疑似ssl证书问题

[falltree]

系统版本 win10 pro，goflyway版本1.2.0a/1.1.0a，之前都使用正常，直到昨天重新全新安装了win10 pro。发现goflyway不正常，google，youtube无法访问，在chrome里提示ERR_CONNECTION_CLOSED，在firefox则是提示服务器响应时间过长，ca.pem已导入了中间证书后，仍然无法正常。 同时注意到，如果是无ssl证书的地址如www.wenxuecity.com，则可以通过goflyway代理正常访问。

[coyove]

请使用-lv dbg输出更详细的日志。 如果是证书错误，浏览器应该会提示网页不安全，而不是ERR_CONNECTION_CLOSED。 请确定浏览器与客户端之间的连接，客户端与服务端之间的连接正常 请试着访问http://example.org/，观察是否可以正常连接

[falltree]

使用的doub.io的goflyway tools客户端，加了参数-lv dbg，日志如下。另外现在chrome报错有时显示ERR_TIMED_OUT，有时有ERR_EMPTY

• access client web console at [ 127.0.0.1:8101 ] [_0415/220333.642:client.go(363)] CONNECT^ www.youtube.com:443 (global) ... 2 similar message(s) [_0415/220336.139:client.go(363)] CONNECT^ clients2.google.com:443 (global) [_0415/220350.036:client.go(363)] CONNECT^ www.youtube.com:443 (global) [_0415/220409.038:client.go(363)] CONNECT^ www.google.com:443 (global) [_0415/220410.308:client.go(363)] CONNECT^ www.youtube.com:443 (global) ... 3 similar message(s) [_0415/220416.038:io.go(190)] active connections: 4 [_0415/220418.071:client.go(363)] CONNECT^ clients2.google.com:443 (global) [_0415/220425[_0415/220516.039:io.go(190)] active connections: 6

[coyove]

看了下日志，你使用的还是普通的http代理，所以并不涉及证书的问题。 同时日志显示客户端的请求已经发出，请在服务端也加上-lv dbg，观察这些发出的请求是否送达到了服务端。

[falltree]

可以确定肯定是电脑端的问题，服务端没有动过任何设置，电脑重装前也正常，重装了，大概半小时后重装完成，用同样的客户端goflyway tool，同样设置来运行，就无法访问youtube了，与此同时，装了1.2.0a的手机端仍然是正常。现在就是奇怪电脑端难道还有什么需要设置的地方？

服务端如下，用**遮掩了一些信息，使用80端口： root@debian:/usr/local/goflyway# ./goflyway -k=*** -l=":80" -proxy-pass="****" -lv dbg

• goflyway (build 180404051442)
• launched as server (aka upstream)
• upstream 0F2A92 started at [ :80 ]
• alternatively act as a reverse proxy: http://*** [_0415/235842.074:server.go(173)] CONNECT www.google.com:443 [_0415/235842.130:server.go(173)] CONNECT accounts.google.com:443 [_0415/235842.130:server.go(173)] CONNECT clients2.google.com:443 [_0415/235845.000:server.go(173)] CONNECT www.google.com:443 ... 2 similar message(s) ... 1 similar message(s) [_0415/235851.106:server.go(173)] CONNECT duckduckgo.com:443 [_0415/235854.821:server.go(173)] CONNECT www.google.com:443 [_0415/235901.351:server.go(173)] CONNECT duckduckgo.com:443 [_0415/235911.220:server.go(173)] CONNECT www.youtube.com:443 [_0415/235919.627:io.go(190)] active connections: 4 [_0415/235919.630:io.go(195)] multiplexer state: 0/0 [_0415/235923.895:server.go(173)] CONNECT accounts.google.com:443 [_0415/235923.895:server.go(173)] CONNECT www.google.com:443 [_0415/235923.896:server.go(173)] CONNECT clients2.google.com:443 [_0415/235926.931:server.go(173)] CONNECT www.google.com:443 ... 2 similar message(s) ... 1 similar message(s)

[coyove]

那么请试一下使用命令行启动客户端，goflyway -up="..." -lv dbg，以排除goflyway tool的问题嫌疑

[falltree]

疑难杂症啊，上述服务端日志就是服务端和电脑端都用命令行直接运行的结果，今天再用命令行运行如下。浏览器也换了几个，都是同样情况，用其他代理brook就正常，换goflyway就不行。实在不行只能再重装win10看看了。

PC端： D:\GoFlyway\1.2.0a>goflyway.exe -k="" -up=":80" -l=":****" -web-port="8101" -lv dbg

• goflyway (build 180404051442)
• launched as client
• proxy 0F2A92 started at [ 0.0.0.0: ], upstream: [ :80 ]
• access client web console at [ 127.0.0.1:8101 ] [_0416/111354.500:client.go(363)] CONNECT^ clients1.google.com:443 (remote-proxy) [E0416/111356.280:httpmux.go(40)] prefetch err: read 127.0.0.1:51794, i/o timeout [_0416/111401.482:client.go(363)] CONNECT^ clients1.google.com:443 (cached) ... 2 similar message(s) [_0416/111413.244:client.go(363)] CONNECT^ www.youtube.com:443 (remote-proxy) [_0416/111414.193:client.go(363)] CONNECT^ clients1.google.com:443 (cached) ... 1 similar message(s) [_0416/111419.750:client.go(363)] CONNECT^ www.google.com:443 (remote-proxy) [_0416/111419.951:client.go(363)] CONNECT^ www.gstatic.com:443 (remote-proxy) [_0416/111419.980:client.go(363)] CONNECT^ lh3.googleusercontent.com:443 (remote-proxy) [_0416/111419.986:client.go(363)] CONNECT^ clients5.google.com:443 (remote-proxy) [_0416/111419.993:client.go(363)] CONNECT^ ogs.google.com:443 (remote-proxy) [_0416/111419.993:client.go(363)] CONNECT^ clients5.google.com:443 (remote-proxy) [_0416/111420.322:client.go(363)] CONNECT^ apis.google.com:443 (remote-proxy) [_0416/111453.807:io.go(190)] active connections: 20 [_0416/111456.712:client.go(363)] CONNECT^ clients1.google.com:443 (cached) [_0416/111501.035:client.go(363)] CONNECT^ www.google.com:443 (cached) [_0416/111505.810:client.go(363)] CONNECT^ clients1.google.com:443 (cached) ... 1 similar message(s) —————————————————————————————————— 服务端 root@debian:/usr/local/goflyway# ./goflyway -k= -l=":80" -proxy-pass="http:" -lv dbg
• goflyway (build 180404051442)
• launched as server (aka upstream)
• upstream 0F2A92 started at [ :80 ]
• alternatively act as a reverse proxy: http:**** [_0416/111355.142:server.go(160)] DNS: clients1.google.com 172.217.5.78 [_0416/111355.673:server.go(173)] CONNECT clients1.google.com:443 ... 1 similar message(s) ... 1 similar message(s) ... 1 similar message(s) [_0416/111413.883:server.go(160)] DNS: www.youtube.com 216.58.219.46 [_0416/111414.347:server.go(173)] CONNECT www.youtube.com:443 [_0416/111415.350:server.go(173)] CONNECT clients1.google.com:443 ... 1 similar message(s) [_0416/111420.479:server.go(160)] DNS: www.google.com 216.58.219.4 [_0416/111420.653:server.go(160)] DNS: apis.google.com 216.58.217.206 [_0416/111420.654:server.go(160)] DNS: lh3.googleusercontent.com 216.58.219.1 [_0416/111420.664:server.go(160)] DNS: clients5.google.com 172.217.4.142 ... 1 similar message(s) [_0416/111420.667:server.go(160)] DNS: ogs.google.com 172.217.14.78 [_0416/111420.669:server.go(160)] DNS: www.gstatic.com 172.217.11.163 [_0416/111420.863:server.go(173)] CONNECT www.google.com:443 [_0416/111421.055:server.go(173)] CONNECT www.gstatic.com:443 [_0416/111421.059:server.go(173)] CONNECT lh3.googleusercontent.com:443 [_0416/111421.063:server.go(173)] CONNECT ogs.google.com:443 [_0416/111421.068:server.go(173)] CONNECT clients5.google.com:443 ... 1 similar message(s)

[coyove]

请尝试运行以下命令：

./goflyway get -up="..." -v google.com

看能否成功

[falltree]

貌似成功。加入了-k后是这样的： D:\GoFlyway\1.2.0a>goflyway get -k= -up=":80" -v google.com

• goflyway (build 180404051442)
• launched as client
• GET http://google.com HTTP/1.1
• redirect: http://www.google.com/
• GET http://www.google.com/ HTTP/1.1
• decoding gzip content
• copy body: 3 KB / 4 KB * HTTP/1.1 200 OK
• Content-Length: 4632
• Cache-Control: private, max-age=0
• Content-Encoding: gzip
• Content-Type: text/html; charset=ISO-8859-1
• Date: Mon, 16 Apr 2018 06:44:25 GMT
• Expires: -1
• P3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
• Server: gws
• Set-Cookie: 1P_JAR=2018-04-16-06; expires=Wed, 16-May-2018 06:44:25 GMT; path=/; domain=.google.com
• Set-Cookie: NID=128=G0aJn7ccDpnhWK7Hm5oUQJjwWdRt10sVQmFvZ446xW12rkYc19aDSatkrUfGv7sWNSWPsRLQthWUxbzWzMnTtzdZPzEhDKb3go_88VaHiMdNpsQMdiQf7mucR7m2MsG3; expires=Tue, 16-Oct-2018 06:44:25 GMT; path=/; domain=.google.com; HttpOnly
• X-Frame-Options: SAMEORIGIN
• X-Xss-Protection: 1; mode=block
• copy body: 4 KB / 4 KB <!doctype html>
  Search Images Maps Play YouTube News Gmail Drive More »

  Web History | Settings | Sign in
  
  
  
  
  

  Advanced searchLanguage tools

  
  
  Advertising�ProgramsBusiness Solutions+GoogleAbout Google

  © 2018 - Privacy - Terms

• completed in 0.680s

[coyove]

看来服务端客户端之间的连接没有问题。 那么请尝试将客户端监听在0.0.0.0上，然后使用其他设备或系统连接客户端并尝试联网，观察是否可以正常工作。

[falltree]

没太明白，监听0.0.0.0意思是电脑端命令行不设服务器ip，然后通过代理上网？这样的结果是无法联网： 电脑命令行执行后：

• goflyway (build 180404051442)
• launched as client
• proxy 0F2A92 started at [ 0.0.0.0:8100 ], upstream: [ 0.0.0.0:8188 ]
• access client web console at [ 127.0.0.1:8110 ]

浏览器设了goflyway代理后显示 proxyconnect tcp: dial tcp 0.0.0.0:80: connectex: No connection could be made because the target machine actively refused it.

[coyove]

是客户端：./goflyway -up="..." -k="..." -l="0.0.0.0:8100" 这样同一网关——比如家里的wifi——里的其他设备——比如手机——通过设置代理为电脑的ip+8100，来访问网络

[falltree]

原来还可以这么玩。刚试了一下，结果有些微妙。 手机以电脑IP+8189端口作为代理，可以上国内新浪，搜狐等网站，也可以上google.com，能搜索，但是youtube，twitter都失败，www.google.com.hk，www.google.com.jp也都失败

D:\GoFlyway\1.2.0a>goflyway -up="" -k="" -l="0.0.0.0:8189"

• goflyway (build 180404051442)
• launched as client
• proxy 0F2A92 started at [ 0.0.0.0:8189 ], upstream: [ *** ]
• access client web console at [ 127.0.0.1:8199 ] [E0416/202114.589:client.go(401)] HTTP forward: http://183.61.109.210:10033/, dial 183.61.109.210:10033, Connection timed out ... 1 similar message(s) ... 1 similar message(s) [E0416/202258.077:client.go(314)] dial 110.80.142.121:443, Connection refused ... 1 similar message(s) ... 1 similar message(s) [E0416/202303.084:httpmux.go(40)] prefetch err: read 192.168.50.62:60128, i/o timeout [E0416/202304.238:client.go(314)] dial 110.80.142.121:443, Connection refused [E0416/202305.269:httpmux.go(40)] prefetch err: read 192.168.50.62:60133, i/o timeout ... 1 similar message(s) [E0416/202308.518:client.go(314)] dial 110.80.142.121:443, Connection refused [E0416/202309.525:httpmux.go(40)] prefetch err: read 192.168.50.62:60136, i/o timeout ... 1 similar message(s) ... 1 similar message(s) [E0416/202333.759:client.go(401)] HTTP forward: http://www.google.com/xjs/_/js/k=xjs.qs.zh_CN.xToyD4yhBEs.O/m=RMhBfe/am=gEWyMgVCAgHGFDEBGYy-AEpAEQ/exm=sx,bct,cdos,elog,hsm,jsa,qim,r,d,csi,sb_wiz,aa,abd,async,dvl,foot,ipv6,mu,mhp,qmp,d3l,rQSi2,iP7ptb,if1iFc,yQ43ff,ws9Tlc,uz938c,xpltpb,Fkg7bd,vWNDde,kopZwe,czrJpf,QfiAub,wI7Sfc,HcFEGb,L1AAkb,xPR7tc,y8zIvc,opNw3,Uox2uf,dtPt4d,CiVnBc/rt=j/d=1/ed=1/t=zcms/rs=ACT90oHxLDtnod9J_fF2Qozy5OXSYsNijA, context canceled [E0416/202336.160:httpmux.go(40)] prefetch err: read 192.168.50.62:60161, i/o timeout ... 1 similar message(s) ... 1 similar message(s) ... 1 similar message(s) [E0416/202343.290:client.go(314)] dial 110.80.142.121:443, Connection refused [E0416/202345.176:httpmux.go(40)] prefetch err: read 192.168.50.62:60166, i/o timeout [E0416/202345.635:client.go(401)] HTTP forward: http://www.google.com/images/branding/product/ico/googleg_lodp.ico, read 45.78.13.5:80, Connection reset by peer [E0416/202355.978:httpmux.go(40)] prefetch err: read 192.168.50.62:60180, i/o timeout ... 1 similar message(s) ... 1 similar message(s)

[coyove]

google是通过http访问的吗？

[falltree]

手机直接浏览器访问的，没注意http还是https，很可能是http，我之前说的www.wenxuecity.com，在手机也可以访问，就是http的。而https的youtube，twitter都不行，和电脑浏览器有类似，这些通过http可以访问的，也不是很稳定，有时也访问不了。综合这些情况看，电脑端和服务端通信是正常的，似乎浏览器处理这些数据，尤其是https的数据出了问题。cent browser/chrome/firefox，edge也试了下，都一样的问题。有可能是系统本身哪里出了问题，打算重装来试试了。

[falltree]

不想一直折腾，已重装win10，重装后一切正常。侧面证明是之前系统可能是抽疯造成的，应该不是普遍情况。在这个特殊情况下，系统的问题可能会造成goflyway代理下https的网站访问不正常（似乎是网页内容已经传回，但浏览器无法正确处理，要么当成错误信息，要么当初empty），部分非https的偶尔能够访问。 非常感谢coyove的支持，希望goflyway项目越来越完善。