编译、配置nginx,使V2ray,Xray,Trojan,博客网站等共用443端口
- 获取链接
- X
- 电子邮件
- 其他应用
最后更新2023-06-05
我的VPS: Ubuntu 2022 X64
申请SSL证书参考这里 第5点,FreshRSS及相关安装参考这里。
一、V2ray安装,参考这里
curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh bash install-release.sh systemctl enable --now v2ray编辑v2ray服务器端配置文件 vi /usr/local/etc/v2ray/config.json
{ "inbounds": [ { "port": 10000, "listen":"127.0.0.1", "protocol": "vmess", "settings": { "clients": [ { "id": "b831381d-6324-4d53-ad4f-8cda48b30811", "alterId": 0 } ] }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/yourwebsocketpath" } } } ], "outbounds": [ { "protocol": "freedom", "settings": {} } ] }
二、Xray安装,参考这里
sudo bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u rootsystemctl enable --now xray编辑xray服务器端配置文件vi /usr/local/etc/xray/config.json
{
"inbounds": [
{
"listen": "0.0.0.0",
"port": 10247,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.2",
"certificates": [
{
"ocspStapling": 3600,
"certificateFile": "/root/cert/cert.crt",
"keyFile": "/root/cert/private.key"
}
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
}
]
}三、Trojan-Go安装,参考这里
wget https://github.com/p4gefau1t/trojan-go/releases/download/v0.10.6/trojan-go-linux-amd64.zipunzip -o trojan-go-linux-amd64.zip -d /usr/local/bin/trojan-go编辑trojan-go服务器端配置文件vi /usr/local/etc/trojan-go/config.json
mkdir -p /usr/local/etc/trojan-go{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 10248,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"password"
],
"ssl": {
"cert": "/root/cert/cert.crt",
"key": "/root/cert/private.key",
"sni": "bbs.mydomain.com"
},
"websocket": {
"enabled": true,
"path": "/yourwebsocketpath",
"host": "bbs.mydomain.com",
"double_tls": false
},
"router":{
"enabled": true,
"block": [
"geoip:private"
]
}
}配置开机启动参考这里
四、编译安装nginx
由于需要用到 ngx_stream_ssl_preread_module 模块,但是 Nginx 默认没有安装该模块,需要自己编译安装。
1、首先安装编译工具及相关依赖库
sudo apt install make gcc libpcre3 libpcre3-dev zlib1g-dev libssl-dev
2、下载最新nginx源代码
wget --no-check-certificate https://nginx.org/download/nginx-1.23.1.tar.gztar zxvf nginx-1.23.1.tar.gzcd nginx-1.23.13、设置编译参数并编译
./configure --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_preread_module make && sudo make install默认安装路径在 /usr/local/nginx,默认配置文件路径 /usr/local/nginx/conf/nginx.conf
4、配置开机启动
编辑配置文件 vi /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.targetsudo systemctl enable --now nginx5、配置nginx
以下配置中,域名www.mydomain.com 用于配置FreshRSS;mydomain.com用于配置V2ray,同时也指向FreshRSS;
bbs.mydomain.com 用于配置Trojan-Go;free.mydomain.com 用于配置Xray;
api.mydomain.com 用于配置全文API(如Readability或mercury);
hub.mydomain.com 用于配置第三方RSS(如rssbridge或rsshub)。
编辑nginx配置文件 vi /usr/local/nginx/conf/nginx.conf
将相关域名及WS path路径修改成你自己的,并与v2ray,torjan-go,xray服务器端相关配置一致。
#user www-data;
worker_processes 1;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 2048;
}
stream {
# 这里就是 SNI 识别,将域名映射成一个配置名
map $ssl_preread_server_name $backend_name {
www.mydomain.com web;
mydomain.com vmess;
bbs.mydomain.com trojan;
free.mydomain.com xtls;
api.mydomain.com api;
hub.mydomain.com hub;
# 域名都不匹配情况下的默认值
default web;
}
# web,配置转发详情,端口与下面server字段中www.mydomain.com监听端口一致
upstream web {
server 127.0.0.1:10240;
}
# vmess,配置转发详情,端口与下面server字段中mydomain.com监听端口一致
upstream vmess {
server 127.0.0.1:10249;
}
# trojan,配置转发详情,与trojan配置文件中的端口一致
upstream trojan {
server 127.0.0.1:10248;
}
# xtls,配置转发详情,与xray配置文件中的端口一致
upstream xtls {
server 127.0.0.1:10247;
}
# api,配置转发详情
upstream api {
server 127.0.0.1:10246;
}
# hub,配置转发详情
upstream hub {
server 127.0.0.1:10245;
}
# 监听 443 并开启 ssl_preread
server {
listen 443 reuseport;
# listen [::]:443 reuseport;
proxy_pass $backend_name;
ssl_preread on;
}
}
http {
server_tokens off;
include mime.types;
default_type application/octet-stream;
access_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
client_max_body_size 10m;
client_body_buffer_size 128k;
server {
listen 80 default_server;
server_name www.mydomain.com;
root /usr/share/nginx/html;
return 301 https://$server_name$request_uri;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 10240 ssl;
server_name www.mydomain.com;
ssl_certificate /root/cert/cert.crt;
ssl_certificate_key /root/cert/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
server {
listen 10249 ssl;
server_name mydomain.com;
ssl_certificate /root/cert/cert.crt;
ssl_certificate_key /root/cert/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location /yourwebsocketpath {
proxy_redirect off;
proxy_pass http://127.0.0.1:10000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
location / {
proxy_pass http://127.0.0.1:8080;
}
}
server {
listen 10246 ssl;
server_name api.mydomain.com;
ssl_certificate /root/cert/cert.crt;
ssl_certificate_key /root/cert/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:3000;
}
}
server {
listen 10245 ssl;
server_name hub.mydomain.com;
ssl_certificate /root/cert/cert.crt;
ssl_certificate_key /root/cert/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:4000;
}
}
}测试配置文件是否正确
/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf重新加载nginx配置文件使之生效(无需重启服务器)
/usr/local/nginx/sbin/nginx -s reload记得防火墙放行相关端口如22,80,443等
ufw allow 22ufw allow 443最后,在配置客户端时,远程端口设置为443,其他与服务器端相关参数一致。
经测试,NaiveProxy可以与V2ray,Xray,Trojan,博客网站等共存于同一个VPS并共用443端口,参考这里 第六点。
- 获取链接
- X
- 电子邮件
- 其他应用
评论
发表评论