search

fatedier / frp

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Apache License 2.0
85.09k stars 13.21k forks source link

[http.go:95] do http proxy request error: EOF #1623

Closed SheldonSir closed 4 years ago

SheldonSir commented 4 years ago

Issue is only used for submiting bug report and documents typo. If there are same issues or answers can be found in documents, we will close it directly. (为了节约时间,提高处理问题的效率,不按照格式填写的 issue 将会直接关闭。) (请不要在 issue 评论中出现无意义的 加1我也是 等内容,将会被直接删除。) (由于个人精力有限,和系统环境,网络环境等相关的求助问题请转至其他论坛或社交平台。)

Use the commands below to provide key information from your environment: You do NOT have to include this information if this is a FEATURE REQUEST

What version of frp are you using (./frpc -v or ./frps -v)? 0.31.1

What operating system and processor architecture are you using (go env)? server : Centos 7 client : Ubuntu 16.04.6 LTS (Xenial Xerus)

Configures you used:

#frps.ini
[common]
bind_port = 8889

vhost_http_port = 8889
vhost_https_port = 9000

dashboard_port = 9001
dashboard_user = sheldon
dashboard_pwd = 749071

#log_file = /conf/frps.log

# render.xxx.com and *.render.xxx.com 已设置解析
subdomain_host = render.xxx.com
# frpc.ini
[common]
server_addr = 47.xxx.xxx.xxx
server_port = 8889
tls_enable = true

[static_file]
type = tcp
remote_port = 9007
plugin = static_file
plugin_local_path = /home/master/frp
plugin_strip_prefix = static
plugin_http_user = sheldon
plugin_http_passwd = sheldon

[web02]
type = http
local_ip = 192.168.51.64 
local_port = 443 
subdomain = notebook
# Apache/2.4.6 (CentOS)  
# notebook.conf
<VirtualHost _default_:80>
    DocumentRoot "/var/www/html"
    ServerName 47.xxx.xxx.xxx
</VirtualHost>

<VirtualHost *:80>

        DocumentRoot "/var/www/render/public"

        ServerName notebook.render.xxx.com

    <IfModule mod_rewrite.c>
            RewriteEngine on
            RewriteCond %{SERVER_PORT} 80
            RewriteRule ^(.*$) https://notebook.render.xxx.com/ [R=301,L]
        </IfModule>

    RewriteCond %{SERVER_NAME} =notebook.render.xxx.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

<VirtualHost _default_:443>
    SSLEngine On
    SSLProtocol All -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+MD5
    DocumentRoot "/var/www/render/public"
    ServerName notebook.render.xxx.com
    <Directory /var/www/render/public/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    #  Apache 反向代理设置 
    ProxyPreserveHost On
    ProxyPass "/" "http://notebook.render.xxx.com:8889/"
    ProxyPassReverse "/" "http://notebook.render.xxx.com:8889/"

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/notebook.render.xxx.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/notebook.render.xxx.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/notebook.render.xxx.com/chain.pem
</VirtualHost>

Steps to reproduce the issue:

  1. 因为客户端 kubenetes cluster 要求使用https访问, so, 借鉴了文章 使用内网穿透给本地项目部署域名跟https 大概思路, 将Nginx替换成Apache, 通过Apache 来转发 
    Browser  --> Apache --> Frps --> Frpc
  2. systemctl restart httpd.service
  3. 在 frp 未开启 且 Apache 未开启反向代理前, 测试访问 https://notebook.render.xxx.com 是OK 的
  4. ./frps -c frps.ini
  5. ./frpc -c frpc.ini
  6. 在frp 开启 且 Apache 开启反向代理后, 再次访问 https://notebook.render.xxx.com

Describe the results you received: 浏览器显示为:

The page you visit not found.
Sorry, the page you are looking for is currently unavailable.
Please try again later.

The server is powered by frp.

Faithfully yours, frp.

frps 日志显示:

2020/01/17 11:32:19 [I] [proxy.go:92] [11d0a5d9b1deb5fb] [web02] get a new work connection: [222.93.91.241:45312]
2020/01/17 11:32:19 [W] [http.go:95] do http proxy request error: EOF

配置Nginx 也会遇到同样的问题

Describe the results you expected: 我期望的结果应该是正常跳转到我本地 docker 中的 kubenetes cluster 页面(ps: 可以通过 https://192.168.51.64 访问到页面)

Additional information you deem important (e.g. issue happens only occasionally):

Can you point out what caused this issue (optional)

DaPoHou commented 4 years ago

直接使用https反代http就行了。没必要那么复杂吧。

SheldonSir commented 4 years ago

直接使用https反代http就行了。没必要那么复杂吧。

抱歉, 没get到你的意思 你是想说用 http2https plugin 吗?

DaPoHou commented 4 years ago

直接使用https反代http就行了。没必要那么复杂吧。

抱歉, 没get到你的意思 你是想说用 http2https plugin 吗?

直接用nginx 443 反代 http 80网站

SheldonSir commented 4 years ago

直接使用https反代http就行了。没必要那么复杂吧。

抱歉, 没get到你的意思 你是想说用 http2https plugin 吗?

直接用nginx 443 反代 http 80网站

我原有公网server中用Apache 已经在跑多个站点, so 我就不需要nginx 再做反向代理了. 况且 Apache 也可以做反向代理server

我重新update issue了, 上面的配置我在本地用 phpStudy 搭了一个简易网站, 测试是可以正常访问的

问题frpc 主机环境描述: Ubuntu 16.04.6 LTS Kubenetes cluster in Docker docker pods 对外映射 443 and 31390 port

需要通过frpc 将访问传给 docker 中的 Kubenetes cluster

that's all

SheldonSir commented 4 years ago

OK, 我最后的解决方法是将

SSLCertificateKeyFile /etc/letsencrypt/live/notebook.render.xxx.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/notebook.render.xxx.com/chain.pem

两个证书内容通过base64加密后, 手动拷贝替换了 Kubenetes 内部的web证书(记得备份), 在frps server 端不做Apache 转发

Browser --> Frps --> Frpc --> Kubenetes

以上方法动到了 Kubenetes 内部, 不算是很好的解决方案. 如果大家有好方法, 欢迎follow

fatedier commented 4 years ago

你要反代 https 的服务,为什么 type 填的是 http? 直接用 tcp 端口映射不可以吗?