[GH-ISSUE #2] 使用后浏览器报错，客户端日志输出乱码，服务端日志输出证书有问题 #3

New issue

Closed

opened 2026-02-27 23:14:51 +03:00 by kerem · 3 comments

kerem commented 2026-02-27 23:14:51 +03:00

Owner

Copy link

Originally created by @ghost on GitHub (Sep 24, 2017).
Original GitHub issue: https://github.com/snail007/goproxy/issues/2

一切按教程操作后，浏览器扩展设置HTTPS代理 127.0.0.1 33080
然后Chrome浏览器报错 [代理服务器有误，请检查...] ，如果改成HTTP代理则变成 [xxx.xx 未发送任何数据]

客户端HTTPS代理时提示：

2017/09/24 12:26:19 conn 127.0.0.1:52513 - x.x.x.x:33080 [:80] connected
2017/09/24 12:26:19 conn 127.0.0.1:52513 - x.x.x.x:33080 [:80] released
2017/09/24 12:26:23 pool deamon err dial tcp x.x.x.x:33080: i/o timeout , release pool
2017/09/24 12:26:34 conn 127.0.0.1:52528 - x.x.x.x:33080 [:80] connected
2017/09/24 12:26:34 conn 127.0.0.1:52528 - x.x.x.x:33080 [:80] released
2017/09/24 12:27:26 data err:

# 我发现这些乱码复制不出来...

客户端HTTP代理时提示：

2017/09/24 12:32:16 conn 127.0.0.1:52772 - x.x.x.x:33080 [www.google.com:443] connected
2017/09/24 12:32:16 conn 127.0.0.1:52772 - x.x.x.x:33080 [www.google.com:443] released
2017/09/24 12:32:17 conn 127.0.0.1:52773 - x.x.x.x:33080 [www.google.com:443] connected
2017/09/24 12:32:17 conn 127.0.0.1:52773 - x.x.x.x:33080 [www.google.com:443] released

服务端无论什么都是提示：

2017/09/24 20:26:18 read err:remote error: tls: bad certificate

证书是通过 ./proxy keygen 生成的。

# 服务器上面的openssl版本
# openssl version
OpenSSL 1.0.1e 11 Feb 2013

客户端设备上也尝试安装这个证书，不过没什么用。
服务器系统 Debian7 x64、本地设备系统 Windows7 32位

Originally created by @ghost on GitHub (Sep 24, 2017). Original GitHub issue: https://github.com/snail007/goproxy/issues/2 一切按教程操作后，浏览器扩展设置HTTPS代理 127.0.0.1 33080 然后Chrome浏览器报错 [代理服务器有误，请检查...] ，如果改成HTTP代理则变成 [xxx.xx 未发送任何数据] ### 客户端HTTPS代理时提示： ``` 2017/09/24 12:26:19 conn 127.0.0.1:52513 - x.x.x.x:33080 [:80] connected 2017/09/24 12:26:19 conn 127.0.0.1:52513 - x.x.x.x:33080 [:80] released 2017/09/24 12:26:23 pool deamon err dial tcp x.x.x.x:33080: i/o timeout , release pool 2017/09/24 12:26:34 conn 127.0.0.1:52528 - x.x.x.x:33080 [:80] connected 2017/09/24 12:26:34 conn 127.0.0.1:52528 - x.x.x.x:33080 [:80] released 2017/09/24 12:27:26 data err:
# 我发现这些乱码复制不出来... ``` ### 客户端HTTP代理时提示： ``` 2017/09/24 12:32:16 conn 127.0.0.1:52772 - x.x.x.x:33080 [www.google.com:443] connected 2017/09/24 12:32:16 conn 127.0.0.1:52772 - x.x.x.x:33080 [www.google.com:443] released 2017/09/24 12:32:17 conn 127.0.0.1:52773 - x.x.x.x:33080 [www.google.com:443] connected 2017/09/24 12:32:17 conn 127.0.0.1:52773 - x.x.x.x:33080 [www.google.com:443] released ``` ### 服务端无论什么都是提示： ``` 2017/09/24 20:26:18 read err:remote error: tls: bad certificate ``` 证书是通过 `./proxy keygen` 生成的。 ``` # 服务器上面的openssl版本 # openssl version OpenSSL 1.0.1e 11 Feb 2013 ``` 客户端设备上也尝试安装这个证书，不过没什么用。 服务器系统 Debian7 x64、本地设备系统 Windows7 32位

kerem 2026-02-27 23:14:51 +03:00

• closed this issue
• added the
  good first issue
  label

kerem commented 2026-02-27 23:14:58 +03:00

Author

Owner

Copy link

@snail007 commented on GitHub (Sep 25, 2017):

你好,你的问题貌似是服务器端和本地的证书不一致导致的,read err:remote error: tls: bad certificate这个意思就是证书不一致导致的,你可以把你的服务端启动命令参数和本地的启动命令参数贴出来,才能进一步找出问题.
下面给你一个简短的步骤:
1.在vps上执行./proxy keygen,得到proxy.crt和proxy.key
2.下载proxy.crt和proxy.key到本地
3.在vps上执行./proxy -x -p 38080 -f proxy.crt -k proxy.key
4.在本地执行./proxy -X -P "x.x.x.x:38080" -p 33080 -f proxy.crt -k proxy.key
x.x.x.x为vps的IP
5.浏览器设置http代理127.0.0.1:33080

<!-- gh-comment-id:331771516 --> @snail007 commented on GitHub (Sep 25, 2017): 你好,你的问题貌似是服务器端和本地的证书不一致导致的,read err:remote error: tls: bad certificate这个意思就是证书不一致导致的,你可以把你的服务端启动命令参数和本地的启动命令参数贴出来,才能进一步找出问题. 下面给你一个简短的步骤: 1.在vps上执行./proxy keygen,得到proxy.crt和proxy.key 2.下载proxy.crt和proxy.key到本地 3.在vps上执行./proxy -x -p 38080 -f proxy.crt -k proxy.key 4.在本地执行./proxy -X -P "x.x.x.x:38080" -p 33080 -f proxy.crt -k proxy.key x.x.x.x为vps的IP 5.浏览器设置http代理127.0.0.1:33080

kerem commented 2026-02-27 23:14:58 +03:00

Author

Owner

Copy link

@ghost commented on GitHub (Sep 25, 2017):

@snail007
-c proxy.crt 这个代码错误。
-c 是指定配置文件的，应该是 -f 。
-f proxy.crt
经过测试后正常了。
我估计是配置文件的问题吧，因为我昨天测试的时候是看你的图文教程只修改了配置文件内的选项，然后直接运行 proxy 默认读取配置文件选项。
刚才用你给的命令方式运行就正常。

服务端配置文件：

#####################################
##############parent#################
#####################################
#parent proxy address,such as: 223.78.2.33:8090
parent=""

#parent proxy is tls
parent-tls=false

#tcp timeout milliseconds when connect to real server or parent proxy
tcp-timeout=2000

#conn pool size , which connect to parent proxy
pool-size=50

#always use parent proxy
always=false

#####################################
##############local##################
#####################################

#local ip to bind
ip="0.0.0.0"

#local port to listen
port=33080

#local proxy is tls
local-tls=true

#####################################
################tls##################
#####################################

#cert file for tls
cert="proxy.crt"

#key file for tls
key="proxy.key"

#####################################
################protocol#############
#####################################

#proxy on tcp
tcp=false

#####################################
################check################
#####################################

#chekc domain blocked , http request timeout milliseconds when connect to host
check-timeout=3000

#check domain if blocked every interval seconds
check-interval=10

#check if proxy is okay every interval seconds 
#this is very helpful to proxy fix pool status , zero means:no check
check-proxy-interval=3

#blocked domain file , one domain each line
#google.com means (*.)*.google.com
blocked="blocked"

#direct domain file , one domain each line
#qq.com means (*.)*.qq.com
direct="direct"

客户端配置文件：

#####################################
##############parent#################
#####################################
#parent proxy address,such as: 223.78.2.33:8090
parent="x.x.x.x:33080"

#parent proxy is tls
parent-tls=true

#tcp timeout milliseconds when connect to real server or parent proxy
tcp-timeout=2000

#conn pool size , which connect to parent proxy
pool-size=50

#always use parent proxy
always=false

#####################################
##############local##################
#####################################

#local ip to bind
ip="0.0.0.0"

#local port to listen
port=33080

#local proxy is tls
local-tls=false

#####################################
################tls##################
#####################################

#cert file for tls
cert="proxy.crt"

#key file for tls
key="proxy.key"

#####################################
################protocol#############
#####################################

#proxy on tcp
tcp=false

#####################################
################check################
#####################################

#chekc domain blocked , http request timeout milliseconds when connect to host
check-timeout=3000

#check domain if blocked every interval seconds
check-interval=10

#check if proxy is okay every interval seconds 
#this is very helpful to proxy fix pool status , zero means:no check
check-proxy-interval=3

#blocked domain file , one domain each line
#google.com means (*.)*.google.com
blocked="blocked"

#direct domain file , one domain each line
#qq.com means (*.)*.qq.com
direct="direct"

<!-- gh-comment-id:331773967 --> @ghost commented on GitHub (Sep 25, 2017): @snail007 `-c proxy.crt` 这个代码错误。 -c 是指定配置文件的，应该是 -f 。 `-f proxy.crt` 经过测试后正常了。 我估计是配置文件的问题吧，因为我昨天测试的时候是看你的图文教程只修改了配置文件内的选项，然后直接运行 proxy 默认读取配置文件选项。 刚才用你给的命令方式运行就正常。 ### 服务端配置文件： ``` ##################################### ##############parent################# ##################################### #parent proxy address,such as: 223.78.2.33:8090 parent="" #parent proxy is tls parent-tls=false #tcp timeout milliseconds when connect to real server or parent proxy tcp-timeout=2000 #conn pool size , which connect to parent proxy pool-size=50 #always use parent proxy always=false ##################################### ##############local################## ##################################### #local ip to bind ip="0.0.0.0" #local port to listen port=33080 #local proxy is tls local-tls=true ##################################### ################tls################## ##################################### #cert file for tls cert="proxy.crt" #key file for tls key="proxy.key" ##################################### ################protocol############# ##################################### #proxy on tcp tcp=false ##################################### ################check################ ##################################### #chekc domain blocked , http request timeout milliseconds when connect to host check-timeout=3000 #check domain if blocked every interval seconds check-interval=10 #check if proxy is okay every interval seconds #this is very helpful to proxy fix pool status , zero means:no check check-proxy-interval=3 #blocked domain file , one domain each line #google.com means (*.)*.google.com blocked="blocked" #direct domain file , one domain each line #qq.com means (*.)*.qq.com direct="direct" ``` ### 客户端配置文件： ``` ##################################### ##############parent################# ##################################### #parent proxy address,such as: 223.78.2.33:8090 parent="x.x.x.x:33080" #parent proxy is tls parent-tls=true #tcp timeout milliseconds when connect to real server or parent proxy tcp-timeout=2000 #conn pool size , which connect to parent proxy pool-size=50 #always use parent proxy always=false ##################################### ##############local################## ##################################### #local ip to bind ip="0.0.0.0" #local port to listen port=33080 #local proxy is tls local-tls=false ##################################### ################tls################## ##################################### #cert file for tls cert="proxy.crt" #key file for tls key="proxy.key" ##################################### ################protocol############# ##################################### #proxy on tcp tcp=false ##################################### ################check################ ##################################### #chekc domain blocked , http request timeout milliseconds when connect to host check-timeout=3000 #check domain if blocked every interval seconds check-interval=10 #check if proxy is okay every interval seconds #this is very helpful to proxy fix pool status , zero means:no check check-proxy-interval=3 #blocked domain file , one domain each line #google.com means (*.)*.google.com blocked="blocked" #direct domain file , one domain each line #qq.com means (*.)*.qq.com direct="direct" ```

kerem commented 2026-02-27 23:14:58 +03:00

Author

Owner

Copy link

@snail007 commented on GitHub (Sep 28, 2017):

问题解决就好,目测配置文件没什么问题,只能手动执行,看看输出什么日志才能进一步排查.

<!-- gh-comment-id:332761805 --> @snail007 commented on GitHub (Sep 28, 2017): 问题解决就好,目测配置文件没什么问题,只能手动执行,看看输出什么日志才能进一步排查.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v15.2

v15.1

v15.0

Labels

Clear labels   

TODO

  

bug

  

duplicate

  

enhancement

  

good first issue

  

help wanted

  

helpful

  

invalid

  

need-confirm

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

No labels

TODO

bug

duplicate

enhancement

good first issue

help wanted

helpful

invalid

need-confirm

pull-request

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/goproxy#3

No description provided.