From d34a51739fcc60aea5b9ea611157b39da2bd994f Mon Sep 17 00:00:00 2001 From: Zisu Zhang Date: Sat, 7 Jun 2025 08:19:31 +0800 Subject: [PATCH] Update default_port and sni logic to improve reverse proxy reachability (#947) --- easytier/src/common/dns.rs | 9 +++++++++ easytier/src/tunnel/websocket.rs | 7 +++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/easytier/src/common/dns.rs b/easytier/src/common/dns.rs index 46acd2c..5ff4f08 100644 --- a/easytier/src/common/dns.rs +++ b/easytier/src/common/dns.rs @@ -77,6 +77,15 @@ pub async fn socket_addrs( .port() .or_else(default_port_number) .ok_or(Error::InvalidUrl(url.to_string()))?; + // See https://github.com/EasyTier/EasyTier/pull/947 + let port = match port { + 0 => match url.scheme() { + "ws" => 80, + "wss" => 443, + _ => port, + }, + _ => port, + }; // if host is an ip address, return it directly if let Ok(ip) = host.parse::() { diff --git a/easytier/src/tunnel/websocket.rs b/easytier/src/tunnel/websocket.rs index f81d4d8..0ad98b3 100644 --- a/easytier/src/tunnel/websocket.rs +++ b/easytier/src/tunnel/websocket.rs @@ -202,8 +202,11 @@ impl WSTunnelConnector { init_crypto_provider(); let tls_conn = tokio_rustls::TlsConnector::from(Arc::new(get_insecure_tls_client_config())); - // Modify SNI logic: always use "localhost" as SNI to avoid IP blocking. - let sni = "localhost"; + // Modify SNI logic: use "localhost" as SNI for url without domain to avoid IP blocking. + let sni = match addr.domain() { + None => "localhost".to_string(), + Some(domain) => domain.to_string(), + }; let server_name = rustls::pki_types::ServerName::try_from(sni) .map_err(|_| TunnelError::InvalidProtocol("Invalid SNI".to_string()))?; let stream = tls_conn.connect(server_name, stream).await?;