zeaslity/shell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xray

Browse Source
This commit is contained in:
zeaslity
2024-11-27 16:37:19 +08:00
parent 2127577827
commit 5d20e4422d
3 changed files with 105 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
v2ray示例/香港节点/0-分层代理回落.json
View File

@@ -23,12 +23,12 @@
"dest": "@trojan-h2" "dest": "@trojan-h2"
}, },
{ {
"dest": "/dev/shm/h2c.sock", "dest": "5000",
"xver": 1, "xver": 2,
"alpn": "h2" "alpn": "h2"
}, },
{ {
"dest": "/dev/shm/h1.sock", "dest": "5001",
"xver": 2 "xver": 2
} }
] ]
@@ -50,7 +50,7 @@
} }
], ],
"minVersion": "1.2", "minVersion": "1.2",
"cipherSuites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "cipherSuites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"alpn": [ "alpn": [
"h2", "h2",
"http/1.1" "http/1.1"
@@ -81,7 +81,7 @@
"network": "h2", "network": "h2",
"security": "none", "security": "none",
"httpSettings": { "httpSettings": {
"path": "/trh2" "path": "/status"
} }
} }
} }

43
v2ray示例/香港节点/nginx.conf
View File

@@ -1,43 +1,50 @@
# Restrict access to the website by IP or wrong domain name) and return 400 # Restrict access to the website by IP or wrong domain name) and return 400
server { server {
listen unix:/dev/shm/h1.sock proxy_protocol default_server; # listen unix:/dev/shm/h1.sock proxy_protocol default_server;
listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server; # listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server;
set_real_ip_from unix:; listen 5000;
real_ip_header proxy_protocol; http2 on;
# set_real_ip_from unix:;
# real_ip_header proxy_protocol;
server_name _; server_name _;
return 400; return 400 "not allowed";
}
server {
listen 5001;
server_name _;
return 400 "not allowed";
} }
# HTTP1 UDS listener # HTTP1 UDS listener
server { server {
listen unix:/dev/shm/h1.sock proxy_protocol; # HTTP/1.1 server monitor process and enable PROXY protocol reception #listen unix:/dev/shm/h1.sock proxy_protocol;
set_real_ip_from unix:; listen 5001;
real_ip_header proxy_protocol; server_name xx.tc.hk.go.107421.xyz book.107421.xyz;
server_name book.107421.xyz xx.tc.hk.go.107421.xyz; # Change to your own domain name(s)
location / { location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions) root /var/www/html/;
index index.html index.htm; index index.html index.htm;
} }
} }
# HTTP2 UDS listener # HTTP2 UDS listener
server { server {
listen unix:/dev/shm/h2c.sock http2 proxy_protocol; # H2C server monitor process and enable PROXY protocol reception # listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
set_real_ip_from unix:; listen 5000;
real_ip_header proxy_protocol; http2 on;
server_name book.107421.xyz xx.tc.hk.go.107421.xyz; # Change to your own domain name(s) (don't forget to add the certificates to xray config)
server_name xx.tc.hk.go.107421.xyz book.107421.xyz;
# grpc settings # grpc settings
grpc_read_timeout 1h; # grpc_read_timeout 1h;
grpc_send_timeout 1h; # grpc_send_timeout 1h;
grpc_set_header X-Real-IP $remote_addr; # grpc_set_header X-Real-IP $remote_addr;
# Decoy website # Decoy website
location / { location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions) root /var/www/html;
index index.html index.htm; index index.html index.htm;
} }
} }

75
v2ray示例/香港节点/内核转发优化.txt Normal file
View File

@@ -0,0 +1,75 @@
cat > /etc/sysctl.d/proxy-wdd.conf <<EOF
# 启用 BBR
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
# 启用 IP 转发
net.ipv4.ip_forward = 1
# 调整 TCP 的时间等待状态
net.ipv4.tcp_fin_timeout = 15
# 提高 TCP 的最大连接数
net.ipv4.tcp_max_syn_backlog = 4096
# 增加 TCP 的缓冲区大小
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# 增加最大连接数
net.core.somaxconn = 1024
net.ipv4.tcp_max_tw_buckets = 2000
# 启用 TCP 快速打开
net.ipv4.tcp_fastopen = 3
# 减少 TCP 连接的延迟
net.ipv4.tcp_low_latency = 1
# 启用 TCP 时间戳
net.ipv4.tcp_timestamps = 1
# 启用 TCP 窗口扩大
net.ipv4.tcp_window_scaling = 1
# 设置 TCP 连接的最大重传次数
net.ipv4.tcp_retries2 = 5
# 启用 TCP 选择确认
net.ipv4.tcp_sack = 1
# 启用 SYN Cookies
net.ipv4.tcp_syncookies=1
# 调整连接追踪表大小
net.netfilter.nf_conntrack_max=131072
# 增加连接追踪哈希表大小
net.netfilter.nf_conntrack_buckets=65536
# 优化 TCP Keepalive 设置
net.ipv4.tcp_keepalive_time=600
net.ipv4.tcp_keepalive_intvl=60
net.ipv4.tcp_keepalive_probes=5
# 调整 TIME-WAIT 套接字再利用
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
# 增加本地端口范围
net.ipv4.ip_local_port_range='1024 65535'
EOF
sudo sysctl -p /etc/sysctl.d/proxy-wdd.conf
sysctl net.ipv4.tcp_congestion_control
sudo ethtool -K eth0 gro on
sudo ethtool -K eth0 gso on
sudo ethtool -K eth0 tso on