Halaman utama Jelajahi Bantuan
Daftar Masuk
Apq
/
v2ray-examples
cermin dari https://github.com/v2fly/v2ray-examples.git
1
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

Merge pull request #3 from q158073378252010/2017.12.09

add websocket-Nginx-TLS
KiriKira 8 tahun lalu
induk
64e9d06a87 2a3cdb20b3
melakukan
8b41973bf2
3 mengubah file dengan 339 tambahan dan 0 penghapusan
Unified View Tampilkan Statistik Diff
  1. 119 0
      Nginx-TLS-V2Ray/Nginx.config
  2. 143 0
      Nginx-TLS-V2Ray/config_client.json
  3. 77 0
      Nginx-TLS-V2Ray/config_server.json

+ 119 - 0
Nginx-TLS-V2Ray/Nginx.config
Tampilan Berkas 

@@ -0,0 +1,119 @@
 
+##
 
+# You should look at the following URL's in order to grasp a solid understanding
 
+# of Nginx configuration files in order to fully unleash the power of Nginx.
 
+# https://www.nginx.com/resources/wiki/start/
 
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
 
+# https://wiki.debian.org/Nginx/DirectoryStructure
 
+#
 
+# In most cases, administrators will remove this file from sites-enabled/ and
 
+# leave it as reference inside of sites-available where it will continue to be
 
+# updated by the nginx packaging team.
 
+#
 
+# This file will automatically load configuration files provided by other
 
+# applications, such as Drupal or Wordpress. These applications will be made
 
+# available underneath a path with that package name, such as /drupal8.
 
+#
 
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
 
+##
 
+
 
+# Default server configuration
 
+#
 
+server {
 
+	#listen 80 default_server;
 
+	listen 127.0.0.1:80;
 
+	#listen [::]:80 default_server;
 
+
 
+	# SSL configuration
 
+	#
 
+	# listen 443 ssl default_server;
 
+	# listen [::]:443 ssl default_server;
 
+	#
 
+	# Note: You should disable gzip for SSL traffic.
 
+	# See: https://bugs.debian.org/773332
 
+	#
 
+	# Read up on ssl_ciphers to ensure a secure configuration.
 
+	# See: https://bugs.debian.org/765782
 
+	#
 
+	# Self signed certs generated by the ssl-cert package
 
+	# Don't use them in a production server!
 
+	#
 
+	# include snippets/snakeoil.conf;
 
+  
+	server_name domain.Name;
 
+	return 301 https://$server_name/$request_uri;
 
+}
 
+
 
+
 
+server {
 
+	#listen 443 ssl http2;
 
+	#listen [::]:443 ssl;
 
+	listen 127.0.0.1:443 ssl;
 
+	ssl on;
 
+	ssl_certificate PATH;
 
+	ssl_certificate_key PATH;
 
+	#openssl dhparam out dhparam.pem 2048
 
+	#openssl dhparam out dhparam.pem 4096
 
+	ssl_dhparam /home/acme/data/dhparam.pem;
 
+	ssl_session_cache shared:SSL:10m;
 
+	ssl_session_timeout  5m;
 
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
+	ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"; #屏蔽不安全的加密方式
 
+
 
+
 
+	root /var/www/html;
 
+
 
+	# Add index.php to the list if you are using PHP
 
+	index index.html index.htm index.nginx-debian.html index.php tail.html ;
 
+
 
+	server_name _;
 
+
 
+
 
+	location /PATH/ {
 
+		proxy_http_version 1.1;
 
+		proxy_set_header Upgrade $http_upgrade;
 
+		proxy_set_header Connection "upgrade";
 
+		proxy_set_header Host $http_host;
 
+		
+		if ($http_host = "domain.Name" ) {
 
+			proxy_pass http://127.0.0.1:10086;
 
+			}
 
+	}
 
+	
+	# pass PHP scripts to FastCGI server
 
+	#
 
+	location ~ \.php$ {
 
+		include snippets/fastcgi-php.conf;
 
+	#
 
+	#	# With php-fpm (or other unix sockets):
 
+		fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
 
+	#	# With php-cgi (or other tcp sockets):
 
+	#	fastcgi_pass 127.0.0.1:9000;
 
+	}
 
+
 
+	# deny access to .htaccess files, if Apache's document root
 
+	# concurs with nginx's one
 
+	#
 
+	#location ~ /\.ht {
 
+	#	deny all;
 
+	#}
 
+}
 
+
 
+
 
+# Virtual Host configuration for example.com
 
+#
 
+# You can move that to a different file under sites-available/ and symlink that
 
+# to sites-enabled/ to enable it.
 
+#
 
+#server {
 
+#	listen 80;
 
+#	listen [::]:80;
 
+#
 
+#	server_name example.com;
 
+#
 
+#	root /var/www/example.com;
 
+#	index index.html;
 
+#
 
+#	location / {
 
+#		try_files $uri $uri/ =404;
 
+#	}
 
+#}

+ 143 - 0
Nginx-TLS-V2Ray/config_client.json
Tampilan Berkas 

@@ -0,0 +1,143 @@
 
+{
 
+  "outbound": {
 
+    "protocol": "freedom", 
+    "settings": { }, 
+    "tag": "direct"
 
+  }, 
+  "inboundDetour": [
 
+    {
 
+      "domainOverride": [
 
+        "http", 
+        "tls"
 
+      ], 
+      "port": 1086, 
+      "listen": "127.0.0.1", 
+      "protocol": "socks", 
+      "settings": {
 
+        "auth": "noauth", 
+        "timeout": 300, 
+        "udp": true
 
+      }
 
+    }
 
+  ], 
+  "outboundDetour": [
 
+    {
 
+      "mux": {
 
+        "concurrency": 6, 
+        "enabled": true
 
+      }, 
+      "protocol": "vmess", 
+      "settings": {
 
+        "vnext": [
 
+          {
 
+            "users": [
 
+              {
 
+                "id": "97c0ec9c-dc4e-11e7-9296-cec278b6b50a", 
+                "alterId": 0, 
+                "security": "aes-128-cfb"
 
+              }
 
+            ], 
+            "address": "domain.Name", 
+            "port": 443
 
+          }
 
+        ]
 
+      }, 
+      "streamSettings": {
 
+        "tlsSettings": {
 
+          "allowInsecure": false
 
+        }, 
+        "wsSettings": {
 
+          "headers": {
 
+            "Host": "domain.Name"
 
+          }, 
+          "path": "/PATH/"
 
+        }, 
+        "network": "ws", 
+        "security": "tls"
 
+      }, 
+      "tag": "proxy"
 
+    }, 
+    {
 
+      "protocol": "blackhole", 
+      "settings": { }, 
+      "tag": "block"
 
+    }
 
+  ], 
+  "dns": {
 
+    "servers": [
 
+      "8.8.8.8", 
+      "8.8.4.4"
 
+    ]
 
+  }, 
+  "inbound": {
 
+    "port": 1087, 
+    "listen": "127.0.0.1", 
+    "protocol": "http", 
+    "settings": {
 
+      "timeout": 300
 
+    }
 
+  }, 
+  "routing": {
 
+    "settings": {
 
+      "rules": [
 
+        {
 
+          "type": "field", 
+          "ip": [
 
+            "geoip:cn"
 
+          ], 
+          "outboundTag": "direct"
 
+        }, 
+        {
 
+          "type": "field", 
+          "domain": [
 
+            "geosite:cn"
 
+          ], 
+          "outboundTag": "direct"
 
+        }, 
+        {
 
+          "type": "field", 
+          "domain": [
 
+            "google", 
+            "facebook", 
+            "youtube", 
+            "twitter", 
+            "instagram", 
+            "gmail", 
+            "domain:twimg.com", 
+            "domain:t.co"
 
+          ], 
+          "outboundTag": "proxy"
 
+        }, 
+        {
 
+          "type": "field", 
+          "ip": [
 
+            "8.8.8.8/32", 
+            "8.8.4.4/32", 
+            "91.108.56.0/22", 
+            "91.108.4.0/22", 
+            "109.239.140.0/24", 
+            "149.154.164.0/22", 
+            "91.108.56.0/23", 
+            "67.198.55.0/24", 
+            "149.154.168.0/22", 
+            "149.154.172.0/22"
 
+          ], 
+          "outboundTag": "proxy"
 
+        }, 
+        {
 
+          "type": "field", 
+          "ip": [
 
+            "192.168.0.0/16", 
+            "10.0.0.0/8", 
+            "172.16.0.0/12", 
+            "127.0.0.0/8", 
+            "geoip:cn"
 
+          ], 
+          "outboundTag": "direct"
 
+        }
 
+      ], 
+      "domainStrategy": "IPIfNonMatch"
 
+    }, 
+    "strategy": "rules"
 
+  }
 
+}

+ 77 - 0
Nginx-TLS-V2Ray/config_server.json
Tampilan Berkas 

@@ -0,0 +1,77 @@
 
+{
 
+  "log": {
 
+    "access": "/var/log/v2ray/access.log", 
+    "error": "/var/log/v2ray/error.log", 
+    //可能取值 "debug" "info" "warning" "error" 其中"debug"记录的数据最多,"error"记录的最少 "none"表示不记录任何内容 默认值为"warning"
 
+    "loglevel": "debug" 
+  }, 
+  "inbound": {
 
+    //默认值为"0.0.0.0"
 
+    "listen": "127.0.0.1", 
+    "port": 10086, 
+    "protocol": "vmess", 
+    "settings": {
 
+      "clients": [
 
+        {
 
+          "id": "7f43b638-dc47-11e7-9296-cec278b6b50a", 
+          "level": 0, 
+          "alterId": 64
 
+        }
 
+      ]
 
+    }, 
+    "streamSettings": {
 
+      "network": "ws", 
+      "security": "auto", 
+      "wsSettings": {
 
+        "path": "/PATH/", 
+        "connectionReuse": true, 
+        "headers": {
 
+          "Host": "domain.Name"
 
+        }
 
+      }
 
+    }, 
+    "mux": {
 
+      "enabled": true, 
+      "concurrency": 64
 
+    }
 
+  }, 
+  "outbound": {
 
+    "protocol": "freedom", 
+    "settings": { }
 
+  }, 
+  "outboundDetour": [
 
+    {
 
+      "protocol": "blackhole", 
+      "settings": { }, 
+      "tag": "blocked"
 
+    }
 
+  ], 
+  "routing": {
 
+    "strategy": "rules", 
+    "settings": {
 
+      "rules": [
 
+        {
 
+          "type": "field", 
+          "ip": [
 
+            "0.0.0.0/8", 
+            "10.0.0.0/8", 
+            "100.64.0.0/10", 
+            "127.0.0.0/8", 
+            "169.254.0.0/16", 
+            "172.16.0.0/12", 
+            "192.0.0.0/24", 
+            "192.0.2.0/24", 
+            "192.168.0.0/16", 
+            "198.18.0.0/15", 
+            "198.51.100.0/24", 
+            "203.0.113.0/24", 
+            "::1/128", 
+            "fc00::/7", 
+            "fe80::/10"
 
+          ], 
+          "outboundTag": "blocked"
 
+        }
 
+      ]
 
+    }
 
+  }
 
+}