search

v2ray / v2ray-core

A platform for building proxies to bypass network restrictions.
https://www.v2ray.com/
MIT License
45.01k stars 8.95k forks source link

如何使用nginx代理ws流量并正常访问443端口原有的页面? #1746

Closed Antidoteseries closed 5 years ago

Antidoteseries commented 5 years ago

试着使用nginx代理流量,由于我需要搭建一个云盘所以443端口是复用的,但是怎么都不成功,报错404,请问一下是什么问题呢?谢谢

版本:4.19 服务器配置: "inbounds": [ { "port": 1200, "listen": "127.0.0.1", "protocol": "vmess", "settings": { "clients": [ { "id": "xxx", "level": 10, "alterId": 8, "security": "auto", "email": "xxx@v2ray.com" } ], "disableInsecureEncryption": true }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/upload", } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } } ],

客户端配置: "outbounds": [ { "mux": { "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "address": "xxx", "port": 443, "users": [ { "alterId": 8, "id": "xxx", "security": "auto" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "wssettings": { "path": "/upload" } } } ], nginx配置:

server { listen 80; server_name xxx; return 301 https://xxx$request_uri; }

server { listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot ssl_protocols TLSv1.3;

server_name xxx;

# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=31536000" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

#This header is already set in PHP, so it is commented out here.
#add_header X-Frame-Options "SAMEORIGIN";

# Path to the root of your installation
root /var/www/html/nextcloud/;

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;

location = /.well-known/carddav {
    return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
   return 301 $scheme://$host/remote.php/dav;
}

location ~ /.well-known/acme-challenge {
  allow all;
}

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location /upload {
proxy_redirect off;
proxy_pass http://127.0.0.1:1200; 
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location / {
   rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
   deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
   deny all;
 }

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
   include fastcgi_params;
   fastcgi_split_path_info ^(.+\.php)(/.*)$;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   fastcgi_param PATH_INFO $fastcgi_path_info;
   #Avoid sending the security headers twice
   fastcgi_param modHeadersAvailable true;
   fastcgi_param front_controller_active true;
   fastcgi_pass unix:/run/php/php7.3-fpm.sock;
   fastcgi_intercept_errors on;
   fastcgi_request_buffering off;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
   try_files $uri/ =404;
   index index.php;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
    try_files $uri /index.php$uri$is_args$args;
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers (It is intended to
    # have those duplicated to the ones above)
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;

}

location ~* .(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args;

Optional: Don't log access to other assets

    access_log off;

}

}

v2ray无日志,数据没有转发成功,nginx日志仅xxx - - [12/Jun/2019:12:18:41 +0000] "GET /upload HTTP/1.1" 404 0 "-" "Go-http-client/1.1"一条

467815891a commented 4 years ago

请问是如何解决的呢,我和你报一样的错

Antidoteseries commented 4 years ago

请问是如何解决的呢,我和你报一样的错

在nginx中配置proxy_pass代理转发时,如果在proxy_pass后面的url加/,表示绝对根路径;如果没有/,表示相对路径,把匹配的路径部分也给代理走。

假设下面四种情况分别用 http://192.168.1.1/proxy/test.html 进行访问。

第一种: location /proxy/ { proxy_pass http://127.0.0.1/; } 代理到URL:http://127.0.0.1/test.html

第二种(相对于第一种,最后少一个 / ) location /proxy/ { proxy_pass http://127.0.0.1; } 代理到URL:http://127.0.0.1/proxy/test.html

第三种: location /proxy/ { proxy_pass http://127.0.0.1/aaa/; } 代理到URL:http://127.0.0.1/aaa/test.html

第四种(相对于第三种,最后少一个 / ) location /proxy/ { proxy_pass http://127.0.0.1/aaa; } 代理到URL:http://127.0.0.1/aaatest.html

理解一下,是/的问题