New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ss+v2ray-plugin+nginx+tls https not working #188
Comments
Proxy_pass must be https:
|
@vanyaindigo is
|
Nope https, I'm now working through https |
yes, I read a lot of articles, all told it should work... but it did not... weird... |
it seems the issue of nginx reverse proxying websocket with tls |
There is no issue. all is working perfectly.
So you can read one more |
"plugin-opts" should be "plugin_opts". Give it a try. |
It does work. However, UDP doesn't seem to work. The server received the packets but it seems shadowsocks with v2-ray plugin on the server side cannot handle the UDP packet. Or, perhaps Nginx couldn't handle the UDP packets. |
works only with tcp - websockets |
Only TCP goes through the plugin. UDP bypasses the plugin (by shadowsocks design) and will try to connect to plain shadowsocks. If you run the server with -u and open up the UDP port it will work, but it will be just regular shadowsocks over UDP. |
I have successfully run ss-libev on my VPS (CentOS 8 x64 ) without any plugins. Today I'd like to try the v2ray plugin but I came to similar problems. ss config.json
nginx nginx.conf
The nginx service seems to be working well, since when trying to visit super******.mooo.com, it will be forwarded to www.bing.com. Unfortunately when I tried to run ss with v2ray plugin
At the moment, in the config.json I have specified the listening port "8348", but eveytime I run the line above, it displays "tcp server listening at 127.0.0.1:41415", 45321,52344, etc. It keeps changing. client android phone
By the way. Finally, it doesn't work for my phone with v2ray plugin. So could anyone tell me how I came to this problem? |
I think you're almost there. Next you need to verify the nginx forwarding chain. Check access.log and error.log in /var/log/nginx to see if your request is received and processed. In the end I suggest that you enable SSL. A domain name costs much less than your VPS. Use let's encrypt to obtain valid certificates (I use acme.sh for managing certificates). In this way all your traffic is encrypted. |
Thanks to liujunhui74 ! I check the output of netstat -ltp
it seems everthing goes well. then, i modified the ss-android config as following.
however, it still tells that "no internet connection: unable to resolve host www.google.com No address associated with hostname " I checked /var/log/nginx/access.log
I guess that there must be something run with nginx-v2rayplugin forwarding chain.
By the way, until now I don't know where to register a domain name at an acceptable cost(not a subdomain name) to utilize CLOUDFLARE service. Actually, it only spent me 10$ to have this vps for 2 years. |
What about resolver? For domain name you can use https://www.dynadot.com/ |
Domain name is the easiest part. I use namesilo and search for domains with cheapest renewal prices. Typically you'll get $2.95 a year for a domain (e.g. .win). The nginx access log above shows you're getting http 499 responses. This means the HTTP connection is not good. There could be a lot of reasons leading to this. First, check you client. What android client do you use? Do you use "official" shadowsocks and v2ray plugin client? You'd better test your setup with a PC client so that to tell if the problem is at the client side. For the server side, try to use this nginx configuration:
And remember to reload nginx service. |
I bought a domain name super*****.xyz.
Both ss & vray_plugin android clients are downloaded from the GooglePlay Store. |
Ahhhhhh! Finally, i get where the bug is! I almost give up, but I succeed with last attempt.
It's http://localhost:8388; NOT http://localhost:8388/; . I decide to make a brief summary for rookies several days later. |
What do you mean? |
No. |
This is because sometimes “localhost” are resolved to ipv6 address. In this regard it’s better to use 127.0.0.1 in the nginx conf file. |
The resolution of the name
|
config.json could be as following:
What'more, I found a detailed instruction on setting-up vray-plugins and nginx server for Chinese-speaking rookies. |
And this is my detailed instruction for Russian-speaking rookies: https://overclockers.ru/blog/Indigo81/show/31739/shadowsocks-cherez-cloudflare-cdn-povyshaem-bezopasnost-v-seti |
hi all, just finish reading this thread and got a couple questions as im interest too to try out ss+v2ray setup-
thank you, |
This is not necessary
Your VPS. |
@vanyaindigo thats the best news for today as i hv read, learn and setup a ss+v2ray+tls+cdn without proxy reverse. i do have apache installed but i change apache 443 to 8443 and use 443 for ss and client connection. is that ok? thought i did something wrong when it shows my vps ip instead of the cdn's ip. is there way for us to check if the setup/obfuscation working fine? p/s - bcoz of the pandemic, not sure when could travel to china, so hopefully could setup eveyrthing and make sure its running when we can travel thank you very much, |
The easiest way to check is if the traffic is running, then everything is fine. |
yup, all internet surfing working fine :) saw a post before saying that we could inspect the traffic header to make sure no 'thumbprint' so will not flag by by gfw's dpi hv few more points like to ask-
thank you, |
SS+any plugin will work only with any TCP traffic. Pure SS will work with any TCP/UDP traffic. |
hi @vanyaindigo sorry for so many questions, i hv read a lot(bits here and there on the internet rgd this), but never had chance to ask someone knowledgeable like you. i hv always thought we cant ask question not relate to development in here. so is it ok to ask question here in future, or where else would you suggest we get help? as the other forums(linux, ubuntu, etc) dont hv this topic. are you part of the cool team that develop this? here is my visualization of how the traffics flow- so gfw will only see that im going to the cdn, but wont know where is my real destination. is that correct? and one last question - would using a webserver(nginx proxy_pass) more secure? cheers, |
thanks alot. after reading that, it seems hving a webserver is a good idea for 'camouflage'. will read more and try installing another version with nginx. i did try installing before from the reddit post, but somehow stuck at getting the certificate - authentication error..., so after many tries, i decide to try another method. hopefully this time it will work :) cheeers, |
v2ray-plugin through nginx with tls is not working properly. I have built ss with v2ray plugin through nginx without tls, it is working fine. but when I only add tls support for nginx and modify client config accordingly, it did not work. I have tested nginx tls, it works. u can try n3ro.me to test tls. could anybody help me to investigating the issue ? here is the config content.
/usr/bin/ss-server -c /etc/shadowsocks-libev/config.json --plugin v2ray-plugin --plugin-opts "server"
active
v2ray-plugin
plugin, and set plugin opts ashost=n3ro.me;path=/ss
, set port as80
, if with tls, then set plugin opts astls;host=n3ro.me;path=/ss
and port as443
The text was updated successfully, but these errors were encountered: