nginx反代vmess websocket时 nginx出现错误 32: Broken pipe 和 104: Connection reset by peer

[GeorgeRudd]

/var/log/nginx/error.log

[error] 2491#2491: *686 send() failed (32: Broken pipe) while proxying upgraded connection, client: 3.3.3.3, server: domain.com, request: "GET /path HTTP/1.1", upstream: "http://unix:/dev/shm/vws.sock:/path", host: "domain.com" [error] 4112#4112: *345 recv() failed (104: Connection reset by peer) while proxying upgraded connection, client: 3.3.3.3, server: domain.com, request: "GET /path HTTP/1.1", upstream: "http://unix:/dev/shm/vws.sock:/path", host: "domain.com

/etc/nginx/nginx.conf

user  root;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

/etc/nginx/conf.d/vmess.conf

 server {
        listen 80;
        #listen [::]:80;
        server_name domain.com;

        location = /path { 
            if ($http_upgrade != "websocket") { 
                return 404;
            }
            proxy_redirect off;
            proxy_pass http://unix:/dev/shm/vws.sock;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        location = / {
	    return 403;
        }
}

xray服务端

{
  "listen":"/dev/shm/vws.sock,0777",
  "protocol":"vmess",
  "settings":{
    "clients":[
      {
        "id":"uuid",
        "email":"email"
      }
    ]
  },
  "streamSettings":{
    "network":"ws",
    "security":"none",
    "wsSettings":{
      "path":"/path"
    }
  },
  "sniffing":{
    "enabled":false
  }
}

[chika0801]

服务端配置 见模板 https://github.com/XTLS/Xray-examples/blob/e01c18039c5b663b89aeab4395bec71b4f19461f/VLESS-WSS-Nginx/server.json#L7

权限0666 你填0777哪看到这填法的？猜是这原因

[chika0801]

我的模板 https://github.com/chika0801/Xray-examples/tree/main/VMess-WebSocket-TLS

[GeorgeRudd]

改了 没用

[chika0801]

改了 没用

那你试试 https://github.com/XTLS/Xray-examples/tree/main/VLESS-WSS-Nginx

[xqzr]

检查 id

[GeorgeRudd]

检查 id

是uuid吗 cat /proc/sys/kernel/random/uuid 换了一个新的了 还是不行 上网是可以正常上的 错误提示还在

[GeorgeRudd]

监听127.0.0.1也有同样错误 *109 recv() failed (104: Connection reset by peer) while proxying upgraded connection, client: ip, server: domain.com, request: "GET /path HTTP/1.1", upstream: "http://127.0.0.1:1234/path", host: "domain.com"

[malikshi]

Listening to 127.0.0.1 also has the same error *109 recv() failed (104: Connection reset by peer) while proxying upgraded connection, client: ip, server: domain.com, request: "GET /path HTTP/1.1", upstream: " http://127.0.0.1:1234/path ", host: "domain.com"

I had same problem.

[xqzr]

~SeLinux~

[tritu]

Confirmed "failed (104: Connection reset by peer) while proxying and reading from upstream" in VLESS+TLS+WebSocket config. VLESS+TLS+gRPC looks fine

[GeorgeRudd]

客户端用小火箭时 服务端nginx似乎没有出现上面的错误

[tritu]

客户端用小火箭时 服务端nginx似乎没有出现上面的错误

That’s true. Shadowrocket iOS client works fine. Only official go-lang release will trigger this issue.

[dmlgzs]

Oracle Cloud 的 arm 服务器遇到同样的问题

[blog2020]

这问题是无解了吗

[falconchen]

有可能是本地时间跟服务器时间的问题， 同步一下时间，我的就是这样，服务器快了两分钟。

ntpdate cn.pool.ntp.org

执行这条命令就正常了，建议加入定时任务。