splithttp使用nginx代理时GET请求会出现超时 #3856
Description
完整性要求
- 我保证阅读了文档,了解所有我编写的配置文件项的含义,而不是大量堆砌看似有用的选项或默认值。
- 我提供了完整的配置文件和日志,而不是出于自己的判断只给出截取的部分。
- 我搜索了 issues, 没有发现已提出的类似问题。
- 问题在 Release 最新的版本上可以成功复现
描述
使用nginx代理的时候通过查看日志发现了存在两种情况的异常
1.同一个ID的数据先处理POST,后处理GET,处理GET时会出现超时,H2,H3都会出现
Details
[28/Sep/2024:21:26:40 +0800] "POST /spre/f7fd9cea-56a8-4472-a793-498a57efcb77/0?x_padding=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 HTTP/3.0" 200 0
[28/Sep/2024:21:27:40 +0800] "GET /spre/f7fd9cea-56a8-4472-a793-498a57efcb77?x_padding=0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 HTTP/3.0" 200 0 Details
2024/09/28 21:27:40 [error] 720#720: *2214 upstream timed out (110: Connection timed out) while reading upstream, client:, request: "GET /spre/f7fd9cea-56a8-4472-a793-498a57efcb77?x_padding=0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 HTTP/3.0", upstream: "http://127.0.0.1:1234/spre/f7fd9cea-56a8-4472-a793-498a57efcb77?x_padding=0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"重现方式
持续运行xray,观看油管视频,大概五六分钟
客户端配置
Details
{
"log": {
"access": "",
"error": "",
"loglevel": "warning"
},
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "",
"port": 443,
"users": [
{
"id": ""
}
]
}
]
},
"streamSettings": {
"network": "splithttp",
"security": "tls",
"tlsSettings": {
"allowInsecure": false,
"alpn": [
"h3"
],
"fingerprint": "chrome"
},
"splithttpSettings": {
"path": "spre",
"maxUploadSize": 1000000,
"maxConcurrentUploads": 10
}
},
"mux": {
"enabled": false,
"concurrency": -1
}
}
]
}服务端配置
nginx 配置 proxy_read_timeout 设置了30s,修改这个参数可以减少出现断流时的时间
Details
user nginx; worker_processes auto; quic_bpf on; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid;events {
worker_connections 1024;
}http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$request_uri"';
access_log /var/log/nginx/access.log main;map $http_upgrade $connection_upgrade { default upgrade; "" close; } map $remote_addr $proxy_forwarded_elem { ~^[0-9.]+$ "for=$remote_addr"; ~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\""; default "for=unknown"; } map $http_forwarded $proxy_add_forwarded { "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; default "$proxy_forwarded_elem"; } # server { # listen 80; # listen [::]:80; # return 301 https://$host$request_uri; # } server { listen 443 ssl default_server; listen [::]:443 ssl default_server; ssl_reject_handshake on; ssl_protocols TLSv1.2 TLSv1.3; ssl_session_timeout 1h; ssl_session_cache shared:SSL:10m; } server { listen 443 quic reuseport; listen 443 ssl reuseport; listen [::]:443 quic reuseport; listen [::]:443 ssl reuseport; http2 on; http3 on; quic_gso on; http3_stream_buffer_size 512k; server_name exampl.com; # 填由 Nginx 加载的 SSL 证书中包含的域名,建议将域名指向服务端的 IP ssl_certificate /etc/ssl/private/fullchain.cer; ssl_certificate_key /etc/ssl/private/private.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; resolver 1.1.1.1 valid=60s; resolver_timeout 2s; client_header_timeout 1h; keepalive_timeout 30m; client_header_buffer_size 8k; location /spre { proxy_pass http://127.0.0.1:1234; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 30s; proxy_redirect off; } }
}
xray服务器端配置
Details
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": "1234",
"protocol": "vless",
"settings": {
"clients": [
{
"id": ""
}
],
"decryption": "none"
},
"streamSettings": {
"network": "splithttp",
"splithttpSettings": {
"path": "/spre"
},
"sockopt": {
"tcpFastOpen": true,
"tcpMptcp": true,
"tcpNoDelay": true
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
]
}客户端日志
使用h3时会出现断流,h2未发现
Details
2024/09/28 22:20:59 [Warning] [1204054532] app/proxyman/inbound: connection ends > proxy/http: connection ends > proxy/http: failed to write response > write tcp 127.0.0.1:10809->127.0.0.1:55692: wsasend: An established connection was aborted by the software in your host machine.
2024/09/28 22:21:00 from 127.0.0.1:55695 accepted //signaler-pa.youtube.com:443 [http -> proxy]
2024/09/28 22:21:00 [Warning] [966074724] app/proxyman/inbound: connection ends > proxy/http: connection ends > proxy/http: failed to write response > write tcp 127.0.0.1:10809->127.0.0.1:55693: wsasend: An established connection was aborted by the software in your host machine.
服务端日志
服务器端没有异常日志