luci-app-ssr-plus: add alpn settings

Fixes: #973

Signed-off-by: Tianling Shen <[email protected]>

luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua

@@ -688,6 +688,11 @@ o:depends("xtls", true)
 o:depends("type", "hysteria")
 o.rmempty = true
 
+o = s:option(DynamicList, "tls_alpn", translate("TLS ALPN"))
+o:depends("tls", true)
+o:depends("xtls", true)
+o.rmempty = true
+
 o = s:option(Value, "quic_tls_alpn", translate("QUIC TLS ALPN"))
 o:depends("type", "hysteria")
 o.rmempty = true

luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua

@@ -160,16 +160,26 @@ local Xray = {
 			security = (server.xtls == '1') and "xtls" or (server.tls == '1') and "tls" or nil,
 			tlsSettings = (server.tls == '1' and (server.insecure == "1" or server.tls_host or server.fingerprint)) and {
 				-- tls
+				alpn = server.tls_alpn,
 				fingerprint = server.fingerprint,
 				allowInsecure = (server.insecure == "1") and true or nil,
-				serverName = server.tls_host
+				serverName = server.tls_host,
+				certificates = server.certificate and {
+					usage = "verify",
+					certificateFile = server.certpath
+				} or nil
 			} or nil,
 			xtlsSettings = (server.xtls == '1' and (server.insecure == "1" or server.tls_host or server.fingerprint)) and {
 				-- xtls
+				alpn = server.tls_alpn,
 				fingerprint = server.fingerprint,
 				allowInsecure = (server.insecure == "1") and true or nil,
 				serverName = server.tls_host,
-				minVersion = "1.3"
+				minVersion = "1.3",
+				certificates = server.certificate and {
+					usage = "verify",
+					certificateFile = server.certpath
+				} or nil
 			} or nil,
 			tcpSettings = (server.transport == "tcp" and server.tcp_guise == "http") and {
 				-- tcp
@@ -255,7 +265,7 @@ local trojan = {
 		cipher = cipher,
 		cipher_tls13 = cipher13,
 		sni = server.tls_host,
-		alpn = {"h2", "http/1.1"},
+		alpn = server.tls_alpn or {"h2", "http/1.1"},
 		curve = "",
 		reuse_session = true,
 		session_ticket = (server.tls_sessionTicket == "1") and true or false