search

v2ray / discussion

For general discussion over Project V development and usage.
300 stars 34 forks source link

ws+tls+nginx 400 bad request #411

Closed kestrelbright closed 4 years ago

kestrelbright commented 4 years ago

提交 Issue 之前请先阅读 Issue 指引,然后回答下面的问题,谢谢。 除非特殊情况,请完整填写所有问题。不按模板发的 issue 将直接被关闭。 如果你遇到的问题不是 V2Ray 的 bug,比如你不清楚要如何配置,请使用Discussion进行讨论。

你正在使用哪个版本的 V2Ray?(如果服务器和客户端使用了不同版本,请注明) V2Ray 4.20.0 你的使用场景是什么?比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。 代理访问google.com。 你看到的不正常的现象是什么?(请描述具体现象,比如访问超时,TLS 证书错误等) 无法打开页面,www.google.com 意外终止了连接。 你期待看到的正确表现是怎样的? 正常访问。 请附上你的配置(提交 Issue 前请隐藏服务器端IP地址)。 服务器端配置:

// 在这里附上服务器端配置文件

{
  "log": {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },
  "inbound": {
    "port": 22222,
    "listen": "127.0.0.1",
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "uuid",
          "level": 1,
          "alterId": 64
        }
      ]
    },
    "streamSettings": {
      "network": "ws",
      "wsSettings": {
        "path": "/ws"
      }
    }
  },
  "outbound": {
    "protocol": "freedom",
    "settings": {}
  },
  "outboundDetour": [
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "blocked"
    }
  ],
  "routing": {
    "strategy": "rules",
    "settings": {
      "rules": [
        {
          "type": "field",
          "ip": [
            "0.0.0.0/8",
            "10.0.0.0/8",
            "100.64.0.0/10",
            "127.0.0.0/8",
            "169.254.0.0/16",
            "172.16.0.0/12",
            "192.0.0.0/24",
            "192.0.2.0/24",
            "192.168.0.0/16",
            "198.18.0.0/15",
            "198.51.100.0/24",
            "203.0.113.0/24",
            "::1/128",
            "fc00::/7",
            "fe80::/10"
          ],
          "outboundTag": "blocked"
        }
      ]
    }
  }
}

客户端配置:

 // 在这里附上客户端配置
{
  "log": {
    "error": "",
    "loglevel": "info",
    "access": ""
  },
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "protocol": "socks",
      "settings": {
        "ip": "",
        "userLevel": 0,
        "timeout": 360,
        "udp": false,
        "auth": "noauth"
      },
      "port": "1080"
    },
    {
      "listen": "127.0.0.1",
      "protocol": "http",
      "settings": {
        "timeout": 360
      },
      "port": "1087"
    }
  ],
  "outbounds": [
    {
      "mux": {
        "enabled": false,
        "concurrency": 8
      },
      "protocol": "vmess",
      "streamSettings": {
        "wsSettings": {
          "path": "/ws",
          "headers": {
            "host": ""
          }
        },
        "tlsSettings": {
          "allowInsecure": false
        },
        "security": "tls",
        "network": "ws"
      },
      "tag": "agentout",
      "settings": {
        "vnext": [
          {
            "address": "www.example.com",
            "users": [
              {
                "id": "uuid",
                "alterId": 64,
                "level": 1,
                "security": "auto"
              }
            ],
            "port": 443
          }
        ]
      }
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "AsIs",
        "redirect": "",
        "userLevel": 0
      }
    },
    {
      "tag": "blockout",
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "none"
        }
      }
    }
  ],
  "dns": {
    "servers": [
      ""
    ]
  },
  "routing": {
    "strategy": "rules",
    "settings": {
      "domainStrategy": "IPIfNonMatch",
      "rules": [
        {
          "outboundTag": "direct",
          "type": "field",
          "ip": [
            "geoip:cn",
            "geoip:private"
          ],
          "domain": [
            "geosite:cn",
            "geosite:speedtest"
          ]
        }
      ]
    }
  },
  "transport": {}
}

请附上出错时软件输出的错误日志。在 Linux 中,日志通常在 /var/log/v2ray/error.log 文件中。 服务器端错误日志:

// 在这里附上服务器端日志
2019/10/24 22:09:24 [Warning] v2ray.com/core/transport/internet/websocket: failed to serve http for WebSocket > accept tcp 127.0.0.1:22222: use of closed network connection
2019/10/24 22:09:24 [Warning] v2ray.com/core: V2Ray 4.20.0 started

客户端错误日志:

// 在这里附上客户端日志
v2ray.com/core/transport/internet/websocket: creating connection to tcp:www.example.com:443

请附上访问日志。在 Linux 中,日志通常在 /var/log/v2ray/access.log 文件中。

// 在这里附上服务器端日志
无

其它相关的配置文件(如 Nginx)和相关日志。

//nginx配置
server
{
    listen 80;
    listen 443 ssl http2;
    server_name www.example.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /xxx/xxx/example.com;

    #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    #HTTP_TO_HTTPS_START
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    #HTTP_TO_HTTPS_END
    ssl_certificate    /zzz/fullchain.pem;
    ssl_certificate_key    /zzz/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers xxxxx;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;

    #SSL-END

    #ERROR-PAGE-START  错误页配置,可以注释、删除或修改
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    #ERROR-PAGE-END

    #PHP-INFO-START  PHP引用配置,可以注释或修改
    include enable-php-00.conf;
    #PHP-INFO-END

    #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
    include /www/server/panel/vhost/rewrite/zzz.conf;
    #REWRITE-END

    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }

    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
        allow all;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log off;
        access_log /dev/null;
    }

    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log off;
        access_log /dev/null; 
    }
    access_log  /xxx/xxx/xxxx.log;
    error_log  /xxx/xxx/xxxx.log;

    location /ws {
      proxy_pass      http://127.0.0.1:22222;
      proxy_redirect            off;
      proxy_http_version        1.1;
      proxy_set_header Upgrade  $http_upgrade;
      proxy_set_header Connection \"upgrade\";
      proxy_set_header Host      $http_host;
    }
}
// 在这里附上nginx访问日志
[24/Oct/2019:22:13:54 -0400] "GET /ws HTTP/1.1" 400 12 "-" "Go-http-client/1.1
// 在这里附上nginx访问日志
nginx https能正常访问

如果 V2Ray 无法启动,请附上 --test 输出。 通常的命令为 /usr/bin/v2ray/v2ray --test --config /etc/v2ray/config.json。请按实际情况修改。

如果 V2Ray 服务运行不正常,请附上 journal 日志。 通常的命令为 journalctl -u v2ray。

请预览一下你填的内容再提交。

rikkix commented 4 years ago 
  proxy_set_header Connection \"upgrade\";

\ is not necessary