Xray-0.2.0

[update] ss白名单初版demo，基于 docker compose 运行

ss_whitlist/config/nginx.conf

@@ -0,0 +1,107 @@
+user  root;
+# This number should be, at maximum, the number of CPU cores on your system.
+worker_processes auto;
+worker_rlimit_nofile 655350;
+
+pcre_jit on;
+
+error_log  logs/error.log;
+pid        logs/nginx.pid;
+
+
+
+events {
+    use epoll;
+    worker_connections 60000;
+    multi_accept on;
+}
+
+stream {
+    preread_timeout        120s;
+    proxy_connect_timeout  30s;
+    proxy_protocol_timeout 30s;
+    proxy_buffer_size      64k;
+    proxy_timeout          120s;
+    tcp_nodelay            on;
+    proxy_next_upstream    on;
+    proxy_socket_keepalive on;
+
+    log_format proxy '$remote_addr [$time_local] '
+                  '$protocol $status $bytes_sent $bytes_received '
+                  '$session_time "$upstream_addr" "$upstream_bytes_sent"'
+                  '"$upstream_bytes_received" "$upstream_connect_time"';
+
+    upstream ss {
+        server shadowsocks:8388;
+    }
+
+    server {
+        listen 7777;
+        listen 7777 udp;
+        include allow.list;
+        deny all;
+        proxy_pass ss;
+    }
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    reset_timedout_connection on;
+    client_header_timeout 15;
+    client_body_timeout 10;
+    send_timeout 15;
+    keepalive_timeout 30;
+    keepalive_requests 30;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+
+    client_body_buffer_size 128k;
+    client_max_body_size 10m;
+    proxy_read_timeout 180s;
+
+    gzip on;
+    gzip_min_length 10240;
+    gzip_proxied expired no-cache no-store private auth;
+    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
+    gzip_disable "msie6";
+
+    sendfile on;
+    tcp_nodelay on;
+    tcp_nopush on;
+
+
+    server_tokens off;
+
+    error_page 404             /404.html;
+    error_page 500 502 503 504 /50x.html;
+
+    server{
+        listen 80;
+        location / {
+            auth_basic "";
+            auth_basic_user_file /etc/openresty/auth;
+            autoindex on;
+            add_header Content-Type text/plain;
+            real_ip_header proxy_protocol;
+            set_real_ip_from 0.0.0.0/8;
+            proxy_set_header X-Real-IP       $proxy_protocol_addr;
+            proxy_set_header X-Forwarded-For $proxy_protocol_addr;
+            content_by_lua_block {
+                clientIP=ngx.var.remote_addr;
+                ngx.header.content_type = "text/plain;charset=UTF-8";
+                file = io.open("/etc/openresty/allow.list","a+")
+                io.input(file)
+                io.output(file)
+                io.write("allow "..clientIP..";\n")
+                ngx.print("当前IP:"..clientIP.."已添加至白名单")
+                io.close(file)
+            }
+
+        }
+    }
+}

ss_whitlist/docker-compose.yml

@@ -0,0 +1,31 @@
+version: "3.9"
+services:
+  shadowsocks:
+    image: shadowsocks/shadowsocks-libev:latest
+    expose:
+      - 8388
+      - 8388/udp
+    environment:
+      - METHOD=chacha20-ietf-poly1305
+      - PASSWORD=96166477-95b6-41a1-92c5-e33bce9694b0
+    restart: always
+    networks:
+      - backend
+  openresty:
+    image: openresty/openresty:latest
+    ports:
+      - "80:80"
+      - "443:443"
+      - "7777:7777"
+      - "7777:7777/udp"
+    volumes:
+      - /usr/local/src/ss/nginx.conf:/etc/openresty/nginx.conf
+      - /usr/local/src/ss/allow.list:/etc/openresty/allow.list
+      - /usr/local/src/ss/auth:/etc/openresty/auth
+    restart: always
+    networks:
+      - backend
+    depends_on:
+      - shadowsocks
+networks:
+  backend: