mirror of
https://github.com/XTLS/Xray-examples.git
synced 2025-07-18 23:16:04 +08:00
7ad5f48c20
Changing them will result in incompatibility with old xray, and the related pr has not even been merged yet
90 lines
3.0 KiB
Nginx Configuration File
90 lines
3.0 KiB
Nginx Configuration File
# Restrict access to the website by IP or wrong domain name) and return 400
|
|
server {
|
|
listen unix:/dev/shm/h1.sock proxy_protocol default_server;
|
|
listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server;
|
|
set_real_ip_from unix:;
|
|
real_ip_header proxy_protocol;
|
|
server_name _;
|
|
return 400;
|
|
}
|
|
|
|
# HTTP1 UDS listener
|
|
server {
|
|
listen unix:/dev/shm/h1.sock proxy_protocol; # HTTP/1.1 server monitor process and enable PROXY protocol reception
|
|
set_real_ip_from unix:;
|
|
real_ip_header proxy_protocol;
|
|
server_name example.com behindcdn.com; # Change to your own domain name(s)
|
|
|
|
location / {
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
|
|
root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
|
|
index index.html index.htm;
|
|
}
|
|
}
|
|
|
|
# HTTP2 UDS listener
|
|
server {
|
|
listen unix:/dev/shm/h2c.sock http2 proxy_protocol; # H2C server monitor process and enable PROXY protocol reception
|
|
set_real_ip_from unix:;
|
|
real_ip_header proxy_protocol;
|
|
server_name example.com behindcdn.com; # Change to your own domain name(s) (don't forget to add the certificates to xray config)
|
|
|
|
# grpc settings
|
|
grpc_read_timeout 1h;
|
|
grpc_send_timeout 1h;
|
|
grpc_set_header X-Real-IP $remote_addr;
|
|
|
|
# Decoy website
|
|
location / {
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
|
|
root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
|
|
index index.html index.htm;
|
|
}
|
|
|
|
location /trgrpc { #corresponds to serviceName in trojan-grpc config of xray
|
|
# POST returns 404 when negotiation fails
|
|
if ($request_method != "POST") {
|
|
return 404;
|
|
}
|
|
client_body_buffer_size 1m;
|
|
client_body_timeout 1h;
|
|
client_max_body_size 0;
|
|
grpc_pass grpc://127.0.0.1:3001;
|
|
|
|
}
|
|
|
|
location /vlgrpc { # corresponds to serviceName in vless-grpc config of xray
|
|
# return 404 if HTTP Method is not POST
|
|
if ($request_method != "POST") {
|
|
return 404;
|
|
}
|
|
client_body_buffer_size 1m;
|
|
client_body_timeout 1h;
|
|
client_max_body_size 0;
|
|
grpc_pass grpc://127.0.0.1:3002;
|
|
|
|
}
|
|
|
|
location /vmgrpc { # corresponds to serviceName in vmess-grpc config of xray
|
|
# return 404 if HTTP Method is not POST
|
|
if ($request_method != "POST") {
|
|
return 404;
|
|
}
|
|
client_body_buffer_size 1m;
|
|
client_body_timeout 1h;
|
|
client_max_body_size 0;
|
|
grpc_pass grpc://127.0.0.1:3003;
|
|
|
|
}
|
|
|
|
location /ssgrpc { # corresponds to serviceName in shadowsocks-grpc config of xray
|
|
# return 404 if HTTP Method is not POST
|
|
if ($request_method != "POST") {
|
|
return 404;
|
|
}
|
|
client_body_buffer_size 1m;
|
|
client_body_timeout 1h;
|
|
client_max_body_size 0;
|
|
grpc_pass grpc://127.0.0.1:3004;
|
|
}
|
|
} |