VLESS-TCP-TLS (maximal by rprx)

4 years ago · 3cd226599c
parent ac224eaf7e
commit 3cd226599c
4 changed files with 231 additions and 0 deletions
--- a/rprx)/README.md
+++ b/rprx)/README.md
@ -0,0 +1,18 @@
+# VLESS + TCP + TLS + 回落（最强配置）
+
+你应当先了解 [最简配置](<https://github.com/v2fly/v2ray-examples/tree/master/VLESS-TCP-TLS%20(minimal%20by%20rprx)>)，若你有进阶需求如同时建站等，可以参考此配置
+
+此配置含 VLESS 回落高级用法：
+
+1. PROXY protocol，专用于传递请求的真实来源 IP 和端口
+2. 支持 h2 访问：ALPN 协商结果为 h2 时单独转发
+3. 使用 Unix domain socket，比环回地址效率更高
+
+Nginx 说明与注意事项：
+
+1. nginx.conf 根据 CentOS 8 dnf 的 nginx 修改而来
+2. 80 端口的 http 请求均被带 URI 301 到 https
+3. 重启 nginx 时可能需要手动删除它 bind 的 socket
+
+V2Ray 服务端 info 级别的 error 日志中有每次回落的详细原因</br>
+Nginx 的 access 日志中每行末尾有请求的真实来源 IP 和端口
--- a/rprx)/config_client.json
+++ b/rprx)/config_client.json
@ -0,0 +1,42 @@
+{
+    "log": {
+        "loglevel": "warning"
+    },
+    "inbounds": [
+        {
+            "port": 10800,
+            "listen": "127.0.0.1",
+            "protocol": "socks",
+            "settings": {
+                "udp": true
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "vless",
+            "settings": {
+                "vnext": [
+                    {
+                        "address": "example.com", // 换成你的域名或服务器 IP（发起请求时无需解析域名了）
+                        "port": 443,
+                        "users": [
+                            {
+                                "id": "", // 填写你的 UUID
+                                "encryption": "none",
+                                "level": 0
+                            }
+                        ]
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "tls",
+                "tlsSettings": {
+                    "serverName": "example.com" // 换成你的域名
+                }
+            }
+        }
+    ]
+}
--- a/rprx)/config_server.json
+++ b/rprx)/config_server.json
@ -0,0 +1,50 @@
+{
+    "log": {
+        "loglevel": "warning"
+    },
+    "inbounds": [
+        {
+            "port": 443,
+            "protocol": "vless",
+            "settings": {
+                "clients": [
+                    {
+                        "id": "", // 填写你的 UUID
+                        "level": 0,
+                        "email": "love@v2fly.org"
+                    }
+                ],
+                "decryption": "none",
+                "fallback": {
+                    "unix": "/dev/shm/default.sock",
+                    "xver": 1
+                },
+                "fallback_h2": {
+                    "unix": "/dev/shm/h2.sock",
+                    "xver": 1
+                }
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "tls",
+                "tlsSettings": {
+                    "alpn": [
+                        "h2",
+                        "http/1.1"
+                    ],
+                    "certificates": [
+                        {
+                            "certificateFile": "/path/to/tls.crt", // 换成你的证书，绝对路径
+                            "keyFile": "/path/to/tls.key" // 换成你的私钥，绝对路径
+                        }
+                    ]
+                }
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "freedom"
+        }
+    ]
+}
--- a/rprx)/nginx.conf
+++ b/rprx)/nginx.conf
@ -0,0 +1,121 @@
+# For more information on configuration, see:
+#   * Official English Documentation: http://nginx.org/en/docs/
+#   * Official Russian Documentation: http://nginx.org/ru/docs/
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for" '
+                      '$proxy_protocol_addr:$proxy_protocol_port';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+        #listen       80 default_server;
+        #listen       [::]:80 default_server;
+        listen       [::]:80 default ipv6only=off;
+        return       301 https://$http_host$request_uri;
+    }
+
+    server {
+        listen       unix:/dev/shm/default.sock proxy_protocol;
+        server_name  _;
+        root         /usr/share/nginx/html;
+
+        set_real_ip_from 127.0.0.1;
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+        location / {
+        }
+
+        error_page 404 /404.html;
+            location = /40x.html {
+        }
+
+        error_page 500 502 503 504 /50x.html;
+            location = /50x.html {
+        }
+    }
+
+    server {
+        listen       unix:/dev/shm/h2.sock http2 proxy_protocol;
+        server_name  _;
+        root         /usr/share/nginx/html;
+
+        set_real_ip_from 127.0.0.1;
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+        location / {
+        }
+
+        error_page 404 /404.html;
+            location = /40x.html {
+        }
+
+        error_page 500 502 503 504 /50x.html;
+            location = /50x.html {
+        }
+    }
+
+# Settings for a TLS enabled server.
+#
+#    server {
+#        listen       443 ssl http2 default_server;
+#        listen       [::]:443 ssl http2 default_server;
+#        server_name  _;
+#        root         /usr/share/nginx/html;
+#
+#        ssl_certificate "/etc/pki/nginx/server.crt";
+#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
+#        ssl_session_cache shared:SSL:1m;
+#        ssl_session_timeout  10m;
+#        ssl_ciphers PROFILE=SYSTEM;
+#        ssl_prefer_server_ciphers on;
+#
+#        # Load configuration files for the default server block.
+#        include /etc/nginx/default.d/*.conf;
+#
+#        location / {
+#        }
+#
+#        error_page 404 /404.html;
+#            location = /40x.html {
+#        }
+#
+#        error_page 500 502 503 504 /50x.html;
+#            location = /50x.html {
+#        }
+#    }
+
+}
+