Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[疑问]Xray 前置时从 Nginx 下载文件报错 #3141

Open
enterusernamecontinue opened this issue Mar 15, 2024 · 3 comments
Open

[疑问]Xray 前置时从 Nginx 下载文件报错 #3141

enterusernamecontinue opened this issue Mar 15, 2024 · 3 comments

Comments

@enterusernamecontinue
Copy link

enterusernamecontinue commented Mar 15, 2024
edited

Xray 监听 443 ,默认回落 Nginx ,但是从 Nginx 下载文件时会报错:

root@~# wget https://xxx.com/xxx.tar.gz
--2008-05-20 10:00:00--  https://xxx.com/xxx.tar.gz
Resolving xxx.com (xxx.com)... 111.222.333.444
Connecting to xxx.com (xxx.com)|111.222.333.444|:443... connected.
HTTP request sent, awaiting response... Read error (The request is invalid.) in headers.

使用 curl 获取文件正常:

root@~# curl -OJL https://xxx.com/xxx.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 1807k  100 1807k    0     0  1920k      0 --:--:-- --:--:-- --:--:-- 1918k

另外,Windows (Chrome/Edge/IE)、iOS (Safari) 和 Android (Chrome) 下载都正常。

经过排障发现问题源自 server.json 配置文件,修改后问题解决了。(其实就是删除了 "alpn": "http/1.1"

出错的 server.json 
{
    "inbounds": [
        {
            "port": 443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "UUID-UUID-UUID-UUID",
                        "flow": "xtls-rprx-vision"
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "alpn": "h2",
                        "dest": "/dev/shm/h2c.sock",
                        "xver": 1
                    },
                    {
                        "alpn": "http/1.1",
                        "dest": "/dev/shm/default.sock",
                        "xver": 1
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "tls",
                "tlsSettings": {
                    "rejectUnknownSni": true,
                    "minVersion": "1.2",
                    "alpn": [
                        "h2",
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "/etc/nginx/ssl/xxx.com.crt",
                            "keyFile": "/etc/nginx/ssl/xxx.com.key"
                        }
                    ]
                }
            }
        }
    ]
}
修改后的 server.sjon 
{
    "inbounds": [
        {
            "port": 443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "UUID-UUID-UUID-UUID",
                        "flow": "xtls-rprx-vision"
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "alpn": "h2",
                        "dest": "/dev/shm/h2c.sock",
                        "xver": 1
                    },
                    {
                        "dest": "/dev/shm/default.sock",
                        "xver": 1
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "tls",
                "tlsSettings": {
                    "rejectUnknownSni": true,
                    "minVersion": "1.2",
                    "alpn": [
                        "h2",
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "/etc/nginx/ssl/xxx.com.crt",
                            "keyFile": "/etc/nginx/ssl/xxx.com.key"
                        }
                    ]
                }
            }
        }
    ]
}
nginx.site.conf 
server {
    ... ...
    listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
    listen unix:/dev/shm/default.sock proxy_protocol;
    ... ...
}

我的理解是无论是否删除 "alpn": "http/1.1" ,两套配置应该是“等效”的,不知道为什么会出现这样的情况。
@RPRX
Copy link
Member

RPRX commented May 7, 2024

好久没看 fallbacks 相关代码了,不过说起回落,虽然总有人觉得 VLESS 和 Trojan 很像,但 Trojan 协议的 CRLF 是为旧回落方式而设计的,而 VLESS 的 flow 和 seed 是为改变流量特征而设计的,这是两个协议在设计理念上的本质区别,VLESS 是为 *ray 原生设计的,就像你在不需要回落的其它传输方式上空跑 CRLF 不会觉得很奇怪吗,并且我设计 VLESS 时没看 Trojan 的协议结构不然会把 UDP 抄过来,好在后来 VLESS 有支持 Mux 和“连接迁移”的 XUDP,我还给 VLESS 独创了更安全高效的回落方式就是直接判断首包长度而不需要 CRLF,还有根据首包内容各种分流让大家玩得很开心,不过后来我们有了 REALITY 就不太需要 fallbacks 了,虽然它们的文章都被我鸽了所以总会有人不清楚它们比各自类似的东西好在哪,咕咕咕,好了一段话讲完了主要区别挺爽的

@chika0801
Copy link
Contributor

chika0801 commented May 7, 2024
edited 

                    {
                        "alpn": "http/1.1", // 我倒是一直没用加这个 "alpn": "http/1.1" 的写法
                        "dest": "/dev/shm/default.sock",
                        "xver": 1
                    }

文档连接 https://xtls.github.io/Xray-docs-next/config/features/fallback.html#fallbackobject 以前才出时,群友测试搞通了能用就是了

@Fangliding
Copy link
Member

看看服务端输出的real alpn?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Fangliding @RPRX @chika0801 @enterusernamecontinue