RPRX
4 years ago
committed by
GitHub
4 changed files with 231 additions and 0 deletions
@ -0,0 +1,18 @@
|
||||
# VLESS + TCP + TLS + 回落(最强配置) |
||||
|
||||
你应当先了解 [最简配置](<https://github.com/v2fly/v2ray-examples/tree/master/VLESS-TCP-TLS%20(minimal%20by%20rprx)>),若你有进阶需求如同时建站等,可以参考此配置 |
||||
|
||||
此配置含 VLESS 回落高级用法: |
||||
|
||||
1. PROXY protocol,专用于传递请求的真实来源 IP 和端口 |
||||
2. 支持 h2 访问:ALPN 协商结果为 h2 时单独转发 |
||||
3. 使用 Unix domain socket,比环回地址效率更高 |
||||
|
||||
Nginx 说明与注意事项: |
||||
|
||||
1. nginx.conf 根据 CentOS 8 dnf 的 nginx 修改而来 |
||||
2. 80 端口的 http 请求均被带 URI 301 到 https |
||||
3. 重启 nginx 时可能需要手动删除它 bind 的 socket |
||||
|
||||
V2Ray 服务端 info 级别的 error 日志中有每次回落的详细原因</br> |
||||
Nginx 的 access 日志中每行末尾有请求的真实来源 IP 和端口 |
||||
@ -0,0 +1,42 @@
|
||||
{ |
||||
"log": { |
||||
"loglevel": "warning" |
||||
}, |
||||
"inbounds": [ |
||||
{ |
||||
"port": 10800, |
||||
"listen": "127.0.0.1", |
||||
"protocol": "socks", |
||||
"settings": { |
||||
"udp": true |
||||
} |
||||
} |
||||
], |
||||
"outbounds": [ |
||||
{ |
||||
"protocol": "vless", |
||||
"settings": { |
||||
"vnext": [ |
||||
{ |
||||
"address": "example.com", // 换成你的域名或服务器 IP(发起请求时无需解析域名了) |
||||
"port": 443, |
||||
"users": [ |
||||
{ |
||||
"id": "", // 填写你的 UUID |
||||
"encryption": "none", |
||||
"level": 0 |
||||
} |
||||
] |
||||
} |
||||
] |
||||
}, |
||||
"streamSettings": { |
||||
"network": "tcp", |
||||
"security": "tls", |
||||
"tlsSettings": { |
||||
"serverName": "example.com" // 换成你的域名 |
||||
} |
||||
} |
||||
} |
||||
] |
||||
} |
||||
@ -0,0 +1,50 @@
|
||||
{ |
||||
"log": { |
||||
"loglevel": "warning" |
||||
}, |
||||
"inbounds": [ |
||||
{ |
||||
"port": 443, |
||||
"protocol": "vless", |
||||
"settings": { |
||||
"clients": [ |
||||
{ |
||||
"id": "", // 填写你的 UUID |
||||
"level": 0, |
||||
"email": "love@v2fly.org" |
||||
} |
||||
], |
||||
"decryption": "none", |
||||
"fallback": { |
||||
"unix": "/dev/shm/default.sock", |
||||
"xver": 1 |
||||
}, |
||||
"fallback_h2": { |
||||
"unix": "/dev/shm/h2.sock", |
||||
"xver": 1 |
||||
} |
||||
}, |
||||
"streamSettings": { |
||||
"network": "tcp", |
||||
"security": "tls", |
||||
"tlsSettings": { |
||||
"alpn": [ |
||||
"h2", |
||||
"http/1.1" |
||||
], |
||||
"certificates": [ |
||||
{ |
||||
"certificateFile": "/path/to/tls.crt", // 换成你的证书,绝对路径 |
||||
"keyFile": "/path/to/tls.key" // 换成你的私钥,绝对路径 |
||||
} |
||||
] |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"outbounds": [ |
||||
{ |
||||
"protocol": "freedom" |
||||
} |
||||
] |
||||
} |
||||
@ -0,0 +1,121 @@
|
||||
# For more information on configuration, see: |
||||
# * Official English Documentation: http://nginx.org/en/docs/ |
||||
# * Official Russian Documentation: http://nginx.org/ru/docs/ |
||||
|
||||
user nginx; |
||||
worker_processes auto; |
||||
error_log /var/log/nginx/error.log; |
||||
pid /run/nginx.pid; |
||||
|
||||
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. |
||||
include /usr/share/nginx/modules/*.conf; |
||||
|
||||
events { |
||||
worker_connections 1024; |
||||
} |
||||
|
||||
http { |
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' |
||||
'$status $body_bytes_sent "$http_referer" ' |
||||
'"$http_user_agent" "$http_x_forwarded_for" ' |
||||
'$proxy_protocol_addr:$proxy_protocol_port'; |
||||
|
||||
access_log /var/log/nginx/access.log main; |
||||
|
||||
sendfile on; |
||||
tcp_nopush on; |
||||
tcp_nodelay on; |
||||
keepalive_timeout 65; |
||||
types_hash_max_size 2048; |
||||
|
||||
include /etc/nginx/mime.types; |
||||
default_type application/octet-stream; |
||||
|
||||
# Load modular configuration files from the /etc/nginx/conf.d directory. |
||||
# See http://nginx.org/en/docs/ngx_core_module.html#include |
||||
# for more information. |
||||
include /etc/nginx/conf.d/*.conf; |
||||
|
||||
server { |
||||
#listen 80 default_server; |
||||
#listen [::]:80 default_server; |
||||
listen [::]:80 default ipv6only=off; |
||||
return 301 https://$http_host$request_uri; |
||||
} |
||||
|
||||
server { |
||||
listen unix:/dev/shm/default.sock proxy_protocol; |
||||
server_name _; |
||||
root /usr/share/nginx/html; |
||||
|
||||
set_real_ip_from 127.0.0.1; |
||||
|
||||
# Load configuration files for the default server block. |
||||
include /etc/nginx/default.d/*.conf; |
||||
|
||||
location / { |
||||
} |
||||
|
||||
error_page 404 /404.html; |
||||
location = /40x.html { |
||||
} |
||||
|
||||
error_page 500 502 503 504 /50x.html; |
||||
location = /50x.html { |
||||
} |
||||
} |
||||
|
||||
server { |
||||
listen unix:/dev/shm/h2.sock http2 proxy_protocol; |
||||
server_name _; |
||||
root /usr/share/nginx/html; |
||||
|
||||
set_real_ip_from 127.0.0.1; |
||||
|
||||
# Load configuration files for the default server block. |
||||
include /etc/nginx/default.d/*.conf; |
||||
|
||||
location / { |
||||
} |
||||
|
||||
error_page 404 /404.html; |
||||
location = /40x.html { |
||||
} |
||||
|
||||
error_page 500 502 503 504 /50x.html; |
||||
location = /50x.html { |
||||
} |
||||
} |
||||
|
||||
# Settings for a TLS enabled server. |
||||
# |
||||
# server { |
||||
# listen 443 ssl http2 default_server; |
||||
# listen [::]:443 ssl http2 default_server; |
||||
# server_name _; |
||||
# root /usr/share/nginx/html; |
||||
# |
||||
# ssl_certificate "/etc/pki/nginx/server.crt"; |
||||
# ssl_certificate_key "/etc/pki/nginx/private/server.key"; |
||||
# ssl_session_cache shared:SSL:1m; |
||||
# ssl_session_timeout 10m; |
||||
# ssl_ciphers PROFILE=SYSTEM; |
||||
# ssl_prefer_server_ciphers on; |
||||
# |
||||
# # Load configuration files for the default server block. |
||||
# include /etc/nginx/default.d/*.conf; |
||||
# |
||||
# location / { |
||||
# } |
||||
# |
||||
# error_page 404 /404.html; |
||||
# location = /40x.html { |
||||
# } |
||||
# |
||||
# error_page 500 502 503 504 /50x.html; |
||||
# location = /50x.html { |
||||
# } |
||||
# } |
||||
|
||||
} |
||||
|
||||
Loading…
Reference in new issue