G
G
gjf2022-03-25 15:25:50
webdav
gjf, 2022-03-25 15:25:50

How to make ShadowSocks+V2Ray, WebDav and redirect based on Apache2?

Hello.

So, given:
- VPS with Apache2 and ShadowSocks up, https keys from Letsncrypt with automatic update via certbot
- On Apache: with direct access - there is a redirect to an empty page, a small file dump hangs on WebDav by the /webdav key
- Certbot is set to regular update, so port 80 is reserved for it, apache runs on 8080 and 443.
- The system is protected from DDOS via ddos-guard.net.
Apache configs:

000-default.conf

ServerName My.Server.Name

ServerAdmin [email protected]
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

default-ssl.conf


ServerAdmin [email protected]

DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on

SSLProtocol -all +TLSv1.3 +TLSv1.2
SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder On
SSLOpenSSLConfCmd DHParameters "/etc/ssl/dhparams.pem"
SSLCompression Off

SSLCertificateFile /etc/letsencrypt/live/My.Server.Name/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/My.Server.Name/privkey.pem

SSLCertificateChainFile /etc/letsencrypt/live/My.Server.Name/chain.pem


SSLOptions +StdEnvVars


SSLOptions +StdEnvVars





webdav.conf
Alias /webdav /home/webdav

DAV On
SSLRequireSSL
Options None
AuthType Basic
AuthName WebDAV
AuthUserFile /etc/apache2/.htpasswd

Require method GET POST OPTIONS
Require valid-user



Shadowsocks config:
config.json
{
"server": ["::0", "0.0.0.0"],
"server_port": 8000,
"password": "********",
"timeout": 300,
"method": "xchacha20-ietf-poly1305",
"no_delay": true,
"fast_open": true,
"reuse_port": true,
"workers": 1,
"nameserver": "127.0.0.1",
"mode": "tcp_and_udp"
}


Everything works, everything is great.

Task:
Connect V2Ray through the Apache proxy using the /v2qq key. More precisely:
- Access to https://My.Server.Name is proxied to Google to hide the real functionality
- Access to https://My.Server.Name/webdav makes access to Webdav
- Access to https://My.Server. Name/v2qq opens shadowsocks via v2ray


What I do:
1. Add config to Apache and enable it:
shadowsocks-v2ray.conf

RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:8008/$1 [P,L]

SSLProxyEngine On

ProxyPass https://www.google.com
ProxyPassReverse https://www.google.com



ProxyPass https://127.0.0.1:443
ProxyPassReverse https://127.0.0.1:443



Proxypass 127.0.0.1:8008
ProxyPassReverse 127.0.0.1:8008



2. I change the Shadowsocks config (of course, the v2ray-plugin module is downloaded, sits in /usr/local/bin and shadowsocks sees it and starts it normally)
config.json
{
"server": ["::1", "127.0.0.1"],
"server_port": 8008,
"password": "*********",
"timeout": 300,
"method": "xchacha20-ietf-poly1305",
"no_delay": true,
"fast_open": true,
"reuse_port": true,
"workers": 1,
"plugin": "v2ray-plugin",
"nameserver": "1.1.1.1",
"plugin_opts": "server;tls;fast-open;path=/v2qq;host=My.Server.Name;cert=/etc/letsencrypt/live/My.Server.Name/cert.pem;
key=/etc/letsencrypt/live/My.Server.Name/privkey.pem;loglevel=none",
"mode": "tcp_only"
}


Total: not a thing works, except for the redirect to Google. WebDav, Shadowsocks - in flight.

Q: What am I doing wrong and how can I fix it?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
G
gjf, 2022-03-25
@gjf

So, I replaced the config in Apache:

shadowsocks-v2ray.conf

RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://127.0.0.1:8008/$1" [P,L]
SSLProxyEngine On
ProxyPass /webdav !
ProxyPass / https://www.google.com/
ProxyPassReverse / https://www.google.com/
Proxypass /v2qq 127.0.0.1:8008
ProxyPassReverse /v2qq 127.0.0.1:8008

Total: proxying to Google worked, WebDav - too, but shadowsocks still does not want to work normally.
I check the server: yes, ports are open there for 8008, you can knock with a telnet - everything is ok.
OK, let's check out Shadowsocks itself. I'm running with this config:
config.json
{
"server": ["::0", "0.0.0.0"],
"server_port": 8000,
"password": "********",
"timeout": 300,
"method": "xchacha20-ietf-poly1305",
"no_delay": true,
"fast_open": true,
"reuse_port": true,
"workers": 1,
"nameserver": "127.0.0.1",
"plugin": "v2ray-plugin",
"plugin_opts": "server",
"mode": "tcp_and_udp"
}

(it is clear that I also change the parameters in the client)
Everything is fine, everything runs!
From which I understand that the problem is in the proxying of the socket from Apache to V2Ray.
I understand - I understand, but I can not solve ...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question