增加Trojan-TCP-XTLS配置 (#7)

* Add files via upload trojan的xtls配置设置服务端配置的minVersion和OCSP Stapling nginx.conf增加HSTS * Create Test * Delete Test * Create config_server.json * Create config_client.json * Create nginx.conf * Delete config_server.json * Delete config_client.json * Delete nginx.conf * Update nginx.conf * Update config_client.json * Update config_client.json * Update config_server.json * Update nginx.conf * Update config_server.json
2022-04-25 12:02:15 +08:00 · 2022-04-25 12:02:15 +08:00 · 2aad651777
parent eaa4be6186
commit 2aad651777
3 changed files with 164 additions and 0 deletions
--- a/Trojan-TCP-XTLS/config_client.json
+++ b/Trojan-TCP-XTLS/config_client.json
@ -0,0 +1,48 @@
+{
+    "log": {
+        "loglevel": "debug"
+    },
+    "inbounds": [
+        {
+            "port": 1080,
+            "listen": "127.0.0.1",
+            "protocol": "socks",
+            "settings": {
+                "udp": true
+            }
+        },
+        {
+            "port": 1081,
+            "protocol": "http",
+            "sniffing": {
+              "enabled": true,
+              "destOverride": ["http", "tls"]
+            },
+            "settings": {
+              "auth": "noauth"
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "trojan",
+            "settings": {
+                "servers": [
+                    {
+                        "address": "example.com",  // 你的域名或服务器 IP
+                        "flow": "xtls-rprx-direct",  // Linux 或安卓可改为 "xtls-rprx-splice"
+                        "port": 443,
+                        "password": "your_password"  // 你的密码
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "xtls",
+                "xtlsSettings": {
+                    "serverName": "example.com"  // 你的域名
+                }
+            }
+        }
+    ]
+}
--- a/Trojan-TCP-XTLS/config_server.json
+++ b/Trojan-TCP-XTLS/config_server.json
@ -0,0 +1,53 @@
+{
+    "log": {
+        "loglevel": "debug"
+    },
+    "inbounds": [
+        {
+            "port": 443,
+            "protocol": "trojan",
+            "settings": {
+                "clients": [
+                    {
+                        "password":"your_password",  // 密码
+                        "flow": "xtls-rprx-direct"
+                    }
+                ],
+                "fallbacks": [
+                    {
+                        "dest": "/dev/shm/default.sock",
+                        "xver": 1
+                    },
+                    {
+                        "alpn": "h2",
+                        "dest": "/dev/shm/h2c.sock",
+                        "xver": 1
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "xtls",
+                "xtlsSettings": {
+                    "alpn": [
+                        "http/1.1",
+                        "h2"
+                    ],
+                    "certificates": [
+                        {
+                            "certificateFile": "/path/to/cert",  // 证书文件绝对目录
+                            "keyFile": "/path/to/key",  // 密钥文件绝对目录
+                            "ocspStapling": 3600  // 验证周期 3600 秒
+                        }
+                    ],
+                    "minVersion": "1.2"  // 如果是ecc证书则最低使用 TLSv1.2 ，如果你不清楚证书类型或者不是 ecc 证书，删掉这行
+                }
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "freedom"
+        }
+    ]
+}
--- a/Trojan-TCP-XTLS/nginx.conf
+++ b/Trojan-TCP-XTLS/nginx.conf
@ -0,0 +1,63 @@
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for" '
+                      '$proxy_protocol_addr:$proxy_protocol_port';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+        #listen       80 default_server;
+        #listen       [::]:80 default_server;
+        listen       [::]:80 default ipv6only=off;
+        return       301 https://$http_host$request_uri;
+    }
+
+    server {
+        listen       unix:/dev/shm/default.sock proxy_protocol;
+        listen       unix:/dev/shm/h2c.sock http2 proxy_protocol;
+
+        # 把example.com换成你的域名
+        server_name  example.com;
+
+        root         /usr/share/nginx/html;
+
+        set_real_ip_from 127.0.0.1;
+
+
+        include /etc/nginx/default.d/*.conf;
+
+        # 开启 HSTS ，混 sslab 的 A+
+        add_header Strict-Transport-Security "max-age=63072000" always;
+
+        error_page 404 /404.html;
+            location = /40x.html {
+        }
+
+        error_page 500 502 503 504 /50x.html;
+            location = /50x.html {
+        }
+    }
+}