XTLS
[疑问]Xray 前置时从 Nginx 下载文件报错
Xray 监听 443 ,默认回落 Nginx ,但是从 Nginx 下载文件时会报错:
root@~# wget https://xxx.com/xxx.tar.gz
--2008-05-20 10:00:00-- https://xxx.com/xxx.tar.gz
Resolving xxx.com (xxx.com)... 111.222.333.444
Connecting to xxx.com (xxx.com)|111.222.333.444|:443... connected.
HTTP request sent, awaiting response... Read error (The request is invalid.) in headers.
使用 curl 获取文件正常:
root@~# curl -OJL https://xxx.com/xxx.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1807k 100 1807k 0 0 1920k 0 --:--:-- --:--:-- --:--:-- 1918k
另外,Windows (Chrome/Edge/IE)、iOS (Safari) 和 Android (Chrome) 下载都正常。
经过排障发现问题源自 server.json 配置文件,修改后问题解决了。(其实就是删除了 "alpn": "http/1.1" )
出错的 server.json
{
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "UUID-UUID-UUID-UUID",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none",
"fallbacks": [
{
"alpn": "h2",
"dest": "/dev/shm/h2c.sock",
"xver": 1
},
{
"alpn": "http/1.1",
"dest": "/dev/shm/default.sock",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.2",
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"certificateFile": "/etc/nginx/ssl/xxx.com.crt",
"keyFile": "/etc/nginx/ssl/xxx.com.key"
}
]
}
}
}
]
}
修改后的 server.sjon
{
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "UUID-UUID-UUID-UUID",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none",
"fallbacks": [
{
"alpn": "h2",
"dest": "/dev/shm/h2c.sock",
"xver": 1
},
{
"dest": "/dev/shm/default.sock",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.2",
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"certificateFile": "/etc/nginx/ssl/xxx.com.crt",
"keyFile": "/etc/nginx/ssl/xxx.com.key"
}
]
}
}
}
]
}
nginx.site.conf
server {
... ...
listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
listen unix:/dev/shm/default.sock proxy_protocol;
... ...
}
我的理解是无论是否删除 "alpn": "http/1.1" ,两套配置应该是“等效”的,不知道为什么会出现这样的情况。
好久没看 fallbacks 相关代码了,不过说起回落,虽然总有人觉得 VLESS 和 Trojan 很像,但 Trojan 协议的 CRLF 是为旧回落方式而设计的,而 VLESS 的 flow 和 seed 是为改变流量特征而设计的,这是两个协议在设计理念上的本质区别,VLESS 是为 *ray 原生设计的,就像你在不需要回落的其它传输方式上空跑 CRLF 不会觉得很奇怪吗,~~并且我设计 VLESS 时没看 Trojan 的协议结构不然会把 UDP 抄过来,好在后来 VLESS 有支持 Mux 和“连接迁移”的 XUDP~~,我还给 VLESS 独创了更安全高效的回落方式就是直接判断首包长度而不需要 CRLF,还有根据首包内容各种分流让大家玩得很开心,~~不过后来我们有了 REALITY 就不太需要 fallbacks 了,虽然它们的文章都被我鸽了所以总会有人不清楚它们比各自类似的东西好在哪,咕咕咕~~,好了一段话讲完了主要区别挺爽的
{
"alpn": "http/1.1", // 我倒是一直没用加这个 "alpn": "http/1.1" 的写法
"dest": "/dev/shm/default.sock",
"xver": 1
}
文档连接 https://xtls.github.io/Xray-docs-next/config/features/fallback.html#fallbackobject ~以前才出时,群友测试搞通了能用就是了~
