2gW94/server-xray
1
0
Fork 0
mirror of https://github.com/samuelhbne/server-xray.git synced 2025-12-16 20:07:06 +03:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update SNI mapping

Browse Source
This commit is contained in:
Samuel Huang
2024-09-16 22:43:14 +10:00
parent 7189f38054
commit 321009d3b4
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -322,33 +322,43 @@ $ docker run --name server-reality-tls -p 443:443 -v /home/ubuntu/cert:/opt/cert
```
-c /opt/cert --cn-block --debug -u u=id0,u=id1
Save Letsencrypt certs in /opt/cert; Block all websites located in China; Set log level debug; Add uid id0, id1 for all services created below.
--ltrx proxy_acpt,p=10443,d=yahoo.com,shortId=abcd,prv=OGgyKdxoCbtunsvQp4UX7eos7BInETDezsuEHRF-AT4
Create a Vless-TCP-Reality-Xtls-vision service on port 10443 with yahoo.com as fake destinaition. Accept proxy-protocol. Which is important for logging correct client address if necessary.
--st-map sni=yahoo.com,ups=127.0.0.1:10443
Create a Nginx Stream mapping entry for the LTRX service we just created on port 10443. This entry will only be matched when clients request yahoo.com as destination SNI domain name.
--lgp p=11443,s=grpc0
Create a Vless-gRPC-Plain service on port 11443 with gRPC name grpc0
--ng-proxy p=11443,l=/grpc0,n=grpc
Create a Nginx proxy location on /grpc0 for the LGP service we just created on port 11443, network type is gRPC.
--lwp p=12443,w=/ws0
Create a Vless-WebSocket-Plain service on port 12443 with websocket path /ws0
--ng-proxy p=12443,w=/ws0,n=ws
Create a Nginx proxy location on /ws0 for the LWP service we just created on port 12443, network type is WebSocket.
--ng-server proxy_acpt,p=8443,d=mydomain.duckdns.org
Create a Nginx TLS front server on port 8443, with domain name mydomain.duckdns.org. Contents all proxy locations we set above.
--st-map sni=mydomain.duckdns.org,ups=127.0.0.1:8443
Create a Nginx Stream mapping entry for the Nginx TLS front server we just created on port 8443. This entry will only be matched when clients request mydomain.duckdns.org as destination SNI domain name. TIP: You can set default as the sni to match all other domain names except yahoo.com, which will be matched and directed to the LTRX services we set above.
--st-server proxy_pass,p=443
Create a Nginx Stream Server on master port 443, directs all requests based on the SNI in requests to upstream map entries we created above with Proxy Protocol. Which is important for logging correct client address if necessary.
## Build server-xray docker image from source