cbeuw
Updating with the installation script broke system
I had a working system. Since updating to the latest version using the installer script, I can no longer use the proxy nor does the redirect page display.
The server also runs Apache. It listens on 127.0.0.1:123. That is what I use for the redirect IP. It worked flawlessly before I updated. Anyone not using a Shadowsocks client would get the webpage that Apache serves. Now I just get a page not found error.
I don't know where to begin troubleshooting. Please tell me what info you need. My server is CentOS 7.
On 8/29/2019, I used the then current installation script to update to v2.0.2. That update worked flawlessly.
I have followed all instructions and edited my client and server config files to be compatible with the current version. It's weird, When I first restart the server, I can use the proxy for a few seconds. It is very slow. It will load a couple of pages but then it stops working.
this one https://github.com/cbeuw/Cloak/releases/tag/v2.0.2 ? its pretty much changes.
try to delete db and old installation. and install again the latest version, reconfigure server for support apache after installation
My server is CentOS 7. I use iptables instead of firewalld. I already have a working set of rules including one to allow port 443 which is the port I choose for Cloak binding. Since I already have the proper firewall rule, I've commented out that section in the installation script.
When my server was working with v.2.0.2, the first thing I did was to run the following command:
curl -o Cloak-Installer.sh -L https://git.io/fj5mh && bash Cloak-Installer.sh
Since there wasn't an option to upgrade, I selected the uninstall option. The next thing I did was to reboot and upload my edited (firewall rule creation removed) copy of the installation script. I then ran it and selected the install option.
Below are my answers to the script questions:
Listening port: 443 Redirection IP for Cloak: 127.0.0.1:123 Architecture: 2) amd64 Install ShadowSock with Cloak: yes Password: mypass Cipher: 4) aes-256-gcm DNS server: 1) cloudflare Custom cloak rule: no
Once the install completes, I have the following config files:
/etc/cloak/ckadminclient.json /etc/cloak/ckport.txt /etc/cloak/ckserver.json /etc/cloak/shadowsocks.json /etc/cloak/userinfo.db /etc/shadowsocks-libev/config.json
Which ones are samples and which ones are being used? Do I have to move or edit any of them?
Below is what I am using for the Shadowsocks client:
... { "Transport": "direct", "ProxyMethod": "shadowsocks", "EncryptionMethod": "plain", "UID": "5n_REDACTED==", "PublicKey": "IY_REDACTED=", "ServerName": "www.mysite.com", "NumConn": 4, "BrowserSig": "chrome", "StreamTimeout": 300 } ...
Below is /etc/cloak/ckserver.json:
... { "ProxyBook": { "shadowsocks":["tcp","127.0.0.1:49820"] , "panel":["tcp","127.0.0.1:0"] }, "BypassUID": [ "5n_REDACTED==", "v8_REDACTED==" ], "BindAddr":[":443"], "RedirAddr": "127.0.0.1:123", "PrivateKey": "KL_REDACTED=", "AdminUID": "hG_REDACTED==", "DatabasePath": "userinfo.db", "StreamTimeout": 300 } ...
I have Apache installed on the same server and it is listening on 127.0.0.1:123 so it is supposed to be serving the page for people that connect without a Shadowsocks client. It did work just fine before I attempted to update from v.2.0.2.
In the Windows Shadowsocks client app, I'm using the following:
Server addr: I have specified the public IP of the Cloak server. Server port: 443 Password: mypass (The same password I specified during the Cloak install) Encryption: aes-256-gcm (The same cipher I specified during the Cloak install) Plugin program: ck-client-windows-amd64-2.1.2.exe Plugin options: ckclient.json (The Shadowsocks client file above)
I also see that the service crashes. I don't know how long it runs before it crashes but I do not that it runs for at least several minutes before it crashes.
# systemctl status cloak-server
? cloak-server.service - Cloak Server Service
Loaded: loaded (/etc/systemd/system/cloak-server.service; enabled; vendor preset: disabled)
Active: failed (Result: signal) since Thu 2019-11-28 12:06:17 EST; 6h ago
Process: 1521 ExecStart=/usr/local/bin/ck-server -c ckserver.json (code=killed, signal=KILL)
Main PID: 1521 (code=killed, signal=KILL)
Nov 28 12:06:08 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:06-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40786" sessionId=0
Nov 28 12:06:09 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:07-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40790" sessionId=0
Nov 28 12:06:10 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:07-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40794" sessionId=0
Nov 28 12:06:11 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:08-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40798" sessionId=0
Nov 28 12:06:12 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40800" sessionId=0
Nov 28 12:06:13 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40802" sessionId=0
Nov 28 12:06:15 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:11-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40804" sessionId=0
Nov 28 12:06:17 www.my_REDACTED_site.com systemd[1]: cloak-server.service: main process exited, code=killed, status=9/KILL
Nov 28 12:06:17 www.my_REDACTED_site.com systemd[1]: Unit cloak-server.service entered failed state.
Nov 28 12:06:17 www.my_REDACTED_site.com systemd[1]: cloak-server.service failed.
Is there something that sends kill signal to cloak service? Also remoteAddr="127.0.0.1:40804" means something on that server is sending those traffic to your cloak listening on port 443, not from the internet.
Is there something that sends kill signal to cloak service?
How do I check?
means something on that server is sending those traffic to your cloak listening on port 443
How do I check? This is a very basic server setup.
I have Apache installed and listening on port 123. As a test, I created a CentOS VM on a Windows PC and installed Cloak using the Shadowsocks-Cloak-Installer script. I get the following on the test VM:
# systemctl status cloak-server -1
cloak-server.service - Cloak Server Service
Loaded: loaded (/etc/systemd/system/cloak-server.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-12-01 08:43:24 EST; lmin 13s ago
Main PID: 1060 (ck-server)
CGroup: /system.s1ice/cloak-server.service
L1060 /usr/local/bin/ck-server -c ckserver.json
Dec 01 08:43:24 www.my_REDACTED_site.com systemdtll: Started Cloak Server Service.
Dec 01 08:43:24 www.my_REDACTED_site.com ck-server!10601 : time="2019-12-01T08:43:24-05:00" level = info ms g="Starting standalone mode"
Dec 01 08:43:24 www.my_REDACTED_site.com ck-server!10601 : time="2019-12-01T08:43:24-05:00" level=error m sg="If RedirAddr contains a port number, please remove it."
Dec 01 08:43:24 www.my_REDACTED_site.com ck-server110601 : time="2019-12-01T08:43:24-05:00" level = info ms g="Listening on :443"
So does "If RedirAddr contains a port number, please remove it" mean the newer versions of Cloak can no longer redirect non-client traffic to the webpage being severed by Apache on the same server? If you can't specify a port, in the redirect address (e.g., 127.0.0.1:123) then how do you redirect to a local webserver that is listening on port 123?
I have reinstalled CentOS7 and used the installation script with defaults. I even reinstalled CentOS and used a different installation script from another Github repository and got the same results. Some pages never load while other take a very long time to load. Until someone can show me what I'm doing wrong, I'm gonna say the newer versions of Cloak are not reliable; at least not on my CentOS7 VPS.
In the meantime, I've switched over to Shadowsocks with v2ray-plugin. It is working better than Cloak ever did for me. Fast page loads and it does not drop the connection. Plus I can redirect to my local server with HTTPS or any other HTTPS public web page without encountering the SSL cert mismatch errors that I got when using Cloak.
I'm not giving up on Cloak. I will watch for any updates and continue testing. Thanks to everyone for the help. I wish Andy would chime in so we can get this sorted out :-)
Hi @jeffshead sorry it took me a while to look at this issue. The use case issue you encountered was broken by me some time back without proper consideration :(
I have fixed it in the last few commits so now you can manually specify the port number in RedirAddr field. If there is no port number it'll redirect to the same port number as the one bond to listen to clients (should be 443).
Regarding the connection stability issues, thanks to @notsure2 and @chenshaoju a long standing bug has been fixed: https://github.com/cbeuw/Cloak/commit/d35472aea196d42472ff9bdb46ad5fa92673eb9d, so hopefully the problem no longer persists
