Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

httpupgrade not working #3368

Closed
2 tasks done
iopq opened this issue May 16, 2024 · 3 comments
Closed
2 tasks done

httpupgrade not working #3368

iopq opened this issue May 16, 2024 · 3 comments

Comments

@iopq
Copy link

iopq commented May 16, 2024
edited

Integrity requirements

  • I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
  • I searched issues and did not find any similar issues.

Version

1.8.11

Description

2024/05/16 20:58:18 [Warning] [2385330210] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/httpupgrade: failed to dial request to tcp:***:443 > malformed HTTP response "\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00d\x00\x04\x00\x01\x00\x00\x00\x05\x00\xff\xff\xff\x00\x00\x04\b\x00\x00\x00\x00\x00\x7f\xff\x00\x00\x00\x00\b\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01" transport/internet/httpupgrade: failed to dial request to tcp:***:443 > dial tcp: lookup iopg.us.to: operation was canceled] > common/retry: all retry attempts failed

it's clearly spitting out some binary non-sense and I don't know why

I tried vless, vmess, a bunch of other combinations

seems to be similar to:

v2fly/v2ray-core#2883

Reproduction Method

Use nginx to take care of SSL, and then add a httpupgrade inbound instead of ws

Client config


{
  "log": {
    "access": "",
    "error": "none",
    "loglevel": "info"
  },
  "inbounds": [
    {
      "port": 20170,
      "protocol": "socks",
      "listen": "127.0.0.1",
      "sniffing": {
        "enabled": false,
        "destOverride": [
          "http",
          "tls"
        ],
        "metadataOnly": false
      },
      "settings": {
        "auth": "noauth",
        "udp": true
      },
      "streamSettings": null,
      "tag": "socks_ipv4"
    },
    {
      "port": 20171,
      "protocol": "http",
      "listen": "127.0.0.1",
      "sniffing": {
        "enabled": false,
        "destOverride": [
          "http",
          "tls"
        ],
        "metadataOnly": false
      },
      "streamSettings": null,
      "tag": "http_ipv4"
    },
    {
      "port": 20172,
      "protocol": "http",
      "listen": "127.0.0.1",
      "sniffing": {
        "enabled": false,
        "destOverride": [
          "http",
          "tls"
        ],
        "metadataOnly": false
      },
      "streamSettings": null,
      "tag": "rule-http_ipv4"
    },
    {
      "port": 32345,
      "protocol": "dokodemo-door",
      "listen": "127.0.0.1",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ],
        "metadataOnly": false
      },
      "settings": {
        "network": "tcp,udp",
        "followRedirect": true
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "tproxy"
        }
      },
      "tag": "transparent_ipv4"
    },
    {
      "port": 39751,
      "protocol": "dokodemo-door",
      "listen": "127.0.0.1",
      "sniffing": {
        "enabled": false,
        "metadataOnly": false
      },
      "settings": {
        "address": "127.0.0.1"
      },
      "streamSettings": null,
      "tag": "api-in_ipv4"
    },
    {
      "port": 20170,
      "protocol": "socks",
      "listen": "::1",
      "sniffing": {
        "enabled": false,
        "destOverride": [
          "http",
          "tls"
        ],
        "metadataOnly": false
      },
      "settings": {
        "auth": "noauth",
        "udp": true
      },
      "streamSettings": null,
      "tag": "socks_ipv6"
    },
    {
      "port": 20171,
      "protocol": "http",
      "listen": "::1",
      "sniffing": {
        "enabled": false,
        "destOverride": [
          "http",
          "tls"
        ],
        "metadataOnly": false
      },
      "streamSettings": null,
      "tag": "http_ipv6"
    },
    {
      "port": 20172,
      "protocol": "http",
      "listen": "::1",
      "sniffing": {
        "enabled": false,
        "destOverride": [
          "http",
          "tls"
        ],
        "metadataOnly": false
      },
      "streamSettings": null,
      "tag": "rule-http_ipv6"
    },
    {
      "port": 32345,
      "protocol": "dokodemo-door",
      "listen": "::1",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ],
        "metadataOnly": false
      },
      "settings": {
        "network": "tcp,udp",
        "followRedirect": true
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "tproxy"
        }
      },
      "tag": "transparent_ipv6"
    },
    {
      "port": 39751,
      "protocol": "dokodemo-door",
      "listen": "::1",
      "sniffing": {
        "enabled": false,
        "metadataOnly": false
      },
      "settings": {
        "address": "127.0.0.1"
      },
      "streamSettings": null,
      "tag": "api-in_ipv6"
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "xxx",
            "port": 443,
            "users": [
              {
                "id": "",
                "security": "auto"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "httpupgrade",
        "security": "tls",
        "tlsSettings": {
          "allowInsecure": false,
          "serverName": "xxx",
          "alpn": [
            "h2",
            "http/1.1"
          ]
        },
        "sockopt": {
          "mark": 128,
          "tcpFastOpen": false
        }
      }
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "UseIP"
      },
      "streamSettings": {
        "sockopt": {
          "mark": 128,
          "tcpFastOpen": false
        }
      }
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {}
    },
    {
      "tag": "dns-out",
      "protocol": "dns",
      "settings": {
        "port": 53,
        "address": "119.29.29.29",
        "network": "udp"
      },
      "streamSettings": {
        "sockopt": {
          "mark": 128,
          "tcpFastOpen": false
        }
      }
    }
  ],
  "routing": {
    "domainStrategy": "IPOnDemand",
    "domainMatcher": "mph",
    "rules": [
      {
        "type": "field",
        "outboundTag": "direct",
        "domain": [
          "iopg.us.to"
        ],
        "port": "443"
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "inboundTag": [
          "dns"
        ],
        "ip": [
          "208.67.220.220"
        ],
        "port": "5353"
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "inboundTag": [
          "dns"
        ],
        "ip": [
          "119.29.29.29"
        ],
        "port": "53"
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "inboundTag": [
          "dns"
        ]
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "inboundTag": [
          "transparent_ipv4",
          "transparent_ipv6"
        ],
        "ip": [
          "geoip:private",
          "127.0.0.1/8",
          "192.168.2.210/24",
          "::1/128",
          "2408:8207:2455:e060:6013:9f63:aee5:a5a1/64",
          "2408:8207:2455:e060:caaf:1062:cde3:28cc/64",
          "fe80::948b:58d:ab0:266/64"
        ],
        "port": "53"
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "inboundTag": [
          "rule-http_ipv4",
          "rule-socks",
          "rule-http_ipv6"
        ],
        "domain": [
          "domain:push-apple.com.akadns.net",
          "domain:push.apple.com"
        ]
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "inboundTag": [
          "rule-http_ipv4",
          "rule-socks",
          "rule-http_ipv6"
        ],
        "ip": [
          "192.168.0.0/16"
        ]
      },
      {
        "type": "field",
        "outboundTag": "proxy",
        "inboundTag": [
          "rule-http_ipv4",
          "rule-socks",
          "rule-http_ipv6"
        ]
      },
      {
        "type": "field",
        "outboundTag": "api-out",
        "inboundTag": [
          "api-in_ipv4",
          "api-in_ipv6"
        ]
      },
      {
        "type": "field",
        "outboundTag": "proxy",
        "network": "tcp,udp"
      }
    ]
  },
  "dns": {
    "hosts": {
      "courier.push.apple.com": "1-courier.push.apple.com"
    },
    "servers": [
      "localhost",
      {
        "address": "119.29.29.29",
        "port": 53,
        "domains": [
          ""
        ]
      }
    ],
    "tag": "dns"
  },
  "api": {
    "tag": "api-out",
    "services": [
      "LoggerService"
    ]
  }
}

Server config


    {
      "listen": "127.0.0.1",
      "port": 2004,
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "email": "***",
            "id": "***"
          }
        ]
      },
      "sniffing": {
        "destOverride": [
          "http",
          "tls",
          "quic",
          "fakedns"
        ],
        "enabled": false,
        "metadataOnly": false,
        "routeOnly": false
      },
      "streamSettings": {
        "httpupgradeSettings": {
          "acceptProxyProtocol": true,
          "headers": {},
          "host": "***",
          "path": "/***"
        },
        "network": "httpupgrade",
        "security": "none"
      },
      "tag": "inbound-127.0.0.1:2004"
    }

location /*** {
	if ($http_upgrade != "websocket") {
		return 404;
	}
	proxy_pass http://127.0.0.1:2004;
	proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_read_timeout 52w;
}

Client log


2024/05/16 20:58:18 [Warning] [2385330210] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/httpupgrade: failed to dial request to tcp:***:443 > malformed HTTP response "\x00\x00\x12\x04\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00d\x00\x04\x00\x01\x00\x00\x00\x05\x00\xff\xff\xff\x00\x00\x04\b\x00\x00\x00\x00\x00\x7f\xff\x00\x00\x00\x00\b\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01" transport/internet/httpupgrade: failed to dial request to tcp:***:443 > dial tcp: lookup iopg.us.to: operation was canceled] > common/retry: all retry attempts failed

Server log


May 16 13:45:27 instance-20240324-1822 /usr/local/x-ui/x-ui[614]: WARNING - XRAY: transport/internet/httpupgrade: accepting PROXY protocol

2024/05/16 14:09:58 [error] 1439#1439: *1728 upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: xxx, request: "GET /hup HTTP/1.1", upstream: "http://127.0.0.1:2004/hup", host: "xxx"

@Fangliding
Copy link
Member

Fangliding commented May 16, 2024
edited

If replace httpupgrade with websocket, can it work?

@iopq
Copy link
Author

iopq commented May 17, 2024

If replace httpupgrade with websocket, can it work?

It stopped working a while ago, even though it's enabled in cloudflare so I can't tell if my configuration is wrong or it's just blocked

@Fangliding
Copy link
Member

If it could have been used before, the configuration would have been correct

@Fangliding Fangliding closed this as not planned Won't fix, can't repro, duplicate, stale May 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iopq @Fangliding