GuanM/XrayR-doc
1
0
Fork 0
mirror of https://github.com/XrayR-project/XrayR-doc.git synced 2025-06-08 13:39:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
XrayR-doc/za-xiang/nginx+trojan-zan-shi-di-shen.md
pocketW 9d7445a522 update docs
2022-07-28 20:30:14 +10:00

166 lines
5.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Nginx+Trojan暂时滴神
使用Nginx处理Trojan的TLSTrojan进行回落。我愿称ta暂时滴神
## Nginx安装
CentOS
```text
yum update
yum install -y nginx
yum install nginx-mod-stream
```
Ubuntu/Debian:
```text
apt update
apt install nginx
```
## Nginx配置
修改/etc/nginx/nginx.conf配置文件
```text
stream {
server {
listen 443 ssl; # 设置监听端口为443
ssl_protocols TLSv1.2 TLSv1.3; # 设置使用的SSL协议版本
ssl_certificate /etc/nginx/ssl/xx.com.pem; # 证书地址
ssl_certificate_key /etc/nginx/ssl/xx.com.key; # 秘钥地址
ssl_session_cache shared:SSL:10m; # SSL TCP会话缓存设置共享内存区域名为
# SSL区域大小为10MB
ssl_session_timeout 10m; # SSL TCP会话缓存超时时间为10分钟
proxy_protocol on; # 开启proxy_protocol获取真实ip
proxy_pass 127.0.0.1:1234; # 后端Trojan监听端口
}
}
```
请将上方代码添加到**http**与**events**中间一行
**/etc/nginx/nginx.conf配置文件参考**
```text
events {
worker_connections 768;
# multi_accept on;
}
stream {
server {
listen 443 ssl; # 设置监听端口为443
ssl_protocols TLSv1.2 TLSv1.3; # 设置使用的SSL协议版本
ssl_certificate /etc/nginx/ssl/xx.com.pem; # 证书地址
ssl_certificate_key /etc/nginx/ssl/xx.com.key; # 秘钥地址
ssl_session_cache shared:SSL:10m; # SSL TCP会话缓存设置共享内存区域名为
# SSL区域大小为10MB
ssl_session_timeout 10m; # SSL TCP会话缓存超时时间为10分钟
proxy_protocol on; # 开启proxy_protocol获取真实ip
proxy_pass 127.0.0.1:1234; # 后端Trojan监听端口
}
}
http {
##
# Basic Settings
##
```
**注意事项:**
**1. 请配置SSL证书**
**2. proxy\_pass 127.0.0.1:1234 后端Trojan监听端口与您网站前端节点监听端口一致**
**3. listen端口可以1-65535随意修改此处为客户端连接端口**
{% hint style="info" %}
centos系统请关闭selinux不然可能导致转发失败。
sudo setenforce 0
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
{% endhint %}
## XrayR Trojan配置
**关键配置:**
```text
ListenIP: 127.0.0.1
EnableProxyProtocol: true
EnableFallback: true
CertMode: none
```
{% hint style="info" %}
注意1请务必确保CertMode为none交由Nginx处理tls
{% endhint %}
{% hint style="info" %}
注意2在回落时请确保回落站点是http1.1nginx如果有一个站点是h2会导致全部站点都变成h2巨坑
{% endhint %}
**完整样例**
```text
-
PanelType: "SSpanel" # Panel type: SSpanel, V2board, PMpanel
ApiConfig:
ApiHost: "https://xxx.com"
ApiKey: "123"
NodeID: 1
NodeType: Trojan # Node type: V2ray, Shadowsocks, Trojan
Timeout: 10 # Timeout for the api request
EnableVless: false # Enable Vless for V2ray Type
EnableXTLS: false # Enable XTLS for V2ray and Trojan
SpeedLimit: 0 # Mbps, Local settings will replace remote settings, 0 means disable
DeviceLimit: 0 # Local settings will replace remote settings, 0 means disable
RuleListPath: # /etc/XrayR/rulelist Path to local rulelist file
ControllerConfig:
ListenIP: 127.0.0.1 # IP address you want to listen
SendIP: 0.0.0.0 # IP address you want to send pacakage
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
EnableDNS: false # Use custom DNS config, Please ensure that you set the dns.json well
DNSType: AsIs # AsIs, UseIP, UseIPv4, UseIPv6, DNS strategy
EnableProxyProtocol: true # Only works for WebSocket and TCP
EnableFallback: true # Only support for Trojan and Vless
FallBackConfigs: # Support multiple fallbacks
-
SNI: # TLS SNI(Server Name Indication), Empty for any
Path: # HTTP PATH, Empty for any
Dest: fake.website.com:80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
CertConfig:
CertMode: none # Option about how to get certificate: none, file, http, dns. Choose "none" will forcedly disable the tls config.
CertDomain: "node1.test.com" # Domain to cert
CertFile: /etc/XrayR/cert/node1.test.com.cert # Provided if the CertMode is file
KeyFile: /etc/XrayR/cert/node1.test.com.key
Provider: alidns # DNS cert provider, Get the full support list here: https://go-acme.github.io/lego/dns/
Email: test@me.com
DNSEnv: # DNS ENV option used by DNS provider
ALICLOUD_ACCESS_KEY: aaa
ALICLOUD_SECRET_KEY: bbb
```
## 重启并检查 Nginx 和 XrayR
```text
systemctl restart nginx
XrayR restart
```
```text
systemctl status nginx
XrayR status
```
Reference in New Issue View Git Blame Copy Permalink