search

p4gefau1t / trojan-go

Go实现的Trojan代理,支持多路复用/路由功能/CDN中转/Shadowsocks混淆插件,多平台,无依赖。A Trojan proxy written in Go. An unidentifiable mechanism that helps you bypass GFW. https://p4gefau1t.github.io/trojan-go/
GNU General Public License v3.0
7.54k stars 1.64k forks source link

trojan-go fallback to caddy shows ERROR that:[first record does not look like a TLS handshake] #436

Closed AmberisMyShiba closed 2 years ago

AmberisMyShiba commented 2 years ago

trojan-go version:Trojan-Go v0.10.6 caddy version:2.4.6 with naive forwardproxy

问题和我想要的结果:

  1. trojan-go监听443端口,remote_port设为8443(8443由caddy监听),fallback-port设为80,由caddy来处理防探测。
  2. caddy带有forwardproxy模块,如果不接trojan-go的fallback,单独使用可以正常处理naive的连接。
  3. 目前的配置,用客户端trojan-go可以正常连接,用naive客户端连接则出现下面的错误输出。 我希望用naive连接443端口,trojan-go可以正确fallback分流到caddy处理。

trojan-go error log

[INFO]  2022/04/01 15:56:35 user 61efc6b4c0450aa2db077406bac41ca0434e2667c652fd92aa3d4543 from ${myIPAddress}:43299 tunneling to 1.0.0.1:443 closed sent: 3.60 KiB recv: 712 B
[INFO]  2022/04/01 15:56:38 tcp connection from ${myIPAddress}:43344
[INFO]  2022/04/01 15:56:38 tcp connection from ${myIPAddress}:43343
[INFO]  2022/04/01 15:56:38 tls connection from ${myIPAddress}:43343
[ERROR] 2022/04/01 15:56:38 github.com/p4gefau1t/trojan-go/tunnel/trojan.(*Server).acceptLoop:server.go:130 trojan failed to accept conn | websocket is disabled. redirecting http request from ${myIPAddress}:43343
[WARN]  2022/04/01 15:56:38 redirecting connection from ${myIPAddress}:43343 to 127.0.0.1:8443
[INFO]  2022/04/01 15:56:38 redirection done
[INFO]  2022/04/01 15:56:39 tls connection from ${myIPAddress}:43344
[ERROR] 2022/04/01 15:56:39 github.com/p4gefau1t/trojan-go/tunnel/trojan.(*Server).acceptLoop:server.go:130 trojan failed to accept conn | websocket is disabled. redirecting http request from ${myIPAddress}:43344
[WARN]  2022/04/01 15:56:39 redirecting connection from ${myIPAddress}:43344 to 127.0.0.1:8443
[INFO]  2022/04/01 15:56:39 redirection done

caddy debug log

1.6487993895891874e+09  debug   http.stdlib     http: TLS handshake error from 127.0.0.1:40550: tls: first record does not look like a TLS handshake
1.6487993904677055e+09  debug   http.stdlib     http: TLS handshake error from 127.0.0.1:40552: tls: first record does not look like a TLS handshake
1.6487993915921288e+09  debug   http.stdlib     http: TLS handshake error from 127.0.0.1:40554: tls: first record does not look like a TLS handshake

trojan-go config

{
    "run_type": "server",
    "local_addr": "0.0.0.0",
    "local_port": 443,
    "remote_addr": "127.0.0.1",
    "remote_port": 8443,
    "password": [
        "PASSWORD"
    ],
    "ssl": {
        "sni": "domain",
        "cert": "domain.crt",
        "key":  "domain.key",
        "fallback_addr":"127.0.0.1",
        "fallback_port": 80,
        "alpn":[
                "h2",
                "http/1.1"
        ],
        "reuse_session": true,
        "session_ticket": false,
        "plain_http_response": ""
    },
    "tcp": {
        "no_delay": true,
        "keep_alive": true,
        "prefer_ipv4": false
    },
    "mux": {
        "enabled": true
        },
    "router": {
        "enabled": true,
        "block":[
        "geosite:category-ads"
        ]
        },
    "websocket": {
        "enabled": false,
        "path": "/PATH",
        "host": "domain"
    },
    "shadowsocks": {
        "enabled": false,
        "method": "AES-128-GCM",
        "password": "PASSWORD"
    }
}

caddy config

{
        debug
        order forward_proxy before map
        admin off
        log {
                format console
                output file /var/log/caddy/caddy.log {
                        level DEBUG
                        roll_size 10mb
                        roll_keep 3
                        roll_keep_for 7d
                }
        }
        auto_https off
        servers 127.0.0.1:8443 {
                protocol {
                        allow_h2c
                        experimental_http3
                }
        }
}
:80 {
        redir https://domain.me permanent 
}
http://domain.me {
        reverse_proxy 127.0.0.1:5212
        }

https://domain.me:8443 {
        tls mymail@gmail.com {
                on_demand
        }
        reverse_proxy 127.0.0.1:5212
        reverse_proxy @grpc {
                to h2c://localhost:16891
                flush_interval -1
                transport http {
                        versions h2c 2
                }
        }
        @grpc {
                protocol grpc
                path /toPath/*
        }
        route {
                forward_proxy {
                        basic_auth username password
                        hide_ip
                        hide_via
                        probe_resistance cloudflare.com
                }
        }
}