From f87d87beb83f6942dc14d631820195f522c7901a Mon Sep 17 00:00:00 2001
From: xqzr <34030394+xqzr@users.noreply.github.com>
Date: Fri, 9 Sep 2022 16:17:38 +0800
Subject: [PATCH] =?UTF-8?q?add=20Trojan-gRPC-Caddy2=EF=BC=8FNginx?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fork https://github.com/XTLS/Xray-examples/tree/main/VLESS-GRPC
---
 Trojan-gRPC-Caddy2／Nginx/Caddyfile   |  9 ++++
 Trojan-gRPC-Caddy2／Nginx/README.md   | 34 +++++++++++++++
 Trojan-gRPC-Caddy2／Nginx/client.json | 62 +++++++++++++++++++++++++++
 Trojan-gRPC-Caddy2／Nginx/server.json | 48 +++++++++++++++++++++
 4 files changed, 153 insertions(+)
 create mode 100644 Trojan-gRPC-Caddy2／Nginx/Caddyfile
 create mode 100644 Trojan-gRPC-Caddy2／Nginx/README.md
 create mode 100644 Trojan-gRPC-Caddy2／Nginx/client.json
 create mode 100644 Trojan-gRPC-Caddy2／Nginx/server.json

diff --git a/Trojan-gRPC-Caddy2／Nginx/Caddyfile b/Trojan-gRPC-Caddy2／Nginx/Caddyfile
new file mode 100644
index 0000000..8ce8b94
--- /dev/null
+++ b/Trojan-gRPC-Caddy2／Nginx/Caddyfile
@@ -0,0 +1,9 @@
+example.com {
+    @grpc {
+        protocol grpc
+        path  # 填写 /你的 ServiceName/*
+    }
+    reverse_proxy @grpc unix//dev/shm/Xray-Trojan-gRPC.socket
+    root * /var/www
+    file_server
+}
diff --git a/Trojan-gRPC-Caddy2／Nginx/README.md b/Trojan-gRPC-Caddy2／Nginx/README.md
new file mode 100644
index 0000000..6c849c8
--- /dev/null
+++ b/Trojan-gRPC-Caddy2／Nginx/README.md
@@ -0,0 +1,34 @@
+# Trojan-gRPC-Caddy2／Nginx
+## 原理图 (Caddy) ：
+Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server
+## Nginx：
+同时，您也可以选择使用 Nginx。示例配置片段如下（部分来自 [@xqzr](https://github.com/xqzr)）：
+```conf
+server {
+	listen 443 ssl http2 so_keepalive=on;
+	server_name example.com;
+
+	index index.html;
+	root /var/www/html;
+
+	ssl_certificate /path/to/example.cer;
+	ssl_certificate_key /path/to/example.key;
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+	
+	client_header_timeout 52w;
+        keepalive_timeout 52w;
+	# 在 location 后填写 /你的 ServiceName
+	location /你的 ServiceName {
+		if ($content_type !~ "application/grpc") {
+			return 404;
+		}
+		client_max_body_size 0;
+		client_body_buffer_size 512k;
+		grpc_set_header X-Real-IP $remote_addr;
+		client_body_timeout 52w;
+		grpc_read_timeout 52w;
+		grpc_pass unix:/dev/shm/Xray-Trojan-gRPC.socket;
+	}
+}
+```
diff --git a/Trojan-gRPC-Caddy2／Nginx/client.json b/Trojan-gRPC-Caddy2／Nginx/client.json
new file mode 100644
index 0000000..34c7174
--- /dev/null
+++ b/Trojan-gRPC-Caddy2／Nginx/client.json
@@ -0,0 +1,62 @@
+{
+  "log": {},
+  "inbounds": [
+    {
+      "port": "1080",
+      "protocol": "socks",
+      "settings": {
+        "auth": "noauth",
+        "udp": true
+      }
+    },
+    {
+      "port": "1081",
+      "protocol": "http",
+      "settings": {}
+    }
+  ],
+  "outbounds": [
+    {
+      "protocol": "trojan",
+      "settings": {
+        "servers": [
+          {
+            "address": "example.com",
+            "port": 443,
+            "password": "" //填写你的 password
+          }
+        ]
+      },
+      "streamSettings": {
+        "network": "grpc",
+        "security": "tls",
+        "grpcSettings": {
+          "serviceName": "", //填写你的 ServiceName
+          //"initial_windows_size": 524288 //通过 Cloudflare CDN 时，防止 Cloudflare CDN 发送意外的 h2 GOAWAY 帧以关闭现有连接。
+        }
+      }
+    },
+    {
+      "tag": "direct",
+      "protocol": "freedom",
+      "settings": {}
+    },
+    {
+      "tag": "blocked",
+      "protocol": "blackhole",
+      "settings": {}
+    }
+  ],
+  "routing": {
+    "domainStrategy": "IPOnDemand",
+    "rules": [
+      {
+        "type": "field",
+        "ip": [
+          "geoip:private"
+        ],
+        "outboundTag": "direct"
+      }
+    ]
+  }
+}
diff --git a/Trojan-gRPC-Caddy2／Nginx/server.json b/Trojan-gRPC-Caddy2／Nginx/server.json
new file mode 100644
index 0000000..f6ebd32
--- /dev/null
+++ b/Trojan-gRPC-Caddy2／Nginx/server.json
@@ -0,0 +1,48 @@
+{
+  "log": {
+    "loglevel": "warning"
+  },
+  "inbounds": [
+    {
+      "listen": "/dev/shm/Xray-Trojan-gRPC.socket,0666",
+      "protocol": "trojan",
+      "settings": {
+        "clients": [
+          {
+            "password": "" // 填写你的 password
+          }
+        ]
+      },
+      "streamSettings": {
+        "network": "grpc",
+        "grpcSettings": {
+          "serviceName": "" // 填写你的 ServiceName
+        }
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "tag": "direct",
+      "protocol": "freedom",
+      "settings": {}
+    },
+    {
+      "tag": "blocked",
+      "protocol": "blackhole",
+      "settings": {}
+    }
+  ],
+  "routing": {
+    "domainStrategy": "AsIs",
+    "rules": [
+      {
+        "type": "field",
+        "ip": [
+          "geoip:private"
+        ],
+        "outboundTag": "blocked"
+      }
+    ]
+  }
+}