xray

2024-11-27 16:37:19 +08:00
parent 2127577827
commit 5d20e4422d
3 changed files with 105 additions and 23 deletions
--- a/v2ray示例/香港节点/0-分层代理回落.json
+++ b/v2ray示例/香港节点/0-分层代理回落.json
@@ -23,12 +23,12 @@
            "dest": "@trojan-h2"
          },
          {
-            "dest": "/dev/shm/h2c.sock",
-            "xver": 1,
+            "dest": "5000",
+            "xver": 2,
            "alpn": "h2"
          },
          {
-            "dest": "/dev/shm/h1.sock",
+            "dest": "5001",
            "xver": 2
          }
        ]
@@ -50,7 +50,7 @@
            }
          ],
          "minVersion": "1.2",
-          "cipherSuites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+          "cipherSuites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
          "alpn": [
            "h2",
            "http/1.1"
@@ -81,7 +81,7 @@
        "network": "h2",
        "security": "none",
        "httpSettings": {
-          "path": "/trh2"
+          "path": "/status"
        }
      }
    }
--- a/v2ray示例/香港节点/nginx.conf
+++ b/v2ray示例/香港节点/nginx.conf
@@ -1,43 +1,50 @@
 # Restrict access to the website by IP or wrong domain name) and return 400
 server {
-    listen unix:/dev/shm/h1.sock proxy_protocol default_server;
-    listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server;
-    set_real_ip_from unix:;
-    real_ip_header proxy_protocol;
+    # listen unix:/dev/shm/h1.sock proxy_protocol default_server;
+    # listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server;
+    listen 5000;
+    http2 on;
+    # set_real_ip_from unix:;
+    # real_ip_header proxy_protocol;
    server_name _;
-    return 400;
+    return 400 "not allowed";
+}
+server {
+    listen 5001;
+    server_name _;
+    return 400 "not allowed";
 }

 # HTTP1 UDS listener
 server {
-    listen unix:/dev/shm/h1.sock proxy_protocol; # HTTP/1.1 server monitor process and enable PROXY protocol reception
-    set_real_ip_from unix:;
-    real_ip_header proxy_protocol;
-    server_name book.107421.xyz xx.tc.hk.go.107421.xyz; # Change to your own domain name(s)
+    #listen unix:/dev/shm/h1.sock proxy_protocol;
+    listen 5001;
+    server_name xx.tc.hk.go.107421.xyz book.107421.xyz;

    location / {
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
-        root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
+        root /var/www/html/; 
        index index.html index.htm;
    }
 }

 # HTTP2 UDS listener
 server {
-    listen unix:/dev/shm/h2c.sock http2 proxy_protocol; # H2C server monitor process and enable PROXY protocol reception
-    set_real_ip_from unix:;
-    real_ip_header proxy_protocol;
-    server_name book.107421.xyz xx.tc.hk.go.107421.xyz; # Change to your own domain name(s) (don't forget to add the certificates to xray config)
+    # listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
+    listen 5000;
+    http2 on;
+    
+    server_name xx.tc.hk.go.107421.xyz book.107421.xyz;

    # grpc settings
-    grpc_read_timeout 1h;
-    grpc_send_timeout 1h;
-    grpc_set_header X-Real-IP $remote_addr;
+    # grpc_read_timeout 1h;
+    # grpc_send_timeout 1h;
+    # grpc_set_header X-Real-IP $remote_addr;

    # Decoy website
    location / {
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
-        root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
+        root /var/www/html;
        index index.html index.htm;
    }
 }
--- a/v2ray示例/香港节点/内核转发优化.txt
+++ b/v2ray示例/香港节点/内核转发优化.txt
@@ -0,0 +1,75 @@
+
+
+cat > /etc/sysctl.d/proxy-wdd.conf <<EOF
+
+# 启用 BBR
+net.core.default_qdisc = fq
+net.ipv4.tcp_congestion_control = bbr
+
+# 启用 IP 转发
+net.ipv4.ip_forward = 1
+
+# 调整 TCP 的时间等待状态
+net.ipv4.tcp_fin_timeout = 15
+
+# 提高 TCP 的最大连接数
+net.ipv4.tcp_max_syn_backlog = 4096
+
+# 增加 TCP 的缓冲区大小
+net.core.rmem_max=16777216
+net.core.wmem_max=16777216
+net.ipv4.tcp_rmem = 4096 87380 16777216
+net.ipv4.tcp_wmem = 4096 65536 16777216
+
+# 增加最大连接数
+net.core.somaxconn = 1024
+net.ipv4.tcp_max_tw_buckets = 2000
+
+# 启用 TCP 快速打开
+net.ipv4.tcp_fastopen = 3
+
+# 减少 TCP 连接的延迟
+net.ipv4.tcp_low_latency = 1
+
+# 启用 TCP 时间戳
+net.ipv4.tcp_timestamps = 1
+
+# 启用 TCP 窗口扩大
+net.ipv4.tcp_window_scaling = 1
+
+# 设置 TCP 连接的最大重传次数
+net.ipv4.tcp_retries2 = 5
+
+# 启用 TCP 选择确认
+net.ipv4.tcp_sack = 1
+
+# 启用 SYN Cookies
+net.ipv4.tcp_syncookies=1
+
+# 调整连接追踪表大小
+net.netfilter.nf_conntrack_max=131072
+
+# 增加连接追踪哈希表大小
+net.netfilter.nf_conntrack_buckets=65536
+
+# 优化 TCP Keepalive 设置
+net.ipv4.tcp_keepalive_time=600
+net.ipv4.tcp_keepalive_intvl=60
+net.ipv4.tcp_keepalive_probes=5
+
+# 调整 TIME-WAIT 套接字再利用
+net.ipv4.tcp_tw_reuse=1
+net.ipv4.tcp_tw_recycle=1
+
+# 增加本地端口范围
+net.ipv4.ip_local_port_range='1024 65535'
+
+EOF
+sudo sysctl -p /etc/sysctl.d/proxy-wdd.conf
+
+sysctl net.ipv4.tcp_congestion_control
+
+sudo ethtool -K eth0 gro on
+sudo ethtool -K eth0 gso on
+sudo ethtool -K eth0 tso on
+