tls+reality+本机自建站，有概率暴露自建站的端口

maryjeck commented 1 month ago

完整性要求

[X] 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
[X] 我提供了完整的配置文件和日志，而不是出于自己的判断只给出截取的部分。
[X] 我搜索了 issues, 没有发现已提出的类似问题。
[X] 问题在 Release 最新的版本上可以成功复现

描述

版本 v24.9.30 有概率暴露自建站的端口

重现方式

带路径访问 http://xxx.com/adjet.php 正常会导向 https://xxx.com/adjet.php 但实际会导向reality转发的站址， https://xxx.com:9999/adjet.php （浏览器中显示）

但直接从https://xxx.com/adjet.php 访问又正常是 https://xxx.com/adjet.php （浏览器中显示）

客户端配置


{
    "tag": "proxy",
    "protocol": "vless",
    "settings":
    {
        "vnext": [
        {
            "address": "xxxx.com", #服务器域名
            "port": 443,
            "users": [
            {
                "id": "xxxxx-xxxx-xxx-xxxxx",
                "flow": "xtls-rprx-vision"
            }]
        }]
    },
    "streamSettings":
    {
        "network": "tcp",
        "security": "reality",
        "realitySettings":
        {
            "serverName": "xxxx.com", #服务器域名
            "fingerprint": "randomized",
            "show": false,
            "publicKey": "xxxxxxx",
            "shortId": "xxxxxxx",
            "spiderX": ""
        }
    },
    "mux":
    {
        "enabled": false,
        "concurrency": -1,
        "xudpConcurrency": 16,
        "xudpProxyUDP443": "reject"
    }
}

服务端配置


{
    "port": 443,
    "protocol": "vless",
    "settings":
    {
        "clients": [
        {
            "id": "xxxxxx-xxxx-xxx-xxxx", 
            "flow": "xtls-rprx-vision",
            "level": 0
        }],
        "decryption": "none"
    },
    "streamSettings":
    {
        "network": "tcp",
        "security": "reality",
        "realitySettings":
        {
            "show": false,
            "dest": "xxxxx.com:9999", #域名为服务器本机域名
            "xver": 0,
            "serverNames": [
                "xxxxx.com",#域名为服务器本机域名
                "amazon.com",
                "www.amazon.com"
            ],
            "privateKey": "xxxxxxxxxxx",
            "minClientVer": "",
            "maxClientVer": "",
            "maxTimeDiff": 0,
            "shortIds": [
                "",
                "xxxxxxxx"
            ]
        }
    }
}

客户端日志

无

服务端日志

无

Fangliding commented 1 month ago

http访问的时候服务器会发送一个跳转这个跳转指向自己真实端口，https访问的时候服务器没有发现问题所以会正常通信，不知道你自己的站是用什么搭的你可能需要自己正确设置30x重定向的目标

laperuz92 commented 1 month ago

I think something wrong with your apache/nginx config.

Here is an example from my nginx config, the main thing is the last line. You are redirecting http to https, not mentioning port.

server { listen 80 default_server; listen [::]:80 default_server; server_name mysite.com www.mysite.com; return 301 https://$host$request_uri; }

maryjeck commented 1 month ago

我用的是caddy，http时指向https:443端口,也就是xray的入口

redir https://xxxxx.com{uri} permanent

XTLS / Xray-core