starred/Cloak
1
0
Fork 0
mirror of https://github.com/cbeuw/Cloak.git synced 2026-04-26 21:15:55 +03:00
Code Issues 144 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #126] Cant get CDN mode working #104

New issue
Open
opened 2026-02-26 12:33:59 +03:00 by kerem · 26 comments
kerem commented 2026-02-26 12:33:59 +03:00
Owner
Copy link

Originally created by @aboka2k on GitHub (Aug 26, 2020).
Original GitHub issue: https://github.com/cbeuw/Cloak/issues/126

hi, im using SS with Cloak plugin on a Ubuntu 20.04 LTS vps. I install them using HirbodBehnam's v2 script and its working great in Direct mode. But just cant make it work with CDN/Cloudfront.

I follow the guide on your wiki on creating the Cloudfront, and on Windows client( SS 4.1.1. and Cloak 2.2.2 plugin), change 'Server IP' point to the CDN's domain name(xxxxxx.cloudfront.net) and do the same for Cloak's plugin Servername. And lastly add 'Transport=CDN;' to the 'Plugin Options'

Did i miss or do something wrong, or there is more settings on the server side? as there will be no internet and many 'errors'(on client side) logging:

Truncate....
2020-08-26 18:42:26.1823|DEBUG|Shadowsocks.Controller.TCPHandler|Socket connected to ss server: xxxxxxxxxx.cloudfront.net:443
2020-08-26 18:42:26.1823|DEBUG|Shadowsocks.Controller.TCPHandler|Socket connected to ss server: xxxxxxxxxx.cloudfront.net:443
2020-08-26 18:42:26.4343|DEBUG|Shadowsocks.Controller.TCPHandler|connect to www.google.com:443
2020-08-26 18:42:26.4723|INFO|Shadowsocks.Controller.ShadowsocksController|Started SIP003 plugin for xxxxxxxxxx.cloudfront.net:443 on 127.0.0.1:64663 - PID: 2104
2020-08-26 18:42:26.5173|DEBUG|Shadowsocks.Controller.TCPHandler|connect to s2.googleusercontent.com:443
2020-08-26 18:42:26.7253|DEBUG|Shadowsocks.Controller.TCPHandler|connect to www.gstatic.com:443
2020-08-26 18:42:26.7253|DEBUG|Shadowsocks.Controller.TCPHandler|connect to s2.googleusercontent.com:443
2020-08-26 18:42:26.7553|DEBUG|Shadowsocks.Controller.TCPHandler|connect to www.google.com:443
2020-08-26 18:42:26.7703|DEBUG|Shadowsocks.Controller.TCPHandler|connect to www.google.com:443
2020-08-26 18:42:26.7753|DEBUG|Shadowsocks.Controller.TCPHandler|connect to www.google.com:443
2020-08-26 18:42:26.8793|DEBUG|Shadowsocks.Controller.TCPHandler|connect to fonts.gstatic.com:443
2020-08-26 18:42:26.8793|DEBUG|Shadowsocks.Controller.TCPHandler|Socket connected to ss server: xxxxxxxxxx.cloudfront.net:443
2020-08-26 18:42:26.9743|DEBUG|Shadowsocks.Controller.TCPHandler|Socket connected to ss server: xxxxxxxxxx.cloudfront.net:443
2020-08-26 18:42:27.3044|DEBUG|Shadowsocks.Controller.TCPHandler|connect to www.google.com:443
2020-08-26 18:42:27.3164|DEBUG|Shadowsocks.Controller.TCPHandler|connect to fonts.gstatic.com:443
2020-08-26 18:42:27.3274|INFO|Shadowsocks.Controller.ShadowsocksController|Started SIP003 plugin for xxxxxxxxxx.cloudfront.net:443 on 127.0.0.1:64704 - PID: 1936
2020-08-26 18:42:27.6584|WARN|Shadowsocks.Controller.TCPHandler|System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it
at Shadowsocks.Util.Sockets.WrappedSocket.EndConnect(IAsyncResult asyncResult)
at Shadowsocks.Proxy.DirectConnect.EndConnectDest(IAsyncResult asyncResult)
at Shadowsocks.Controller.TCPHandler.ConnectCallback(IAsyncResult ar)
2020-08-26 18:42:27.7184|WARN|Shadowsocks.Controller.TCPHandler|System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it
at Shadowsocks.Util.Sockets.WrappedSocket.EndConnect(IAsyncResult asyncResult)
at Shadowsocks.Proxy.DirectConnect.EndConnectDest(IAsyncResult asyncResult)
at Shadowsocks.Controller.TCPHandler.ConnectCallback(IAsyncResult ar)
2020-08-26 18:42:27.7284|WARN|Shadowsocks.Controller.TCPHandler|System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it
at Shadowsocks.Util.Sockets.WrappedSocket.EndConnect(IAsyncResult asyncResult)
Truncate....

Thank you,

Originally created by @aboka2k on GitHub (Aug 26, 2020). Original GitHub issue: https://github.com/cbeuw/Cloak/issues/126 hi, im using SS with Cloak plugin on a Ubuntu 20.04 LTS vps. I install them using HirbodBehnam's v2 script and its working great in Direct mode. But just cant make it work with CDN/Cloudfront. I follow the guide on your wiki on creating the Cloudfront, and on Windows client( SS 4.1.1. and Cloak 2.2.2 plugin), change 'Server IP' point to the CDN's domain name(xxxxxx.cloudfront.net) and do the same for Cloak's plugin Servername. And lastly add 'Transport=CDN;' to the 'Plugin Options' Did i miss or do something wrong, or there is more settings on the server side? as there will be no internet and many 'errors'(on client side) logging: > Truncate.... 2020-08-26 18:42:26.1823|DEBUG|Shadowsocks.Controller.TCPHandler|Socket connected to ss server: xxxxxxxxxx.cloudfront.net:443 2020-08-26 18:42:26.1823|DEBUG|Shadowsocks.Controller.TCPHandler|Socket connected to ss server: xxxxxxxxxx.cloudfront.net:443 2020-08-26 18:42:26.4343|DEBUG|Shadowsocks.Controller.TCPHandler|connect to www.google.com:443 2020-08-26 18:42:26.4723|INFO|Shadowsocks.Controller.ShadowsocksController|Started SIP003 plugin for xxxxxxxxxx.cloudfront.net:443 on 127.0.0.1:64663 - PID: 2104 2020-08-26 18:42:26.5173|DEBUG|Shadowsocks.Controller.TCPHandler|connect to s2.googleusercontent.com:443 2020-08-26 18:42:26.7253|DEBUG|Shadowsocks.Controller.TCPHandler|connect to www.gstatic.com:443 2020-08-26 18:42:26.7253|DEBUG|Shadowsocks.Controller.TCPHandler|connect to s2.googleusercontent.com:443 2020-08-26 18:42:26.7553|DEBUG|Shadowsocks.Controller.TCPHandler|connect to www.google.com:443 2020-08-26 18:42:26.7703|DEBUG|Shadowsocks.Controller.TCPHandler|connect to www.google.com:443 2020-08-26 18:42:26.7753|DEBUG|Shadowsocks.Controller.TCPHandler|connect to www.google.com:443 2020-08-26 18:42:26.8793|DEBUG|Shadowsocks.Controller.TCPHandler|connect to fonts.gstatic.com:443 2020-08-26 18:42:26.8793|DEBUG|Shadowsocks.Controller.TCPHandler|Socket connected to ss server: xxxxxxxxxx.cloudfront.net:443 2020-08-26 18:42:26.9743|DEBUG|Shadowsocks.Controller.TCPHandler|Socket connected to ss server: xxxxxxxxxx.cloudfront.net:443 2020-08-26 18:42:27.3044|DEBUG|Shadowsocks.Controller.TCPHandler|connect to www.google.com:443 2020-08-26 18:42:27.3164|DEBUG|Shadowsocks.Controller.TCPHandler|connect to fonts.gstatic.com:443 2020-08-26 18:42:27.3274|INFO|Shadowsocks.Controller.ShadowsocksController|Started SIP003 plugin for xxxxxxxxxx.cloudfront.net:443 on 127.0.0.1:64704 - PID: 1936 2020-08-26 18:42:27.6584|WARN|Shadowsocks.Controller.TCPHandler|System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it at Shadowsocks.Util.Sockets.WrappedSocket.EndConnect(IAsyncResult asyncResult) at Shadowsocks.Proxy.DirectConnect.EndConnectDest(IAsyncResult asyncResult) at Shadowsocks.Controller.TCPHandler.ConnectCallback(IAsyncResult ar) 2020-08-26 18:42:27.7184|WARN|Shadowsocks.Controller.TCPHandler|System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it at Shadowsocks.Util.Sockets.WrappedSocket.EndConnect(IAsyncResult asyncResult) at Shadowsocks.Proxy.DirectConnect.EndConnectDest(IAsyncResult asyncResult) at Shadowsocks.Controller.TCPHandler.ConnectCallback(IAsyncResult ar) 2020-08-26 18:42:27.7284|WARN|Shadowsocks.Controller.TCPHandler|System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it at Shadowsocks.Util.Sockets.WrappedSocket.EndConnect(IAsyncResult asyncResult) Truncate.... Thank you,
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@cbeuw commented on GitHub (Sep 1, 2020):

Have you tried putting "Transport": "cdn" in Cloak client's configuration JSON file? Cloak currently only reads the path to Cloak config json file from Plugin Options field set in Shadowsocks, it doesn't accept other arguments

<!-- gh-comment-id:684806798 --> @cbeuw commented on GitHub (Sep 1, 2020): Have you tried putting `"Transport": "cdn"` in Cloak client's configuration JSON file? Cloak currently only reads the path to Cloak config json file from Plugin Options field set in Shadowsocks, it doesn't accept other arguments
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 1, 2020):

Have you tried putting "Transport": "cdn" in Cloak client's configuration JSON file? Cloak currently only reads the path to Cloak config json file from Plugin Options field set in Shadowsocks, it doesn't accept other arguments

hi, do you mean we create a JSON file and put the file path in the SS's 'Plugin Options' field? if yes, could you give the command to point to the file and also the JSON file? but if thats not the case, what will you suggest? use another client for Windows/Android?

Thank you,

<!-- gh-comment-id:684822460 --> @aboka2k commented on GitHub (Sep 1, 2020): > Have you tried putting `"Transport": "cdn"` in Cloak client's configuration JSON file? Cloak currently only reads the path to Cloak config json file from Plugin Options field set in Shadowsocks, it doesn't accept other arguments hi, do you mean we create a JSON file and put the file path in the SS's 'Plugin Options' field? if yes, could you give the command to point to the file and also the JSON file? but if thats not the case, what will you suggest? use another client for Windows/Android? Thank you,
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@cbeuw commented on GitHub (Sep 1, 2020):

Hi,

There should be a config JSON file already and you can edit/append Transport option in the file. Was the Plugin Options field empty when you were running it on direct mode? Plugin Options field should have been the path to the config JSON file whenever you run Cloak in plugin mode. Or did you start Cloak separately in standalone mode?

An example ckclient.json can be found here: https://github.com/cbeuw/Cloak/blob/master/example_config/ckclient.json. This can be put anywhere. But you need to edit UID and PublicKey, which should have been filled by the JSON config created by the script

<!-- gh-comment-id:684851464 --> @cbeuw commented on GitHub (Sep 1, 2020): Hi, There should be a config JSON file already and you can edit/append `Transport` option in the file. Was the Plugin Options field empty when you were running it on direct mode? Plugin Options field should have been the path to the config JSON file whenever you run Cloak in plugin mode. Or did you start Cloak separately in standalone mode? An example ckclient.json can be found here: https://github.com/cbeuw/Cloak/blob/master/example_config/ckclient.json. This can be put anywhere. But you need to edit `UID` and `PublicKey`, which should have been filled by the JSON config created by the script
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 1, 2020):

hi, i download the Cloak exe and put inside the SS folder; then add the below value to SS Plugin Options:
UID=xxxxxxxxxxxxxxxxxxxxxxx\=\=;PublicKey=xxxxxxxxxxxxxxxxxx\=;ServerName=bing.com;BrowserSig=chrome;NumConn=4;ProxyMethod=shadowsocks;EncryptionMethod=plain;StreamTimeout=300

I notice there are 2 JSON file inside the folder, but both seems to belong to SS:
gui-config.json
statistics-config.json

Should i add the ckclient.json to the folder and delete all the value in Plugin Options now, and change it to 'Path=%foldername%'. Please advice. Thank you.

<!-- gh-comment-id:684879459 --> @aboka2k commented on GitHub (Sep 1, 2020): hi, i download the Cloak exe and put inside the SS folder; then add the below value to SS Plugin Options: `UID=xxxxxxxxxxxxxxxxxxxxxxx\=\=;PublicKey=xxxxxxxxxxxxxxxxxx\=;ServerName=bing.com;BrowserSig=chrome;NumConn=4;ProxyMethod=shadowsocks;EncryptionMethod=plain;StreamTimeout=300` I notice there are 2 JSON file inside the folder, but both seems to belong to SS: gui-config.json statistics-config.json Should i add the ckclient.json to the folder and delete all the value in Plugin Options now, and change it to 'Path=%foldername%'. Please advice. Thank you.
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@cbeuw commented on GitHub (Sep 1, 2020):

Sorry I forgot that the Plugin Options can be config arguments in semicolon separated form. What you did in the beginning should be correct. Are there any logs on Cloak server side?

<!-- gh-comment-id:684891642 --> @cbeuw commented on GitHub (Sep 1, 2020): Sorry I forgot that the Plugin Options can be config arguments in semicolon separated form. What you did in the beginning should be correct. Are there any logs on Cloak server side?
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 1, 2020):

hi, it is ok. can u tell me how to check for the logs on the server side? as i hv no idea where to look for them. thanks.

<!-- gh-comment-id:684902008 --> @aboka2k commented on GitHub (Sep 1, 2020): hi, it is ok. can u tell me how to check for the logs on the server side? as i hv no idea where to look for them. thanks.
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@HirbodBehnam commented on GitHub (Sep 1, 2020):

Because you have installed it with my script it is systemctl status cloak-server

<!-- gh-comment-id:684911460 --> @HirbodBehnam commented on GitHub (Sep 1, 2020): Because you have installed it with my script it is `systemctl status cloak-server`
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 1, 2020):

Because you have installed it with my script it is systemctl status cloak-server

hi running that will show its status, but we do need its log right? Thanks
`root@v2ray:~# systemctl status cloak-server
● cloak-server.service - Cloak Server Service
Loaded: loaded (/etc/systemd/system/cloak-server.service; enabled; vendor >
Active: active (running) since Tue 2020-09-01 23:00:42 +08; 24min ago
Main PID: 722 (ck-server)
Tasks: 3 (limit: 1062)
Memory: 7.9M
CGroup: /system.slice/cloak-server.service
└─722 /usr/bin/ck-server -c ckserver.json

Sep 01 23:00:42 v2ray systemd[1]: Started Cloak Server Service.
Sep 01 23:00:42 v2ray ck-server[722]: time="2020-09-01T23:00:42+08:00" level=in>
Sep 01 23:00:42 v2ray ck-server[722]: time="2020-09-01T23:00:42+08:00" level=in>
lines 1-12/12 (END)...skipping...
● cloak-server.service - Cloak Server Service
Loaded: loaded (/etc/systemd/system/cloak-server.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-09-01 23:00:42 +08; 24min ago
Main PID: 722 (ck-server)
Tasks: 3 (limit: 1062)
Memory: 7.9M
CGroup: /system.slice/cloak-server.service
└─722 /usr/bin/ck-server -c ckserver.json

Sep 01 23:00:42 v2ray systemd[1]: Started Cloak Server Service.
Sep 01 23:00:42 v2ray ck-server[722]: time="2020-09-01T23:00:42+08:00" level=info msg="Starting standalone mode"
Sep 01 23:00:42 v2ray ck-server[722]: time="2020-09-01T23:00:42+08:00" level=info msg="Listening on :443"
`

<!-- gh-comment-id:684938368 --> @aboka2k commented on GitHub (Sep 1, 2020): > Because you have installed it with my script it is `systemctl status cloak-server` hi running that will show its status, but we do need its log right? Thanks `root@v2ray:~# systemctl status cloak-server ● cloak-server.service - Cloak Server Service Loaded: loaded (/etc/systemd/system/cloak-server.service; enabled; vendor > Active: active (running) since Tue 2020-09-01 23:00:42 +08; 24min ago Main PID: 722 (ck-server) Tasks: 3 (limit: 1062) Memory: 7.9M CGroup: /system.slice/cloak-server.service └─722 /usr/bin/ck-server -c ckserver.json Sep 01 23:00:42 v2ray systemd[1]: Started Cloak Server Service. Sep 01 23:00:42 v2ray ck-server[722]: time="2020-09-01T23:00:42+08:00" level=in> Sep 01 23:00:42 v2ray ck-server[722]: time="2020-09-01T23:00:42+08:00" level=in> lines 1-12/12 (END)...skipping... ● cloak-server.service - Cloak Server Service Loaded: loaded (/etc/systemd/system/cloak-server.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-09-01 23:00:42 +08; 24min ago Main PID: 722 (ck-server) Tasks: 3 (limit: 1062) Memory: 7.9M CGroup: /system.slice/cloak-server.service └─722 /usr/bin/ck-server -c ckserver.json Sep 01 23:00:42 v2ray systemd[1]: Started Cloak Server Service. Sep 01 23:00:42 v2ray ck-server[722]: time="2020-09-01T23:00:42+08:00" level=info msg="Starting standalone mode" Sep 01 23:00:42 v2ray ck-server[722]: time="2020-09-01T23:00:42+08:00" level=info msg="Listening on :443" `
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@cbeuw commented on GitHub (Sep 1, 2020):

You may need to add ":80" in BindAddr in the config json file for Cloak server (so it's something like "BindAddr": [":443", ":80"]). I'm not sure where the script puts that file but I thing it's under /etc/cloak

<!-- gh-comment-id:684940839 --> @cbeuw commented on GitHub (Sep 1, 2020): You may need to add ":80" in `BindAddr` in the config json file for Cloak server (so it's something like `"BindAddr": [":443", ":80"]`). I'm not sure where the script puts that file but I thing it's under `/etc/cloak`
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@HirbodBehnam commented on GitHub (Sep 1, 2020):

Yes, the config file is at /etc/cloak/ckserver.json

<!-- gh-comment-id:684954931 --> @HirbodBehnam commented on GitHub (Sep 1, 2020): Yes, the config file is at `/etc/cloak/ckserver.json`
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 1, 2020):

hi, hv added the port 80 to it, and reboot, but same no internet. its best if we could find its log so we could see if its connected, and if yes, where it stuck at or something like that. anyway here is my setup again just in case i miss something-

  1. setup SS+Cloak with HirbodBehnam script
  2. create Cloudfront following wiki
  3. use SS client on Windows, set its 'Server IP' to Cloudfront domainname xxxxxxxxxx.cloudfront.net, and 'Plugin Option' -
    Transport=CDN;UID=xxxxxxxxxxxxxxx==;PublicKey=xxxxxxxxxxxxx=;ServerName=xxxxxxxxx.cloudfront.net;BrowserSig=chrome;NumConn=4;ProxyMethod=shadowsocks;EncryptionMethod=plain;StreamTimeout=300

Here is the ckserver.json on the server side:

{
"ProxyBook": {
"shadowsocks":["tcp","127.0.0.1:58555"] , "panel":["tcp","127.0.0.1:0"]
},
"BypassUID": [
"2oaZopNtoCrRPtFIn/XXyw=="
],
"BindAddr": [":443", ":80"],
"RedirAddr": "204.79.197.200",
"PrivateKey": "xxxxxxxxxxxxxx=",
"AdminUID": "xxxxxxxxxxxxxxx==",
"DatabasePath": "userinfo.db",
"StreamTimeout": 300
}

Have tried changing the 'RedirAddr' to the Cloudfront domain, but same not working. Please advice, thanks.

<!-- gh-comment-id:684956303 --> @aboka2k commented on GitHub (Sep 1, 2020): hi, hv added the port 80 to it, and reboot, but same no internet. its best if we could find its log so we could see if its connected, and if yes, where it stuck at or something like that. anyway here is my setup again just in case i miss something- 1) setup SS+Cloak with HirbodBehnam script 2) create Cloudfront following wiki 3) use SS client on Windows, set its 'Server IP' to Cloudfront domainname xxxxxxxxxx.cloudfront.net, and 'Plugin Option' - Transport=CDN;UID=xxxxxxxxxxxxxxx\=\=;PublicKey=xxxxxxxxxxxxx\=;ServerName=xxxxxxxxx.cloudfront.net;BrowserSig=chrome;NumConn=4;ProxyMethod=shadowsocks;EncryptionMethod=plain;StreamTimeout=300 Here is the ckserver.json on the server side: > { "ProxyBook": { "shadowsocks":["tcp","127.0.0.1:58555"] , "panel":["tcp","127.0.0.1:0"] }, "BypassUID": [ "2oaZopNtoCrRPtFIn/XXyw==" ], "BindAddr": [":443", ":80"], "RedirAddr": "204.79.197.200", "PrivateKey": "xxxxxxxxxxxxxx=", "AdminUID": "xxxxxxxxxxxxxxx==", "DatabasePath": "userinfo.db", "StreamTimeout": 300 } Have tried changing the 'RedirAddr' to the Cloudfront domain, but same not working. Please advice, thanks.
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 1, 2020):

shadowsocks - config.json

{
"server":"127.0.0.1",
"server_port":58555,
"password":"xxxxxxxxxxxxx",
"timeout":60,
"method":"chacha20-ietf-poly1305",
"nameserver":"8.8.8.8"
}

<!-- gh-comment-id:684957525 --> @aboka2k commented on GitHub (Sep 1, 2020): shadowsocks - config.json > { "server":"127.0.0.1", "server_port":58555, "password":"xxxxxxxxxxxxx", "timeout":60, "method":"chacha20-ietf-poly1305", "nameserver":"8.8.8.8" }
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@cbeuw commented on GitHub (Sep 1, 2020):

What happens when you visit your xxxx.cloudfront.net address in a browser? Does it show the same thing as if you are visiting 204.79.197.200 in RedirAddr? If yes then your server should be set up correctly and the issue is with the client

<!-- gh-comment-id:684959927 --> @cbeuw commented on GitHub (Sep 1, 2020): What happens when you visit your xxxx.cloudfront.net address in a browser? Does it show the same thing as if you are visiting 204.79.197.200 in RedirAddr? If yes then your server should be set up correctly and the issue is with the client
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@HirbodBehnam commented on GitHub (Sep 1, 2020):

@aboka2k Before you do so, please add :443 to the end of RedirAddr in your server and restart the service (use systemctl restart cloak-server)

<!-- gh-comment-id:684965736 --> @HirbodBehnam commented on GitHub (Sep 1, 2020): @aboka2k Before you do so, please add `:443` to the end of RedirAddr in your server and restart the service (use `systemctl restart cloak-server`)
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 1, 2020):

hi, i hv add 443("RedirAddr": "204.79.197.200:443") and reboot the server. below is the results:

when not connect using SS and browse to 204.79.197.200

Our services aren't available right now

We're working to restore all services as soon as possible. Please check back soon.

0onROXwAAAACbJxpyWuZSRqVpLVyni7fJS1VMMzBFREdFMDIxOQBFZGdl

when not connect to SS and browse to xxxxx.cloudfront.net

400 ERROR

The request could not be satisfied
.
.

when connected to SS and browse to 204.79.197.200 and xxxxx.cloudfront.net

500 Internal Privoxy Error

Privoxy encountered an error while processing your request:

Could not load template file no-server-data or one of its included components.
Please contact your proxy administrator.
If you are the proxy administrator, please put the required file(s)in the (confdir)/templates directory. The location of the (confdir) directory is specified in the main Privoxy config file. (It's typically the Privoxy install directory).

when connected to SS and browse to google

This site can’t be reached
.
.

<!-- gh-comment-id:684981756 --> @aboka2k commented on GitHub (Sep 1, 2020): hi, i hv add 443("RedirAddr": "204.79.197.200:443") and reboot the server. below is the results: when not connect using SS and browse to 204.79.197.200 > <h2>Our services aren't available right now</h2><p>We're working to restore all services as soon as possible. Please check back soon.</p>0onROXwAAAACbJxpyWuZSRqVpLVyni7fJS1VMMzBFREdFMDIxOQBFZGdl when not connect to SS and browse to xxxxx.cloudfront.net > 400 ERROR The request could not be satisfied . . when connected to SS and browse to 204.79.197.200 and xxxxx.cloudfront.net > 500 Internal Privoxy Error Privoxy encountered an error while processing your request: Could not load template file no-server-data or one of its included components. Please contact your proxy administrator. If you are the proxy administrator, please put the required file(s)in the (confdir)/templates directory. The location of the (confdir) directory is specified in the main Privoxy config file. (It's typically the Privoxy install directory). when connected to SS and browse to google > This site can’t be reached . .
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 1, 2020):

the RedirAddr will work if i put my server IP with https(https://xx.xx.xx.xx) and it will be forward to 204.79.197.200 and show this:

Our services aren't available right now

We're working to restore all services as soon as possible. Please check back soon.

0BXlOXwAAAADVvd6rlhxxSJa+Wl9xUSqwTEFYRURHRTE0MTEARWRnZQ==

it seems like cloudfront not pointing to the server? as xxxxx.cloudfront.net by right should show the same 'error'. i follow everything in the wiki(the rest not mention is default)-
Origin Domain Name - mydomain.com and point to vps
Origin SSL Protocols: TLSv1.2 only
Origin Protocol Policy: HTTP Only
HTTP Port: 443
Viewer Protocol Policy: HTTP and HTTPS
SSL Certificate: Default
Supported HTTP Versions: HTTP/2, HTTP/1.1, HTTP/1.0

Thank you,

<!-- gh-comment-id:684985769 --> @aboka2k commented on GitHub (Sep 1, 2020): the RedirAddr will work if i put my server IP with https(https://xx.xx.xx.xx) and it will be forward to 204.79.197.200 and show this: ><h2>Our services aren't available right now</h2><p>We're working to restore all services as soon as possible. Please check back soon.</p>0BXlOXwAAAADVvd6rlhxxSJa+Wl9xUSqwTEFYRURHRTE0MTEARWRnZQ== it seems like cloudfront not pointing to the server? as xxxxx.cloudfront.net by right should show the same 'error'. i follow everything in the wiki(the rest not mention is default)- Origin Domain Name - mydomain.com and point to vps Origin SSL Protocols: TLSv1.2 only Origin Protocol Policy: HTTP Only HTTP Port: 443 Viewer Protocol Policy: HTTP and HTTPS SSL Certificate: Default Supported HTTP Versions: HTTP/2, HTTP/1.1, HTTP/1.0 Thank you,
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@cbeuw commented on GitHub (Sep 1, 2020):

OK i think i know why: Cloudfront doesn't like sending HTTP requests over 443 anymore, so you need to change HTTP Port in Origin setting to 80.

I'll update the wiki to reflect this

<!-- gh-comment-id:685000679 --> @cbeuw commented on GitHub (Sep 1, 2020): OK i think i know why: Cloudfront doesn't like sending HTTP requests over 443 anymore, so you need to change `HTTP Port` in Origin setting to 80. I'll update the wiki to reflect this
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 1, 2020):

OK i think i know why: Cloudfront doesn't like sending HTTP requests over 443 anymore, so you need to change HTTP Port in Origin setting to 80.

I'll update the wiki to reflect this

i hv change the HTTP port to 80 in Cloudfront and try access the vps using the domainname on chrome. but it gets -

504 ERROR
The request could not be satisfied
T5yZfU9UG5

<!-- gh-comment-id:685014531 --> @aboka2k commented on GitHub (Sep 1, 2020): > OK i think i know why: Cloudfront doesn't like sending HTTP requests over 443 anymore, so you need to change `HTTP Port` in Origin setting to 80. > > I'll update the wiki to reflect this i hv change the HTTP port to 80 in Cloudfront and try access the vps using the domainname on chrome. but it gets - > 504 ERROR The request could not be satisfied ![T5yZfU9UG5](https://user-images.githubusercontent.com/58401182/91885747-de8bd680-ecba-11ea-9cd4-53870c44d74f.png)
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 1, 2020):

my domain: orca.gq
cloudfront domain: d35q91vx742fcp.cloudfront.net

<!-- gh-comment-id:685015267 --> @aboka2k commented on GitHub (Sep 1, 2020): my domain: orca.gq cloudfront domain: d35q91vx742fcp.cloudfront.net
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 1, 2020):

Delivery Method Web
Cookie Logging Off
Distribution Status Deployed
Comment -
Price Class Use Only U.S., Canada and Europe
AWS WAF Web ACL -
State Enabled
Alternate Domain Names (CNAMEs) -
SSL Certificate Default CloudFront Certificate (*.cloudfront.net)
Domain Name d35q91vx742fcp.cloudfront.net
Custom SSL Client Support -
Security Policy TLSv1
Supported HTTP Versions HTTP/2, HTTP/1.1, HTTP/1.0
IPv6 Enabled

<!-- gh-comment-id:685016986 --> @aboka2k commented on GitHub (Sep 1, 2020): > Delivery Method Web Cookie Logging Off Distribution Status Deployed Comment - Price Class Use Only U.S., Canada and Europe AWS WAF Web ACL - State Enabled Alternate Domain Names (CNAMEs) - SSL Certificate Default CloudFront Certificate (*.cloudfront.net) Domain Name d35q91vx742fcp.cloudfront.net Custom SSL Client Support - Security Policy TLSv1 Supported HTTP Versions HTTP/2, HTTP/1.1, HTTP/1.0 IPv6 Enabled
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 1, 2020):

its very late now and hvto work tomorrow. will try to think of some solutions and if still no other clue, will try to contact AWS tomorrow evening. as it seems that CF cant connect to the vps now. will post here if got any updates. thank you.

<!-- gh-comment-id:685026063 --> @aboka2k commented on GitHub (Sep 1, 2020): its very late now and hvto work tomorrow. will try to think of some solutions and if still no other clue, will try to contact AWS tomorrow evening. as it seems that CF cant connect to the vps now. will post here if got any updates. thank you.
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 2, 2020):

hi, hv post to AWS community forum and waiting for a reply.

This is what chrome shows when browse to https://orca.gq. Any chance this is why CF wont show this page bcoz of the cert issue?
chrome_fN7LZcAGcF

Thanks,

<!-- gh-comment-id:685698935 --> @aboka2k commented on GitHub (Sep 2, 2020): hi, hv post to AWS community forum and waiting for a reply. This is what chrome shows when browse to https://orca.gq. Any chance this is why CF wont show this page bcoz of the cert issue? ![chrome_fN7LZcAGcF](https://user-images.githubusercontent.com/58401182/91980665-3299c800-ed5a-11ea-8fdd-05fd4d18bef7.png) Thanks,
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Sep 3, 2020):

already 2 days but still no one reply on their forum. try to contact support but we need to pay them monthly fees?? bummer. hvto pay for support when we are buying their service.....

<!-- gh-comment-id:686371665 --> @aboka2k commented on GitHub (Sep 3, 2020): already 2 days but still no one reply on their forum. try to contact support but we need to pay them monthly fees?? bummer. hvto pay for support when we are buying their service.....
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@notsure2 commented on GitHub (Dec 11, 2020):

There is a bug in Cloak / oversight. In case your shadowsocks client is passing cloak the remote addr as IP instead of the original domain, Cloak sets the wrong Http Host header causing the CDN mode to fail. (This issue happens on shadowsocks-android). A new config key is required to explicitly control the Http Host field regardless of what is set as remote address. This also allows domain fronting to work. I will make a pull request.

<!-- gh-comment-id:742904583 --> @notsure2 commented on GitHub (Dec 11, 2020): There is a bug in Cloak / oversight. In case your shadowsocks client is passing cloak the remote addr as IP instead of the original domain, Cloak sets the wrong Http Host header causing the CDN mode to fail. (This issue happens on shadowsocks-android). A new config key is required to explicitly control the Http Host field regardless of what is set as remote address. This also allows domain fronting to work. I will make a pull request.
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@aboka2k commented on GitHub (Dec 11, 2020):

There is a bug in Cloak / oversight. In case your shadowsocks client is passing cloak the remote addr as IP instead of the original domain, Cloak sets the wrong Http Host header causing the CDN mode to fail. (This issue happens on shadowsocks-android). A new config key is required to explicitly control the Http Host field regardless of what is set as remote address. This also allows domain fronting to work. I will make a pull request.

@notsure2 this is great news! though it will jus not work, thank you very much. although im not using it now, but other members will surely gain alot from this.

p/s- read ur msg again, you mention this happens on android, but i think it happens on my windows 7 machine too beside android. but if could make android works, then its a big success already

<!-- gh-comment-id:742940182 --> @aboka2k commented on GitHub (Dec 11, 2020): > There is a bug in Cloak / oversight. In case your shadowsocks client is passing cloak the remote addr as IP instead of the original domain, Cloak sets the wrong Http Host header causing the CDN mode to fail. (This issue happens on shadowsocks-android). A new config key is required to explicitly control the Http Host field regardless of what is set as remote address. This also allows domain fronting to work. I will make a pull request. @notsure2 this is great news! though it will jus not work, thank you very much. although im not using it now, but other members will surely gain alot from this. p/s- read ur msg again, you mention this happens on android, but i think it happens on my windows 7 machine too beside android. but if could make android works, then its a big success already
kerem commented 2026-02-26 12:33:59 +03:00
Author
Owner
Copy link

@notsure2 commented on GitHub (Dec 11, 2020):

https://github.com/cbeuw/Cloak/pull/143

<!-- gh-comment-id:742943987 --> @notsure2 commented on GitHub (Dec 11, 2020): https://github.com/cbeuw/Cloak/pull/143
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
renovate/go-github.com-refraction-networking-utls-vulnerability
dependabot/go_modules/golang.org/x/crypto-0.45.0
utls-1.7.0
deps-20250430
padding
docker-tests
ptspec
legacy-v1
v2.12.0
v2.11.0
v2.10.0
v2.9.0
v2.8.0
v2.7.1-pre
v2.7.0
v2.6.1
v2.6.0
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.1
v2.4.0
v2.3.2
v2.3.1
v2.3.0
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.2
v2.0.1
v2.0.0
v1.1.2
v1.1.1
v1.1.0
v1.0.0
v0.2.0
v0.1.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Cloak#104
No description provided.