search

fatedier / frp

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Apache License 2.0
86.19k stars 13.33k forks source link

使用proxy protocol caddy vaultwarden无法访问 #3122

Closed swhoro closed 1 year ago

swhoro commented 2 years ago

Bug Description

frpc运行于openwrt上,caddy运行于群晖的docker中,vaultwarden也位于群晖的docker中 如果去掉proxy_protocol_version=v1可以正常访问 设置为v2也不可以正常访问

frpc Version

0.44.0

frps Version

0.44.0

System Architecture

linux/amd64

Configurations

frpc.ini:

[common]
server_addr=
server_port=
token=
log_level=info
log_max_days=3
protocol=kcp
log_file=/var/etc/frp/frpc.log
tcp_mux=true
tls_enable=false
login_fail_exit=false

[vw]
type=tcp
remote_port=9000
local_ip=192.168.1.4
local_port=4433
proxy_protocol_version=v1
use_encryption=true
use_compression=true

caddyfile:

vw.carriage.fun:443 {
  encode gzip
  tls /etc/caddy/ssl/7483023_***.pem /etc/caddy/ssl/7483023_***.key
  header / {
       # Enable HTTP Strict Transport Security (HSTS)
       Strict-Transport-Security "max-age=31536000;"
       # Enable cross-site filter (XSS) and tell browser to block detected attacks
       X-XSS-Protection "1; mode=block"
       # Disallow the site to be rendered within a frame (clickjacking protection)
       X-Frame-Options "DENY"
       # Prevent search engines from indexing (optional)
       X-Robots-Tag "none"
       # Server name removing
       -Server
   }

  # Notifications redirected to the websockets server
  reverse_proxy /notifications/hub 192.168.1.4:3012

  # Proxy the Root directory to Rocket
  reverse_proxy 192.168.1.4:8082 {
       # Send the true remote IP to Rocket, so that bitwarden_rs can put this in the
       # log, so that fail2ban can ban the correct IP.
       header_up X-Real-IP {remote_host}
  }
}

Logs

No response

Steps to reproduce

  3. ...

Affected area

Becods commented 2 years ago

https://pkg.go.dev/github.com/francislavoie/caddy2-proxyprotocol

proxy_protocol {
    timeout <duration>
    allow <IPs...>
}

or

Using nginx, nginx natively supports proxy_protocol.

github-actions[bot] commented 1 year ago

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.