V2ray-core: WebSocket+TLS+Web ERR: failed to read response header > websocket: close 1000 (normal)
你正在使用哪个版本的 V2Ray?(如果服务器和客户端使用了不同版本,请注明)
服务端使用:
V2Ray 4.22.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.13.5 linux/amd64)
客户端使用:
V2Ray 4.21.3 (V2Fly, a community-driven edition of V2Ray.) Custom
你的使用场景是什么?比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。
Chrome VMess 代理 访问Google
你看到的不正常的现象是什么?(请描述具体现象,比如访问超时,TLS 证书错误等)
我使用的是:WebSocket+TLS+Web
我是使用bt.cn的脚本安装的 nginx+SSL,网站和SSL一切正常。
客户端显示如下错误:
2020/01/13 11:49:32 tcp:127.0.0.1:4682 accepted tcp:clients1.google.com:443 [proxy]
2020/01/13 11:49:32 tcp:127.0.0.1:4685 accepted tcp:www.googleapis.com:443 [proxy]
2020/01/13 11:49:33 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: connection ends > v2ray.com/core/proxy/vmess/outbound: failed to read header > v2ray.com/core/proxy/vmess/encoding: failed to read response header > websocket: close 1000 (normal)
你期待看到的正确表现是怎样的?
网页正常显示
请附上你的配置(提交 Issue 前请隐藏服务器端IP地址)。
客户端配置:
{
"policy": null,
"log": {
"access": "",
"error": "",
"loglevel": "warning"
},
"inbounds": [
{
"tag": "proxy",
"port": 10808,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"ip": null,
"address": null,
"clients": null
},
"streamSettings": null
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "host.net",
"port": 443,
"users": [
{
"id": "873cb57a-8910-4281-a3be-75f7901ddaae",
"alterId": 64,
"email": "[email protected]",
"security": "aes-128-gcm"
}
]
}
],
"servers": null,
"response": null
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"allowInsecure": true,
"serverName": null
},
"tcpSettings": null,
"kcpSettings": null,
"wsSettings": {
"connectionReuse": true,
"path": "/aaaa/",
"headers": null
},
"httpSettings": null,
"quicSettings": null
},
"mux": {
"enabled": true
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"vnext": null,
"servers": null,
"response": null
},
"streamSettings": null,
"mux": null
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"vnext": null,
"servers": null,
"response": {
"type": "http"
}
},
"streamSettings": null,
"mux": null
}
],
"stats": null,
"api": null,
"dns": null,
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"port": null,
"inboundTag": [
"api"
],
"outboundTag": "api",
"ip": null,
"domain": null
}
]
}
}
服务器端配置:
nginx配置一:
server
{
listen 80;
listen 443 ssl http2;
server_name host.net;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/host.net;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/host.net/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/host.net/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注释或修改
include enable-php-56.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/host.net.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log off;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log off;
access_log /dev/null;
}
location /aaaa/
{
proxy_redirect off;
proxy_pass http://127.0.0.1:20001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
# Show realip in v2ray access.log
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /www/wwwlogs/host.net.log;
error_log /www/wwwlogs/host.net.error.log;
}
nginx配置二:
user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
include mime.types;
#include luawaf.conf;
include proxy.conf;
default_type application/octet-stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
access_log off;
server
{
listen 888;
server_name phpmyadmin;
index index.html index.htm index.php;
root /www/server/phpmyadmin;
#error_page 404 /404.html;
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /www/wwwlogs/access.log;
}
include /www/server/panel/vhost/nginx/*.conf;
}
v2ray配置:
{
"log" : {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbound": {
"port": 20001,
"listen":"127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "873cb57a-8910-4281-a3be-75f7901ddaae",
"level": 1,
"alterId": 64,
"email": "[email protected]"
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/aaaa/"
}
}
},
"outbound": {
"protocol": "freedom",
"settings": {}
}
}
BlackMask007
All 13 comments
我今天才遇到这个问题
最后发现是客户端的系统时间不对,差了3分钟
didila
on 16 Jan 2020
谢谢你
didila notifications@github.com 于2020年1月17日周五 上午2:05写道:
我今天才遇到这个问题
最后发现是客户端的系统时间不对,差了3分钟—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/v2ray/v2ray-core/issues/2178?email_source=notifications&email_token=AKQXDENKA3N2LIQLLXPMS7DQ6COWHA5CNFSM4KF4LBW2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJE74CY#issuecomment-575274507,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AKQXDEITBAHKY23JW2ATPJDQ6COWHANCNFSM4KF4LBWQ
.
BlackMask007
on 22 Jan 2020
我在安卓上使用chacha20-poly1305(auto默认选这个)时,会出现大量错误,服务端和客户端都有日志:
failed to read response header > websocket: close 1000 (normal)
在客户端改变加密方式为aes-128-gcm后,速度下降,偶尔出现:
failed to read request header > read tcp 127.0.0.1:6134->120.*.*.*:48560: i/o timeout
没有完全解决websocket: close 1000 (normal)的问题,但是已经不影响使用(使用chacha20或auto时会网页卡顿)
然后我使用了none。直接没有了websocket: close 1000 (normal)这样的错误,速度也比gcm快了,不过偶尔会出现read tcp 127.0.0.1:6134->120.*.*.*:48560: i/o timeout
所以,不妨试试看,在客户端的security使用none
jiuqi9997
on 23 Jan 2020
今天也发生了一样的问题。
服务器很久没更新过了:
V2Ray v3.0 (die Commanderin) 20171130
客户端是新下载的:
V2Ray 4.22.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.13.5 windows/amd64)
按照新版配置文件格式重写了客户端配置,TLS + WebSocket (Nginx 反代)。服务器和本地时间都与 ntp 服务器校时过,且为同一时区。服务器上 v2ray 的 access log 可以看到连接但无法正常使用。
百思不得其解,最后的确将客户端 inbound vmess 的 security 设为 none 可以正常使用了。旧版的客户端配置文件我也用了 aes-128-gcm,是新版的加密部分作了什么修改么?
另:这样做是否存在安全隐患?按照我的理解虽然 vmess 没有加密但是上层有 TLS 所以依旧是安全的?
S-Tsunemori
on 15 Feb 2020
今天也发生了一样的问题。
服务器很久没更新过了:
V2Ray v3.0 (die Commanderin) 20171130客户端是新下载的:
V2Ray 4.22.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.13.5 windows/amd64)按照新版配置文件格式重写了客户端配置,TLS + WebSocket (Nginx 反代)。服务器和本地时间都与 ntp 服务器校时过,且为同一时区。服务器上 v2ray 的 access log 可以看到连接但无法正常使用。
百思不得其解,最后的确将客户端 inbound vmess 的 security 设为 none 可以正常使用了。旧版的客户端配置文件我也用了 aes-128-gcm,是新版的加密部分作了什么修改么?
另:这样做是否存在安全隐患?按照我的理解虽然 vmess 没有加密但是上层有 TLS 所以依旧是安全的?
我个人认为开启了TLS就不用开security的加密了,但是我没有深入研究。不过最近一个月我都设置了none,目前还没有发现任何安全问题。
jiuqi9997
on 24 Feb 2020
如果是在WIN10 下面,failed to read response header, 尝试 点击一下 “调整日期和时间”, 将“自动设置时间” 打开, --- 来自小伙伴的帮忙
chumingqian
on 5 Mar 2020
同样遇到问题,快一两分钟都不行。报错日志建议直接提示时间问题啊
ntgeralt
on 10 Mar 2020
刚做了实验,kitsunebi使用和v2rayNG(1.1.15/core 4.22.1)同样的配置,kitsunebi出现大量错误
failed to read response header > websocket: close 1000 (normal)
使用v2rayNG一切正常,security已选none,tls开启。
所以客户端也许有影响?不妨试试换个客户端
————————————
补充:在kitsunebi中将证书域名填上之后没有问题了,疑似玄学。
jiuqi9997
on 10 Mar 2020
Windows系统可通过修改时间服务器解决此问题
鼠标右键点系统右下角时间--选择调整日期/时间(A)--添加不同时区的时钟--Internet时间--更改设置--修改服务器为:ntp1.aliyun.com
sxcool1024
on 16 Apr 2020
同样的问题,修改时间服务器为:ntp1.aliyun.com 后解决
cropsz
on 6 May 2020
我遇到也是因为服务器时间不同步的原因,服务器时间慢了2分钟,修正一下就好了
linwhitehat
on 12 Jun 2020
我的也出现这个问题。
但是我用ntp1.aliyun.com也不行。
最后,我将脚本里面的网站分流,及网站伪装关掉就可以了。
脚本用的233blog的脚本
lyx32
on 14 Sep 2020
This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days
![github-actions[bot] picture](https://avatars.githubusercontent.com/in/15368?v=4&s=40)
github-actions[bot]
on 13 Jan 2021
Related issues
pingma
·
4Comments
oceanchang
·
3Comments
ferocknew
·
3Comments
ToutyRater
·
4Comments
samjoeyang
·
4Comments
Most helpful comment
我今天才遇到这个问题
最后发现是客户端的系统时间不对,差了3分钟