[discussion] 近期大范围的服务器封锁及对策 #1237

showgood163 · 2022-10-04T17:30:48Z

大规模封锁现象指：
自北京时间2022年10月3日起，超过一百名用户报告他们至少有一台基于TLS的翻墙服务器被封锁了。被封锁的服务器使用的协议包括了trojan，Xray，V2Ray TLS+Websocket，VLESS，以及gRPC。我们还未收到任何naiveproxy被封锁的消息。

当前“结论”：
基于以上信息，我们推测（但还未进行实证性的测量），这些封锁可能与翻墙软件客户端发出的Clienthello指纹相关。开发者们或许可以考虑采用uTLS。这个论文阅读小组，这篇总结，以及这篇博文都是关于TLS指纹的，也许会有帮助。

请问xray这边是否需要做针对性的调整？

HSK077 · 2022-10-04T18:20:47Z

只封了443端口，使用移动宽带，暂时改用8443正常
安装方法：Xray手动安装教程
被封前夕有大流量跑4k，测速

chika0801 · 2022-10-04T22:37:28Z

信息源是： net4people/bbs#129

大规模封锁现象指：自北京时间2022年10月3日起，超过一百名用户报告他们至少有一台基于TLS的翻墙服务器被封锁了。被封锁的服务器使用的协议包括了trojan，Xray，V2Ray TLS+Websocket，VLESS，以及gRPC。我们还未收到任何naiveproxy被封锁的消息。

当前“结论”：基于以上信息，我们推测（但还未进行实证性的测量），这些封锁可能与翻墙软件客户端发出的Clienthello指纹相关。开发者们或许可以考虑采用uTLS。这个[https://github.com/net4people/bbs/issues/54，这篇总结，以及这篇博文都是关于TLS指纹的，也许会有帮助。](net4people/bbs#54)

请问xray这边是否需要做针对性的调整？

换udp类的2个 hy或tuic

yang05051 · 2022-10-04T22:52:18Z

只封了443端口，使用移动宽带，暂时改用8443正常
安装方法：Xray手动安装教程
被封前夕有大流量跑4k，测速

现在也会封8443端口了

HSK077 · 2022-10-04T23:47:13Z

只封了443端口，使用移动宽带，暂时改用8443正常
安装方法：Xray手动安装教程
被封前夕有大流量跑4k，测速

现在也会封8443端口了

我又换成50000了
我要试下楼上建议的tuic协议

danhacker725 · 2022-10-05T01:08:14Z

你的预判已经被预判到了
xray在21年就已经支持utls
v1.4.2版本
https://github.com/XTLS/Xray-core/releases?q=utls&expanded=true

javeil · 2022-10-05T01:14:17Z

3台主机全部封锁443端口 A主机Vless+xtls B主机trojan+xtls C主机trojan+ xtls, AB主机为一个供应商，C为另外一个，所有主机22端口可直接登录，443端口503，C主机直接更换为VMESS随机端口可正常使用，AB更改为VMESS不行，B主机更换IP后trojan或vless依然不行，改为vmess随机端口正常

SkywalkerDarren · 2022-10-05T02:17:16Z

非443端口被封2个，一个是vless+xtls，一个是vless+ws，换端口后修复。

SheepChef · 2022-10-05T03:08:18Z

被封后，把vmess+tls+ws的域名打开了CloudFlare CDN的代理。原端口恢复正常访问。

javeil · 2022-10-05T06:09:38Z

3台主机全部封锁443端口 A主机Vless+xtls B主机trojan+xtls C主机trojan+ xtls, AB主机为一个供应商，C为另外一个，所有主机22端口可直接登录，443端口503，C主机直接更换为VMESS随机端口可正常使用，AB更改为VMESS不行，B主机更换IP后trojan或vless依然不行，改为vmess随机端口正常

经过实验重新配置为vless+tls+ws 域名开启cloudflare CDN，tls完全加密，443可访问，问题修复

SheepChef · 2022-10-05T08:37:47Z

3台主机全部封锁443端口 A主机Vless+xtls B主机trojan+xtls C主机trojan+ xtls, AB主机为一个供应商，C为另外一个，所有主机22端口可直接登录，443端口503，C主机直接更换为VMESS随机端口可正常使用，AB更改为VMESS不行，B主机更换IP后trojan或vless依然不行，改为vmess随机端口正常

经过实验重新配置为vless+tls+ws 域名开启cloudflare CDN，tls完全加密，443可访问，问题修复

GFW 针对Cloudflare 并不敢大规模应用封锁。许多合法的政府官方网站也运行在上面，而且Cloudflare的服务器遍布世界各地，IP段太多容易误封，因此只敢针对SNI进行过滤。此种方法确实对V2ray可行。

taanng · 2022-10-05T08:46:29Z

10.3 被ban 443

yiceho · 2022-10-05T09:16:56Z

腾讯和AWS的，hysteria UDP高位端口都被封了。

yiceho · 2022-10-05T09:18:59Z

腾讯和AWS的，歇斯底里高位端口都被封了。

aws你开hy跑得动？我在东京试过不行

可以啊，新加坡能跑满

frank-pian · 2022-10-05T11:03:22Z

套CDN肯定没问题，但是降速也是明显的，本来CN2的线路套了CDN，不知道绕到哪去了

SheepChef · 2022-10-05T12:05:08Z

3台主机全部封锁443端口 A主机Vless+xtls B主机trojan+xtls C主机trojan+ xtls, AB主机为一个供应商，C为另外一个，所有主机22端口可直接登录，443端口503，C主机直接更换为VMESS随机端口可正常使用，AB更改为VMESS不行，B主机更换IP后trojan或vless依然不行，改为vmess随机端口正常

经过实验重新配置为vless+tls+ws 域名开启cloudflare CDN，tls完全加密，443可访问，问题修复

提醒一下，使用CF代理非HTML内容违反了其TOS（用户服务协议），在账户层面上有违规封号的风险。

javeil · 2022-10-05T13:17:10Z

3台主机全部封锁443端口 A主机Vless+xtls B主机trojan+xtls C主机trojan+ xtls, AB主机为一个供应商，C为另外一个，所有主机22端口可直接登录，443端口503，C主机直接更换为VMESS随机端口可正常使用，AB更改为VMESS不行，B主机更换IP后trojan或vless依然不行，改为vmess随机端口正常

经过实验重新配置为vless+tls+ws 域名开启cloudflare CDN，tls完全加密，443可访问，问题修复

提醒一下，使用CF代理非HTML内容违反了其TOS（用户服务协议），在账户层面上有违规封号的风险。

也是无奈之举，cn2 gia的线路被迫走cdn😂

cross-hello · 2022-10-05T14:00:00Z

Tls over Tls could be detected.
net4people/bbs#129 (comment)

lizkes · 2022-10-06T10:01:41Z

赞成使用uTls，这两天已经被封两次了

azzvx · 2022-10-06T13:57:13Z

难怪这几天Xray速度暴增。我这里Xray+WS+TLS(Nginx)+Nginx网站镜像+IPv6，一直很稳。

arminaghebati · 2022-10-06T13:58:36Z

در تاریخ پنجشنبه 6 اکتبر 2022،‏ 17:27 Chou Linxi ***@***.***> نوشت:

…

难怪这几天Xray速度暴增。我这里Xray+WS+TLS(Nginx)+Nginx网站镜像+IPv6，一直很稳。 — Reply to this email directly, view it on GitHub <#1237 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A3OJEPZZWBWZJYGLFFCGJXTWB3LFHANCNFSM6AAAAAAQ4ZHZCE> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

zbluekuma · 2022-10-07T05:55:06Z

请问xray如何配置uTLs，客户端和服务器端的xray版本都是1.6.0
目前使用的协议是：vless+ws+tls
在客户端的xray配置文件中，我找到了tlssetting，然后增加了如下一句，不知对否：
"tlsSettings": { "fingerprint": "chrome" }
另外给各位提供一下uTLs的其他配置选项
"" // 不伪造，默认值
"chrome"
"firefox"
"safari"
"randomized" // 随机生成的，不是三选一

chika0801 · 2022-10-07T06:13:44Z

请问xray如何配置uTLs，客户端和服务器端的xray版本都是1.6.0 目前使用的协议是：vless+ws+tls 在客户端的xray配置文件中，我找到了tlssetting，然后增加了如下一句，不知对否： "tlsSettings": { "fingerprint": "chrome" } 另外给各位提供一下uTLs的其他配置选项 "" // 不伪造，默认值 "chrome" "firefox" "safari" "randomized" // 随机生成的，不是三选一

配了,可能没用的

你实在要试,开xray前置 vless tcp tls方式，客户端加参数，比如在v2rayn ng里用，只能用自定义配置的方式

crmmc · 2022-10-07T08:21:49Z

2022.10.05， 2022.10.07 vless+xtls回落vmess回落trojan端口456被封，更换 vless+tls回落 2345端口被封，vmess http伪装正常，naiveproxy正常
要是xray默认配置tls指纹伪装可能会好很多，两次被封都是因为使用v2rayng长时间看ytb逛twitter，逛着逛着就被封了，v2rayng不能在图形化界面选择客户端tls指纹模拟，只能导入自定义配置

AxIauk · 2022-10-07T13:54:59Z

服务器：vless+xtls ，
客户端：android，win电脑，linux电脑用透明代理，
习惯：google主页，手机套件及相关服务，油管。
2022.10.03封443，2022.10.06改端口再被封。2022.10.07 使用xray改成shadowsocks，2022-blake3-aes128-gcm测试中，linux电脑上因不会修改透明代理配置暂未启用。

HSK077 · 2022-10-07T19:52:22Z

套CDN肯定没问题，但是降速也是明显的，本来CN2的线路套了CDN，不知道绕到哪去了

不点亮小云朵使用自选/优选ip也是可以的，效果等同套CDN

frank-pian · 2022-10-08T05:32:42Z

套CDN肯定没问题，但是降速也是明显的，本来CN2的线路套了CDN，不知道绕到哪去了

不点亮小云朵使用自选/优选ip也是可以的，效果等同套CDN

请问使用CF优选IP速度怎么样？能达到CN2 GIA速度百分之多少？我用的搬瓦匠CN2东京机房，正考虑用CDN保护一下

Frank997 · 2022-10-08T10:37:15Z

2022.10.08 切换到 vless+ws+cloudflare cdn，上网一小时，被封了俩端口

cross-hello · 2022-11-09T09:34:15Z

Could you show your server and client configuration, including firewalls settings?

…

---------------------------------------- *From: *Donotinvert ***@***.***> *To: *XTLS/Xray-core ***@***.***> *CC: *Nanyu ***@***.***>; Comment ***@***.***> *Date: *Nov 9, 2022 09:31:59 *Subject: *Re: [XTLS/Xray-core] [discussion] 近期大范围的服务器封锁及对策 (Issue #1237)

xray vmess+tls+ws 大流量被封端口 2022-10-20 到 2022-11-9 断断续续3次封端口,换端口解决,但是估计很快又会被封. — Reply to this email directly, view it on GitHub[#1237 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYCY3L6CTKR3ZABFEQ3WHNVQ5ANCNFSM6AAAAAAQ4ZHZCE]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYC7PBQWX2ECXIAHS7TWHNVQ5A5CNFSM6AAAAAAQ4ZHZCGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSN7WQKE.gif]Message ID: ***@***.***>

Donotinvert · 2022-11-09T10:03:24Z

Could you show your server and client configuration, including firewalls settings?
…
---------------------------------------- From: Donotinvert @.> To: XTLS/Xray-core @.> CC: Nanyu @.>; Comment @.**> *Date: Nov 9, 2022 09:31:59 Subject: Re: [XTLS/Xray-core] [discussion] 近期大范围的服务器封锁及对策 (Issue #1237)
xray vmess+tls+ws 大流量被封端口 2022-10-20 到 2022-11-9 断断续续3次封端口,换端口解决,但是估计很快又会被封. — Reply to this email directly, view it on GitHub[#1237 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYCY3L6CTKR3ZABFEQ3WHNVQ5ANCNFSM6AAAAAAQ4ZHZCE]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYC7PBQWX2ECXIAHS7TWHNVQ5A5CNFSM6AAAAAAQ4ZHZCGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSN7WQKE.gif]Message ID: @.>

My firewall has opened several ports, including 443 80 and several ports in use. And I'm using this example as my configuration:
https://github.com/XTLS/Xray-examples/blob/main/VMess-Websocket-TLS

littlemingone · 2022-11-09T10:06:33Z

试一下pre release里的vision流控？

…

---原始邮件--- 发件人: ***@***.***> 发送时间: 2022年11月9日(周三) 晚上6:03 收件人: ***@***.***>; 抄送: ***@***.******@***.***>; 主题: Re: [XTLS/Xray-core] [discussion] 近期大范围的服务器封锁及对策 (Issue #1237) Could you show your server and client configuration, including firewalls settings? … ---------------------------------------- From: Donotinvert @.> To: XTLS/Xray-core @.> CC: Nanyu @.>; Comment @.**> *Date: Nov 9, 2022 09:31:59 Subject: Re: [XTLS/Xray-core] [discussion] 近期大范围的服务器封锁及对策 (Issue #1237) xray vmess+tls+ws 大流量被封端口 2022-10-20 到 2022-11-9 断断续续3次封端口,换端口解决,但是估计很快又会被封. — Reply to this email directly, view it on GitHub[#1237 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYCY3L6CTKR3ZABFEQ3WHNVQ5ANCNFSM6AAAAAAQ4ZHZCE]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYC7PBQWX2ECXIAHS7TWHNVQ5A5CNFSM6AAAAAAQ4ZHZCGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSN7WQKE.gif]Message ID: @.> My firewall has opened several ports, including 443 80 and several ports in use. And I'm using this example as my configuration: https://github.com/XTLS/Xray-examples/blob/main/VMess-Websocket-TLS — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: ***@***.***>

cross-hello · 2022-11-09T10:41:07Z

No, all servers we are using survive. So we would like to see if there are some flaws in others configuration. (and תודה לאל for the good luckiness)

…

---------------------------------------- *From: *LittleMing ***@***.***> *To: *XTLS/Xray-core ***@***.***> *CC: *Nanyu ***@***.***>; Comment ***@***.***> *Date: *Nov 9, 2022 10:06:47 *Subject: *Re: [XTLS/Xray-core] [discussion] 近期大范围的服务器封锁及对策 (Issue #1237)

试一下pre release里的vision流控？ ---原始邮件--- 发件人: ***@***.***> 发送时间: 2022年11月9日(周三) 晚上6:03 收件人: ***@***.***>; 抄送: ***@***.******@***.***>; 主题: Re: [XTLS/Xray-core] [discussion] 近期大范围的服务器封锁及对策 (Issue #1237) Could you show your server and client configuration, including firewalls settings? … ---------------------------------------- From: Donotinvert @.> To: XTLS/Xray-core @.> CC: Nanyu @.>; Comment @.**> *Date: Nov 9, 2022 09:31:59 Subject: Re: [XTLS/Xray-core] [discussion] 近期大范围的服务器封锁及对策 (Issue #1237) xray vmess+tls+ws 大流量被封端口 2022-10-20 到 2022-11-9 断断续续3次封端口,换端口解决,但是估计很快又会被封. — Reply to this email directly, view it on GitHub[#1237 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYCY3L6CTKR3ZABFEQ3WHNVQ5ANCNFSM6AAAAAAQ4ZHZCE]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYC7PBQWX2ECXIAHS7TWHNVQ5A5CNFSM6AAAAAAQ4ZHZCGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSN7WQKE.gif]Message ID: @.> My firewall has opened several ports, including 443 80 and several ports in use. And I'm using this example as my configuration: https://github.com/XTLS/Xray-examples/blob/main/VMess-Websocket-TLS — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: ***@***.***> — Reply to this email directly, view it on GitHub[#1237 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYC4ZJREXX5RCFB36K3WHNZTNANCNFSM6AAAAAAQ4ZHZCE]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYGQ3NI245VTHSHDQV3WHNZTNA5CNFSM6AAAAAAQ4ZHZCGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSN7ZGD6.gif]Message ID: ***@***.***>

cross-hello · 2022-11-09T10:43:17Z

@Donotinvert Did you set out Nginx/Caddy as your proxyer, and if it is any ports relating vmess or bless that was exposed to outside?

…

---------------------------------------- *From: *Donotinvert ***@***.***> *To: *XTLS/Xray-core ***@***.***> *CC: *Nanyu ***@***.***>; Comment ***@***.***> *Date: *Nov 9, 2022 10:03:39 *Subject: *Re: [XTLS/Xray-core] [discussion] 近期大范围的服务器封锁及对策 (Issue #1237)

Could you show your server and client configuration, including firewalls settings? …[https://#] ---------------------------------------- /From: /Donotinvert /*@*/.///> /To: /XTLS/Xray-core /*@*/.///> /CC: /Nanyu /*@*/.///>; Comment /*@*/./**> *Date: /Nov 9, 2022 09:31:59 /Subject: /Re: [XTLS/Xray-core] [discussion] 近期大范围的服务器封锁及对策 (Issue #1237[#1237]) xray vmess+tls+ws 大流量被封端口 2022-10-20 到 2022-11-9 断断续续3次封端口,换端口解决,但是估计很快又会被封. — Reply to this email directly, view it on GitHub[#1237 (comment)[#1237 (comment)]], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYCY3L6CTKR3ZABFEQ3WHNVQ5ANCNFSM6AAAAAAQ4ZHZCE]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYC7PBQWX2ECXIAHS7TWHNVQ5A5CNFSM6AAAAAAQ4ZHZCGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSN7WQKE.gif]Message[https://github.com/notifications/beacon/AKGBAYC7PBQWX2ECXIAHS7TWHNVQ5A5CNFSM6AAAAAAQ4ZHZCGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSN7WQKE.gif%5DMessage] ID: /*@*/.///> My firewall has opened several ports, including 443 80 and several ports in use. And I'm using this example as my configuration: https://github.com/XTLS/Xray-examples/blob/main/VMess-Websocket-TLS — Reply to this email directly, view it on GitHub[#1237 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYGGZE5PBIV6MRHPYZDWHNZHVANCNFSM6AAAAAAQ4ZHZCE]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYHCELWSIZ33J32N3FDWHNZHVA5CNFSM6AAAAAAQ4ZHZCGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSN7Y5EK.gif]Message ID: ***@***.***>

Donotinvert · 2022-11-10T03:15:06Z

@cross-hello Yes, I'm using Nginx as my proxyer, And vmess ports are not directly exposed to outside.

Donotinvert · 2022-11-10T03:22:53Z

试一下pre release里的vision流控？
…
---原始邮件--- 发件人: @.> 发送时间: 2022年11月9日(周三) 晚上6:03 收件人: @.>; 抄送: @.@.>; 主题: Re: [XTLS/Xray-core] [discussion] 近期大范围的服务器封锁及对策 (Issue #1237) Could you show your server and client configuration, including firewalls settings? … ---------------------------------------- From: Donotinvert @.> To: XTLS/Xray-core @.> CC: Nanyu @.>; Comment @.> Date: Nov 9, 2022 09:31:59 Subject: Re: [XTLS/Xray-core] [discussion] 近期大范围的服务器封锁及对策 (Issue #1237) xray vmess+tls+ws 大流量被封端口 2022-10-20 到 2022-11-9 断断续续3次封端口,换端口解决,但是估计很快又会被封. — Reply to this email directly, view it on GitHub[#1237 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYCY3L6CTKR3ZABFEQ3WHNVQ5ANCNFSM6AAAAAAQ4ZHZCE]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYC7PBQWX2ECXIAHS7TWHNVQ5A5CNFSM6AAAAAAQ4ZHZCGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSN7WQKE.gif]Message ID: @.> My firewall has opened several ports, including 443 80 and several ports in use. And I'm using this example as my configuration: https://github.com/XTLS/Xray-examples/blob/main/VMess-Websocket-TLS — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.>

多谢, 我去了解一下这个功能.

cross-hello · 2022-11-10T07:34:06Z

@Donotinvert If it is ok please provide detailed configuration file of server and client(remove sensitive info), including VPS locate zone, your current province position.

cross-hello · 2022-11-10T09:08:32Z

@Donotinvert then what about client, could you export one configuration here also?

Donotinvert · 2022-11-10T09:43:42Z

@cross-hello

Are you a contributors or ? can you tall me why you need this ?

{
  "policy": {
    "system": {
      "statsOutboundUplink": true,
      "statsOutboundDownlink": true
    }
  },
  "log": {
    "access": "",
    "error": "",
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "tag": "socks",
      "port": 10808,
      "listen": "127.0.0.1",
      "protocol": "socks",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      },
      "settings": {
        "auth": "noauth",
        "udp": true,
        "allowTransparent": false
      }
    },
    {
      "tag": "http",
      "port": 10809,
      "listen": "127.0.0.1",
      "protocol": "http",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      },
      "settings": {
        "auth": "noauth",
        "udp": true,
        "allowTransparent": false
      }
    },
    {
      "tag": "socks2",
      "port": 10810,
      "listen": "0.0.0.0",
      "protocol": "socks",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      },
      "settings": {
        "auth": "noauth",
        "udp": true,
        "allowTransparent": false
      }
    },
    {
      "tag": "http2",
      "port": 10811,
      "listen": "0.0.0.0",
      "protocol": "http",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      },
      "settings": {
        "auth": "noauth",
        "udp": true,
        "allowTransparent": false
      }
    },
    {
      "tag": "api",
      "port": 14034,
      "listen": "127.0.0.1",
      "protocol": "dokodemo-door",
      "settings": {
        "udp": false,
        "address": "127.0.0.1",
        "allowTransparent": false
      }
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "ip",
            "port": port,
            "users": [
              {
                "id": "id",
                "alterId": 0,
                "email": "[email protected]",
                "security": "auto"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "tlsSettings": {
          "allowInsecure": true,
          "serverName": "www.xxx.com"
        },
        "wsSettings": {
          "path": "/path/",
          "headers": {
            "Host": "www.xxx.com"
          }
        }
      },
      "mux": {
        "enabled": true,
        "concurrency": 8
      }
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {}
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "http"
        }
      }
    }
  ],
  "stats": {},
  "api": {
    "tag": "api",
    "services": [
      "StatsService"
    ]
  },
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      {
        "type": "field",
        "inboundTag": [
          "api"
        ],
        "outboundTag": "api",
        "enabled": true
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "domain": [
          "domain:example-example.com",
          "domain:example-example2.com"
        ],
        "enabled": true
      },
      {
        "type": "field",
        "outboundTag": "block",
        "domain": [
          "geosite:category-ads-all"
        ],
        "enabled": true
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "domain": [
          "geosite:cn"
        ],
        "enabled": true
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "ip": [
          "geoip:private",
          "geoip:cn"
        ],
        "enabled": true
      },
      {
        "type": "field",
        "port": "0-65535",
        "outboundTag": "proxy",
        "enabled": true
      }
    ]
  }
}

cross-hello · 2022-11-10T09:50:36Z

@Donotinvert Not, just a ordinary visitor.
for "allowInsecure": true, you may suffer middle man attack. So if gfw sets up a server intermediate, your traffic could be detected.

Donotinvert · 2022-11-10T10:08:58Z

@cross-hello Okay,thank you for help me, I try changing the setting to "false".

cross-hello · 2022-11-22T09:30:19Z

@Donotinvert What is server status now? If the blockade happens again?

aptexd · 2022-11-22T16:43:18Z

情况十分类似，非 443 ，vless + ws + tls
10月初陆续 ban 了三次端口，前两天发现 IP 被 ban 了
BWH 主机，免费的域名，zerossl 证书过期后一直没折腾，所以开始一位是证书问题
这两天又付费了域名，套 CDN，然后 443 试试吧
自己手机 11u，有个端口只给了朋友，荣耀手机，也封

Donotinvert · 2022-11-23T02:00:24Z

@Donotinvert What is server status now? If the blockade happens again?

Still blocked ports.

Donotinvert · 2022-11-23T02:01:42Z

情况十分类似，非 443 ，vless + ws + tls 10月初陆续 ban 了三次端口，前两天发现 IP 被 ban 了 BWH 主机，免费的域名，zerossl 证书过期后一直没折腾，所以开始一位是证书问题这两天又付费了域名，套 CDN，然后 443 试试吧自己手机 11u，有个端口只给了朋友，荣耀手机，也封

我也要试试cdn了三天两头换端口太麻烦了😭

dzcpy · 2022-12-03T08:01:45Z

问题是现在有啥解决办法吗？

lxhao61 · 2022-12-23T00:24:07Z

问题是现在有啥解决办法吗？

可试试如下配置：
1、反代配置
1）、Nginx配置只用TLSv1.2（禁用TLSv1.3），优先使用服务端的密码套件开启，密码套件用ECDHE-ECDSA-CHACHA20-POLY1305（ECC证书）、ECDHE-RSA-CHACHA20-POLY1305（RSA证书）。
2）、Caddy配置TLS最小与最大为TLSv1.2（禁用TLSv1.3），密码套件用
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256（ECC证书）、TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256（RSA证书）。
2、回落配置（不启用XTLS）
Xray配置TLS最小与最大为TLSv1.2（禁用TLSv1.3），密码套件用
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256（ECC证书）、TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256（RSA证书）。

zmyjs · 2022-12-23T06:41:10Z

昨天圣诞活动增加了两台VPS，才用一天今天两台都被封端口了。还好我旧机器还好好的。

dzcpy · 2022-12-24T04:17:16Z

问题是现在有啥解决办法吗？

可试试如下配置： 1、反代配置 1）、Nginx配置只用TLSv1.2（禁用TLSv1.3），优先使用服务端的密码套件开启，密码套件用ECDHE-ECDSA-CHACHA20-POLY1305（ECC证书）、ECDHE-RSA-CHACHA20-POLY1305（RSA证书）。 2）、Caddy配置TLS最小与最大为TLSv1.2（禁用TLSv1.3），密码套件用 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256（ECC证书）、TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256（RSA证书）。 2、回落配置（不启用XTLS） Xray配置TLS最小与最大为TLSv1.2（禁用TLSv1.3），密码套件用 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256（ECC证书）、TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256（RSA证书）。

你那边可以用吗？方便分享一个 json 配置吗？

lxhao61 · 2022-12-24T06:58:49Z

问题是现在有啥解决办法吗？

可试试如下配置： 1、反代配置 1）、Nginx配置只用TLSv1.2（禁用TLSv1.3），优先使用服务端的密码套件开启，密码套件用ECDHE-ECDSA-CHACHA20-POLY1305（ECC证书）、ECDHE-RSA-CHACHA20-POLY1305（RSA证书）。 2）、Caddy配置TLS最小与最大为TLSv1.2（禁用TLSv1.3），密码套件用 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256（ECC证书）、TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256（RSA证书）。 2、回落配置（不启用XTLS） Xray配置TLS最小与最大为TLSv1.2（禁用TLSv1.3），密码套件用 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256（ECC证书）、TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256（RSA证书）。

你那边可以用吗？方便分享一个 json 配置吗？

当然可用。三种配置中你准备采用那种配置？

dzcpy · 2022-12-24T08:15:49Z

问题是现在有啥解决办法吗？

可试试如下配置： 1、反代配置 1）、Nginx配置只用TLSv1.2（禁用TLSv1.3），优先使用服务端的密码套件开启，密码套件用ECDHE-ECDSA-CHACHA20-POLY1305（ECC证书）、ECDHE-RSA-CHACHA20-POLY1305（RSA证书）。 2）、Caddy配置TLS最小与最大为TLSv1.2（禁用TLSv1.3），密码套件用 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256（ECC证书）、TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256（RSA证书）。 2、回落配置（不启用XTLS） Xray配置TLS最小与最大为TLSv1.2（禁用TLSv1.3），密码套件用 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256（ECC证书）、TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256（RSA证书）。

你那边可以用吗？方便分享一个 json 配置吗？

当然可用。三种配置中你准备采用那种配置？

都可以吧

lxhao61 · 2022-12-29T07:37:17Z

问题是现在有啥解决办法吗？

可试试如下配置： 1、反代配置 1）、Nginx配置只用TLSv1.2（禁用TLSv1.3），优先使用服务端的密码套件开启，密码套件用ECDHE-ECDSA-CHACHA20-POLY1305（ECC证书）、ECDHE-RSA-CHACHA20-POLY1305（RSA证书）。 2）、Caddy配置TLS最小与最大为TLSv1.2（禁用TLSv1.3），密码套件用 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256（ECC证书）、TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256（RSA证书）。 2、回落配置（不启用XTLS） Xray配置TLS最小与最大为TLSv1.2（禁用TLSv1.3），密码套件用 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256（ECC证书）、TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256（RSA证书）。

你那边可以用吗？方便分享一个 json 配置吗？

当然可用。三种配置中你准备采用那种配置？

都可以吧

参考 https://github.com/lxhao61/integrated-examples 示例及带 TLSv1.2 标记修改。

Yofo-me · 2023-05-04T02:19:14Z

现在用nginx+tls+v2ray(vmess)+ws路径分流用个几小时就被封，但是同样的配置用apache2+tls+v2ray(vmess)+ws路径分流就不会，nginx和apache2都伪装站点了的

Yofo-me · 2023-05-04T02:22:26Z

现在用 nginx+tls+v2ray (vmess)+ws 路径分流用个几小时就被封，但是同样的配置用 apache2+tls+v2ray (vmess)+ws 路径分流就不会，nginx 和 apache2 都伪装站点了的

nginx几分钟不到就封了，都是封端口。前端都是伪装的视频站,emby或者alist。Apache2就没问题

shuiliu11 · 2023-05-04T02:28:09Z

我不是专业的,但是看过NIGNX官网,上面有很多国内专业人员参与,当时我就不再使用这个软件部署xray了.

chika0801 · 2023-05-04T02:40:33Z

现在用nginx+tls+v2ray(vmess)+ws路径分流用个几小时就被封，但是同样的配置用apache2+tls+v2ray(vmess)+ws路径分流就不会，nginx和apache2都伪装站点了的

https://github.com/chika0801/Xray-examples/blob/main/warning.md#memo-5

上面

dzcpy · 2023-05-11T23:36:33Z

现在用nginx+tls+v2ray(vmess)+ws路径分流用个几小时就被封，但是同样的配置用apache2+tls+v2ray(vmess)+ws路径分流就不会，nginx和apache2都伪装站点了的

https://github.com/chika0801/Xray-examples/blob/main/warning.md#memo-5

上面

页面找不到

chika0801 · 2023-05-12T03:39:10Z

现在用nginx+tls+v2ray(vmess)+ws路径分流用个几小时就被封，但是同样的配置用apache2+tls+v2ray(vmess)+ws路径分流就不会，nginx和apache2都伪装站点了的

https://github.com/chika0801/Xray-examples/blob/main/warning.md#memo-5
上面

页面找不到

https://github.com/chika0801/Xray-examples/blob/main/tips.md
换了个名字

This comment was marked as outdated.

Sign in to view

jy324 mentioned this issue Oct 8, 2022

我的服务器443端口被墙了，请问如何变更tls默认的443端口 233boy/v2ray#955

Closed

Fangliding closed this as completed Apr 14, 2024

[discussion] 近期大范围的服务器封锁及对策 #1237

[discussion] 近期大范围的服务器封锁及对策 #1237

Comments

showgood163 commented Oct 4, 2022 • edited Loading

HSK077 commented Oct 4, 2022 • edited Loading

chika0801 commented Oct 4, 2022

yang05051 commented Oct 4, 2022

HSK077 commented Oct 4, 2022 • edited Loading

danhacker725 commented Oct 5, 2022

javeil commented Oct 5, 2022

SkywalkerDarren commented Oct 5, 2022

SheepChef commented Oct 5, 2022 • edited Loading

javeil commented Oct 5, 2022

SheepChef commented Oct 5, 2022

taanng commented Oct 5, 2022

yiceho commented Oct 5, 2022 • edited Loading

This comment was marked as outdated.

yiceho commented Oct 5, 2022

This comment was marked as outdated.

frank-pian commented Oct 5, 2022

SheepChef commented Oct 5, 2022

javeil commented Oct 5, 2022

cross-hello commented Oct 5, 2022

lizkes commented Oct 6, 2022

azzvx commented Oct 6, 2022

arminaghebati commented Oct 6, 2022 via email

zbluekuma commented Oct 7, 2022 • edited Loading

chika0801 commented Oct 7, 2022

crmmc commented Oct 7, 2022

AxIauk commented Oct 7, 2022 • edited Loading

HSK077 commented Oct 7, 2022

frank-pian commented Oct 8, 2022

Frank997 commented Oct 8, 2022

cross-hello commented Nov 9, 2022 via email

Donotinvert commented Nov 9, 2022

littlemingone commented Nov 9, 2022 via email

cross-hello commented Nov 9, 2022 via email

cross-hello commented Nov 9, 2022 via email

Donotinvert commented Nov 10, 2022

Donotinvert commented Nov 10, 2022

cross-hello commented Nov 10, 2022

cross-hello commented Nov 10, 2022

Donotinvert commented Nov 10, 2022

cross-hello commented Nov 10, 2022

Donotinvert commented Nov 10, 2022

cross-hello commented Nov 22, 2022

aptexd commented Nov 22, 2022

Donotinvert commented Nov 23, 2022

Donotinvert commented Nov 23, 2022

dzcpy commented Dec 3, 2022

lxhao61 commented Dec 23, 2022 • edited Loading

zmyjs commented Dec 23, 2022

dzcpy commented Dec 24, 2022 • edited Loading

lxhao61 commented Dec 24, 2022 • edited Loading

dzcpy commented Dec 24, 2022

lxhao61 commented Dec 29, 2022

Yofo-me commented May 4, 2023 • edited Loading

Yofo-me commented May 4, 2023

shuiliu11 commented May 4, 2023

chika0801 commented May 4, 2023 • edited Loading

dzcpy commented May 11, 2023

chika0801 commented May 12, 2023

showgood163 commented Oct 4, 2022 •

edited

Loading

HSK077 commented Oct 4, 2022 •

edited

Loading

HSK077 commented Oct 4, 2022 •

edited

Loading

SheepChef commented Oct 5, 2022 •

edited

Loading

yiceho commented Oct 5, 2022 •

edited

Loading

zbluekuma commented Oct 7, 2022 •

edited

Loading

AxIauk commented Oct 7, 2022 •

edited

Loading

lxhao61 commented Dec 23, 2022 •

edited

Loading

dzcpy commented Dec 24, 2022 •

edited

Loading

lxhao61 commented Dec 24, 2022 •

edited

Loading

Yofo-me commented May 4, 2023 •

edited

Loading

chika0801 commented May 4, 2023 •

edited

Loading