编译、配置nginx,使V2ray,Xray,Trojan,博客网站等共用443端口
- 获取链接
- X
- 电子邮件
- 其他应用
最后更新2023-06-05
我的VPS: Ubuntu 2022 X64
申请SSL证书参考这里 第5点,FreshRSS及相关安装参考这里。
一、V2ray安装,参考这里
sudo bash -c "$(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)"systemctl enable --now v2ray编辑v2ray服务器端配置文件 nano /usr/local/etc/v2ray/config.json
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"port": 10000,
"listen":"127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"alterId": 0
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/yourwebsocketpath"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
} 二、Xray安装,参考这里
sudo bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u rootsystemctl enable --now xray编辑xray服务器端配置文件 nano /usr/local/etc/xray/config.json
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 10247,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.2",
"certificates": [
{
"ocspStapling": 3600,
"certificateFile": "/etc/cert/cert.crt",
"keyFile": "/etc/cert/private.key"
}
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}上面V2ray及Xray配置的路由策略屏蔽了对中国IP的访问,如不需要的话可以删除。
三、Trojan-Go安装,参考这里
wget https://github.com/p4gefau1t/trojan-go/releases/download/v0.10.6/trojan-go-linux-amd64.zipunzip -o trojan-go-linux-amd64.zip -d /usr/local/bin/trojan-go编辑trojan-go服务器端配置文件
mkdir -p /usr/local/etc/trojan-go nano /usr/local/etc/trojan-go/config.json
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 10248,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"password"
],
"ssl": {
"cert": "/etc/cert/cert.crt",
"key": "/etc/cert/private.key",
"sni": "bbs.mydomain.com"
},
"websocket": {
"enabled": true,
"path": "/yourwebsocketpath",
"host": "bbs.mydomain.com",
"double_tls": false
},
"router":{
"enabled": true,
"block": [
"geoip:private"
]
}
}配置开机启动参考这里
四、编译安装nginx
由于需要用到 ngx_stream_ssl_preread_module 模块,但是 Nginx 默认没有安装该模块,需要自己编译安装。
1、首先安装编译工具及相关依赖库
apt install make gcc libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev
2、下载最新nginx源代码,最新版地址在此
wget --no-check-certificate https://nginx.org/download/nginx-1.26.3.tar.gz && tar -xvf nginx-1.26.3.tar.gz && cd nginx-1.26.33、设置编译参数并编译
./configure --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_modulemake && sudo make install默认安装路径在 /usr/local/nginx,配置文件 /usr/local/nginx/conf/nginx.conf ,执行文件 /usr/local/nginx/sbin/nginx
4、配置开机启动
编辑文件 nano /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.targetsudo systemctl enable --now nginx5、配置nginx
以下配置中,域名www.mydomain.com 用于配置FreshRSS;mydomain.com用于配置V2ray,同时也指向FreshRSS;
bbs.mydomain.com 用于配置Trojan-Go;free.mydomain.com 用于配置Xray;
api.mydomain.com 用于配置全文API(如Readability或mercury);
hub.mydomain.com 用于配置第三方RSS(如rssbridge或rsshub)。
编辑nginx配置文件 nano /usr/local/nginx/conf/nginx.conf
将相关域名及WS path路径修改成你自己的,并与v2ray,torjan-go,xray服务器端相关配置一致。
user www-data;
worker_processes auto;
#error_log /var/log/nginx/error.log warn;
#pid /var/run/nginx.pid;
events {
worker_connections 4096;
multi_accept on;
use epoll;
}
stream {
# 这里就是 SNI 识别,将域名映射成一个配置名
map $ssl_preread_server_name $backend_name {
www.mydomain.com web;
mydomain.com vmess;
bbs.mydomain.com trojan;
free.mydomain.com xtls;
api.mydomain.com api;
hub.mydomain.com hub;
# 域名都不匹配情况下的默认值
default web;
}
# web,配置转发详情,端口与下面server字段中www.mydomain.com监听端口一致
upstream web {
server 127.0.0.1:10240;
}
# vmess,配置转发详情,端口与下面server字段中mydomain.com监听端口一致
upstream vmess {
server 127.0.0.1:10249;
}
# trojan,配置转发详情,与trojan配置文件中的端口一致
upstream trojan {
server 127.0.0.1:10248;
}
# xtls,配置转发详情,与xray配置文件中的端口一致
upstream xtls {
server 127.0.0.1:10247;
}
# api,配置转发详情
upstream api {
server 127.0.0.1:10246;
}
# hub,配置转发详情
upstream hub {
server 127.0.0.1:10245;
}
# 监听 443 并开启 ssl_preread
server {
listen 443 reuseport;
# listen [::]:443 reuseport;
proxy_pass $backend_name;
ssl_preread on;
}
}
http {
server_tokens off;
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
client_max_body_size 10m;
client_body_buffer_size 128k;
access_log off;
ssl_certificate /etc/cert/cert.crt;
ssl_certificate_key /etc/cert/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_tickets off;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always; #
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 10240 ssl;
http2 on;
server_name www.mydomain.com;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
server {
listen 10249 ssl;
http2 on;
server_name mydomain.com;
location /yourwebsocketpath {
proxy_redirect off;
proxy_pass http://127.0.0.1:10000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://127.0.0.1:8080;
}
}
server {
listen 10246 ssl;
http2 on;
server_name api.mydomain.com;
location / {
proxy_pass http://127.0.0.1:3000;
}
}
server {
listen 10245 ssl;
http2 on;
server_name hub.mydomain.com;
location / {
proxy_pass http://127.0.0.1:3002;
}
}
}测试配置文件是否正确
/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf重新加载nginx配置文件使之生效(无需重启服务器)
/usr/local/nginx/sbin/nginx -s reload记得防火墙放行相关端口如22,80,443等
ufw allow 22ufw allow 443最后,在配置客户端时,远程端口设置为443,其他与服务器端相关参数一致。
经测试,NaiveProxy可以与V2ray,Xray,Trojan,博客网站等共存于同一个VPS并共用443端口,参考这里 第六点。
- 获取链接
- X
- 电子邮件
- 其他应用
评论
发表评论