search

v2ray / v2ray-core

A platform for building proxies to bypass network restrictions.
https://www.v2ray.com/
MIT License
45.01k stars 8.95k forks source link

WS+TLS 一直显示502 Bad Gateway #735

Closed z572787871 closed 6 years ago

z572787871 commented 6 years ago

Please skip to the English section below if you don't write Chinese.

中文: 提交 Issue 之前请先阅读 Issue 指引,然后回答下面的问题,谢谢。 除非特殊情况,请完整填写所有问题,缺少信息将减慢Issue回复速度。

1) 你正在使用哪个版本的 V2Ray?(如果服务器和客户端使用了不同版本,请注明) V2Ray v2.51 (One for all) 20171123 2) 你的使用场景是什么?比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。 Chrome 通过 Socks/VMess 代理观看 YouTube 视频等 3) 你看到的不正常的现象是什么?(请描述具体现象,比如访问超时,TLS 证书错误等) 502 Bad Gateway 4) 你期待看到的正确表现是怎样的? 能正常连接 5) 请附上你的配置(提交 Issue 前请隐藏服务器端IP地址)。 服务器端配置:

{
  "log" : {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },
  "inbound": {
    "listen": "127.0.0.1",
    "port": 8080,
    "protocol": "vmess", 
    "settings": {
      "clients": [
        { 
          "id": "*",
          "level": 1,
          "alterId": *,
          "security": "aes-128-gcm"
        }
      ]
    },
    "streamSettings": {
      "network": "ws",
      "security": "tls",
      "wsSettings": {
        "severName": "*",
        "path": "v2/v2ray/2v",
        "certificates": [
          {
            "certificateFile": "*/certificate.pem",
            "keyFile": "*/privateKey.pem"
          }
         ]
      }
    }
  },
  "inboundDetour": [],
  "outbound": {
    "protocol": "freedom",
    "settings": {
      "timeout": 30
    }
  },
  "outbound": {
    "protocol": "freedom",
    "settings": {}
  },
  "outboundDetour": [
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "blocked"
    }
  ],
  "routing": {
    "strategy": "rules",
    "settings": {
      "rules": [
        {
          "type": "field",
          "ip": [
            "0.0.0.0/8",
            "10.0.0.0/8",
            "100.64.0.0/10",
            "127.0.0.0/8",
            "169.254.0.0/16",
            "172.16.0.0/12",
            "192.0.0.0/24",
            "192.0.2.0/24",
            "192.168.0.0/16",
            "198.18.0.0/15",
            "198.51.100.0/24",
            "203.0.113.0/24",
            "::1/128",
            "fc00::/7",
            "fe80::/10"
          ],
          "outboundTag": "blocked"
        }
      ]
    }
  }
}
客户端配置:
{
  "log": {
    "loglevel": "info"
  },
  "inbound": {
    "protocol": "socks",
    "listen": "0.0.0.0",
    "port": 8087,
    "settings": {
      "auth": "noauth",
      "udp": true,
      "timeout": 30
    }
  },
  "inboundDetour": [],
  "outbound": {
    "protocol": "vmess",
    "settings": {
      "vnext": [
        {
          "address": "*", 
          "port": 443, 
          "users": [
            {
              "id": "*",
              "level": 1,
              "alterId": *,
              "security": "aes-128-gcm"
            }
          ]
        }
      ]
    },
    "streamSettings": {
      "network": "ws", 
      "security": "tls",
      "tlsSettings": {
          "serverName": "*"
      },
      "wsSettings": {
        "connectionReuse": false,
        "path": "/v2/v2ray/2v"
      }
    }
  },
  "outboundDetour": [
    {
      "protocol": "freedom",
      "settings": {},
      "tag": "direct"
    }
  ],
  "dns": {
    "servers": [
      "8.8.8.8",
      "8.8.4.4"
    ]
  },
  "routing": {
    "strategy": "rules",
    "settings": {
      "domainStrategy": "IPIfNonMatch",
      "rules": [
        {
          "type": "field",
          "ip": [
            "0.0.0.0/8",
            "10.0.0.0/8",
            "100.64.0.0/10",
            "127.0.0.0/8",
            "169.254.0.0/16",
            "172.16.0.0/12",
            "192.0.0.0/24",
            "192.0.2.0/24",
            "192.168.0.0/16",
            "198.18.0.0/15",
            "198.51.100.0/24",
            "203.0.113.0/24",
            "::1/128",
            "fc00::/7",
            "fe80::/10"
          ],
          "outboundTag": "direct"
        }
      ]
    }
  }
}

6) 请附上出错时软件输出的错误日志。在 Linux 中,日志通常在 /var/log/v2ray/error.log 文件中。

服务器端错误日志:
日记中没有任何记录。

客户端错误日志:

V2Ray v2.51 (One for all) 20171123 An unified platform for anti-censorship. 2017/11/25 20:08:34 [Debug]App|Proxyman|Inbound: creating tcp worker on 0.0.0.0:8087 2017/11/25 20:08:34 [Info]Transport|Internet|TCP: listening TCP on 0.0.0.0:8087 2017/11/25 20:08:34 [Info]Transport|Internet|UDP: listening UDP on 0.0.0.0:8087 2017/11/25 20:08:34 [Warning]Core: V2Ray started 2017/11/25 20:09:05 [Warning]App|Proxyman|Outbound: failed to process outbound traffic > Proxy|VMess|Outbound: failed to find an available destination > Retry: [Transport|Internet|WebSocket: failed to dial WebSocket > Transport|Internet|WebSocket: failed to dial to (wss:///v2/v2ray/2v): 502 Bad Gateway > websocket: bad handshake] > Retry: all retry attempts failed 2017/11/25 20:09:05 [Info]App|Proxyman|Inbound: connection ends > Proxy|Socks: connection ends > Proxy|Socks: failed to transport all TCP response > io: read/write on closed pipe 2017/11/25 20:09:05 [Info]App|Proxyman|Inbound: connection ends > Proxy|Socks: connection ends > 2017/11/25 20:09:06 [Info]Transport|Internet|WebSocket: creating connection to tcp::443

7) 请附上访问日志。在 Linux 中,日志通常在 /var/log/v2ray/error.log 文件中。 日记中没有任何记录。

z572787871 commented 6 years ago

nginx config

server {
  listen 443 ssl;
  ssl on;
  ssl_certificate       /*/certificate.pem;
  ssl_certificate_key   /*/privateKey.pem;
  ssl_protocols         TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers           HIGH:!aNULL:!MD5;
  server_name           *;
  root /www/wwwroot/*;
        location /v2/v2ray/2v {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        }
}
DarienRaymond commented 6 years ago

你的 nginx 已经拦截了 TLS,在 V2Ray server 中就不需要配置 TLS 了。