伪装验证失败，但代理正常

[zzzz-cloud]

操作系统:

• Debian GNU/Linux 11 (bullseye)
• 内核: 5.10.0-35-cloud-amd64 SMP Debian 5.10.237-1 (2025-05-19) x86_64 GNU/Linux

服务端配置文件:

listen: :443
acme:
  domains:
    - hy2.myname.xyz
  email: ******@outlook.com

auth:
  type: password
  password: 

obfs:
  type: salamander 
  salamander:
    password: 

masquerade:
  type: proxy
  proxy:
    url: https://example.com
    rewriteHost: true

bandwidth:
  up: 300 mbps
  down: 50 mbps

sniff:
  enable: true

trafficStats:
  listen: :9999 
  secret: ******

前置条件

• 已开启防火墙端口 80(tcp/udp), 443(tcp/udp), 9999(tcp)

伪装验证测试1:

1. 操作步骤:

使用chrome --origin-to-force-quic-on=hy2.myname.xyz:443指令，打开chrome未开启代理访问域名"hy2.myname.xyz"

2. 预期行为:

跳转到 https://example.com

3. 实际执行结果:

浏览器"ERR_CONNECTION_CLOSED"

伪装验证测试2

1. 操作步骤:

➜  ~ curl --http3 https://hy2.myname.xyz -v -k                                                                   
* Host hy2.myname.xyz:443 was resolved.
* IPv6: (none)
* IPv4: 123.123.123.123
*   Trying 123.123.123.123:443...
*   Trying 123.123.123.123:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (OUT), TLS alert, decode error (562):
* TLS connect error: error:0A000126:SSL routines::unexpected eof while reading
* ngtcp2_conn_handle_expiry returned error: ERR_HANDSHAKE_TIMEOUT
* Failed to connect to hy2.myname.xyz port 443 after 10005 ms: Failed sending data to the peer
* closing connection #0
curl: (55) TLS connect error: error:0A000126:SSL routines::unexpected eof while reading

服务端日志:

Nov 21 10:44:33 ip-172-26-0-59 systemd[1]: Started Hysteria Server Service (config.yaml).
Nov 21 10:44:33 ip-172-26-0-59 hysteria[28801]: 2025-11-21T10:44:33Z        INFO        server mode
Nov 21 10:44:33 ip-172-26-0-59 hysteria[28801]: 2025-11-21T10:44:33Z        INFO        maintenance        started background certificate maintenance        {"cache": "0xc0001b9b90"}
Nov 21 10:44:33 ip-172-26-0-59 hysteria[28801]: 2025-11-21T10:44:33Z        WARN        stapling OCSP        {"error": "no OCSP stapling for [hy2.myname.xyz]: no OCSP server specified in certificate", "identifiers": ["hy2.myname.xyz"]}
Nov 21 10:44:33 ip-172-26-0-59 hysteria[28801]: 2025-11-21T10:44:33Z        INFO        server up and running        {"listen": ":443"}
Nov 21 10:44:33 ip-172-26-0-59 hysteria[28801]: 2025-11-21T10:44:33Z        INFO        traffic stats server up and running        {"listen": ":9999"}