103 lines
3.6 KiB
Markdown
103 lines
3.6 KiB
Markdown
# SmartProxy Configuration Troubleshooting
|
|
|
|
## IPv6/IPv4 Mapping Issue
|
|
|
|
### Problem Identified
|
|
The SmartProxy is failing to match connections for wildcard domains (like `*.lossless.digital`) when IP restrictions are in place. After extensive debugging, the root cause has been identified:
|
|
|
|
When a connection comes in from an IPv4 address (e.g., `212.95.99.130`), the Node.js server receives it as an IPv6-mapped IPv4 address with the format `::ffff:212.95.99.130`. However, the route configuration is expecting the exact string `212.95.99.130`, causing a mismatch.
|
|
|
|
From the debug logs:
|
|
```
|
|
[DEBUG] Route rejected: clientIp mismatch. Request: ::ffff:212.95.99.130, Route patterns: ["212.95.99.130"]
|
|
```
|
|
|
|
### Solution
|
|
|
|
To fix this issue, update the route configurations to include both formats of the IP address. Here's how to modify the affected route:
|
|
|
|
```typescript
|
|
// Wildcard domain route for *.lossless.digital
|
|
{
|
|
match: {
|
|
ports: 443,
|
|
domains: ['*.lossless.digital'],
|
|
clientIp: ['212.95.99.130', '::ffff:212.95.99.130'], // Include both formats
|
|
},
|
|
action: {
|
|
type: 'forward',
|
|
target: {
|
|
host: '212.95.99.130',
|
|
port: 443
|
|
},
|
|
tls: {
|
|
mode: 'passthrough'
|
|
},
|
|
security: {
|
|
allowedIps: ['212.95.99.130', '::ffff:212.95.99.130'] // Include both formats
|
|
}
|
|
},
|
|
name: 'Wildcard lossless.digital route (IP restricted)'
|
|
}
|
|
```
|
|
|
|
### Alternative Long-Term Fix
|
|
|
|
A more robust solution would be to modify the SmartProxy codebase to automatically handle IPv6-mapped IPv4 addresses by normalizing them before comparison. This would involve:
|
|
|
|
1. Modifying the `matchIpPattern` function in `route-manager.ts` to normalize IPv6-mapped IPv4 addresses:
|
|
|
|
```typescript
|
|
private matchIpPattern(pattern: string, ip: string): boolean {
|
|
// Normalize IPv6-mapped IPv4 addresses
|
|
const normalizedIp = ip.startsWith('::ffff:') ? ip.substring(7) : ip;
|
|
const normalizedPattern = pattern.startsWith('::ffff:') ? pattern.substring(7) : pattern;
|
|
|
|
// Handle exact match with normalized addresses
|
|
if (normalizedPattern === normalizedIp) {
|
|
return true;
|
|
}
|
|
|
|
// Rest of the existing function...
|
|
}
|
|
```
|
|
|
|
2. Making similar modifications to other IP-related functions in the codebase.
|
|
|
|
## Wild Card Domain Matching Issue
|
|
|
|
### Explanation
|
|
|
|
The wildcard domain matching in SmartProxy works as follows:
|
|
|
|
1. When a pattern like `*.lossless.digital` is specified, it's converted to a regex: `/^.*\.lossless\.digital$/i`
|
|
2. This correctly matches any subdomain like `my.lossless.digital`, `api.lossless.digital`, etc.
|
|
3. However, it does NOT match the apex domain `lossless.digital` (without a subdomain)
|
|
|
|
If you need to match both the apex domain and subdomains, use a list:
|
|
```typescript
|
|
domains: ['lossless.digital', '*.lossless.digital']
|
|
```
|
|
|
|
## Debugging SmartProxy
|
|
|
|
To debug routing issues in SmartProxy:
|
|
|
|
1. Add detailed logging to the `route-manager.js` file in the `dist_ts` directory:
|
|
- `findMatchingRoute` method - to see what criteria are being checked
|
|
- `matchRouteDomain` method - to see domain matching logic
|
|
- `matchDomain` method - to see pattern matching
|
|
- `matchIpPattern` method - to see IP matching logic
|
|
|
|
2. Run the proxy with debugging enabled:
|
|
```
|
|
pnpm run startNew
|
|
```
|
|
|
|
3. Monitor the logs for detailed information about the routing process and identify where matches are failing.
|
|
|
|
## Priority and Route Order
|
|
|
|
Remember that routes are evaluated in priority order (higher priority first). If multiple routes could match the same request, ensure that the more specific routes have higher priority.
|
|
|
|
When routes have the same priority (or none specified), they're evaluated in the order they're defined in the configuration. |