diff --git a/Nginx-TLS-V2Ray/Nginx.config b/Nginx-TLS-V2Ray/Nginx.config new file mode 100644 index 0000000..2341ed0 --- /dev/null +++ b/Nginx-TLS-V2Ray/Nginx.config @@ -0,0 +1,119 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + #listen 80 default_server; + listen 127.0.0.1:80; + #listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + server_name domain.Name; + return 301 https://$server_name/$request_uri; +} + + +server { + #listen 443 ssl http2; + #listen [::]:443 ssl; + listen 127.0.0.1:443 ssl; + ssl on; + ssl_certificate PATH; + ssl_certificate_key PATH; + #openssl dhparam out dhparam.pem 2048 + #openssl dhparam out dhparam.pem 4096 + ssl_dhparam /home/acme/data/dhparam.pem; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 5m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"; #屏蔽不安全的加密方式 + + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html index.php tail.html ; + + server_name _; + + + location /PATH/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + + if ($http_host = "domain.Name" ) { + proxy_pass http://127.0.0.1:10086; + } + } + + # pass PHP scripts to FastCGI server + # + location ~ \.php$ { + include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/Nginx-TLS-V2Ray/config_client.json b/Nginx-TLS-V2Ray/config_client.json new file mode 100644 index 0000000..d4952ca --- /dev/null +++ b/Nginx-TLS-V2Ray/config_client.json @@ -0,0 +1,143 @@ +{ + "outbound": { + "protocol": "freedom", + "settings": { }, + "tag": "direct" + }, + "inboundDetour": [ + { + "domainOverride": [ + "http", + "tls" + ], + "port": 1086, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "auth": "noauth", + "timeout": 300, + "udp": true + } + } + ], + "outboundDetour": [ + { + "mux": { + "concurrency": 6, + "enabled": true + }, + "protocol": "vmess", + "settings": { + "vnext": [ + { + "users": [ + { + "id": "97c0ec9c-dc4e-11e7-9296-cec278b6b50a", + "alterId": 0, + "security": "aes-128-cfb" + } + ], + "address": "domain.Name", + "port": 443 + } + ] + }, + "streamSettings": { + "tlsSettings": { + "allowInsecure": false + }, + "wsSettings": { + "headers": { + "Host": "domain.Name" + }, + "path": "/PATH/" + }, + "network": "ws", + "security": "tls" + }, + "tag": "proxy" + }, + { + "protocol": "blackhole", + "settings": { }, + "tag": "block" + } + ], + "dns": { + "servers": [ + "8.8.8.8", + "8.8.4.4" + ] + }, + "inbound": { + "port": 1087, + "listen": "127.0.0.1", + "protocol": "http", + "settings": { + "timeout": 300 + } + }, + "routing": { + "settings": { + "rules": [ + { + "type": "field", + "ip": [ + "geoip:cn" + ], + "outboundTag": "direct" + }, + { + "type": "field", + "domain": [ + "geosite:cn" + ], + "outboundTag": "direct" + }, + { + "type": "field", + "domain": [ + "google", + "facebook", + "youtube", + "twitter", + "instagram", + "gmail", + "domain:twimg.com", + "domain:t.co" + ], + "outboundTag": "proxy" + }, + { + "type": "field", + "ip": [ + "8.8.8.8/32", + "8.8.4.4/32", + "91.108.56.0/22", + "91.108.4.0/22", + "109.239.140.0/24", + "149.154.164.0/22", + "91.108.56.0/23", + "67.198.55.0/24", + "149.154.168.0/22", + "149.154.172.0/22" + ], + "outboundTag": "proxy" + }, + { + "type": "field", + "ip": [ + "192.168.0.0/16", + "10.0.0.0/8", + "172.16.0.0/12", + "127.0.0.0/8", + "geoip:cn" + ], + "outboundTag": "direct" + } + ], + "domainStrategy": "IPIfNonMatch" + }, + "strategy": "rules" + } +} diff --git a/Nginx-TLS-V2Ray/config_server.json b/Nginx-TLS-V2Ray/config_server.json new file mode 100644 index 0000000..c725de2 --- /dev/null +++ b/Nginx-TLS-V2Ray/config_server.json @@ -0,0 +1,77 @@ +{ + "log": { + "access": "/var/log/v2ray/access.log", + "error": "/var/log/v2ray/error.log", + //可能取值 "debug" "info" "warning" "error" 其中"debug"记录的数据最多,"error"记录的最少 "none"表示不记录任何内容 默认值为"warning" + "loglevel": "debug" + }, + "inbound": { + //默认值为"0.0.0.0" + "listen": "127.0.0.1", + "port": 10086, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "7f43b638-dc47-11e7-9296-cec278b6b50a", + "level": 0, + "alterId": 64 + } + ] + }, + "streamSettings": { + "network": "ws", + "security": "auto", + "wsSettings": { + "path": "/PATH/", + "connectionReuse": true, + "headers": { + "Host": "domain.Name" + } + } + }, + "mux": { + "enabled": true, + "concurrency": 64 + } + }, + "outbound": { + "protocol": "freedom", + "settings": { } + }, + "outboundDetour": [ + { + "protocol": "blackhole", + "settings": { }, + "tag": "blocked" + } + ], + "routing": { + "strategy": "rules", + "settings": { + "rules": [ + { + "type": "field", + "ip": [ + "0.0.0.0/8", + "10.0.0.0/8", + "100.64.0.0/10", + "127.0.0.0/8", + "169.254.0.0/16", + "172.16.0.0/12", + "192.0.0.0/24", + "192.0.2.0/24", + "192.168.0.0/16", + "198.18.0.0/15", + "198.51.100.0/24", + "203.0.113.0/24", + "::1/128", + "fc00::/7", + "fe80::/10" + ], + "outboundTag": "blocked" + } + ] + } + } +}