centos websocket+tls+nginx failed: vmess invalid user

[smallst]

提交 Issue 之前请先阅读 Issue 指引，然后回答下面的问题，谢谢。 除非特殊情况，请完整填写所有问题。不按模板发的 issue 将直接被关闭。 如果你遇到的问题不是 V2Ray 的 bug，比如你不清楚要如何配置，请使用Discussion进行讨论。

1) 你正在使用哪个版本的 V2Ray？（如果服务器和客户端使用了不同版本，请注明） 4.21.3 2) 你的使用场景是什么？比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。 proxychains curl： empty response 3) 你看到的不正常的现象是什么？（请描述具体现象，比如访问超时，TLS 证书错误等）

==> /var/log/v2ray/access.log <==
2019/12/13 10:13:34 127.0.0.1:44256 rejected  v2ray.com/core/proxy/vmess/encoding: invalid user

==> /var/log/nginx/error.log <==
2019/12/13 10:13:34 [error] 24062#0: *102 upstream prematurely closed connection while reading response header from upstream, client: 219.143.×××.63, server: ×××.×××.cn, request: "GET /new HTTP/1.1", upstream: "http://127.0.0.1:2××25/new", host: "×××.×××.cn"

==> /var/log/nginx/access.log <==
219.143.154.63 - - [13/Dec/2019:10:13:34 +0800] "GET /new HTTP/1.1" 502 3693 "-" "Go-http-client/1.1" "-"

4) 你期待看到的正确表现是怎样的？ 正常链接 5) 请附上你的配置（提交 Issue 前请隐藏服务器端IP地址）。

服务器端配置:

    // 在这里附上服务器端配置文件
{
 "log": {
        // By default, V2Ray writes access log to stdout.
         "access": "/var/log/v2ray/access.log",

        // By default, V2Ray write error log to stdout.
       "error": "/var/log/v2ray/error.log",

       // Log level, one of "debug", "info", "warning", "error", "none"
       "loglevel": "warning"
     },

  "inbounds": [{
    "port": 2××25,
    "listen": "127.0.0.1",
    "protocol": "vmess",
    "settings": {
      "clients": [
        {t l s
          "id": "1a9fea63-be84-××××-××××-eafe98cbafb0",
          "level": 1,
          "alterId": 4
        }
      ]
    }
  }],
    "streamSettings": {
        "network": "ws",
        "wsSettings": {
            "path": "/new"
        }
    },
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  }]
}

客户端配置:

    // 在这里附上客户端配置
{
  "log": {
    "loglevel": "warning"
  },
  "inbounds": [{
    "port": 1××2,
    "listen": "127.0.0.1",
    "tag": "socks-inbound",
    "protocol": "socks",
    "settings": {
      "auth": "noauth",
      "udp": false //,
    //  "ip": "127.0.0.1"
    },
    "sniffing": {
      "enabled": true,
      "destOverride": ["http", "tls"]
    }
  }],
  "outbounds": [{
    "protocol": "vmess",
    "settings": {
        "vnext": [{
            "address": "×××.×××.cn",
            "port": 443,
            "users":[{
                "id":"1a9fea63-be84-****-****-eafe98cbafb0",
                "level": 1,
                "security": "auto",
                "alterId": 4
            }]
        }]
    },
    "streamSettings": {
        "network": "ws",
        "security": "tls",
        "tlsSettings": {
          "allowInsecure": true,
          "serverName": "×××.×××.cn"
        },
        "tcpSettings": null,
        "kcpSettings": null,
        "wsSettings": {
          "connectionReuse": true,
          "path": "/new",
          "headers": {
            "Host": "×××.×××.cn"
          }
        }
      },
    "tag": "proxy-vmess"
  },{
    "protocol": "freedom",
    "settings": {},
    "tag": "direct"
  }],

  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules":[
      {
        "type": "field",
        "ip": [
            "geoip:cn",
        "geoip:private"
        ],
        "outboundTag": "direct"
      },
    {
        "type": "field",
        "domain": [
        "cnblogs.com"
        ],
        "outboundTag": "proxy-vmess"
    },
    {
        "type": "field",
        "domain": [
        "geosite:cn"
        ],
        "outboundTag": "direct"
    },
      {
        // Blocks major ads.
        "type": "field",
        "domain": ["geosite:category-ads"],
        "outboundTag": "blocked"
      }
    ]
  },

  "dns": {
    "hosts": {
      "domain:v2ray.com": "www.vicemc.net",
      "domain:github.io": "pages.github.com",
      "domain:wikipedia.org": "www.wikimedia.org",
      "domain:shadowsocks.org": "electronicsrealm.com"
    },
    "servers": [
      "1.1.1.1",
      {
        "address": "114.114.114.114",
        "port": 53,
        // List of domains that use this DNS first.
        "domains": [
          "geosite:cn"
        ]
      },
      "8.8.8.8",
      "localhost"
    ]
  },
  "policy": {
    "levels": {
      "0": {
        "uplinkOnly": 0,
        "downlinkOnly": 0
      }
    },
    "system": {
      "statsInboundUplink": false,
      "statsInboundDownlink": false
    }
  },
  "other": {}
}

6) 请附上出错时软件输出的错误日志。在 Linux 中，日志通常在 /var/log/v2ray/error.log 文件中。

服务器端错误日志:

    // 在这里附上服务器端日志
无

客户端错误日志:

    // 在这里附上客户端日志
2019/12/13 10:13:24 [Warning] v2ray.com/core: V2Ray 4.21.3 started
2019/12/13 10:13:30 tcp:127.0.0.1:40566 accepted tcp:ip.sb:80 [proxy-vmess] 
2019/12/13 10:13:33 [Warning] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://×××.×××.cn/new): 502 Bad Gateway > websocket: bad handshake v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://×××.×××.cn/new):  > dial tcp: operation was canceled] > v2ray.com/core/common/retry: all retry attempts failed

7) 请附上访问日志。在 Linux 中，日志通常在 /var/log/v2ray/access.log 文件中。

    // 在这里附上服务器端日志
2019/12/13 10:13:38 127.0.0.1:44262 rejected  v2ray.com/core/proxy/vmess/encoding: invalid user

8) 其它相关的配置文件（如 Nginx）和相关日志。 nginx 配置：

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main; 
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include ip.black;

    include /etc/nginx/conf.d/*.conf;

#    error_page 404 /404.html;
    server {
        server_name ×××.×××.cn; # managed by Certbot
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        root         /usr/share/nginx/html;
        location / {
            root /home/smallst/web/main/frontend/dist/;
        }
        location /new {
            if ($http_upgrade != "websocket") {
                return 404;
            }
            proxy_pass http://127.0.0.1:22225;
            proxy_redirect off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/×××.×××.cn/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/×××.×××.cn/privkey.pem; # managed by Certbot
    ssl_protocols         TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers           HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

         error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }

}

    server {
    if ($host = ×××.×××.cn) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen       80 ;
        listen       [::]:80 ;
    server_name ×××.×××.cn;
    return 404; # managed by Certbot
}}

==> /var/log/nginx/error.log <==
2019/12/13 10:13:34 [error] 24062#0: *102 upstream prematurely closed connection while reading response header from upstream, client: 219.143.×××.63, server: ×××.×××.cn, request: "GET /new HTTP/1.1", upstream: "http://127.0.0.1:22225/new", host: "×××.×××.cn"

9) 如果 V2Ray 无法启动，请附上 --test 输出。

通常的命令为 /usr/bin/v2ray/v2ray --test --config /etc/v2ray/config.json。请按实际情况修改。

10) 如果 V2Ray 服务运行不正常，请附上 journal 日志。

通常的命令为 journalctl -u v2ray。

请预览一下你填的内容再提交。

最后说明： 尽管对server地址还有user id 进行了打码，但直接用 vmess 方法可以正常链接使用，我认为这意味着 v2ray配置的 user 是没有问题的，服务器和客户端的时间也校准过，最可能出现问题的地方应该是nginx？ 不加tls的ws反代是成功的，是tls配置出了问题？折腾得有点蒙了，求助。

[smallst]

server config streamSettings position error.