search

v2ray / discussion

For general discussion over Project V development and usage.
299 stars 34 forks source link

V2ray无法代理,好像是无法处理ws #524

Closed jackphj closed 4 years ago

jackphj commented 4 years ago

错误信息如下: v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://zfmood.xyz:80/v2ray): > tls: first record does not look like a TLS handshake] > v2ray.com/core/common/retry: all retry attempts failed

采用的是网上比较热门的nginx+ws+tls,服务器是vultr的5美元vps,延迟大约400ms,防火墙只开了80和443和ssh的端口。

下面是nginx的配置,tls是certbot申请的,然后直接填上去,没有用certbot --nginx

ssl_session_timeout 500m;
ssl_buffer_size 4k;

    server{
    listen 80;
    listen 443 ssl http2;
    server_name vray.zfmood.xyz;

    ssl_certificate /etc/letsencrypt/live/vray.zfmood.xyz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/vray.zfmood.xyz/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    root   /www/ray;
    index  index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    location /v2ray {

        proxy_pass http://127.0.0.1:3333;
        proxy_redirect             off;
        proxy_http_version         1.1;
        proxy_set_header Upgrade   $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host      $http_host;
        proxy_read_timeout 300s;

        }

    }

服务器端就很少东西:

{
  "log": {
    "access": "/etc/v2ray/access.log",
    "error": "/etc/v2ray/error.log",
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "port": 3333,
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "fbacd51a-13e3-4819-a2ed-87d7e9fd5188",
            "alterId": 64
          }
        ]
      },
      "tag": "in-0",
      "streamSettings": {
        "network": "ws",
        "security": "none",
        "wsSettings": {
          "path": "/v2ray"
        }
      },
      "listen": "127.0.0.1"
    }
  ],
  "outbounds": [
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {}
    }
  ]
}

客户端配置

{
  "inbounds": [
    {
      "port": "1080",
      "protocol": "http",
      "settings": {},
      "tag": "in-0"
    }
  ],
  "outbounds": [
    {
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "zfmood.xyz",
            "port": 80,
            "users": [
              {
                "id": "fbacd51a-13e3-4819-a2ed-87d7e9fd5188",
                "alterId": 64
              }
            ]
          }
        ]
      },
      "tag": "out-0",
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "wsSettings": {
          "path": "/v2ray"
        },
        "tlsSettings": {
          "serverName": "ray.zfmood.xyz"
        }
      }
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {}
    },
    {
      "tag": "blocked",
      "protocol": "blackhole",
      "settings": {}
    }
  ],
  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [
      {
        "type": "field",
        "ip": [
          "geoip:private"
        ],
        "domain":[
          "geosite:cn"
        ],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "domain": [
          "geosite:category-ads"
        ],
        "outboundTag": "blocked"
      }
    ]
  },
}

希望大神可以帮忙找找问题,谢谢了

kslr commented 4 years ago

tls: first record does not look like a TLS handshake 你需要检查一下HTTP服务器

jackphj commented 4 years ago

tls: first record does not look like a TLS handshake 你需要检查一下HTTP服务器

nginx吗?我只有用这一个服务器


user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;

    ssl_session_timeout 500m;
    ssl_buffer_size 4k;

    server{
    listen 80;
    listen 443 ssl http2;
    server_name vray.zfmood.xyz;

    ssl_certificate /etc/letsencrypt/live/vray.zfmood.xyz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/vray.zfmood.xyz/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    root   /www/ray;
    index  index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    location /v2ray {

        proxy_pass http://127.0.0.1:3333;
        proxy_redirect             off;
        proxy_http_version         1.1;
        proxy_set_header Upgrade   $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host      $http_host;
        proxy_read_timeout 300s;

        }

    }

}

这个对着网上的教程和nginx的文档写的,也不知道为什么直接访问没有显示证书

DolorHunter commented 4 years ago

客户端端口写 443 吧

jackphj commented 4 years ago

客户端端口写 443 吧

万分感谢,可以用了