fallback for trojan not working

[mokhtarabadi]

I read the Xray-core & XrayR fallback documentation, and change my configs many times, for example, changing the port, changing to http2 in fallback Nginx config, proxy protocol version in xrayr config, but all times failed, in xrayr logs, I can't find anything about fallback and also I didn't see any requests from xrayr in Nginx logs

fallback Nginx config:

server {
    access_log /opt/fallback.access.log;
    error_log /opt/fallback.error.log debug;

    listen 127.0.0.1:8080;

    server_name _;

    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;

    location / {
        try_files $uri $uri/ =404;
    }

    include /opt/lego.nginx;
}

nginx config:

stream {
    include /opt/ssl_maps.nginx;

    server {
        listen 443 ssl;
        ssl_certificate $CERT;
        ssl_certificate_key $KEY;

        resolver 1.1.1.1;
        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

        proxy_pass 127.0.0.1:10000;

        proxy_protocol on;
        ssl_preread on;
    }
}

xrayr config

Log:
  Level: debug # Log level: none, error, warning, info, debug
  AccessPath: /opt/XrayR/logs/access.log
  ErrorPath: /opt/XrayR/logs/error.log

DnsConfigPath: /opt/XrayR/config/dns.json # Path to dns config, check https://xtls.github.io/config/dns.html for help
RouteConfigPath: /opt/XrayR/config/route.json # Path to route config, check https://xtls.github.io/config/routing.html for help
InboundConfigPath: # /opt/XrayR/config/custom_inbound.json # Path to custom inbound config, check https://xtls.github.io/config/inbound.html for help
OutboundConfigPath: /opt/XrayR/config/custom_outbound.json # Path to custom outbound config, check https://xtls.github.io/config/outbound.html for help

ConnectionConfig:
  Handshake: 4 # Handshake time limit, Second
  ConnIdle: 30 # Connection idle time limit, Second
  UplinkOnly: 2 # Time limit when the connection downstream is closed, Second
  DownlinkOnly: 4 # Time limit when the connection is closed after the uplink is closed, Second
  BufferSize: 64 # The internal cache size of each connection, kB

Nodes:
  - PanelType: "PMpanel" # Panel type: SSpanel, V2board, NewV2board, PMpanel, Proxypanel, V2RaySocks

    ApiConfig:
      ApiHost: https://example.org/webapi
      ApiKey: 123456
      NodeID: 1
      NodeType: Trojan # Node type: V2ray, Shadowsocks, Trojan
      Timeout: 30 # Timeout for the api request
      EnableVless: false # Enable Vless for V2ray Type
      EnableXTLS: false # Enable XTLS for V2ray and Trojan
      SpeedLimit: 0 # Mbps, Local settings will replace remote settings
      DeviceLimit: 0 # Local settings will replace remote settings
      RuleListPath: /opt/XrayR/config/rulelist # Path to local rulelist file

    ControllerConfig:
      ListenIP: 127.0.0.1 # IP address you want to listen
      SendIP: 0.0.0.0 # IP address you want to send pacakage
      UpdatePeriodic: 10 # Time to update the nodeinfo, how many sec.
      EnableDNS: true # Use custom DNS config, Please ensure that you set the dns.json well
      DNSType: AsIs # AsIs, UseIP, UseIPv4, UseIPv6, DNS strategy
      DisableUploadTraffic: false # Disable Upload Traffic to the panel
      DisableGetRule: false # Disable Get Rule from the panel
      DisableIVCheck: false # Disable the anti-reply protection for Shadowsocks
      DisableSniffing: false # Disable domain sniffing
      EnableProxyProtocol: true # Only works for WebSocket and TCP
      EnableFallback: true # Only support for Trojan and Vless

      GlobalDeviceLimitConfig:
        Enable: true # Enable the global device limit of a user
        RedisAddr: 1.1.1.1:6379 # The redis server address
        RedisPassword: 123456 # Redis password
        RedisDB: 0 # Redis DB
        Timeout: 5 # Timeout for redis request
        Expiry: 60 # Expiry time (minute)

      AutoSpeedLimitConfig:
        Limit: 0 # Warned speed. Set to 0 to disable AutoSpeedLimit (mbps)
        WarnTimes: 0 # After (WarnTimes) consecutive warnings, the user will be limited. Set to 0 to punish overSpeed user immediately.
        LimitSpeed: 0 # The speedlimit of a limited user (unit: mbps)
        LimitDuration: 0 # How many minutes will the limiting last (unit: minute)

      FallBackConfigs: # Support multiple fallbacks
        - SNI: # TLS SNI(Server Name Indication), Empty for any
          Alpn: # Alpn, Empty for any
          Path: # HTTP PATH, Empty for any
          Dest: 8080 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
          ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable

      CertConfig:
        CertMode: none # Option about how to get certificate: none, file, http, dns
        RejectUnknownSni: false # Reject unknown SNI
        CertDomain: uk2.example.org # Domain to cert (fill in if want xrary issue certificate)
        CertFile: /opt/certificates/uk2.example.org.crt # Provided if the CertMode is file
        KeyFile: /opt/certificates/uk2.example.org.key
        Provider: cloudflare # DNS cert provider, Get the full support list here: https://go-acme.github.io/lego/dns/
        Email: 123456789@gmail.com

        DNSEnv: # DNS ENV option used by DNS provider
          CLOUDFLARE_EMAIL: 123456789@gmail.com
          CLOUDFLARE_API_KEY: 

[Septrum101]

Set alpn to http/1.1

[mokhtarabadi]

Set alpn to http/1.1

I did it before, I change it to http/1.1 and h2, but no chance also I fill in other properties like path and sni but always I get a 404 Not Found error

I think (not sure) maybe Xray(R) not calling the fallback destination, because I didn't any logs about in the Nginx fallback server access logs

Also for the correct path, meaning the path I configured in the panel I get the 400 Bad Request error. And for all other paths get 404 Not Found

[mokhtarabadi]

After changing some properties in configs, now I see some logs about fallback in XrayR logs.

2023/01/22 17:33:33 [Info] [1570693488] proxy/trojan: firstLen = 311
2023/01/22 17:33:33 [Info] [1570693488] proxy/trojan: fallback starts > proxy/trojan: not a valid user
2023/01/22 17:33:33 [Info] [1570693488] app/proxyman/inbound: connection ends > proxy/trojan: fallback ends > proxy/trojan: failed to fallback request payload > read tcp 127.0.0.1:10000->127.0.0.1:40124: use of closed network connection

[Septrum101]

Google nginx set_real_ip_from Open proxyprotocol on nginx.

[mokhtarabadi]

I add these lines to the fallback Nginx config file:

real_ip_header proxy_protocol;
set_real_ip_from 0.0.0.0/0;

And add proxy_protocol end of listen and change ProxyProtocolVer in XrayR to 1 and 2 but always I get a 404 HTTP error. Also, I change set_real_ip_from to 127.0.0.1 but not working.

[Septrum101]

Try to remove nginx stream, directly use xrayr for inbound server. All the nginx config should add proxy protocol

[mokhtarabadi]

Try to remove nginx stream, directly use xrayr for inbound server. All the nginx config should add proxy protocol

I want to use multiple domains and xrayr does not support it.

In nginx logs i see something about invalid request, what is that?

2023/01/23 20:19:05 [info] 119434#119434: *47934 client sent invalid method while reading client request line, client: 127.0.0.1, server: _, request: "18643d3e89bfb17a95ac257e420e874fa82c950b331df25f92cf7cf7"

[Septrum101]

Turn on all proxy protocol on nginx config which you listened.

[mokhtarabadi]

Turn on all proxy protocol on nginx config which you listened.

I did it before, but now I migrate to Nginx HTTP WebSocket upgrade mode, and all things work also I think the speed and latency is better than stream mode.

but i think there is a bug in trojan fallback.

[johnsy616]

Turn on all proxy protocol on nginx config which you listened.

I did it before, but now I migrate to Nginx HTTP WebSocket upgrade mode, and all things work also I think the speed and latency is better than stream mode.

but i think there is a bug in trojan fallback.

i meet exactly same issue with you. i also use stream to distribute different domain name.

can you share your config for "Nginx HTTP WebSocket upgrade mode"

thank you.