search

v2fly / discussion

5 stars 0 forks source link

NGINX SNI前置分流+ VLESS 摸索两天XTLS总是连接不上,请指点!万分感谢! #89

Closed EthanDavisg closed 3 years ago

EthanDavisg commented 3 years ago

第一次提问:如有不妥之处请指正。 ^ ^

问题:使用VLESS tls使用正常,使用VLESS XTLS不正常,日志提示: v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/vless/inbound: invalid request from 127.0.0.1:37392 rejected v2ray.com/core/proxy/vless/encoding: invalid request version

环境:CENTOS7 V2RAYN V3.27 V2RAY CORE V4.32.1 V2RAY 服务器 V4.32.1

NGINX配置:

user  www www;

worker_processes auto;
worker_cpu_affinity auto;

error_log  /home/wwwlogs/nginx_error.log  crit;
#error_log /dev/null crit;
pid        /usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
    {
        use epoll;
        worker_connections 51200;
        multi_accept off;
        accept_mutex off;
    }
stream {
    map $ssl_preread_server_name $backend_name {
       V2RAY网址 vless;
        网址 tv;
        网址 jx;
    }
    upstream vless {
        server 127.0.0.1:10240;
    }
    upstream tv {
        server 127.0.0.1:10241;
    }
    upstream jx {
        server 127.0.0.1:10242;
    }
    server {
        listen 443 reuseport;
        listen [::]:443 reuseport;
        proxy_pass  $backend_name;
        ssl_preread on;
    }
}
http
    {
        include       mime.types;
        default_type  application/octet-stream;
proxy_set_header X-Real-IP       $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
        server_names_hash_bucket_size 128;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 5m;
        sendfile on;
        sendfile_max_chunk 512k;
        tcp_nopush on;

        keepalive_timeout 60;

        tcp_nodelay on;

        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;

        gzip on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

        limit_conn_zone $binary_remote_addr zone=perip:10m;
        ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.
    limit_conn perip 20;
        limit_rate_after 500k;
        limit_rate 100k;

        server_tokens off;
        access_log off;

server {
        listen 127.0.0.1:81; #http/1.1 server,监听本地81端口,并启用proxy_protocol接受。
        listen 127.0.0.1:82 http2; #h2c server,监听本地82端口,并启用proxy_protocol接受。

        location / {
            root /home/wwwroot/default; #修改成自己存放的web文件路径
            index  index.html index.htm;
        }
    }

server
    {
       listen 80; #IPv4,http默认监听端口。
        listen [::]:80; #IPv6,http默认监听端口。无IPv6,此项可以删除。
        return 301 https://$host$request_uri; #http自动跳转https,让网站看起来更真实
    access_log   off;
        access_log /home/wwwlogs/access.log;
    }
include vhost/*.conf;
}

V2RAY服务端配置:

{
  "log": {
       "loglevel": "warning"
  },
  "inbounds": [
    {
      "listen": "127.0.0.1", //只监听本机,避免本机外的机器探测到下面端口。
      "port": 10240, //监听端口
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "UUID", //修改成自己的UUID
            "flow": "xtls-rprx-direct" //启用xtls,必须增加此条参数,参数可xtls-rprx-origin或xtls-rprx-direct可选;否则删除。另支持的v2ray版本应不小于v4.31.0。
          }
        ],
        "decryption": "none",
        "fallbacks": [
          {
            "alpn": "h2", //h2回落匹配 
            "dest": 82, //h2回落端口
            "xver": 0 //开启PROXYprotocol发送,发送请求的真实来源IP和端口给nginx。1或2表示PROXY protocol插件版本。多级传递,建议配置2。
          },
          {
            "dest": 81, //http/1.1回落端口
            "xver": 0 //开启PROXY protocol发送,发送请求的真实来源IP和端口给nginx。1或2表示PROXY protocol插件版本。多级传递,建议配置2。
          },
          {
            "path": "/vvv", //通过路径分流出ws
            "dest": 10243, //分流后转发到2001端口
            "xver": 0 //开启PROXY protocol发送,发送请求的真实来源IP和端口给如下ws应用。1或2表示PROXY protocol插件版本。多级传递,建议配置2。
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "xtls", //如启用xtls,tls必须改成xtls。
        "xtlsSettings": { //如启用xtls,tlsSettings必须改成xtlsSettings。
          "alpn":[
            "h2", //启用h2连接,web回落也需配置支持h2回落;否则不一致(裸奔),容易被墙探测出,从而被封。
            "http/1.1" //启用http/1.1连接,web回落也需配置支持http/1.1回落;否则不一致(裸奔),容易被墙探测出,从而被封。
          ],
          "certificates": [
            {
              "certificateFile": "vless网址证书", // 换成你的证书,绝对路径
                            "keyFile": "vless网址证书" // 换成你的私钥,绝对路径
            }
          ]
        }
      },
"sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      }

    },
    {
      "listen": "127.0.0.1", //只监听本机,避免本机外的机器探测到下面端口。
      "port": 10243, //监听端口
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "UUID" //修改成自己的UUID
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "ws",
        "security": "none",
        "wsSettings": {
          "path": "/vvv" //修改成自己的path
        }
      },
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      }
    }
  ],
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      {
        "type": "field",
        "protocol": [
          "bittorrent"
        ],
        "outboundTag": "blocked"
      }
    ]
  },
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    },
    {
      "tag": "blocked",
      "protocol": "blackhole",
      "settings": {}
    }
  ]
}

V2rayN 客户端生成的配置如下:

{
  "policy": null,
  "log": {
    "access": "",
    "error": "",
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "tag": "proxy",
      "port": 10808,
      "listen": "127.0.0.1",
      "protocol": "socks",
      "sniffing": {
        "enabled": false,
        "destOverride": [
          "http",
          "tls"
        ]
      },
      "settings": {
        "auth": "noauth",
        "udp": false,
        "ip": null,
        "address": null,
        "clients": null,
        "decryption": null
      },
      "streamSettings": null
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "VLESS域名",
            "port": 443,
            "users": [
              {
                "id": "UUID",
                "alterId": 0,
                "email": "t@t.tt",
                "security": "auto",
                "encryption": "none",
                "flow": "xtls-rprx-direct"
              }
            ]
          }
        ],
        "servers": null,
        "response": null
      },
      "streamSettings": {
        "network": "tcp",
        "security": "xtls",
        "tlsSettings": null,
        "tcpSettings": null,
        "kcpSettings": null,
        "wsSettings": null,
        "httpSettings": null,
        "quicSettings": null,
        "xtlsSettings": {
          "allowInsecure": true,
          "serverName": null
        }
      },
      "mux": {
        "enabled": false,
        "concurrency": -1
      }
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {
        "vnext": null,
        "servers": null,
        "response": null
      },
      "streamSettings": null,
      "mux": null
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {
        "vnext": null,
        "servers": null,
        "response": {
          "type": "http"
        }
      },
      "streamSettings": null,
      "mux": null
    }
  ],
  "stats": null,
  "api": null,
  "dns": null,
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      {
        "type": "field",
        "port": null,
        "inboundTag": [
          "api"
        ],
        "outboundTag": "api",
        "ip": null,
        "domain": null
      },
      {
        "type": "field",
        "port": null,
        "inboundTag": null,
        "outboundTag": "direct",
        "ip": [
          "geoip:private"
        ],
        "domain": null
      },
      {
        "type": "field",
        "port": null,
        "inboundTag": null,
        "outboundTag": "direct",
        "ip": [
          "geoip:cn"
        ],
        "domain": null
      },
      {
        "type": "field",
        "port": null,
        "inboundTag": null,
        "outboundTag": "direct",
        "ip": null,
        "domain": [
          "geosite:cn"
        ]
      }
    ]
  }
}
EthanDavisg commented 3 years ago

ps:没有使用CDN QQ截图20201118220234

hnliuzesen commented 3 years ago

xtls 好像在新版的文档和配置模板里好像都已经被删除了

EthanDavisg commented 3 years ago

xtls 好像在新版的文档和配置模板里好像都已经被删除了

感谢,刚刚发现确实没有了

github-actions[bot] commented 3 years ago

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days