search

fatedier / frp

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Apache License 2.0
85.6k stars 13.26k forks source link

Frpc 支持server_addr domain吗? #3495

Closed commandoccz closed 1 year ago

commandoccz commented 1 year ago

Bug Description

由于frp支持websocket,我就想将frps放在nginx后端,由nginx反代websocket到frps,出于安全考虑我在VPS上禁止了ip直接访问,因此frpc的server_addr 需要用到域名 frps.ini: [common] bind_addr = 0.0.0.0 bind_port = 7000 kcp_bind_port = 7000 dashboard_addr = 0.0.0.0 dashboard_port = 7500 dashboard_user = admin dashboard_pwd = admin

frpc.ini: [common] server_addr = https://frpsocket-original.engineer.online server_port = 443 protocol = websocket

[ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6000

frpc -c ./frpc.ini运行后报错: [W] [service.go:131] login to server failed: dial tcp: lookup https://frpsocket-original.engineer.online: no such host dial tcp: lookup https://frpsocket-original.engineer.online: no such host

frpc Version

0.49.0

frps Version

0.49.0

System Architecture

Server:"Ubuntu ARM64";Client:"Win10_64bit/Ubuntu amd64"

Configurations

Reference to Bug Description

Logs

Server log: image 其中: 2023/06/25 20:26:42 [D] [service.go:474] Accept new mux stream error: invalid protocol version 2023/06/25 20:26:42 [D] [service.go:474] Accept new mux stream error: invalid protocol version 2023/06/25 20:26:44 [D] [service.go:474] Accept new mux stream error: invalid protocol version

是我用浏览器访问的服务器响应,说明nginx已经转发了websocket

Client Log: [W] [service.go:131] login to server failed: dial tcp: lookup https://frpsocket-original.engineer.online: no such host dial tcp: lookup https://frpsocket-original.engineer.online: no such host

Steps to reproduce

Reference to Bug Description

Affected area

fatedier commented 1 year ago

server_addr does not need to include the protocol type.

commandoccz commented 1 year ago

T_T Still not working....... frpc.ini: [common] server_addr = frpsocket-original.engineer.online server_port = 443 protocol = websocket

[ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6000

root@instance-20220601-1259:~/frp# ./frpc -c ./frpc.ini 2023/06/26 10:49:52 [W] [service.go:131] login to server failed: bad status bad status

root@instance-20220601-1259:~/frp# telnet frpsocket-original.engineer.online 443 Trying 138.18.32.239... Connected to frpsocket-original.engineer.online. Escape character is '^]'. sss HTTP/1.1 400 Bad Request Server: nginx Date: Mon, 26 Jun 2023 02:50:50 GMT Content-Type: text/html

commandoccz commented 1 year ago

It doesn't matter, as long as the server_addr supports domain name access and the format server_addr = xxx.com/xxx/ is correct, the rest is a network problem. I will troubleshoot step by step and then share the results.

commandoccz commented 1 year ago

nginx reverse_proxy conf:

PROXY-START/

proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;

location / { proxy_pass http://localhost:7000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_redirect off; client_max_body_size 0; proxy_ssl_verify off; proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade; 
proxy_set_header Connection "upgrade";

proxy_read_timeout 86400;
proxy_connect_timeout 86400;
proxy_cache off;
proxy_send_timeout 86400;
proxy_buffering off;

}

PROXY-END/

nginx logfile: 221.234.213.176 - - - - - [26/Jun/2023:12:07:53 +0800] "GET / HTTP/2.0" 502 502"-" "curl/7.68.0" "-" 221.234.213.176 - - - - - [26/Jun/2023:12:08:48 +0800] "GET /~!frp HTTP/1.1" 302 -"-" "-" "-" 221.234.213.176 - - - - - [26/Jun/2023:12:14:30 +0800] "GET /~!frp HTTP/1.1" 302 -"-" "-" "-" 221.234.213.176 - - - - - [26/Jun/2023:12:21:19 +0800] "GET /~!frp HTTP/1.1" 302 -"-" "-" "-" 221.234.213.176 - - - - - [26/Jun/2023:12:23:12 +0800] "GET /~!frp HTTP/1.1" 302 -"-" "-" "-"

commandoccz commented 1 year ago

Browser access:https://frpsocket-original.engineer.online/~!frp response: “not websocket protocol”

commandoccz commented 1 year ago

I feel this is a Domain Fronting issue. https://xz.aliyun.com/t/11460

xqzr commented 1 year ago

Try v0.50.0

commandoccz commented 1 year ago

使用websocket在线调试工具,后台能收到请求,因为调试工具没有TLS所以被拒绝,使用frpc客户端连接,依然直接报错,服务器端无任何反应 image

image

github-actions[bot] commented 1 year ago

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.