Fails on CentOS 7
Closed this issue · 15 comments
I had a previous version of Cloak2 installed and working. I ran your script to update the install. Since there was no option to install or update, I chose to uninstall. After rebooting the server, I ran your script again and chose the install option. It fails to install ShadowSocks (shadowsocks-libev-3.2.0-2.el7. FAILED).
I ran your script a second time and chose the uninstall option and rebooted the server. I manually installed Shadowsocks before running your script. I ran your script again and chose the install option. It uninstalled Shadowsocks and failed to re-install it!
How do I get my server working again?
Hello
Does it fail with specific error? For example conflict error or etc?
Hello
I tested the copr-be.cloud.fedoraproject.org out and it was fine on two of my servers.
For firewallD, later I will add some options to check if the firewall is running or not, and ask the user if he likes to enable firewallD.
And for the last problem, can you send the logs of systemctl status cloak-server?
# systemctl status cloak-server
? cloak-server.service - Cloak Server Service
Loaded: loaded (/etc/systemd/system/cloak-server.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-11-28 10:21:15 EST; 8min ago
Main PID: 833 (ck-server)
CGroup: /system.slice/cloak-server.service
??833 /usr/local/bin/ck-server -c ckserver.json
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42594" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42596" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42604" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42570" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42612" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42614" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42616" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42626" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42606" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42608" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42630" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42632" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42638" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42644" sessionId=0
Nov 28 10:30:09 www.my_REDACTED_site.com ck-server[833]: time="2019-11-28T10:30:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:42628" sessionId=0
Did you updated the client side cloak?
Did you updated the client side cloak?
Yes, I used the example from https://github.com/cbeuw/Cloak/archive/v2.1.2.zip. I replaced the keys and server with the correct info.
Here's more info:
cbeuw/Cloak#79 (comment)
I don't feel comfortable posting my actual config files with the real keys, website and IP addresses. I can share them with you privately if you need them.
I just checked, again, and it appears to have failed on its own:
# systemctl status cloak-server
? cloak-server.service - Cloak Server Service
Loaded: loaded (/etc/systemd/system/cloak-server.service; enabled; vendor preset: disabled)
Active: failed (Result: signal) since Thu 2019-11-28 12:06:17 EST; 6h ago
Process: 1521 ExecStart=/usr/local/bin/ck-server -c ckserver.json (code=killed, signal=KILL)
Main PID: 1521 (code=killed, signal=KILL)
Nov 28 12:06:08 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:06-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40786" sessionId=0
Nov 28 12:06:09 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:07-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40790" sessionId=0
Nov 28 12:06:10 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:07-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40794" sessionId=0
Nov 28 12:06:11 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:08-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40798" sessionId=0
Nov 28 12:06:12 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40800" sessionId=0
Nov 28 12:06:13 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:09-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40802" sessionId=0
Nov 28 12:06:15 www.my_REDACTED_site.com ck-server[1521]: time="2019-11-28T12:06:11-05:00" level=warning msg="duplicate random" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:40804" sessionId=0
Nov 28 12:06:17 www.my_REDACTED_site.com systemd[1]: cloak-server.service: main process exited, code=killed, status=9/KILL
Nov 28 12:06:17 www.my_REDACTED_site.com systemd[1]: Unit cloak-server.service entered failed state.
Nov 28 12:06:17 www.my_REDACTED_site.com systemd[1]: cloak-server.service failed.
Another question;
Does this thing happen when you install the cloak manually? (without the script)
My attempts to manually install Cloak have been unsuccessful because the instructions on the Cloak Github page are not detailed enough for me to get it working. I have tried on different server instances. That's why I used your script. Your script worked for me previously. I used an earlier version of the script to update Cloak, several month ago, on my production server.
Does your script totally remove all traces of the previous installation of Cloak/Shadowsocks and reset all settings? I'm wondering if some remnant of the previous install is causing the issue.
Please tell me if the current version of the Cloak plug-in still supports redirecting non-client (regular HTTPS) traffic to a local web server. It seems the current version does not allow adding a port number to the redirect IP address (e.g., 127.0.0.1:123). If you cannot add a port number to the redirect IP address, then how can the server serve a standard, local web page to non-client traffic?
Hello
Depends; For example if you had compiled the shadowsocks, the script won't remove it. But if your last installation was with my script, it will remove all of the files.
For your next question, I think the answer is no it does not support it. Look here. This means that if the port is present in the config file, Cloak simply ignores it.
And I'm not really sure how you must redirect the traffic to a non 443 port https server.
And can you try to setup my script with default settings? I just want to know if it solves the problem or not. (Even let the redir address be the bing IP)
And can you try to setup my script with default settings? I just want to know if it solves the problem or not. (Even let the redir address be the bing IP)
I already tried uninstalling and re-installing with your script, with default settings. I still encounter the same issue on my production server.
WOW! The main reason I went with GoQuiet and then Cloak was because I could run it on the same server that runs Apache as a web server. It worked flawlessly with previous versions of Cloak. So are you telling me there is no way to do this with the current version of Cloak? I just want to make sure I am understanding you correctly. To my knowledge, you cannot have Apache and Cloak both listen on port 443, correct? That is why I made Apache listen on port 123 and had Cloak redirect regular traffic to port 123.
I tried running your script with defaults, again. However, before running the script, I manually removed rng-tools, haveged and lsof. Next, I ran your script and selected the uninstall option and then I rebooted the server and ran the script again.
I reconfigured my Shadowsocks client and tested. It seems to partially work. Most pages are extremly slow loading and some never load. What do the errors below mean:
systemctl status cloak-server -l
? cloak-server.service - Cloak Server Service
Loaded: loaded (/etc/systemd/system/cloak-server.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2019-12-02 13:55:36 EST; 13min ago
Main PID: 1349 (ck-server)
CGroup: /system.slice/cloak-server.service
??1349 /usr/local/bin/ck-server -c ckserver.json
Dec 02 14:05:03 www.my_REDACTED_site.com ck-server[1349]: time="2019-12-02T14:05:03-05:00" level=warning msg="failed to unmarshal ClientHello into authenticationInfo: malformed key_share" UID= encryptionMethod=0 proxyMethod= remoteAddr="56.247.90.134:48732" sessionId=0
Dec 02 14:05:03 www.my_REDACTED_site.com ck-server[1349]: time="2019-12-02T14:05:03-05:00" level=warning msg="failed to unmarshal ClientHello into authenticationInfo: malformed key_share" UID= encryptionMethod=0 proxyMethod= remoteAddr="107.175.132.187:34932" sessionId=0
Dec 02 14:05:03 www.my_REDACTED_site.com ck-server[1349]: time="2019-12-02T14:05:03-05:00" level=warning msg="failed to unmarshal ClientHello into authenticationInfo: malformed key_share" UID= encryptionMethod=0 proxyMethod= remoteAddr="56.247.90.134:48734" sessionId=0
Dec 02 14:05:03 www.my_REDACTED_site.com ck-server[1349]: time="2019-12-02T14:05:03-05:00" level=warning msg="failed to unmarshal ClientHello into authenticationInfo: malformed key_share" UID= encryptionMethod=0 proxyMethod= remoteAddr="107.175.132.187:34948" sessionId=0
Dec 02 14:05:37 www.my_REDACTED_site.com ck-server[1349]: time="2019-12-02T14:05:37-05:00" level=warning msg="transport TLS in correct format but not Cloak: cipher: message authentication failed" UID= encryptionMethod=0 proxyMethod= remoteAddr="198.23.172.66:41458" sessionId=0
Dec 02 14:05:38 www.my_REDACTED_site.com ck-server[1349]: time="2019-12-02T14:05:38-05:00" level=info msg="New session" UID="-REDACTED-==" sessionID=1015995996
Dec 02 14:06:08 www.my_REDACTED_site.com ck-server[1349]: time="2019-12-02T14:06:08-05:00" level=info msg="Session closed" UID="-REDACTED-==" reason=timeout sessionID=1015995996
Dec 02 14:06:35 www.my_REDACTED_site.com ck-server[1349]: time="2019-12-02T14:06:35-05:00" level=info msg="New session" UID="-REDACTED-==" sessionID=2176641424
Dec 02 14:07:07 www.my_REDACTED_site.com ck-server[1349]: time="2019-12-02T14:07:07-05:00" level=warning msg="transport TLS in correct format but not Cloak: cipher: message authentication failed" UID= encryptionMethod=0 proxyMethod= remoteAddr="198.23.172.66:41838" sessionId=0
Dec 02 14:08:37 www.my_REDACTED_site.com ck-server[1349]: time="2019-12-02T14:08:37-05:00" level=warning msg="transport TLS in correct format but not Cloak: cipher: message authentication failed" UID= encryptionMethod=0 proxyMethod= remoteAddr="198.23.172.66:42188" sessionId=0
I have verified that setting 127.0.0.1:123 as the redirect address was causing the initial problem. Cloak no longer supports redirecting non-shadowsocks client traffic to a local webserver the way that it used to.
I have been working on this issue, practically non-stop, since I first reported it. I have rebuilt the CentOS7 server and ran your script with all defaults. I still get the same error indicated in my most recent post. I even rebuilt the server, again, and used a different installation script from another Github repository and got the same exact results. I have concluded that the later versions of Cloak just do not work correctly on CentOS 7. Some pages never load and some take a very long time to load.
My latest test was to reinstall Shadowsocks and the v2ray-plugin. It is working better than Cloak ever did. Fast page loads and it does not drop the connection. Plus I can redirect to my local server with HTTPS or any other HTTPS public web page without encountering the SSL cert mismatch errors that I got when using Cloak.
Thanks for your help. I will watch for any updates and continue testing.
So it might be a server issue if another script is also failing. I might be a cloak incompatibility.
I'm closing this issue because you said another script also generated the same results.
Feel free to tell me to reopen it if you think that it is still a script problem.