From 7d3abd2153ffd1e1715c4eff890b891e3a91469d Mon Sep 17 00:00:00 2001 From: Sakaizd <78135608+N1klaz@users.noreply.github.com> Date: Thu, 30 Jun 2022 16:25:03 +0800 Subject: [PATCH] add reverse proxy examples fix address add reverse proxy examples --- ReverseProxy/README.md | 21 ++++++++ ReverseProxy/Shadowsocks-2022/bridge.json | 58 ++++++++++++++++++++ ReverseProxy/Shadowsocks-2022/client.json | 49 +++++++++++++++++ ReverseProxy/Shadowsocks-2022/protal.json | 54 +++++++++++++++++++ ReverseProxy/Vmess-TCP/bridge.json | 61 +++++++++++++++++++++ ReverseProxy/Vmess-TCP/client.json | 60 +++++++++++++++++++++ ReverseProxy/Vmess-TCP/protal.json | 64 +++++++++++++++++++++++ 7 files changed, 367 insertions(+) create mode 100644 ReverseProxy/README.md create mode 100644 ReverseProxy/Shadowsocks-2022/bridge.json create mode 100644 ReverseProxy/Shadowsocks-2022/client.json create mode 100644 ReverseProxy/Shadowsocks-2022/protal.json create mode 100644 ReverseProxy/Vmess-TCP/bridge.json create mode 100644 ReverseProxy/Vmess-TCP/client.json create mode 100644 ReverseProxy/Vmess-TCP/protal.json diff --git a/ReverseProxy/README.md b/ReverseProxy/README.md new file mode 100644 index 0000000..d362988 --- /dev/null +++ b/ReverseProxy/README.md @@ -0,0 +1,21 @@ +# 反向代理 +# 原理 +Xray Client <--- VMESS/SS ---> Xray Protal(需要公网 IP) <--- VMESS/SS ---> Xray Bridge +# 说明 +配置中,内网设备使用的配置为 `bridge.json`,有公网 ip 的设备使用 `protal.json`,通过`protal`连接到内网的设备使用`client.json`。 + +实际应用中,可以使用`VMESS-TCP、Shadowsocks-2022`等作为Xray Client 到 Xray Protal、Xray Bridge 到 Xray Protal 的传输协议。 + +## psk + +Shadowsocks 2022 使用与 WireGuard 类似的预共享密钥作为密码。 + +使用 `openssl rand -base64 <长度>` 以生成与 shadowsocks-rust 兼容的密钥,长度取决于所使用的加密方法。 + +| 加密方法 | 密钥长度 | +|-------------------------------|-----:| +| 2022-blake3-aes-128-gcm | 16 | +| 2022-blake3-aes-256-gcm | 32 | +| 2022-blake3-chacha20-poly1305 | 32 | + +在 Go 实现中,32 位密钥始终工作。 \ No newline at end of file diff --git a/ReverseProxy/Shadowsocks-2022/bridge.json b/ReverseProxy/Shadowsocks-2022/bridge.json new file mode 100644 index 0000000..4119524 --- /dev/null +++ b/ReverseProxy/Shadowsocks-2022/bridge.json @@ -0,0 +1,58 @@ +{ + "log": { + "loglevel": "warning" + }, + "reverse": { + "bridges": [ + { + "tag": "bridge", + "domain": "reverse.proxy" + } + ] + }, + "outbounds": [ + { + "tag": "interconn", + "protocol": "shadowsocks", + "settings": { + "servers": [ + { + "address": "{{ protal.address }}", + "port": 65510, + "method": "2022-blake3-aes-256-gcm", + "password": "{{ psk interconn }}" + } + ] + }, + "streamSettings": { + "network": "tcp" + } + }, + { + "protocol": "freedom", + "settings": {}, + "tag": "out" + } + ], + "routing": { + "rules": [ + { + "type": "field", + "inboundTag": [ + "bridge" + ], + "domain": [ + "full:reverse.proxy" + ], + "outboundTag": "interconn" + }, + { + "type": "field", + "inboundTag": [ + "bridge" + ], + "outboundTag": "out" + } + ] + } +} \ No newline at end of file diff --git a/ReverseProxy/Shadowsocks-2022/client.json b/ReverseProxy/Shadowsocks-2022/client.json new file mode 100644 index 0000000..569a1b6 --- /dev/null +++ b/ReverseProxy/Shadowsocks-2022/client.json @@ -0,0 +1,49 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "IPIfNonMatch", + "domainMatcher": "mph", + "rules": [ + { + "type": "field", + "port": "0-65535", + "outboundTag": "proxy", + "enabled": true + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "2080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "2081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "shadowsocks", + "settings": { + "servers": [ + { + "address": "{{ protal.address }}", + "port": 65511, + "method": "2022-blake3-aes-256-gcm", + "password": "{{ psk external }}" + } + ] + } + } + ] +} \ No newline at end of file diff --git a/ReverseProxy/Shadowsocks-2022/protal.json b/ReverseProxy/Shadowsocks-2022/protal.json new file mode 100644 index 0000000..3877a7a --- /dev/null +++ b/ReverseProxy/Shadowsocks-2022/protal.json @@ -0,0 +1,54 @@ +{ + "log": { + "loglevel": "warning" + }, + "reverse": { + "portals": [ + { + "tag": "portal", + "domain": "reverse.proxy" + } + ] + }, + "inbounds": [ + { + "tag": "external", + "port": 65511, + "protocol": "shadowsocks", + "settings": { + "method": "2022-blake3-aes-256-gcm", + "password": "{{ psk external }}", + "network": "tcp,udp" + } + }, + { + "tag": "interconn", + "port": 65510, + "protocol": "shadowsocks", + "settings": { + "method": "2022-blake3-aes-256-gcm", + "password": "{{ psk interconn }}", + "network": "tcp,udp" + } + } + ], + "routing": { + "rules": [ + { + "type": "field", + "inboundTag": [ + "external" + ], + "outboundTag": "portal" + }, + { + "type": "field", + "inboundTag": [ + "interconn" + ], + "domain": [], + "outboundTag": "portal" + } + ] + } +} \ No newline at end of file diff --git a/ReverseProxy/Vmess-TCP/bridge.json b/ReverseProxy/Vmess-TCP/bridge.json new file mode 100644 index 0000000..5e29a04 --- /dev/null +++ b/ReverseProxy/Vmess-TCP/bridge.json @@ -0,0 +1,61 @@ +{ + "log": { + "loglevel": "warning" + }, + "reverse": { + "bridges": [ + { + "tag": "bridge", + "domain": "reverse.proxy" + } + ] + }, + "outbounds": [ + { + "tag": "interconn", + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "{{ protal.address }}", + "port": 65510, + "users": [ + { + "id": "{{ uuid }}" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp" + } + }, + { + "protocol": "freedom", + "settings": {}, + "tag": "out" + } + ], + "routing": { + "rules": [ + { + "type": "field", + "inboundTag": [ + "bridge" + ], + "domain": [ + "full:reverse.proxy" + ], + "outboundTag": "interconn" + }, + { + "type": "field", + "inboundTag": [ + "bridge" + ], + "outboundTag": "out" + } + ] + } +} \ No newline at end of file diff --git a/ReverseProxy/Vmess-TCP/client.json b/ReverseProxy/Vmess-TCP/client.json new file mode 100644 index 0000000..c3fecf8 --- /dev/null +++ b/ReverseProxy/Vmess-TCP/client.json @@ -0,0 +1,60 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "IPIfNonMatch", + "domainMatcher": "mph", + "rules": [ + { + "type": "field", + "port": "0-65535", + "outboundTag": "proxy", + "enabled": true + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "2080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "2081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "{{ protal.address }}", + "port": 65511, + "users": [ + { + "id": "{{ uuid }}" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp" + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} \ No newline at end of file diff --git a/ReverseProxy/Vmess-TCP/protal.json b/ReverseProxy/Vmess-TCP/protal.json new file mode 100644 index 0000000..3529ed6 --- /dev/null +++ b/ReverseProxy/Vmess-TCP/protal.json @@ -0,0 +1,64 @@ +{ + "log": { + "loglevel": "warning" + }, + "reverse": { + "portals": [ + { + "tag": "portal", + "domain": "reverse.proxy" + } + ] + }, + "inbounds": [ + { + "tag": "external", + "port": 65511, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "{{ uuid }}" + } + ] + }, + "streamSettings": { + "network": "tcp" + } + }, + { + "tag": "interconn", + "port": 65510, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "{{ uuid }}" + } + ] + }, + "streamSettings": { + "network": "tcp" + } + } + ], + "routing": { + "rules": [ + { + "type": "field", + "inboundTag": [ + "external" + ], + "outboundTag": "portal" + }, + { + "type": "field", + "inboundTag": [ + "interconn" + ], + "domain": [], + "outboundTag": "portal" + } + ] + } +} \ No newline at end of file