Open NuLL3rr0r opened 4 years ago
More debugging information with curl:
curl -v -H "Host: mamadou-verizon-c1.azureedge.net" https://ajax.aspnetcdn.com
* Trying 152.199.19.160:443...
* TCP_NODELAY set
* Connected to ajax.aspnetcdn.com (152.199.19.160) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=*.vo.msecnd.net
* start date: Mar 30 17:48:56 2018 GMT
* expire date: Mar 30 17:48:56 2020 GMT
* subjectAltName: host "ajax.aspnetcdn.com" matched cert's "*.aspnetcdn.com"
* issuer: C=US; ST=Washington; L=Redmond; O=Microsoft Corporation; OU=Microsoft IT; CN=Microsoft IT TLS CA 2
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: mamadou-verizon-c1.azureedge.net
> User-Agent: curl/7.67.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Content-Type: text/html
< Date: Wed, 25 Dec 2019 04:22:50 GMT
< Server: ECAcc (lha/8DD0)
< Content-Length: 345
<
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>
* Connection #0 to host ajax.aspnetcdn.com left intact
I believe the problem is that Azure CDN maps HTTP to HTTP and HTTPS to HTTPS, i.e. when you access http://yourcdn.azureedge.net, it forwards to http://yourorigin.azureedge.net and when you access https://yourcdn.azureedge.net, it forwards to https://yourorigin.azureedge.net. With the former, Azure CDN doesn't expect a TLS connection, so it doesn't work. With the latter, Azure tries to establish a real TLS connection to the origin, which also cannot result in a working tunnel.
This actually even affects non-fronted setups. I haven't been able to set up the normal CDN mode of Cloak with Azure either.
As it can be seen the domain fronting works with curl:
But when I try it with Cloak, the Cloak log says:
And the client says:
Of course, if I set it to direct instead of CDN it works.
My Shadowsocks config:
My cloak ckclient.json:
My ckserver.json on Azure VPS:
Any ideas?