Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CDN through Cloudflare #63

Open
qichaozhao opened this issue Sep 22, 2019 · 13 comments
Open

CDN through Cloudflare #63

qichaozhao opened this issue Sep 22, 2019 · 13 comments

Comments

@qichaozhao
Copy link

qichaozhao commented Sep 22, 2019
edited
Loading

Hey there,

I have set up cloak with shadowsocks and it works fine in the direct mode.

I also saw on the wiki the instructions to set up a cloudfront CDN and use cloak in CDN mode. I am not using Amazong but I do have a Cloudflare account which I tried.

I mirrored the settings as similarly as possible based on the guide you provided in the wiki.

However now when I try to run the ckclient process in my client i get the following error when the shadowsocks client tries to initiate a connection.

ERRO[0021] Failed to prepare connection to remote: local error: tls: unexpected message

my ckclient.json looks like this:

{
    "Transport": "CDN",
    "EncryptionMethod": "plain",
    "ProxyMethod": "shadowsocks",
    "UID": "blah",
    "PublicKey": "blahblah",
    "ServerName": "cloudflare.com",
    "NumConn": 4,
    "BrowserSig": "chrome",
    "streamTimeout": 300
}

I have also tried setting the ServerName to: mytld.com (and mytld.com) without any success.

In Cloudflare I have set up the SSL as "Flexible" meaning I believe viewer -> cloudflare is SSL but cloudflare -> myhost is not.

Is there anything missing here that could be causing this issue?
@qichaozhao
Copy link
Author

qichaozhao commented Sep 22, 2019
edited
Loading

As a followup I set up an AWS account and tried to get this working using cloudfront but still no luck.

The ckclient.json in this case is:

{
    "Transport": "DNS",
    "EncryptionMethod": "plain",
    "ProxyMethod": "shadowsocks",
    "UID": "blah",
    "PublicKey": "blahblah",
    "ServerName": "cloudfront.net",
    "NumConn": 4,
    "BrowserSig": "chrome",
    "streamTimeout": 300
}

When I start the cloak proxy with:

./ck-client -c ckclient.json -s mydomain.cloudfront.net I see lots of these errors:

ERRO[0000] Failed to prepare connection to remote: cipher: message authentication failed
ERRO[0000] Failed to prepare connection to remote: cipher: message authentication failed
ERRO[0000] Failed to prepare connection to remote: cipher: message authentication failed
ERRO[0000] Failed to prepare connection to remote: cipher: message authentication failed

Here are my origin settings on AWS:

image

Finally, I was also watching the logs on the server side and no connections attempts were made to the cloak server running there so something is clearly not configured correctly with the client and the cloudfront CDN.

Any thoughts here?

@cbeuw
Copy link
Owner

cbeuw commented Sep 22, 2019

"ServerName": "cloudfront.net",

I was a bit ambiguous when I wrote the instructions in the wiki. By "the domain of the CDN server", it should be what you referred to as mydomain.cloudfront.net instead of just cloudfront.net. I have fixed that wording. Try if that works

@qichaozhao
Copy link
Author

qichaozhao commented Sep 22, 2019
edited
Loading

@cbeuw thanks for the quick response. Unfortunately it seems still no joy.

Here is the updated json:

{
    "Transport": "DNS",
    "EncryptionMethod": "plain",
    "ProxyMethod": "shadowsocks",
    "UID": "blah",
    "PublicKey": "blah",
    "ServerName": "blah.cloudfront.net",
    "NumConn": 4,
    "BrowserSig": "chrome",
    "streamTimeout": 300
}

Here is the log from my terminal, same error unfortunately.

> ./ck-client -c ckclient.json -s blah.cloudfront.net

INFO[0000] Starting standalone mode
INFO[0000] Listening on TCP 127.0.0.1:1984 for shadowsocks client
INFO[0001] Attemtping to start a new session
ERRO[0001] Failed to prepare connection to remote: cipher: message authentication failed
ERRO[0001] Failed to prepare connection to remote: cipher: message authentication failed
ERRO[0001] Failed to prepare connection to remote: cipher: message authentication failed
ERRO[0001] Failed to prepare connection to remote: cipher: message authentication failed

@cbeuw
Copy link
Owner

cbeuw commented Sep 22, 2019

"Transport": "DNS",

It could be due to this. Should've been CDN instead.

@qichaozhao
Copy link
Author

Sorry, that was idiotic of me.

Config is now corrected resulting in a new error!

{
    "Transport": "CDN",
    "EncryptionMethod": "plain",
    "ProxyMethod": "shadowsocks",
    "UID": "",
    "PublicKey": "",
    "ServerName": "xxx.cloudfront.net",
    "NumConn": 4,
    "BrowserSig": "chrome",
    "streamTimeout": 300
}

./ck-client -c ckclient.json -s xxx.cloudfront.net

INFO[0000] Starting standalone mode
INFO[0000] Listening on TCP 127.0.0.1:1984 for shadowsocks client
INFO[0074] Attemtping to start a new session
ERRO[0074] Failed to prepare connection to remote: failed to handshake: malformed HTTP response "\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x04\x00\x01\x00\x00\x00\x05\x00\xff\xff\xff\x00\x00\x04\b\x00\x00\x00\x00\x00\u007f\xff\x00\x00\x00\x00\b\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"

@cbeuw
Copy link
Owner

cbeuw commented Sep 23, 2019

If you visit xxx.cloudfront.net in your browser (try both HTTP and HTTPS), are there anything showing up in your ck-server log?

@qichaozhao
Copy link
Author

Initially no - but I realised some DNS A records were not configured properly. Having fixed now I can now curl xxx.cloudfront.net

If I curl using HTTP (curl xxx.cloudfront.net) or HTTPS (curl https://xxx.cloudfront.net) then I see on ck-server the expected log:

WARN[0191] failed to unmarshal hidden data from WS into authenticationInfo: non (or malformed) HTTP GET UID= encryptionMethod=0 proxyMethod= remoteAddr="remote_ip" sessionId=0

So then I tried again and now I see the connection in ck-server from a cloudfront proxy IP address (64.252.188.79), but the client errors remain the same.

Client Side:

./ck-client -c ckclient.json -s xxx.cloudfront.net
INFO[0000] Starting standalone mode
INFO[0000] Listening on TCP 127.0.0.1:1984 for shadowsocks client
INFO[0002] Attemtping to start a new session
ERRO[0003] Failed to prepare connection to remote: failed to handshake: malformed HTTP response "\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x04\x00\x01\x00\x00\x00\x05\x00\xff\xff\xff\x00\x00\x04\b\x00\x00\x00\x00\x00\u007f\xff\x00\x00\x00\x00\b\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"

@malikshi
Copy link

could be work on cloudflare cdn?

@itshaadi
Copy link

the conversation shifted towards cloudfront, what about cloudflare? it would be really helpful if you could support cloudflare. because people from Cuba, Iran, Syria ... can't buy anything from a US based company.

@malikshi
Copy link

@itshaadi yeah maybe you could use v2ray, but i hope cloak support cloudflare

@piloer
Copy link

piloer commented Oct 23, 2019

It would be great if cloak could support cloudflare

@vanyaindigo
Copy link

Yes and here is example https://github.com/russian-meshnet/shadowsocks-v2ray-cdn/blob/master/install-server-on-Arch.sh-example

@dimqua
Copy link

dimqua commented Nov 1, 2019

@vanyaindigo it uses v2ray-plugin, not Cloak.

@LindaFerum LindaFerum mentioned this issue Jul 16, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@dimqua @cbeuw @malikshi @qichaozhao @itshaadi @vanyaindigo @piloer