multiple configs on one port (#100)

* added all-in-one(everything on https) config * Commented http sub-config
2025-09-19 21:54:29 +08:00 · 2023-01-02 08:09:37 +03:30
parent 6517444af2
commit 648e771c00
3 changed files with 560 additions and 0 deletions
--- a/All-in-One-fallbacks-Nginx/nginx.conf
+++ b/All-in-One-fallbacks-Nginx/nginx.conf
@@ -0,0 +1,85 @@
+server {
+    listen unix:/dev/shm/h1.sock proxy_protocol default_server;
+    listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server;
+    set_real_ip_from unix:;
+    real_ip_header proxy_protocol;
+    server_name _;
+    return 400;
+} #Restrict domain name access (prohibit access to the website by IP) and return 400
+
+# HTTP1 UDS listener
+server {
+    listen unix:/dev/shm/h1.sock proxy_protocol; #HTTP/1.1 server monitor process and enable PROXY protocol reception
+    set_real_ip_from unix:;
+    real_ip_header proxy_protocol;
+    server_name examle.com behindcdn.com; #Change to your own domain name(s)
+
+    location / {
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; #启用HSTS
+        root /var/www/html; #Modify to the path of the WEB file stored by yourself (check the permissions)
+        index index.html index.htm;
+    }
+}
+
+# HTTP2 UDS listener
+server {
+    listen unix:/dev/shm/h2c.sock http2 proxy_protocol; #H2C server monitor process and enable PROXY protocol reception
+    set_real_ip_from unix:;
+    real_ip_header proxy_protocol;
+    server_name examle.com behindcdn.com; #Change to your own domain name(s) (don't forget to add the certificates to xray config)
+
+    # grpc settings
+    grpc_read_timeout 1h;
+    grpc_send_timeout 1h;
+    grpc_set_header X-Real-IP $remote_addr;
+
+    location /trgrpc { #corresponds to serviceName in trojan-grpc config of xray
+        if ($request_method != "POST") {
+            return 404;
+        } #POST returns 404 when negotiation fails
+        client_body_buffer_size 1m;
+        client_body_timeout 1h;
+        client_max_body_size 0;
+        grpc_pass grpc://127.0.0.1:3001;
+
+    }
+
+    location /vlgrpc { #corresponds to serviceName in vless-grpc config of xray
+        if ($request_method != "POST") {
+            return 404;
+        } #POST returns 404 when negotiation fails
+        client_body_buffer_size 1m;
+        client_body_timeout 1h;
+        client_max_body_size 0;
+        grpc_pass grpc://127.0.0.1:3002;
+
+    }
+
+    location /vmgrpc { #corresponds to serviceName in vmess-grpc config of xray
+        if ($request_method != "POST") {
+            return 404;
+        } #POST returns 404 when negotiation fails
+        client_body_buffer_size 1m;
+        client_body_timeout 1h;
+        client_max_body_size 0;
+        grpc_pass grpc://127.0.0.1:3003;
+
+    }
+    
+    location /ssgrpc { #corresponds to serviceName in shadowsocks-grpc config of xray
+        if ($request_method != "POST") {
+            return 404;
+        } #POST returns 404 when negotiation fails
+        client_body_buffer_size 1m;
+        client_body_timeout 1h;
+        client_max_body_size 0;
+        grpc_pass grpc://127.0.0.1:3004;
+    }
+
+    # Decoy website
+    location / {
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; #HSTS
+        root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
+        index index.html index.htm;
+    }
+}