WebSocket+TLS+Nginx和博客共存

最后更新时间:2020年05月25日

这里使用的是宝塔面板
先安装v2ray用233的脚本然后修改v2ray配置文件
将以下v2配置写入

{
  "inbounds": [{
    "port": 25714,           //此处为安装时生成的端口,可修改随意,但是保证和下面提到的端口号相同
    "listen":"127.0.0.1",
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "dbbfbf84-a0d7-4489-8012-e002509a5b74", //此处为安装时生成的 id
          "level": 1,
          "alterId": 34      //此处为安装时生成的 alterId
        }
      ]
    },
    "streamSettings": {
      "network": "ws",
      "wsSettings": {
        "path": "/SoftDown"   //此处为路径,需要和下面 NGINX 上面的路径配置一样
      }
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}

这个是宝塔的Nginx配置

server
{
    listen 80;
    listen 443 ssl http2;
    server_name hk.shagain.club;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/hk.shagain.club;
    
    #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    #HTTP_TO_HTTPS_START
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    #HTTP_TO_HTTPS_END
    ssl_certificate    /www/server/panel/vhost/cert/hk.shagain.club/fullchain.pem;
    ssl_certificate_key    /www/server/panel/vhost/cert/hk.shagain.club/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;

    #SSL-END
    
    #ERROR-PAGE-START  错误页配置,可以注释、删除或修改
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    #ERROR-PAGE-END
    
    #PHP-INFO-START  PHP引用配置,可以注释或修改
    include enable-php-72.conf;
    #PHP-INFO-END
    
    #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
    include /www/server/panel/vhost/rewrite/hk.shagain.club.conf;
    #REWRITE-END
    
    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }
    
    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
        allow all;
    }
    
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log off;
        access_log /dev/null;
    }
    
    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log off;
        access_log /dev/null; 
    }
    access_log  /www/wwwlogs/hk.shagain.club.log;
    error_log  /www/wwwlogs/hk.shagain.club.error.log;
        location / {
        proxy_pass http://localhost:34567; # 34567为刚刚设置的V2Ray端口
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        }
}

声明:小小博客|版权所有,违者必究|如未注明,均为原创|本网站采用BY-NC-SA协议进行授权

转载:转载请注明原文链接 - WebSocket+TLS+Nginx和博客共存

Carpe Diem and Do what I like