Open Nerom opened 4 years ago
Proxy_pass must be https:
location /ss {
proxy_pass https://127.0.0.1:9999;
...
}
@vanyaindigo is http
not https
@Nerom
remove =
from location = /ss
m like location /ss
, i dont belive you can pass nginx -t
with your config;
remove last /
from http://127.0.0.1:9999/
like http://127.0.0.1:9999
if you just want use tls, remove all location = /ss { ... }
code block from your 80 listen.
@vanyaindigo is
http
nothttps
Nope https, I'm now working through https
@vanyaindigo is
http
nothttps
Nope https, I'm now working through https
yes, I read a lot of articles, all told it should work... but it did not... weird...
@vanyaindigo is
http
nothttps
@Nerom
- remove
=
fromlocation = /ss
m likelocation /ss
, i dont belive you can passnginx -t
with your config;- remove last
/
fromhttp://127.0.0.1:9999/
likehttp://127.0.0.1:9999
- if you just want use tls, remove all
location = /ss { ... }
code block from your 80 listen.
=
, I config refer to nginx official docs, and it does pass nginx -t
/
, because I did not config a path in v2ray-plugin opts. and you can refer to nginx official docs to find out what config like that means.it seems the issue of nginx reverse proxying websocket with tls
it seems the issue of nginx reverse proxying websocket with tls
There is no issue. all is working perfectly.
I read a lot of articles
So you can read one more
v2ray-plugin through nginx with tls is not working properly. I have built ss with v2ray plugin through nginx without tls, it is working fine. but when I only add tls support for nginx and modify client config accordingly, it did not work. I have tested nginx tls, it works. u can try n3ro.me to test tls. could anybody help me to investigating the issue ? here is the config content.
- nginx:
server { listen 80; listen [::]:80; server_name n3ro.me; error_page 497 https://$host$uri; location = /ss { proxy_pass http://127.0.0.1:9999/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; } location / { return 497; } } server { listen 443 ssl; listen [::]:443 ssl; server_name n3ro.me; ssl on; ssl_certificate /root/.acme.sh/n3ro.me/n3ro.me.cer; ssl_certificate_key /root/.acme.sh/n3ro.me/n3ro.me.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location = /ss { proxy_pass http://127.0.0.1:9999/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; } location = / { return 302 /yacd; } location / { root /root/websites/n3ro.me; index index.html; } }
- shadowsocks
{ "server":"0.0.0.0", "server_port":9999, "local_port":1080, "mode":"tcp_and_udp", "password":"******", "timeout":600, "method":"chacha20-ietf-poly1305", "fast_open":true, "plugin":"v2ray-plugin", "plugin-opts":"server" }
- starting shadowsocks command
/usr/bin/ss-server -c /etc/shadowsocks-libev/config.json --plugin v2ray-plugin --plugin-opts "server"
ps: why I start it using this command, it is because if I use
systemctl start shadowsocks-libev
, it cannot start v2ray-plugin, but this way works.
- client active
v2ray-plugin
plugin, and set plugin opts ashost=n3ro.me;path=/ss
, set port as80
, if with tls, then set plugin opts astls;host=n3ro.me;path=/ss
and port as443
"plugin-opts" should be "plugin_opts". Give it a try. This is mine: "plugin_opts":"server;host=example.com;path=/example;loglevel=none"
It does work. However, UDP doesn't seem to work. The server received the packets but it seems shadowsocks with v2-ray plugin on the server side cannot handle the UDP packet. Or, perhaps Nginx couldn't handle the UDP packets.
v2-ray plugin on the server side
works only with tcp - websockets
It does work. However, UDP doesn't seem to work. The server received the packets but it seems shadowsocks with v2-ray plugin on the server side cannot handle the UDP packet. Or, perhaps Nginx couldn't handle the UDP packets.
Only TCP goes through the plugin. UDP bypasses the plugin (by shadowsocks design) and will try to connect to plain shadowsocks. If you run the server with -u and open up the UDP port it will work, but it will be just regular shadowsocks over UDP.
I have successfully run ss-libev on my VPS (CentOS 8 x64 ) without any plugins. Today I'd like to try the v2ray plugin but I came to similar problems.
ss config.json
{
"server":"localhost",
"mode":"tcp_only",
"server_port":8348,
"local_port":1080,
"password":"******",
"timeout":86400,
"method":"chacha20-ietf-poly1305",
"plugin":"v2ray-plugin",
"nameserver":"1.1.1.1",
"plugin_opts":"server;path=/magic;host=super******.mooo.com;loglevel=none"
}
nginx nginx.conf
erver {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://www.bing.com/;
limit_rate 1000k;
proxy_redirect off;
}
location /magic {
proxy_redirect off;
proxy_pass http://localhost:8348;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
The nginx service seems to be working well, since when trying to visit super**.mooo.com, it will be forwarded to www.bing.com.
Unfortunately when I tried to run ss with v2ray plugin shadowsocks-libev.ss-server -c config.json --plugin v2ray-plugin_linux_amd64
[root@vultrguest ~]# cd /var/lib/snapd/snap/bin/
[root@vultrguest bin]# dir
config.json shadowsocks-libev.ss-local shadowsocks-libev.ss-server
configo.json shadowsocks-libev.ss-manager shadowsocks-libev.ss-tunnel
nohup.out shadowsocks-libev.ss-redir v2ray-plugin_linux_amd64
[root@vultrguest bin]# shadowsocks-libev.ss-server -c config.json --plugin v2ray-plugin_linux_amd64
2020-04-23 14:03:53 INFO: using tcp fast open
2020-04-23 14:03:53 INFO: plugin "v2ray-plugin_linux_amd64" enabled
2020-04-23 14:03:53 INFO: initializing ciphers... chacha20-ietf-poly1305
2020-04-23 14:03:53 INFO: tcp server listening at 127.0.0.1:41415
2020-04-23 14:03:53 INFO: running from root user
2020/04/23 14:03:53 V2Ray 4.22.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.13.4 linux/amd64)
2020/04/23 14:03:53 A unified platform for anti-censorship.
At the moment, in the config.json I have specified the listening port "8348", but eveytime I run the line above, it displays "tcp server listening at 127.0.0.1:41415", 45321,52344, etc. It keeps changing.
client android phone
**typical parameters**
Server (MyVPS IP address)
Port 8348
**v2ray-plugin parameters**
active
Transport mode: websocket http
Hostname: super******.mooo.com
Path: /magic
Concurrent connections: 1
By the way. super**.mooo.com is a subdomain name I registered linked to my VPS. it actually can not be visited here since DNS pollution. But it can be visited using ss.
Finally, it doesn't work for my phone with v2ray plugin.
So could anyone tell me how I came to this problem?
I have successfully run ss-libev on my VPS (CentOS 8 x64 ) without any plugins. Today I'd like to try the v2ray plugin but I came to similar problems.
ss config.json
{ "server":"localhost", "mode":"tcp_only", "server_port":8348, "local_port":1080, "password":"******", "timeout":86400, "method":"chacha20-ietf-poly1305", "plugin":"v2ray-plugin", "nameserver":"1.1.1.1", "plugin_opts":"server;path=/magic;host=super******.mooo.com;loglevel=none" }
nginx nginx.conf
erver { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { proxy_pass http://www.bing.com/; limit_rate 1000k; proxy_redirect off; } location /magic { proxy_redirect off; proxy_pass http://localhost:8348; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }
The nginx service seems to be working well, since when trying to visit super**.mooo.com, it will be forwarded to www.bing.com.
Unfortunately when I tried to run ss with v2ray plugin shadowsocks-libev.ss-server -c config.json --plugin v2ray-plugin_linux_amd64
[root@vultrguest ~]# cd /var/lib/snapd/snap/bin/ [root@vultrguest bin]# dir config.json shadowsocks-libev.ss-local shadowsocks-libev.ss-server configo.json shadowsocks-libev.ss-manager shadowsocks-libev.ss-tunnel nohup.out shadowsocks-libev.ss-redir v2ray-plugin_linux_amd64 [root@vultrguest bin]# shadowsocks-libev.ss-server -c config.json --plugin v2ray-plugin_linux_amd64 2020-04-23 14:03:53 INFO: using tcp fast open 2020-04-23 14:03:53 INFO: plugin "v2ray-plugin_linux_amd64" enabled 2020-04-23 14:03:53 INFO: initializing ciphers... chacha20-ietf-poly1305 2020-04-23 14:03:53 INFO: tcp server listening at 127.0.0.1:41415 2020-04-23 14:03:53 INFO: running from root user 2020/04/23 14:03:53 V2Ray 4.22.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.13.4 linux/amd64) 2020/04/23 14:03:53 A unified platform for anti-censorship.
At the moment, in the config.json I have specified the listening port "8348", but eveytime I run the line above, it displays "tcp server listening at 127.0.0.1:41415", 45321,52344, etc. It keeps changing.
client android phone
**typical parameters** Server (MyVPS IP address) Port 8348 **v2ray-plugin parameters** active Transport mode: websocket http Hostname: super******.mooo.com Path: /magic Concurrent connections: 1
By the way. super**.mooo.com is a subdomain name I registered linked to my VPS. it actually can not be visited here since DNS pollution. But it can be visited using ss.
Finally, it doesn't work for my phone with v2ray plugin.
So could anyone tell me how I came to this problem?
I think you're almost there.
For the tcp port, it's working properly. Since V2ray is taking over the http traffic, the port specified in ss-libev is actually served by v2ray, and then the decoded traffic is passed to ss-libev through a insignificant port number. Thus you see the port number changing between ss-libev service restarts.
You can confirm the service is running by netstat -ltp
, and check if the port is actually in LISTEN state and served by corresponding v2ray plugin.
Next you need to verify the nginx forwarding chain. Check access.log and error.log in /var/log/nginx to see if your request is received and processed. You client should specify the nginx port 80 instead of 8348.
In the end I suggest that you enable SSL. A domain name costs much less than your VPS. Use let's encrypt to obtain valid certificates (I use acme.sh for managing certificates). In this way all your traffic is encrypted.
Thanks to liujunhui74 !
I check the output of netstat -ltp
[root@vultrguest bin]# netstat -ltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 1430/nginx: master
tcp 0 0 localhost:35953 0.0.0.0:* LISTEN 1436/ss-server
tcp 0 0 0.0.0.0:10033 0.0.0.0:* LISTEN 732/sshd
tcp 0 0 localhost:8348 0.0.0.0:* LISTEN 1455/v2ray-plugin_l
tcp6 0 0 [::]:http [::]:* LISTEN 1430/nginx: master
tcp6 0 0 [::]:10033 [::]:* LISTEN 732/sshd
it seems everthing goes well.
then, i modified the ss-android config as following.
**typical parameters**
Server 108.(*hidden*)
Port 80 (I have done according to as you said above.)
**v2ray-plugin parameters**
v2ray: active
Transport mode: websocket http
Hostname: super******.mooo.com
Path: /magic
Concurrent connections: 1
however, it still tells that "no internet connection: unable to resolve host www.google.com No address associated with hostname "
I checked /var/log/nginx/access.log
124.(*hidden*)- - [25/Apr/2020:12:52:21 +0000] "GET /magic HTTP/1.1" 499 0 "-" "Go-http-client/1.1" "-"
124.(*hidden*) - - [25/Apr/2020:12:52:21 +0000] "GET /magic HTTP/1.1" 499 0 "-" "Go-http-client/1.1" "-"
124.(*hidden*)- - [25/Apr/2020:12:52:21 +0000] "GET /magic HTTP/1.1" 499 0 "-" "Go-http-client/1.1" "-"
………………
I guess that there must be something run with nginx-v2rayplugin forwarding chain. so here's the full text of the/etc/nginx/nginx.conf
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
#Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location /magic {
proxy_redirect off;
proxy_pass http://127.0.0.1:8348/;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
location / {
proxy_pass http://www.bing.com/;
limit_rate 1000k;
proxy_redirect off;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
By the way, until now I don't know where to register a domain name at an acceptable cost(not a subdomain name) to utilize CLOUDFLARE service. Actually, it only spent me 10$ to have this vps for 2 years.
What about resolver? For domain name you can use https://www.dynadot.com/
**typical parameters** Server 108.(*hidden*) Port 80 (I have done according to as you said above.) **v2ray-plugin parameters** v2ray: active Transport mode: websocket http Hostname: super******.mooo.com Path: /magic Concurrent connections: 1
however, it still tells that "no internet connection: unable to resolve host www.google.com No address associated with hostname "
I checked /var/log/nginx/access.log
124.(*hidden*)- - [25/Apr/2020:12:52:21 +0000] "GET /magic HTTP/1.1" 499 0 "-" "Go-http-client/1.1" "-" 124.(*hidden*) - - [25/Apr/2020:12:52:21 +0000] "GET /magic HTTP/1.1" 499 0 "-" "Go-http-client/1.1" "-" 124.(*hidden*)- - [25/Apr/2020:12:52:21 +0000] "GET /magic HTTP/1.1" 499 0 "-" "Go-http-client/1.1" "-" ………………
Domain name is the easiest part. I use namesilo and search for domains with cheapest renewal prices. Typically you'll get $2.95 a year for a domain (e.g. .win).
The nginx access log above shows you're getting http 499 responses. This means the HTTP connection is not good. There could be a lot of reasons leading to this.
First, check you client. What android client do you use? Do you use "official" shadowsocks and v2ray plugin client? You'd better test your setup with a PC client so that to tell if the problem is at the client side.
For the server side, try to use this nginx configuration:
location /<example> {
proxy_redirect off;
proxy_http_version 1.1;
proxy_pass http://localhost:<*****>; # Port of v2ray-plugin
proxy_set_header Host <example.com>;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
And remember to reload nginx service.
I bought a domain name super***.xyz. After trial and error for nearly 2 hours, ...hmm....Eventually I got 404 ...Nothing in Error.log Very frustrating... (124... Android 4G; 222...** Windows PC) Nginx access.log
124.**.**.** - - [27/Apr/2020:14:32:46 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
124.**.**.** - - [27/Apr/2020:14:32:47 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
124.**.**.** - - [27/Apr/2020:14:32:47 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
124.**.**.** - - [27/Apr/2020:14:32:49 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
124.**.**.** - - [27/Apr/2020:14:32:50 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
124.**.**.** - - [27/Apr/2020:14:32:50 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
124.**.**.** - - [27/Apr/2020:14:32:51 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
124.**.**.** - - [27/Apr/2020:14:32:51 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
124.**.**.** - - [27/Apr/2020:14:32:52 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
222.**.**.** - - [27/Apr/2020:14:42:55 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
222.**.**.** - - [27/Apr/2020:14:42:55 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
222.**.**.** - - [27/Apr/2020:14:42:56 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
222.**.**.** - - [27/Apr/2020:14:42:56 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
222.**.**.** - - [27/Apr/2020:14:42:57 +0000] "GET /magic HTTP/1.1" 404 0 "-" "Go-http-client/1.1" "-"
Both ss & vray_plugin android clients are downloaded from the GooglePlay Store.
Is using Cloudflare a must?
Ahhhhhh! Finally, i get where the bug is! I almost give up, but I succeed with last attempt.
location /magic {
proxy_redirect off;
proxy_http_version 1.1;
proxy_pass http://localhost:8388;
proxy_set_header Host super******.xyz;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
It's http://localhost:8388; NOT http://localhost:8388/; . And what's more, vray_plugin should listen both ipv4 and ipv6.
I decide to make a brief summary for rookies several days later.
vray_plugin should listen both ipv4 and ipv6
What do you mean?
Is using Cloudflare a must?
No. But with Cloudflare there are more possibilities. Your can still access your vps even if it is blocked by gfw. Sometimes it’s faster than directly connecting to your vps (depending on the vps location). Last you’re able to use a very cheap vps with only ipv6 addresses.
vray_plugin should listen both ipv4 and ipv6
What do you mean?
This is because sometimes “localhost” are resolved to ipv6 address. In this regard it’s better to use 127.0.0.1 in the nginx conf file.
The resolution of the name localhost
to one or more IP addresses is normally configured by the following lines in the operating system's hosts file:
127.0.0.1 localhost
::1 localhost
vray_plugin should listen both ipv4 and ipv6
What do you mean?
config.json could be as following: Caution "server":["[::1]", "127.0.0.1"],
{
"server":["[::1]", "127.0.0.1"],
"mode":"tcp_and_udp",
"server_port":8388,
"local_port":1080,
"password":"*******",
"timeout":600,
"method":"chacha20-ietf-poly1305",
"fast_open":true,
"plugin":"v2ray-plugin",
"plugin_opts":"server;path=/*******;host=super*******.xyz;loglevel=none"
}
What'more, I found a detailed instruction on setting-up vray-plugins and nginx server for Chinese-speaking rookies. https://blog.icpz.dev/articles/bypass-gfw/shadowsocks-with-v2ray-plugin/
I found a detailed instruction on setting-up vray-plugins and nginx server for Chinese-speaking rookies.
And this is my detailed instruction for Russian-speaking rookies: https://overclockers.ru/blog/Indigo81/show/31739/shadowsocks-cherez-cloudflare-cdn-povyshaem-bezopasnost-v-seti
hi all, just finish reading this thread and got a couple questions as im interest too to try out ss+v2ray setup-
1) do we need a webserver for the ss+v2ray+tls to work? if yes, then could we do it with Apache?
2) lets say we use the setup here correctly and add a cdn, what IP address will 'whatismyip' show? the vps or cdn?
thank you,
hi all, just finish reading this thread and got a couple questions as im interest too to try out ss+v2ray setup-
1. do we need a webserver for the ss+v2ray+tls to work? if yes, then could we do it with Apache?
This is not necessary
- lets say we use the setup here correctly and add a cdn, what IP address will 'whatismyip' show? the vps or cdn? Your VPS.
@vanyaindigo thats the best news for today as i hv read, learn and setup a ss+v2ray+tls+cdn without proxy reverse. i do have apache installed but i change apache 443 to 8443 and use 443 for ss and client connection. is that ok?
thought i did something wrong when it shows my vps ip instead of the cdn's ip. is there way for us to check if the setup/obfuscation working fine?
p/s - bcoz of the pandemic, not sure when could travel to china, so hopefully could setup eveyrthing and make sure its running when we can travel
thank you very much,
The easiest way to check is if the traffic is running, then everything is fine.
The easiest way to check is if the traffic is running, then everything is fine.
yup, all internet surfing working fine :) saw a post before saying that we could inspect the traffic header to make sure no 'thumbprint' so will not flag by by gfw's dpi
hv few more points like to ask- 1) ss will only work for http/https traffic, any other protocol will be route(go directly) to the destination? netstat show ss server is listening both on tcp and udp
2) ss will only work with IPv4 only, IPv6 will be route(go directly) to the destination?
3) what is the UDP Fallback use for in SS Client on Android? by default it is disabled
thank you,
SS+any plugin will work only with any TCP traffic. Pure SS will work with any TCP/UDP traffic. SS works as with IPv4, so with IPv6.
hi @vanyaindigo sorry for so many questions, i hv read a lot(bits here and there on the internet rgd this), but never had chance to ask someone knowledgeable like you. i hv always thought we cant ask question not relate to development in here. so is it ok to ask question here in future, or where else would you suggest we get help? as the other forums(linux, ubuntu, etc) dont hv this topic.
are you part of the cool team that develop this?
here is my visualization of how the traffics flow- ss-client -> gfw -> cdn -> vps/ss-server -> website, then it travels back(in reverse) to ss-client
so gfw will only see that im going to the cdn, but wont know where is my real destination. is that correct?
and one last question - would using a webserver(nginx proxy_pass) more secure?
cheers,
222
thanks alot. after reading that, it seems hving a webserver is a good idea for 'camouflage'. will read more and try installing another version with nginx. i did try installing before from the reddit post, but somehow stuck at getting the certificate - authentication error..., so after many tries, i decide to try another method. hopefully this time it will work :)
cheeers,
v2ray-plugin through nginx with tls is not working properly. I have built ss with v2ray plugin through nginx without tls, it is working fine. but when I only add tls support for nginx and modify client config accordingly, it did not work. I have tested nginx tls, it works. u can try n3ro.me to test tls. could anybody help me to investigating the issue ? here is the config content.
nginx:
server { listen 443 ssl; listen [::]:443 ssl;
}
starting shadowsocks command
client active
v2ray-plugin
plugin, and set plugin opts ashost=n3ro.me;path=/ss
, set port as80
, if with tls, then set plugin opts astls;host=n3ro.me;path=/ss
and port as443