xray 使用 443 作为前端的配置

xray 使用 443 作为前端，nginx 作为后端解析网页

• xray_server_port_nginx
• xray_server_socket_nginx

xray_server_port_nginx

# Nginx 需要 http_v2_module 、http_realip_module 模块
# https://xtls.github.io/document/level-1/fallbacks-with-sni.html

server {
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}

server {
    listen 127.0.0.1:8001 proxy_protocol default_server;
    listen 127.0.0.1:8002 http2 proxy_protocol default_server;
    set_real_ip_from 127.0.0.1;
    real_ip_header proxy_protocol;
    server_name _;
    return 400;
}

server {
    listen 127.0.0.1:8001 proxy_protocol;
    listen 127.0.0.1:8002 http2 proxy_protocol;
    set_real_ip_from 127.0.0.1;
    real_ip_header proxy_protocol;
    server_name api.echoxu.cn;

    location / {
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
        root /usr/share/nginx/html/wwwdoc;
        index index.html index.htm;
    }
}

xray_server_socket_nginx

# Nginx 需要 http_v2_module 、http_realip_module 模块
# 使用 socket 比用端口会稍快些

server {
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}

server { #限定域名访问（禁止以IP方式访问网站）并返回400。
    listen unix:/dev/shm/h1.sock proxy_protocol default_server;
    listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server;
    set_real_ip_from unix:;
    real_ip_header proxy_protocol;
    server_name _;
    return 400;
}

server {
    listen unix:/dev/shm/h1.sock proxy_protocol;
    listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
    set_real_ip_from unix:;
    real_ip_header proxy_protocol;
    server_name api.echoxu.cn;

    location / {
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; #启用HSTS
        root /usr/share/nginx/html/wwwdoc;
        index index.html index.htm;
    }
}