VirMach的1.25小鸡，ws+tls一直502报错。。。

mega

WS+TLS+Web(还没开CDN)
已经查过了SELinux确实是关闭的。。系统是CentOS7，难道是VirMach本身的问题？

failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://www.*********.***/*****************): 502 Bad Gateway > websocket: bad handshake] > v2ray.com/core/common/retry: all retry attempts failed

两个配置文件

----------------------------------------------------------------------V
{
"inbound": {
    "protocol": "vmess",
    "listen": "127.0.0.1",
"port": ****,
"settings": {"clients": [
        {"id": "******-3cec-4a35-929a-*********"}
    ]},
"network": "ws",
"streamSettings": {
"wsSettings": {"path": "/********"}
    }
},

"outbound": {"protocol": "freedom"}
}

--------------------------------------------------------------------N
server {
    ### 1:
    server_name www.******.***;

    listen 80;
    rewrite ^(.*) https://$server_name$1 permanent;
    if ($request_method  !~ ^(POST|GET)$) { return  501; }
    autoindex off;
    server_tokens off;
}

server {
    ### 2:
    ssl_certificate /etc/letsencrypt/live/www.******.***/fullchain.pem;

    ### 3:
    ssl_certificate_key /etc/letsencrypt/live/www.******.***/privkey.pem;

    ### 4:
    location /************
    {
        proxy_pass http://***.0.0.1:****;
        proxy_redirect off;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_requests 25600;
        keepalive_timeout 300 300;
        proxy_buffering off;
        proxy_buffer_size 8k;
    }

    listen 443 ssl http2;
    server_name $server_name;
    charset utf-8;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK;
    ssl_prefer_server_ciphers on;

    ssl_session_cache shared:SSL:60m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;

    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 10s;

    # Security settings
    if ($request_method  !~ ^(POST|GET)$) { return 501; }
    add_header X-Frame-Options DENY;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options nosniff;
    add_header Strict-Transport-Security max-age=31536000 always;
    autoindex off;
    server_tokens off;

    index index.html index.htm index.php;
    root /usr/share/nginx/html;
    location ~ .*\.(js|jpg|JPG|jpeg|JPEG|css|bmp|gif|GIF|png)$ { access_log off; }
}

lovecan

关了mux 试试？

mega

lovecan 发表于 2020-3-23 00:02
关了mux 试试？

咋，，，，咋关？

另外我看了nginx的error log，一直是这个：
failed (111: Connection refused) while connecting to upstream, client: xxxx.xxxx.xxx.

k2775739

wss 是post|get?

JOSH

时间和证书检查下。