V2ray-core: caddy反代H2失败。

Created on 14 Apr 2018  ·  9Comments  ·  Source: v2ray/v2ray-core

caddy配置为

https://domain.me {
 gzip
tls /etc/v2ray/v2ray.crt /etc/v2ray/v2ray.key 
 proxy /path localhost:10000 {
header_upstream Host "domain.me" 
header_upstream X-Forwarded-Proto "https"
  }
}

v2ray的配置

 "streamSettings":{
            "network":"h2",
            "httpSettings":{
                "path":"/path"
            },
            }

v2ray报错为:

Failed to start App|Proxyman|Inbound: failed to listen TCP on 10000 > Transport|Internet: failed to listen on address: 127.0.0.1:10000 > Transport|Internet|HTTP: TLS must be enabled for http transport.

在streamSettings加入tls配置

"security":"tls",
  "tlsSettings": {
        "certificates": [
          {
            "certificateFile": "/etc/v2ray/v2ray.crt", 
            "keyFile": "/etc/v2ray/v2ray.key"
          }
        ]
      }

报错为

http: TLS handshake error from 127.0.0.1:44190: tls: first record does not look like a TLS handshake

这两种情况下,caddy的报错分别为:

13/Apr/2018:23:44:49 +0000 [ERROR 502 /path] dial tcp 127.0.0.1:10000: connect: connection refused

13/Apr/2018:23:44:51 +0000 [ERROR 502 /path] net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"

复查手册,在httpsettings加入
"host": ["domain.me"],
此时v2ray不出log,
service v2ray status 报 EOF 错误。

caddy报错

14/Apr/2018:00:47:07 +0000 [ERROR 502 /path] client disconnected
14/Apr/2018:00:47:07 +0000 [ERROR 502 /path] context canceled

picture webore

Most helpful comment

你可以试试我的配置
caddy.conf

http://example.com{
   redir https://example.com {url}
}
https://example.com{

    proxy /example https://localhost:10000 {
        insecure_skip_verify
        header_upstream X-Forwarded-Proto "https"
        header_upstream Host "example.com"
    }
}

server_config.json

{
           "port": 10000,
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
               "clients": [
                   {
                       "id":"",
                       "level": 0,
                       "alterId": 0
                   }
               ]
           },
            "streamSettings": {
                "network": "h2",
                "security": "tls",
                "httpSettings": {
                    "path": "/example",
                    "host": ["example.com"]
                },
                "tlsSettings": {
                    "serverName": "example.com",
                    "certificates": [
                        {
                            "certificateFile": "/etc/v2ray/v2ray.crt",
                            "keyFile": "/etc/v2ray/v2ray.key"
                        }
                    ]
                }
            }
}

client_config.json

        "streamSettings": {
            "network": "http",
            "security": "tls",
            "tlsSettings": {
                "serverName": "example.com"
            },
            "httpSettings": {
                "host": [
                    "example.com"
                ],
                "path": "/example"
            }
        }
picture 699ebe23 on 11 May 2018
👍8

All 9 comments

caddy 转发的时候要转发到 https,如 https://localhost:10000,然后要加 insecure_skip_verify 选项。

DarienRaymond picture DarienRaymond on 14 Apr 2018

加了这两项还是不行,caddy说

14/Apr/2018:08:08:11 +0000 [ERROR 502 /path] remote error: tls: internal error

v2ray说

http: TLS handshake error from 127.0.0.1:44218: Transport|Internet|TLS: failed to create a new certificate for localhost

客户端配置如下:

{
"log": {
"loglevel": "warning"
},
"inbound": {
"listen": "127.0.0.1",
"port": 1080,
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true
},
"domainOverride": [
"http",
"tls"
]
},
"outbound": {
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "domain.me",
"port": 443,
"users": [
{
"id": "*-2efd-11e8-b467-*",
"alterId": 100,
"security": "auto",
"level": 1
}
]
}
]
},
"tag": "proxy",
"streamSettings": {
"network": "h2",
"security": "tls",
"tlsSettings": {
"serverName": "domain.me",
"allowInsecure": false
},
"httpSettings": {
"host": [
"domain.me"
],
"path": "/path"
}
},
"mux": {
"enabled": false,
"concurrency": 8
}
},
"outboundDetour": [
{
"protocol": "freedom",
"settings": {},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "block"
}
],
"routing": {
"strategy": "rules",
"settings": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct"
},
{
"type": "chinaip",
"outboundTag": "direct"
}
]
}
}
}

webore picture webore on 14 Apr 2018

caddy配置里不能用 gzip

o0HalfLife0o picture o0HalfLife0o on 15 Apr 2018

@DarienRaymond caddy配置不能加gzip,加了就一直加载不出来,不加就可以正常用,不知是否bug

o0HalfLife0o picture o0HalfLife0o on 15 Apr 2018

我尝试过一些方法,还未成功
https://github.com/mholt/caddy/issues/1657

2dust picture 2dust on 16 Apr 2018

@2dust https://github.com/v2ray/v2ray-core/issues/1049

o0HalfLife0o picture o0HalfLife0o on 16 Apr 2018

你可以试试我的配置
caddy.conf

http://example.com{
   redir https://example.com {url}
}
https://example.com{

    proxy /example https://localhost:10000 {
        insecure_skip_verify
        header_upstream X-Forwarded-Proto "https"
        header_upstream Host "example.com"
    }
}

server_config.json

{
           "port": 10000,
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
               "clients": [
                   {
                       "id":"",
                       "level": 0,
                       "alterId": 0
                   }
               ]
           },
            "streamSettings": {
                "network": "h2",
                "security": "tls",
                "httpSettings": {
                    "path": "/example",
                    "host": ["example.com"]
                },
                "tlsSettings": {
                    "serverName": "example.com",
                    "certificates": [
                        {
                            "certificateFile": "/etc/v2ray/v2ray.crt",
                            "keyFile": "/etc/v2ray/v2ray.key"
                        }
                    ]
                }
            }
}

client_config.json

        "streamSettings": {
            "network": "http",
            "security": "tls",
            "tlsSettings": {
                "serverName": "example.com"
            },
            "httpSettings": {
                "host": [
                    "example.com"
                ],
                "path": "/example"
            }
        }
699ebe23 picture 699ebe23 on 11 May 2018
👍8

@699ebe23 caddy自动生成的https certificateFile keyFile 放在哪里?

createWheel picture createWheel on 20 Jul 2018

运行:
find / -name acme -type d
位置:
acme/acme-v02.api.letsencrypt.org/sites/

MassSmith picture MassSmith on 18 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

FTAndy picture FTAndy  ·  4Comments
ahdung picture ahdung  ·  3Comments
oceanchang picture oceanchang  ·  3Comments
cnperi picture cnperi  ·  4Comments
samjoeyang picture samjoeyang  ·  4Comments