这是一个创建于 1959 天前的主题,其中的信息可能已经有所发展或是发生改变。
这两天被这个 frp 转发问题搞的头大了。
手头有两台云服务器,一台腾讯云,一台阿里云,阿里云使用 frps,frpc 连接后没有任何问题,https 页面可以正常打开。
但是腾讯云同样的 frps 和客户端的 frpc 配置,只能访问 http 端口,不能访问 https 端口,后台也可以看到 frpc 访问的日志,但是就是不能打开 https 页面。
- frps 日志
[https] join connections, workConn(l[172.27.0.16:7000] r[x.x.x.x:40688]) userConn(l[172.27.0.16:443] r[x.x.x.x:51612])
但是我发现腾讯云本机可以正常访问 https 服务,外部就是不行,端口已经全部打开了。
- 本机访问 fprs 日志
[proxy.go:221] [78a21caf9e2b36d8] [https] join connections, workConn(l[172.27.0.16:7000] r[x.x.x.x:39712]) userConn(l[172.27.0.16:443] r[x.x.x.x:52728])
- 腾讯云本机访问 curl -vv
* Rebuilt URL to: https://x.x.x/
* Trying x.x.x.x...
* TCP_NODELAY set
* Connected to x.x.x (x.x.x.x) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=x.x
* start date: Jun 5 21:49:41 2019 GMT
* expire date: Sep 3 21:49:41 2019 GMT
* subjectAltName: host "x.x.x" matched cert's "*.x.x"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5559f69468e0)
> GET / HTTP/2
> Host: x.x.x
> User-Agent: curl/7.58.0
> Accept: */*
- 外部访问 curl -vv
* Rebuilt URL to: https://x.x.x/
* Trying x.x.x.x...
* TCP_NODELAY set
* Connected to x.x.x (x.x.x.x) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* (304) (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to x.x.x:443
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to x.x.x:443
- frpc.ini
[common]
server_addr = x.x.x.x
server_port = 7000
token = xxxxxxx
[https]
type = https
local_port = 666 ;
custom_domains = x.x.x
- frps.ini
[common]
bind_port = 7000
vhost_https_port = 443
vhost_http_port = 80
token = xxxxxxx
log_file = /var/log/frp/frps.log
log_level = debug
log_max_days = 3
 |
1
chinesestudio 2019-06-27 20:40:31 +08:00 via Android
我没细想 多数端口占用 冲突咯
|
|
2
chinesestudio 2019-06-27 20:43:16 +08:00 via Android
正确的是 nginx 监听 80 443 后端转发 你 frps 监听 443 那 https 怎么打开 443
|
 |
3
enng 2019-06-27 21:04:07 +08:00 via iPhone
最简单的是 frp 只映射 tcp 端口,然后用 nginx 做反代。
|
 |
4
ProjectSky OP @enng 测试多次,发现好像是腾讯云把 443 端口给阻断了,所以才会出现内部通外部不通的问题。主机刚开通的时候是可以正常使用的,大概一天之后就不能使用了。
|
|
5
ProjectSky OP 找到原因了,是域名备案的原因,没想到 443 端口也要备案了,不备案的域名走 443 或者 80 会被腾讯阻断。
|
 |
6
uTOmOuk3L6sb4MSI 2019-06-27 21:28:22 +08:00 via iPhone
我腾讯云 frp https 可以,https 是 nginx 服务
|
|
7
uTOmOuk3L6sb4MSI 2019-06-27 21:29:11 +08:00 via iPhone
嗯,备案了的域名
|
 |
8
qa2080639 2019-06-27 21:59:32 +08:00
@ProjectSky 没在腾讯云备案的域名 我这加 https 能绕过
|
|
9
ProjectSky OP |
Select Language