REALITY的目标dest选择本地vless+xtls-vision+fallback+nginx时，填写xver参数无法正确fallback

[wyx2685]

服务端配置文件

 "inbounds":[
     {
       "port": 443,
       "protocol": "vless",
       "tag":"VLESSTCP",
       "settings": {
         "clients": [
           {
             "id": "UUID",
             "flow":"xtls-rprx-vision"
            }
         ],
         "decryption": "none"
       },
       "streamSettings": {
         "network": "tcp",
         "security": "reality",
         "realitySettings": {
           "show":false,
           "Dest":"8443",
           #"xver":2, //xver注释后可以正常使用，填写1或者2都报错
           "serverNames":["xxx.com"],
           "privateKey":"xxx",
           "shortIds":[""]
         }
       }
     },
     {
       "port": 8443,
       "protocol": "vless",
       "tag":"VLESSTCPvision",
       "settings": {
         "clients": [
           {
             "id": "UUID",
             "flow":"xtls-rprx-vision"
            }
         ],
         "decryption": "none",
         "fallbacks": [
           {
              "alpn":"h2",
              "dest":801,
              "xver":1
           },
           {
              "dest":800,
              "xver":1
           }
         ]
       },
       "streamSettings": {
         "network": "tcp",
         "security": "tls",
         "tlsSettings": {
           "minVersion": "1.3",
           "alpn": [
             "h2",
             "http/1.1"
           ],
           "certificates": [
             {
               "ocspStapling": 3600,
               "certificateFile": "/xxx.crt",
               "keyFile": "/xxx.key"
             }
           ]
         }
       }
     }
   ]

报错日志：

2023/02/20 06:03:36 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/20 06:03:37 [Info] [59876657] proxy/vless/inbound: firstLen = 0
2023/02/20 06:03:37 [Info] [59876657] proxy/vless/inbound: fallback starts > proxy/vless/inbound: fallback directly
2023/02/20 06:03:37 [Info] [59876657] proxy/vless/inbound: realName =
2023/02/20 06:03:37 [Info] [59876657] proxy/vless/inbound: realAlpn =
2023/02/20 06:03:37 [Info] [59876657] app/proxyman/inbound: connection ends > proxy/vless/inbound: fallback ends > proxy/vless/inbound: failed to fallback request payload > tls: first record does not look like a TLS handshake
2023/02/20 06:03:37 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/20 06:03:38 [Info] [1992414411] proxy/vless/inbound: firstLen = 0
2023/02/20 06:03:38 [Info] [1992414411] proxy/vless/inbound: fallback starts > proxy/vless/inbound: fallback directly
2023/02/20 06:03:38 [Info] [1992414411] proxy/vless/inbound: realName =
2023/02/20 06:03:38 [Info] [1992414411] proxy/vless/inbound: realAlpn =
2023/02/20 06:03:38 [Info] [1992414411] app/proxyman/inbound: connection ends > proxy/vless/inbound: fallback ends > proxy/vless/inbound: failed to fallback request payload > tls: first record does not look like a TLS handshake
2023/02/20 06:03:38 [Info] transport/internet/tcp: REALITY: processed invalid connection

[wyx2685]

已经破案，以下是需要修改的地方
"streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "minVersion": "1.3", "alpn": [ "h2", "http/1.1" ], "certificates": [ { "ocspStapling": 3600, "certificateFile": "/xxx.crt", "keyFile": "/xxx.key" } ] }, "sockopt": { "acceptProxyProtocol": true }

[RPRX]

回复下群里你的疑问，REALITY 没自带 SNI 分流是因为 REALITY 服务端的实现是一被连接就双向转发流量，这才是真正的端口转发

想加 SNI 分流并不难，可以说是很简单，但它需要等到客户端发完 SNI 才能确定目的地，从而不像纯粹的端口转发，会有一些问题

所以若有 SNI 分流的需求，建议用 Nginx 等软件实现

[Extreme-Icer]

@RPRX 我听yuhan大佬说想自己偷自己 复用443端口即便是reality 也得有Nginx 是吗

[RPRX]

@RPRX 我听yuhan大佬说想自己偷自己 复用443端口即便是reality 也得有Nginx 是吗

你想服务端 TLS 指纹是什么就指向什么，指向 Nginx TLS 才是它的指纹

[Extreme-Icer]

@RPRX 我看一定要填dest 那我dest 和servername写自己域名不搞回落都行？

[RPRX]

@RPRX 我看一定要填dest 那我dest 和servername写自己域名不搞回落都行？

dest 必须指向一个 TLS 服务端，即使以后出了“预先构建模式”

[RPRX]

出了模板后 REALITY stars 涨势喜人，快到小目标 256 的两倍了，今天晚些时候模板会更新一下，包括补一个逗号

我们定个新的小目标：REALITY stars 到 1024 当天出文章，希望不要太快，只记真人 star，若有刷的，扣大分

[liaoliaots]