Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

升级到1.8.10后ws访问404 #3222

Closed
freeNestor opened this issue Apr 2, 2024 · 16 comments
Closed

升级到1.8.10后ws访问404 #3222

freeNestor opened this issue Apr 2, 2024 · 16 comments

Comments

@freeNestor
Copy link

问题现象:服务端从1.8.7升级到1.8.10后(配置不变动),客户端(clash)访问服务端ng响应404(使用ws),降级回到1.8.7版本后正常。日志中没有其他报错。

服务端配置:

...
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": xxxx,
      "protocol": "trojan",
      "settings": {
        "clients": [
          {
            "password": "xxx"
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
          "acceptProxyProtocol": false,
          "path": "/xxx",
          "headers": {
            "host": "xxx.xy"
          }
        }
      }
    }
  ],
...
@yuhan6665
Copy link
Member

应该是新版服务端要求 host match
用 xray core 客户端是否能连接?clash 如何加 http header host?

@Fangliding
Copy link
Member

emmm 这里该不该要求match还是有点伤脑筋呢

@yuhan6665
Copy link
Member

emmm 这里该不该要求match还是有点伤脑筋呢

我是抄了 httpupgrade ;)

@Fangliding
Copy link
Member

Fangliding commented Apr 2, 2024
edited
Loading

emmm 这里该不该要求match还是有点伤脑筋呢

我是抄了 httpupgrade ;)

我之前以为服务端应该不会有人加的()
甚至想过要不要做成服务端会主动检验 毕竟这样这个选项在服务端才有意义
果然稍微break一点东西就一堆人出事啊

@chika0801
Copy link
Contributor

"headers": {
"host": "xxx.xy"
}

你服务端有这个,10版本要求客户端也要有对应的,会服务端会校验,解决方法去了就是。

@RPRX
Copy link
Member

RPRX commented Apr 3, 2024

loyess/Shell#122 (comment)

@RPRX RPRX pinned this issue Apr 3, 2024
@RPRX RPRX closed this as not planned Won't fix, can't repro, duplicate, stale Apr 3, 2024
@RPRX RPRX mentioned this issue Apr 3, 2024
Closed
@freeNestor
Copy link
Author

"headers": { "host": "xxx.xy" }

你服务端有这个,10版本要求客户端也要有对应的,会服务端会校验,解决方法去了就是。

clash客户端配置header了,但不行。好吧,最后ng上强制指定host可以了,可能是ng这里header被重写了?

@chika0801
Copy link
Contributor

不用clash/c meta不清楚和10版本兼容怎样了。

@lys811074556

This comment was marked as off-topic.

Sign in to view
@aiastia
Copy link

aiastia commented Jun 27, 2024
edited
Loading

“标题”:{ “主机”:“xxx.xy” }

如果你服务端有这个,10版本要求客户端也要有相应的,会服务端会检查,解决方案就是那个。

如果套了cf 的情况下 取消host 会连不上……感觉整个机制有点鸡肋
比如cf 用1.a.com 域名 然后后端用2.a.com 的tls 会连不上 必须要在cf 里面用 2.a.com 的域名

@cute
Copy link

cute commented Jul 7, 2024

@RPRX

自Xray 1.8.10 开始,websocket 域名验证的方式是错误的。如果服务器使用不是默认端口,按照HTTP规定应该在Host里发送端口。如果客户端发送了端口,服务端则直接报错。

@yuhan6665
Copy link
Member

@cute 感谢提醒 改成子字符串匹配了 4c51636

@cute
Copy link

cute commented Jul 8, 2024

@yuhan6665

建议使用 net.SplitHostPort 处理 request.Host,进行 host 比较。

按照规范域名应该使用小写字母。

如果使用 strings.Contains, 服务端设置 www.example.com,
那么客户端发送 www.example.com 里的任何一部分都是可以通过的。

@yuhan6665
Copy link
Member

Done b8c0768

This was referenced Jul 22, 2024
Open
Closed
Closed
@kang000feng
Copy link

"headers": { "host": "xxx.xy" }

你服务端有这个,10版本要求客户端也要有对应的,会服务端会校验,解决方法去了就是。

clash客户端配置header了,但不行。好吧,最后ng上强制指定host可以了,可能是ng这里header被重写了?

请问ng上如何强制指定host? 能否给个示例参考一下? 謝謝

@freeNestor
Copy link
Author

"headers": { "host": "xxx.xy" }

你服务端有这个,10版本要求客户端也要有对应的,会服务端会校验,解决方法去了就是。

clash客户端配置header了,但不行。好吧,最后ng上强制指定host可以了,可能是ng这里header被重写了?

请问ng上如何强制指定host? 能否给个示例参考一下? 謝謝

proxy_set_header Host $host;

@xcode75 xcode75 mentioned this issue Aug 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@cute @yuhan6665 @kang000feng @freeNestor @aiastia @Fangliding @RPRX @chika0801 @lys811074556