starred/Cloak
1
0
Fork 0
mirror of https://github.com/cbeuw/Cloak.git synced 2026-04-26 04:55:58 +03:00
Code Issues 144 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #214] Cloak behind Caddy reverse-proxy is unreachable with Android app. #175

New issue
Open
opened 2026-02-26 12:34:11 +03:00 by kerem · 1 comment
kerem commented 2026-02-26 12:34:11 +03:00
Owner
Copy link

Originally created by @schebotar on GitHub (Feb 21, 2023).
Original GitHub issue: https://github.com/cbeuw/Cloak/issues/214

Hello.
I have running docker containers with cloak, shadowsocks and Caddy.
Caddy is configured to redirect requests from my domain to cloak container like this

my.domain.net {
        reverse_proxy cloak:443
}

Request my.domain.net from Firefox seems ok. Cloak logs:

cloak  | time="2023-02-21T14:28:34Z" level=warning msg="failed to unmarshal hidden data from WS into authFragments: non (or malformed) HTTP GET" UID= encryptionMethod=0 proxyMethod= remoteAddr="10.10.0.3:43138" sessionId=0

10.10.0.3 is Caddy container IP

But i can't establish connection from Android Shadowsocks client. Cloak logs are silent.

Bypassing cloak container port to server port 8443 works fine. docker-compose:

ports:
  - "8443:443"

And android app works great with 8443 in settings.

Did I miss something in Caddy settings?

Originally created by @schebotar on GitHub (Feb 21, 2023). Original GitHub issue: https://github.com/cbeuw/Cloak/issues/214 Hello. I have running docker containers with cloak, shadowsocks and Caddy. Caddy is configured to redirect requests from my domain to cloak container like this ``` my.domain.net { reverse_proxy cloak:443 } ``` Request my.domain.net from Firefox seems ok. Cloak logs: ``` cloak | time="2023-02-21T14:28:34Z" level=warning msg="failed to unmarshal hidden data from WS into authFragments: non (or malformed) HTTP GET" UID= encryptionMethod=0 proxyMethod= remoteAddr="10.10.0.3:43138" sessionId=0 ``` 10.10.0.3 is Caddy container IP But i can't establish connection from Android Shadowsocks client. Cloak logs are silent. Bypassing cloak container port to server port 8443 works fine. docker-compose: ``` ports: - "8443:443" ``` And android app works great with 8443 in settings. Did I miss something in Caddy settings?
kerem commented 2026-02-26 12:34:11 +03:00
Author
Owner
Copy link

@valerius2k commented on GitHub (May 3, 2023):

See my comment in ticket #219. You need "Transport" setting in Cloak client settings to be set to "CDN", not "direct" if you put Cloak behind a reverse proxy. Found that suddenly when experimenting with Cloak and Nginx.

<!-- gh-comment-id:1532544480 --> @valerius2k commented on GitHub (May 3, 2023): See my comment in ticket #219. You need "Transport" setting in Cloak client settings to be set to "CDN", not "direct" if you put Cloak behind a reverse proxy. Found that suddenly when experimenting with Cloak and Nginx.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
renovate/go-github.com-refraction-networking-utls-vulnerability
dependabot/go_modules/golang.org/x/crypto-0.45.0
utls-1.7.0
deps-20250430
padding
docker-tests
ptspec
legacy-v1
v2.12.0
v2.11.0
v2.10.0
v2.9.0
v2.8.0
v2.7.1-pre
v2.7.0
v2.6.1
v2.6.0
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.1
v2.4.0
v2.3.2
v2.3.1
v2.3.0
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.2
v2.0.1
v2.0.0
v1.1.2
v1.1.1
v1.1.0
v1.0.0
v0.2.0
v0.1.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Cloak#175
No description provided.