8000 使用reality+xhttp上下行分离出现nginx的upstream sent too large http2 frame错误 · Issue #4716 · XTLS/Xray-core · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

使用reality+xhttp上下行分离出现nginx的upstream sent too large http2 frame错误 #4716

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8000
Jump to bottom
Closed
4 tasks done
phoenixxie0 opened this issue May 10, 2025 · 2 comments
Closed
4 tasks done

使用reality+xhttp上下行分离出现nginx的upstream sent too large http2 frame错误 #4716

phoenixxie0 opened this issue May 10, 2025 · 2 comments

Comments

@phoenixxie0
Copy link

完整性要求

  • 我保证阅读了文档,了解所有我编写的配置文件项的含义,而不是大量堆砌看似有用的选项或默认值。
  • 我提供了完整的配置文件和日志,而不是出于自己的判断只给出截取的部分。
  • 我搜索了 issues, 没有发现已提出的类似问题。
  • 问题在 Release 最新的版本上可以成功复现

描述

使用reality+xhttp上下行分离出现nginx的upstream sent too large http2 frame错误

重现方式

上行正常,下行错误

客户端配置


"outbounds": [
        {
            "protocol": "vless", 
            "settings": {
                "vnext": [
                    {
                        "address": "upupup.com", 
                        "port": PORT1, 
                        "users": [
                            {
                                "id": "UUID",
                                "encryption": "none"
                            }
                        ]
                    }
                ]
            }, 
            "streamSettings": {
                "network": "xhttp",
				"security": "reality",
                "realitySettings": {
                    "show": false,
                    "fingerprint": "firefox",
                    "serverName": "lupupup.com",
                    "publicKey": "XX", 
                    "shortId": "XX", 
                    "spiderX": "" 
                },
				"xhttpSettings": {
                    "host": "upupup.com",
                    "path": "/xhttp_upload", 
                    "mode": "auto",
                    "extra": {
                        "downloadSettings": {
                            "address": "downdowndown.com",
                            "port": PORT2,
                            "network": "xhttp",
                            "xhttpSettings": {
                                "host": "downdowndown.com",
                                "path": "/xhttp_upload",
                                "mode": "auto"
                            },
                            "security": "tls",
                            "tlsSettings": {
                                "alpn": "h2",
                                "serverName": "downdowndown.com"
                            }
                        }
					}
                },
                "sockopt": {
                    "acceptProxyProtocol": false
                }
            },
            "tag": "US-GIA"
        }
    ]

服务端配置


"inbounds": [
        {
            "listen": "0.0.0.0",
            "port": PORT1,
            "protocol": "vless", 
            "settings": {
                "clients": [
                    {
                        "id": "XXX",
                        "flow": "xtls-rprx-vision"
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": "127.0.0.1:33466",
                        "xver": 1
                    }
                ]
            }, 
            "streamSettings": {
                "network": "raw",
                "security": "reality",
                "realitySettings": {
                    "show": false, 
                    "target": "XXX", 
                    "xver": 2, 
                    "serverNames": [
                        "UPUPUP.COM"
                    ],
                    "privateKey": "XXX",
                    "shortIds": [ 
                        "XXX"
                    ]
                },
                "sniffing": {
                    "enabled": true,
                    "destOverride": [
                         "http",
                         "tls",
                         "quic"
                     ]
                }
            }
        },
        {
            "listen": "127.0.0.1",
            "port": 33466,
            "protocol": "vless", 
            "settings": {
                "clients": [
                    {
                        "id": "uuid"
                    }
                ],
                "decryption": "none"
            }, 
            "streamSettings": {
                "network": "xhttp",
                "xhttpSettings": {
                    "host": "",
                    "path": "/xhttp_upload",
                    "mode": "auto"
                },
                "sockopt": {
                    "acceptProxyProtocol": true //开启 PROXY protocol 接收,接收 VLESS+Vision+REALITY 回落前真实来源 IP 和端口。
                }
            }
        }
    ]

客户端日志


2025/05/10 21:21:35.770002 from tcp:127.0.0.1:57119 accepted tcp:x.com:443 [US-GIA]
2025/05/10 21:21:37.487557 from tcp:127.0.0.1:57122 accepted tcp:x.com:443 [US-GIA]
2025/05/10 21:21:39.682233 from tcp:127.0.0.1:57123 accepted tcp:x.com:443 [US-GIA]
2025/05/10 21:21:40.853069 from tcp:127.0.0.1:57124 accepted tcp:x.com:443 [US-GIA]
2025/05/10 21:21:47.045315 from tcp:127.0.0.1:57126 accepted tcp:x.com:443 [US-GIA]
2025/05/10 21:21:48.215974 from tcp:127.0.0.1:57127 accepted tcp:x.com:443 [US-GIA]
2025/05/10 21:22:19.422612 from tcp:127.0.0.1:57139 accepted tcp:x.com:443 [US-GIA]
2025/05/10 21:22:20.593960 from tcp:127.0.0.1:57140 accepted tcp:x.com:443 [US-GIA]
2025/05/10 21:23:21.783190 from tcp:127.0.0.1:57158 accepted tcp:x.com:443 [US-GIA]
2025/05/10 21:23:23.331600 from tcp:127.0.0.1:57160 accepted tcp:x.com:443 [US-GIA]
2025/05/10 21:28:24.529824 from tcp:127.0.0.1:57217 accepted tcp:x.com:443 [US-GIA]
2025/05/10 21:28:26.044997 from tcp:127.0.0.1:57219 accepted tcp:x.com:443 [US-GIA]

服务端日志


Xray 25.4.30 (Xray, Penetrates Everything.) 87ab8e5 (go1.24.2 linux/amd64)
A unified platform for anti-censorship.
2025/05/10 09:29:55.326223 [Info] infra/conf/serial: Reading config: &{Name:/opt/share/xray/config1.json Format:json}
2025/05/10 09:29:55.707088 [Debug] app/log: Logger started
2025/05/10 09:29:55.762626 [Info] app/dns: DNS: created UDP client initialized for 8.8.4.4:53
2025/05/10 09:29:55.955913 [Info] app/dns: DNS: created Local DNS-over-QUIC client for quic+local://dns.adguard.com
2025/05/10 09:29:55.956057 [Info] app/dns: DNS: created DOHL client for https://dns.google/dns-query, with h2c false
2025/05/10 09:29:55.956081 [Info] app/dns: DNS: created DOHL client for https://1.0.0.1/dns-query, with h2c false
2025/05/10 09:29:55.956107 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:33077
2025/05/10 09:29:55.956123 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:33066
2025/05/10 09:29:55.956139 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:33055
2025/05/10 09:29:55.956181 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:33466
2025/05/10 09:29:55.956867 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:33077
2025/05/10 09:29:55.957266 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:33066
2025/05/10 09:29:55.987616 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:33055
2025/05/10 09:29:55.988686 [Info] transport/internet/splithttp: listening TCP for XHTTP on 127.0.0.1:33466
2025/05/10 09:29:55.988723 [Warning] core: Xray 25.4.30 started
2025/05/10 09:29:58.749864 [Info] [1652146480] proxy/vless/inbound: firstLen = 70
2025/05/10 09:29:58.749966 [Info] [1652146480] proxy/vless/inbound: fallback starts > proxy/vless/encoding: invalid request version
2025/05/10 09:29:58.749994 [Info] [1652146480] proxy/vless/inbound: realName = UPUPUP.COM
2025/05/10 09:29:58.750011 [Info] [1652146480] proxy/vless/inbound: realAlpn =
@phoenixxie0
Copy link
Author

nginx的配置如下:
server {
listen 33044 ssl;
server_name downdowndown.com,;
http2 on;

include /opt/etc/nginx/sites-modules/realip.ini;
real_ip_header CF-Connecting-IP;
include /opt/etc/nginx/sites-modules/ssl.ini;

access_log /opt/share/xray/access2.log;
error_log /opt/share/xray/error2.log;
    
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
    return    404;
}
location ~* ^.+\.(ico|jpg|css|js)$ {
    expires      24d;
}

if ($badagent) {
    return 403;
}
location / {
    root /opt/website/local;
    index index.html;
}
location /xhttp_upload {
    client_max_body_size 0;
    grpc_buffer_size         128m;
    grpc_socket_keepalive    on;
    grpc_read_timeout        1h;
    grpc_send_timeout        1h;
    grpc_set_header Connection         "";
    grpc_set_header X-Real-IP          $remote_addr;
    #grpc_set_header Forwarded          $proxy_add_forwarded;
    grpc_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    grpc_set_header X-Forwarded-Proto  $scheme;
    grpc_set_header X-Forwarded-Port   $server_port;
    grpc_set_header Host               $host;
    grpc_set_header X-Forwarded-Host   $host;
    #grpc_pass unix:/dev/shm/xray/xhttp_upload.socket;
    grpc_pass grpc://127.0.0.1:33466;
    }
location /generate_204 { return 204; }

}

@Fangliding
Copy link
Member
Fangliding commented May 10, 2025
edited
Loading

dup #4436

@Fangliding Fangliding closed this as not planned Won't fix, can't repro, duplicate, stale May 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phoenixxie0 @Fangliding
0