search

XTLS / Xray-core

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
https://t.me/projectXray
Mozilla Public License 2.0
25.39k stars 3.92k forks source link

curl 使用代理后下载 github release 的文件失败 #1867

Closed Darkbish closed 1 year ago

Darkbish commented 1 year ago

使用的是 tls + ws 的模式,以下的配置

nginx 的配置

server {
    listen       443 ssl http2 default_server;
    server_name  www.xxx.com;

    location /ws {
        if ($http_upgrade != "websocket") {
            return 404;
        }
        proxy_pass http://127.0.0.1:10086;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 52w;
    }
}

server.conf.json

{
    "log": {
        "loglevel": "warning",
        "access": "/var/log/xray/access.log",
        "error": "/var/log/xray/error.log"
    },
    "inbounds": [
        {
            "listen": "127.0.0.1",
            "port": 10086,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "xxxxxxx"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ws",
                "wsSettings": {
                    "path": "/ws"
                }
            },
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls"
                ]
            }
        }
    ],
    "outbounds": [
        {
            "tag": "direct",
            "protocol": "freedom",
            "settings": {}
        },
        {
            "tag": "warp",
            "protocol": "socks",
            "settings": {
                "servers": [{
                    "address": "127.0.0.1",
                    "port": 40000
                }]
            }
        },
        {
            "tag": "blocked",
            "protocol": "blackhole",
            "settings": {}
        }
    ],
    "routing": {
        "domainStrategy": "IPIfNonMatch",
        "rules": [
            {
                "type": "field",
                "outboundTag": "warp",
                "domain": ["openai.com", "hcaptcha.com"]
            },
            {
                "type": "field",
                "ip": [
                    "geoip:cn",
                    "geoip:private"
                ],
                "outboundTag": "blocked"
            }
        ]
    }
}

client.config.json

{
  "log": {
    "error": "/usr/local/var/log/xray/error.log",
    "loglevel": "info",
    "access": "/usr/local/var/log/xray/access.log"
  },
  "inbounds": [
    {
      "sniffing": {
        "enabled": true,
        "destOverride": ["tls", "http"]
      },
      "listen": "0.0.0.0",
      "protocol": "socks",
      "settings": {
        "udp": true,
        "auth": "noauth"
      },
      "port": "1080"
    },
    {
      "sniffing": {
        "enabled": true,
        "destOverride": ["tls", "http"]
      },
      "listen": "0.0.0.0",
      "protocol": "http",
      "settings": {
        "timeout": 360
      },
      "port": "1087"
    }
  ],
  "outbounds": [
    {
      "mux": {
        "enabled": true,
        "concurrency": 8
      },
      "protocol": "vless",
      "streamSettings": {
        "wsSettings": {
          "path": "/ws?ed=2048",
          "headers": {
            "host": "www.xxx.com"
          }
        },
        "tlsSettings": {
          "serverName": "www.xxx.com",
          "allowInsecure": false,
          "fingerprint": "chrome"
        },
        "security": "tls",
        "network": "ws"
      },
      "tag": "proxy",
      "settings": {
        "vnext": [
          {
            "address": "www.xxx.com",
            "users": [
              {
                "encryption": "none",
                "id": "xxxxxxxxx",
                "level": 0,
                "flow": ""
              }
            ],
            "port": 443
          }
        ]
      }
    },
    {
      "tag": "direct",
      "protocol": "freedom"
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "none"
        }
      }
    }
  ],
  "dns": {
    "hosts": {
      "dns.google": "8.8.8.8",
      "dns.pub": "119.29.29.29",
      "dns.alidns.com": "223.5.5.5",
      "geosite:category-ads-all": "127.0.0.1"
    },
    "servers": [
      {
        "address": "https://1.1.1.1/dns-query",
        "domains": ["geosite:geolocation-!cn"],
        "expectIPs": ["geoip:!cn"]
      },
      "8.8.8.8",
      {
        "address": "114.114.114.114",
        "port": 53,
        "domains": ["geosite:cn", "geosite:category-games@cn"],
        "expectIPs": ["geoip:cn"],
        "skipFallback": true
      },
      {
        "address": "localhost",
        "skipFallback": true
      }
    ]
  },
  "routing": {
    "settings": {
      "domainStrategy": "AsIs",
      "rules": [
        {
          "type": "field",
          "outboundTag": "block",
          "domain": ["geosite:category-ads-all"]
        },
        {
          "type": "field",
          "outboundTag": "direct",
          "domain": [
            "domain:darkiller.cc",
            "geosite:private",
            "geosite:apple-cn",
            "geosite:google-cn",
            "geosite:tld-cn",
            "geosite:category-games@cn",
            "geosite:cn"
          ]
        },
        {
          "type": "field",
          "ip": ["geoip:private", "geoip:cn"],
          "outboundTag": "direct"
        }
      ]
    }
  },
  "transport": {}
}

curl 下载文件时的输出

$ curl -x socks://127.0.0.1:1080 -L -o geoip.dat.new https://github.com/Loyalsoldier/v2ray-rules-dat/raw/release/geosite.dat -v % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 127.0.0.1:1080...

  • Connected to 127.0.0.1 (127.0.0.1) port 1080 (#0)
  • SOCKS4 communication to github.com:443
  • SOCKS4 non-blocking resolve of github.com
  • SOCKS4 connect to IPv4 20.205.243.166 (locally resolved)
  • SOCKS4 request granted.
  • Connected to 127.0.0.1 (127.0.0.1) port 1080 (#0)
  • ALPN: offers h2,http/1.1 } [5 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Client hello (1): } [512 bytes data]
  • TLSv1.3 (IN), TLS handshake, Server hello (2): { [122 bytes data]
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): { [19 bytes data]
  • TLSv1.3 (IN), TLS handshake, Certificate (11): { [2459 bytes data]
  • TLSv1.3 (IN), TLS handshake, CERT verify (15): { [79 bytes data]
  • TLSv1.3 (IN), TLS handshake, Finished (20): { [36 bytes data]
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Finished (20): } [36 bytes data]
  • SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
  • ALPN: server accepted h2
  • Server certificate:
  • subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
  • start date: Feb 14 00:00:00 2023 GMT
  • expire date: Mar 14 23:59:59 2024 GMT
  • subjectAltName: host "github.com" matched cert's "github.com"
  • issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
  • SSL certificate verify ok. } [5 bytes data]
  • using HTTP/2 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* h2h3 [:method: GET]
  • h2h3 [:path: /Loyalsoldier/v2ray-rules-dat/raw/release/geosite.dat]
  • h2h3 [:scheme: https]
  • h2h3 [:authority: github.com]
  • h2h3 [user-agent: curl/8.0.1]
  • h2h3 [accept: /]
  • Using Stream ID: 1 (easy handle 0x7fbf6d00a800) } [5 bytes data]

    GET /Loyalsoldier/v2ray-rules-dat/raw/release/geosite.dat HTTP/2 Host: github.com user-agent: curl/8.0.1 accept: /

    { [5 bytes data]

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): { [57 bytes data]
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): { [57 bytes data]
  • old SSL session ID is stale, removing { [5 bytes data] < HTTP/2 302 < server: GitHub.com < date: Tue, 28 Mar 2023 02:22:56 GMT < content-type: text/html; charset=utf-8 < vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With < access-control-allow-origin: https://render.githubusercontent.com < location: https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/geosite.dat < cache-control: no-cache < strict-transport-security: max-age=31536000; includeSubdomains; preload < x-frame-options: deny < x-content-type-options: nosniff < x-xss-protection: 0 < referrer-policy: no-referrer-when-downgrade < content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events .actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ wss://.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com objects-origin.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ < content-length: 0 < x-github-request-id: E414:8E9E:15DC643:16D03D7:64224F7F < { [0 bytes data] 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
  • Connection #0 to host 127.0.0.1 left intact
  • Issue another request to this URL: 'https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/geosite.dat'
  • Hostname 127.0.0.1 was found in DNS cache
  • Trying 127.0.0.1:1080...
  • Connected to 127.0.0.1 (127.0.0.1) port 1080 (#1)
  • SOCKS4 communication to raw.githubusercontent.com:443
  • SOCKS4 non-blocking resolve of raw.githubusercontent.com
  • SOCKS4 connect to IPv4 0.0.0.0 (locally resolved) 0 0 0 0 0 0 0 0 --:--:-- 0:01:00 --:--:-- 0* connection to proxy closed 0 0 0 0 0 0 0 0 --:--:-- 0:01:00 --:--:-- 0
  • Closing connection 1 curl: (97) connection to proxy closed
RPRX commented 1 year ago

这个组合已经很久了,没有人报告过该 bug,请检查配置