From 2aad651777a42a64a01c67c78edf831a8030a4a5 Mon Sep 17 00:00:00 2001 From: OnlyCharacter <49280615+OnlyCharacter@users.noreply.github.com> Date: Mon, 25 Apr 2022 12:02:15 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0Trojan-TCP-XTLS=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=20(#7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add files via upload trojan的xtls配置 设置服务端配置的minVersion和OCSP Stapling nginx.conf增加HSTS * Create Test * Delete Test * Create config_server.json * Create config_client.json * Create nginx.conf * Delete config_server.json * Delete config_client.json * Delete nginx.conf * Update nginx.conf * Update config_client.json * Update config_client.json * Update config_server.json * Update nginx.conf * Update config_server.json --- Trojan-TCP-XTLS/config_client.json | 48 +++++++++++++++++++++++ Trojan-TCP-XTLS/config_server.json | 53 +++++++++++++++++++++++++ Trojan-TCP-XTLS/nginx.conf | 63 ++++++++++++++++++++++++++++++ 3 files changed, 164 insertions(+) create mode 100644 Trojan-TCP-XTLS/config_client.json create mode 100644 Trojan-TCP-XTLS/config_server.json create mode 100644 Trojan-TCP-XTLS/nginx.conf diff --git a/Trojan-TCP-XTLS/config_client.json b/Trojan-TCP-XTLS/config_client.json new file mode 100644 index 0000000..c6e81dd --- /dev/null +++ b/Trojan-TCP-XTLS/config_client.json @@ -0,0 +1,48 @@ +{ + "log": { + "loglevel": "debug" + }, + "inbounds": [ + { + "port": 1080, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + }, + { + "port": 1081, + "protocol": "http", + "sniffing": { + "enabled": true, + "destOverride": ["http", "tls"] + }, + "settings": { + "auth": "noauth" + } + } + ], + "outbounds": [ + { + "protocol": "trojan", + "settings": { + "servers": [ + { + "address": "example.com", // 你的域名或服务器 IP + "flow": "xtls-rprx-direct", // Linux 或安卓可改为 "xtls-rprx-splice" + "port": 443, + "password": "your_password" // 你的密码 + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "xtls", + "xtlsSettings": { + "serverName": "example.com" // 你的域名 + } + } + } + ] +} diff --git a/Trojan-TCP-XTLS/config_server.json b/Trojan-TCP-XTLS/config_server.json new file mode 100644 index 0000000..1111cc7 --- /dev/null +++ b/Trojan-TCP-XTLS/config_server.json @@ -0,0 +1,53 @@ +{ + "log": { + "loglevel": "debug" + }, + "inbounds": [ + { + "port": 443, + "protocol": "trojan", + "settings": { + "clients": [ + { + "password":"your_password", // 密码 + "flow": "xtls-rprx-direct" + } + ], + "fallbacks": [ + { + "dest": "/dev/shm/default.sock", + "xver": 1 + }, + { + "alpn": "h2", + "dest": "/dev/shm/h2c.sock", + "xver": 1 + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "xtls", + "xtlsSettings": { + "alpn": [ + "http/1.1", + "h2" + ], + "certificates": [ + { + "certificateFile": "/path/to/cert", // 证书文件绝对目录 + "keyFile": "/path/to/key", // 密钥文件绝对目录 + "ocspStapling": 3600 // 验证周期 3600 秒 + } + ], + "minVersion": "1.2" // 如果是ecc证书则最低使用 TLSv1.2 ,如果你不清楚证书类型或者不是 ecc 证书,删掉这行 + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom" + } + ] +} diff --git a/Trojan-TCP-XTLS/nginx.conf b/Trojan-TCP-XTLS/nginx.conf new file mode 100644 index 0000000..5cbe234 --- /dev/null +++ b/Trojan-TCP-XTLS/nginx.conf @@ -0,0 +1,63 @@ +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" ' + '$proxy_protocol_addr:$proxy_protocol_port'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + include /etc/nginx/conf.d/*.conf; + + server { + #listen 80 default_server; + #listen [::]:80 default_server; + listen [::]:80 default ipv6only=off; + return 301 https://$http_host$request_uri; + } + + server { + listen unix:/dev/shm/default.sock proxy_protocol; + listen unix:/dev/shm/h2c.sock http2 proxy_protocol; + + # 把example.com换成你的域名 + server_name example.com; + + root /usr/share/nginx/html; + + set_real_ip_from 127.0.0.1; + + + include /etc/nginx/default.d/*.conf; + + # 开启 HSTS ,混 sslab 的 A+ + add_header Strict-Transport-Security "max-age=63072000" always; + + error_page 404 /404.html; + location = /40x.html { + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } + } +}