From 3cd226599c6d4d30571227718bfde441a58e007a Mon Sep 17 00:00:00 2001 From: RPRX <63339210+rprx@users.noreply.github.com> Date: Sun, 9 Aug 2020 06:31:10 +0000 Subject: [PATCH] VLESS-TCP-TLS (maximal by rprx) --- VLESS-TCP-TLS (maximal by rprx)/README.md | 18 +++ .../config_client.json | 42 ++++++ .../config_server.json | 50 ++++++++ VLESS-TCP-TLS (maximal by rprx)/nginx.conf | 121 ++++++++++++++++++ 4 files changed, 231 insertions(+) create mode 100644 VLESS-TCP-TLS (maximal by rprx)/README.md create mode 100644 VLESS-TCP-TLS (maximal by rprx)/config_client.json create mode 100644 VLESS-TCP-TLS (maximal by rprx)/config_server.json create mode 100644 VLESS-TCP-TLS (maximal by rprx)/nginx.conf diff --git a/VLESS-TCP-TLS (maximal by rprx)/README.md b/VLESS-TCP-TLS (maximal by rprx)/README.md new file mode 100644 index 0000000..ca36396 --- /dev/null +++ b/VLESS-TCP-TLS (maximal by rprx)/README.md @@ -0,0 +1,18 @@ +# VLESS + TCP + TLS + 回落(最强配置) + +你应当先了解 [最简配置](),若你有进阶需求如同时建站等,可以参考此配置 + +此配置含 VLESS 回落高级用法: + +1. PROXY protocol,专用于传递请求的真实来源 IP 和端口 +2. 支持 h2 访问:ALPN 协商结果为 h2 时单独转发 +3. 使用 Unix domain socket,比环回地址效率更高 + +Nginx 说明与注意事项: + +1. nginx.conf 根据 CentOS 8 dnf 的 nginx 修改而来 +2. 80 端口的 http 请求均被带 URI 301 到 https +3. 重启 nginx 时可能需要手动删除它 bind 的 socket + +V2Ray 服务端 info 级别的 error 日志中有每次回落的详细原因
+Nginx 的 access 日志中每行末尾有请求的真实来源 IP 和端口 diff --git a/VLESS-TCP-TLS (maximal by rprx)/config_client.json b/VLESS-TCP-TLS (maximal by rprx)/config_client.json new file mode 100644 index 0000000..a93646d --- /dev/null +++ b/VLESS-TCP-TLS (maximal by rprx)/config_client.json @@ -0,0 +1,42 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10800, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "example.com", // 换成你的域名或服务器 IP(发起请求时无需解析域名了) + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "serverName": "example.com" // 换成你的域名 + } + } + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-TLS (maximal by rprx)/config_server.json b/VLESS-TCP-TLS (maximal by rprx)/config_server.json new file mode 100644 index 0000000..d55de1b --- /dev/null +++ b/VLESS-TCP-TLS (maximal by rprx)/config_server.json @@ -0,0 +1,50 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 443, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", // 填写你的 UUID + "level": 0, + "email": "love@v2fly.org" + } + ], + "decryption": "none", + "fallback": { + "unix": "/dev/shm/default.sock", + "xver": 1 + }, + "fallback_h2": { + "unix": "/dev/shm/h2.sock", + "xver": 1 + } + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "alpn": [ + "h2", + "http/1.1" + ], + "certificates": [ + { + "certificateFile": "/path/to/tls.crt", // 换成你的证书,绝对路径 + "keyFile": "/path/to/tls.key" // 换成你的私钥,绝对路径 + } + ] + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom" + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-TLS (maximal by rprx)/nginx.conf b/VLESS-TCP-TLS (maximal by rprx)/nginx.conf new file mode 100644 index 0000000..440e427 --- /dev/null +++ b/VLESS-TCP-TLS (maximal by rprx)/nginx.conf @@ -0,0 +1,121 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" ' + '$proxy_protocol_addr:$proxy_protocol_port'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + + server { + #listen 80 default_server; + #listen [::]:80 default_server; + listen [::]:80 default ipv6only=off; + return 301 https://$http_host$request_uri; + } + + server { + listen unix:/dev/shm/default.sock proxy_protocol; + server_name _; + root /usr/share/nginx/html; + + set_real_ip_from 127.0.0.1; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + + location / { + } + + error_page 404 /404.html; + location = /40x.html { + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } + } + + server { + listen unix:/dev/shm/h2.sock http2 proxy_protocol; + server_name _; + root /usr/share/nginx/html; + + set_real_ip_from 127.0.0.1; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + + location / { + } + + error_page 404 /404.html; + location = /40x.html { + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } + } + +# Settings for a TLS enabled server. +# +# server { +# listen 443 ssl http2 default_server; +# listen [::]:443 ssl http2 default_server; +# server_name _; +# root /usr/share/nginx/html; +# +# ssl_certificate "/etc/pki/nginx/server.crt"; +# ssl_certificate_key "/etc/pki/nginx/private/server.key"; +# ssl_session_cache shared:SSL:1m; +# ssl_session_timeout 10m; +# ssl_ciphers PROFILE=SYSTEM; +# ssl_prefer_server_ciphers on; +# +# # Load configuration files for the default server block. +# include /etc/nginx/default.d/*.conf; +# +# location / { +# } +# +# error_page 404 /404.html; +# location = /40x.html { +# } +# +# error_page 500 502 503 504 /50x.html; +# location = /50x.html { +# } +# } + +} +