search

fatedier / frp

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Apache License 2.0
85.6k stars 13.26k forks source link

frps.service自动停止 #3785

Closed louisir closed 11 months ago

louisir commented 11 months ago

Bug Description

frps在ubuntu服务器上启动一段时间之后自动停止(随机的)。从日志来看,frps的日志记录,每30秒一次心跳,都是正常的;查看frps.service的status,Nov 20 17:14:35 xxx systemd[1]: Stopping frp server...,这里无缘无故的就自动停止了。原因不明。

frpc Version

0.52.3

frps Version

0.52.3

System Architecture

linux/amd64

Configurations

A literal address or host name for IPv6 must be enclosed

in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"

For single "bind_addr" field, no need square brackets, like "bind_addr = ::".

bindAddr = "0.0.0.0" bindPort = xxx

udp port used for kcp protocol, it can be same with 'bind_port'.

if not set, kcp is disabled in frps.

kcpBindPort = xxx

udp port used for quic protocol.

if not set, quic is disabled in frps.

quicBindPort = 7002

Specify which address proxy will listen for, default value is same with bind_addr

proxy_bind_addr = "127.0.0.1"

quic protocol options

transport.quic.keepalivePeriod = 10

transport.quic.maxIdleTimeout = 30

transport.quic.maxIncomingStreams = 100000

Heartbeat configure, it's not recommended to modify the default value

The default value of heartbeat_timeout is 90. Set negative value to disable it.

transport.heartbeatTimeout = 90

Pool count in each proxy will keep no more than maxPoolCount.

transport.maxPoolCount = 5

If tcp stream multiplexing is used, default is true

transport.tcpMux = true

Specify keep alive interval for tcp mux.

only valid if tcpMux is true.

transport.tcpMuxKeepaliveInterval = 60

tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.

If negative, keep-alive probes are disabled.

transport.tcpKeepalive = 7200

transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false.

tls.force = true

transport.tls.certFile = "./server.crt"

transport.tls.keyFile = "./server.key"

transport.tls.trustedCaFile = "ca.crt"

If you want to support virtual host, you must set the http port for listening (optional)

Note: http port and https port can be same with bind_port

vhostHTTPPort = 80

vhostHTTPSPort = 443

Response header timeout(seconds) for vhost http server, default is 60s

vhostHTTPTimeout = 60

tcpmuxHTTPConnectPort specifies the port that the server listens for TCP

HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP

requests on one single port. If it's not - it will listen on this value for

HTTP CONNECT requests. By default, this value is 0.

tcpmuxHTTPConnectPort = xxx

If tcpmux_passthrough is true, frps won't do any update on traffic.

tcpmuxPassthrough = false

Configure the web server to enable the dashboard for frps.

dashboard is available only if webServer.port is set.

webServer.addr = "0.0.0.0" webServer.port = xxx webServer.user = "xxx" webServer.password = "xxx" webServer.tls.certFile = "/etc/letsencrypt/live/xxx/fullchain.pem" webServer.tls.keyFile = "/etc/letsencrypt/live/xxx/privkey.pem"

dashboard assets directory(only for debug mode)

webServer.assetsDir = "./static"

Enable golang pprof handlers in dashboard listener.

Dashboard port must be set first

webServer.pprofEnable = false

enablePrometheus will export prometheus metrics on webServer in /metrics api.

enablePrometheus = true

console or real logFile path like ./frps.log

log.to = "xxx/frps.log"

trace, debug, info, warn, error

log.level = "trace" log.maxDays = 3

disable log colors when log.to is console, default is false

log.disablePrintColor = true

DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.

detailedErrorsToClient = true

auth.method specifies what authentication method to use authenticate frpc with frps.

If "token" is specified - token will be read into login message.

If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".

auth.method = "token"

auth.additionalScopes specifies additional scopes to include authentication information.

Optional values are HeartBeats, NewWorkConns.

auth.additionalScopes = ["HeartBeats", "NewWorkConns"]

auth token

auth.token = "xxx"

oidc issuer specifies the issuer to verify OIDC tokens with.

auth.oidc.issuer = ""

oidc audience specifies the audience OIDC tokens should contain when validated.

auth.oidc.audience = ""

oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired.

auth.oidc.skipExpiryCheck = false

oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.

auth.oidc.skipIssuerCheck = false

userConnTimeout specifies the maximum time to wait for a work connection.

userConnTimeout = 10

Only allow frpc to bind ports you list. By default, there won't be any limit.

allowPorts = [ { start = 2000, end = 3000 }, { single = 3001 }, { single = 3003 }, { start = 4000, end = 50000 } ]

Max ports can be used for each client, default value is 0 means no limit

maxPortsPerClient = 0

If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file

When subdomain is est, the host used by routing is test.frps.com

subDomainHost = ""

custom 404 page for HTTP requests

custom404Page = "/path/to/404.html"

specify udp packet size, unit is byte. If not set, the default value is 1500.

This parameter should be same between client and server.

It affects the udp and sudp proxy.

udpPacketSize = 1500

Retention time for NAT hole punching strategy data.

natholeAnalysisDataReserveHours = 168

[[httpPlugins]]

name = "user-manager"

addr = "127.0.0.1:9000"

path = "/handler"

ops = ["Login"]

[[httpPlugins]]

name = "port-manager"

addr = "127.0.0.1:9001"

path = "/handler"

ops = ["NewProxy"]

Logs

frps.log 2023/11/20 17:12:22 [D] [control.go:535] [137c98a22cb25074] receive heartbeat 2023/11/20 17:12:52 [D] [control.go:535] [137c98a22cb25074] receive heartbeat 2023/11/20 17:13:22 [D] [control.go:535] [137c98a22cb25074] receive heartbeat 2023/11/20 17:13:52 [D] [control.go:535] [137c98a22cb25074] receive heartbeat 2023/11/20 17:14:22 [D] [control.go:535] [137c98a22cb25074] receive heartbeat

sudo systemctl status frps.service: Nov 20 01:24:18 xxx systemd[1]: Started frp server. Nov 20 15:50:03 xxx frps[119268]: 2023/11/20 15:50:03 http: TLS handshake error from 172.232.218.49:60000: read tcp 172.24.107.206:59971->172.232.218.49:60000: read: connection> Nov 20 17:14:35 xxx systemd[1]: Stopping frp server... Nov 20 17:14:35 xxx systemd[1]: frps.service: Deactivated successfully. Nov 20 17:14:35 xxx systemd[1]: Stopped frp server. Nov 20 17:14:35 xxx systemd[1]: frps.service: Consumed 1.094s CPU time.

Steps to reproduce

  3. ...

Affected area

xqzr commented 11 months ago

frps 没有定时退出功能 看起来是 正常停止 ~可能是人为的~

louisir commented 11 months ago

frps 没有定时退出功能 看起来是 正常停止 ~可能是人为的~

只有我自己在用它,我没有人为停止服务。意味着被黑了?

superzjg commented 11 months ago

使用最简洁的配置启动frps试一下,若还停止,考虑是系统环境的问题。例如只设置: bindPort = auth.token = "" log.to = "/var/log/frps.log" log.level = "debug" webServer.addr = "" webServer.port =

louisir commented 11 months ago

使用最简洁的配置启动frps试一下,若还停止,考虑是系统环境的问题。例如只设置: bindPort = auth.token = "" log.to = "/var/log/frps.log" log.level = "debug" webServer.addr = "" webServer.port =

谢谢建议,我试试看

louisir commented 11 months ago

使用最简洁的配置启动frps试一下,若还停止,考虑是系统环境的问题。例如只设置: bindPort = auth.token = "" log.to = "/var/log/frps.log" log.level = "debug" webServer.addr = "" webServer.port =

我尝试了,还是不行,昨天晚上10点多,还是停止了。

louisir commented 11 months ago

我找到原因了。是因为certbot.service在renew之前停止了frps.service,然后renew失败了,导致start frps.service没有被执行。