这是一个创建于 2297 天前的主题,其中的信息可能已经有所发展或是发生改变。
这两天被这个 frp 转发问题搞的头大了。
手头有两台云服务器,一台腾讯云,一台阿里云,阿里云使用 frps,frpc 连接后没有任何问题,https 页面可以正常打开。
但是腾讯云同样的 frps 和客户端的 frpc 配置,只能访问 http 端口,不能访问 https 端口,后台也可以看到 frpc 访问的日志,但是就是不能打开 https 页面。
- frps 日志
[https] join connections, workConn(l[172.27.0.16:7000] r[x.x.x.x:40688]) userConn(l[172.27.0.16:443] r[x.x.x.x:51612]) 但是我发现腾讯云本机可以正常访问 https 服务,外部就是不行,端口已经全部打开了。
- 本机访问 fprs 日志
[proxy.go:221] [78a21caf9e2b36d8] [https] join connections, workConn(l[172.27.0.16:7000] r[x.x.x.x:39712]) userConn(l[172.27.0.16:443] r[x.x.x.x:52728]) - 腾讯云本机访问 curl -vv
* Rebuilt URL to: https://x.x.x/ * Trying x.x.x.x... * TCP_NODELAY set * Connected to x.x.x (x.x.x.x) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=x.x * start date: Jun 5 21:49:41 2019 GMT * expire date: Sep 3 21:49:41 2019 GMT * subjectAltName: host "x.x.x" matched cert's "*.x.x" * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x5559f69468e0) > GET / HTTP/2 > Host: x.x.x > User-Agent: curl/7.58.0 > Accept: */* - 外部访问 curl -vv
* Rebuilt URL to: https://x.x.x/ * Trying x.x.x.x... * TCP_NODELAY set * Connected to x.x.x (x.x.x.x) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * (304) (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to x.x.x:443 * stopped the pause stream! * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to x.x.x:443 - frpc.ini
[common] server_addr = x.x.x.x server_port = 7000 token = xxxxxxx [https] type = https local_port = 666 ; custom_domains = x.x.x - frps.ini
[common] bind_port = 7000 vhost_https_port = 443 vhost_http_port = 80 token = xxxxxxx log_file = /var/log/frp/frps.log log_level = debug log_max_days = 3  | 1 chinesestudio 2019-06-27 20:40:31 +08:00 via Android 我没细想 多数端口占用 冲突咯 |
| 2 chinesestudio 2019-06-27 20:43:16 +08:00 via Android 正确的是 nginx 监听 80 443 后端转发 你 frps 监听 443 那 https 怎么打开 443 |
 | 3 enng 2019-06-27 21:04:07 +08:00 via iPhone 最简单的是 frp 只映射 tcp 端口,然后用 nginx 做反代。 |
 | 4 ProjectSky OP @enng 测试多次,发现好像是腾讯云把 443 端口给阻断了,所以才会出现内部通外部不通的问题。主机刚开通的时候是可以正常使用的,大概一天之后就不能使用了。 |
| 5 ProjectSky OP 找到原因了,是域名备案的原因,没想到 443 端口也要备案了,不备案的域名走 443 或者 80 会被腾讯阻断。 |
 | 6 uTOmOuk3L6sb4MSI 2019-06-27 21:28:22 +08:00 via iPhone 我腾讯云 frp https 可以,https 是 nginx 服务 |
| 7 uTOmOuk3L6sb4MSI 2019-06-27 21:29:11 +08:00 via iPhone 嗯,备案了的域名 |
 | 8 qa2080639 2019-06-27 21:59:32 +08:00 @ProjectSky 没在腾讯云备案的域名 我这加 https 能绕过 |
| 9 ProjectSky OP |
Select Language