Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

0.61可以提供完整的http2https, https2https的例子么 #4576

Open
11 tasks
shyandsy opened this issue Dec 9, 2024 · 3 comments
Open
11 tasks

0.61可以提供完整的http2https, https2https的例子么 #4576

shyandsy opened this issue Dec 9, 2024 · 3 comments

Comments

@shyandsy
Copy link

shyandsy commented Dec 9, 2024

Bug Description

场景

  1. 内网服务器https://192.168.101.20:6443, 是k8s cluster api
  2. 公网阿里云服务器 47.xx.xx.xx 是我的公网ip
  3. 我希望通过公网https 50080 和 http 55000 端口,访问内网k8s cluster api

尝试http2https,tcp都无法访问内网https服务

frpc Version

0.61.0

frps Version

0.61.0

System Architecture

linux/amd64

Configurations

server配置

bindPort = 50000

vhostHTTPPort = 50080
vhostHTTPSPort = 55000

subdomainHost = "xxx.xxx.com"
log.level = "debug"

client配置

# 方式1 tcp
[[proxies]]
name = "kubectl"
type = "tcp"
localIP = "192.168.101.20"
localPort = 6443
remotePort = 52000

# 方式2 http2https
[[proxies]]
name = "k8s"
type = "http"
#customDomains = ["xxx.xxx.com"]
subDomain = "a"
[proxies.plugin]
type = "http2https"
localAddr = "192.168.101.20:6443"
hostHeaderRewrite = "192.168.101.20"
#requestHeaders.set.x-from-where = "a"

Logs

  1. 尝试tcp方式访问
    server debug输出
    image

client debug输出
image

  1. 尝试http方式访问
    server debug输出
    image

client debug输出
image

Steps to reproduce

...

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
@superzjg
Copy link

配置基本没问题,考虑是运营商或vps服务商的问题。不信,你可以在本地不同的设备上搭建frps和frpc测试,没有公网ipv4就用ipv6测试,应该是可以通的。
现在可以尝试:
1、关闭tls看行不行:transport.tls.enable = false
2、在frps上配置 quicBindPort,采用udp传输,frpc使用 transport.protocol = "quic"
3、尝试换一个https服务试试,随便自己弄一个自签名的https。
注意所有用到的端口在vps上防火墙要打开。

@shyandsy
Copy link
Author

@superzjg

  1. 使用tcp模式时候,kubectl get ns --skip-tls-verify=true,是可以成功执行的。如果不加--skip-tls-verify=true,内网kube api server会报错,说目标地址应该是192.168.101.20,而不是47.xxxx (阿里云公网地址)。看起来请求里目标ip没有变
  2. 如果使用https模式转发,我最后抓包能看到https请求到达192.168.101.20:6443目标端口,但是kubectl的双向证书认证,似乎没认证通过

@superzjg
Copy link

superzjg commented Dec 12, 2024

@superzjg

  1. 使用tcp模式时候,kubectl get ns --skip-tls-verify=true,是可以成功执行的。如果不加--skip-tls-verify=true,内网kube api server会报错,说目标地址应该是192.168.101.20,而不是47.xxxx (阿里云公网地址)。看起来请求里目标ip没有变
  2. 如果使用https模式转发,我最后抓包能看到https请求到达192.168.101.20:6443目标端口,但是kubectl的双向证书认证,似乎没认证通过

我不太明白你的意思,我用一个简单的 https://192.168.3.6:53412 自签名网页,测试结果没有问题。
访问下面三个网址均可以打开:
https://aaa.bbb.com:53430/
https://aaa.bbb.com:53413/
http://aaa.bbb.com:53413/

附带我的配置文件:

Frps v0.60.0:(注:因为我使用的端口一样,所以必须在frpc配置transport.tls.disableCustomTLSFirstByte,否则连不上,不一样的端口不需要)

bindPort = 53413
auth.token = "123456"
vhostHTTPPort = 53413
vhostHTTPSPort = 53413
log.to = "/var/log/frps.log"
log.maxDays = 6

Frpc v0.60.0:

serverAddr = "aaa.bbb.com"
serverPort = 53413
loginFailExit = false
auth.token = "123456"
log.to = "/var/log/frpc.log"
transport.tls.disableCustomTLSFirstByte = false

[[proxies]]
name = "tcp_web_test"
type = "tcp"
localIP = "192.168.3.6"
localPort = 53412
remotePort = 53430

[[proxies]]
name = "https_test"
type = "https"
localIP = "192.168.3.6"
localPort = 53412
customDomains = ["aaa.bbb.com"]

[[proxies]]
name = "http2https_test"
type = "http"
customDomains = ["aaa.bbb.com"]
[proxies.plugin]
type = "http2https"
localAddr = "192.168.3.6:53412"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants