Giter VIP home page Giter VIP logo

Comments (20)

RPRX avatar RPRX commented on June 4, 2024 5

证书/日志 权限问题导致启动失败非常常见,安装脚本是根据 fhs-install-v2ray 修改而来的,之前我在那边的建议是用 root(但没有改),用非 root 用户也不是完全没有好处,减少了潜在的风险。

这里计划加上更多提示。

另外,打算精简日志中的路径(如果可以做到的话)。

from xray-core.

Ciacconas avatar Ciacconas commented on June 4, 2024 3

我搞清楚了,官方的xray.service用的是nobody执行的命令,但是读取crt和key的时候如果这两个文件是属于root的不让nobody看,那xray就没法启动。反之,我之前用命令行启动用的就是root,那读取crt和key就没什么问题。

这样的话,请问官方用nobody执行systemd服务有什么别的好处吗,没有的话是不是可以换成用root执行? @RPRX 大佬

from xray-core.

xiaoyaoyuxin avatar xiaoyaoyuxin commented on June 4, 2024 3

很奇怪,已经用了新版的脚本,bash <(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh) install -u root
依然会有命令行成功,systemd失败的情形。
改了证书上级目录的600权限为755,才能够启动。

from xray-core.

avatar commented on June 4, 2024 3

证书的所有者是root。
我用的宝塔面板管理网站、域名和证书,其中证书的位置是/www/server/panel/vhost/cert/域名/,从panel开始下级目录的权限都是600,所有者为root,能用root命令行启动,但无法用systemd启动,root模式下的systemd也不行。把权限改为755之后,systemd才行。很奇怪,感觉应该是我自己哪个地方没配好,但确实找不到原因。

@xiaoyaoyuxin 你看看这个 XTLS/Xray-install#12 有没有类似情况?

from xray-core.

xiaoyaoyuxin avatar xiaoyaoyuxin commented on June 4, 2024 2

很奇怪,已经用了新版的脚本,bash <(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh) install -u root
依然会有命令行成功,systemd失败的情形。
改了证书上级目录的600权限为755,才能够启动。

你看看证书及证书目录的所有者,如果所有者是nobody,root用户无法读取是正常的 @xiaoyaoyuxin

证书的所有者是root。
我用的宝塔面板管理网站、域名和证书,其中证书的位置是/www/server/panel/vhost/cert/域名/,从panel开始下级目录的权限都是600,所有者为root,能用root命令行启动,但无法用systemd启动,root模式下的systemd也不行。把权限改为755之后,systemd才行。很奇怪,感觉应该是我自己哪个地方没配好,但确实找不到原因。

from xray-core.

UJX6N avatar UJX6N commented on June 4, 2024

用root算了,简单些。证书很多时候多个应用都要访问的,我nginx、caddy、xray用一套证书,然后nginx用root启动,caddy用caddy启动,现在ray又要nobody启动,这不折腾吗。所以我都自己把ray改成root起的。

from xray-core.

heheheaa avatar heheheaa commented on June 4, 2024

我用的root启动,因为我要用caddy申请的证书,caddy用的caddy启动

from xray-core.

xiaoyaoyuxin avatar xiaoyaoyuxin commented on June 4, 2024

我也建议用root.,我的证书是用宝塔申请,自动更新的,用root方便些。

from xray-core.

RPRX avatar RPRX commented on June 4, 2024

请使用最新的脚本 https://github.com/XTLS/Xray-install

from xray-core.

RPRX avatar RPRX commented on June 4, 2024

话说,systemctl status xray 能否同时显示错误信息?这样就不用靠猜了 @kirin10000

from xray-core.

avatar commented on June 4, 2024

话说,systemctl status xray 能否同时显示错误信息?这样就不用靠猜了 @kirin10000

@RPRX 啊,我好像很早就和你说过能把能否把文件权限的错误信息显示到systemctl status xray,这样大部分证书权限的问题就能知道这是权限问题引起的了。
我觉得只要在xray打开证书文件失败时输出一条相关信息到标准输出流就能在上面显示出来了

from xray-core.

RPRX avatar RPRX commented on June 4, 2024

@kirin10000 v1.1.5 是 fmt.Println 了错误信息且退出码为 23,你看看有没有问题

from xray-core.

avatar commented on June 4, 2024

很奇怪,已经用了新版的脚本,bash <(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh) install -u root
依然会有命令行成功,systemd失败的情形。
改了证书上级目录的600权限为755,才能够启动。

你看看证书及证书目录的所有者,如果所有者是nobody,root用户无法读取是正常的 @xiaoyaoyuxin

from xray-core.

avatar commented on June 4, 2024

@kirin10000 v1.1.5 是 fmt.Println 了错误信息且退出码为 23,你看看有没有问题

@RPRX 试了,能在systemctl status xray 中看到证书权限错误的日志,但是输出日志太长了,要按→才能看得见。可以试试输出两行

from xray-core.

GleenJi avatar GleenJi commented on June 4, 2024

这是我的,我一直这么用,没啥问题
[Unit]
Description=Xray Service
Documentation=https://github.com/xtls
After=network.target nss-lookup.target

[Service]
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/overgfw/xray/bin/xray run -config /overgfw/xray/etc/config.json
Restart=on-failure
RestartPreventExitStatus=23

Self-Added Environment

Environment=XRAY_LOCATION_ASSET=/overgfw/xray/geo/

[Install]
WantedBy=multi-user.target

from xray-core.

xiaoyaoyuxin avatar xiaoyaoyuxin commented on June 4, 2024

证书的所有者是root。
我用的宝塔面板管理网站、域名和证书,其中证书的位置是/www/server/panel/vhost/cert/域名/,从panel开始下级目录的权限都是600,所有者为root,能用root命令行启动,但无法用systemd启动,root模式下的systemd也不行。把权限改为755之后,systemd才行。很奇怪,感觉应该是我自己哪个地方没配好,但确实找不到原因。

@xiaoyaoyuxin 你看看这个 XTLS/Xray-install#12 有没有类似情况?

证书的某上级目录改回600权限,systemctl restart xray,查看状态,23报错。

注释掉这一行,systemctl daemon-reload,systemctl start xray,查看状态,成功启动。

感谢指引!

from xray-core.

paningking avatar paningking commented on June 4, 2024

我是新建了一个用户,给sudo权限,所有都是在这个用户下启动,证书754权限,然后把xray.service的启动用户也改成这个用户,除了nginx的master process是root外,worker process也是这个用户。如果不修改xray.service的话,就需要给证书777权限,这样也是可以成功的。

from xray-core.

wjsandy avatar wjsandy commented on June 4, 2024

● XrayR.service - XrayR Service
Loaded: loaded (/etc/systemd/system/XrayR.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2022-03-19 19:01:06 CST; 1s ago
Process: 11534 ExecStart=/usr/local/XrayR/XrayR -config /etc/XrayR/config.yml (code=exited, status=2)
Main PID: 11534 (code=exited, status=2)

Mar 19 19:01:06 ip-172-31-45-155 systemd[1]: XrayR.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Mar 19 19:01:06 ip-172-31-45-155 systemd[1]: XrayR.service: Failed with result 'exit-code'.

from xray-core.

qthang avatar qthang commented on June 4, 2024

● XrayR.service - XrayR Service Loaded: loaded (/etc/systemd/system/XrayR.service; enabled; vendor preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Sat 2022-03-19 19:01:06 CST; 1s ago Process: 11534 ExecStart=/usr/local/XrayR/XrayR -config /etc/XrayR/config.yml (code=exited, status=2) Main PID: 11534 (code=exited, status=2)

Mar 19 19:01:06 ip-172-31-45-155 systemd[1]: XrayR.service: Main process exited, code=exited, status=2/INVALIDARGUMENT Mar 19 19:01:06 ip-172-31-45-155 systemd[1]: XrayR.service: Failed with result 'exit-code'.

i have same error. Can you help me

from xray-core.

fredfany avatar fredfany commented on June 4, 2024

果然有效,非常感谢!

from xray-core.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.