Open Angel0726 opened 3 months ago
但是naiveproxy代理失效
What does that mean?
What have you done for debugging?
Where are the verbose level logs?
What does that mean?
I have deployed naiveproxy and websites on the server. Now, I not only hope to proxy naiveproxy according to the domain name of port 443, but also hope to access different websites according to different domain names of port 443.
What have you done for debugging?
Here are my config
{
order forward_proxy before reverse_proxy
order forward_proxy before file_server
}
aaa.com :443 {
tls sfddsf.com
route {
forward_proxy {
basic_auth admin password
hide_ip
hide_via
probe_resistance
upstream socks5://127.0.0.1:1008
}
file_server
{
root /srv
}
}
}
bbb.com {
tls sfddsf.com
reverse_proxy http://127.0.0.1:1080
}
Where are the verbose level logs?
server log
root@v2ray:~# caddy run /etc/caddy/Caddyfile
2024/02/15 08:17:31.039 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/02/15 08:17:31.040 INFO serving initial configuration
client log
D/v2ray-core: 127.0.0.1:46494 accepted tcp:hh.vabc.eu.org:443 [direct]
E/libnaive: [0215/161527.263704:ERROR:ssl_client_socket_impl.cc(968)] handshake failed; returned -1, SSL error code 1, net_error -101
D/v2ray-core: 127.0.0.1:46498 accepted tcp:hh.vabc.eu.org:443 [direct]
E/libnaive: [0215/161529.721686:ERROR:ssl_client_socket_impl.cc(968)] handshake failed; returned -1, SSL error code 1, net_error -101
D/v2ray-core: 127.0.0.1:46508 accepted tcp:hh.vabc.eu.org:443 [direct]
E/libnaive: [0215/161532.192490:ERROR:ssl_client_socket_impl.cc(968)] handshake failed; returned -1, SSL error code 1, net_error -101
D/v2ray-core: 127.0.0.1:46520 accepted tcp:hh.vabc.eu.org:443 [direct]
E/libnaive: [0215/161534.740628:ERROR:ssl_client_socket_impl.cc(968)] handshake failed; returned -1, SSL error code 1, net_error -101
D/v2ray-core: 127.0.0.1:38032 accepted tcp:hh.vabc.eu.org:443 [direct]
E/libnaive: [0215/161556.145556:ERROR:ssl_client_socket_impl.cc(968)] handshake failed; returned -1, SSL error code 1, net_error -101
D/v2ray-core: 127.0.0.1:46458 accepted tcp:hh.vabc.eu.org:443 [direct]
E/libnaive: [0215/161558.504540:ERROR:ssl_client_socket_impl.cc(968)] handshake failed; returned -1, SSL error code 1, net_error -101
D/v2ray-core: 127.0.0.1:46460 accepted tcp:hh.vabc.eu.org:443 [direct]
E/libnaive: [0215/161600.889752:ERROR:ssl_client_socket_impl.cc(968)] handshake failed; returned -1, SSL error code 1, net_error -101
D/v2ray-core: 127.0.0.1:46466 accepted tcp:hh.vabc.eu.org:443 [direct]
D/v2ray-core: 127.0.0.1:46792 accepted //android.apis.google.com:443 [proxy-global-12]
D/v2ray-core: 127.0.0.1:39236 accepted tcp:hh.vabc.eu.org:443 [direct]
E/libnaive: [0215/161604.045383:ERROR:ssl_client_socket_impl.cc(968)] handshake failed; returned -1, SSL error code 1, net_error -100
i see https://github.com/klzgrad/naiveproxy/issues/602 it different from my issue. the below config works, but upsite doesn't work
aaa.com :443
tls sfddsf.com
route {
forward_proxy {
basic_auth admin password
hide_ip
hide_via
probe_resistance
upstream socks5://127.0.0.1:1008
}
file_server
{
root /srv
}
}
你的配置存在问题。
{ order forward_proxy before reverse_proxy order forward_proxy before file_server } aaa.com :443 { tls sfddsf.com route { forward_proxy { basic_auth admin password hide_ip hide_via probe_resistance upstream socks5://127.0.0.1:1008 } file_server { root /srv } } } bbb.com { tls sfddsf.com reverse_proxy http://127.0.0.1:1080 }
并不是有效的 Caddyfile 文件。
通过 caddy adapt
可以发现至少两个明显的问题:
Error: Unexpected '{' on a new line; did you mean to place the '{' on the previous line?, at t.conf:16
Error: parsing caddyfile tokens for 'tls': single argument must either be 'internal' or an email address, at t.conf:6
修正上述错误后的配置文件如下:
{
order forward_proxy before reverse_proxy
order forward_proxy before file_server
}
aaa.com :443 {
tls i@example.com
route {
forward_proxy {
basic_auth admin password
hide_ip
hide_via
probe_resistance
upstream socks5://127.0.0.1:1008
}
file_server {
root /srv
}
}
}
bbb.com {
tls i@example.com
reverse_proxy http://127.0.0.1:1080
}
其对应的 json 文件如下:
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"routes": [
{
"match": [
{
"host": [
"bbb.com"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "127.0.0.1:1080"
}
]
}
]
}
]
}
],
"terminal": true
},
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"auth_pass_deprecated": "password",
"auth_user_deprecated": "admin",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {},
"upstream": "socks5://127.0.0.1:1008"
},
{
"handler": "file_server",
"hide": [
"./t.conf"
],
"root": "/srv"
}
]
}
]
}
]
}
]
}
],
"terminal": true
}
]
}
}
},
"tls": {
"certificates": {
"automate": [
"aaa.com"
]
},
"automation": {
"policies": [
{
"subjects": [
"bbb.com",
"aaa.com"
],
"issuers": [
{
"email": "i@example.com",
"module": "acme"
},
{
"email": "i@example.com",
"module": "zerossl"
}
]
}
]
}
}
}
}
从解析后的 json 配置来看,naiveproxy Caddy 配置应该是没有问题的。
但注意到你使用了 upstream
参数,想问一下你是否配置好了相应的上游代理?如果未设置上游代理或上游代理无法正常工作,也将导致 naiveproxy 客户端无法正常运行。
建议移除 upstream
参数。
I have deployed naiveproxy and websites on the server. Now, I not only hope to proxy naiveproxy according to the domain name of port 443, but also hope to access different websites according to different domain names of port 443.
根据你的目的,更加优雅一些的配置文件如下:
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [":443"],
"routes": [
{
"handle": [
{
"auth_pass_deprecated": "password",
"auth_user_deprecated": "admin",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {}
}
]
},
{
"match": [
{
"host": ["bbb.com"]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "127.0.0.1:1080"
}
]
}
]
}
]
}
],
"terminal": true
},
{
"match": [
{
"host": ["aaa.com"]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "file_server",
"hide": ["./t.conf"],
"root": "/srv"
}
]
}
]
}
],
"terminal": true
}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"subjects": ["bbb.com", "aaa.com"],
"issuers": [
{
"email": "i@example.com",
"module": "acme"
},
{
"email": "i@example.com",
"module": "zerossl"
}
]
}
]
}
}
}
}
编写配置文件有几点需要注意:
这个可以用
aaa.com :443
tls sfddsf.com
route {
forward_proxy {
basic_auth admin password
hide_ip
hide_via
probe_resistance
upstream socks5://127.0.0.1:1008
}
file_server
{
root /srv
}
}
但是,下面的不可以用
{
order forward_proxy before reverse_proxy
order forward_proxy before file_server
}
aaa.com :443 {
tls sfddsf@11.com
route {
forward_proxy {
basic_auth admin password
hide_ip
hide_via
probe_resistance
upstream socks5://127.0.0.1:10080
}
file_server {
root /srv
}
}
}
bbb.com :443 {
tls sfddsf@11.com
reverse_proxy http://127.0.0.1:1080
}
我测试了下面的配置不可以
{
order forward_proxy before reverse_proxy
order forward_proxy before file_server
}
aaa.com :443 {
tls i@example.com
route {
forward_proxy {
basic_auth admin password
hide_ip
hide_via
probe_resistance
upstream socks5://127.0.0.1:1008
}
file_server {
root /srv
}
}
}
bbb.com {
tls i@example.com
reverse_proxy http://127.0.0.1:1080
}
你的配置存在问题。
{ order forward_proxy before reverse_proxy order forward_proxy before file_server } aaa.com :443 { tls sfddsf.com route { forward_proxy { basic_auth admin password hide_ip hide_via probe_resistance upstream socks5://127.0.0.1:1008 } file_server { root /srv } } } bbb.com { tls sfddsf.com reverse_proxy http://127.0.0.1:1080 }
并不是有效的 Caddyfile 文件。
通过
caddy adapt
可以发现至少两个明显的问题:
Error: Unexpected '{' on a new line; did you mean to place the '{' on the previous line?, at t.conf:16
Error: parsing caddyfile tokens for 'tls': single argument must either be 'internal' or an email address, at t.conf:6
修正上述错误后的配置文件如下:
{ order forward_proxy before reverse_proxy order forward_proxy before file_server } aaa.com :443 { tls i@example.com route { forward_proxy { basic_auth admin password hide_ip hide_via probe_resistance upstream socks5://127.0.0.1:1008 } file_server { root /srv } } } bbb.com { tls i@example.com reverse_proxy http://127.0.0.1:1080 }
其对应的 json 文件如下:
{ "apps": { "http": { "servers": { "srv0": { "listen": [ ":443" ], "routes": [ { "match": [ { "host": [ "bbb.com" ] } ], "handle": [ { "handler": "subroute", "routes": [ { "handle": [ { "handler": "reverse_proxy", "upstreams": [ { "dial": "127.0.0.1:1080" } ] } ] } ] } ], "terminal": true }, { "handle": [ { "handler": "subroute", "routes": [ { "handle": [ { "handler": "subroute", "routes": [ { "handle": [ { "auth_pass_deprecated": "password", "auth_user_deprecated": "admin", "handler": "forward_proxy", "hide_ip": true, "hide_via": true, "probe_resistance": {}, "upstream": "socks5://127.0.0.1:1008" }, { "handler": "file_server", "hide": [ "./t.conf" ], "root": "/srv" } ] } ] } ] } ] } ], "terminal": true } ] } } }, "tls": { "certificates": { "automate": [ "aaa.com" ] }, "automation": { "policies": [ { "subjects": [ "bbb.com", "aaa.com" ], "issuers": [ { "email": "i@example.com", "module": "acme" }, { "email": "i@example.com", "module": "zerossl" } ] } ] } } } }
从解析后的 json 配置来看,naiveproxy Caddy 配置应该是没有问题的。
但注意到你使用了
upstream
参数,想问一下你是否配置好了相应的上游代理?如果未设置上游代理或上游代理无法正常工作,也将导致 naiveproxy 客户端无法正常运行。 建议移除upstream
参数。I have deployed naiveproxy and websites on the server. Now, I not only hope to proxy naiveproxy according to the domain name of port 443, but also hope to access different websites according to different domain names of port 443.
根据你的目的,更加优雅一些的配置文件如下:
{ "apps": { "http": { "servers": { "srv0": { "listen": [":443"], "routes": [ { "handle": [ { "auth_pass_deprecated": "password", "auth_user_deprecated": "admin", "handler": "forward_proxy", "hide_ip": true, "hide_via": true, "probe_resistance": {} } ] }, { "match": [ { "host": ["bbb.com"] } ], "handle": [ { "handler": "subroute", "routes": [ { "handle": [ { "handler": "reverse_proxy", "upstreams": [ { "dial": "127.0.0.1:1080" } ] } ] } ] } ], "terminal": true }, { "match": [ { "host": ["aaa.com"] } ], "handle": [ { "handler": "subroute", "routes": [ { "handle": [ { "handler": "file_server", "hide": ["./t.conf"], "root": "/srv" } ] } ] } ], "terminal": true } ] } } }, "tls": { "automation": { "policies": [ { "subjects": ["bbb.com", "aaa.com"], "issuers": [ { "email": "i@example.com", "module": "acme" }, { "email": "i@example.com", "module": "zerossl" } ] } ] } } } }
编写配置文件有几点需要注意:
- forward_proxy handler 外不能有 match host。
- 不能开启 strict_sni_host。
upstream后边用v2ray做了分流。你可以看我上面的介绍,不做域名代理是可以使用的
网站aaa.com、bbb.com都能打开,但是naiveproxy代理失效。