求教使用的问题:TLS handshake error
tqing1128 opened this issue · comments
tqing1128 commented
服务器:
Ubuntu 18.04 LTS
使用 docker 启动:
sudo docker run -d --name gost \
-v ${CERT_DIR}:${CERT_DIR}:ro \
--net=host ginuerzh/gost \
-L "http2://${USER}:${PASS}@0.0.0.0:$443?cert=${CERT}&key=${KEY}&probe_resist=file:/var/www/html/index.html&knock=www.google.com"
docker logs -f gost
结果:
2023/08/09 03:39:30 route.go:695: http2://0.0.0.0:443 on [::]:443
netstat -nolp | grep 443
结果:
tcp6 0 0 :::443 :::* LISTEN 2840/gost off (0.00/0/0)
客户端:ios 小火箭
配置:
类型:HTTPS
地址:[域名]
端口:443
用户:USER
密码:PASS
在手机浏览器上打开 www.google.com
失败
在 macOS 上
ping [域名]
成功
telnet [域名] 443
成功,但输入指令后报 Connection closed by foreign host.
curl -v "https://www.google.com" --proxy "https://域名" --proxy-user 'USER:PASS'
结果:
* Trying [server ip]:443...
* Connected to (nil) ([server ip]) port 443 (#0)
* ALPN: offers http/1.1
* CAfile: /opt/local/share/curl/curl-ca-bundle.crt
* CApath: none
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: Connection reset by peer in connection to [域名]:443
* Closing connection 0
* TLSv1.0 (OUT), TLS header, Unknown (21):
* TLSv1.3 (OUT), TLS alert, decode error (562):
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to [域名]:443
使用 docker logs -f gost
查看日志:
2023/08/09 03:41:01 server.go:3217: http: TLS handshake error from [client ip]:35073: write tcp [server ip]:443->[client ip]:35073: write: connection reset by peer
2023/08/09 03:41:03 server.go:3217: http: TLS handshake error from [client ip]:35205: write tcp [server ip]:443->[client ip]:35205: write: connection reset by peer
2023/08/09 03:41:15 server.go:3217: http: TLS handshake error from [client ip]:35075: write tcp [server ip]:443->[client ip]:35075: write: connection reset by peer
2023/08/09 03:41:15 server.go:3217: http: TLS handshake error from [client ip]:35206: write tcp [server ip]:443->[client ip]:35206: write: connection reset by peer
2023/08/09 03:41:15 server.go:3217: http: TLS handshake error from [client ip]:35076: write tcp [server ip]:443->[client ip]:35076: write: connection reset by peer
2023/08/09 03:41:18 server.go:3217: http: TLS handshake error from [client ip]:35207: write tcp [server ip]:443->[client ip]:35207: write: connection reset by peer
2023/08/09 03:41:18 server.go:3217: http: TLS handshake error from [client ip]:35208: write tcp [server ip]:443->[client ip]:35208: write: connection reset by peer
2023/08/09 03:41:20 server.go:3217: http: TLS handshake error from [client ip]:35209: write tcp [server ip]:443->[client ip]:35209: write: connection reset by peer
2023/08/09 03:41:20 server.go:3217: http: TLS handshake error from [client ip]:35210: read tcp [server ip]:443->[client ip]:35210: read: connection reset by peer
2023/08/09 03:41:20 server.go:3217: http: TLS handshake error from [client ip]:35211: write tcp [server ip]:443->[client ip]:35211: write: connection reset by peer
2023/08/09 03:41:21 server.go:3217: http: TLS handshake error from [client ip]:35212: write tcp [server ip]:443->[client ip]:35212: write: connection reset by peer
2023/08/09 03:41:21 server.go:3217: http: TLS handshake error from [client ip]:35213: write tcp [server ip]:443->[client ip]:35213: write: connection reset by peer
2023/08/09 03:41:21 server.go:3217: http: TLS handshake error from [client ip]:35077: write tcp [server ip]:443->[client ip]:35077: write: connection reset by peer
2023/08/09 03:41:21 server.go:3217: http: TLS handshake error from [client ip]:35078: write tcp [server ip]:443->[client ip]:35078: write: connection reset by peer
tqing1128 commented
直接使用 ip 可以,域名证书是用 certbot
申请,机构是 Let's Encrypt