From bebf51e5f72af15e465d91386a8545b85a305be4 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Thu, 17 Oct 2024 04:54:23 -0400 Subject: [PATCH] Add VLESS-H3-Caddy two modes --- VLESS-HTTP-Caddy/VLESS-H2C-Caddy/Caddyfile | 4 + VLESS-HTTP-Caddy/VLESS-H3-Caddy/Caddyfile | 17 +++++ VLESS-HTTP-Caddy/VLESS-H3-Caddy/README.md | 7 ++ VLESS-HTTP-Caddy/VLESS-H3-Caddy/client.json | 73 +++++++++++++++++++ VLESS-HTTP-Caddy/VLESS-H3-Caddy/server.json | 66 +++++++++++++++++ .../VLESS-H3-To-H2C-Caddy/Caddyfile | 11 +++ .../VLESS-H3-To-H2C-Caddy/README.md | 5 ++ .../VLESS-H3-To-H2C-Caddy/client.json | 73 +++++++++++++++++++ .../VLESS-H3-To-H2C-Caddy/server.json | 55 ++++++++++++++ 9 files changed, 311 insertions(+) create mode 100644 VLESS-HTTP-Caddy/VLESS-H3-Caddy/Caddyfile create mode 100644 VLESS-HTTP-Caddy/VLESS-H3-Caddy/README.md create mode 100644 VLESS-HTTP-Caddy/VLESS-H3-Caddy/client.json create mode 100644 VLESS-HTTP-Caddy/VLESS-H3-Caddy/server.json create mode 100644 VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/Caddyfile create mode 100644 VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/README.md create mode 100644 VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/client.json create mode 100644 VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/server.json diff --git a/VLESS-HTTP-Caddy/VLESS-H2C-Caddy/Caddyfile b/VLESS-HTTP-Caddy/VLESS-H2C-Caddy/Caddyfile index 1484448..77587d6 100644 --- a/VLESS-HTTP-Caddy/VLESS-H2C-Caddy/Caddyfile +++ b/VLESS-HTTP-Caddy/VLESS-H2C-Caddy/Caddyfile @@ -1,6 +1,10 @@ xx.com { + log { + level DEBUG + } root * /var/www file_server + tls CA.crt priv.key # 换成你的证书和私钥,绝对路径 reverse_proxy /path 127.0.0.1:2001 { transport http { diff --git a/VLESS-HTTP-Caddy/VLESS-H3-Caddy/Caddyfile b/VLESS-HTTP-Caddy/VLESS-H3-Caddy/Caddyfile new file mode 100644 index 0000000..6144688 --- /dev/null +++ b/VLESS-HTTP-Caddy/VLESS-H3-Caddy/Caddyfile @@ -0,0 +1,17 @@ +xx.com { + log { + level DEBUG + } + root * /var/www + file_server + tls CA.crt priv.key # 换成你的证书和私钥,绝对路径 + + reverse_proxy /path 127.0.0.1:2001 { + transport http { + tls + tls_client_auth CA.crt priv.key # 换成你的证书和私钥,绝对路径 + tls_server_name xx.com + versions 3 + } + } +} diff --git a/VLESS-HTTP-Caddy/VLESS-H3-Caddy/README.md b/VLESS-HTTP-Caddy/VLESS-H3-Caddy/README.md new file mode 100644 index 0000000..4d1eafc --- /dev/null +++ b/VLESS-HTTP-Caddy/VLESS-H3-Caddy/README.md @@ -0,0 +1,7 @@ +# 原理图: +Xray client <--- H3 ---> Caddy2 <--- H3 ---> Xray server + +注意: +由于 H3 没有解密的明文传输标准 这种模式 Caddy 解密流量之后 会重新加密 会增加少许延迟和负载 + +目前仅 Caddy2 的 v2.9.0-beta.2 版及以后完美支持 Xray 的 H3 入站。 diff --git a/VLESS-HTTP-Caddy/VLESS-H3-Caddy/client.json b/VLESS-HTTP-Caddy/VLESS-H3-Caddy/client.json new file mode 100644 index 0000000..b1cb2c7 --- /dev/null +++ b/VLESS-HTTP-Caddy/VLESS-H3-Caddy/client.json @@ -0,0 +1,73 @@ +{ + "log":{}, + "inbounds":[ + { + "port":"1080", + "protocol":"socks", + "settings":{ + "auth":"noauth", + "udp":true + } + }, + { + "port":"1081", + "protocol":"http", + "settings":{} + } + ], + "outbounds":[ + { + "protocol":"vless", + "settings":{ + "vnext":[ + { + "address":"xx.com", + "port":443, + "users":[ + { + "id":"", + "encryption":"none" + } + ] + } + ] + }, + "streamSettings":{ + "network":"http", + "security":"tls", + "httpSettings":{ + "host":[ + "xx.com" + ], + "path":"/path" + } + }, + "tlsSettings":{ + "alpn":["h3"], + "serverName":"xx.com" + } + }, + { + "tag":"direct", + "protocol":"freedom", + "settings":{} + }, + { + "tag":"blocked", + "protocol":"blackhole", + "settings":{} + } + ], + "routing":{ + "domainStrategy":"IPOnDemand", + "rules":[ + { + "type":"field", + "ip":[ + "geoip:private" + ], + "outboundTag":"direct" + } + ] + } +} diff --git a/VLESS-HTTP-Caddy/VLESS-H3-Caddy/server.json b/VLESS-HTTP-Caddy/VLESS-H3-Caddy/server.json new file mode 100644 index 0000000..86a214b --- /dev/null +++ b/VLESS-HTTP-Caddy/VLESS-H3-Caddy/server.json @@ -0,0 +1,66 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 2001, + "listen": "127.0.0.1", + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", + "email": "love@example.com" + } + ], + "decryption": "none" + }, + "streamSettings": { + "security": "tls", + "network": "http", + "httpSettings": { + "path": "/path", + "host": [ + "xx.com" + ] + }, + "tlsSettings": { + // "rejectUnknownSni": true, + "minVersion": "1.3", + "alpn": ["h3"], + "certificates": [ + { + "certificateFile": "CA.crt", // 换成你的证书,绝对路径 + "keyFile": "priv.key" // 换成你的私钥,绝对路径 + } + ] + } + } + } + ], + "outbounds": [ + { + "tag": "direct", + "protocol": "freedom", + "settings": {} + }, + { + "tag": "blocked", + "protocol": "blackhole", + "settings": {} + } + ], + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } + ] + } +} diff --git a/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/Caddyfile b/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/Caddyfile new file mode 100644 index 0000000..dee83a1 --- /dev/null +++ b/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/Caddyfile @@ -0,0 +1,11 @@ +xx.com { + log { + level DEBUG + } + root * /var/www + file_server + tls CA.crt priv.key # 换成你的证书和私钥,绝对路径 + + reverse_proxy /path h2c://127.0.0.1:2001 { + } +} diff --git a/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/README.md b/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/README.md new file mode 100644 index 0000000..5a9602d --- /dev/null +++ b/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/README.md @@ -0,0 +1,5 @@ +# 原理图: +Xray client <--- H3 ---> Caddy2 <--- H2C ---> Xray server + +注意: +目前仅 Caddy2 的 v2.9.0-beta.2 版及以后完美支持 H3 转换 H2C 对接 Xray 的 H2C 入站。 diff --git a/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/client.json b/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/client.json new file mode 100644 index 0000000..b71e47a --- /dev/null +++ b/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/client.json @@ -0,0 +1,73 @@ +{ + "log":{}, + "inbounds":[ + { + "port":"1080", + "protocol":"socks", + "settings":{ + "auth":"noauth", + "udp":true + } + }, + { + "port":"1081", + "protocol":"http", + "settings":{} + } + ], + "outbounds":[ + { + "protocol":"vless", + "settings":{ + "vnext":[ + { + "address":"xx.com", + "port":443, + "users":[ + { + "id":"", + "encryption":"none" + } + ] + } + ] + }, + "streamSettings":{ + "network":"http", + "security":"tls", + "httpSettings":{ + "host":[ + "xx.com" + ], + "path":"/path" + }, + "tlsSettings":{ + "alpn":["h3"], + "serverName":"xx.com" + } + } + }, + { + "tag":"direct", + "protocol":"freedom", + "settings":{} + }, + { + "tag":"blocked", + "protocol":"blackhole", + "settings":{} + } + ], + "routing":{ + "domainStrategy":"IPOnDemand", + "rules":[ + { + "type":"field", + "ip":[ + "geoip:private" + ], + "outboundTag":"direct" + } + ] + } +} diff --git a/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/server.json b/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/server.json new file mode 100644 index 0000000..1525966 --- /dev/null +++ b/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/server.json @@ -0,0 +1,55 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 2001, + "listen": "127.0.0.1", + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", + "email": "love@example.com" + } + ], + "decryption": "none" + }, + "streamSettings": { + "security": "none", + "network": "http", + "httpSettings": { + "path": "/path", + "host": [ + "xx.com" + ] + } + } + } + ], + "outbounds": [ + { + "tag": "direct", + "protocol": "freedom", + "settings": {} + }, + { + "tag": "blocked", + "protocol": "blackhole", + "settings": {} + } + ], + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } + ] + } +}