search

v2fly / v2ray-core

A platform for building proxies to bypass network restrictions.
https://v2fly.org
MIT License
29.48k stars 4.66k forks source link

请问vless协议ws入站,同一端口,能否给不同path打不同tag #411

Closed zhfish closed 3 years ago

zhfish commented 3 years ago

主要应用场景是正向代理 只给SLB映射一个端口到本地 想在同端口,接收同一端口不同path,转发到不同地址 配置两条似乎不太行,不知道有没有其他合理配置?

client

{
  "inbounds": [
    {
      "port": 3306,
      "protocol": "dokodemo-door",
      "settings": {
        "address": "0.0.0.0",
        "port": 3306,
        "network": "tcp"
      },
      "tag": "mysql"
    },
    {
      "port": 6379,
      "protocol": "dokodemo-door",
      "settings": {
        "address": "0.0.0.0",
        "port": 6379,
        "network": "tcp"
      },
      "tag": "redis"
    }
  ],
  "outbounds": [
    {
      "protocol": "vless",
      "tag": "mysql",
      "settings": {
        "vnext": [
          {
            "address": "xxx.com",
            "port": 443,
            "users": [
              {
                "encryption": "none",
                "flow": "",
                "id": "aaa"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "wsSettings": {
          "path": "/admin/mysql"
        }
      }
    },
    {
      "protocol": "vless",
      "tag": "redis",
      "settings": {
        "vnext": [
          {
            "address": "xxx.com",
            "port": 443,
            "users": [
              {
                "encryption": "none",
                "flow": "",
                "id": "bbb"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "wsSettings": {
          "path": "/admin/redis"
        }
      }
    }
  ],
  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [
      {
        "type": "field",
        "ip": [
          "0.0.0.0/0"
        ],
        "outboundTag": "mysql"
      },
      {
        "type": "field",
        "ip": [
          "0.0.0.0/0"
        ],
        "outboundTag": "redis"
      }
    ]
  }
}

server

{
  "inbounds": [
    {
      "tag": "mysql",
      "port": 9091,
      "protocol": "VLESS",
      "settings": {
        "clients": [
          {
            "id": "aaa",
            "alterId": 0
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
          "path": "/admin/mysql/"
        }
      }
    },
    {
      "tag": "redis",
      "port": 9091,
      "protocol": "VLESS",
      "settings": {
        "clients": [
          {
            "id": "bbb",
            "alterId": 0
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
          "path": "/admin/redis/"
        }
      }
    }
  ],
  "outbounds": [
    {
      "tag": "mysql",
      "protocol": "freedom",
   "settings": {
        "redirect": "127.0.0.1:3306"
      }
    },
    {
      "tag": "mysql",
      "protocol": "freedom",
   "settings": {
        "redirect": "127.0.0.1:6379"
      }
    }
  ]
}
RPRX commented 3 years ago

VLESS + TCP 的 fallbacks 有 PATH 分流功能(TCP 层的转发)

https://www.v2fly.org/config/protocols/vless.html#fallbackobject

zhfish commented 3 years ago

但是需要VLESS + WS -_-# 运维给我分配的是一个二级路径 , SSL在负载均衡做好了,到我这只是映射一个http端口,不能是tcp,也不能是tls @rprx

RPRX commented 3 years ago

fallbacks 不强制 TLS,可以默认回落 + 根据不同 PATH 分流到不同 WS 入站。若直连,更建议用 HTTP 伪装取代 WS。

zhfish commented 3 years ago

明白了,我试一下,谢谢

zhfish commented 3 years ago

还请您帮忙看下配置 @rprx 目前服务器配置的是默认回落是任意没监听的端口 根据path回落到两个vless上 用到了http伪装 链路是 阿里云负载均衡443端口的xxx.com/proxy 域名+路径 指向本机9091端口 同时在负载均衡配置了SSL证书,

连接时出现报错

2020/11/13 16:33:05 [Warning] [2833730620] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vless/outbound: connection ends > v2ray.com/core/proxy/vless/outbound: failed to decode response header > v2ray.com/core/proxy/vless/encoding: failed to read response version > malformed HTTP request "\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x04\x00\x01\x00\x00\x00\x05\x00\xff\xff\xff\x00\x00\x04\b\x00\x00\x00\x00\x00"

server

{
  "inbounds": [
    {
      "port": 9091,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "uuid",
            "flow": "",
            "level": 0,
            "email": "12345@qq.com"
          }
        ],
        "decryption": "none",
        "fallbacks": [
          {
            "path": "",
            "dest": 555,
            "xver": 0
          },
          {
            "path": "/admin/mysql",
            "dest": 13306,
            "xver": 1
          },
          {
            "path": "/admin/redis",
            "dest": 16379,
            "xver": 1
          }
        ],
        "streamSettings": {
          "network": "tcp",
          "security": "none",
          "tcpSettings": {
            "header": {
              "type": "http"
            },
            "response": {
              "version": "1.1",
              "status": "200",
              "reason": "OK",
              "headers": {
                "Content-Type": ["application/octet-stream", "application/x-msdownload", "text/html", "application/x-shockwave-flash"],
                "Transfer-Encoding": ["chunked"],
                "Connection": ["keep-alive"],
                "Pragma": "no-cache"
              }
            }
          }
        }
      }
    },
    {
      "tag": "mysql",
      "port": 13306,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "uuid",
            "flow": "",
            "level": 0,
            "email": "12345@qq.com"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "security": "none",
        "tcpSettings": {
          "header": {
            "type": "http",
            "request": {
              "path": [
                "/admin/mysql"
              ]
            },
            "response": {
              "version": "1.1",
              "status": "200",
              "reason": "OK",
              "headers": {
                "Content-Type": ["application/octet-stream", "application/x-msdownload", "text/html", "application/x-shockwave-flash"],
                "Transfer-Encoding": ["chunked"],
                "Connection": ["keep-alive"],
                "Pragma": "no-cache"
              }
            }
          }
        }
      }
    },
    {
      "tag": "redis",
      "port": 16379,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "uuid",
            "flow": "",
            "level": 0,
            "email": "12345@qq.com"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "security": "none",
        "tcpSettings": {
          "header": {
            "type": "http",
            "request": {
              "path": [
                "/admin/redis"
              ]
            },
            "response": {
              "version": "1.1",
              "status": "200",
              "reason": "OK",
              "headers": {
                "Content-Type": ["application/octet-stream", "application/x-msdownload", "text/html", "application/x-shockwave-flash"],
                "Transfer-Encoding": ["chunked"],
                "Connection": ["keep-alive"],
                "Pragma": "no-cache"
              }
            }
          }
        }
      }
    }
  ],
  "outbounds": [
    {
      "tag": "mysql",
      "protocol": "freedom",
      "settings": {
        "redirect": "127.0.0.1:3306"
      }
    },
    {
      "tag": "redis",
      "protocol": "freedom",
      "settings": {
        "redirect": "127.0.0.1:6379"
      }
    }
  ]
}

client

{
  "inbounds": [
    {
      "port": 3308,
      "protocol": "dokodemo-door",
      "settings": {
        "address": "0.0.0.0",
        "port": 3308,
        "network": "tcp"
      },
      "tag": "mysql"
    },
    {
      "port": 6378,
      "protocol": "dokodemo-door",
      "settings": {
        "address": "0.0.0.0",
        "port": 6378,
        "network": "tcp"
      },
      "tag": "redis"
    }
  ],
  "outbounds": [
    {
      "protocol": "vless",
      "tag": "mysql",
      "settings": {
        "vnext": [
          {
            "address": "xxx.com",
            "port": 443,
            "users": [
              {
                "encryption": "none",
                "flow": "",
                "id": "uuid"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
          "serverName": "xxx.com"
        },
        "tcpSettings": {
          "header": {
            "type": "http",
            "request": {
              "version": "1.1",
              "method": "GET",
              "path": [
                "/admin/mysql"
              ],
              "headers": {
                "Host": [
                  "www.cloudflare.com",
                  "www.amazon.com"
                ],
                "User-Agent": [
                  "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36",
                  "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/601.1 (KHTML, like Gecko) CriOS/53.0.2785.109 Mobile/14A456 Safari/601.1.46"
                ],
                "Accept-Encoding": [
                  "gzip, deflate"
                ],
                "Connection": [
                  "keep-alive"
                ],
                "Pragma": "no-cache"
              }
            }
          }
        }
      }
    },
    {
      "protocol": "vless",
      "tag": "redis",
      "settings": {
        "vnext": [
          {
            "address": "xxx.com",
            "port": 443,
            "users": [
              {
                "encryption": "none",
                "flow": "",
                "id": "uuid"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
          "serverName": "xxx.com"
        },
        "tcpSettings": {
          "header": {
            "type": "http",
            "request": {
              "request": {
                "version": "1.1",
                "method": "GET",
                "path": [
                  "/admin/redis"
                ],
                "headers": {
                  "Host": [
                    "www.cloudflare.com",
                    "www.amazon.com"
                  ],
                  "User-Agent": [
                    "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36",
                    "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/601.1 (KHTML, like Gecko) CriOS/53.0.2785.109 Mobile/14A456 Safari/601.1.46"
                  ],
                  "Accept-Encoding": [
                    "gzip, deflate"
                  ],
                  "Connection": [
                    "keep-alive"
                  ],
                  "Pragma": "no-cache"
                }
              }
            }
          }
        }
      }
    }
  ],
  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [
      {
        "type": "field",
        "ip": [
          "0.0.0.0/0"
        ],
        "outboundTag": "mysql"
      },
      {
        "type": "field",
        "ip": [
          "0.0.0.0/0"
        ],
        "outboundTag": "redis"
      }
    ]
  }
}
RPRX commented 3 years ago

被分流到的入站,"tcpSettings""acceptProxyProtocol": true,对应 "xver": 1

https://www.v2fly.org/config/transport/tcp.html

zhfish commented 3 years ago

我在两个被分流的入站都加了"acceptProxyProtocol": true,但还是报那个错误

RPRX commented 3 years ago

请检查配置

zhfish commented 3 years ago

我精简了一下配置,只留了一个回落,减少出错机会...

还是报之前那个错误

server

{
  "inbounds": [
    {
      "port": 9091,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "uuid",
            "flow": "",
            "level": 0,
            "email": "12345@qq.com"
          }
        ],
        "decryption": "none",
        "fallbacks": [
          {
            "path": "",
            "dest": 555,
            "xver": 0
          },
          {
            "path": "/admin/mysql",
            "dest": 13306,
            "xver": 1
          }
        ],
        "streamSettings": {
          "network": "tcp",
          "security": "none",
          "tcpSettings": {
            "acceptProxyProtocol": false,
            "header": {
              "type": "http",
              "request": {
                "path": [
                  "/admin"
                ]
              }
            }
          }
        }
      }
    },
    {
      "tag": "mysql",
      "port": 13306,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "uuid",
            "flow": "",
            "level": 0,
            "email": "12345@qq.com"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "security": "none",
        "tcpSettings": {
          "acceptProxyProtocol": true,
          "header": {
            "type": "http",
            "request": {
              "path": [
                "/admin/mysql"
              ]
            }
          }
        }
      }
    }
  ],
  "outbounds": [
    {
      "tag": "mysql",
      "protocol": "freedom",
      "settings": {
        "redirect": "127.0.0.1:3306"
      }
    }
  ]
}

client

{
  "inbounds": [
    {
      "port": 3308,
      "protocol": "dokodemo-door",
      "settings": {
        "address": "0.0.0.0",
        "port": 3308,
        "network": "tcp"
      },
      "tag": "mysql"
    }
  ],
  "outbounds": [
    {
      "protocol": "vless",
      "tag": "mysql",
      "settings": {
        "vnext": [
          {
            "address": "xxx.com",
            "port": 443,
            "users": [
              {
                "encryption": "none",
                "flow": "",
                "id": "uuid"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
          "serverName": "xxx.com"
        },
        "tcpSettings": {
          "header": {
            "type": "http",
            "request": {
              "path": [
                "/admin/mysql"
              ]
            }
          }
        }
      }
    }
  ],
  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [
      {
        "type": "field",
        "ip": [
          "0.0.0.0/0"
        ],
        "outboundTag": "mysql"
      }
    ]
  }
}
zhfish commented 3 years ago

我看文档里有这一句话 HTTP 伪装无法被其它 HTTP 服务器(如 Nginx)分流,但可以被 VLESS fallbacks path 分流 是不是说负载均衡后面不要伪装,只在分流伪装? 但负载均衡过来的流量,一定是http流量,非http流量都被挡在外面了

zhfish commented 3 years ago

443 ------http--------> 9091 -------http伪装-------> v2ray ---------http伪装---------> 回落 ------tcp----> mysql 443 ------http--------> 9091 -------ws-------> v2ray ---------http伪装---------> 回落------tcp----> mysql

这两条链路,是否流量到9091的时候,仍然需要ws?只是回落不需要了

RPRX commented 3 years ago

如果前面有个标准 HTTP 的过滤,应该用 WS

zhfish commented 3 years ago

443 ------http--------> 9091 -------ws-------> v2ray ---------ws---------> 回落------tcp----> mysql 这样么?

zhfish commented 3 years ago

报告一下, 协议都改成ws,acceptProxyProtocol:true 报错 2020/11/13 18:20:13 [Warning] [1173925193] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vless/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://xxx.com/admin/mysql): 400 Bad Request > websocket: bad handshake] > v2ray.com/core/common/retry: all retry attempts failed 然后我把回落的xver改成0,acceptProxyProtocol:false mysql能成功回落并访问 但是redis不能访问,没有报错,我把log打开再看看..

zhfish commented 3 years ago 
$ redis-cli -h localhost -p 6378                                                                                                                                                                                     [18:42:16]
localhost:6378> PING
Error: Protocol error, got "J" as reply type byte

redis表现为,握手成功,但通信时协议错误

zhfish commented 3 years ago

Server

{
  "inbounds": [
    {
      "port": 9091,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "uuid",
            "flow": "",
            "level": 0,
            "email": "12345@qq.com"
          }
        ],
        "decryption": "none",
        "fallbacks": [
          {
            "path": "",
            "dest": 555,
            "xver": 0
          },
          {
            "path": "/admin/mysql",
            "dest": 13306,
            "xver": 0
          },
          {
            "path": "/admin/redis",
            "dest": 16379,
            "xver": 0
          }
        ],
        "streamSettings": {
          "network": "ws",
          "security": "none",
          "wsSettings": {
            "path": "/admin"
          }
        }
      }
    },
    {
      "tag": "mysql",
      "port": 13306,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "uuid",
            "flow": "",
            "level": 0,
            "email": "12345@qq.com"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "acceptProxyProtocol": false,
        "network": "ws",
        "security": "none",
        "wsSettings": {
          "path": "/admin/mysql"
        }
      }
    },
    {
      "tag": "redis",
      "port": 16379,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "uuid",
            "flow": "",
            "level": 0,
            "email": "12345@qq.com"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "acceptProxyProtocol": false,
        "network": "ws",
        "security": "none",
        "wsSettings": {
          "path": "/admin/redis"
        }
      }
    }
  ],
  "outbounds": [
    {
      "tag": "mysql",
      "protocol": "freedom",
      "settings": {
        "redirect": "localhost:3306"
      }
    },
    {
      "tag": "redis",
      "protocol": "freedom",
      "settings": {
        "redirect": "localhost:6379"
      }
    }
  ]
}

Client

{
  "inbounds": [
    {
      "port": 3308,
      "protocol": "dokodemo-door",
      "settings": {
        "address": "0.0.0.0",
        "port": 3308,
        "network": "tcp"
      },
      "tag": "mysql"
    },
    {
      "port": 6378,
      "protocol": "dokodemo-door",
      "settings": {
        "address": "0.0.0.0",
        "port": 6378,
        "network": "tcp"
      },
      "tag": "redis"
    }
  ],
  "outbounds": [
    {
      "protocol": "vless",
      "tag": "mysql",
      "settings": {
        "vnext": [
          {
            "address": "xxx.com",
            "port": 443,
            "users": [
              {
                "encryption": "none",
                "flow": "",
                "id": "uuid"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "tlsSettings": {
          "serverName": "xxx.com"
        },
        "wsSettings": {
          "path": "/admin/mysql"
        }
      }
    },
    {
      "protocol": "vless",
      "tag": "redis",
      "settings": {
        "vnext": [
          {
            "address": "xxx.com",
            "port": 443,
            "users": [
              {
                "encryption": "none",
                "flow": "",
                "id": "uuid"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "tlsSettings": {
          "serverName": "xxx.com"
        },
        "wsSettings": {
          "path": "/admin/redis"
        }
      }
    }
  ],
  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [
      {
        "type": "field",
        "ip": [
          "0.0.0.0/0"
        ],
        "outboundTag": "mysql"
      },
      {
        "type": "field",
        "ip": [
          "0.0.0.0/0"
        ],
        "outboundTag": "redis"
      }
    ]
  }
}
zhfish commented 3 years ago

ok了,还是配置文件的问题,我把route补全了。 再次感谢