search

chika0801 / sing-box-examples

sing-box 配置示例
https://github.com/SagerNet/sing-box
1.61k stars 270 forks source link

sing-box Hysteria2反代本地Caddy无法启用http3 #77

Closed Sp1ke47 closed 7 months ago

Sp1ke47 commented 7 months ago

系统:Debian 12 sing-box版本:1.6.6 Caddy版本:2.7.5 Caddy上正常运行网站,监听127.0.0.1:9443,启用了http3 按照示例配置sing-box用Hysteria2监听443,伪装反代本地Caddy,同时用reality监听443 然而浏览器无法用http3(QUIC)访问网站,在http3check.net的测试结果是 Server does not advertise supported HTTP/3 or QUIC version on the same port. Header信息

HTTP/1.1 200 OK
Alt-Svc: h3=":9443"; ma=2592000
Content-Encoding: gzip
Content-Length: 2005
Content-Type: text/html
Date: Sat, 25 Nov 2023 02:39:51 GMT
Server: Caddy
Strict-Transport-Security: max-age=31536000;
Vary: Accept-Encoding

似乎本地端口暴露导致h3端口不一致,不知道如何解决,求大佬帮忙

附上sing-box配置文件

{
  "log": {
    "level": "warn",
    "timestamp": true
  },
  "inbounds": [
  {
            "type": "hysteria2",
            "tag": "hy2-in",
            "listen": "::",
            "listen_port": 443,
            "users": [
                {
                    "password": "xxx"
                }
            ],
            "masquerade": "https://127.0.0.1:9443",
            "tls": {
                "enabled": true,
                "alpn": [
                    "h3"
                ],
                "certificate_path": "/usr/local/web/certs/xxx.cf.cer",
                "key_path": "/usr/local/web/certs/xxx.cf.key"
            }
        },
    {
      "type": "vless",
      "tag": "vless-in",
      "listen": "::",
      "listen_port": 443,
      "users": [
        {
          "uuid": "xxx",
          "flow": "xtls-rprx-vision"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "www.xxx.cf",
        "reality": {
          "enabled": true,
          "handshake": {
            "server": "127.0.0.1",
            "server_port": 9443
          },
          "private_key": "xxx",
          "short_id": [
            "xxx"
          ]
        }
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    }
  ]
}
chika0801 commented 7 months ago

REALITY偷自己形式时,在sing-box的配置中

          "handshake": {
            "server": "127.0.0.1",
            "server_port": 9443
          },

sing-box没有xray配置中的xver 0/1/2这参数,你后端用Cadddy接收9443,我不懂caddy,应该是 caddy的The PROXY protocol作用的参数不要开才能https访问时成功显示你的内容。

chika0801 commented 7 months ago 
  {
            "type": "hysteria2",
            "tag": "hy2-in",
            "listen": "::",
            "listen_port": 443,
            "users": [
                {
                    "password": "xxx"
                }
            ],
            "masquerade": "https://127.0.0.1:9443",
            "tls": {
                "enabled": true,
                "alpn": [
                    "h3"
                ],
                "certificate_path": "/usr/local/web/certs/xxx.cf.cer",
                "key_path": "/usr/local/web/certs/xxx.cf.key"
            }
        },

至于hy2中的masquerade参数传递到caddy,如何测试,我没尝试过,我就帮不了你了。

有一个思路你还是Caddy监听9443,你用hy2原版程序搭,配置参数你查下hy2文档,把reality配置先停止。看是什么效果能不能通。有了经验再研究sing-box。

另外QUIC要不要搭伪装站做全套不。hy2文档的FAQ我记得作者有解释看,当然去学习测试折腾也是看自己爱不爱好。

chise0713 commented 7 months ago

在caddyfile里加上

    header / {
        Alt-Svc h3=":443"; ma=2592000
    }

试试看? 不懂caddy,瞎猜的,不过可以确定的是header返回了错误的端口。