This repo is a fork of ToutyRater/v2ray-guide, we aim to provide a new step-by-step guide of v2ray
Home Page: https://guide.v2fly.org
License: Creative Commons Attribution 4.0 International
https://gist.github.com/inevity/18dde844ddf14ed561905210999d57cb
基于协议数据的统一的代理分流工具。nignx作为前端,tls终止并基于tls承载的数据进行分流。简单易安装,仅仅添加21行代码。简化了V官方的TCP+TLS+WEB方案,替换了TCP+TLS分流器,也可以分流到trojan。
所以应该另开一页面。
使用该配置,path过长的http请求无法通过proxy_pass转发给WEB服务器。
当正常的HTTP流量path过长时,local data, err = sock:peek(16)只会拿到method+空格+不完整的path,无法被任何if/elseif分支匹配到,最终在else分支匹配命中,请求将会转发给V2ray后端。
在此描述复现出现的问题所需的步骤和环境。
使用教程中的配置简化和修改后的配置:
worker_processes auto;
error_log logs/error.log debug;
events {
worker_connections 1024;
}
stream {
resolver 127.0.0.1;
lua_add_variable $VMess;
server {
listen 80;
preread_by_lua_block {
local sock, err = ngx.req.socket()
if sock then
-- ngx.say("got the request socket")
else
ngx.say("failed to get the request socket: ", err)
end
local data, err = sock:peek(16)
local datal, err = sock:peek(58)
if string.match(data, "HTTP") then
-- for normal http req
ngx.var.VMess = "8080"
else
-- for V2Ray's tcp+TLS +web
ngx.var.VMess = "10080"
end
}
proxy_pass 127.0.0.1:$VMess;
}
}
http://domain.name/123456正常,但是请求http://domain.name/1234567则会无法得到响应
domain.name可以替换成 ip 地址,在服务器上使用 curl 测试则可替换成localhost,皆可复现。
http://domain.name/1234567无法得到响应,但是使用浏览器先访问短 path 或无 path 的 url (如http://domain.name/123456)在短时间内再跳转到http://domain.name/1234567,则可获得正常的服务器响应。preread_by_lua_block块只在浏览器的第一个请求时执行了一次?旁路由一定要设定固定ip,且网关地址为路由器lan端口的ip
否则当dhcp推送的网关地址生效时会导致回环
学校内网的网段是 10.0.0.0/8,自己路由器的网段是 192.168.1.0/24,在按照教程配置好透明代理后,发现内网地址访问均超时。
简易网络拓扑图:
| 10.19.108.152
+----+---+
| Router |
+----+---+
| 192.168.1.1
------------------------+-----------------------+
| 192.168.1.103 | 192.168.1.100 | 192.168.1.105
+----+----+ +----------+ +-----+----+ ......
| Gateway | | Device 1 | | Device 2 |
+---------+ +----------+ +----------+
V2Ray 配置文件 config.json,基本和教程给的一致
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"dns": {
"servers": [
"10.15.44.11", // 学校内网 DNS 服务器
{
"address": "1.1.1.1",
"domains": [
"geosite:geolocation-!cn"
]
}
],
"queryStrategy": "UseIPv4",
"tag": "dns_inbound"
},
"routing": {
"domainStrategy": "IPOnDemand",
"domainMatcher": "mph",
"rules": [
{
"type": "field",
"protocol": ["bittorrent"],
"outboundTag": "direct"
},
{
"type": "field",
"port": 53,
"network": "udp",
"inboundTag": ["transparent"],
"outboundTag": "dns-out"
},
{
"type": "field",
"port": 123,
"network": "udp",
"inboundTag": ["transparent"],
"outboundTag": "direct"
},
{
"type": "field",
"ip": ["1.1.1.1"],
"port": 53,
"inboundTag": ["dns_inbound"],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": [
"domain:xxx.edu.cn", // 学校域名
"geosite:cn"
],
"network": "tcp,udp",
"protocol": ["http", "tls"],
"outboundTag": "direct"
},
{
"type": "field",
"ip": ["geoip:cn", "geoip:private"],
"network": "tcp,udp",
"protocol": ["http", "tls"],
"outboundTag": "direct"
},
{
"type": "field",
"network": "tcp,udp",
"protocol": ["http", "tls"],
"outboundTag": "proxy"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 1080,
"protocol": "socks",
"settings": {
"udp": true
},
"tag": "proxy",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
}
},
{
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy",
"mark":255
}
},
"tag": "transparent",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"tag": "direct",
"streamSettings": {
"sockopt": {
"mark": 255
}
}
},
{
"protocol": "dns",
"tag": "dns-out",
"streamSettings": {
"sockopt": {
"mark": 255
}
}
},
{
"protocol": "vmess",
"settings": {}, // VMess 配置略去
"tag": "proxy",
"streamSettings": {
"sockopt": {
"mark": 255
}
}
}
]
}iptables 配置指令(基本和教程一样,部分地方有改动):
# 设置策略路由
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100
# 代理局域网设备
iptables -t mangle -N V2RAY
iptables -t mangle -A V2RAY -d 127.0.0.1/32 -j RETURN
iptables -t mangle -A V2RAY -d 10.0.0.0/8 -j RETURN # 这里改成内网地址了
iptables -t mangle -A V2RAY -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A V2RAY -d 192.168.0.0/16 -p tcp -j RETURN # 直连局域网,避免 V2Ray 无法启动时无法连网关的 SSH,如果你配置的是其他网段(如 10.x.x.x 等),则修改成自己的
iptables -t mangle -A V2RAY -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN # 直连局域网,53 端口除外(因为要使用 V2Ray 的 DNS)
iptables -t mangle -A V2RAY -j RETURN -m mark --mark 0xff # 直连 SO_MARK 为 0xff 的流量(0xff 是 16 进制数,数值上等同与上面V2Ray 配置的 255),此规则目的是解决v2ray占用大量CPU(https://github.com/v2ray/v2ray-core/issues/2621)
iptables -t mangle -A V2RAY -p udp -j TPROXY --on-ip 127.0.0.1 --on-port 12345 --tproxy-mark 1 # 给 UDP 打标记 1,转发至 12345 端口
iptables -t mangle -A V2RAY -p tcp -j TPROXY --on-ip 127.0.0.1 --on-port 12345 --tproxy-mark 1 # 给 TCP 打标记 1,转发至 12345 端口
iptables -t mangle -A PREROUTING -j V2RAY # 应用规则
# 没有对网关本机进行代理
# 新建 DIVERT 规则,避免已有连接的包二次通过 TPROXY,理论上有一定的性能提升
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -I PREROUTING -p tcp -m socket -j DIVERT
后续尝试了配置网关本机代理,还是无法连接内网。
日志文件 access.log
2021/10/12 02:16:52 192.168.1.105:2018 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:16:52 192.168.1.105:47988 accepted tcp:109.244.23.123:443 [direct]
2021/10/12 02:16:52 192.168.1.105:42586 accepted tcp:223.166.152.106:8080 [direct]
2021/10/12 02:16:52 192.168.1.105:6428 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:16:53 192.168.1.105:62326 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:16:53 192.168.1.105:49204 accepted tcp:175.27.0.201:80 [direct]
2021/10/12 02:16:53 192.168.1.105:27248 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:16:53 192.168.1.105:26747 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:16:54 192.168.1.105:40055 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:16:54 192.168.1.105:45876 accepted tcp:42.81.172.207:80 [direct]
2021/10/12 02:16:54 192.168.1.105:45190 accepted tcp:175.27.0.15:80 [direct]
2021/10/12 02:16:54 192.168.1.105:14377 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:16:55 192.168.1.105:37282 accepted tcp:109.244.23.180:55260 [direct]
2021/10/12 02:16:56 192.168.1.105:40252 accepted tcp:203.208.40.98:80 [direct]
2021/10/12 02:16:58 192.168.1.105:39992 accepted tcp:36.155.208.76:80 [direct]
2021/10/12 02:16:58 192.168.1.105:39994 accepted tcp:36.155.208.76:80 [direct]
2021/10/12 02:16:58 192.168.1.105:48152 accepted tcp:121.51.52.82:443 [direct]
2021/10/12 02:16:58 192.168.1.105:45216 accepted tcp:216.58.200.46:443 [proxy1]
2021/10/12 02:16:58 192.168.1.105:37358 accepted tcp:142.251.43.13:443 [proxy1]
2021/10/12 02:16:59 192.168.1.105:49002 accepted tcp:203.208.43.98:80 [proxy1]
2021/10/12 02:16:59 192.168.1.105:42950 accepted tcp:203.208.43.98:443 [proxy1]
2021/10/12 02:17:00 192.168.1.105:10489 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:17:01 192.168.1.105:41562 accepted tcp:142.250.101.188:5228 [proxy1]
2021/10/12 02:17:02 192.168.1.105:38073 accepted udp:216.58.200.46:443 [direct]
2021/10/12 02:17:05 192.168.1.105:27604 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:17:05 192.168.1.105:20796 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:17:05 192.168.1.105:15781 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:17:06 192.168.1.105:39512 accepted tcp:172.217.14.74:443 [proxy1]
2021/10/12 02:17:06 192.168.1.105:39800 accepted tcp:142.250.72.174:443 [proxy1]
2021/10/12 02:17:06 192.168.1.105:49016 accepted tcp:203.208.43.98:80 [proxy1]
2021/10/12 02:17:06 192.168.1.105:42968 accepted tcp:203.208.43.98:443 [proxy1]
2021/10/12 02:17:35 192.168.1.105:21623 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:17:36 192.168.1.105:24450 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:17:36 192.168.1.105:49454 accepted tcp:142.250.188.227:443 [proxy1]
2021/10/12 02:17:36 192.168.1.105:49854 accepted tcp:142.250.188.4:443 [proxy1]
2021/10/12 02:17:36 192.168.1.105:49856 accepted tcp:142.250.188.4:443 [proxy1]
2021/10/12 02:17:37 192.168.1.105:15730 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:17:37 192.168.1.105:41806 accepted tcp:142.250.72.144:80 [proxy1]
2021/10/12 02:17:38 192.168.1.105:42745 accepted udp:142.250.188.227:443 [direct]
2021/10/12 02:17:40 192.168.1.105:29479 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:17:40 192.168.1.105:42348 accepted tcp:39.156.167.33:80 [direct]
2021/10/12 02:17:46 192.168.1.100:48730 accepted tcp:203.208.50.98:80 [proxy1]
2021/10/12 02:17:46 192.168.1.100:40698 accepted tcp:203.208.50.98:443 [proxy1]
2021/10/12 02:17:46 192.168.1.100:53569 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:17:48 192.168.1.100:32939 accepted udp:192.168.1.103:53 [dns-out]
2021/10/12 02:17:48 192.168.1.100:45782 accepted tcp:142.250.72.131:80 [direct]
开启 debug 模式的 error.log 较长,截取了与内网相关的
2021/10/12 02:17:05 [Debug] app/dns: domain www.xxx.edu.cn will use DNS in order: [UDP:10.15.44.11:53 UDP:1.1.1.1:53]
2021/10/12 02:17:05 [Debug] app/dns: UDP:10.15.44.11:53 querying DNS for: www.xxx.edu.cn.
2021/10/12 02:17:05 [Debug] transport/internet/udp: dispatch request to: udp:10.15.44.11:53
2021/10/12 02:17:05 [Info] transport/internet/udp: establishing new connection for udp:10.15.44.11:53
2021/10/12 02:17:05 [Info] app/dispatcher: default route for udp:10.15.44.11:53
2021/10/12 02:17:05 [Info] proxy/freedom: opening connection to udp:10.15.44.11:53
2021/10/12 02:17:05 [Info] app/dns: UDP:10.15.44.11:53 got answer: www.xxx.edu.cn. TypeA -> [10.15.45.164] 2.547619ms
2021/10/12 02:17:05 [Debug] app/dns: UDP:10.15.44.11:53 updating IP records for domain:www.xxx.edu.cn.
可以看到,access.log 内并没有 DNS 查询到的 10.15.45.164 访问记录。直接访问内网 IP 也无法链接。
另外这个配置过程可太不友好了。。。
v2ray版本:
[root@localhost v2ray]# /usr/bin/v2ray/v2ray -version
V2Ray 4.21.3 (V2Fly, a community-driven edition of V2Ray.) Custom
A unified platform for anti-censorship.
配置文件:
[root@localhost v2ray]# cat config.json
{
"stats": {},
"api": {
"tag": "api",
"services": [
"StatsService"
]
},
"policy": {
"levels": {
"0": {
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true
}
},
"inbounds": [
{
"tag": "tcp",
"port": 3307,
"protocol": "vmess",
"settings": {
"clients": [
{
"email": "auser",
"id": "e731f153-4f31-49d3-9e8f-ff8f396135ef",
"level": 0,
"alterId": 64
},
{
"email": "buser",
"id": "e731f153-4f31-49d3-9e8f-ff8f396135ee",
"level": 0,
"alterId": 64
}
]
}
},
{
"listen": "127.0.0.1",
"port": 10085,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
],
"routing": {
"settings": {
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
}
]
},
"strategy": "rules"
}
}
我的输出:
[root@localhost v2ray]# /usr/bin/v2ray/v2ctl api --server=127.0.0.1:10085 StatsService.QueryStats ''
stat: <
name: "inbound>>>tcp>>>traffic>>>uplink"
>
stat: <
name: "inbound>>>tcp>>>traffic>>>downlink"
>
stat: <
name: "inbound>>>api>>>traffic>>>uplink"
value: 1306
>
stat: <
name: "inbound>>>api>>>traffic>>>downlink"
value: 1339
>
参考指南的输出
$ /usr/bin/v2ray/v2ctl api --server=127.0.0.1:10085 StatsService.QueryStats ''
stat: <
name: "inbound>>>ws>>>traffic>>>uplink"
value: 3350713stat: <
name: "inbound>>>ss>>>traffic>>>downlink"
value: 1704stat: <
name: "user>>>u3@ws>>>traffic>>>uplink"
value: 2810759stat: <
name: "user>>>u9@ss>>>traffic>>>uplink"
value: 1776
我的输出中看不到具体用户的统计信息,是新版不支持了吗,还是配置需要做改动?
详细信息:
v2ctl输出中存在换行符\r\n,脚本中 gsub(/^"|link"$/, "", $2); 无法匹配到后面的link,导致输出 inbound:api->uplink" 而非 inbound:api->up
脚本中 else if (match($0, /^>$/) && f) { f = 0; print 0; } 无法匹配 >,在无数据的情况下没有输出0,导致 print_sum() 报错 numfmt: 无效的数字:“”
修正:
在匹配行末的正则表达式中插入\s?,表示“匹配存在的任意空白字符”,以匹配多种换行符或无换行符的情况
| awk '{
if (match($1, /name:/)) {
- f=1; gsub(/^"|link"$/, "", $2);
+ f=1; gsub(/^"|link"\s?$/, "", $2);
split($2, p, ">>>");
printf "%s:%s->%s\t", p[1],p[2],p[4];
}
else if (match($1, /value:/) && f){ f = 0; printf "%.0f\n", $2; }
- else if (match($0, /^>$/) && f) { f = 0; print 0; }
+ else if (match($0, /^>\s?$/) && f) { f = 0; print "0"; }
}'请问dokodemo协议的setting是否一定要写端口?
我在看透明代理(tproxy)的教程时有一些疑惑,因为看到了inbound里用到了dokodemo协议,但setting里并没有写要转发到哪个端口
"inbounds": [
{
"tag":"transparent",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy" // 透明代理使用 TPROXY 方式
}
}
},
{
"port": 1080,
"protocol": "socks", // 入口协议为 SOCKS 5
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth"
}
}
]
可是我在看v2ray手册时,对于dokodemo-door协议的介绍中,port好像是一定要填写的
port: number
将流量转发到目标地址的指定端口,范围[1, 65535],数值类型。必填参数。
所以我这就有点懵逼了。。。不好意思,刚入门不久,不太清楚。。。
有些东西需要更新一下,但看到了好多分支不知道应该提交到哪一个。
In (https://guide.v2fly.org/advanced/tcp_tls_shunt_proxy.html#domain-socket), the example of streamSettings was written as:
"streamSettings": {
"network": "ds",
"dsSettings": {
"path": "/tmp/v2ray-ds/v2ray.sock"
}
} "network": "ds" should be "network": "domainsocket" according to the document of Project V.
自己使用Nginx按照h2配置做的设置,提示是找不到destination
2019/09/11 19:25:09 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:09 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:12 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:15 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:17 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:21 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:23 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:27 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:29 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:31 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:34 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:38 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:40 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:43 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:46 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:49 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:51 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:54 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:56 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:25:59 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:26:02 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:26:05 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:26:08 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
2019/09/11 19:26:10 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/http: unexpected status403] > v2ray.com/core/common/retry: all retry attempts failed
https://guide.v2fly.org/basics/http.html#配置
可能是我的bug,不是你的bug。不过我不太geek,所以特此请教下
在路由跑v2ray透明代理能用。然后我尝试把机场clash的一个https节点改进去,参考你的
https://guide.v2fly.org/basics/http.html#配置
设置
发现用不了(能启动,但打开外网都一直菊花)
想请你看看我代码是否有误
**
{
"inbounds": [
{
"port": 1234,
"listen": "0.0.0.0",
"protocol": "dokodemo-door",
"settings": {
"network": "tcp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "http",
"settings": {
"servers": [
{
"address": "domain.com",//服务器IP
"port": 1024,//服务器端口
"users": [
{
"Username": "54896745695",//将my-username改为你的用户名.
"Password": "1114a99d-df04-4951-a5e0-ca617916d09e" //将my-password改为你的密码
}
]
}
]
},
"streamSettings": {
"security": "tls", //如果是HTTPS代理,需要將none改為tls
"tlsSettings": {
"allowInsecure": false
//检测证书有效性
}
}
}
],
"routing": {
"rules": [
{
"domain": ["ext:h2y.dat:ad"],
"type": "field",
"outboundTag": "block"
},
{
"type": "field",
"outboundTag": "proxy",
"domain": [
"ext:h2y.dat:gfw",
"domain:google.com.hk",
"domain:github.com"
]
},
{
"type": "field",
"outboundTag": "proxy",//TELEGRAM
"ip": [
"91.108.12.0/22",
"149.154.172.0/22",
"91.108.16.0/22",
"91.108.56.0/23",
"149.154.168.0/22",
"91.108.4.0/22",
"91.108.8.0/22",
"91.108.56.0/22",
"149.154.160.0/20",
"149.154.164.0/22"
]
},
{
"type": "field",
"network": "tcp,udp",
"outboundTag": "direct"
}
]
}
}
`
</details>
sniffing。教程中给的配置文件基本上都开启了sniffing,但是这会导致 Tor 无法使用,要使用 Tor 就得关闭 sniffing
TLS 证书。教程中使用 acme.sh 签发 TLS 证书,但是我的示例中使用普通用户权限运行 acme.sh,好像会导致 acme.sh 自动使用 crontab renew 证书出现问题,其二是示例中是将证书密钥复制到了 /etc/v2ray 目录下,哪怕证书续期了,也不会自动复制到 V2Ray 目录下
3. Nginx 配置。有网友反馈 Nginx 中的 proxy_set_header 导致无法与 V2Ray 搭配使用;但是教程中给出的配置我在 2018 年春测试过是无问题的,我对 Nginx 基本上不懂,所以是不是后来的更新导致这个问题我也不知道,这一点需要大家确认修正 修复于 #23
CDN。教程中说 HTTP/2 与 CDN 结合使用是我胡诌的,实际上不可行
负载均衡 oubound tag 匹配。V2Ray 只需要匹配 tag 的前缀,而不是全字符串匹配,教程中没有说明
路由功能。路由功能中有一节注意事项,有一些原来想写的东西没有写,就留了几个标题
Originally posted by @ToutyRater in #9 (comment)
复制粘贴教程此节中的代码,https://guide.v2fly.org/app/transparent_proxy.html
除udp代理外,其他都工作正常,已经可以代理上网,但是一复制粘贴以下几条,路由立刻卡死,
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N V2RAY_MASK
iptables -t mangle -A V2RAY_MASK -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A V2RAY_MASK -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A PREROUTING -p udp -j V2RAY_MASK
如下设置,访问microsfot.com时没有用到代理
{
"domainStrategy": "AsIs",
"domains": {
"block": [
"geosite:category-ads-all"
],
"direct": [
"geosite:microsoft",
"geosite:microsoft-dev"
]
}
}但是,由于github.com属于微软,这样设置时,访问不了。
改成如下设置
{
"domainStrategy": "AsIs",
"domains": {
"block": [
"geosite:category-ads-all"
],
"direct": [
"geosite:microsoft",
"geosite:microsoft-dev"
],
"proxy": [
"geosite:geolocation-!cn"
]
}
}github可以访问,但是访问microsoft.com时,一些域名会使用代理
需要访问microsoft.com时不使用任何代理,同时可以访问github.com。
也就是,只在必要时使用代理。
有办法吗?
nginx 关于WebSocket+TLS+Web反向代理配置,下面
proxy_set_header Host $host; 和proxy_set_header Host $http_host;其实应该效果一样,但同时使用会导致失败,这里可以修改一下,删除一个亲测可用,听说都不要也可以,这个没测试过,
Originally posted by @Ja-L in #9 (comment)
最近试了一下把 Caddy 1 的配置文件改为 Caddy 2,但是发现没有成功,查看日志不知道问题出在哪里。
修改的 Caddy 2 配置,参数参考了这里,这里直接用 Caddy 来管理证书
<Host> {
log {
output stderr
}
file_server {
index /usr/share/caddy/index.html
}
reverse_proxy <H2 Path> https://localhost:<Port> {
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto "https"
transport http {
tls_insecure_skip_verify
}
}
}
服务端 V2Ray 配置(略去了其余配置)
{
"inbounds": [
{
"port": <Port>,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "<UUID>",
"alterId": 4
}
]
},
"streamSettings": {
"network": "http",
"security": "tls",
"tlsSettings": {
"serverName": "<Host>",
"certificates": [
{
"certificateFile": "<Path to cert>",
"keyFile": "<Path to key>"
}
]
},
"httpSettings": {
"host": ["<Host>"],
"path": "<H2 Path>"
}
}
}
]
}客户端的配置(略去了其余配置)
{
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "<Host>",
"port": 443,
"users": [
{
"id": "<UUID>",
"alterId": 4
}
]
}
]
},
"streamSettings": {
"network": "http",
"security": "tls",
"httpSettings": {
"host": ["<Host>"],
"path": "<H2 Path>"
}
}
}
]
}目前遇到的问题是客户端日志显示 timeout,服务端没有日志。当客户端 V2Ray 关闭时,服务端才会出现日志
Caddy 日志
{"level":"info","ts":1590376857.8587766,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/","proto":"HTTP/2.0","remote_addr":"119.78.254.1:29245","host":"gia.icarusradio.top","headers":{"Cache-Control":["no-cache"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36"],"Sec-Fetch-Mode":["navigate"],"Accept-Language":["zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7"],"Pragma":["no-cache"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":true,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:20:57 +0000] \"GET / HTTP/2.0\" 200 12226","duration":0.000609094,"size":12226,"status":200,"resp_headers":{"Content-Length":["12226"],"Server":["Caddy"],"Etag":["\"q9tge59fm\""],"Content-Type":["text/html; charset=utf-8"],"Last-Modified":["Mon, 04 May 2020 16:56:29 GMT"],"Accept-Ranges":["bytes"]}}
{"level":"info","ts":1590377121.6248536,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"User-Agent":["Go-http-client/2.0"],"Accept-Encoding":["identity"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:25:06 GMT"]}}
{"level":"info","ts":1590377121.6276517,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:21:00 GMT"],"Server":["Caddy"]}}
{"level":"info","ts":1590377121.6278074,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Date":["Mon, 25 May 2020 03:21:01 GMT"],"Cache-Control":["no-store"]}}
{"level":"info","ts":1590377121.6279438,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:21:04 GMT"]}}
{"level":"info","ts":1590377121.628076,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:24:03 GMT"]}}
{"level":"info","ts":1590377121.628177,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"User-Agent":["Go-http-client/2.0"],"Accept-Encoding":["identity"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:24:07 GMT"]}}
{"level":"info","ts":1590377121.6282864,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"User-Agent":["Go-http-client/2.0"],"Accept-Encoding":["identity"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:24:54 GMT"]}}
{"level":"info","ts":1590377121.6283817,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:24:58 GMT"]}}
{"level":"info","ts":1590377121.6284764,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:21:05 GMT"]}}
{"level":"info","ts":1590377121.628587,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"User-Agent":["Go-http-client/2.0"],"Accept-Encoding":["identity"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:24:23 GMT"]}}
{"level":"info","ts":1590377121.6286967,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:24:27 GMT"],"Server":["Caddy"]}}
{"level":"info","ts":1590377121.6288316,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:25:02 GMT"]}}
{"level":"info","ts":1590377121.6289413,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PUT","uri":"/eTrelDrtKV","proto":"HTTP/2.0","remote_addr":"119.78.254.1:11383","host":"gia.icarusradio.top","headers":{"Accept-Encoding":["identity"],"User-Agent":["Go-http-client/2.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"gia.icarusradio.top"}},"common_log":"119.78.254.1 - - [25/May/2020:03:25:21 +0000] \"PUT /eTrelDrtKV HTTP/2.0\" 200 0","duration":0,"size":0,"status":200,"resp_headers":{"Server":["Caddy"],"Cache-Control":["no-store"],"Date":["Mon, 25 May 2020 03:25:06 GMT"]}}
V2Ray 服务端日志
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 99; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 91; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 93; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 97; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 81; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 85; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 87; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 89; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 95; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 75; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 77; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 79; CANCEL
2020/05/25 03:25:21 127.0.0.1:36206 rejected v2ray.com/core/proxy/vmess/encoding: failed to read request header > stream error: stream ID 83; CANCEL
在B 的配置中"inbounds"里的"tag"为"tunnel"和"interconn"。 路由里"inboundTag"为"tunnel"和"external"
在旁挂的单臂路由上按教程设置,会导致外网无法访问此路由。
拨号的主路由内网地址为192.168.100.254,此路由器接入内网设置IP地址为192.168.100.1,主路由器映射若干端口到192.168.100.1上供外网访问。
在192.168.100.1上按照教程设置后,外网无法通过端口映射连接到192.168.100.1,此时192.168.100.1可以正常访问外网,内网段的设备也可以正常连接192.168.100.1。
经排查是在 mangle 表上的 OUTPUT 链上应用规则导致的此现象,删除 OUTPUT 链上的规则后恢复正常。
install.md
尚未添加:migration.md
#186 目前正在着手于编写关于新脚本的安装教程
发现单页内容过多,希望增加一个页面用于专门描述旧版脚本到新脚本的迁移内容。
由于此白话文项目从 ToutyRater 的 v2ray-guide fork 而来,不可避免地继承了原项目的一些问题,为了项目更加符合社区特性及社区更好发展,我认为本项目应该作以下修订:
前面 4 点,我认为是有必要的修订并且我本人可以抽时间慢慢完成。第 5 点我个人比较矛盾,加入 GUI 相关内容可以降低使用者的使用门槛符合日常使用场景,但是我不想加的理由更多,比如:
对于以上内容由什么高见,请提出。
本人使用的服务器系统是debian 10,所以以下意见基于该系统。
对/etc/systemd/system/v2ray.service有以下修正意见:
1、该sevice单元使用了用户v2ray,建议增加创建用于运行v2ray的用户的步骤,以便更加直观的step-by-step。
至于是useradd v2ray -s /usr/sbin/nologin,还是useradd --sytem --shell /usr/sbin/nologin v2ray,这两者哪个命令更合适,请大家商榷。
2、将service单元中的所有/usr/bin/{rm,mkdir,sleep,chmod}等命令,修改为/bin/{rm,mkdir,sleep,chmod}。
非debian 10系统的朋友,建议根据whereis命令显示的路径进行修改。
3、我注意到v2ray.sock文件的读写属性是777,也就是说该文件可读可写可执行。执行权限是否真的必要?更安全的权限应该如何设置?
V2ray部署在搬瓦工VPS上 Debian9 amd64
前天开始手机客户端V2rayNG和电脑客户端V2rayN都连不上了, 上不了WHY 网。
手机客户端测试的时候显示:context deadline exceeded
然后systemctl status v2ray 显示 v2ray.service正常运行,然后systemctl restart v2ray, 重启v2ray,注册开机自启:systemctl enable v2ray 正常运行,重启VPS,还是不能上WHY网,手机测试还是显示:context deadline exceeded
ping了下VPS IP没被封,端口也没被封,到底是怎么回事?是被盯上了吗?
前些日子提交了一个另一种透明代理配置方法,但发现没有目录,也没找到目录文件,所以目录该怎么添加?
建议按照 ssl-config.mozilla.org 中的建议配置
官方文档是"当匹配时碰到任何基于 IP 的规则,将域名立即解析为 IP 进行匹配",而白话文指南是"只要路由规则里面存在IP路由匹配,所有请求的域名都先进行DNS解析"
如图为两种表达代表的规则匹配顺序:
具体来说,v2ray的工作方式是:遍历每一条规则进行匹配,如果在匹配时发现有基于ip的规则,才对待匹配的域名进行解析.
而文档表示的意思是:先扫描路由数组有没有IP规则,有则解析后再匹配,没有则直接匹配
关于两节透明代理,例子当中很关键的一部分在于,网关本身不做“路由”,即网关和网内设施在同一个网络内,如下图所示。
由于我个人的需求,服务器集群当中有一台较弱的机器充当网关,这时这台机器拥有出口IP和内网IP,如下图所示。
在这个情况下,在使用TPROXY代理的时候,只需要在mangle和nat表中各增加一个出口IP直通规则即可。
iptables -t nat -A V2RAY -d 1.2.3.4/32 -j RETURN
iptables -t mangle -A V2RAY_MASK -d 1.2.3.4/32 -j RETURN
不过由于拓扑的不同,所以我就没有对原文进行更改。
/blob/gh-pages/index.html
希望在HEAD头部引入mermaid的CDN库,在Markdown中获得图表支持。
CDN URL : https://unpkg.com/[email protected]/dist/mermaid.min.js
根据喵实际测试的结果
以下代码在window7成功执行并返回正确结果,
v2ctl api --server=127.0.0.1:10085 StatsService.QueryStats "pattern: '' reset: false"
v2ctl api --server=127.0.0.1:10085 StatsService.GetStats "name: 'inbound>>>socks>>>traffic>>>downlink' reset: false"
而示例中的4个引号的方案会出错
ExecStartPre=/usr/bin/mkdir -p /tmp/v2ray-ds
ExecStartPre=/usr/bin/rm -rf /tmp/v2ray-ds/.sock
ExecStartPost=/usr/bin/sleep 1
ExecStartPost=/usr/bin/chmod 777 /tmp/v2ray-ds/v2ray.sock
这4个部分并不适用所有系统,在ubuntu16.4系统中4条命令的位置为/bin,所以应修改为
ExecStartPre=/bin/mkdir -p /tmp/v2ray-ds
ExecStartPre=/bin/rm -rf /tmp/v2ray-ds/.sock
ExecStartPost=/bin/sleep 1
ExecStartPost=/bin/chmod 777 /tmp/v2ray-ds/v2ray.sock
其它系统并未做测试
要翻译和修改什么都随意,分发授权之类的我也是无所谓的
为了这个,我折腾了一整天
内容与网站上发布的不一致
Hello,根据透明旁路由相关文章,目前已经实现了一个简洁友好的管理页面,可支持一键安装:
https://github.com/twotreeszf/V2ray.Fun
虽然我认为能够使用 K8S 的话一般都可以完成自己编写 yaml 的过程,但有还是比没有要好。
将分为两部分:Yaml 篇和 Helm 篇。
Yaml 篇很快就可以完成并发起 pull request,Helm 篇的话我有一个配套的 Chart 还没写,如果可行的话你们也可以把那个 Chart 仓库一并接收掉。
https://guide.v2fly.org/advanced/wss_and_web.html#caddy-%E9%85%8D%E7%BD%AE
无
高级篇中增加 gRPC + TLS + Web 配置,web server 采用 Caddy v2 并使用 h2c。
如果允许,我将写这个配置方案并 pr。
https://guide.v2fly.org/basics/routing/adblock.html#客户端
第74行 "outboundTag": "direct",
的逗号为中文逗号
https://github.com/v2fly/v2ray-step-by-step/blob/transifex/zh_CN/app/docker-deploy-v2ray.md
Docker deploy content using the official Docker mirror, but the mirror for a long time didn't update, and referenced in the mirror of the script now is not recommended.
I recommend that the community add a Dockerfile repository to synchronize with Dockerhub, its mirrored versions and scripts.
I am not quite clear about the compilation rules of this document, so if I have any questions, I hope relevant personnel can answer me:
https://github.com/v2fly/v2ray-step-by-step/blob/transifex/zh_CN/app/docker-deploy-v2ray.md
Docker 部署内容使用了官方 Docker 镜像 但该镜像很久没有更新,而且该镜像中引用的脚本现在也不推荐使用了。
我建议社区增加一个 Dockerfile 仓库同步到 Dockerhub ,其镜像版本和脚本同步。
我暂时还不太清楚设计对该文档的编撰规则,所以有一下疑问,还望有关人员解答:
在 #118 中,为透明代理开启了 53 端口作为DNS 服务,我建议将此项修改撤回。原因在原文中的备注说过了:
在透明代理中,不要用 V2Ray 开放 53 端口做 DNS 服务器。如果这么做了,DNS 会出问题,这应该是个 BUG。
关于此问题,已经报告在 V2Ray 项目中 v2ray/v2ray-core#1971 ,但至今未见修复,然而 #118 将此句提示删除。不知此问题的网友则可能会因 #118 修改的内容带来困扰。
https://guide.v2fly.org/advanced/h2_tls_web.html
apache 好像是可以转发的。。。所以可以试一下apache的config吗?
当route用的是IPIfNonMatch时,当最后再加上这么一条
{
"type": "field",
"network": "tcp,udp",
"balancerTag": "b1"
}会导致第一条route不再运行,因为最后那条肯定已经匹配上了。
{
"type": "field",
"outboundTag": "direct",
"ip": [
"geoip:private",
"geoip:cn"
]
},所以当出现虽然是国内网站,但因为域名没有加入geosite:cn,于是不再匹配geoip:cn这条,于是直接就走balancer了,而不是走direct。
TPROXY代理本机流量,“在 OUTPUT 链打标记会使相应的包重路由到 PREROUTING 链上”,确实是这样吗?这不就造成了环回了?要验证OUTPUT链是否能再次回PREROUTING链,加一条规则即可验证,
iptables -t mangle -A PREROUTING -i lo -m mark ! --mark 0 -j RETURN
看看这条规则有没计数就知道了,如果output重路由能回到prerouting的说法成立的话,这里理应有计数,事实并非如此
iptables -t mangle -nxvL --line
Hello,根据透明旁路由相关文章,目前已经实现了一个简洁友好的管理页面,可支持一键安装:
https://github.com/twotreesus/V2ray.FunPi
对于单纯想要配置静态伪装站的用户,TLS分流器内置的静态服务器己经足够。但是TLS分流器没法处理http自动重定向到https,引入额外的web服务器监听80端口的http请求可以解决。
nginx配置文件示例
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com;
return 301 https://example.com$request_uri;
}
如此一来无论访问example.com、 http://example.com、https//example.com都可以直接显示页面,更像一个正常的网站。为什么不用nginx做为伪装站的web服务器而只用来处理80端口的转发 ?一来这样不用更动原本教程里写的TLS分流器配置文件,nginx的配置也会比较简单,但是做出来的伪装站效果一样;二来若用户有更多的web服务器需求应该有能力自行阅读分流器的文件写出他们需要的配置,也不需要看这篇教程。
@kslr 我查閱了目前的多語言翻譯狀況,可以說是非常糟糕了,在中文版本尚未修訂完成的情況下,我認為只需要保留 en_US 即可,待 zh_CN 和 en_US 都已完善,再著手多語言翻譯也不遲。
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.