search

233boy / v2ray

最好用的 V2Ray 一键安装脚本 & 管理脚本
https://233boy.com/v2ray/v2ray-script/
GNU General Public License v3.0
23.6k stars 15.87k forks source link

502 Bad Gateway - websocket: bad handshake #1168

Open MarkZhuYiQi opened 1 year ago

MarkZhuYiQi commented 1 year ago

该问题感觉是caddy->v2ray失败,具体如下。

首先我用过最新V2Ray 5.7.0出现了同样的问题,所以尝试降级但依旧如此,以下log出自版本:

V2Ray 4.45.2 / V2Ray script v4.11 / Caddy v2.6.4

协议为:VMess-WS-TLS

以下是v2ray的配置:

{ "inbounds": [ { "tag": "VMess-WS-TLS-我的域名.json", "port": 23247, "listen": "127.0.0.1", "protocol": "vmess", "settings": { "clients": [ { "id": "941d8b19-c534-455a-bb40-8ea316a218bf" } ] }, "streamSettings": { "network": "ws", "security": "none", "wsSettings": { "path": "/941d8b19-c534-455a-bb40-8ea316a218bf", "headers": { "Host": "我的域名" } } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } } ]

从caddy log可以看到dial tcp 127.0.0.1:23247: connect: connection refused,这个23247和v2ray对应配置里的port是一致的。

journalctl -f -u caddy.service
Jul 02 17:09:32 [我的VPS IP].16clouds.com caddy[16765]: {"level":"error","ts":1688288972.4556909,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:23247: connect: connection refused","request":{"remote_ip":"172.70.86.43","remote_port":"49668","proto":"HTTP/1.1","method":"GET","host":"我的域名","uri":"/941d8b19-c534-455a-bb40-8ea316a218bf","headers":{"Cf-Ray":["7e05c01d394b7717-LHR"],"X-Forwarded-Proto":["https"],"Connection":["Upgrade"],"Cf-Connecting-Ip":["117.83.37.220"],"Cf-Ipcountry":["CN"],"X-Forwarded-For":["117.83.37.220"],"Upgrade":["websocket"],"Accept-Encoding":["gzip"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"User-Agent":["Go-http-client/1.1"],"Sec-Websocket-Key":["KITyMxZpTWZsoHI69tjFCA=="],"Sec-Websocket-Version":["13"],"Cdn-Loop":["cloudflare"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"我的域名"}},"duration":0.000477688,"status":502,"err_id":"sng9nar8k","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}
Jul 02 17:09:34 [我的VPS IP].16clouds.com caddy[16765]: {"level":"error","ts":1688288974.1789045,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:23247: connect: connection refused","request":{"remote_ip":"172.70.90.16","remote_port":"17186","proto":"HTTP/1.1","method":"GET","host":"我的域名","uri":"/941d8b19-c534-455a-bb40-8ea316a218bf","headers":{"Cf-Ipcountry":["CN"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["117.83.37.220"],"Cf-Ray":["7e05c027ff6272fd-LHR"],"User-Agent":["Go-http-client/1.1"],"Sec-Websocket-Version":["13"],"Connection":["Upgrade"],"Upgrade":["websocket"],"X-Forwarded-Proto":["https"],"Cdn-Loop":["cloudflare"],"Cf-Connecting-Ip":["117.83.37.220"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Sec-Websocket-Key":["MQNf5H0ipO2ZA6YTFohqUw=="]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"我的域名"}},"duration":0.000466012,"status":502,"err_id":"3r56me2d9","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}
Jul 02 17:09:36 [我的VPS IP].16clouds.com caddy[16765]: {"level":"error","ts":1688288976.956087,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:23247: connect: connection refused","request":{"remote_ip":"172.70.86.43","remote_port":"30400","proto":"HTTP/1.1","method":"GET","host":"我的域名","uri":"/941d8b19-c534-455a-bb40-8ea316a218bf","headers":{"Connection":["Upgrade"],"X-Forwarded-For":["117.83.37.220"],"Sec-Websocket-Key":["U7aglpetBYTog9tvQyfe7Q=="],"Cdn-Loop":["cloudflare"],"Cf-Connecting-Ip":["117.83.37.220"],"Upgrade":["websocket"],"Accept-Encoding":["gzip"],"Cf-Ray":["7e05c036c95e35dc-LHR"],"X-Forwarded-Proto":["https"],"User-Agent":["Go-http-client/1.1"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Sec-Websocket-Version":["13"],"Cf-Ipcountry":["CN"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"我的域名"}},"duration":0.000424593,"status":502,"err_id":"cnjhufvar","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}
Jul 02 17:09:39 [我的VPS IP].16clouds.com caddy[16765]: {"level":"error","ts":1688288979.040925,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:23247: connect: connection refused","request":{"remote_ip":"172.71.178.140","remote_port":"30348","proto":"HTTP/1.1","method":"GET","host":"我的域名","uri":"/941d8b19-c534-455a-bb40-8ea316a218bf","headers":{"User-Agent":["Go-http-client/1.1"],"Sec-Websocket-Version":["13"],"Cf-Connecting-Ip":["117.83.37.220"],"Upgrade":["websocket"],"Cf-Ray":["7e05c0465c13dc6b-LHR"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cdn-Loop":["cloudflare"],"Accept-Encoding":["gzip"],"Connection":["Upgrade"],"Sec-Websocket-Key":["+aoTMWciWViOOCFTgEN+IA=="],"Cf-Ipcountry":["CN"],"X-Forwarded-For":["117.83.37.220"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"我的域名"}},"duration":0.000493172,"status":502,"err_id":"c92ezwxhp","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}

最终在客户端收到的错误是:

2023/07/02 17:24:33 [Warning] [1969748790] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://我的域名/941d8b19-c534-455a-bb40-8ea316a218bf): 502 Bad Gateway > websocket: bad handshake] > common/retry: all retry attempts failed

通过 https://我的域名/941d8b19-c534-455a-bb40-8ea316a218bf,直接访问可以收到cloudFlare返回的502 bad gateway, 这部分应该没问题。

尝试查看v2ray的log但是并没有日志记录:

tail: cannot open ‘/var/log/v2ray/access.log’ for reading: No such file or directory
tail: no files remaining

tail: cannot open ‘/var/log/v2ray/error.log’ for reading: No such file or directory
tail: no files remaining
233boy commented 1 year ago

@MarkZhuYiQi

CF 那边 SSL 要设置成 FULL,建议你用另外一个二级域名测试一下,不走 CF 代理

MarkZhuYiQi commented 1 year ago

@MarkZhuYiQi

CF 那边 SSL 要设置成 FULL,建议你用另外一个二级域名测试一下,不走 CF 代理

@233boy

我刚刚找到问题了,可能是旧版本升级上来的关系,v2ray在新脚本启动失败了。 随后新脚本自动启动了v2ray启动测试,这时log卡在读取了config之后就不动了。 随后我按下回车就回到了交互命令行,我就正常操作,这时候看v2ray的状态是running。 但实际上目前启动的v2ray是测试运行,没有读取到对应的配置。 后续操作包括有对配置进行增删改等管理,重装脚本,重装v2ray等,均没能让后台这个测试v2ray停止,所以一切动作都没有生效。 最后我是通过netstat查看监听端口,发现我配置中的端口根本没有被监听。 尝试了一大圈之后kill了v2ray,重新用脚本启动,脚本启动再次显示失败,然后就复制出了以上错误😭 最后删除了所有v2ray相关的配置,bin,脚本,重新下载,最终成功了,监听的端口也对了!

233boy commented 1 year ago

@MarkZhuYiQi CF 那边 SSL 要设置成 FULL,建议你用另外一个二级域名测试一下,不走 CF 代理

@233boy

我刚刚找到问题了,可能是旧版本升级上来的关系,v2ray在新脚本启动失败了。 随后新脚本自动启动了v2ray启动测试,这时log卡在读取了config之后就不动了。 随后我按下回车就回到了交互命令行,我就正常操作,这时候看v2ray的状态是running。 但实际上目前启动的v2ray是测试运行,没有读取到对应的配置。 后续操作包括有对配置进行增删改等管理,重装脚本,重装v2ray等,均没能让后台这个测试v2ray停止,所以一切动作都没有生效。 最后我是通过netstat查看监听端口,发现我配置中的端口根本没有被监听。 尝试了一大圈之后kill了v2ray,重新用脚本启动,脚本启动再次显示失败,然后就复制出了以上错误😭 最后删除了所有v2ray相关的配置,bin,脚本,重新下载,最终成功了,监听的端口也对了!

点赞这排错能力,不过以后再遇到,你直接重装脚本就行,v2ray reinstall