## Server xray 1.5.0 [login] ``` { "log": { "loglevel": "debug" }, "inbounds": [ { "port": 44333, "listen": "127.0.0.1", "protocol": "trojan", "tag": "VLESSTROJAN", "settings": { "clients": [ { "password": "58cgd720", "email": "xxx.com_VLESS_gRPC" } ] }, "streamSettings": { "network": "grpc", "security": "none", "grpcSettings": { "serviceName": "tghk" } } }, { "port": 44332, "listen": "127.0.0.1", "protocol": "VLESS", "tag": "VLESS", "settings": { "clients": [ { "id": "a04a867a-f6b0-4d22-87c0-48f0dc2636df", "email": "xxx.com_VLESS_gRPC" } ], "decryption": "none" }, "streamSettings": { "network": "grpc", "security": "none", "grpcSettings": { "serviceName": "tghkV" } } }, { "streamSettings": { "network": "ws", "wsSettings": { "path": "/vm", "headers": { "Host": "spd.cykablyat.date" } } }, "protocol": "vmess", "listen": "127.0.0.1", "port": 44331, "settings": { "clients": [ { "alterId": 0, "id": "72e0e5f9-a66c-4145-843e-0b5ab5cd7bd0" } ], "disableInsecureEncryption": false } } ], "outbounds": [ { "protocol": "freedom" } ] } ``` ## client ### clash ``` - {name: trojan-grpc, server: hk.cykablyat.date, port: 443, type: trojan, password: 58cgd720, sni: hk.cykablyat.date, skip-cert-verify: false, network: grpc, grpc-opts: {grpc-service-name: tghk}, udp: true} ``` ## nginx ``` server { listen 80; listen 443 ssl http2 so_keepalive=on; server_name hk.cykablyat.date; index index.php index.html index.htm default.php default.htm default.html; root /www/wwwroot/hk.cykablyat.date; #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则 #error_page 404/404.html; ssl_certificate /www/server/panel/vhost/cert/hk.cykablyat.date/fullchain.pem; ssl_certificate_key /www/server/panel/vhost/cert/hk.cykablyat.date/privkey.pem; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; add_header Strict-Transport-Security "max-age=31536000"; error_page 497 https://$host$request_uri; #SSL-END #ERROR-PAGE-START 错误页配置,可以注释、删除或修改 #error_page 404 /404.html; #error_page 502 /502.html; #ERROR-PAGE-END #PHP-INFO-START PHP引用配置,可以注释或修改 include enable-php-00.conf; #PHP-INFO-END #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效 include /www/server/panel/vhost/rewrite/hk.cykablyat.date.conf; #REWRITE-END #禁止访问的文件或目录 location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md) { return 404; } location /tghk { if ($content_type !~ "application/grpc") { return 404; } client_max_body_size 0; grpc_set_header X-Real-IP $proxy_add_x_forwarded_for; client_body_timeout 1071906480m; grpc_read_timeout 1071906480m; grpc_pass grpc://127.0.0.1:44333; } location /vm { proxy_redirect off; proxy_pass http://127.0.0.1:44331;#假设WebSocket监听在环回地址的10000端口上 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; # Show realip in v2ray access.log proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /tghkV { if ($content_type !~ "application/grpc") { return 404; } client_max_body_size 0; grpc_set_header X-Real-IP $proxy_add_x_forwarded_for; client_body_timeout 1071906480m; grpc_read_timeout 1071906480m; grpc_pass grpc://127.0.0.1:44332; } #一键申请SSL证书验证目录相关设置 location ~ \.well-known{ allow all; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; error_log /dev/null; access_log /dev/null; } location ~ .*\.(js|css)?$ { expires 12h; error_log /dev/null; access_log /dev/null; } access_log /www/wwwlogs/hk.cykablyat.date.log; error_log /www/wwwlogs/hk.cykablyat.date.error.log; } ``` ### ws ``` stream { log_format tcp_format '$time_local|$remote_addr|$protocol|$status|$bytes_sent|$bytes_received|$session_time|$upstream_addr|$upstream_bytes_sent|$upstream_bytes_received|$upstream_connect_time'; # 这里就是 SNI 识别,将域名映射成一个配置名,请修改自己的一级域名 map $ssl_preread_server_name $backend_name { spdtg.cykablyat.date trojan; default web; # 域名都不匹配情况下的默认值 } # web,配置转发详情 upstream web { server 127.0.0.1:4433; } # trojan,配置转发详情 upstream trojan { server 127.0.0.1:6699; } # 监听 443 并开启 ssl_preread server { listen 443 reuseport; listen 443 udp; #############################udp未测试 listen [::]:443 reuseport; proxy_pass $backend_name; ssl_preread on; } access_log /www/wwwlogs/tcp-access.log tcp_format; error_log /www/wwwlogs/tcp-error.log; include /www/server/panel/vhost/nginx/tcp/*.conf; } ``` [/login] Serverxray 1.5.0该部分仅登录用户可见 最后修改:2022 年 07 月 09 日 © 允许规范转载 打赏 赞赏作者 赞 如果觉得我的文章对你有用,请随意赞赏