Closed MelodyUSA closed 1 month ago
问题是这样的。我在服务器上配置了 vless 回落,监听443端口,分别回落到 ws 入站 和 nginx 伪装网站,nginx 会把 grpc 流量转发给 grpc入站 。不知道为什么回落总是失败,从客户端发送的 ws 请求在服务器端显示 firstLen = 0,这个是指首包长度对吧?,首包身份认证失败,也匹配不到任何 path,无论是 ws 还是 grpc 都无法正常回落。
ws 入站
nginx 伪装网站
grpc
grpc入站
firstLen = 0
ws
申请证书的域名用的是 cloudns.net 的二级域名,托管在 cloudflare 上做解析。
个人水平有限,一番搜索查找后实在找不到什么原因会这样,下面放上日志和配置,希望有热心的大佬能帮小弟解答。
服务器日志
[Debug] app/log: Logger started [Info] app/dns: DNS: created localhost client [Debug] app/router: MphDomainMatcher is enabled for 2 domain rule(s) [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:443 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:9527 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:9528 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:443 [Info] transport/internet/websocket: listening TCP(for WS) on 127.0.0.1:9527 [Warning] transport/internet/websocket: accepting PROXY protocol [Warning] core: Xray 1.8.6 started [Debug] transport/internet/grpc: gRPC listen for service name `pathgrpc` tun `Tun` multi tun `TunMulti` [Info] [3717320926] proxy/vless/inbound: firstLen = 0 [Info] [3717320926] proxy/vless/inbound: fallback starts > proxy/vless/inbound: fallback directly [Info] [3717320926] proxy/vless/inbound: realName = my.second.level.domain [Info] [3717320926] proxy/vless/inbound: realAlpn = [Info] [3717320926] app/proxyman/inbound: connection ends > proxy/vless/inbound: fallback ends > proxy/vless/inbound: failed to fallback request payload > write tcp [remoteip]:443->[myip]:24624: write: connection reset by peer
Vless入站
{ "inbounds": [ { "port": 443, "protocol": "vless", "tag": "VLESSTCP", "settings": { "clients": [ { "id": "my-uuid", "flow": "xtls-rprx-vision", "email": "tt@zz.com" } ], "decryption": "none", "fallbacks": [ { "dest": 31300, //nginx 监听,伪装网站的端口 "xver": 0 }, { "alpn": "h2", //nginx 监听,转发 grpc "dest": 31301, "xver": 0 }, { "path": "/wspath", "dest": 9527, "xver": 1 } ] }, "add": "my.second.level.domain", "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "rejectUnknownSni": true, "minVersion": "1.2", "certificates": [ { "certificateFile": "/path/to/tls/my.second.level.domain.crt", "keyFile": "/path/to/tls/my.second.level.domain.key", "ocspStapling": 3600 } ] } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls", "quic" ] } } ] }
nginx 配置
server { listen 127.0.0.1:31300; server_name _; return 403; } server { listen 127.0.0.1:31301 so_keepalive=on;http2 on; server_name my.second.level.domain; root /usr/share/nginx/html/; location ~ ^/s/(clashMeta|default|clashMetaProfiles)/(.*) { default_type 'text/plain; charset=utf-8'; alias /path/to/subscribe/$1/$2; } location /pathgrpc { client_max_body_size 0; keepalive_requests 4294967296; client_body_timeout 1071906480m; send_timeout 1071906480m; lingering_close always; grpc_read_timeout 1071906480m; grpc_send_timeout 1071906480m; grpc_pass grpc://127.0.0.1:9528; } } server { listen 127.0.0.1:31300; server_name my.second.level.domain; root /usr/share/nginx/html/; location ~ ^/s/(clashMeta|default|clashMetaProfiles)/(.*) { default_type 'text/plain; charset=utf-8'; alias /path/to/subscribe/$1/$2; } location / { } }
Vless+WS入站
{ "inbounds": [ { "port": 9527, "listen": "127.0.0.1", "protocol": "vless", "tag": "VLESSWS", "settings": { "clients": [ { "id": "my-uuid", "email": "tt@zz.com" } ], "decryption": "none" }, "streamSettings": { "network": "ws", "security": "none", "wsSettings": { "acceptProxyProtocol": true, "path": "/wspath" } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls", "quic" ] } } ] }
Vless-grpc入站
{ "inbounds": [ { "port": 9528, "listen": "127.0.0.1", "protocol": "vless", "tag": "VLESSGRPC", "settings": { "clients": [ { "id": "my-uuid", "email": "tt@zz.com" } ], "decryption": "none" }, "streamSettings": { "network": "grpc", "grpcSettings": { "serviceName": "pathgrpc" } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls", "quic" ] } } ] }
因为 VPS 厂商线路普通,晚高峰上网会很卡,直连的话网速很差。 所以我需要能够套CDN的配置,选出一堆 CF ip 后配合 clash 客户端负载均衡来达到加速的目的。
我也遇到了同样的问题,本地局域网测试过可以,但是一部署到公网服务器就不行了
套cdn就不要用流控flow
描述有问题,"firstLen = 0" 的话会直接回落到 Nginx,按你说的的配置 Nginx 会转发给 gRPC,至少不会用不了 gRPC
"firstLen = 0" 且用不了代理,只能是 Xray 服务端在 TLS 内没收到任何有效数据
问题是这样的。我在服务器上配置了 vless 回落,监听443端口,分别回落到
ws 入站
和nginx 伪装网站
,nginx 会把grpc
流量转发给grpc入站
。不知道为什么回落总是失败,从客户端发送的 ws 请求在服务器端显示firstLen = 0
,这个是指首包长度对吧?,首包身份认证失败,也匹配不到任何 path,无论是ws
还是grpc
都无法正常回落。申请证书的域名用的是 cloudns.net 的二级域名,托管在 cloudflare 上做解析。
个人水平有限,一番搜索查找后实在找不到什么原因会这样,下面放上日志和配置,希望有热心的大佬能帮小弟解答。
服务器日志
Vless入站
nginx 配置
Vless+WS入站
Vless-grpc入站
因为 VPS 厂商线路普通,晚高峰上网会很卡,直连的话网速很差。 所以我需要能够套CDN的配置,选出一堆 CF ip 后配合 clash 客户端负载均衡来达到加速的目的。