Comments (15)
Can it access http website?
from xray-core.
yes. Both http and https works fine
from xray-core.
I mean use this node to access http website(since it will get ssl err when accessing https)
btw pls provide the config, even you are flowing tutorial
from xray-core.
can't access http sites, a download popup but can't finish the download due to network issue.
yep sure here's the client config (for the sake of completeness, full config provided)
// REFERENCE: // https://github.com/XTLS/Xray-examples // https://xtls.github.io/config/
// 常用的config文件,不论服务器端还是客户端,都有5个部分。外加小小白解读:
// ┌─ 1_log 日志设置 - 日志写什么,写哪里(出错时有据可查)
// ├─ 2_dns DNS-设置 - DNS怎么查(防DNS污染、防偷窥、避免国内外站匹配到国外服务器等)
// ├─ 3_routing 分流设置 - 流量怎么分类处理(是否过滤广告、是否国内外分流)
// ├─ 4_inbounds 入站设置 - 什么流量可以流入Xray
// └─ 5_outbounds 出站设置 - 流出Xray的流量往哪里去{
// 1_日志设置
// 注意,本例中我默认注释掉了日志文件,因为windows, macOS, Linux 需要写不同的路径,请自行配置
"log": {
// "access": "/home/local/xray_log/access.log", // 访问记录
// "error": "/home/local/xray_log/error.log", // 错误记录
"loglevel": "debug" // 内容从少到多: "none", "error", "warning", "info", "debug"
},// 2_DNS设置
"dns": {
"servers": [
// 2.1 国外域名使用国外DNS查询
{
"address": "1.1.1.1",
"domains": ["geosite:geolocation-!cn"]
},
// 2.2 国内域名使用国内DNS查询,并期待返回国内的IP,若不是国内IP则舍弃,用下一个查询
{
"address": "223.5.5.5",
"domains": ["geosite:cn"],
"expectIPs": ["geoip:cn"]
},
// 2.3 作为2.2的备份,对国内网站进行二次查询
{
"address": "114.114.114.114",
"domains": ["geosite:cn"]
},
// 2.4 最后的备份,上面全部失败时,用本机DNS查询
"localhost"
]
},// 3_分流设置
// 所谓分流,就是将符合否个条件的流量,用指定tag
的出站协议去处理(对应配置的5.x内容)
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
// 3.1 广告域名屏蔽
{
"type": "field",
"domain": ["geosite:category-ads-all"],
"outboundTag": "block"
},
// 3.2 国内域名直连
{
"type": "field",
"domain": ["geosite:cn"],
"outboundTag": "direct"
},
// 3.3 国内IP直连
{
"type": "field",
"ip": ["geoip:cn", "geoip:private"],
"outboundTag": "direct"
},
// 3.4 国外域名代理
{
"type": "field",
"domain": ["geosite:geolocation-!cn"],
"outboundTag": "proxy"
},
// 3.5 默认规则
// 在Xray中,任何不符合上述路由规则的流量,都会默认使用【第一个outbound(5.1)】的设置,所以一定要把转发VPS的outbound放第一个
// 3.6 走国内"223.5.5.5"的DNS查询流量分流走direct出站
{
"type": "field",
"ip": ["223.5.5.5"],
"outboundTag": "direct"
}
]
},// 4_入站设置
"inbounds": [
// 4.1 一般都默认使用socks5协议作本地转发
{
"tag": "socks-in",
"protocol": "socks",
"listen": "127.0.0.1", // 这个是通过socks5协议做本地转发的地址
"port": 1080, // 这个是通过socks5协议做本地转发的端口
"settings": {
"udp": true
}
}
],
// 5_出站设置
"outbounds": [
// 5.1 默认转发VPS
// 一定放在第一个,在routing 3.5 里面已经说明了,这等于是默认规则,所有不符合任何规则的流量都走这个
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "www.foobar.com", // 替换成你的真实域名
"port": 443,
"users": [
{
"id": "36304791-f66f-xxx",
"flow": "xtls-rprx-vision",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "www.foobar.com", // 替换成你的真实域名
"allowInsecure": false, // 禁止不安全证书
"fingerprint": "chrome", // 通过 uTLS 库 模拟 Chrome / Firefox / Safari 或随机生成的指纹
"minVersion": "1.2"
}
}
},
// 5.2 用freedom
协议直连出站,即当routing中指定'direct'流出时,调用这个协议做处理
{
"tag": "direct",
"protocol": "freedom"
},
// 5.3 用blackhole
协议屏蔽流量,即当routing中指定'block'时,调用这个协议做处理
{
"tag": "block",
"protocol": "blackhole"
}
]
}
and server config
// REFERENCE:
// https://github.com/XTLS/Xray-examples
// https://xtls.github.io/config/
// 常用的 config 文件,不论服务器端还是客户端,都有 5 个部分。外加小小白解读:
// ┌─ 1*log 日志设置 - 日志写什么,写哪里(出错时有据可查)
// ├─ 2_dns DNS-设置 - DNS 怎么查(防 DNS 污染、防偷窥、避免国内外站匹配到国外服务器等)
// ├─ 3_routing 分流设置 - 流量怎么分类处理(是否过滤广告、是否国内外分流)
// ├─ 4_inbounds 入站设置 - 什么流量可以流入 Xray
// └─ 5_outbounds 出站设置 - 流出 Xray 的流量往哪里去
{
// 1\_日志设置
"log": {
"loglevel": "debug", // 内容从少到多: "none", "error", "warning", "info", "debug"
"access": "/home/my/xray_log/access.log", // 访问记录
"error": "/home/my/xray_log/error.log" // 错误记录
},
// 2_DNS 设置
"dns": {
"servers": [
"https+local://1.1.1.1/dns-query", // 首选 1.1.1.1 的 DoH 查询,牺牲速度但可防止 ISP 偷窥
"localhost"
]
},
// 3*分流设置
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
// 3.1 防止服务器本地流转问题:如内网被攻击或滥用、错误的本地回环等
{
"type": "field",
"ip": [
"geoip:private" // 分流条件:geoip 文件内,名为"private"的规则(本地)
],
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
},
{
// 3.2 防止服务器直连国内
"type": "field",
"ip": ["geoip:cn"],
"outboundTag": "block"
},
// 3.3 屏蔽广告
{
"type": "field",
"domain": [
"geosite:category-ads-all" // 分流条件:geosite 文件内,名为"category-ads-all"的规则(各种广告域名)
],
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
}
]
},
// 4*入站设置
// 4.1 这里只写了一个最简单的 vless+xtls 的入站,因为这是 Xray 最强大的模式。如有其他需要,请根据模版自行添加。
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "36304791-f66f-xxx", // 填写你的 UUID
"flow": "xtls-rprx-vision",
"level": 0,
"email": "[email protected]"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 80 // 默认回落到防探测的代理
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"alpn": "http/1.1",
"certificates": [
{
"certificateFile": "/home/my/xray_cert/xray.crt",
"keyFile": "/home/my/xray_cert/xray.key"
}
],
"minVersion": "1.2"
}
}
}
],
// 5*出站设置
"outbounds": [
// 5.1 第一个出站是默认规则,freedom 就是对外直连(vps 已经是外网,所以直连)
{
"tag": "direct",
"protocol": "freedom"
},
// 5.2 屏蔽规则,blackhole 协议就是把流量导入到黑洞里(屏蔽)
{
"tag": "block",
"protocol": "blackhole"
}
]
}
from xray-core.
"certificates": [
{
"certificateFile": "/home/my/xray_cert/xray.crt",
"keyFile": "/home/my/xray_cert/xray.key"
}
],
your xray.crt is self signed cert or real cert?
from xray-core.
"certificates": [ { "certificateFile": "/home/my/xray_cert/xray.crt", "keyFile": "/home/my/xray_cert/xray.key" } ],
your xray.crt is self signed cert or real cert?
Cert from let's encrypt. It should be set up correctly cuz my site https is working, also I can see from the browser that my site cert is valid.
from xray-core.
server log?
from xray-core.
server log?
I restart xray, try tunnel (tried visiting both http, https sites). there is no log for tunnel part, only initial log for restart. here's error log, access log is always empty even though I set log level = "debug"
2024/05/18 08:36:20 [Debug] app/log: Logger started
2024/05/18 08:36:20 [Info] app/dns: DNS: created Local DOH client for https://1.1.1.1/dns-query
2024/05/18 08:36:20 [Info] app/dns: DNS: created localhost client
2024/05/18 08:36:20 [Debug] app/router: MphDomainMatcher is enabled for 719 domain rule(s)
2024/05/18 08:36:20 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:443
2024/05/18 08:36:20 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:443
2024/05/18 08:36:20 [Warning] core: Xray 1.8.11 started
2024/05/18 08:36:24 [Info] [4069969794] proxy/vless/inbound: firstLen = 0
2024/05/18 08:36:24 [Info] [4069969794] proxy/vless/inbound: fallback starts > proxy/vless/inbound: fallback directly
2024/05/18 08:36:24 [Info] [4069969794] proxy/vless/inbound: realName =
2024/05/18 08:36:24 [Info] [4069969794] proxy/vless/inbound: realAlpn =
2024/05/18 08:36:25 [Info] [4069969794] app/proxyman/inbound: connection ends > proxy/vless/inbound: fallback ends > context canceled
Interestingly I check browser response and see http/0.9 200 ok
, which lead me to a so page that include this
I've found that I get the same 'HTTP/0.9 200 OK' response if I try to connect to the SSL port (443) but specifying 'http' as the protocol.
I wonder that could shed light on the cause, perhaps client - server, or server - target_site is communicating with incorrect protocol?
from xray-core.
"www.foobar.com"
Is this your site?
from xray-core.
"www.foobar.com" Is this your site?
no. I made it up
from xray-core.
好像甲骨文的都完蛋了
from xray-core.
I think the 'alpn' object in the server config should be an array.
"alpn": "http/1.1",
I am surprised that xray service is up and running despite of the incorrect alpn setting.
from xray-core.
solved. I use cloudflare to manage domain, which automatically setup proxy for my site, so tunnel traffic actually route to cloudflare proxy rather to my VPS. Just a head up for people with cloudflare
from xray-core.
damn cloudflare problem
from xray-core.
Love it when capable user can resolve issues by themselves :)
from xray-core.
Related Issues (20)
- 捐款 / Donation & NFTs
- 请求为rule模块添加IPv4/IPv6的RoutingObject,用于单独指定出口 HOT 1
- sloved HOT 2
- [Feature Suggestion] Custom Response Code for splithttp Transport HOT 6
- splithttp client with http3 connectivity issue HOT 8
- Xray-win7-32 无法在win7 32位系统运行 HOT 1
- vless入站+wireguard出站不通 HOT 3
- ERROR - X-UI: Failure in running xray-core:exit status 0xffffffff HOT 3
- panic with this error HOT 2
- 0
- Memory leaks on the Xray-client on Windows 11 using Xray 1.8.17 and xjasonlyu/tun2socks 2.5.2 (wintun 0.14.1) HOT 5
- VLESS-XTLS-uTLS-REALITY the Edge browser will display a 403 error message HOT 1
- 当shadowsocks server主动关闭所有的连接时,xray不会立即响应,而是继续傻傻的等 HOT 4
- add support uQuic HOT 1
- add support trojan-go HOT 1
- routing service python grpc api HOT 1
- Dtls1.3 or post-quantum cryptography HOT 1
- 在mt7621(mipsle32)上直接运行xray v1.8.24会崩溃 HOT 12
- UDP fullcone NAT does not work on v2rayNG HOT 2
- Windows 设置系统环境变量 HTTP_PROXY 后, npm 安装脚本 proxy/http: failed to write response > write tcp 127.0.0.1:1083->127.0.0.1:20141 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xray-core.