mirror of
https://github.com/XTLS/Xray-examples.git
synced 2024-11-22 00:21:29 +00:00
Added more combinations to All-in-One (#107)
* Added H2 for all protocols, SS-WS and SS-TCP * added more comments to fallbacks * update README.md * added client link examples * update README.md * update README.md * update README * update README * typo in domain name * Switched to latest VISION flow - block private address access by default * clean up nginx.conf * added client configurations * fixed typo in README.md * client/server UUID mismatch
This commit is contained in:
parent
648e771c00
commit
e374ba0925
|
@ -1,41 +1,75 @@
|
||||||
# Xray - All-in-one Configuration + Nginx(decoy website)
|
# Xray - All-in-one Configuration + Nginx(decoy website)
|
||||||
|
|
||||||
The configuration uses xray's `fallbacks` feature to enable these combinations at the same time on port 443:
|
The configuration uses xray's `fallbacks` feature to enable these **Protocol-Transport** combinations at the same time on port 443:
|
||||||
* HTTPS:443
|
* HTTPS:443
|
||||||
* Trojan-TCP-TLS
|
* Trojan-TCP-TLS
|
||||||
* Trojan-WS-TLS
|
* Trojan-WS-TLS
|
||||||
* Trojan-gRPC-TLS
|
* Trojan-gRPC-TLS
|
||||||
* Trojan-TCP-XTLS(flow: xtls-rprx-direct)
|
* Trojan-H2-TLS
|
||||||
|
* Vless-TCP-XTLS(flow: xtls-rprx-vision)
|
||||||
* Vless-TCP-TLS
|
* Vless-TCP-TLS
|
||||||
* Vless-WS-TLS
|
* Vless-WS-TLS
|
||||||
* Vless-gRPC-TLS
|
* Vless-gRPC-TLS
|
||||||
|
* Vless-H2-TLS
|
||||||
* VMESS-TCP-TLS
|
* VMESS-TCP-TLS
|
||||||
* VMESS-WS-TLS
|
* VMESS-WS-TLS
|
||||||
* VMESS-gRPC-TLS
|
* VMESS-gRPC-TLS
|
||||||
|
* VMESS-H2-TLS
|
||||||
|
* ShadowSocks-TCP-TLS
|
||||||
|
* ShadowSocks-WS-TLS
|
||||||
* ShadowSocks-gRPC
|
* ShadowSocks-gRPC
|
||||||
|
* ShadowSocks-H2-TLS
|
||||||
|
|
||||||
Nginx is used to serve a decory website and route gRPC traffic.
|
[Fallback](https://xtls.github.io/config/features/fallback.html) feature enables an inbound to forward the incoming request to another inbound or another process.
|
||||||
|
|
||||||
|
Nginx is used to serve a decoy website to avoid active probing. It's also used to route gRPC traffic(grpc_pass).
|
||||||
|
|
||||||
## How it works?
|
## How it works?
|
||||||
The Trojan-TCP-XTLS is the HTTPS entrypoint. For every incoming request after doing TLS-Termination, based on the **Path** or **ALPN type**, the request is passed to another sub-config. For example:
|
The Vless-TCP-XTLS is the HTTPS entrypoint. For every incoming request after doing TLS-Termination, based on the **Path**, **SNI** or **ALPN type**, the request is passed to another inbound(sub-config). For example:
|
||||||
* If the **Path=/vlessws**, the request is passed to **@vless-ws** sub-config.
|
* If the **Path=/vlessws**, the request is passed to **@vless-ws** inbound.
|
||||||
* If the **Path=/vmtc**, the request is passed to **@vmess-tcp**.
|
* If the **Path=/vmtc**, the request is passed to **@vmess-tcp**.
|
||||||
|
|
||||||
|
* If **ALPN=HTTP2** and at the same time the **SNI=trh2o.example.com** then the request is passed to **@trojan-h2**.
|
||||||
* In case of **ALPN=HTTP2**, it's first passed to **@trojan-tcp**. In trojan-tcp, if if it's not a valid request(for example the trojan password is wrong), another fallback is set, to once more pass the request to Nginx HTTP2 Unix Domain Socket and a decory website is served. When the request is using HTTP2, it could also be gRPC, so that is also checked in Nginx. This is how a VMESS-gRPC request is processed:
|
* In case of **ALPN=HTTP2**, it's first passed to **@trojan-tcp**. In trojan-tcp, if if it's not a valid request(for example the trojan password is wrong), another fallback is set, to once more pass the request to Nginx HTTP2 Unix Domain Socket and a decory website is served. When the request is using HTTP2, it could also be gRPC, so that is also checked in Nginx. This is how a VMESS-gRPC request is processed:
|
||||||
|
|
||||||
VMESS-gRPC Request ------> Xray Trojan-TCP-XTLS(443) ----**alpn=h2**----> fallback to xray trojan-tcp ------> fallback to nginx /dev/shm/h2c.sock ---**path=/vmgrpc**---> grpc_pass to xray vmess-gRPC listener on 127.0.0.1:3003
|
VMESS-gRPC Request ------> Xray Vless-TCP-XTLS(443) ----**alpn=h2**----> fallback to xray trojan-tcp ------> fallback to nginx /dev/shm/h2c.sock ---**path=/vmgrpc**---> grpc_pass to xray vmess-gRPC listener on 127.0.0.1:3003
|
||||||
|
|
||||||
## What to change before use?
|
## What to change before use?
|
||||||
* Xray server.json
|
* Xray server.json
|
||||||
* **SSL Certificates and keys** absolute paths in Trojan-TCP-XTLS
|
* **SSL Certificates and keys** absolute paths in Vless-TCP-XTLS (`inbounds[0].streamSettings.xtlsSettings.certificates`)
|
||||||
* **Password** of Trojan and ShadowSocks configs
|
* **Password** of Trojan and ShadowSocks configs
|
||||||
* **UUID** of Vless and VMESS configs
|
* **UUID** of Vless and VMESS configs
|
||||||
* **(Optional)** Path of all sub-configs. For **Websocket**->`wsSettings.path`, for **TCP**->`tcpSettings.header.request.path` and for **gRPC**->`grpcSettings.serviceName`.
|
* **(Optional)** Path of all sub-configs. For **Websocket**-->`wsSettings.path`, for **TCP**-->`tcpSettings.header.request.path`, for **gRPC**-->`grpcSettings.serviceName` and for **H2**-->`httpSettings.path`.
|
||||||
|
* **(Optional)** The SNIs of H2 fallbacks (`inbounds[0].settings.fallbacks.[].name`) could also be changed but they should be consistent between client and server. (Read the notes on HTTP2 inbounds)
|
||||||
|
|
||||||
* Nginx nginx.conf
|
* Nginx nginx.conf
|
||||||
* Domain names
|
* Domain names
|
||||||
* **(Optional)** If gRPC serviceNames are changed server.json, they **should** also be changed in Nginx config
|
* **(Optional)** If gRPC serviceNames are changed in server.json, they **should** also be changed in Nginx config
|
||||||
|
|
||||||
|
|
||||||
## Notes:
|
## Notes:
|
||||||
* Tested with **Xray 1.6.1** (Xray, Penetrates Everything.) Custom (go1.19.2 linux/amd64)
|
* Tested with **Xray 1.7.0** (Xray, Penetrates Everything.) Custom (go1.19.4 linux/amd64)
|
||||||
* For a little better performance, a DNS Cache could be setup (on 127.0.0.53 in this case) and used for resolving DNS queries. To enable xray to use it uncomment the corresponding rule from the `routing.settings.rules` in server.json.
|
* For a little better performance, a DNS Cache could be setup (on 127.0.0.53 in this case) and used for resolving DNS queries. To enable xray to use it uncomment the corresponding rule from the `routing.settings.rules` in server.json.
|
||||||
* Multiple domains could be used at the same time, including domains behind cloudflare CDN. (For cloudflare, make sure websocket and gRPC are enabled in Network section). In this configuration these domains are **example.com** and **behindcdn.com**
|
* Multiple domains could be used at the same time, including domains behind cloudflare CDN. (For cloudflare, make sure websocket and gRPC are enabled in Network section). In this configuration these domains are **example.com** and **behindcdn.com**
|
||||||
|
* HTTP2 inbounds (Trojan-H2, Vless-H2, VMESS-H2 and ShadowSocks-H2)
|
||||||
|
* [HTTP2 Transport does not support fallback based on `path`](https://xtls.github.io/config/transports/h2.html#http-2). That's why SNI is used instead.
|
||||||
|
* It's possible to create a CNAME dns record for all the H2 SNIs and use that as the address of the client config without setting custom SNI on client but it's optinal.
|
||||||
|
|
||||||
|
* It is assumed that the **example.com** domain has a **wildcard certificate**. If it's **not** a wildcard certificate or if it's a self-signed certificate, then `streamSettings.tlsSettings.allowInsecure` in the **client configuration** must be `true`.
|
||||||
|
|
||||||
|
|
||||||
|
## Client link examples
|
||||||
|
|
||||||
|
| Combination | Link |
|
||||||
|
| ----------- | ---- |
|
||||||
|
| Trojan-TCP | `trojan://desdemona99@example.com:443?security=tls&type=tcp#Trojan-TCP` |
|
||||||
|
| Trojan-WS | `trojan://desdemona99@example.com:443?security=tls&type=ws&path=/trojanws#Trojna-WS` |
|
||||||
|
| Trojan-gRPC | `trojan://desdemona99@example.com:443?security=tls&type=grpc&serviceName=trgrpc#Trojan-gRPC` |
|
||||||
|
| Trojan-H2 | `trojan://desdemona99@example.com:443?sni=trh2o.example.com&security=tls&type=http&path=/trh2#Trojan-H2` |
|
||||||
|
| Vless-TCP | `vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?security=tls&type=tcp#Vless-TCP` |
|
||||||
|
| Vless-WS | `vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?security=tls&type=ws&path=/vlws#Vless-WS` |
|
||||||
|
| Vless-gRPC | `vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?security=tls&type=grpc&serviceName=vlgrpc#Vless-gRPC` |
|
||||||
|
| Vless-H2 | `vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?sni=vlh2o.example.com&security=tls&type=http&path=/vlh2#Vless-H2` |
|
||||||
|
| VMESS-TCP | `vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJ0Y3AiLAogICAgInBhdGgiOiAiL3ZtdGMiLAogICAgInBvcnQiOiAiNDQzIiwKICAgICJwcyI6ICJWTUVTUy1UQ1AiLAogICAgInNjeSI6ICJub25lIiwKICAgICJzbmkiOiAiIiwKICAgICJ0bHMiOiAidGxzIiwKICAgICJ0eXBlIjogImh0dHAiLAogICAgInYiOiAiMiIKfQo=` |
|
||||||
|
| VMESS-WS | `vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJ3cyIsCiAgICAicGF0aCI6ICIvdm13cyIsCiAgICAicG9ydCI6ICI0NDMiLAogICAgInBzIjogIlZNRVNTLVdTIiwKICAgICJzY3kiOiAibm9uZSIsCiAgICAic25pIjogIiIsCiAgICAidGxzIjogInRscyIsCiAgICAidHlwZSI6ICIiLAogICAgInYiOiAiMiIKfQo=` |
|
||||||
|
| VMESS-gRPC | `vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJncnBjIiwKICAgICJwYXRoIjogInZtZ3JwYyIsCiAgICAicG9ydCI6ICI0NDMiLAogICAgInBzIjogIlZNRVNTLWdSUEMiLAogICAgInNjeSI6ICJub25lIiwKICAgICJzbmkiOiAiIiwKICAgICJ0bHMiOiAidGxzIiwKICAgICJ0eXBlIjogImh0dHAiLAogICAgInYiOiAiMiIKfQo=` |
|
||||||
|
| VMESS-H2 | `vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJodHRwIiwKICAgICJwYXRoIjogIi92bWgyIiwKICAgICJwb3J0IjogIjQ0MyIsCiAgICAicHMiOiAiVk1FU1MtSDIiLAogICAgInNjeSI6ICJub25lIiwKICAgICJzbmkiOiAidm1oMm8uZXhhbXBsZS5jb20iLAogICAgInRscyI6ICJ0bHMiLAogICAgInR5cGUiOiAiaHR0cCIsCiAgICAidiI6ICIyIgp9Cg==` |
|
|
@ -0,0 +1,43 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "shadowsocks",
|
||||||
|
"settings": {
|
||||||
|
"servers": [
|
||||||
|
{
|
||||||
|
"address": "example.com", // Change to you own domain
|
||||||
|
"port": 443,
|
||||||
|
"method": "chacha20-ietf-poly1305",
|
||||||
|
"password": "desdemona99" // Change to you own password
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "http",
|
||||||
|
"httpSettings": {
|
||||||
|
"path": "/ssh2"
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome",
|
||||||
|
"alpn": ["h2"],
|
||||||
|
"serverName": "ssh2o.example.com" // Change to ssh2o.yourdomain.tld
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,46 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "shadowsocks",
|
||||||
|
"settings": {
|
||||||
|
"servers": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"method": "chacha20-ietf-poly1305",
|
||||||
|
"password": "desdemona99"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "tcp",
|
||||||
|
"tcpSettings": {
|
||||||
|
"header": {
|
||||||
|
"request": {
|
||||||
|
"path": ["/sstc"]
|
||||||
|
},
|
||||||
|
"type": "http"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,41 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "shadowsocks",
|
||||||
|
"settings": {
|
||||||
|
"servers": [
|
||||||
|
{
|
||||||
|
"address": "example.com", // Change to you own domain
|
||||||
|
"port": 443,
|
||||||
|
"method": "chacha20-ietf-poly1305",
|
||||||
|
"password": "desdemona99" // Change to you own password
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "ws",
|
||||||
|
"wsSettings": {
|
||||||
|
"path": "/ssws"
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,41 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "shadowsocks",
|
||||||
|
"settings": {
|
||||||
|
"servers": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"method": "chacha20-ietf-poly1305",
|
||||||
|
"password": "desdemona99"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "grpc",
|
||||||
|
"grpcSettings": {
|
||||||
|
"serviceName": "ssgrpc"
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
42
All-in-One-fallbacks-Nginx/client.configs/Trojan-H2-TLS.json
Normal file
42
All-in-One-fallbacks-Nginx/client.configs/Trojan-H2-TLS.json
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "trojan",
|
||||||
|
"settings": {
|
||||||
|
"servers": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"password": "desdemona99"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "http",
|
||||||
|
"httpSettings": {
|
||||||
|
"path": "/trh2"
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome",
|
||||||
|
"alpn": ["h2"],
|
||||||
|
"serverName": "trh2o.example.com" // Change to ssh2o.yourdomain.tld
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,38 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "trojan",
|
||||||
|
"settings": {
|
||||||
|
"servers": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"password": "desdemona99"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "tcp",
|
||||||
|
"tcpSettings": {},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
40
All-in-One-fallbacks-Nginx/client.configs/Trojan-WS-TLS.json
Normal file
40
All-in-One-fallbacks-Nginx/client.configs/Trojan-WS-TLS.json
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "trojan",
|
||||||
|
"settings": {
|
||||||
|
"servers": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"password": "desdemona99"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "ws",
|
||||||
|
"wsSettings": {
|
||||||
|
"path": "/trojanws"
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "trojan",
|
||||||
|
"settings": {
|
||||||
|
"servers": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"password": "desdemona99"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "grpc",
|
||||||
|
"grpcSettings": {
|
||||||
|
"serviceName": "trgrpc"
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
48
All-in-One-fallbacks-Nginx/client.configs/VMESS-H2-TLS.json
Normal file
48
All-in-One-fallbacks-Nginx/client.configs/VMESS-H2-TLS.json
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "vmess",
|
||||||
|
"settings": {
|
||||||
|
"vnext": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
|
||||||
|
"alterId": 0,
|
||||||
|
"security": "none"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "http",
|
||||||
|
"httpSettings": {
|
||||||
|
"path": "/vmh2"
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome",
|
||||||
|
"alpn": ["h2"],
|
||||||
|
"serverName": "vmh2o.example.com" // Change to ssh2o.yourdomain.tld
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
51
All-in-One-fallbacks-Nginx/client.configs/VMESS-TCP-TLS.json
Normal file
51
All-in-One-fallbacks-Nginx/client.configs/VMESS-TCP-TLS.json
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "vmess",
|
||||||
|
"settings": {
|
||||||
|
"vnext": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
|
||||||
|
"alterId": 0,
|
||||||
|
"security": "none"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "tcp",
|
||||||
|
"tcpSettings": {
|
||||||
|
"header": {
|
||||||
|
"request": {
|
||||||
|
"path": ["/vmtc"]
|
||||||
|
},
|
||||||
|
"type": "http"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
46
All-in-One-fallbacks-Nginx/client.configs/VMESS-WS-TLS.json
Normal file
46
All-in-One-fallbacks-Nginx/client.configs/VMESS-WS-TLS.json
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "vmess",
|
||||||
|
"settings": {
|
||||||
|
"vnext": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
|
||||||
|
"alterId": 0,
|
||||||
|
"security": "none"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "ws",
|
||||||
|
"wsSettings": {
|
||||||
|
"path": "/vmws"
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,46 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "vmess",
|
||||||
|
"settings": {
|
||||||
|
"vnext": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
|
||||||
|
"alterId": 0,
|
||||||
|
"security": "none"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "grpc",
|
||||||
|
"grpcSettings": {
|
||||||
|
"serviceName": "vmgrpc"
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
47
All-in-One-fallbacks-Nginx/client.configs/Vless-H2-TLS.json
Normal file
47
All-in-One-fallbacks-Nginx/client.configs/Vless-H2-TLS.json
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "vless",
|
||||||
|
"settings": {
|
||||||
|
"vnext": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
|
||||||
|
"encryption": "none"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "http",
|
||||||
|
"httpSettings": {
|
||||||
|
"path": "/vlh2"
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome",
|
||||||
|
"alpn": ["h2"],
|
||||||
|
"serverName": "vlh2o.example.com" // Change to ssh2o.yourdomain.tld
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
50
All-in-One-fallbacks-Nginx/client.configs/Vless-TCP-TLS.json
Normal file
50
All-in-One-fallbacks-Nginx/client.configs/Vless-TCP-TLS.json
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "vless",
|
||||||
|
"settings": {
|
||||||
|
"vnext": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
|
||||||
|
"encryption": "none"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "tcp",
|
||||||
|
"tcpSettings": {
|
||||||
|
"header": {
|
||||||
|
"request": {
|
||||||
|
"path": ["/vltc"]
|
||||||
|
},
|
||||||
|
"type": "http"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,43 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "vless",
|
||||||
|
"settings": {
|
||||||
|
"vnext": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
|
||||||
|
"encryption": "none",
|
||||||
|
"flow": "xtls-rprx-vision"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "tcp",
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
45
All-in-One-fallbacks-Nginx/client.configs/Vless-WS-TLS.json
Normal file
45
All-in-One-fallbacks-Nginx/client.configs/Vless-WS-TLS.json
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "vless",
|
||||||
|
"settings": {
|
||||||
|
"vnext": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
|
||||||
|
"encryption": "none"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "ws",
|
||||||
|
"wsSettings": {
|
||||||
|
"path": "/vlws"
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,45 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"loglevel": "debug"
|
||||||
|
},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": "1080",
|
||||||
|
"protocol": "socks",
|
||||||
|
"settings": {
|
||||||
|
"udp": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"outbounds": [
|
||||||
|
{
|
||||||
|
"protocol": "vless",
|
||||||
|
"settings": {
|
||||||
|
"vnext": [
|
||||||
|
{
|
||||||
|
"address": "example.com",
|
||||||
|
"port": 443,
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
|
||||||
|
"encryption": "none"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "grpc",
|
||||||
|
"grpcSettings": {
|
||||||
|
"serviceName": "vlgrpc"
|
||||||
|
},
|
||||||
|
"security": "tls",
|
||||||
|
"tlsSettings": {
|
||||||
|
"allowInsecure": false,
|
||||||
|
"fingerprint": "chrome"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -1,3 +1,4 @@
|
||||||
|
# Restrict access to the website by IP or wrong domain name) and return 400
|
||||||
server {
|
server {
|
||||||
listen unix:/dev/shm/h1.sock proxy_protocol default_server;
|
listen unix:/dev/shm/h1.sock proxy_protocol default_server;
|
||||||
listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server;
|
listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server;
|
||||||
|
@ -5,38 +6,46 @@ server {
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
server_name _;
|
server_name _;
|
||||||
return 400;
|
return 400;
|
||||||
} #Restrict domain name access (prohibit access to the website by IP) and return 400
|
}
|
||||||
|
|
||||||
# HTTP1 UDS listener
|
# HTTP1 UDS listener
|
||||||
server {
|
server {
|
||||||
listen unix:/dev/shm/h1.sock proxy_protocol; #HTTP/1.1 server monitor process and enable PROXY protocol reception
|
listen unix:/dev/shm/h1.sock proxy_protocol; # HTTP/1.1 server monitor process and enable PROXY protocol reception
|
||||||
set_real_ip_from unix:;
|
set_real_ip_from unix:;
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
server_name examle.com behindcdn.com; #Change to your own domain name(s)
|
server_name example.com behindcdn.com; # Change to your own domain name(s)
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; #启用HSTS
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
|
||||||
root /var/www/html; #Modify to the path of the WEB file stored by yourself (check the permissions)
|
root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
|
||||||
index index.html index.htm;
|
index index.html index.htm;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# HTTP2 UDS listener
|
# HTTP2 UDS listener
|
||||||
server {
|
server {
|
||||||
listen unix:/dev/shm/h2c.sock http2 proxy_protocol; #H2C server monitor process and enable PROXY protocol reception
|
listen unix:/dev/shm/h2c.sock http2 proxy_protocol; # H2C server monitor process and enable PROXY protocol reception
|
||||||
set_real_ip_from unix:;
|
set_real_ip_from unix:;
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
server_name examle.com behindcdn.com; #Change to your own domain name(s) (don't forget to add the certificates to xray config)
|
server_name example.com behindcdn.com; # Change to your own domain name(s) (don't forget to add the certificates to xray config)
|
||||||
|
|
||||||
# grpc settings
|
# grpc settings
|
||||||
grpc_read_timeout 1h;
|
grpc_read_timeout 1h;
|
||||||
grpc_send_timeout 1h;
|
grpc_send_timeout 1h;
|
||||||
grpc_set_header X-Real-IP $remote_addr;
|
grpc_set_header X-Real-IP $remote_addr;
|
||||||
|
|
||||||
|
# Decoy website
|
||||||
|
location / {
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
|
||||||
|
root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
|
||||||
|
index index.html index.htm;
|
||||||
|
}
|
||||||
|
|
||||||
location /trgrpc { #corresponds to serviceName in trojan-grpc config of xray
|
location /trgrpc { #corresponds to serviceName in trojan-grpc config of xray
|
||||||
|
# POST returns 404 when negotiation fails
|
||||||
if ($request_method != "POST") {
|
if ($request_method != "POST") {
|
||||||
return 404;
|
return 404;
|
||||||
} #POST returns 404 when negotiation fails
|
}
|
||||||
client_body_buffer_size 1m;
|
client_body_buffer_size 1m;
|
||||||
client_body_timeout 1h;
|
client_body_timeout 1h;
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
|
@ -44,10 +53,11 @@ server {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
location /vlgrpc { #corresponds to serviceName in vless-grpc config of xray
|
location /vlgrpc { # corresponds to serviceName in vless-grpc config of xray
|
||||||
|
# return 404 if HTTP Method is not POST
|
||||||
if ($request_method != "POST") {
|
if ($request_method != "POST") {
|
||||||
return 404;
|
return 404;
|
||||||
} #POST returns 404 when negotiation fails
|
}
|
||||||
client_body_buffer_size 1m;
|
client_body_buffer_size 1m;
|
||||||
client_body_timeout 1h;
|
client_body_timeout 1h;
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
|
@ -55,10 +65,11 @@ server {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
location /vmgrpc { #corresponds to serviceName in vmess-grpc config of xray
|
location /vmgrpc { # corresponds to serviceName in vmess-grpc config of xray
|
||||||
|
# return 404 if HTTP Method is not POST
|
||||||
if ($request_method != "POST") {
|
if ($request_method != "POST") {
|
||||||
return 404;
|
return 404;
|
||||||
} #POST returns 404 when negotiation fails
|
}
|
||||||
client_body_buffer_size 1m;
|
client_body_buffer_size 1m;
|
||||||
client_body_timeout 1h;
|
client_body_timeout 1h;
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
|
@ -66,20 +77,14 @@ server {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
location /ssgrpc { #corresponds to serviceName in shadowsocks-grpc config of xray
|
location /ssgrpc { # corresponds to serviceName in shadowsocks-grpc config of xray
|
||||||
|
# return 404 if HTTP Method is not POST
|
||||||
if ($request_method != "POST") {
|
if ($request_method != "POST") {
|
||||||
return 404;
|
return 404;
|
||||||
} #POST returns 404 when negotiation fails
|
}
|
||||||
client_body_buffer_size 1m;
|
client_body_buffer_size 1m;
|
||||||
client_body_timeout 1h;
|
client_body_timeout 1h;
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
grpc_pass grpc://127.0.0.1:3004;
|
grpc_pass grpc://127.0.0.1:3004;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Decoy website
|
|
||||||
location / {
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; #HSTS
|
|
||||||
root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
|
|
||||||
index index.html index.htm;
|
|
||||||
}
|
|
||||||
}
|
}
|
|
@ -4,26 +4,54 @@
|
||||||
},
|
},
|
||||||
"inbounds": [
|
"inbounds": [
|
||||||
{
|
{
|
||||||
|
"tag": "Vless-TCP-XTLS",
|
||||||
"port": 443, // This is TLS entrypoint. This entrypoint does the SSL Termination then routes the request based on the Path or ALPN type.
|
"port": 443, // This is TLS entrypoint. This entrypoint does the SSL Termination then routes the request based on the Path or ALPN type.
|
||||||
"protocol": "trojan",
|
"protocol": "vless",
|
||||||
"settings": {
|
"settings": {
|
||||||
"clients": [
|
"clients": [
|
||||||
{
|
{
|
||||||
"password": "desdemona99",
|
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
|
||||||
"flow": "xtls-rprx-direct" //To enable XTLS Direct, this configuration must be added; otherwise, delete it. V2Ray has deleted the XTLS application since version v4.33.0. If you want to use this application, it is recommended to choose Xray.
|
"flow": "xtls-rprx-vision"
|
||||||
|
// "flow": "xtls-rprx-direct"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"decryption": "none",
|
"decryption": "none",
|
||||||
"fallbacks": [
|
"fallbacks": [
|
||||||
|
// H2
|
||||||
{
|
{
|
||||||
// if the path was `/vlessws`, pass it to vless-ws listener
|
// if the SNI was `trh2o.EXAMPLE.COM` and `alpn=h2`, pass it to trojan-h2 listener
|
||||||
"path": "/vlessws",
|
"name": "trh2o.example.com",
|
||||||
|
"alpn": "h2",
|
||||||
|
"dest": "@trojan-h2"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
// if the SNI was `vlh2o.EXAMPLE.COM` and `alpn=h2`, pass it to vless-h2 listener
|
||||||
|
"name": "vlh2o.example.com",
|
||||||
|
"alpn": "h2",
|
||||||
|
"dest": "@vless-h2"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
// if the SNI was `vmh2o.EXAMPLE.COM` and `alpn=h2`, pass it to vmess-h2 listener
|
||||||
|
"name": "vmh2o.example.com",
|
||||||
|
"alpn": "h2",
|
||||||
|
"dest": "@vmess-h2"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
// if the SNI was `ssh2o.EXAMPLE.COM` and `alpn=h2`, pass it to shadowsocks-h2 listener
|
||||||
|
"name": "ssh2o.example.com",
|
||||||
|
"alpn": "h2",
|
||||||
|
"dest": 4003
|
||||||
|
},
|
||||||
|
// Websocket
|
||||||
|
{
|
||||||
|
// if the path was `/vlws`, pass it to vless-ws listener
|
||||||
|
"path": "/vlws",
|
||||||
"dest": "@vless-ws",
|
"dest": "@vless-ws",
|
||||||
"xver": 2 //Enable the sending of the PROXY protocol, and send the real source IP and port to the following vmess+ws application. 1 or 2 indicates the PROXY protocol version. Consistent with the following, it is recommended to configure 2.
|
"xver": 2 //Enable the sending of the PROXY protocol, and send the real source IP and port to the following vmess+ws application. 1 or 2 indicates the PROXY protocol version. Consistent with the following, it is recommended to configure 2.
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
// if the path was `/vmessws`, pass it to vmess-ws listener
|
// if the path was `/vmws`, pass it to vmess-ws listener
|
||||||
"path": "/vmessws",
|
"path": "/vmws",
|
||||||
"dest": "@vmess-ws",
|
"dest": "@vmess-ws",
|
||||||
"xver": 2
|
"xver": 2
|
||||||
},
|
},
|
||||||
|
@ -33,6 +61,12 @@
|
||||||
"dest": "@trojan-ws",
|
"dest": "@trojan-ws",
|
||||||
"xver": 2
|
"xver": 2
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
// if the path was `/ssws`, pass it to port 4001 (shadowsocks-ws listener)
|
||||||
|
"path": "/ssws",
|
||||||
|
"dest": 4001
|
||||||
|
},
|
||||||
|
// TCP + http obfs
|
||||||
{
|
{
|
||||||
// if the path was `/vltc`, pass it to vless-tcp listener
|
// if the path was `/vltc`, pass it to vless-tcp listener
|
||||||
"path": "/vltc",
|
"path": "/vltc",
|
||||||
|
@ -45,6 +79,11 @@
|
||||||
"dest": "@vmess-tcp",
|
"dest": "@vmess-tcp",
|
||||||
"xver": 2
|
"xver": 2
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
// if the path was `/sstc`, pass it to port 4002 (shadowsocks-tcp listener)
|
||||||
|
"path": "/sstc",
|
||||||
|
"dest": 4002
|
||||||
|
},
|
||||||
{
|
{
|
||||||
// if the request's ALPN was HTTP2, pass it to trojan-tcp. (Also from trojan-tcp fallback to Nginx HTTP2)
|
// if the request's ALPN was HTTP2, pass it to trojan-tcp. (Also from trojan-tcp fallback to Nginx HTTP2)
|
||||||
"alpn": "h2",
|
"alpn": "h2",
|
||||||
|
@ -60,9 +99,11 @@
|
||||||
},
|
},
|
||||||
"streamSettings": {
|
"streamSettings": {
|
||||||
"network": "tcp",
|
"network": "tcp",
|
||||||
"security": "xtls", //If XTLS Direct is enabled, tls must be changed to xtls; otherwise, tls will be restored.
|
// If XTLS Vision is enabled, "security" must be "tls"
|
||||||
"xtlsSettings": {
|
// If XTLS Direct is enabled, "security" must be "xtls"
|
||||||
//If XTLS Direct is enabled, tlsSettings must be changed to xtlsSettings; otherwise, restore tlsSettings.
|
"security": "tls",
|
||||||
|
// If XTLS Direct is enabled, "tlsSettings" should also be changed to "xtlsSettings"
|
||||||
|
"tlsSettings": {
|
||||||
"certificates": [
|
"certificates": [
|
||||||
{
|
{
|
||||||
"ocspStapling": 3600, //The Xray version is not less than v1.3.0 to support configuring the time interval between OCSP stapling update and certificate hot reload. Currently V2Ray does not support it. If you use V2Ray as the server, you must delete this configuration.
|
"ocspStapling": 3600, //The Xray version is not less than v1.3.0 to support configuring the time interval between OCSP stapling update and certificate hot reload. Currently V2Ray does not support it. If you use V2Ray as the server, you must delete this configuration.
|
||||||
|
@ -90,7 +131,7 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
// WebSocket (VLESS - VMESS - TROJAN) //
|
// WebSocket (VLESS - VMESS - TROJAN - ShadowSocks) //
|
||||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
{
|
{
|
||||||
"listen": "@vless-ws",
|
"listen": "@vless-ws",
|
||||||
|
@ -108,7 +149,7 @@
|
||||||
"security": "none",
|
"security": "none",
|
||||||
"wsSettings": {
|
"wsSettings": {
|
||||||
"acceptProxyProtocol": true,
|
"acceptProxyProtocol": true,
|
||||||
"path": "/vlessws"
|
"path": "/vlws"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"sniffing": {
|
"sniffing": {
|
||||||
|
@ -132,7 +173,7 @@
|
||||||
"security": "none",
|
"security": "none",
|
||||||
"wsSettings": {
|
"wsSettings": {
|
||||||
"acceptProxyProtocol": true,
|
"acceptProxyProtocol": true,
|
||||||
"path": "/vmessws"
|
"path": "/vmws"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"sniffing": {
|
"sniffing": {
|
||||||
|
@ -146,7 +187,7 @@
|
||||||
"settings": {
|
"settings": {
|
||||||
"clients": [
|
"clients": [
|
||||||
{
|
{
|
||||||
"password": "desdemona99" //Change to your own password
|
"password": "desdemona99"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
@ -163,8 +204,29 @@
|
||||||
"destOverride": ["http", "tls"]
|
"destOverride": ["http", "tls"]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"tag": "shadowsocks-ws",
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": 4001,
|
||||||
|
"protocol": "shadowsocks",
|
||||||
|
"settings": {
|
||||||
|
"method": "chacha20-ietf-poly1305",
|
||||||
|
"password": "desdemona99"
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "ws",
|
||||||
|
"security": "none",
|
||||||
|
"wsSettings": {
|
||||||
|
"path": "/ssws"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sniffing": {
|
||||||
|
"enabled": true,
|
||||||
|
"destOverride": ["http", "tls"]
|
||||||
|
}
|
||||||
|
},
|
||||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
// TCP + http obfs (VLESS - VMESS - TROJAN) //
|
// TCP + http obfs (VLESS - VMESS - TROJAN - ShadowSocks) //
|
||||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
{
|
{
|
||||||
"listen": "@trojan-tcp", //trojan+tcp listening process
|
"listen": "@trojan-tcp", //trojan+tcp listening process
|
||||||
|
@ -172,7 +234,7 @@
|
||||||
"settings": {
|
"settings": {
|
||||||
"clients": [
|
"clients": [
|
||||||
{
|
{
|
||||||
"password": "desdemona99" //Change to your own password
|
"password": "desdemona99"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"fallbacks": [
|
"fallbacks": [
|
||||||
|
@ -256,6 +318,32 @@
|
||||||
"destOverride": ["http", "tls"]
|
"destOverride": ["http", "tls"]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"tag": "shadowsocks-tcp",
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": 4002,
|
||||||
|
"protocol": "shadowsocks",
|
||||||
|
"settings": {
|
||||||
|
"method": "chacha20-ietf-poly1305",
|
||||||
|
"password": "desdemona99"
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "tcp",
|
||||||
|
"security": "none",
|
||||||
|
"tcpSettings": {
|
||||||
|
"header": {
|
||||||
|
"type": "http",
|
||||||
|
"request": {
|
||||||
|
"path": ["/sstc"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sniffing": {
|
||||||
|
"enabled": true,
|
||||||
|
"destOverride": ["http", "tls"]
|
||||||
|
}
|
||||||
|
},
|
||||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
// GRPC (VLESS - VMESS - TROJAN - SHADOWSOCKS) (Nginx routes to them based on `serviceName`(HTTP2 Path) ) //
|
// GRPC (VLESS - VMESS - TROJAN - SHADOWSOCKS) (Nginx routes to them based on `serviceName`(HTTP2 Path) ) //
|
||||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
|
@ -341,9 +429,98 @@
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"destOverride": ["http", "tls"]
|
"destOverride": ["http", "tls"]
|
||||||
}
|
}
|
||||||
}//,
|
},
|
||||||
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
|
// H2 (VLESS - VMESS - TROJAN - SHADOWSOCKS) //
|
||||||
|
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
|
{
|
||||||
|
"listen": "@trojan-h2",
|
||||||
|
"protocol": "trojan",
|
||||||
|
"settings": {
|
||||||
|
"clients": [
|
||||||
|
{
|
||||||
|
"password": "desdemona99"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "h2",
|
||||||
|
"security": "none",
|
||||||
|
"httpSettings": {
|
||||||
|
"path": "/trh2"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"listen": "@vless-h2",
|
||||||
|
"protocol": "vless",
|
||||||
|
"settings": {
|
||||||
|
"clients": [
|
||||||
|
{
|
||||||
|
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797" //Change to your own UUID
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"decryption": "none"
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "h2",
|
||||||
|
"security": "none",
|
||||||
|
"httpSettings": {
|
||||||
|
"path": "/vlh2"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sniffing": {
|
||||||
|
"enabled": true,
|
||||||
|
"destOverride": ["http", "tls"]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"listen": "@vmess-h2",
|
||||||
|
"protocol": "vmess",
|
||||||
|
"settings": {
|
||||||
|
"clients": [
|
||||||
|
{
|
||||||
|
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
|
||||||
|
"level": 0
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "h2",
|
||||||
|
"security": "none",
|
||||||
|
"httpSettings": {
|
||||||
|
"path": "/vmh2"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sniffing": {
|
||||||
|
"enabled": true,
|
||||||
|
"destOverride": ["http", "tls"]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"tag": "shadowsocks-h2",
|
||||||
|
"listen": "127.0.0.1",
|
||||||
|
"port": 4003,
|
||||||
|
"protocol": "shadowsocks",
|
||||||
|
"settings": {
|
||||||
|
"method": "chacha20-ietf-poly1305",
|
||||||
|
"password": "desdemona99", //Change to your own password
|
||||||
|
"email": "2011@gmail.com"
|
||||||
|
},
|
||||||
|
"streamSettings": {
|
||||||
|
"network": "h2",
|
||||||
|
"security": "none",
|
||||||
|
"httpSettings": {
|
||||||
|
"path": "/ssh2"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sniffing": {
|
||||||
|
"enabled": true,
|
||||||
|
"destOverride": ["http", "tls"]
|
||||||
|
}
|
||||||
|
} //,
|
||||||
// {
|
// {
|
||||||
// "port": 80, // this is http entrypoint
|
// "port": 80, // this is http entrypoint, uncomment to enable vless-ws, vless-tcp, vmess-ws, v,ess-tcp, shadowwsocks-ws and shadowsocks-tcp on HTTP
|
||||||
// "protocol": "vless",
|
// "protocol": "vless",
|
||||||
// "settings": {
|
// "settings": {
|
||||||
// "clients": [
|
// "clients": [
|
||||||
|
@ -353,12 +530,12 @@
|
||||||
// ],
|
// ],
|
||||||
// "fallbacks": [
|
// "fallbacks": [
|
||||||
// {
|
// {
|
||||||
// "path": "/vlessws",
|
// "path": "/vlws",
|
||||||
// "dest": "@vless-ws",
|
// "dest": "@vless-ws",
|
||||||
// "xver": 2
|
// "xver": 2
|
||||||
// },
|
// },
|
||||||
// {
|
// {
|
||||||
// "path": "/vmessws",
|
// "path": "/vmws",
|
||||||
// "dest": "@vmess-ws", // the same vmess-ws used in 443 TLS entrypint is used here as well
|
// "dest": "@vmess-ws", // the same vmess-ws used in 443 TLS entrypint is used here as well
|
||||||
// "xver": 2
|
// "xver": 2
|
||||||
// },
|
// },
|
||||||
|
@ -375,6 +552,14 @@
|
||||||
// {
|
// {
|
||||||
// "dest": "/dev/shm/h1.sock", // defaults to Nginx HTTP1.1 listener
|
// "dest": "/dev/shm/h1.sock", // defaults to Nginx HTTP1.1 listener
|
||||||
// "xver": 2
|
// "xver": 2
|
||||||
|
// },
|
||||||
|
// {
|
||||||
|
// "path": "/ssws",
|
||||||
|
// "dest": 4001
|
||||||
|
// },
|
||||||
|
// {
|
||||||
|
// "path": "/sstc",
|
||||||
|
// "dest": 4002
|
||||||
// }
|
// }
|
||||||
// ],
|
// ],
|
||||||
// "decryption": "none"
|
// "decryption": "none"
|
||||||
|
@ -413,16 +598,17 @@
|
||||||
"settings": {
|
"settings": {
|
||||||
"rules": [
|
"rules": [
|
||||||
// {
|
// {
|
||||||
// "type": "field",
|
// // DNS Cache rule
|
||||||
// "outboundTag": "blackhole",
|
|
||||||
// "ip": ["geoip:private"]
|
|
||||||
// },
|
|
||||||
// { DNS Cache rule
|
|
||||||
// "type": "field",
|
// "type": "field",
|
||||||
// "port": 53,
|
// "port": 53,
|
||||||
// "network": "tcp,udp",
|
// "network": "tcp,udp",
|
||||||
// "outboundTag": "DNS-Internal"
|
// "outboundTag": "DNS-Internal"
|
||||||
// },
|
// },
|
||||||
|
{
|
||||||
|
"type": "field",
|
||||||
|
"outboundTag": "blackhole",
|
||||||
|
"ip": ["geoip:private"]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"type": "field", // Block BitTorrent protocol
|
"type": "field", // Block BitTorrent protocol
|
||||||
"outboundTag": "blackhole",
|
"outboundTag": "blackhole",
|
||||||
|
|
Loading…
Reference in a new issue