running error - Githubissues

ShadowsocksR-Live / overtls

A simple proxy tunnel, minimalist tool for bypassing the GFW.

MIT License

262 stars 42 forks source link

running error #24

Closed hdid closed 1 year ago

hdid commented 1 year ago

what is this error (when running)

[2023-07-05T21:01:33Z INFO  overtls::server] starting overtls server...
thread 'main' panicked at 'removal index (is 0) should be < len (is 0)', /project/src/server.rs:70:43
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

server is ubuntu 22.04.1 x64

ssrlive commented 1 year ago

It is evident that the key file you provided is incorrect. The server was unable to parse it correctly.

hdid commented 1 year ago

i got key & cert by Let's Encrypt but get the same error!?

ssrlive commented 1 year ago

you can clone the source code again and build / run / test it.

zheshinicheng commented 1 year ago

我想你们应该尝试一下这个项目acme.sh。可以自动化签发并续约SSL证书，并且是免费，开源的。 另外你们需要注意的是overtls这个项目使用X509证书，而acme.sh默认签发EC证书 -k, --keylength <bits> Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521. 签发证书时避免选择ec-256, ec-384, ec-521 @ssrlive @hdid

hdid commented 1 year ago

with v.0.2.1:

root@server:/opt/overtls# ./overtls -r server -c config1.json

[2023-07-11T06:42:59Z INFO  overtls::server] starting overtls server...
[2023-07-11T06:42:59Z TRACE overtls::server] with following settings:
[2023-07-11T06:42:59Z TRACE overtls::server] {
      "server_settings": {
        "disable_tls": null,
        "manage_clients": null,
        "certfile": "/opt/overtls/chained_cert.pem",
        "keyfile": "/opt/overtls/domain-key.pem",
        "forward_addr": "http://127.0.0.1:8000",
        "listen_host": "0.0.0.0",
        "listen_port": 443
      },
      "client_settings": null,
      "remarks": null,
      "method": null,
      "password": null,
      "tunnel_path": "/kdjjgj893hgsh/"
    }
[2023-07-11T06:42:59Z WARN  overtls::server] no certificate and key file, using plain TCP

root@server:/opt/overtls# ls -lh "/opt/overtls/chained_cert.pem" "/opt/overtls/domain-key.pem"

-rw-r--r-- 1 root root 5.8K Jul 6 08:33 /opt/overtls/chained_cert.pem
-rw-r--r-- 1 root root 3.2K Jul 6 08:30 /opt/overtls/domain-key.pem

ssrlive commented 1 year ago

you must use private_key.pem file as private key. use chained_cert.pem file as certificate file.

the script generate file list

~# ll /fakesite_cert
account.key
acme_tiny.py
chained_cert.pem
domain.csr
full_chained_cert.pem
intermediate.pem
private_key.pem
renew_cert.sh*
root.pem
signed.crt

look /etc/nginx/conf.d/overtls.conf file:

~# cat /etc/nginx/conf.d/overtls.conf
    server {
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        ssl_certificate       /fakesite_cert/chained_cert.pem;
        ssl_certificate_key   /fakesite_cert/private_key.pem;