CODEWITHSUNDEEP
nginx-reverse-proxyv2ray
Sergey
Sergey

Reputation: 1

v2ray + nginx reverse proxy connection issues

I have a problem when connecting to my reverse proxy v2ray + nginx hosted on Linux Ubuntu 24.04 virtual machine.

v2ray configuration I use (/usr/local/etc/v2ray/config.json):

{
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "port": 10000,
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "My UUID",
                        "alterId": 0
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "wsSettings": {
                    "path": "/websocket"
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom",
            "settings": {}
        }
    ]
}

nginx configuration I use (/etc/nginx/sites-available/[subdomain].[domain].com):

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  ssl_certificate /etc/letsencrypt/live/[subdomain].[domain].com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/[subdomain].[domain].com/privkey.pem;
  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m;
  ssl_session_tickets off;

  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;

  server_name [subdomain].[domain].com;
  location /websocket/ {
    if ($http_upgrade != "websocket") {
        return 404;
    }
    proxy_redirect off;
    proxy_pass http://127.0.0.1:10000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    # Show real IP in v2ray access.log
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

Certificates where issued by letsencrypt.org.

In ufw I allow to 443/tcp from anywhere.

Configuration I use for v2rayNG client:

remarks: [subdomain].[domain].com
address: [subdomain].[domain].com
port: 443
id: My UUID used in v2ray configuration
security: auto
network: ws
ws host: [subdomain].[domain].com
ws path: /websocket
TLS: tls
SNI: [subdomain].[domain].com
Fingerprint: NULL
Alpn: http/1.1
allowInsecure: false

Could you please help me to find the reason I get the following error in v2rayNG client: "Fail to detect Internet connection: net/http: TLS handshake timeout"?

I also try to connect with Clash client using the following YAML-configuration file:

port: 7890
socks-port: 7891
allow-lan: true
mode: Rule
log-level: info

proxies:
  - name: "[subdomain].[domain].com"
    type: vmess
    server: [subdomain].[domain].com
    port: 443
    uuid: My UUID used in v2ray configuration
    alterId: 0
    cipher: auto
    udp: true
    tls: true
    skip-cert-verify: false
    servername: [subdomain].[domain].com
    network: ws
    ws-opts:
      path: /websocket
      headers:
        Host: [subdomain].[domain].com
      max-early-data: 2048
      early-data-header-name: Sec-WebSocket-Protocol

proxy-groups:
  - name: "my_proxy"
    type: select
    proxies:
      - [subdomain].[domain].com
      - DIRECT

rules:
  - MATCH,my_proxy

dns:
  enable: true
  listen: 0.0.0.0:53
  nameserver:
    - 1.1.1.1
    - 8.8.8.8

Now I successfully ping web domains (i.e. ping google.com), but when using browser I receive "ERR_CONNECTION_RESET" error, applications do not connect either.

Upvotes: 0

Views: 27

Answers (0)

Related Questions