 已经可以调用了,但是有https下面加载http资源的问题,这个咋解决。

gongyuan303 commented 5 years ago

访问https://+域名,能访问但是加载的页面没有js和css,这些资源因为是http的所以没有成功

gongyuan303 commented 5 years ago

应该搞定了,开心开心开心!!!

millionart commented 5 years ago

@gongyuan303 可以分享一下你的配置s、c配置吗?我遇到一样的问题http正常https就无法访问

gongyuan303 commented 4 years ago

@millionart 你可以说说你是咋弄的 我帮你分析一下

millionart commented 4 years ago

@gongyuan303 我最后发现是 docker 启动没开启 443 端口 orz(笑哭)

owen-gxz commented 4 years ago

为何我的一直有错误阿?

frps.ini
[common]
bind_port = 8888
vhost_http_port = 8000
vhost_https_port = 8083
[common]
server_addr = xx.xx.xx.xx
server_port = 8888

[test_htts2http]
type = https
custom_domains = xxx.xx.xx

plugin = https2http
plugin_local_addr = 127.0.0.1:8038

# HTTPS 证书相关的配置证书是阿里云申请的 肯定是对的
plugin_crt_path = ./1.crt
plugin_key_path = ./1.key
plugin_host_header_rewrite = 127.0.0.1

浏览器访问可以,但是curl或者其他服务访问就是问题
其他服务访问: http: TLS handshake error from xxxx:8888: remote error: tls: bad certificate
curl: 2019/12/13 15:25:11 http: TLS handshake error from xxxx:8888: remote error: tls: unknown certificate authority
gongyuan303 commented 4 years ago

收到 你搞定了吧,我晚上帮你看下

------------------ 原始邮件 ------------------ 发件人: "owen.gxz"<notifications@github.com>; 发送时间: 2019年12月13日(星期五) 下午3:17 收件人: "fatedier/frp"<frp@noreply.github.com>; 抄送: "Ming"<763811314@qq.com>;"Mention"<mention@noreply.github.com>; 主题: Re: [fatedier/frp] https配置访问不成功 (#1380)

为何我的一直是这个错误阿? frps.ini [common] bind_port = 8888 vhost_http_port = 8000 vhost_https_port = 8083 [common] server_addr = xx.xx.xx.xx server_port = 8888 [test_htts2http] type = https custom_domains = xxx.xx.xx plugin = https2http plugin_local_addr = 127.0.0.1:8038 # HTTPS 证书相关的配置证书是阿里云申请的 肯定是对的 plugin_crt_path = ./1.crt plugin_key_path = ./1.key plugin_host_header_rewrite = 127.0.0.1
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

Twuter commented 1 year ago

image 我也是这个问题,这个http只要是https就没问题,能帮我远程看下不

Twuter commented 1 year ago

@gongyuan303 能帮忙看下不

Twuter commented 1 year ago

image @gongyuan303