Xray-examples/All-in-One-fallbacks-Nginx/nginx.conf
uzziell e374ba0925
Added more combinations to All-in-One (#107)
* Added H2 for all protocols, SS-WS and SS-TCP

* added more comments to fallbacks

* update README.md

* added client link examples

* update README.md

* update README.md

* update README

* update README

* typo in domain name

* Switched to latest VISION flow - block private address access by default

* clean up nginx.conf

* added client configurations

* fixed typo in README.md

* client/server UUID mismatch
2023-01-10 23:35:01 -05:00

90 lines
3 KiB
Nginx Configuration File

# Restrict access to the website by IP or wrong domain name) and return 400
server {
listen unix:/dev/shm/h1.sock proxy_protocol default_server;
listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
server_name _;
return 400;
}
# HTTP1 UDS listener
server {
listen unix:/dev/shm/h1.sock proxy_protocol; # HTTP/1.1 server monitor process and enable PROXY protocol reception
set_real_ip_from unix:;
real_ip_header proxy_protocol;
server_name example.com behindcdn.com; # Change to your own domain name(s)
location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
index index.html index.htm;
}
}
# HTTP2 UDS listener
server {
listen unix:/dev/shm/h2c.sock http2 proxy_protocol; # H2C server monitor process and enable PROXY protocol reception
set_real_ip_from unix:;
real_ip_header proxy_protocol;
server_name example.com behindcdn.com; # Change to your own domain name(s) (don't forget to add the certificates to xray config)
# grpc settings
grpc_read_timeout 1h;
grpc_send_timeout 1h;
grpc_set_header X-Real-IP $remote_addr;
# Decoy website
location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
index index.html index.htm;
}
location /trgrpc { #corresponds to serviceName in trojan-grpc config of xray
# POST returns 404 when negotiation fails
if ($request_method != "POST") {
return 404;
}
client_body_buffer_size 1m;
client_body_timeout 1h;
client_max_body_size 0;
grpc_pass grpc://127.0.0.1:3001;
}
location /vlgrpc { # corresponds to serviceName in vless-grpc config of xray
# return 404 if HTTP Method is not POST
if ($request_method != "POST") {
return 404;
}
client_body_buffer_size 1m;
client_body_timeout 1h;
client_max_body_size 0;
grpc_pass grpc://127.0.0.1:3002;
}
location /vmgrpc { # corresponds to serviceName in vmess-grpc config of xray
# return 404 if HTTP Method is not POST
if ($request_method != "POST") {
return 404;
}
client_body_buffer_size 1m;
client_body_timeout 1h;
client_max_body_size 0;
grpc_pass grpc://127.0.0.1:3003;
}
location /ssgrpc { # corresponds to serviceName in shadowsocks-grpc config of xray
# return 404 if HTTP Method is not POST
if ($request_method != "POST") {
return 404;
}
client_body_buffer_size 1m;
client_body_timeout 1h;
client_max_body_size 0;
grpc_pass grpc://127.0.0.1:3004;
}
}