search

XTLS / Xray-core

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
https://t.me/projectXray
Mozilla Public License 2.0
25.53k stars 3.95k forks source link

xray VLESS-TCP-Reality 与网站共享443端口 nginx不能开启PROXY protocol on吗? #1972

Closed bluehj777 closed 1 year ago

bluehj777 commented 1 year ago

用的是1.8.0或1.8.1版本的xray。如果nginx里开启proxy_protocol on xray配置里开启"acceptProxyProtocol": true 则访问https://www.myweb.com 浏览器返回错误ERR_SSL_PROTOCOL_ERROR 访问http://www.myweb.com正常 把proxy_protocol on和"acceptProxyProtocol": true部分都注释掉,网站http/https才能都正常。不清楚大家也是这样吗?

========================================== nginx的stream配置 stream { map $ssl_preread_server_name $backend { www.microsoft.com reality; www.myweb.com web1; }

upstream reality {
    server 127.0.0.1:8443;
}

upstream web1 {
    server 127.0.0.1:80;
    server 127.0.0.1:9443;
}
server {
    listen 443 reuseport;
    ssl_preread on;
    proxy_pass $backend;
    #proxy_protocol on;
}

=============================================== nginx的server配置 server { listen 80; server_name www.myweb.com; root /var/www/html; index index.html index.htm index.nginx-debian.html; }

server { listen 9443 ssl; server_name www.myweb.com;

ssl_certificate /etc/nginx/www.myweb.com.crt;
ssl_certificate_key /etc/nginx/www.myweb.com.rsa.key;
ssl_trusted_certificate /etc/nginx/ca_root.crt;

root /var/www/html;
index index.html index.htm index.nginx-debian.html;

}

xray 服务端配置

{ "log": { "access": "/var/log/xray_access.log", "error": "/var/log/xray_error.log", "loglevel": "none" }, "inbounds": [ { "port": 8443, "protocol": "vless", "listen": "127.0.0.1", "settings": { "udp": true, "clients": [ { "id": "56ddf523-2313-49ce-8777-191adcddf523", "flow": "xtls-rprx-vision" } ], "decryption": "none" }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "streamSettings": { "network": "tcp", // "tcpSettings": { // "acceptProxyProtocol": true // }, "security": "reality", "realitySettings": { "show": false, "dest": "www.microsoft.com:443", "xver": 0, "serverNames": [ "www.microsoft.com" ], "privateKey": "klLxrF1DRLx3CsY51Ye-Xn4zZM9TM", "publicKey": "X56oM9TMqjyIXadWYXklLxrF1DRLx3CsY51Ye-Xn4zZ", "maxTimeDiff": 0, "shortIds": [ "" ] } } } ], "outbounds": [ { "protocol": "freedom", "settings": {} } ] }

newmacuser commented 1 year ago

server { listen 9443 ssl; server_name www.myweb.com; ... } server的listen没有写对 这里的“listen 9443 ssl;”改成“listen 9443 ssl proxy_protocol;”就可以了

bluehj777 commented 1 year ago

server { listen 9443 ssl; server_name www.myweb.com; ... } server的listen没有写对 这里的“listen 9443 ssl;”改成“listen 9443 ssl proxy_protocol;”就可以了

原来如此,搞定,谢了。