有用 frp 的吗,请教个问题

2019-06-27 20:24:31 +08:00
 ProjectSky

这两天被这个 frp 转发问题搞的头大了。

手头有两台云服务器,一台腾讯云,一台阿里云,阿里云使用 frps,frpc 连接后没有任何问题,https 页面可以正常打开。

但是腾讯云同样的 frps 和客户端的 frpc 配置,只能访问 http 端口,不能访问 https 端口,后台也可以看到 frpc 访问的日志,但是就是不能打开 https 页面。

[https] join connections, workConn(l[172.27.0.16:7000] r[x.x.x.x:40688]) userConn(l[172.27.0.16:443] r[x.x.x.x:51612])

但是我发现腾讯云本机可以正常访问 https 服务,外部就是不行,端口已经全部打开了。

[proxy.go:221] [78a21caf9e2b36d8] [https] join connections, workConn(l[172.27.0.16:7000] r[x.x.x.x:39712]) userConn(l[172.27.0.16:443] r[x.x.x.x:52728])
* Rebuilt URL to: https://x.x.x/
*   Trying x.x.x.x...
* TCP_NODELAY set
* Connected to x.x.x (x.x.x.x) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=x.x
*  start date: Jun  5 21:49:41 2019 GMT
*  expire date: Sep  3 21:49:41 2019 GMT
*  subjectAltName: host "x.x.x" matched cert's "*.x.x"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5559f69468e0)
> GET / HTTP/2
> Host: x.x.x
> User-Agent: curl/7.58.0
> Accept: */*
* Rebuilt URL to: https://x.x.x/
*   Trying x.x.x.x...
* TCP_NODELAY set
* Connected to x.x.x (x.x.x.x) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* (304) (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to x.x.x:443
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to x.x.x:443
[common]
server_addr = x.x.x.x
server_port = 7000
token = xxxxxxx

[https]
type = https
local_port = 666 ;
custom_domains = x.x.x
[common]
bind_port = 7000
vhost_https_port = 443
vhost_http_port = 80
token = xxxxxxx
log_file = /var/log/frp/frps.log
log_level = debug
log_max_days = 3
3450 次点击
所在节点    问与答
9 条回复
chinesestudio
2019-06-27 20:40:31 +08:00
我没细想 多数端口占用 冲突咯
chinesestudio
2019-06-27 20:43:16 +08:00
正确的是 nginx 监听 80 443 后端转发 你 frps 监听 443 那 https 怎么打开 443
enng
2019-06-27 21:04:07 +08:00
最简单的是 frp 只映射 tcp 端口,然后用 nginx 做反代。
ProjectSky
2019-06-27 21:06:18 +08:00
@enng 测试多次,发现好像是腾讯云把 443 端口给阻断了,所以才会出现内部通外部不通的问题。主机刚开通的时候是可以正常使用的,大概一天之后就不能使用了。
ProjectSky
2019-06-27 21:11:21 +08:00
找到原因了,是域名备案的原因,没想到 443 端口也要备案了,不备案的域名走 443 或者 80 会被腾讯阻断。
uTOmOuk3L6sb4MSI
2019-06-27 21:28:22 +08:00
我腾讯云 frp https 可以,https 是 nginx 服务
uTOmOuk3L6sb4MSI
2019-06-27 21:29:11 +08:00
嗯,备案了的域名
qa2080639
2019-06-27 21:59:32 +08:00
@ProjectSky 没在腾讯云备案的域名 我这加 https 能绕过
ProjectSky
2019-06-27 23:31:08 +08:00
@qa2080639
@ODD10
用 curl -vv https://腾讯云外网 IP 是可以得到正确返回信息的,用域名就不行了。
找到原因就不折腾了,其实就是刚开始搞不懂相同的环境怎么就出问题了,挨个排查没想到是外部原因。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/578122

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX