Xray-examples
Xray-examples copied to clipboard
Published
20 hours ago •
XTLS
XTLS
使用VLESS-TCP-XTLS-WHATEVER模板 日志提示:rejected proxy/trojan: not trojan protocol
大佬好,我在用大佬的配置中遇到了点小问题请教下。 客户端和服务端都是最新的1.4.5,按照VLESS-TCP-XTLS-WHATEVER中的配置,服务端日志会有大量的:rejected proxy/trojan: not trojan protocol提示,请问是哪里配置不对吗?
xray 服务端的设置如下,按照VLESS-TCP-XTLS-WHATEVER中的配置,仅修改uuid和回落端口80改8001
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "我的UUID", // 填写你的 UUID
"flow": "xtls-rprx-direct",
"level": 0,
"email": "[email protected]"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 1310, // 默认回落到 Xray 的 Trojan 协议
"xver": 1
},
{
"path": "/websocket", // 必须换成自定义的 PATH
"dest": 1234,
"xver": 1
},
{
"path": "/vmesstcp", // 必须换成自定义的 PATH
"dest": 2345,
"xver": 1
},
{
"path": "/vmessws", // 必须换成自定义的 PATH
"dest": 3456,
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "fullchain.cer", // 换成你的证书,绝对路径
"keyFile": "domain.key" // 换成你的私钥,绝对路径
}
]
}
}
},
{
"port": 1310,
"listen": "127.0.0.1",
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "wahah", // 填写你的密码
"level": 0,
"email": "[email protected]"
}
],
"fallbacks": [
{
"dest": 8001// 或者回落到其它也防探测的代理
}
]
},
"streamSettings": {
"network": "tcp",
"security": "none",
"tcpSettings": {
"acceptProxyProtocol": true
}
}
},
{
"port": 1234,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "我的UUID", // 填写你的 UUID
"level": 0,
"email": "[email protected]"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行
"path": "/websocket" // 必须换成自定义的 PATH,需要和分流的一致
}
}
},
{
"port": 2345,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "我的UUID", // 填写你的 UUID
"level": 0,
"email": "[email protected]"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "none",
"tcpSettings": {
"acceptProxyProtocol": true,
"header": {
"type": "http",
"request": {
"path": [
"/vmesstcp" // 必须换成自定义的 PATH,需要和分流的一致
]
}
}
}
}
},
{
"port": 3456,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "我的UUID", // 填写你的 UUID
"level": 0,
"email": "[email protected]"
}
]
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行
"path": "/vmessws" // 必须换成自定义的 PATH,需要和分流的一致
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
nginx.conf配置如下,8888端口是docker搭建的nextcloud网盘
server {
listen 80;
server_name domain.com;
return 301 https://$host$request_uri;
}
server {
server_name domain.com www.domain.com;
listen 8001;
client_max_body_size 10G;
location / {
proxy_redirect off;
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $http_host;
}
location = /.htaccess {
return 404;
}
location = /.well-known/carddav {
return 301 https://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 https://$host/remote.php/dav;
}
}
客户端按照vless_tcp_xtls.json这个配置。能正常上网,服务器上的网盘所有功能也正常使用,服务端部分日志如下
Xray 1.4.5 (Xray, Penetrates Everything.) Custom (go1.17.1 linux/amd64)
A unified platform for anti-censorship.
2021/11/10 20:12:33 [Info] infra/conf/serial: Reading config: config-sample.json
2021/11/10 20:12:33 [Warning] transport/internet/tcp: accepting PROXY protocol
2021/11/10 20:12:33 [Warning] transport/internet/websocket: accepting PROXY protocol
2021/11/10 20:12:33 [Warning] transport/internet/tcp: accepting PROXY protocol
2021/11/10 20:12:33 [Warning] transport/internet/websocket: accepting PROXY protocol
2021/11/10 20:12:33 [Warning] core: Xray 1.4.5 started
2021/11/10 20:13:01 IP地址:58217 accepted tcp:github.com:443 email: [email protected]
2021/11/10 20:13:02 IP地址:58241 accepted tcp:avatars.githubusercontent.com:443 email: [email protected]
2021/11/10 20:13:08 IP地址:58347 rejected proxy/trojan: not trojan protocol
2021/11/10 20:13:17 IP地址:58516 rejected proxy/trojan: not trojan protocol
2021/11/10 20:13:18 IP地址:60864 rejected proxy/trojan: not trojan protocol
2021/11/10 20:13:18 IP地址:56871 rejected proxy/trojan: not trojan protocol
2021/11/10 20:14:18 IP地址:59664 rejected proxy/trojan: not trojan protocol
2021/11/10 20:15:21 IP地址:60837 rejected proxy/trojan: not trojan protocol
2021/11/10 20:16:23 IP地址:61857 rejected proxy/trojan: not trojan protocol
2021/11/10 20:17:12 IP地址:61868 accepted tcp:github.com:443 email: [email protected]
2021/11/10 20:17:13 IP地址:61870 accepted tcp:github.githubassets.com:443 email: [email protected]
2021/11/10 20:17:13 IP地址:61872 accepted tcp:avatars.githubusercontent.com:443 email: [email protected]
2021/11/10 20:17:15 IP地址:61876 accepted tcp:api.github.com:443 email: [email protected]
2021/11/10 20:17:25 IP地址:61880 rejected proxy/trojan: not trojan protocol
2021/11/10 20:18:11 IP地址:65409 accepted tcp:raw.githubusercontent.com:443 email: [email protected]
2021/11/10 20:18:27 IP地址:65411 rejected proxy/trojan: not trojan protocol
2021/11/10 20:19:29 IP地址:65419 rejected proxy/trojan: not trojan protocol
2021/11/10 20:20:28 IP地址:65431 rejected proxy/trojan: not trojan protocol
2021/11/10 20:20:31 IP地址:65433 rejected proxy/trojan: not trojan protocol
2021/11/10 20:21:25 IP地址:64519 accepted tcp:www.google.com:443 email: [email protected]
2021/11/10 20:21:27 IP地址:64522 accepted tcp:apis.google.com:443 email: [email protected]
2021/11/10 20:21:28 IP地址:64524 accepted tcp:adservice.google.com:443 email: [email protected]
2021/11/10 20:21:33 IP地址:53517 rejected proxy/trojan: not trojan protocol
@akw5454521 @jinlin-teck 伪装网站是网盘,存有东西的。刚开始我也怀疑是访问伪装网站产生的,但是后来我退出所有的网盘客户端,也不访问网站 ,我发现仍然有这个rejected 输出,倒是不影响使用,就是有点强迫症犯了 想弄清楚为什么
我同样的配置,也是这个日志,但是正常的nginx服务我都访问不了,提示无法访问网站
{
"log": {
"loglevel": "warning"
},
// 3*分流设置
"routing": {
"domainStrategy": "AsIs",
"rules": [
// 3.1 防止服务器本地流转问题:如内网被攻击或滥用、错误的本地回环等
{
"type": "field",
"ip": [
"geoip:private" // 分流条件:geoip 文件内,名为"private"的规则(本地)
],
"outboundTag": "black" // 分流策略:交给出站"black"处理(黑洞屏蔽)
},
// 3.2 屏蔽广告
{
"type": "field",
"domain": [
"geosite:category-ads-all" // 分流条件:geosite 文件内,名为"category-ads-all"的规则(各种广告域名)
],
"outboundTag": "black" // 分流策略:交给出站"black"处理(黑洞屏蔽)
}
]
},
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "*********",
"flow": "xtls-rprx-direct"
}
],
"decryption": "none",
"fallbacks": [
{
"path": "/ws",
"dest": 1314,
"xver": 1
},
{
"dest": 1315,
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"allowInsecure": false, // 正常使用应确保关闭
"minVersion": "1.2", // TLS 最低版本设置
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"certificateFile": "***",
"keyFile": "****"
}
]
}
}
},
{
"port": 1314,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "***********",
"level": 0,
"email": "********"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptdirectProtocol": true,
"path": "/ws"
}
}
},
{
"port": 1315,
"listen": "127.0.0.1",
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "mima",
"level": 0,
"email": "******"
}
],
"fallbacks": [
{
"dest": "nginx:5001",
"xver": 1
},
{
"alpn": "h2",
"dest": "nginx:5002",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "none",
"tcpSettings": {
"acceptProxyProtocol": true
}
}
}
],
// 5*出站设置
"outbounds": [
{
"tag": "direct",
"protocol": "freedom"
},
{
"tag": "black",
"protocol": "blackhole"
}
]
}
参考我的看看 https://github.com/chika0801/Xray-examples/tree/main/VLESS-TCP-TLS%2BVMess-Websocket-TLS%2BTrojan-TCP-TLS
