search

v2fly / v2ray-step-by-step

This repo is a fork of ToutyRater/v2ray-guide, we aim to provide a new step-by-step guide of v2ray
https://guide.v2fly.org
Creative Commons Attribution 4.0 International
753 stars 426 forks source link

HTTP/2+TLS+WEB 更新至 Caddy 2 配置失败 #171

Closed Icarusradio closed 3 years ago

Icarusradio commented 4 years ago

最近试了一下把 Caddy 1 的配置文件改为 Caddy 2,但是发现没有成功,查看日志不知道问题出在哪里。

修改的 Caddy 2 配置,参数参考了这里,这里直接用 Caddy 来管理证书

<Host> {
        log {
                output stderr
        }
        file_server {
                index /usr/share/caddy/index.html
        }
        reverse_proxy <H2 Path> https://localhost:<Port> {
                header_up Host {host}
                header_up X-Real-IP {remote}
                header_up X-Forwarded-For {remote}
                header_up X-Forwarded-Port {http.request.port}
                header_up X-Forwarded-Proto "https"
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

服务端 V2Ray 配置(略去了其余配置)

{
  "inbounds": [
    {
      "port": <Port>,
      "listen": "127.0.0.1",
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "<UUID>",
            "alterId": 4
          }
        ]
      },
      "streamSettings": {
        "network": "http",
        "security": "tls",
        "tlsSettings": {
          "serverName": "<Host>",
          "certificates": [
            {
              "certificateFile": "<Path to cert>",
              "keyFile": "<Path to key>"
            }
          ]
        },
        "httpSettings": {
          "host": ["<Host>"],
          "path": "<H2 Path>"
        }
      }
    }
  ]
}

客户端的配置(略去了其余配置)

{
  "outbounds": [
    {
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "<Host>",
            "port": 443,
            "users": [
              {
                "id": "<UUID>",
                "alterId": 4
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "http",
        "security": "tls",
        "httpSettings": {
          "host": ["<Host>"],
          "path": "<H2 Path>"
        }
      }
    }
  ]
}

目前遇到的问题是客户端日志显示 timeout,服务端没有日志。当客户端 V2Ray 关闭时,服务端才会出现日志 Caddy 日志

{"level":"info","ts":1590376857.8587766,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/","proto":"HTTP/2.0","remote_addr":"119.78.254.1:29245","host":"gia.icarusradio.top","headers":{"Cache-Control":["no-cache"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"],"Sec-Fetch-Mode":["navigate"],"Accept-Language":["zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7"],"Pragma":["no-cache"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":true,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:20:57 +0000] \"GET / HTTP/2.0\" 200 12226","duration":0.000609094,"size":12226,"status":200,"resp_headers":{"Content-Length":["12226"],"Server":["Caddy"],"Etag":["\"q9tge59fm\""],"Content-Type":["text/html; charset=utf-8"],"Last-Modified":["Mon, 04 May 2020 16:56:29 GMT"],"Accept-Ranges":["bytes"]}}
{"level":"info","ts":1590377121.6248536,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"User-Agent":["Go-http-client/2.0"],"Accept-Encoding":["identity"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:25:06 GMT"]}}
{"level":"info","ts":1590377121.6276517,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:21:00 GMT"],"Server":["Caddy"]}}
{"level":"info","ts":1590377121.6278074,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Date":["Mon, 25 May 2020 03:21:01 GMT"],"Cache-Control":["no-store"]}}
{"level":"info","ts":1590377121.6279438,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:21:04 GMT"]}}
{"level":"info","ts":1590377121.628076,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:24:03 GMT"]}}
{"level":"info","ts":1590377121.628177,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"User-Agent":["Go-http-client/2.0"],"Accept-Encoding":["identity"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:24:07 GMT"]}}
{"level":"info","ts":1590377121.6282864,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"User-Agent":["Go-http-client/2.0"],"Accept-Encoding":["identity"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:24:54 GMT"]}}
{"level":"info","ts":1590377121.6283817,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:24:58 GMT"]}}
{"level":"info","ts":1590377121.6284764,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:21:05 GMT"]}}
{"level":"info","ts":1590377121.628587,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"User-Agent":["Go-http-client/2.0"],"Accept-Encoding":["identity"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:24:23 GMT"]}}
{"level":"info","ts":1590377121.6286967,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:24:27 GMT"],"Server":["Caddy"]}}
{"level":"info","ts":1590377121.6288316,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:25:02 GMT"]}}
{"level":"info","ts":1590377121.6289413,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:25:06 GMT"]}}

V2Ray 服务端日志

2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 99; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 91; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 93; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 97; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 81; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 85; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 87; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 89; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 95; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 75; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 77; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 79; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 83; CANCEL
kakaruoterl commented 4 years ago

建议先用新机器直接下载caddy2测试

nicholascw commented 4 years ago

potentially fixed in #164, check latest version here: https://guide.v2fly.org/advanced/wss_and_web.html#%E6%9C%8D%E5%8A%A1%E5%99%A8%E9%85%8D%E7%BD%AE

Diavo1o commented 4 years ago

potentially fixed in #164, check latest version here: https://guide.v2fly.org/advanced/wss_and_web.html#%E6%9C%8D%E5%8A%A1%E5%99%A8%E9%85%8D%E7%BD%AE

thanks, a very good example of caddyfile btw, you missed the asterrisks. https://caddy.community/t/caddy-v2-how-to-proxy-websoket-v2ray-websocket-tls/7040/12 https://caddyserver.com/docs/caddyfile/matchers

Is the following line required in the block of reverse_proxy?

header_up -Origin
yl-miao commented 4 years ago

potentially fixed in #164, check latest version here: https://guide.v2fly.org/advanced/wss_and_web.html#%E6%9C%8D%E5%8A%A1%E5%99%A8%E9%85%8D%E7%BD%AE

这个是wss的,http2+tls+web的那个网页里把caddy1的caddyfile改成caddy2的caddyfile之后就会出现问题,请问怎么办呢

heimoshuiyu commented 3 years ago

折腾半天测试了没有问题 caddy: v2.3.0 v2ray 4.37.3

Caddyfile

my.com {
    reversy_proxy /path 127.0.0.1:2333 {
        transport http {
            compression off
            versions h2c 2
        }
    }
    root * /path/to/www
    file_server
}

config.json

{
    "log": {
        "loglevel": "debug"
    },
    "inbounds": [
        {
            "port": 2333,
            "listen": "127.0.0.1",
            "protocol": "vless",
            "settings": {
                "clients": [{"id": "<client_uuic>"}],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "h2",
                "httpSettings": {
                    "paht": "/path",
                     "host": [
                          "my.com",
                      ]
                  },
                  "security": "none"
             }
         }
     ],
    "outbounds": [{"protocol": "freedom", "settings": {}}]
}

compression off 是为了提高性能,后端传输数据没必要压缩

versions h2c 2 这个请参考 官方文档 提到:

versions allows customizing which versions of HTTP to support. As a special case, "h2c" is a valid value which will enable cleartext HTTP/2 connections to the upstream (however, this is a non-standard feature that does not use Go's default HTTP transport, so it is exclusive of other features; subject to change or removal). Default: 1.1 2, or if scheme is h2c://, h2c 2

h2c 并没有使用 golang 的标准库实现,未来可能会更改或移除(?) 所以如果不想用h2c的话可以在v2ray中开启tls,并配置好证书(caddy管理的证书默认在$HOME/.local/share/caddy里)

如有错请指正,希望能帮到你

Icarusradio commented 3 years ago

谢谢,我之前参考 v2ray-examples 已经成功了。不过谢谢提示可以去掉压缩提升性能。