Compare commits

...

21 Commits

Author SHA1 Message Date
xqzr
2a3aa86e4a Update Caddyfile 2024-10-26 03:10:34 +08:00
xqzr
ef8962658d Update nginx.conf 2024-10-26 02:55:19 +08:00
xqzr
f092fd7ae3 Update server.jsonc 2024-10-26 02:54:54 +08:00
xqzr
fb19ed3ed6 Update Caddyfile 2024-10-26 02:48:55 +08:00
xqzr
f7e1a4e5b4 Update server.jsonc 2024-10-26 02:38:33 +08:00
xqzr
100e729cc7 Update nginx.conf 2024-10-26 02:37:34 +08:00
yuhan6665
061321ad1c Update all json file to jsonc (#199) 2024-10-21 11:49:47 -04:00
风扇滑翔翼
c6ec3122f5 Add VLESS-TCP-REALITY(Without being stolen) 2024-10-20 12:05:33 +00:00
yuhan6665
bebf51e5f7 Add VLESS-H3-Caddy two modes 2024-10-17 04:54:23 -04:00
yuhan6665
2fe711231a Refactor VLESS-HTTP-Caddy folder 2024-10-17 03:58:05 -04:00
yuhan6665
301c7c0193 Delete Quic 2024-10-17 03:40:05 -04:00
mmmray
ca705fbd0b SplitHTTP: Add suggestion to disable nginx access logs 2024-08-31 11:58:34 +02:00
xor
129be747c3 Fix caddy reverse proxy latency (#195) 2024-08-26 10:22:31 -04:00
xqzr
34d78cc926 Starting with "application/grpc" 2024-08-02 22:33:20 +08:00
xqzr
8c9e1c5f4f Starting with "application/grpc" 2024-08-02 22:32:28 +08:00
IRN-Kawakaze
2988294bdc Fix incorrect formatting. (#192) 2024-07-22 23:28:03 +02:00
IRN-Kawakaze
4c64126604 Add SplitHTTP-HTTP3 config (#191) 2024-07-22 21:42:06 +02:00
chshouyu
d9d8f77541 Update websocket path ed from 2048 to 2560 2024-06-23 03:23:55 +08:00
mmmray
9d40021c5b Simplify SplitHTTP further, and add Caddyfile (#188)
* Simplify SplitHTTP further, and add Caddyfile

* raise log level

* enable udp

---------

Co-authored-by: 风扇滑翔翼 <Fangliding.fshxy@outlook.com>
2024-06-22 04:36:22 +08:00
iamtrazy
f605cda6a0 fixes for splitHttp nginx conf (#187)
* Update nginx.conf

removed unnecessary components from nginx conf

* fix: minor changes
2024-06-21 23:39:00 +08:00
iamtrazy
2a8fe45acd feat: added splitHttp nginx reverse proxy exmaple 2024-06-21 10:59:39 -04:00
104 changed files with 722 additions and 68 deletions

View File

@@ -28,7 +28,7 @@
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ssws?ed=2048"
"path": "/ssws?ed=2560"
},
"security": "tls",
"tlsSettings": {

View File

@@ -27,7 +27,7 @@
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/trojanws?ed=2048"
"path": "/trojanws?ed=2560"
},
"security": "tls",
"tlsSettings": {

View File

@@ -33,7 +33,7 @@
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/vmws?ed=2048"
"path": "/vmws?ed=2560"
},
"security": "tls",
"tlsSettings": {

View File

@@ -32,7 +32,7 @@
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/vlws?ed=2048"
"path": "/vlws?ed=2560"
},
"security": "tls",
"tlsSettings": {

View File

@@ -23,7 +23,7 @@ server {
keepalive_timeout 30m;
# 在 location 后填写 /你的 ServiceName
location /你的 ServiceName {
if ($content_type !~ "application/grpc") {
if ($content_type !~ "^application/grpc") {
return 404;
}
client_max_body_size 0;

View File

@@ -4,6 +4,7 @@ xx.com {
path /ServiceName/* # 修改为你自己的 ServiceName且仅能存在两个斜杠。/MyService/ServiceName/*会导致错误)
}
reverse_proxy @grpc unix//dev/shm/Xray-VLESS-gRPC.socket {
flush_interval -1
transport http {
versions h2c
}

View File

@@ -23,7 +23,7 @@ server {
keepalive_timeout 30m;
# 在 location 后填写 /你的 ServiceName
location /你的 ServiceName {
if ($content_type !~ "application/grpc") {
if ($content_type !~ "^application/grpc") {
return 404;
}
client_max_body_size 0;

View File

@@ -0,0 +1,9 @@
Xray 基于 HTTP/2 或 HTTP/3 的传输方式完整按照 HTTP 标准实现,可以通过其它的 HTTP 服务器(如 Caddy进行中转。
Caddy 使用 reverse_proxy 模块,一般使用 path 分流,主路径伪装为网站,中间人无法探测到 Xray-core请使用复杂 path
Caddy 默认开启 UDP 同端口的 HTTP/3 服务器,目前支持三种中转方式
- HTTP/2
- HTTP/3 解密后重新加密
- HTTP/3 转 H2C

View File

@@ -1,6 +1,10 @@
xx.com {
log {
level DEBUG
}
root * /var/www
file_server
tls CA.crt priv.key # 换成你的证书和私钥,绝对路径
reverse_proxy /path 127.0.0.1:2001 {
transport http {

View File

@@ -0,0 +1,17 @@
xx.com {
log {
level DEBUG
}
root * /var/www
file_server
tls CA.crt priv.key # 换成你的证书和私钥,绝对路径
reverse_proxy /path 127.0.0.1:2001 {
transport http {
tls
tls_client_auth CA.crt priv.key # 换成你的证书和私钥,绝对路径
tls_server_name xx.com
versions 3
}
}
}

View File

@@ -0,0 +1,7 @@
# 原理图:
Xray client <--- H3 ---> Caddy2 <--- H3 ---> Xray server
注意:
由于 H3 没有解密的明文传输标准 这种模式 Caddy 解密流量之后 会重新加密 会增加少许延迟和负载
目前仅 Caddy2 的 v2.9.0-beta.2 版及以后完美支持 Xray 的 H3 入站。

View File

@@ -0,0 +1,73 @@
{
"log":{},
"inbounds":[
{
"port":"1080",
"protocol":"socks",
"settings":{
"auth":"noauth",
"udp":true
}
},
{
"port":"1081",
"protocol":"http",
"settings":{}
}
],
"outbounds":[
{
"protocol":"vless",
"settings":{
"vnext":[
{
"address":"xx.com",
"port":443,
"users":[
{
"id":"",
"encryption":"none"
}
]
}
]
},
"streamSettings":{
"network":"http",
"security":"tls",
"httpSettings":{
"host":[
"xx.com"
],
"path":"/path"
}
},
"tlsSettings":{
"alpn":["h3"],
"serverName":"xx.com"
}
},
{
"tag":"direct",
"protocol":"freedom",
"settings":{}
},
{
"tag":"blocked",
"protocol":"blackhole",
"settings":{}
}
],
"routing":{
"domainStrategy":"IPOnDemand",
"rules":[
{
"type":"field",
"ip":[
"geoip:private"
],
"outboundTag":"direct"
}
]
}
}

View File

@@ -0,0 +1,66 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 2001,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "",
"email": "love@example.com"
}
],
"decryption": "none"
},
"streamSettings": {
"security": "tls",
"network": "http",
"httpSettings": {
"path": "/path",
"host": [
"xx.com"
]
},
"tlsSettings": {
// "rejectUnknownSni": true,
"minVersion": "1.3",
"alpn": ["h3"],
"certificates": [
{
"certificateFile": "CA.crt", // 换成你的证书,绝对路径
"keyFile": "priv.key" // 换成你的私钥,绝对路径
}
]
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": {}
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
}
]
}
}

View File

@@ -0,0 +1,11 @@
xx.com {
log {
level DEBUG
}
root * /var/www
file_server
tls CA.crt priv.key # 换成你的证书和私钥,绝对路径
reverse_proxy /path h2c://127.0.0.1:2001 {
}
}

View File

@@ -0,0 +1,5 @@
# 原理图:
Xray client <--- H3 ---> Caddy2 <--- H2C ---> Xray server
注意:
目前仅 Caddy2 的 v2.9.0-beta.2 版及以后完美支持 H3 转换 H2C 对接 Xray 的 H2C 入站。

View File

@@ -0,0 +1,73 @@
{
"log":{},
"inbounds":[
{
"port":"1080",
"protocol":"socks",
"settings":{
"auth":"noauth",
"udp":true
}
},
{
"port":"1081",
"protocol":"http",
"settings":{}
}
],
"outbounds":[
{
"protocol":"vless",
"settings":{
"vnext":[
{
"address":"xx.com",
"port":443,
"users":[
{
"id":"",
"encryption":"none"
}
]
}
]
},
"streamSettings":{
"network":"http",
"security":"tls",
"httpSettings":{
"host":[
"xx.com"
],
"path":"/path"
},
"tlsSettings":{
"alpn":["h3"],
"serverName":"xx.com"
}
}
},
{
"tag":"direct",
"protocol":"freedom",
"settings":{}
},
{
"tag":"blocked",
"protocol":"blackhole",
"settings":{}
}
],
"routing":{
"domainStrategy":"IPOnDemand",
"rules":[
{
"type":"field",
"ip":[
"geoip:private"
],
"outboundTag":"direct"
}
]
}
}

View File

@@ -0,0 +1,55 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 2001,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "",
"email": "love@example.com"
}
],
"decryption": "none"
},
"streamSettings": {
"security": "none",
"network": "http",
"httpSettings": {
"path": "/path",
"host": [
"xx.com"
]
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": {}
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
}
]
}
}

View File

@@ -0,0 +1,5 @@
# 不会被偷跑流量的 REALITY
一个老生常谈的问题,对于非法请求, reality都会无脑转发流量去dest如果reality的dest指向一个cloudflare网站那么相当于服务端变成了CF的端口转发任何人扫过来都可以拿来嫖。
目前的解决办法是不要使用这类的网站作为 dest, 懂一点的会告诉你用 nginx 的 stream 滤一遍 SNI 并丢掉非法请求,但是其实 Xray 本身就支持这种操作,这也是这个模板的原理

View File

@@ -0,0 +1,56 @@
// 直接从其他示例里 copy 过来的,客户端不需要任何特殊修改,要填的东西也一致
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10808,
"protocol": "socks",
"settings": {
"udp": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
],
"routeOnly": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "127.0.0.1",
"port": 443,
"users": [
{
"id": "", // Needs to match server side
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"fingerprint": "chrome",
"serverName": "speed.cloudflare.com",
"publicKey": "",
"spiderX": "",
"shortId": ""
}
},
"tag": "proxy"
}
]
}

View File

@@ -0,0 +1,93 @@
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"tag": "dokodemo-in",
"port": 443,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1",
"port": 4431, // 指向内网中的 reality 端口,示例是这个端口,如果要自己修改了记得这里和下面的 reality 入站都要修改
"network": "tcp"
},
"sniffing": { // 这里的 sniffing 不是多余的,别乱动
"enabled": true,
"destOverride": [
"tls"
],
"routeOnly": true
}
},
{
"listen": "127.0.0.1",
"port": 4431, // 见上 如果和其他服务冲突了可以换
"protocol": "vless",
"settings": {
"clients": [
{
"id": "" // uuid
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
// 下方要求和普通 reality 一致,这里演示 dest 设置为 cloudflare 不被偷跑流量所以设置为 speed.cloudflare.com 了
// 你可以设置为其他 CF 网站,如果你的 dest 不是这种网站你也不用点了进来不是吗
"dest": "speed.cloudflare.com:443",
"serverNames": [
"speed.cloudflare.com"
],
"privateKey": "", // 运行 `xray x25519` 生成
"shortIds": [
"",
"0123456789abcdef"
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
],
"routeOnly": true
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "blcok"
}
],
"routing": {
"rules": [
{
"inboundTag": [
"dokodemo-in"
],
// 重要,这个域名列表需要和 realitySettings 的 serverNames 保持一致
"domain": [
"speed.cloudflare.com"
],
"outboundTag": "direct"
},
{
"inboundTag": [
"dokodemo-in"
],
"outboundTag": "blcok"
}
]
}
}

View File

@@ -0,0 +1,5 @@
localhost:443 {
handle_path /split/* {
reverse_proxy http://127.0.0.1:1234
}
}

View File

@@ -0,0 +1,46 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10808,
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "",
"port": 443,
"users": [
{
"id": "",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "splithttp",
"splithttpSettings": {
"path": "/split"
},
"security": "tls",
"tlsSettings": {
"serverName": ""
}
},
"tag": "proxy"
}
]
}

View File

@@ -0,0 +1,23 @@
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
index index.html;
root /var/www/html;
ssl_certificate /path/to/example.cer;
ssl_certificate_key /path/to/example.cer;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
# splithttp produces very noisy access logs, as it sends many HTTP
# requests and uses querystrings for padding. It is recommended to turn
# them off after setup, or use custom log formats to limit the amount
# of information.
# access_log off;
location /split/ {
proxy_pass http://127.0.0.1:1234/;
proxy_http_version 1.1;
proxy_redirect off;
}
}

View File

@@ -0,0 +1,38 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 1234,
"protocol": "vless",
"settings": {
"clients": [
{
"id": ""
}
],
"decryption": "none"
},
"streamSettings": {
"network": "splithttp"
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
}
]
}

View File

@@ -0,0 +1,12 @@
# VLESS-TLS-SplitHTTP-H3
## 原理图:
直连Xray client <--- HTTP3 ---> Xray server
配合 CDN 使用Xray client <--- HTTP3 ---> CDN <--- HTTP2 or HTTP/1.1 ---> Xray server
## 注意:
默认配置仅支持客户端通过 HTTP3 直连服务端,如需和 CDN 一同使用,请参照注释修改服务端的 alpn。

View File

@@ -0,0 +1,54 @@
{
"inbounds": [
{
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
},
"port": 10808,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "example.com", // Change to your domain.
"port": 443,
"users": [
{
"id": "UUID", // Change to your UUID.
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "splithttp",
"security": "tls",
"splithttpSettings": {
"path": "/splithttp",
"host": "example.com" // Change to your domain.
},
"tlsSettings": {
"serverName": "example.com", // Change to your domain.
"alpn": [
"h3"
]
}
}
}
]
}

View File

@@ -0,0 +1,54 @@
{
"inbounds": [
{
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
},
"port": 443,
"listen": "0.0.0.0",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "UUID" // Change to your UUID.
}
],
"decryption": "none"
},
"streamSettings": {
"network": "splithttp",
"security": "tls",
"splithttpSettings": {
"path": "/splithttp",
"host": "example.com" // Change to your domain.
},
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.3",
"alpn": [
"h3" // If you want to use with CDN, you need to change alpn to ["h2", "http/1.1"].
],
"certificates": [
{
"ocspStapling": 3600,
"certificateFile": "/path/to/fullchain.pem", // Change to your fullchain file path.
"keyFile": "/path/to/privkey.pem" // Change to your private key file path.
}
]
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom"
}
]
}

View File

@@ -36,14 +36,15 @@
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/Path2WS?ed=2048" //?ed=2048 path
"path": "/Path2WS?ed=2560" //?ed=2560 path
},
"tlsSettings": {
"allowInsecure": false,
"serverName": "xx.com", //Equal to "SNI"
"serverName": "xx.com", //Equal to "SNI"
"fingerprint": "chrome" //"chrome" or "firefox"
}
}
}},
},
{
"tag": "direct",
"protocol": "freedom",
@@ -60,9 +61,7 @@
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"ip": ["geoip:private"],
"outboundTag": "direct"
}
]

View File

@@ -11,12 +11,12 @@ server {
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
# 在 location 后填写 /你的 path
location /你的 path {
# 在 location 后填写 /你的 path/
location /你的 path/ {
if ($http_upgrade != "websocket") {
return 404;
}
proxy_pass http://127.0.0.1:1234;
proxy_pass http://127.0.0.1:1234/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;

View File

@@ -16,10 +16,7 @@
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/Path2WS" // path
}
"network": "ws"
},
"sniffing": {
"enabled": true,

View File

@@ -1,25 +0,0 @@
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "",
"port": 443, // 也可以用 8443 nginx 的默认 http3 端口 https://quic.nginx.org/readme.html
"users": [
{
"id": "",
"security": "zero"
}
]
}
]
},
"streamSettings": {
"network": "quic",
"quicSettings": {}, // 不使用伪装头和额外加密 原生 quic 流量特征
"security": "tls",
"tlsSettings": {
"servername": "*" //servername 必填 因为 quic 会验证 sni 否则不发包
}
}
}

View File

@@ -1,24 +0,0 @@
{
"port": 443,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": ""
}
]
},
"streamSettings": {
"network": "quic",
"quicSettings": {},
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "fullchain.crt", // 使用真实证书
"keyFile": "private.key"
}
]
}
}
}

Some files were not shown because too many files have changed in this diff Show More