enable udp

All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-WS-TLS.json

@@ -28,7 +28,7 @@
       "streamSettings": {
         "network": "ws",
         "wsSettings": {
-          "path": "/ssws?ed=2560"
+          "path": "/ssws?ed=2048"
         },
         "security": "tls",
         "tlsSettings": {

All-in-One-fallbacks-Nginx/client.configs/Trojan-WS-TLS.json

@@ -27,7 +27,7 @@
       "streamSettings": {
         "network": "ws",
         "wsSettings": {
-          "path": "/trojanws?ed=2560"
+          "path": "/trojanws?ed=2048"
         },
         "security": "tls",
         "tlsSettings": {

All-in-One-fallbacks-Nginx/client.configs/VMESS-WS-TLS.json

@@ -33,7 +33,7 @@
       "streamSettings": {
         "network": "ws",
         "wsSettings": {
-          "path": "/vmws?ed=2560"
+          "path": "/vmws?ed=2048"
         },
         "security": "tls",
         "tlsSettings": {

All-in-One-fallbacks-Nginx/client.configs/Vless-WS-TLS.json

@@ -32,7 +32,7 @@
       "streamSettings": {
         "network": "ws",
         "wsSettings": {
-          "path": "/vlws?ed=2560"
+          "path": "/vlws?ed=2048"
         },
         "security": "tls",
         "tlsSettings": {

Trojan-gRPC-Caddy2／Nginx/README.md

@@ -23,7 +23,7 @@ server {
         keepalive_timeout 30m;
 	# 在 location 后填写 /你的 ServiceName
 	location /你的 ServiceName {
-		if ($content_type !~ "^application/grpc") {
+		if ($content_type !~ "application/grpc") {
 			return 404;
 		}
 		client_max_body_size 0;

VLESS-GRPC/Caddyfile

@@ -4,7 +4,6 @@ xx.com {
 		path /ServiceName/* # 修改为你自己的 ServiceName，且仅能存在两个斜杠。（如：/MyService/ServiceName/*会导致错误）
 	}
 	reverse_proxy @grpc unix//dev/shm/Xray-VLESS-gRPC.socket {
-		flush_interval -1
 		transport http {
 			versions h2c
 		}

VLESS-GRPC/README.md

@@ -23,7 +23,7 @@ server {
         keepalive_timeout 30m;
 	# 在 location 后填写 /你的 ServiceName
 	location /你的 ServiceName {
-		if ($content_type !~ "^application/grpc") {
+		if ($content_type !~ "application/grpc") {
 			return 404;
 		}
 		client_max_body_size 0;

VLESS-H2C-Caddy2/Caddyfile

@@ -1,10 +1,6 @@
 xx.com {
-    log {
-        level DEBUG
-    }
     root * /var/www
     file_server
-    tls CA.crt priv.key # 换成你的证书和私钥，绝对路径
     
     reverse_proxy /path 127.0.0.1:2001 {
         transport http {

VLESS-HTTP-Caddy/README.md

@@ -1,9 +0,0 @@
-Xray 基于 HTTP/2 或 HTTP/3 的传输方式完整按照 HTTP 标准实现，可以通过其它的 HTTP 服务器（如 Caddy）进行中转。
-
-Caddy 使用 reverse_proxy 模块，一般使用 path 分流，主路径伪装为网站，中间人无法探测到 Xray-core（请使用复杂 path）。
-
-Caddy 默认开启 UDP 同端口的 HTTP/3 服务器，目前支持三种中转方式
-
-- HTTP/2
-- HTTP/3 解密后重新加密
-- HTTP/3 转 H2C

VLESS-HTTP-Caddy/VLESS-H3-Caddy/Caddyfile

@@ -1,17 +0,0 @@
-xx.com {
-    log {
-        level DEBUG
-    }
-    root * /var/www
-    file_server
-    tls CA.crt priv.key # 换成你的证书和私钥，绝对路径
-    
-    reverse_proxy /path 127.0.0.1:2001 {
-        transport http {
-            tls
-            tls_client_auth CA.crt priv.key # 换成你的证书和私钥，绝对路径
-            tls_server_name xx.com
-            versions 3
-        }
-    }
-}

VLESS-HTTP-Caddy/VLESS-H3-Caddy/README.md

@@ -1,7 +0,0 @@
-# 原理图：
-Xray client <--- H3 ---> Caddy2 <--- H3 ---> Xray server
-
-注意：
-由于 H3 没有解密的明文传输标准 这种模式 Caddy 解密流量之后 会重新加密 会增加少许延迟和负载
-
-目前仅 Caddy2 的 v2.9.0-beta.2 版及以后完美支持 Xray 的 H3 入站。

VLESS-HTTP-Caddy/VLESS-H3-Caddy/client.jsonc

@@ -1,73 +0,0 @@
-{
-  "log":{},
-  "inbounds":[
-    {
-      "port":"1080",
-      "protocol":"socks",
-      "settings":{
-        "auth":"noauth",
-        "udp":true
-      }
-    },
-    {
-      "port":"1081",
-      "protocol":"http",
-      "settings":{}
-    }
-  ],
-  "outbounds":[
-    {
-      "protocol":"vless",
-      "settings":{
-        "vnext":[
-          {
-            "address":"xx.com",
-            "port":443,
-            "users":[
-              {
-                "id":"",
-                "encryption":"none"
-              }
-            ]
-          }
-        ]
-      },
-      "streamSettings":{
-        "network":"http",
-        "security":"tls",
-        "httpSettings":{
-          "host":[
-            "xx.com"
-          ],
-          "path":"/path"
-        }
-      },
-      "tlsSettings":{
-        "alpn":["h3"],
-        "serverName":"xx.com"
-      }
-    },
-    {
-      "tag":"direct",
-      "protocol":"freedom",
-      "settings":{}
-    },
-    {
-      "tag":"blocked",
-      "protocol":"blackhole",
-      "settings":{}
-    }
-  ],
-  "routing":{
-    "domainStrategy":"IPOnDemand",
-    "rules":[
-      {
-        "type":"field",
-        "ip":[
-          "geoip:private"
-        ],
-        "outboundTag":"direct"
-      }
-    ]
-  }
-}

VLESS-HTTP-Caddy/VLESS-H3-Caddy/server.jsonc

@@ -1,66 +0,0 @@
-{
-  "log": {
-    "loglevel": "warning"
-  },
-  "inbounds": [
-    {
-      "port": 2001,
-      "listen": "127.0.0.1",
-      "protocol": "vless",
-      "settings": {
-        "clients": [
-          {
-            "id": "",
-            "email": "love@example.com"
-          }
-        ],
-        "decryption": "none"
-      },
-      "streamSettings": {
-        "security": "tls",
-        "network": "http",
-        "httpSettings": {
-          "path": "/path",
-          "host": [
-            "xx.com"
-          ]
-        },
-        "tlsSettings": {
-          // "rejectUnknownSni": true,
-          "minVersion": "1.3",
-          "alpn": ["h3"],
-          "certificates": [
-              {
-                  "certificateFile": "CA.crt", // 换成你的证书，绝对路径
-                  "keyFile": "priv.key" // 换成你的私钥，绝对路径
-              }
-          ]
-        }
-      }
-    }
-  ],
-  "outbounds": [
-    {
-      "tag": "direct",
-      "protocol": "freedom",
-      "settings": {}
-    },
-    {
-      "tag": "blocked",
-      "protocol": "blackhole",
-      "settings": {}
-    }
-  ],
-  "routing": {
-    "domainStrategy": "AsIs",
-    "rules": [
-      {
-        "type": "field",
-        "ip": [
-          "geoip:private"
-        ],
-        "outboundTag": "blocked"
-      }
-    ]
-  }
-}

VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/Caddyfile

@@ -1,11 +0,0 @@
-xx.com {
-    log {
-        level DEBUG
-    }
-    root * /var/www
-    file_server
-    tls CA.crt priv.key # 换成你的证书和私钥，绝对路径
-    
-    reverse_proxy /path h2c://127.0.0.1:2001 {
-    }
-}

VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/README.md

@@ -1,5 +0,0 @@
-# 原理图：
-Xray client <--- H3 ---> Caddy2 <--- H2C ---> Xray server
-
-注意：
-目前仅 Caddy2 的 v2.9.0-beta.2 版及以后完美支持 H3 转换 H2C 对接 Xray 的 H2C 入站。

VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/client.jsonc

@@ -1,73 +0,0 @@
-{
-  "log":{},
-  "inbounds":[
-    {
-      "port":"1080",
-      "protocol":"socks",
-      "settings":{
-        "auth":"noauth",
-        "udp":true
-      }
-    },
-    {
-      "port":"1081",
-      "protocol":"http",
-      "settings":{}
-    }
-  ],
-  "outbounds":[
-    {
-      "protocol":"vless",
-      "settings":{
-        "vnext":[
-          {
-            "address":"xx.com",
-            "port":443,
-            "users":[
-              {
-                "id":"",
-                "encryption":"none"
-              }
-            ]
-          }
-        ]
-      },
-      "streamSettings":{
-        "network":"http",
-        "security":"tls",
-        "httpSettings":{
-          "host":[
-            "xx.com"
-          ],
-          "path":"/path"
-        },
-        "tlsSettings":{
-          "alpn":["h3"],
-          "serverName":"xx.com"
-        }
-      }
-    },
-    {
-      "tag":"direct",
-      "protocol":"freedom",
-      "settings":{}
-    },
-    {
-      "tag":"blocked",
-      "protocol":"blackhole",
-      "settings":{}
-    }
-  ],
-  "routing":{
-    "domainStrategy":"IPOnDemand",
-    "rules":[
-      {
-        "type":"field",
-        "ip":[
-          "geoip:private"
-        ],
-        "outboundTag":"direct"
-      }
-    ]
-  }
-}

VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/server.jsonc

@@ -1,55 +0,0 @@
-{
-  "log": {
-    "loglevel": "warning"
-  },
-  "inbounds": [
-    {
-      "port": 2001,
-      "listen": "127.0.0.1",
-      "protocol": "vless",
-      "settings": {
-        "clients": [
-          {
-            "id": "",
-            "email": "love@example.com"
-          }
-        ],
-        "decryption": "none"
-      },
-      "streamSettings": {
-        "security": "none",
-        "network": "http",
-        "httpSettings": {
-          "path": "/path",
-          "host": [
-            "xx.com"
-          ]
-        }
-      }
-    }
-  ],
-  "outbounds": [
-    {
-      "tag": "direct",
-      "protocol": "freedom",
-      "settings": {}
-    },
-    {
-      "tag": "blocked",
-      "protocol": "blackhole",
-      "settings": {}
-    }
-  ],
-  "routing": {
-    "domainStrategy": "AsIs",
-    "rules": [
-      {
-        "type": "field",
-        "ip": [
-          "geoip:private"
-        ],
-        "outboundTag": "blocked"
-      }
-    ]
-  }
-}

VLESS-TCP-REALITY(Without being stolen)/README.md

@@ -1,5 +0,0 @@
-# 不会被偷跑流量的 REALITY
-
-一个老生常谈的问题，对于非法请求, reality都会无脑转发流量去dest，如果reality的dest指向一个cloudflare网站，那么相当于服务端变成了CF的端口转发，任何人扫过来都可以拿来嫖。
-
-目前的解决办法是不要使用这类的网站作为 dest, 懂一点的会告诉你用 nginx 的 stream 滤一遍 SNI 并丢掉非法请求，但是其实 Xray 本身就支持这种操作，这也是这个模板的原理

VLESS-TCP-REALITY(Without being stolen)/config_client.jsonc

@@ -1,56 +0,0 @@
-// 直接从其他示例里 copy 过来的，客户端不需要任何特殊修改，要填的东西也一致
-{
-    "log": {
-        "loglevel": "debug"
-    },
-    "inbounds": [
-        {
-            "listen": "127.0.0.1", 
-            "port": 10808, 
-            "protocol": "socks",
-            "settings": {
-                "udp": true
-            },
-            "sniffing": {
-                "enabled": true,
-                "destOverride": [
-                    "http",
-                    "tls",
-                    "quic"
-                ],
-                "routeOnly": true
-            }
-        }
-    ],
-    "outbounds": [
-        {
-            "protocol": "vless",
-            "settings": {
-                "vnext": [
-                    {
-                        "address": "127.0.0.1", 
-                        "port": 443, 
-                        "users": [
-                            {
-                                "id": "", // Needs to match server side
-                                "encryption": "none"
-                            }
-                        ]
-                    }
-                ]
-            },
-            "streamSettings": {
-                "network": "tcp",
-                "security": "reality",
-                "realitySettings": {
-                    "fingerprint": "chrome", 
-                    "serverName": "speed.cloudflare.com",
-                    "publicKey": "",
-                    "spiderX": "",
-                    "shortId": ""
-                }
-            },
-            "tag": "proxy"
-        }
-    ]
-}

VLESS-TCP-REALITY(Without being stolen)/config_server.jsonc

@@ -1,93 +0,0 @@
-{
-    "log": {
-        "loglevel": "debug"
-    },
-    "inbounds": [
-        {
-            "tag": "dokodemo-in",
-            "port": 443,
-            "protocol": "dokodemo-door",
-            "settings": {
-                "address": "127.0.0.1",
-                "port": 4431,  // 指向内网中的 reality 端口，示例是这个端口，如果要自己修改了记得这里和下面的 reality 入站都要修改
-                "network": "tcp"
-            },
-            "sniffing": { // 这里的 sniffing 不是多余的，别乱动
-                "enabled": true,
-                "destOverride": [
-                    "tls"
-                ],
-                "routeOnly": true
-            }
-        },
-        {
-            "listen": "127.0.0.1",
-            "port": 4431, // 见上 如果和其他服务冲突了可以换
-            "protocol": "vless",
-            "settings": {
-                "clients": [
-                    {
-                        "id": "" // uuid
-                    }
-                ],
-                "decryption": "none"
-            },
-            "streamSettings": {
-                "network": "tcp",
-                "security": "reality",
-                "realitySettings": {
-                    // 下方要求和普通 reality 一致，这里演示 dest 设置为 cloudflare 不被偷跑流量所以设置为 speed.cloudflare.com 了
-                    // 你可以设置为其他 CF 网站，如果你的 dest 不是这种网站你也不用点了进来不是吗
-                    "dest": "speed.cloudflare.com:443",
-                    "serverNames": [
-                        "speed.cloudflare.com"
-                    ],
-                    "privateKey": "", // 运行 `xray x25519` 生成
-                    "shortIds": [
-                        "",
-                        "0123456789abcdef"
-                    ]
-                }
-            },
-            "sniffing": {
-                "enabled": true,
-                "destOverride": [
-                    "http",
-                    "tls",
-                    "quic"
-                ],
-                "routeOnly": true
-            }
-        }
-    ],
-    "outbounds": [
-        {
-            "protocol": "freedom",
-            "tag": "direct"
-        },
-        {
-            "protocol": "blackhole",
-            "tag": "blcok"
-        }
-    ],
-    "routing": {
-        "rules": [
-            {
-                "inboundTag": [
-                    "dokodemo-in"
-                ],
-                // 重要，这个域名列表需要和 realitySettings 的 serverNames 保持一致
-                "domain": [
-                    "speed.cloudflare.com"
-                ],
-                "outboundTag": "direct"
-            },
-            {
-                "inboundTag": [
-                    "dokodemo-in"
-                ],
-                "outboundTag": "blcok"
-            }
-        ]
-    }
-}

VLESS-TLS-SplitHTTP-CaddyNginx/Caddyfile

@@ -1,5 +1,5 @@
 localhost:443 {
-	handle_path /split/* {
+	handle /split/* {
 		reverse_proxy http://127.0.0.1:1234
 	}
 }

VLESS-TLS-SplitHTTP-CaddyNginx/nginx.conf

@@ -2,21 +2,15 @@ server {
         listen 443 http2 ssl;
         listen [::]:443 http2 ssl;
 
-        index index.html;
-        root /var/www/html;
-        ssl_certificate /path/to/example.cer;
-        ssl_certificate_key /path/to/example.cer;
-        ssl_protocols TLSv1.2 TLSv1.3;
-        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+	index index.html;
+	root /var/www/html;
+	ssl_certificate /path/to/example.cer;
+	ssl_certificate_key /path/to/example.cer;
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 
-        # splithttp produces very noisy access logs, as it sends many HTTP
-        # requests and uses querystrings for padding. It is recommended to turn
-        # them off after setup, or use custom log formats to limit the amount
-        # of information.
-        # access_log off;
-
-        location /split/ {
-            proxy_pass http://127.0.0.1:1234/;
+        location /split {
+            proxy_pass http://127.0.0.1:1234;
             proxy_http_version 1.1;
             proxy_redirect off;
         }

VLESS-TLS-SplitHTTP-CaddyNginx/server.json

@@ -16,7 +16,10 @@
           "decryption": "none"
         },
         "streamSettings": {
-          "network": "splithttp"
+          "network": "splithttp",
+          "splithttpSettings": {
+            "path": "/split"
+          }
         },
         "sniffing": {
           "enabled": true,

VLESS-TLS-SplitHTTP-H3/README.md

@@ -1,12 +0,0 @@
-# VLESS-TLS-SplitHTTP-H3
-
-## 原理图：
-
-直连：Xray client <--- HTTP3 ---> Xray server
-
-配合 CDN 使用：Xray client <--- HTTP3 ---> CDN <--- HTTP2 or HTTP/1.1 ---> Xray server
-
-## 注意：
-
-默认配置仅支持客户端通过 HTTP3 直连服务端，如需和 CDN 一同使用，请参照注释修改服务端的 alpn。
-

VLESS-TLS-SplitHTTP-H3/client.jsonc

@@ -1,54 +0,0 @@
-{
-    "inbounds": [
-        {
-            "sniffing": {
-                "enabled": true,
-                "destOverride": [
-                    "http",
-                    "tls",
-                    "quic"
-                ]
-            },
-            "port": 10808,
-            "listen": "127.0.0.1",
-            "protocol": "socks",
-            "settings": {
-                "udp": true
-            }
-        }
-    ],
-    "outbounds": [
-        {
-            "protocol": "vless",
-            "settings": {
-                "vnext": [
-                    {
-                        "address": "example.com", // Change to your domain.
-                        "port": 443,
-                        "users": [
-                            {
-                                "id": "UUID", // Change to your UUID.
-                                "encryption": "none"
-                            }
-                        ]
-                    }
-                ]
-            },
-            "streamSettings": {
-                "network": "splithttp",
-                "security": "tls",
-                "splithttpSettings": {
-                    "path": "/splithttp",
-                    "host": "example.com" // Change to your domain.
-                },
-                "tlsSettings": {
-                    "serverName": "example.com", // Change to your domain.
-                    "alpn": [
-                        "h3"
-                    ]
-                }
-            }
-        }
-    ]
-}
-

VLESS-TLS-SplitHTTP-H3/server.jsonc

@@ -1,54 +0,0 @@
-{
-    "inbounds": [
-        {
-            "sniffing": {
-                "enabled": true,
-                "destOverride": [
-                    "http",
-                    "tls",
-                    "quic"
-                ]
-            },
-            "port": 443,
-            "listen": "0.0.0.0",
-            "protocol": "vless",
-            "settings": {
-                "clients": [
-                    {
-                        "id": "UUID" // Change to your UUID.
-                    }
-                ],
-                "decryption": "none"
-            },
-            "streamSettings": {
-                "network": "splithttp",
-                "security": "tls",
-                "splithttpSettings": {
-                    "path": "/splithttp",
-                    "host": "example.com" // Change to your domain.
-                },
-                "tlsSettings": {
-                    "rejectUnknownSni": true,
-                    "minVersion": "1.3",
-                    "alpn": [
-                        "h3" // If you want to use with CDN, you need to change alpn to ["h2", "http/1.1"].
-                    ],
-                    "certificates": [
-                        {
-                            "ocspStapling": 3600,
-                            "certificateFile": "/path/to/fullchain.pem", // Change to your fullchain file path.
-                            "keyFile": "/path/to/privkey.pem" // Change to your private key file path.
-                        }
-                    ]
-                }
-            }
-        }
-    ],
-    "outbounds": [
-        {
-            "tag": "direct",
-            "protocol": "freedom"
-        }
-    ]
-}
-

VLESS-WSS-Nginx/client.json

@@ -36,15 +36,14 @@
         "network": "ws",
         "security": "tls",
         "wsSettings": {
-          "path": "/Path2WS?ed=2560" //?ed=2560 前面填写你的 path
+          "path": "/Path2WS?ed=2048" //?ed=2048 前面填写你的 path
         },
         "tlsSettings": {
           "allowInsecure": false,
-          "serverName": "xx.com", //Equal to "SNI"
+          "serverName": "xx.com",  //Equal to "SNI"
           "fingerprint": "chrome" //"chrome" or "firefox"
-        }
       }
-    },
+    }},
     {
       "tag": "direct",
       "protocol": "freedom",
@@ -61,7 +60,9 @@
     "rules": [
       {
         "type": "field",
-        "ip": ["geoip:private"],
+        "ip": [
+          "geoip:private"
+        ],
         "outboundTag": "direct"
       }
     ]

VLESS-WSS-Nginx/nginx.conf

@@ -11,12 +11,12 @@ server {
 	ssl_protocols TLSv1.2 TLSv1.3;
 	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 	
-	# 在 location 后填写 /你的 path/
-	location /你的 path/ {
+	# 在 location 后填写 /你的 path
+	location /你的 path {
 	if ($http_upgrade != "websocket") {
 		return 404;
 	}
-        proxy_pass http://127.0.0.1:1234/;
+        proxy_pass http://127.0.0.1:1234;
 	proxy_redirect off;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;

VLESS-WSS-Nginx/server.json

@@ -16,7 +16,10 @@
         "decryption": "none"
       },
       "streamSettings": {
-        "network": "ws"
+        "network": "ws",
+        "wsSettings": {
+          "path": "/Path2WS" // 填写你的 path
+        }
       },
 			"sniffing": {
 				"enabled": true,

VMess-QUIC/client.json

@@ -0,0 +1,25 @@
+{
+ "protocol": "vmess",
+ "settings": {
+  "vnext": [
+   {
+    "address": "",
+    "port": 443, // 也可以用 8443 nginx 的默认 http3 端口 https://quic.nginx.org/readme.html
+    "users": [
+     {
+      "id": "",
+      "security": "zero"
+     }
+    ]
+   }
+  ]
+ },
+ "streamSettings": {
+  "network": "quic",
+  "quicSettings": {}, // 不使用伪装头和额外加密 原生 quic 流量特征
+  "security": "tls",
+  "tlsSettings": {
+   "servername": "*" //servername 必填 因为 quic 会验证 sni 否则不发包
+  }
+ }
+}

VMess-QUIC/server.json

@@ -0,0 +1,24 @@
+{
+ "port": 443,
+ "protocol": "vmess",
+ "settings": {
+  "clients": [
+   {
+    "id": ""
+   }
+  ]
+ },
+ "streamSettings": {
+  "network": "quic",
+  "quicSettings": {},
+  "security": "tls",
+  "tlsSettings": {
+   "certificates": [
+    {
+     "certificateFile": "fullchain.crt", // 使用真实证书
+     "keyFile": "private.key"
+    }
+   ]
+  }
+ }
+}