V2ray-core: 使用Nginx+TLS+WS模式时，有几率出现连接失败

Created on 17 Feb 2020 · 1Comment · Source: v2ray/v2ray-core

1) 你正在使用哪个版本的 V2Ray？（如果服务器和客户端使用了不同版本，请注明）

服务端客户端均为4.22.1

服务端：Debian 10 64

客户端：Windows 10 64

2) 你的使用场景是什么？比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。

使用Chrome浏览网页，为TLS+WS模式

3) 你看到的不正常的现象是什么？（请描述具体现象，比如访问超时，TLS 证书错误等）

能够正常连接，且速度稳定

然而浏览网页时 有几率 立刻提示connection_closed，图片等资源也有可能加载失败，图片显示空白

使用curl进行测试，访问http/https网页均 有几率 立刻失败

出现连接失败的几率约为1/8

连接失败时的curl测试命令：

$ curl http://google.com -x http://127.0.0.1:8002 -v
* Expire in 0 ms for 6 (transfer 0x7fffed38df50)
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x7fffed38df50)
* Connected to 127.0.0.1 (127.0.0.1) port 8002 (#0)
> GET http://google.com/ HTTP/1.1
> Host: google.com
> User-Agent: curl/7.64.0
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 503 Service Unavailable
< Connection: close
* HTTP/1.1 proxy connection set close!
< Proxy-Connection: close
< Content-Length: 0
<
* Closing connection 0

$ curl https://google.com -x http://127.0.0.1:8002 -v
* Expire in 0 ms for 6 (transfer 0x7fffbafc3f50)
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x7fffbafc3f50)
* Connected to 127.0.0.1 (127.0.0.1) port 8002 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to google.com:443
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> User-Agent: curl/7.64.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to google.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to google.com:443

4) 你期待看到的正确表现是怎样的

不会出现几率性失败

5) 请附上你的配置（提交 Issue 前请隐藏服务器端IP地址）。

服务器端配置:

{
  "inbounds": [
    {
      "port": 10000,
      "listen": "127.0.0.1",
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "uuid",
            "level": 1,
            "alterId": 64
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
          "path": "/wspath"
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    },
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "blocked"
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": [
          "geoip:private"
        ],
        "outboundTag": "blocked"
      }
    ]
  }
}

客户端配置（由V2RayW生成）:

{
  "dns": {
    "servers": [
      "localhost"
    ]
  },
  "inbounds": [
    {
      "port": 1082,
      "listen": "127.0.0.1",
      "settings": {
        "udp": true
      },
      "protocol": "socks"
    },
    {
      "port": 8002,
      "listen": "127.0.0.1",
      "protocol": "http"
    }
  ],
  "log": {
    "error": "error.log",
    "access": "access.log",
    "loglevel": "info"
  },
  "outbounds": [
    {
      "sendThrough": "0.0.0.0",
      "mux": {
        "enabled": false,
        "concurrency": 8
      },
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "server",
            "users": [
              {
                "id": "uuid",
                "alterId": 0,
                "security": "none",
                "level": 0
              }
            ],
            "port": 443
          }
        ]
      },
      "tag": "s",
      "streamSettings": {
        "wsSettings": {
          "path": "/wspath",
          "headers": {}
        },
        "quicSettings": {
          "key": "key",
          "security": "none",
          "header": {
            "type": "none"
          }
        },
        "tlsSettings": {
          "allowInsecure": false,
          "alpn": [
            "http/1.1"
          ],
          "serverName": "server",
          "allowInsecureCiphers": false
        },
        "httpSettings": {
          "host": [
            ""
          ],
          "path": ""
        },
        "kcpSettings": {
          "header": {
            "type": "none"
          },
          "mtu": 1350,
          "congestion": false,
          "tti": 50,
          "uplinkCapacity": 5,
          "writeBufferSize": 2,
          "readBufferSize": 2,
          "downlinkCapacity": 20
        },
        "tcpSettings": {
          "header": {
            "type": "none"
          }
        },
        "security": "tls",
        "network": "ws",
        "sockopt": {}
      }
    }
  ],
  "routing": {
    "name": "all to main",
    "domainStrategy": "AsIs",
    "rules": [
      {
        "type": "field",
        "port": "0-65535",
        "outboundTag": "s"
      }
    ]
  }
}

6) 请附上出错时软件输出的错误日志。在 Linux 中，日志通常在 /var/log/v2ray/error.log 文件中。

服务器端错误日志:

2020/02/17 11:48:01 [Warning] v2ray.com/core: V2Ray 4.22.1 started
2020/02/17 11:48:21 [Info] [1996397606] v2ray.com/core/proxy/vmess/inbound: received request for tcp:google.com:80
2020/02/17 11:48:21 [Info] [1996397606] v2ray.com/core/app/dispatcher: default route for tcp:google.com:80
2020/02/17 11:48:21 [Info] [1996397606] v2ray.com/core/proxy/freedom: opening connection to tcp:google.com:80
2020/02/17 11:48:21 [Info] [1996397606] v2ray.com/core/transport/internet/tcp: dialing TCP to tcp:google.com:80
2020/02/17 11:48:21 [Info] [1996397606] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/freedom: connection ends > context canceled
2020/02/17 11:48:28 [Info] [907803380] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/vmess/inbound: invalid request from client:53414 > v2ray.com/core/proxy/vmess/encoding: invalid user

客户端错误日志:

2020/02/18 00:35:19 [Warning] v2ray.com/core: V2Ray 4.22.1 started
2020/02/18 00:35:21 [Info] [4258209986] v2ray.com/core/proxy/http: request to Method [GET] Host [google.com] with URL [http://google.com/]
2020/02/18 00:35:21 [Info] [4258209986] v2ray.com/core/app/dispatcher: taking detour [s] for [tcp:google.com:80]
2020/02/18 00:35:21 [Info] [4258209986] v2ray.com/core/transport/internet/websocket: creating connection to tcp:server:443
2020/02/18 00:35:22 [Info] [4258209986] v2ray.com/core/proxy/vmess/outbound: tunneling request to tcp:google.com:80 via tcp:server:443
2020/02/18 00:35:22 [Warning] [4258209986] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: connection ends > v2ray.com/core/proxy/vmess/outbound: failed to read header > v2ray.com/core/proxy/vmess/encoding: failed to read response header > websocket: close 1000 (normal)
2020/02/18 00:35:22 [Warning] [4258209986] v2ray.com/core/proxy/http: failed to read response from google.com > io: read/write on closed pipe
2020/02/18 00:35:22 [Info] [4258209986] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/http: failed to read http request > EOF

7) 请附上访问日志。在 Linux 中，日志通常在 /var/log/v2ray/access.log 文件中。

2020/02/18 00:34:56 127.0.0.1:50975 accepted http://google.com/ [s] 
2020/02/18 00:35:02 127.0.0.1:50978 accepted http://google.com/ [s] 
2020/02/18 00:35:09 127.0.0.1:50980 accepted http://google.com/ [s] 
2020/02/18 00:35:14 127.0.0.1:50982 accepted http://google.com/ [s] 
2020/02/18 00:35:21 127.0.0.1:50986 accepted http://google.com/ [s]

8) 其它相关的配置文件（如 Nginx）和相关日志。

服务端Nginx配置（Debian 10 64 nginx 1.14.2）

server {
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        ssl_certificate /etc/nginx/certs/server/cert;
        ssl_certificate_key /etc/nginx/certs/server/key;

        root /var/www/html;

        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                try_files $uri $uri/ =404;
        }

        location /wspath {
      if ($http_upgrade != "websocket") {
          return 404;
      }
      proxy_redirect off;
      proxy_pass http://127.0.0.1:10000/wspath;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Nginx access.log

client - - [17/Feb/2020:11:31:53 -0500] "GET /wspath HTTP/1.1" 101 5141 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:31:55 -0500] "GET /wspath HTTP/1.1" 101 5146 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:31:57 -0500] "GET /wspath HTTP/1.1" 101 4444 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:32:02 -0500] "GET /wspath HTTP/1.1" 101 5141 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:32:07 -0500] "GET /wspath HTTP/1.1" 101 4 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:33:18 -0500] "GET /wspath HTTP/1.1" 101 561 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:33:25 -0500] "GET /wspath HTTP/1.1" 101 561 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:33:32 -0500] "GET /wspath HTTP/1.1" 101 561 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:33:32 -0500] "GET /wspath HTTP/1.1" 101 1130 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:33:37 -0500] "GET /wspath HTTP/1.1" 101 565 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:33:43 -0500] "GET /wspath HTTP/1.1" 101 4 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:33:53 -0500] "GET /wspath HTTP/1.1" 101 15488 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:34:04 -0500] "GET /wspath HTTP/1.1" 101 4 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:34:05 -0500] "GET /wspath HTTP/1.1" 101 4 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:35:21 -0500] "GET /wspath HTTP/1.1" 101 4 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:35:50 -0500] "GET /wspath HTTP/1.1" 101 120796 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:37:16 -0500] "GET /wspath HTTP/1.1" 101 27234 "-" "Go-http-client/1.1"
client - - [17/Feb/2020:11:38:08 -0500] "GET /wspath HTTP/1.1" 101 4 "-" "Go-http-client/1.1"

Nginx error.log 出错时无内容

Source