无法拨打至 (wss://<ip>/subf1/40234): 502 Bad Gateway > websocket: bad handshake

huangapple go评论97阅读模式
英文:

failed to dial to (wss://<ip>/subf1/40234): 502 Bad Gateway > websocket: bad handshake

问题

OK, 这个502错误与其他相关文章不同。

首先,我成功地在Ubuntu 22上设置了一个v2ray系统。

我有一个域名和一个Cloudflare账户来为我的域名设置DNS,并且一个名为'sub'的子域连接到我的服务器IP,一切都设置得很好。

使用Linux上的Certbot装备SSL证书和密钥,一切都正常,网站可以使用https正常访问。

在CF(CloudFlare)中启用了DNS代理和WebSocket检查。

此外,我使用了像著名教程中所说的反向DNS,所以我编辑了/etc/nginx/sites-available/sub.domain.com以使其变成这样:

server {
    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;
    server_name sub.domain.com;
    location / {
        try_files $uri $uri/ =404;
    }
    # 这里是v2ray的一些配置
}

同时,我在服务器上使用了X-UI v2ray面板,一切都设置得很好。这是一个我正常使用的vless连接的示例。

现在,问题是,自从我移除了X-UI面板并安装了另一个版本后,无论v2ray客户端提供什么信息,都无法建立连接,出现了一系列错误。

我尝试了以下一些方法来解决问题:

  • 重新启动Nginx
  • 重新启动服务器
  • 重新安装X-UI面板(不同版本)
  • 重建服务器
  • 更改子域名
  • 更改子域名并更改服务器获取不同的IP

SSL证书已经正常设置,并选择了CF SSL。

非常感谢任何形式的帮助和建议。

英文:

OK, this 502 error is from something different than the other related articles here.
first i managed to setup a v2ray system using ubuntu 22.
I have a domain and a cloudflare account to set DNS for my domain and a 'sub' subdomain connected to my server ip, all set as it should be.
equipped with SSL cert & key using certbot on linux and works ok, website comes up with https just fine.
dns proxy and websocket check are both enable in CF(CloudFlare).
also im using reverse DNS like the famous tutorials saying, so i've edited the /etc/nginx/sites-available/sub.domain.com to become like this:

server {

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don&#39;t use them in a production server!
    #
    # include snippets/snakeoil.conf;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name sub.domain.com;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }


   location /subf1 {

     if ($http_upgrade != &quot;websocket&quot;) {

        return 404;

     }


     location ~ /subf1/\d\d\d\d\d$ {

        if ($request_uri ~* &quot;([^/]*$)&quot; ) {

            set $port $1;

        }

        proxy_redirect off;

        proxy_pass http://127.0.0.1:$port/;

        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection &quot;upgrade&quot;;

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }

    return 404;

  }

    # pass PHP scripts to FastCGI server
    #
    #location ~ \.php$ {
    #       include snippets/fastcgi-php.conf;
    #
    #       # With php-fpm (or other unix sockets):
    #       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    #       # With php-cgi (or other tcp sockets):
    #       fastcgi_pass 127.0.0.1:9000;
    #}

    # deny access to .htaccess files, if Apache&#39;s document root
    # concurs with nginx&#39;s one
    #
    #location ~ /\.ht {
    #       deny all;
    #}

 listen [::]:443 ssl ipv6only=on; # managed by Certbot
 listen 443 ssl; # managed by Certbot
 ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem; # mana&gt;
 ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem; # ma&gt;
 include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {

  if ($host = sub.domain.com) {
    return 301 https://$host$request_uri;
  } # managed by Certbot


    listen 80;
    listen [::]:80;

    server_name sub.domain.com;
    return 404; # managed by Certbot


}

also, have the x-ui v2ray panel installed and everything is setup just right here is a sample vless connection which i used to create normally and worked fine till yesterday:

无法拨打至 (wss://<ip>/subf1/40234): 502 Bad Gateway > websocket: bad handshake

the 9988 port is defined from x-ui v2ray management panel on the server.

everything was fine until i removed the x-ui panel and installed another version.
since then i cannot make the connections work, no matter what the v2ray client gives this series of errors:

app/proxyman/outbound: failed to process outbound traffic &gt; proxy/vless/outbound: failed to find an available destination &gt; common/retry: [transport/internet/websocket: failed to dial WebSocket &gt; transport/internet/websocket: failed to dial to (wss://&lt;ip&gt;/subf1/40234): 502 Bad Gateway &gt; websocket: bad handshake] &gt; common/retry: all retry attempts failed

proxy/http: failed to read response from 149.xx.xx.xx:80 &gt; io: read/write on closed pipe

some things i did to resolve this are:

  • restarting nginx
  • rebooting the server
  • re-installing the x-ui panel (various versions)
  • rebuilding the server
  • changing the subdomain
  • changing the sub domain + changing the server and gettin a different ip

and SSL is being set just fine with CF SSL selected at Full.

any kind of help and suggestion is so appreciated.

答案1

得分: 0

Ok,这是连接入站中使用的 CDN IP 引起的问题。

英文:

Ok, that was a problem from CDN ip used in the connection inbound.

答案2

得分: 0

1: 关闭 SELinux

$ setenforce 0

vi /etc/selinux/config,将 SELINUX 设置为 "disabled"

2: 关闭防火墙

$ systemctl stop firewalld

$ systemctl disable firewalld
英文:

1: Close SELinux

$ setenforce 0

vi /etc/selinux/config and set SELINUX=&quot;disabled&quot;

2: Close Firewall

$ systemctl stop firewalld

$ systemctl disable firewalld

huangapple
  • 本文由 发表于 2023年2月18日 10:39:01
  • 转载请务必保留本文链接:https://go.coder-hub.com/75490847.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定