waylybaye / HyperApp-Guide

HyperApp user's manual
1.56k stars 323 forks source link

部署V2Ray后WebSocket+TLS用Surge连接提示Invalid Certificate Chain #279

Open PFbHzsiF opened 4 years ago

PFbHzsiF commented 4 years ago

使用TCP并且关掉TLS的情况下可以443与10443接口都可以连接成功。

根据V2Ray教程中的方案2: WebSocket 传输,使用 Nginx & SSL Support 反代 V2Ray,将V2Ray的Port修改为10443,然后依次安装Nginx Proxy与Nginx SSL Support。

再根据

"安装完了 Nginx 下面就可以自动生成 SSL 证书了,如果你要为指定域名生成证书需要进行下面>的操作。

如果你想创建其它应用并自动配置 Nginx 反代则在商店里面选择你想创建的应用

不管你选择了哪一步,则创建应用后在出现的配置界面中,都可以在下面看到一个 显示 Nginx 和 >SSL 选项 的按钮,打开后可以看到下面两部分的配置:

Custom Domain (自定义域名)

是配合 nginx 使用的,它告诉 nginx 遇到访问该域名的请求时,把请求转发(反向代理)给当前>应用。

Host: 要反向代理的域名,多个域名用半角逗号隔开(比如我们填入 hyperapp.io) Port: 这个 Port 是 Ghost 进程监听的 Port,一般情况下并不需要填,因为会自动探测该端口。 HTTPS: 这个是设置配置了HTTPS后怎么处理 HTTP 请求的,共有四个选项 将所有 HTTP 的请求跳转到 HTTPS 上(默认) 不跳转,让 HTTP 和 HTTPS 并存 禁用 HTTP 请求,所有 HTTP 请求将会被丢弃 禁用 HTTPS,只保留 HTTP SSL Support 配合 Nginx SSL Support 使用,当填入一个域名时它会使用 letsencrypt 自动请求并生成该域名的证书。

Host: 要生成证书的域名(默认会与上面的Nginx Host保持同步,所以如果填了上面的域名,此处会自动输入 hyperapp.io) Email: (必填) 用来管理域名证书的邮箱。 现在,只要在服务器上安装这个应用就可以了,等安装成功后,稍等两分钟你在浏览器中打开 https://你的域名 应该就可以访问了!你也可以查看 Nginx SSL Support 的日志,里面会有过程记录。证书生成后会默认保存在 /srv/docker/certs/ 目录下面(如果你没有改配置的话)。"

填写完并update Config之后稍等了一会,在浏览器输入https://域名 之后能看到502 Bad Gateway nginx/1.17.5,在HyperApp的Nginx SSL Support的状态里有显示certs saved to /srv/docker/certs, 手动进入对应文件夹后也能看到证书文件。此时Safari浏览器地址栏前方也有🔒。点开证书后显示的也确实是Let's Encrypt的证书。

但是这个时候修改Surge里的配置文件,使用WS+TLS连接443端口,Surge报错显示Invalid Certificate Chain。在手机上的shadowrocket尝试后同样无法访问Google。

看起来似乎最有可能的情况是Nginx并没有把443端口反代给V2Ray,但是我并不知道如何确认并解决这个问题,Nginx,V2Ray,Surge/Shadowrocket这三个地方我还需要做什么进一步的排查吗?

PFbHzsiF commented 4 years ago

`V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255

上面是我uninstall掉V2Ray之后再重新Install之后的Log,似乎V2Ray并没有读取到crt证书文件,但是直接去SFTP查看的话文件又都是存在的

kid101x commented 4 years ago

我遇到的问题稍有不同,我是无法使用443,只能使用我自定义的端口号才能正常使用