v2ray-plugin: ss+v2ray-plugin+nginx+tls https not working
v2ray-plugin through nginx with tls is not working properly. I have built ss with v2ray plugin through nginx without tls, it is working fine. but when I only add tls support for nginx and modify client config accordingly, it did not work. I have tested nginx tls, it works. u can try n3ro.me to test tls. could anybody help me to investigating the issue ? here is the config content.
- nginx:
server {
listen 80;
listen [::]:80;
server_name n3ro.me;
error_page 497 https://$host$uri;
location = /ss {
proxy_pass http://127.0.0.1:9999/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
location / {
return 497;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name n3ro.me;
ssl on;
ssl_certificate /root/.acme.sh/n3ro.me/n3ro.me.cer;
ssl_certificate_key /root/.acme.sh/n3ro.me/n3ro.me.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location = /ss {
proxy_pass http://127.0.0.1:9999/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
location = / {
return 302 /yacd;
}
location / {
root /root/websites/n3ro.me;
index index.html;
}
}
- shadowsocks
{
"server":"0.0.0.0",
"server_port":9999,
"local_port":1080,
"mode":"tcp_and_udp",
"password":"******",
"timeout":600,
"method":"chacha20-ietf-poly1305",
"fast_open":true,
"plugin":"v2ray-plugin",
"plugin-opts":"server"
}
- starting shadowsocks command
/usr/bin/ss-server -c /etc/shadowsocks-libev/config.json --plugin v2ray-plugin --plugin-opts "server"
ps: why I start it using this command, it is because if I use
systemctl start shadowsocks-libev, it cannot start v2ray-plugin, but this way works.
- client
active
v2ray-pluginplugin, and set plugin opts ashost=n3ro.me;path=/ss, set port as80, if with tls, then set plugin opts astls;host=n3ro.me;path=/ssand port as443
About this issue
- Original URL
- State: open
- Created 4 years ago
- Comments: 32
Proxy_pass must be https:
“plugin-opts” should be “plugin_opts”. Give it a try. This is mine: “plugin_opts”:“server;host=example.com;path=/example;loglevel=none”
And this is my detailed instruction for Russian-speaking rookies: https://overclockers.ru/blog/Indigo81/show/31739/shadowsocks-cherez-cloudflare-cdn-povyshaem-bezopasnost-v-seti
config.json could be as following: Caution “server”:[“[::1]”, “127.0.0.1”],
What’more, I found a detailed instruction on setting-up vray-plugins and nginx server for Chinese-speaking rookies. https://blog.icpz.dev/articles/bypass-gfw/shadowsocks-with-v2ray-plugin/
@vanyaindigo is
httpnothttps@Nerom
remove
=fromlocation = /ssm likelocation /ss, i dont belive you can passnginx -twith your config;remove last
/fromhttp://127.0.0.1:9999/likehttp://127.0.0.1:9999if you just want use tls, remove all
location = /ss { ... }code block from your 80 listen.thanks alot. after reading that, it seems hving a webserver is a good idea for ‘camouflage’. will read more and try installing another version with nginx. i did try installing before from the reddit post, but somehow stuck at getting the certificate - authentication error…, so after many tries, i decide to try another method. hopefully this time it will work 😃
cheeers,
https://github.com/shadowsocks/v2ray-plugin/issues/222
This is not necessary
Your VPS.
I think you’re almost there. For the tcp port, it’s working properly. Since V2ray is taking over the http traffic, the port specified in ss-libev is actually served by v2ray, and then the decoded traffic is passed to ss-libev through a insignificant port number. Thus you see the port number changing between ss-libev service restarts. You can confirm the service is running by
netstat -ltp, and check if the port is actually in LISTEN state and served by corresponding v2ray plugin.Next you need to verify the nginx forwarding chain. Check access.log and error.log in /var/log/nginx to see if your request is received and processed. You client should specify the nginx port 80 instead of 8348.
In the end I suggest that you enable SSL. A domain name costs much less than your VPS. Use let’s encrypt to obtain valid certificates (I use acme.sh for managing certificates). In this way all your traffic is encrypted.
I have successfully run ss-libev on my VPS (CentOS 8 x64 ) without any plugins. Today I’d like to try the v2ray plugin but I came to similar problems.
ss config.json
nginx nginx.conf
The nginx service seems to be working well, since when trying to visit super******.mooo.com, it will be forwarded to www.bing.com.
Unfortunately when I tried to run ss with v2ray plugin shadowsocks-libev.ss-server -c config.json --plugin v2ray-plugin_linux_amd64
At the moment, in the config.json I have specified the listening port “8348”, but eveytime I run the line above, it displays “tcp server listening at 127.0.0.1:41415”, 45321,52344, etc. It keeps changing.
client android phone
By the way. super******.mooo.com is a subdomain name I registered linked to my VPS. it actually can not be visited here since DNS pollution. But it can be visited using ss.
Finally, it doesn’t work for my phone with v2ray plugin.
So could anyone tell me how I came to this problem?
Only TCP goes through the plugin. UDP bypasses the plugin (by shadowsocks design) and will try to connect to plain shadowsocks. If you run the server with -u and open up the UDP port it will work, but it will be just regular shadowsocks over UDP.
Nope https, I’m now working through https