Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[原版遗留反代bug] 订阅返回的address值错误引用了Client IP #24

Open
avsba001 opened this issue Jul 1, 2024 · 1 comment
Open

[原版遗留反代bug] 订阅返回的address值错误引用了Client IP #24

avsba001 opened this issue Jul 1, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@avsba001
Copy link

avsba001 commented Jul 1, 2024
edited
Loading

Describe the bug
nginx 反代后,订阅返回服务端ip 为 客户端源IP

Expected behavior
fix

Version (please complete the following information):

  • 3X-UI Version : 2.3.4-2.3.7
  • Xray Version : 1.8.11-1.8.16(不影响bug)

Additional context

Nginx config:

server
{
    listen 80;
    listen 443 ssl reuseport;
    listen 443 quic reuseport;
    http2 on;
    server_name la.xxxxxxxxxxxxx.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/la.xxxxxxxxxxxxx.com;
    #CERT-APPLY-CHECK--START
    # 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
    include /www/server/panel/vhost/nginx/well-known/la.xxxxxxxxxxxxx.com.conf;
    #CERT-APPLY-CHECK--END
    #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    ssl_certificate    /www/fullchain.pem;
    ssl_certificate_key    /www/key.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers  ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header Alt-Svc 'h3=":443"; ma=86400'; 
    error_page 497  https://$host$request_uri;
    ssl_stapling on; 
    ssl_stapling_verify on; 
    ssl_ecdh_curve X25519:P-256; 
    #SSL-END
    if ($scheme = http) {
        return 301 https://$host$request_uri; 
    }
    #SSL-END

    #ERROR-PAGE-START  错误页配置,可以注释、删除或修改
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    #ERROR-PAGE-END

    #PHP-INFO-START  PHP引用配置,可以注释或修改
    #清理缓存规则

    location ~ /purge(/.*) {
        proxy_cache_purge cache_one $host$1$is_args$args;
        #access_log  /www/wwwlogs/la.xxxxxxxxxxxxx.com_purge_cache.log;
    }
	#引用反向代理规则,注释后配置的反向代理将无效
	location ^~ /av1561563/
	{
    proxy_pass http://127.0.0.1:2096/av1561563/;  #**(只保留此行返回的address为:127.0.0.1)**
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_http_version 1.1;
    # proxy_hide_header Upgrade;

    add_header X-Cache $upstream_cache_status;
    #Set Nginx Cache

    set $static_fileSipaPlin 0;
    if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
    {
        set $static_fileSipaPlin 1;
        expires 1m;
    }
    if ( $static_fileSipaPlin = 0 )
    {
        add_header Cache-Control no-cache;
    }
	}
	include enable-php-00.conf;
    #PHP-INFO-END

    #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
    include /www/server/panel/vhost/rewrite/la.xxxxxxxxxxxxx.com.conf;
    #REWRITE-END

    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }

    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
        allow all;
    }

    #禁止在证书验证目录放入敏感文件
    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
        return 403;
    }

    
    access_log  /www/wwwlogs/la.xxxxxxxxxxxxx.com.log;
    error_log  /www/wwwlogs/la.xxxxxxxxxxxxx.com.error.log;
}

无标题

详细说明:
开发者你好,我水平有限,只能尽可能提供详细的信息辅助定位问题。
目前怀疑是 这个PR 或者 这个X-REAL-IP pr 错误的被订阅引用了客户端IP。

具体复现操作
1.拥有一个域名,nginx根据以上config 反代,( https不影响bug结果)
2.面板内根据截图设置好反代路径 (不使用CF等CDN)
3.使用v2rayn等软件订阅。
4.根据反代规则会返回不同的值
如只保留 (proxy_pass http://127.0.0.1:2096/av1561563/; ,则客户端订阅后得到的服务器IP为127.0.0.1

若完整配置

    proxy_pass http://127.0.0.1:2096/av1561563/;  #**(只保留此行返回的address为:127.0.0.1)**
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_http_version 1.1;

得到的值为客户端源IP,举个例子:vps ip 为 2.2.2.2,已经反代为la.xxxxxxxxxxxxx.com,客户端所在地公网ip为221.1.1.1,客户端使用订阅链接后,得到的address为:221.1.1.1,而不是正确的la.xxxxxxxxxxxxx.com。
@avsba001 avsba001 added the bug Something isn't working label Jul 1, 2024
@avsba002
Copy link

avsba002 commented Jul 1, 2024

临时解决办法:
将nginx.conf中的
proxy_set_header X-Real-IP 后面修改为自己需要的值

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@avsba001 @avsba002