按照这个网站的教程搞的,,
https://xtls.github.io/document/level-0/ch07-xray-server.html#_7-4-%E9%85%8D%E7%BD%AE-xray
但是nginx 到底是怎么写
还有vps的防火墙是不是要打开除了80.443端口外的回落端口
为什么有些配置不用写域名,,,,比如下面这个
有些要写域名
服务端配置
[ol]{
// 1\_日志设置
"log": {
"loglevel": "warning", // 内容从少到多: "none", "error", "warning", "info", "debug"
"access": "/var/log/xray/xray.access.log", // 访问记录
"error": "/var/log/xray/xray.error.log error" // 错误记录
},
// 2_DNS 设置
"dns": {
"servers": [
"https+local://1.1.1.1/dns-query", // 首选 1.1.1.1 的 DoH 查询,牺牲速度但可防止 ISP **
"localhost"
]
},
// 3*分流设置
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
// 3.1 防止服务器本地流转问题:如内网被攻击或滥用、错误的本地回环等
{
"type": "field",
"ip": [
"geoip:private" // 分流条件:geoip 文件内,名为"private"的规则(本地)
],
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
},
{
// 3.2 防止服务器直连国内
"type": "field",
"ip": ["geoip:cn"],
"outboundTag": "block"
},
// 3.3 屏蔽广告
{
"type": "field",
"domain": [
"geosite:category-ads-all" // 分流条件:geosite 文件内,名为"category-ads-all"的规则(各种广告域名)
],
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
}
]
},
// 4*入站设置
// 4.1 这里只写了一个最简单的 vless+xtls 的入站,因为这是 Xray 最强大的模式。如有其他需要,请根据模版自行添加。
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // 填写你的 UUID
"flow": "xtls-rprx-vision",
"level": 0,
"email": ""
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 8888 // 默认回落到防探测的代理
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"alpn": "http/1.1",
"certificates": [
{
"certificateFile": "/etc/letsencrypt/live/xray/fullchain.pem",
"keyFile": "/etc/letsencrypt/live/xray/privkey.pem"
}
]
}
}
}
],
// 5*出站设置
"outbounds": [
// 5.1 第一个出站是默认规则,freedom 就是对外直连(vps 已经是外网,所以直连)
{
"tag": "direct",
"protocol": "freedom"
},
// 5.2 屏蔽规则,blackhole 协议就是把流量导入到黑洞里(屏蔽)
{
"tag": "block",
"protocol": "blackhole"
}
]
}
[/ol]复制代码
nginx 配置
[ol]server {
listen 80;
server_name xray;
return 301 https://xray$request_uri;
root /usr/share/nginx/html;
}
server {
listen 443 ssl;
server_name xray;
##证书地址
ssl_certificate /etc/letsencrypt/live/xray/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xray/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
#ssl_early_data on;
# #告诉服务器重写客户端可能报告为自己的首选项
ssl_prefer_server_ciphers off;
# #指定曲线类型
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 1.1.1.1 1.0.0.1 8.8.8.8;
location /
{
proxy_pass http://127.0.0.1:8888;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}[/ol]复制代码
v2rayN 客户端配置
IP
端口 443
流控 xtls-rprx-vision
加密 为空
传输协议 TCP
底层传输 xtls
哪里有问题啊???????
