From 084bb78a2f9bd6ca1bc8c4b43d625fb0ef3c28bc Mon Sep 17 00:00:00 2001 From: touamano <40252925+touamano@users.noreply.github.com> Date: Wed, 15 Sep 2021 23:26:07 +0800 Subject: [PATCH] Add Shadowsocks gRPC Web TLS and Update Shadowsocks WSS Web TLS (#74) * Create Shadowsocks-Websocket-Web-TLS * Update README.md * Update README.md * Fixed a typo in README - zh-CN.md * Add ss grcp web, and update ss wss web * Use relative links * Fix protocol mistakes, typos and change Nginx path * Update README * Format README-CN.md * Correct and adding punctuations to readme.md Co-authored-by: touamano --- .../README-CN.md | 59 +++++++++++++++++ .../README.md | 63 +++++++++++++++++++ .../config_server_domainsocket.json | 2 +- .../config_server_redirect.json | 2 +- .../README - zh-CN.md | 42 ------------- Shadowsocks-Websocket-Web-TLS/README-CN.md | 35 +++++++++++ Shadowsocks-Websocket-Web-TLS/README.md | 57 ++++++++--------- .../config_client.json | 61 ++++++++++++++++++ .../config_server.json | 42 +++++++++++++ Shadowsocks-gRPC-Web-TLS/README-CN.md | 26 ++++++++ Shadowsocks-gRPC-Web-TLS/README.md | 28 +++++++++ Shadowsocks-gRPC-Web-TLS/config_client.json | 61 ++++++++++++++++++ Shadowsocks-gRPC-Web-TLS/config_server.json | 44 +++++++++++++ Shadowsocks-gRPC-Web-TLS/nginx_proxy.conf | 32 ++++++++++ 14 files changed, 478 insertions(+), 76 deletions(-) create mode 100644 Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README-CN.md create mode 100644 Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README.md rename Shadowsocks-Websocket-Web-TLS/{ => Domainsocket-or-Redirect-Approach}/config_server_domainsocket.json (98%) rename Shadowsocks-Websocket-Web-TLS/{ => Domainsocket-or-Redirect-Approach}/config_server_redirect.json (98%) delete mode 100644 Shadowsocks-Websocket-Web-TLS/README - zh-CN.md create mode 100644 Shadowsocks-Websocket-Web-TLS/README-CN.md create mode 100644 Shadowsocks-Websocket-Web-TLS/config_client.json create mode 100644 Shadowsocks-Websocket-Web-TLS/config_server.json create mode 100644 Shadowsocks-gRPC-Web-TLS/README-CN.md create mode 100644 Shadowsocks-gRPC-Web-TLS/README.md create mode 100644 Shadowsocks-gRPC-Web-TLS/config_client.json create mode 100644 Shadowsocks-gRPC-Web-TLS/config_server.json create mode 100644 Shadowsocks-gRPC-Web-TLS/nginx_proxy.conf diff --git a/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README-CN.md b/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README-CN.md new file mode 100644 index 0000000..35efefe --- /dev/null +++ b/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README-CN.md @@ -0,0 +1,59 @@ +# 这是一个使用 V2Ray 作为 ss + v2ray plugin 服务端的示例 + +> 完整的设置还需要一个 web 服务器解密 TLS 后,将请求转发给位于 127.0.0.1:10000 的 v2ray。由于 [https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE](https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE) 已经有了服务器的设置这里不再赘述,可以按需参考白话文教程里的 web 服务器设置。 + +config_server_redirect.json 和 config_server_domainsocket.json 选其一。 + +如果使用 domain socket 需要修改`/etc/systemd/system/v2ray.service`。否则由于 fhs 脚本使用的 nobody 用户的权限不够,无法在/var/run 里新建文件夹`ss-loop`而导致启动失败。 + +> 如果使用 fhs 脚本更新版本的话,会覆盖掉 service 文件,所以更新版本后需要重复下面的操作。 + +修改文件`/etc/systemd/system/v2rary.service`,在`[Service]`部分添加下面一行: + +```properties +RuntimeDirectory=ss-loop +``` + +`ss-loop`对应 config.json 里的`dsSettings`部分的 path 里的文件夹`/var/run/ss-loop` + +修改完成后需要执行 + +```shell +systemctl disable v2ray.service +systemctl enable v2ray.service +``` + +最后重启下 v2ray 进程 + +```shell +systemctl restart v2ray +``` + +## 客户端配置示意 + +你应该按照服务端的设置修改对应的参数 + +### shadowsocks windows 客户端关键部分示例如下 + +```properties +Server_IP: example.com or your server ip +Server_Port: 443 +Password: ifYouWantToKeepYourPassphraseSafeChangeThis!! +Encryption: chacha20-ietf-poly1305 +Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe +Plugin_Options: tls;mode=websocket;path=/michi;host=example.com +``` + +### shadowsocks Android plugin 关键部分示例如下 + +需安装 shadowsocks 和 v2ray plugin,并搭配一同使用 + +```properties +Plugin: v2ray +Configuration: + Transport_mode: websocket-tls + Hostname: example.com + Path: /michi + Concurrent_connections: 1 + Certificate_for_TLS_verification: Not set +``` diff --git a/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README.md b/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README.md new file mode 100644 index 0000000..ed3301c --- /dev/null +++ b/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README.md @@ -0,0 +1,63 @@ +# This is the server config.json example to utilizing V2ray as the server for Shadowsocks + V2Ray Plugin + +> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server at 127.0.0.1:10000. +> You can find the web server config example at [https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration](https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration). + +中文用户请看[这里](./README-CN.md)。 + +Choose one of the server config `config_server_redirect.json` and `config_server_domainsocket.json`. + +If you choose to use `config_server_domainsocket.json`, the following extra steps are required. Since the default service file created by [`fhs-release.sh`](https://github.com/v2fly/fhs-install-v2ray) is using nobody as the runtime user, this user does not have the permission to create the `ss-loop` folder in `/var/run`. + +> You shall repeat the following steps after using [`fhs-release.sh`](https://github.com/v2fly/fhs-install-v2ray) scripts to upgrade v2ray-core versions each time. Since this script will always override the v2ray.service file. + +Use your prefered editor to modify the systemd service file at `/etc/systemd/system/v2ray.service`.\ +Add the following line to the block starting with `[Service]`. + +```properties +RuntimeDirectory=ss-loop +``` + +`ss-loop` corresponds to the `/var/run/ss-loop` folder in the `dsSettings` inside config_server_domainsocket.json. + +Execute the following commands to re-enable the v2ray.service. + +```shell +systemctl disable v2ray.service +systemctl enable v2ray.service +``` + +Then restart the v2ray service. + +```shell +systemctl restart v2ray +``` + +## Client configuration examples + +> You should change the following configurations according to your server configs. + +### shadowsocks windows client configuration examples + +```properties +Server_IP: example.com or your server IP +Server_Port: 443 +Password: ifYouWantToKeepYourPassphraseSafeChangeThis!! +Encryption: chacha20-ietf-poly1305 +Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe +Plugin_Options: tls;mode=websocket;path=/michi;host=example.com +``` + +### shadowsocks Android plugin configuration examples + +> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store. + +```properties +Plugin: v2ray +Configuration: + Transport_mode: websocket-tls + Hostname: example.com + Path: /michi + Concurrent_connections: 1 + Certificate_for_TLS_verification: Not set +``` diff --git a/Shadowsocks-Websocket-Web-TLS/config_server_domainsocket.json b/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/config_server_domainsocket.json similarity index 98% rename from Shadowsocks-Websocket-Web-TLS/config_server_domainsocket.json rename to Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/config_server_domainsocket.json index c15dfd5..2e6d0ce 100644 --- a/Shadowsocks-Websocket-Web-TLS/config_server_domainsocket.json +++ b/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/config_server_domainsocket.json @@ -40,7 +40,7 @@ "streamSettings": { "network": "ws", "wsSettings": { - "path": "/michi" + "path": "/path" } } }, diff --git a/Shadowsocks-Websocket-Web-TLS/config_server_redirect.json b/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/config_server_redirect.json similarity index 98% rename from Shadowsocks-Websocket-Web-TLS/config_server_redirect.json rename to Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/config_server_redirect.json index c228910..bd5a1e7 100644 --- a/Shadowsocks-Websocket-Web-TLS/config_server_redirect.json +++ b/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/config_server_redirect.json @@ -40,7 +40,7 @@ "streamSettings": { "network": "ws", "wsSettings": { - "path": "/michi" + "path": "/path" } } }, diff --git a/Shadowsocks-Websocket-Web-TLS/README - zh-CN.md b/Shadowsocks-Websocket-Web-TLS/README - zh-CN.md deleted file mode 100644 index 43f3c90..0000000 --- a/Shadowsocks-Websocket-Web-TLS/README - zh-CN.md +++ /dev/null @@ -1,42 +0,0 @@ -# 这是一个使用 V2Ray 作为 ss + v2ray plugin 服务端的示例 -> 完整的设置还需要一个web服务器解密TLS后将请求转发给后端的v2ray位于127.0.0.1:10000。由于 https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE 已经有了服务器的设置这里不再赘述,可以按需参考白话文教程里的web服务器设置。 - -**config_server_redirect.json 和 config_server_domainsocket.json 选其一** - -如果使用domain socket需要修改/etc/systemd/system/v2ray.service -在[Service]部分添加 -``` -RuntimeDirectory=ss-loop -``` -'ss-loop'对应config.json里的"dsSettings"部分的path里的文件夹"/var/run/ss-loop" - -修改完成后需要执行 -``` -systemctl disable v2ray.service -systemctl enable v2ray.service -``` -否则由于fhs脚本使用的nobody用户的权限不够,无法在/var/run里新建文件夹'ss-loop'而导致启动失败。 - -## 客户端配置示意 -**你应该按照服务端的设置修改对应的参数** -### shadowsocks windows 客户端关键部分示例如下: -``` -Server IP: example.com -Server Port: 443 -Password: ifYouWantToKeepYourPassphraseSafeChangeThis!! -Encryption: chacha20-ietf-poly1305 -Plugin Program: pathToYourV2ray-plugin_windows_arch.exe -Plugin Options: tls;mode=websocket;path=/michi;host=example.com -``` -### shadowsocks Android plugin 关键部分示例如下: - -**需安装 shadowsocks 和 v2ray plugin,并搭配一同使用** -``` -Plugin: v2ray -Configuration: - Transport mode: websocket-tls - Hostname: example.com - Path: /michi - Concurrent connections: 1 - Certificate for TLS verification: Not set -``` diff --git a/Shadowsocks-Websocket-Web-TLS/README-CN.md b/Shadowsocks-Websocket-Web-TLS/README-CN.md new file mode 100644 index 0000000..16af4eb --- /dev/null +++ b/Shadowsocks-Websocket-Web-TLS/README-CN.md @@ -0,0 +1,35 @@ +# 这个例子同样适用于 Shadowsocks 客户端+V2Ray-Plugins + +> 完整的设置还需要一个 web 服务器解密 TLS 后,将请求转发给监听在 127.0.0.1:10000 的 v2ray。由于 [https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE](https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE) 已经有了服务器的设置这里不再赘述,可以按需参考白话文教程里的 web 服务器设置。 + +## 客户端配置示意 + +你应该按照服务端的设置修改对应的参数。 + +### shadowsocks windows 客户端关键部分示例如下 + +> 必须设置 mux=0,否则无法正常连接服务器。如果需要使用 mux 可以参考本文件夹里的[Domainsocket or Redirect Approach](./Domainsocket-or-Redirect-Approach/)的方法。 + +```properties +Server_IP: example.com or your server ip +Server_Port: 443 +Password: ifYouWantToKeepYourPassphraseSafeChangeThis!! +Encryption: chacha20-ietf-poly1305 +Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe +Plugin_Options: mux=0;tls;mode=websocket;path=/path;host=example.com +``` + +### Shadowsocks Android plugin 关键部分示例如下 + +> 需安装 shadowsocks 和 v2ray plugin,并搭配一同使用。 +> Concurrent connections 必须为 0,否则无法连接到服务器。 + +```properties +Plugin: v2ray +Configuration: + Transport_mode: websocket-tls + Hostname: example.com + Path: /path + Concurrent_connections: 0 + Certificate_for_TLS_verification: Not set +``` diff --git a/Shadowsocks-Websocket-Web-TLS/README.md b/Shadowsocks-Websocket-Web-TLS/README.md index 875591d..0a5f3b6 100644 --- a/Shadowsocks-Websocket-Web-TLS/README.md +++ b/Shadowsocks-Websocket-Web-TLS/README.md @@ -1,45 +1,38 @@ -# This is the server config.json example to utilizing V2ray as the server for Shadowsocks + V2Ray Plugin -> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server at 127.0.0.1:10000. -> You can find the web server example at https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration +# These settings are also compatible with Shadowsocks client + V2Ray-plugin -中文用户请看 Readme - zh-CN. md +> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server listeing on 127.0.0.1:10000. +> You can find the web server config examples at [https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration](https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration). -**Choose either one of config_server_redirect.json and config_server_domainsocket.json** +中文用户请看[这里](./README-CN.md)。 -If you choose to use config_server_domainsocket.json remember to modify the systemd service file @ /etc/systemd/system/v2ray.service. +## Shadowsocks client configuration examples -Add the following line to the block starting with [Service] -``` -RuntimeDirectory=ss-loop -``` -'ss-loop' corresponds to the "/var/run/ss-loop" folder in the "dsSettings" part of the config.json. +> You should change the following configurations according to your server configs. -Execute the following commands to re-enable the v2ray.service. -``` -systemctl disable v2ray.service -systemctl enable v2ray.service -``` -Since nobody user does not have the right permission to create the 'ss-loop' folder in /var/run. -## Client configuration examples -**You should change the parameters according to your server configs** -### shadowsocks windows client configuration examples: -``` -Server IP: example.com -Server Port: 443 +### Shadowsocks windows client configuration examples + +> `mux=0` is indispensable when connecting with V2Ray-plugin, if you wish to use mux you need to try the [Domainsocket or Redirect Approach](./Domainsocket-or-Redirect-Approach/). + +```properties +Server_IP: example.com or your server IP +Server_Port: 443 Password: ifYouWantToKeepYourPassphraseSafeChangeThis!! Encryption: chacha20-ietf-poly1305 -Plugin Program: pathToYourV2ray-plugin_windows_arch.exe -Plugin Options: tls;mode=websocket;path=/michi;host=example.com +Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe +Plugin_Options: mux=0;tls;mode=websocket;path=/path;host=example.com ``` -### shadowsocks Android plugin configuration examples: -> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store. -``` +### shadowsocks Android plugin configuration examples + +> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store.\ +> _`Concurrent connections must be 0.`_ + +```properties Plugin: v2ray Configuration: - Transport mode: websocket-tls + Transport_mode: websocket-tls Hostname: example.com - Path: /michi - Concurrent connections: 1 - Certificate for TLS verification: Not set + Path: /path + Concurrent_connections: 0 + Certificate_for_TLS_verification: Not set ``` diff --git a/Shadowsocks-Websocket-Web-TLS/config_client.json b/Shadowsocks-Websocket-Web-TLS/config_client.json new file mode 100644 index 0000000..260a243 --- /dev/null +++ b/Shadowsocks-Websocket-Web-TLS/config_client.json @@ -0,0 +1,61 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "shadowsocks", + "settings": { + "servers": [ + { + "address": "{{ host }}", + "port": 443, + "method": "chacha20-ietf-poly1305", + "password": "{{ password }}" + } + ] + }, + "streamSettings": { + "network": "ws", + "security": "tls", + "wsSettings": { + "path": "/path" + } + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} \ No newline at end of file diff --git a/Shadowsocks-Websocket-Web-TLS/config_server.json b/Shadowsocks-Websocket-Web-TLS/config_server.json new file mode 100644 index 0000000..54d383b --- /dev/null +++ b/Shadowsocks-Websocket-Web-TLS/config_server.json @@ -0,0 +1,42 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "block" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": 10000, + "protocol": "shadowsocks", + "settings": { + "method": "chacha20-ietf-poly1305", + "password": "{{ password }}" + }, + "streamSettings": { + "network": "ws", + "path": "/path" + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ] +} \ No newline at end of file diff --git a/Shadowsocks-gRPC-Web-TLS/README-CN.md b/Shadowsocks-gRPC-Web-TLS/README-CN.md new file mode 100644 index 0000000..9dc19e6 --- /dev/null +++ b/Shadowsocks-gRPC-Web-TLS/README-CN.md @@ -0,0 +1,26 @@ +# 最低版本要求 + +NGINX 的最低版本要求为 1.13.10:\ +[https://www.nginx.com/blog/nginx-1-13-10-grpc/](https://www.nginx.com/blog/nginx-1-13-10-grpc/)。 + +V2Ray-core 的最低版本要求为 v4.36.0:\ +[https://www.v2fly.org/config/transport/grpc.html#grpcobject](https://www.v2fly.org/config/transport/grpc.html#grpcobject)。 + +## 本设置同样适用于 Shadowsocks 客户端搭配 V2Ray-plugin 使用 + +_你需要一个兼容 gRPC 的 v2ray-plugin 程序。 +例如由[TeddySun](https://github.com/teddysun)维护的 v2ray-plugin 叉子: \ +[https://github.com/teddysun/v2ray-plugin](https://github.com/teddysun/v2ray-plugin)。_ + +### 客户端设置 + +Shadowsocks Windows 设置示例: + +```properties +Server_IP: mydomain.me OR your server IP +Server_Port: 443 +Password: ifYouWantToKeepYourPassphraseSafeChangeThis!! +Encryption: chacha20-ietf-poly1305 +Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe +Plugin_Options: tls;mode=grpc;serviceName=michi;host=mydomain.me +``` diff --git a/Shadowsocks-gRPC-Web-TLS/README.md b/Shadowsocks-gRPC-Web-TLS/README.md new file mode 100644 index 0000000..f3cf439 --- /dev/null +++ b/Shadowsocks-gRPC-Web-TLS/README.md @@ -0,0 +1,28 @@ +# Minimum Versions + +中文用户请看[这里](./README-CN.md)。 + +Minimum NGINX version is 1.13.10:\ +[https://www.nginx.com/blog/nginx-1-13-10-grpc/](https://www.nginx.com/blog/nginx-1-13-10-grpc/). + +Minimum V2Ray-Core version is v4.36.0:\ +[https://www.v2fly.org/config/transport/grpc.html#grpcobject](https://www.v2fly.org/config/transport/grpc.html#grpcobject). + +## These settings are also compatible with shadowsocks + v2ray-plugins + +_You need a grpc compatible v2ray-plugin program to use with shadowsocks client. +For example the one maintained by [TeddySun](https://github.com/teddysun): \ +[https://github.com/teddysun/v2ray-plugin](https://github.com/teddysun/v2ray-plugin)._ + +### Client Configurations + +Shadowsocks Windows Example Config: + +```properties +Server_IP: mydomain.me OR your server IP +Server_Port: 443 +Password: ifYouWantToKeepYourPassphraseSafeChangeThis!! +Encryption: chacha20-ietf-poly1305 +Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe +Plugin_Options: tls;mode=grpc;serviceName=michi;host=mydomain.me +``` diff --git a/Shadowsocks-gRPC-Web-TLS/config_client.json b/Shadowsocks-gRPC-Web-TLS/config_client.json new file mode 100644 index 0000000..71dfab3 --- /dev/null +++ b/Shadowsocks-gRPC-Web-TLS/config_client.json @@ -0,0 +1,61 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "shadowsocks", + "settings": { + "servers": [ + { + "address": "{{ host }}", + "port": 443, + "method": "chacha20-ietf-poly1305", + "password": "{{ password }}" + } + ] + }, + "streamSettings": { + "network": "grpc", + "security": "tls", + "grpcSettings": { + "serviceName": "michi" + } + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} \ No newline at end of file diff --git a/Shadowsocks-gRPC-Web-TLS/config_server.json b/Shadowsocks-gRPC-Web-TLS/config_server.json new file mode 100644 index 0000000..813c75f --- /dev/null +++ b/Shadowsocks-gRPC-Web-TLS/config_server.json @@ -0,0 +1,44 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "block" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": 12345, + "protocol": "shadowsocks", + "settings": { + "method": "chacha20-ietf-poly1305", + "password": "{{ password }}" + }, + "streamSettings": { + "network": "grpc", + "grpcSettings": { + "serviceName": "michi" + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ] +} \ No newline at end of file diff --git a/Shadowsocks-gRPC-Web-TLS/nginx_proxy.conf b/Shadowsocks-gRPC-Web-TLS/nginx_proxy.conf new file mode 100644 index 0000000..7d20aeb --- /dev/null +++ b/Shadowsocks-gRPC-Web-TLS/nginx_proxy.conf @@ -0,0 +1,32 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /etc/v2ray/v2ray.crt; + ssl_certificate_key /etc/v2ray/v2ray.key; + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; + ssl_session_tickets off; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + + server_name mydomain.me; + location /michi/Tun { # This michi shall in consistent with the grpc serviceName in v2ray config.json + + if ($request_method != "POST") { # if the request method is not POST for this location, return 404 + return 404; + } + + grpc_socket_keepalive on; + grpc_intercept_errors on; + grpc_pass grpc://127.0.0.1:12345; # presume v2ray is listening on port 12345 + grpc_set_header Upgrade $http_upgrade; + grpc_set_header Connection "upgrade"; + grpc_set_header Host $host; + # Show real IP in v2ray access.log + grpc_set_header X-Real-IP $remote_addr; + grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} \ No newline at end of file