Comments (7)
Cloudfront definitely used to work ~3 years ago. I haven't tested it since but will look into it again. It's possible though that they just shut off domain fronting like cloudflare did.
from cloak.
Also I see that you're using UDP. UDP support isn't the best polished and I don't think I ever tested it through CDN (in theory it should work, but in practice...). Could you try to run OVPN on a TCP port?
from cloak.
Hi @cbeuw ! Thank you for prompt response!
I tried running openvpn with TCP and also tried TOR (as a "well understood" TCP service)
In CDN mode it immediately results in "failed to handshake: websocket: bad handshake"
So it looks like either CDN mode is fully broken or Amazon tweaked something that needs to be accounted for (I suspect caching / response policies on Cloudfront side may be to blame, but I tried running both with caching disabled and with several policy variants, with exactly same response)
from cloak.
I'm sorry but I probably won't have time to investigate this until August as I have a thesis deadline in a week. While there is definitely something to be fixed, for now may I ask if it's fully necessary that you run it behind a CDN? Because a *.compute.amazonaws.com
is highly unlikely to be blocked, and even if one did you could restart your EC2 instance to get a new domain.
from cloak.
No problem, I think I can get away using direct connection for the time being (worst come to worst I'll have to shut down + start up the EC2 instance to get new IPs every now and then)
I'll report back about how it goes
BTW, when you get some time for CDN fixes in august, could you also please look into figuring out the right settings for FLY.IO ?
They have very appealing free tier offering and are "CDN by default" (mandatory CDN for free tier dwellers, functionally)
from cloak.
CDN mode means that Cloak client expects to connect to a real HTTPS server, and then do a websocket connection to your origin server. So you have to setup your origin server web server to proxy websocket connection to Cloak, or you have to run Cloak itself as the origin webserver (aka port 80). Then CDN mode will work.
Cloak server to accept CDN mode, it accepts an incoming HTTP (not HTTPS) connection with websocket form and a magic header sent by Cloak client containing the crypto challenge. Cloak cannot accept CDN mode on HTTPS simply because it doesn't have a real SSL certificate and cannot do a full proper SSL handshake in response to the incoming HTTPS connection. However, you can engineer a complicated solution that works both ways as follows:
Run cloak on port 443 and make the rediraddr your local nginx instance setup with a real SSL certificate, then setup your nginx to redirect http connections with the Cdn origin path you set in the config (or the magic header I can't remember its name I think it was called "Hidden") back to cloak on port 443 using the http (not https) protocol.
from cloak.
Well, for what it's worth when I was trying to set it up I had Cloak listen both on 80 and 443 and that did not help, but I'll try again when I'm back to civilized country
from cloak.
Related Issues (20)
- Question about EncryptionMethod for wireguard traffic HOT 4
- update browser signature
- Error: stuck at attemping to start a session HOT 1
- (可能是白痴问题)Cloak可以直接使用Xray-Core的uTLS指纹库吗?
- WARP Cloudflare to Cloak Config HOT 1
- Please allow having both TCP and UDP in same instance / same proxybook HOT 2
- feature suggestions (2): more aggressive connection checking when there's activity on listening port + minor unrelated DNS stuff
- intermittent long stalling when using UDP EDIT: TCP likely affected too. Problem resolvable by Cloak client restart HOT 4
- Anomalous behavior of TCP cloak (also UDP but less important) when using Android Hotspot, unlikely to be TTL / operator filtering HOT 32
- A spontaneous problem with Cloak-TCP (caught a crash log this time) HOT 5
- Voice call not working HOT 1
- ck-client hangs on wake from suspend
- RedirAddr behaves quite odd when BindAddr is changed to "non-default" ports ...
- Domain or IP
- File naming differences? HOT 1
- Use the same keys in differents servers HOT 4
- Tls 1.3
- Shadowsocks-Rust and Cloak HOT 6
- Is it possible to add ck-server support for Windows?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloak.