增加Trojan-TCP-XTLS配置 (#7)

* Add files via upload

trojan的xtls配置
设置服务端配置的minVersion和OCSP Stapling
nginx.conf增加HSTS

* Create Test

* Delete Test

* Create config_server.json

* Create config_client.json

* Create nginx.conf

* Delete config_server.json

* Delete config_client.json

* Delete nginx.conf

* Update nginx.conf

* Update config_client.json

* Update config_client.json

* Update config_server.json

* Update nginx.conf

* Update config_server.json
This commit is contained in:
OnlyCharacter 2022-04-25 12:02:15 +08:00 committed by GitHub
parent eaa4be6186
commit 2aad651777
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 164 additions and 0 deletions

View file

@ -0,0 +1,48 @@
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 1081,
"protocol": "http",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth"
}
}
],
"outbounds": [
{
"protocol": "trojan",
"settings": {
"servers": [
{
"address": "example.com", // IP
"flow": "xtls-rprx-direct", // Linux "xtls-rprx-splice"
"port": 443,
"password": "your_password" //
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "example.com" //
}
}
}
]
}

View file

@ -0,0 +1,53 @@
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"port": 443,
"protocol": "trojan",
"settings": {
"clients": [
{
"password":"your_password", //
"flow": "xtls-rprx-direct"
}
],
"fallbacks": [
{
"dest": "/dev/shm/default.sock",
"xver": 1
},
{
"alpn": "h2",
"dest": "/dev/shm/h2c.sock",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"http/1.1",
"h2"
],
"certificates": [
{
"certificateFile": "/path/to/cert", //
"keyFile": "/path/to/key", //
"ocspStapling": 3600 // 3600
}
],
"minVersion": "1.2" // ecc使 TLSv1.2 ecc
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}

View file

@ -0,0 +1,63 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$proxy_protocol_addr:$proxy_protocol_port';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
#listen 80 default_server;
#listen [::]:80 default_server;
listen [::]:80 default ipv6only=off;
return 301 https://$http_host$request_uri;
}
server {
listen unix:/dev/shm/default.sock proxy_protocol;
listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
# 把example.com换成你的域名
server_name example.com;
root /usr/share/nginx/html;
set_real_ip_from 127.0.0.1;
include /etc/nginx/default.d/*.conf;
# 开启 HSTS ,混 sslab A+
add_header Strict-Transport-Security "max-age=63072000" always;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}