From e1e22e5039dcd002e6aeabd455f359b6ce253315 Mon Sep 17 00:00:00 2001 From: wulabing Date: Thu, 2 Jun 2022 16:44:02 +0800 Subject: [PATCH] Xray-0.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [update] ss白名单初版demo,基于 docker compose 运行 --- ss_whitlist/config/nginx.conf | 107 +++++++++++++++++++++++++++++++++ ss_whitlist/docker-compose.yml | 31 ++++++++++ 2 files changed, 138 insertions(+) create mode 100644 ss_whitlist/config/nginx.conf create mode 100644 ss_whitlist/docker-compose.yml diff --git a/ss_whitlist/config/nginx.conf b/ss_whitlist/config/nginx.conf new file mode 100644 index 0000000..83bb092 --- /dev/null +++ b/ss_whitlist/config/nginx.conf @@ -0,0 +1,107 @@ +user root; +# This number should be, at maximum, the number of CPU cores on your system. +worker_processes auto; +worker_rlimit_nofile 655350; + +pcre_jit on; + +error_log logs/error.log; +pid logs/nginx.pid; + + + +events { + use epoll; + worker_connections 60000; + multi_accept on; +} + +stream { + preread_timeout 120s; + proxy_connect_timeout 30s; + proxy_protocol_timeout 30s; + proxy_buffer_size 64k; + proxy_timeout 120s; + tcp_nodelay on; + proxy_next_upstream on; + proxy_socket_keepalive on; + + log_format proxy '$remote_addr [$time_local] ' + '$protocol $status $bytes_sent $bytes_received ' + '$session_time "$upstream_addr" "$upstream_bytes_sent"' + '"$upstream_bytes_received" "$upstream_connect_time"'; + + upstream ss { + server shadowsocks:8388; + } + + server { + listen 7777; + listen 7777 udp; + include allow.list; + deny all; + proxy_pass ss; + } +} + +http { + include mime.types; + default_type application/octet-stream; + + reset_timedout_connection on; + client_header_timeout 15; + client_body_timeout 10; + send_timeout 15; + keepalive_timeout 30; + keepalive_requests 30; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + + client_body_buffer_size 128k; + client_max_body_size 10m; + proxy_read_timeout 180s; + + gzip on; + gzip_min_length 10240; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; + gzip_disable "msie6"; + + sendfile on; + tcp_nodelay on; + tcp_nopush on; + + + server_tokens off; + + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + + server{ + listen 80; + location / { + auth_basic ""; + auth_basic_user_file /etc/openresty/auth; + autoindex on; + add_header Content-Type text/plain; + real_ip_header proxy_protocol; + set_real_ip_from 0.0.0.0/8; + proxy_set_header X-Real-IP $proxy_protocol_addr; + proxy_set_header X-Forwarded-For $proxy_protocol_addr; + content_by_lua_block { + clientIP=ngx.var.remote_addr; + ngx.header.content_type = "text/plain;charset=UTF-8"; + file = io.open("/etc/openresty/allow.list","a+") + io.input(file) + io.output(file) + io.write("allow "..clientIP..";\n") + ngx.print("当前IP:"..clientIP.."已添加至白名单") + io.close(file) + } + + } + } +} diff --git a/ss_whitlist/docker-compose.yml b/ss_whitlist/docker-compose.yml new file mode 100644 index 0000000..fac6c69 --- /dev/null +++ b/ss_whitlist/docker-compose.yml @@ -0,0 +1,31 @@ +version: "3.9" +services: + shadowsocks: + image: shadowsocks/shadowsocks-libev:latest + expose: + - 8388 + - 8388/udp + environment: + - METHOD=chacha20-ietf-poly1305 + - PASSWORD=96166477-95b6-41a1-92c5-e33bce9694b0 + restart: always + networks: + - backend + openresty: + image: openresty/openresty:latest + ports: + - "80:80" + - "443:443" + - "7777:7777" + - "7777:7777/udp" + volumes: + - /usr/local/src/ss/nginx.conf:/etc/openresty/nginx.conf + - /usr/local/src/ss/allow.list:/etc/openresty/allow.list + - /usr/local/src/ss/auth:/etc/openresty/auth + restart: always + networks: + - backend + depends_on: + - shadowsocks +networks: + backend: \ No newline at end of file