novohool commented 1 year ago

问题描述：

gost服务使用fly.io部署，生成自带证书的域名 https://xx.fly.dev 此域名使用shadowrocket(socks5+mwss)可正常使用.

服务配置
```
services:
```

name: flyio addr: ":8080" handler: type: socks5 auth: username: admin password: admin listener: type: mws


启动 `gogost/gost -C config.yaml`
由于服务速度本身比较慢，影响体验，添加了cloudflare worker做转发。
使用个人域名xx.eu.org
cloudflare 本地域名使用严格的安全ssl，即`SSL/TLS encryption mode is Full (strict)`

cloudflare worker转发规则如下：

addEventListener(
"fetch", event => {
    let url = new URL(event.request.url);
    url.hostname = "xx.fly.dev";
    let request = new Request(url, event.request);
    event.respondWith(fetch(request))
}
)

cloudflare worker路由如下： xx.eu.org/* 指向这个 worker。

浏览器访问显示正常，即根返回404，/ws返回400

使用shadowrocket(socks5+mwss)失败，即修改域名xx.fly.dev为xx.eu.org

shadowrocket报错日志如下


[11:13:31.122] proxy lookup rule url => www.google.com:443 host => www.google.com port => 443
[11:13:31.122] proxy tunnel tcp rule => {
result = "DOMAIN-KEYWORD,google,PROXY";
type = PROXY;
ua = "TCP Stream";
url = "www.google.com:443";
}
[11:13:31.122] proxy lookup host => www.google.com:443 server => Socks5 policy => PROXY group => PROXY
[11:13:31.123] proxy tunnel => lookup host => xx.eu.org:443
[11:13:31.123] dns query did start => xx.eu.org total=> 2
[11:13:31.123] dns send ipv6 xx.eu.org to xx.xx.xx.99
[11:13:31.123] dns send ipv6 xx.eu.org to xxxx:xx:xxxx::1
[11:13:31.123] dns send ipv6 xx.eu.org to xxx:xx:xxx::1
[11:13:31.123] dns send ipv6 xx.eu.org to xx.xx.xxx.99
[11:13:31.123] dns send ipv4 xx.eu.org to xx.xx.xx.99
[11:13:31.123] dns send ipv4 xx.eu.org to xxxx:xx:xxxx::1
[11:13:31.123] dns send ipv4 xx.eu.org to xxx:xx:xxx::1
[11:13:31.123] dns send ipv4 xx.eu.org to xx.xx.xxx.99
[11:13:31.168] dns response 10 xx.eu.org from xxxx:xx:xxxx::1:53
[11:13:31.168] dns query prefer ipv4 => xx.eu.org, xxxx:4700:3030::xxxx:xxxx
[11:13:31.168] dns response record => {
elapsed = 45;
host = "xx.eu.org";
result = "xxxx:4700:3030::xxxx:xxxx";
server = "xxxx:xx:xxxx::1:53";
type = 28;
}
[11:13:31.173] dns response 10 xx.eu.org from xx.xx.xx.99:53
[11:13:31.173] dns query prefer ipv4 => xx.eu.org, 2606:4700:xxxx::xxxx:xxxx
[11:13:31.173] dns response record => {
elapsed = 50;
host = "xx.eu.org";
result = "2606:4700:xxxx::xxxx:xxxx";
server = "xx.xx.xx.99:53";
type = 28;
}
[11:13:31.173] dns response 10 xx.eu.org from xxx:xx:xxx::1:53
[11:13:31.174] dns query prefer ipv4 => xx.eu.org, xxxx:4700:3030::xxxx:xxxx
[11:13:31.174] dns response record => {
elapsed = 50;
host = "xx.eu.org";
result = "xxxx:4700:3030::xxxx:xxxx";
server = "xxx:xx:xxx::1:53";
type = 28;
}
[11:13:31.179] dns response 9 xx.eu.org from xxxx:xx:xxxx::1:53
[11:13:31.180] dns query did finish xx.eu.org => success total => 0
[11:13:31.180] dns response record => {
elapsed = 56;
host = "xx.eu.org";
result = "xx.xx.xx.140";
server = "xxxx:xx:xxxx::1:53";
type = 1;
}
[11:13:31.180] next mux stream id => 1
[11:13:31.181] create mux session => B01605C6-xxxx-4293-xxxx-xxxxxxxxx
[11:13:31.183] dns response 9 xx.eu.org from xx.xx.xx.99:53
[11:13:31.183] dns response 9 xx.eu.org from xxx:xx:xxx::1:53
[11:13:31.185] dns response 10 xx.eu.org from xx.xx.xxx.99:53
[11:13:31.554] start tls peer => xx.eu.org insecure => 0 auth => 0
[11:13:31.897] gost session connect to host => xx.xx.xx.140:443
[11:13:32.507] gost session handshake error => HTTP/1.1 403 Forbidden
Server: cloudflare
Date: Tue, 28 Mar 2023 03:13:32 GMT
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7aecb2a21b9b9e50-SJC

403 Forbidden

cloudflare

[11:13:32.507] mux session did disconnect reason B01605C6-xxxx-4293-xxxx-xxxxxxxxx => [11:13:32.507] remove closed chain socket => xx.xx.xx.140:443 [11:13:32.507] chain socket dealloc => 0 [11:13:32.508] proxy stream disconnect reason www.google.com:443 => Socket closed by remote

NightMachinery commented 1 year ago

@novohool What protocol did you use on Shadowrocket for mwss?

https://github.com/go-gost/gost/issues/285

ginuerzh commented 1 year ago

可以使用v2版本试试，目前不能保证v2和v3功能上的一致。

novohool commented 1 year ago

可以使用v2版本试试，目前不能保证v2和v3功能上的一致。 cloudflare worker支持wss的问题，修改了可用。现在的问题是ios端要怎么使用这个版本的。 shadowrock客户端目前仅仅支持你个人项目下的版本。

go-gost / gost

使用cloudflare cdn后不生效问题 #198

问题描述：

403 Forbidden