Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

关于面板拒绝访问的问题,不会上传图片 #237

Open
5 tasks done
facebook20146 opened this issue Jan 15, 2025 · 13 comments
Open
5 tasks done

关于面板拒绝访问的问题,不会上传图片 #237

facebook20146 opened this issue Jan 15, 2025 · 13 comments

Comments

@facebook20146
Copy link

Welcome

  • Yes, I'm using the latest major release. Only such installations are supported.
  • Yes, I'm using the supported system. Only such systems are supported.
  • Yes, I have read all WIKI document,nothing can help me in my problem.
  • Yes, I've searched similar issues on GitHub and didn't find any.
  • Yes, I've included all information below (version, config, log, etc).

Description of the problem,screencshot would be good

访问面板提示链接被拒绝 net : err connection reset
我测试了IP和域名,均能ping通
我测试了联通和电信网络均不行
挂上代理就可以了,不知道哪里问题

Version of xray-ui

一个是24.11.15
一个是24.10.11

xray-ui log reports or xray log

不会弄
@qist
Copy link
Owner

qist commented Jan 15, 2025

建议套cf 上 这个一般是被ban 了你的ip 端口ban 了

@facebook20146
Copy link
Author

建议套cf 上 这个一般是被ban 了你的ip 端口ban 了

大佬,IP和域名能够ping通,节点能正常使用,不知道啥问题
套cf咋弄,我这是从别的途径弄得域名,这个域名服务商能够自带解析,是需要转到cf吗

@qist
Copy link
Owner

qist commented Jan 15, 2025

那就没法用cloudflare 解析了。 cloudflare dns 解析网上很多这样的资料,建议把这个走代理把。

@qist
Copy link
Owner

qist commented Jan 15, 2025

你是nginx 转发出去还是直接访问。你可以配置ng转发到443 应该好点或者改个端口看看能不能正常访问。

@facebook20146
Copy link
Author

你是nginx 转发出去还是直接访问。你可以配置ng转发到443 应该好点或者改个端口看看能不能正常访问。

直接访问,我搜了下教程,配置的话这样对不对,弄完了的话,如何保存退出
stream {
upstream backend {
server localhost:443;
}
server {
listen 2580 udp;
proxy_pass backend;
}
}

@qist
Copy link
Owner

qist commented Jan 15, 2025

你这样配置不能访问把 你有没看首页md 的nginx 转发配置。参照那个配置就是了。

@facebook20146
Copy link
Author

你这样配置不能访问把 你有没看首页md 的nginx 转发配置。参照那个配置就是了。

我是从网上找的,真的不会,哭了

@qist
Copy link
Owner

qist commented Jan 15, 2025
edited
Loading

你配置证书的把 xray-ui 端口是多少。还是没配置证书。没有远程是访问不了的。

@qist
Copy link
Owner

qist commented Jan 15, 2025 

upstream xray-ui {
        least_conn;
        server 127.0.0.1:54321 max_fails=3 fail_timeout=30s;
        keepalive 1000;
}
server {
    listen 443;
    server_name xray.test.com;
    client_max_body_size 0;
    chunked_transfer_encoding on;
    client_body_buffer_size 202400k;
    client_body_in_single_buffer on;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Frame-Options SAMEORIGIN always;
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "DENY";
    add_header Alt-Svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
    ssl_certificate /apps/nginx/sslkey/test.com/fullchain.crt;
    ssl_certificate_key /apps/nginx/sslkey/test.com/private.key;
    ssl_buffer_size 4k;
    ssl_protocols TLSv1.3 TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
    ssl_prefer_server_ciphers on;
    ssl_ecdh_curve X25519:P-256:P-384;
    client_header_timeout 24h;
    keepalive_timeout 24h;
    location / {
        proxy_redirect     off;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP   $remote_addr;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_ssl_session_reuse off;
        proxy_ssl_server_name on;
        proxy_buffering    off;
        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_buffer_size          4k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_http_version 1.1;
        proxy_set_header Accept-Encoding "";
        proxy_pass http://xray-ui;
        #proxy_pass_request_headers on;
        proxy_set_header Connection "keep-alive";
        proxy_store off;
    }
 }

 后端https转发配置参考:

 upstream xray-ui {
        least_conn;
        server 127.0.0.1:54321 max_fails=3 fail_timeout=30s;
        keepalive 1000;
}
server {
    listen 443;
    server_name xray.test.com;
    client_max_body_size 0;
    chunked_transfer_encoding on;
    client_body_buffer_size 202400k;
    client_body_in_single_buffer on;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Frame-Options SAMEORIGIN always;
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "DENY";
    add_header Alt-Svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
    ssl_certificate /apps/nginx/sslkey/test.com/fullchain.crt;
    ssl_certificate_key /apps/nginx/sslkey/test.com/private.key;
    ssl_buffer_size 4k;
    ssl_protocols TLSv1.3 TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
    ssl_prefer_server_ciphers on;
    ssl_ecdh_curve X25519:P-256:P-384;
    client_header_timeout 24h;
    keepalive_timeout 24h;
    location / {
        proxy_redirect     off;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP   $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_ssl_session_reuse off;
        proxy_ssl_server_name on;
        proxy_buffering    off;
        proxy_ssl_name xray.test.com; #证书域名
        # 关闭对后端服务器自签名证书的验证
        proxy_ssl_verify off;
        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_buffer_size          4k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_http_version 1.1;
        proxy_set_header Accept-Encoding "";
        proxy_pass https://xray-ui;
        #proxy_pass_request_headers on;
        proxy_set_header Connection "keep-alive";
        proxy_store off;
    }
 }

后端mTLS 转发配置参考:
 upstream xray-ui {
        least_conn;
        server 127.0.0.1:54321 max_fails=3 fail_timeout=30s;
        keepalive 1000;
}
server {
    listen 443;
    server_name xray.test.com;
    client_max_body_size 0;
    chunked_transfer_encoding on;
    client_body_buffer_size 202400k;
    client_body_in_single_buffer on;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Frame-Options SAMEORIGIN always;
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "DENY";
    add_header Alt-Svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
    ssl_certificate /apps/nginx/sslkey/test.com/fullchain.crt;
    ssl_certificate_key /apps/nginx/sslkey/test.com/private.key;
    ssl_buffer_size 4k;
    ssl_protocols TLSv1.3 TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
    ssl_prefer_server_ciphers on;
    ssl_ecdh_curve X25519:P-256:P-384;
    client_header_timeout 24h;
    keepalive_timeout 24h;
    # 添加客户端证书和私钥路径
    ssl_client_certificate /apps/nginx/sslkey/test.com/fullchain.crt;
    ssl_certificate_key /apps/nginx/sslkey/test.com/private.key;

    # 如果需要指定 CA 证书
    # ssl_trusted_certificate /apps/nginx/sslkey/test.com/ca.crt;

    # 强制 SSL/TLS
    proxy_ssl_certificate /apps/nginx/sslkey/test.com/fullchain.crt;
    proxy_ssl_certificate_key /apps/nginx/sslkey/test.com/private.key;
    proxy_ssl_trusted_certificate /apps/nginx/sslkey/test.com/ca.crt;

    # 确保启用 TLS 验证
    proxy_ssl_verify on;
    proxy_ssl_verify_depth 2; # 可根据需要调整
    location / {
        proxy_redirect     off;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP   $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_ssl_session_reuse off;
        proxy_ssl_server_name on;
        proxy_buffering    off;
        proxy_ssl_name xray.test.com; #证书域名
        # 关闭对后端服务器自签名证书的验证
        proxy_ssl_verify off;
        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_buffer_size          4k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_http_version 1.1;
        proxy_set_header Accept-Encoding "";
        proxy_pass https://xray-ui;
        #proxy_pass_request_headers on;
        proxy_set_header Connection "keep-alive";
        proxy_store off;
    }
 }
 # vpn代理nginx 配置参考
https://github.com/qist/xray/tree/main/xray/nginx

自己参考

@facebook20146
Copy link
Author

你配置证书的把 xray-ui 端口是多少。还是没配置证书。没有远程是访问不了的。

我配置了证书(就是三个月一续的那种),有域名,端口2580,我看了下,这一堆,好复杂,而且我都不会编辑,我的水平就会一件命令

@qist
Copy link
Owner

qist commented Jan 15, 2025

2580 端口修改一下把重启一下吧

   /usr/local/xray-ui/xray-ui setting -port  64321 # 改成你觉得可以的端口
重启

xray-ui  restart 
然后用新端口访问。

@facebook20146
Copy link
Author

你配置证书的把 xray-ui 端口是多少。还是没配置证书。没有远程是访问不了的。

我配置了证书(就是三个月一续的那种),有域名,端口2580,我看了下,这一堆,好复杂,而且我都不会编辑,我的水平就会一件命令

2580 端口修改一下把重启一下吧

   /usr/local/xray-ui/xray-ui setting -port  64321 # 改成你觉得可以的端口
重启

xray-ui  restart 
然后用新端口访问。

我试试,大佬

@facebook20146
Copy link
Author

2580 端口修改一下把重启一下吧

   /usr/local/xray-ui/xray-ui setting -port  64321 # 改成你觉得可以的端口
重启

xray-ui  restart 
然后用新端口访问。

改完还是得用代理才行,不知道为啥,能ping通IP和域名,端口测试,有的网站提示不行,有网站提示可以,不知道咋回事,目前代理端口可以正常使用,能上google等网站

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qist @facebook20146