Server site of frps LOG cannot record real IPs for fail2ban jail analysis #4978
Description
Bug Description
My application might be special case, but I want to record real IPs to ensure sercurity.
My internal net pc can only use port 80 to go outside.
My external server in google cloud is using Nginx with HTTPS protocol and rewriting to internal pc for my python app service (HTTP protocol).
My project function is working properly, but it has question as following.
I can read log in frps, but it is always showing off the IP which is my external server in google cloud.
I cannot read log in frps with real IPs who are doing insuitable acts.
Although Nginx access.log can read the IPs which are trying not existed folder, frps log cannot record the error acts with those real IPs from their forwarded links.
Is any missing configure way or alternative solution can be adviced?
Thanks.
frpc Version
0.63.0 (private network of Win10 pro)
frps Version
0.64.0 (Google cloud VM of ubuntu linux)
System Architecture
Server: linux/amd64 and Client: windows/amd64
Configurations
SERVER side:
bindAddr = "0.0.0.0"
bindPort = 80
subdomainHost = "duckdns.org"
vhostHTTPPort = 80
vhostHTTPSPort = 80
log.to = "/opt/frp/frps.log"
log.level = "debug"
log.maxDays = 3
log.disablePrintColor = false
detailedErrorsToClient = true
transport.maxPoolCount = 15
transport.tcpMux = true
transport.tcpMuxKeepaliveInterval = 30
transport.tcpKeepalive = 7200
transport.tls.force = true
custom404Page = "/opt/frp/404.html"
SERVER side of Nginx setting:
server {
listen 443 ssl;
http2 on;
(... # managed by Certbot ...)
##PROXY-START /
location /serverwebhookcallback {
rewrite ^/serverwebhookcallback(.*)$ /clientcallback $1 break;
proxy_pass http://127.0.0.1:80 ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header X-Cache $upstream_cache_status;
set $static_filemi146aOz 0;
if (
{
set $static_filemi146aOz 1;
expires 12h;
}
if ( $static_filemi146aOz = 0 )
{
add_header Cache-Control no-cache;
}
}
##PROXY-END /
location / {
return 302 https://www.google.com;
}
}
CLIENT side:
user = "clientsidepc"
serverAddr = "frpserver.duckdns.org"
serverPort = 80
log.to = "./frpc.log"
log.level = "info"
log.maxDays = 3
log.disablePrintColor = false
transport.tls.enable = true
transport.tls.disableCustomTLSFirstByte = false
[[proxies]]
name = "appproxy"
type = "http"
localIp = "127.0.0.1"
localPort = 8080
subdomain = "frpclient"
#transport.proxyProtocolVersion = "v2" ##<-- I cannot use because it will fail my project app connection.
Logs
Server:
$ sudo tail /opt/frp/frps.log
2025-09-15 14:55:45.340 [D] [server/control.go:272] [f64ca6ce981dc3b4] get work connection from pool
2025-09-15 14:55:45.340 [D] [proxy/proxy.go:131] [f64ca6ce981dc3b4] [clientsidepc.appproxy] get a new work connection: [123.123.123.123:14053]
2025-09-15 14:55:45.483 [D] [server/control.go:243] [f64ca6ce981dc3b4] new work connection registered
2025-09-15 15:03:01.254 [W] [httputil/reverseproxy.go:486] do http proxy request [host: 35.212.123.123:80] error: no route found: 35.212.123.123 /
2025-09-15 15:06:40.877 [W] [httputil/reverseproxy.go:486] do http proxy request [host: 35.212.123.123] error: no route found: 35.212.123.123 /ReportServer
2025-09-15 15:35:25.984 [W] [httputil/reverseproxy.go:486] do http proxy request [host: 35.212.123.123:80] error: no route found: 35.212.123.123 /
2025-09-15 15:41:36.042 [W] [httputil/reverseproxy.go:486] do http proxy request [host: 35.212.123.123] error: no route found: 35.212.123.123 /
2025-09-15 15:44:09.979 [W] [httputil/reverseproxy.go:486] do http proxy request [host: 35.212.123.123] error: no route found: 35.212.123.123 /
Steps to reproduce
...
Affected area
- Docs
- Installation
- Performance and Scalability
- Security
- User Experience
- Test and Release
- Developer Infrastructure
- Client Plugin
- Server Plugin
- Extensions
- Others