利用 NGINX 的 Stream 模塊 sni_preread 功能,可以做到讓 Trojan 和其他網站在同一台機器上共享 443 端口。
Notes
- If your local network use public IP ranges instead of private ones, make sure to add respecive
RETURN
rules to iptables to prevent looping issue - Set clash as DHCP's only DNS server to allow domain-based filter (shunting) rules work
- Use
lsof -i udp:53
to check if clash's DNS module work fine, otherwise you may have to killsystemd-resolved
and any other processes occupying the UDP 53 port - The given scripts will NOT hangle the traffic of gateway itself since it is not recommend to do so. If you want to redirect the egress traffic of the gateway, the following material may be useful
Reference
Debian / Ubuntu 系可直接運行以下指令,安裝 xanmod-edge 內核後重啟。此內核安裝完後會自動啟用 BBR,無需手動配置。
echo 'deb http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-kernel.list
wget -qO - https://dl.xanmod.org/gpg.key | apt-key --keyring /etc/apt/trusted.gpg.d/xanmod-kernel.gpg add -
apt update && apt upgrade -y && apt install linux-xanmod-edge -y
apt install wireguard-tools resolvconf -y
V2Ray 白話文教學介紹了如何利用 V2Ray 的路由功能將特定網站(例如 Netflix)的流量經過 Shadowsocks 轉到另一台機器上,達成解鎖流媒體的方法。
事實上,可以利用 V2Ray 的任意門協議直接將流量轉發到落地機上,進一步減少使用代理協議產生的開銷,以下為做法。
假設不能看奈飛的機器為 VPS A,可以看奈飛的機器為 VPS B。
- VPS A: 開兩個
freedom
outbound,一個給 80 端口,一個給 443 端口,並配置對應的路由規則 - VPS B: 開兩個
dokodemo-door
inbound,一個給 80 端口,一個給 443 端口,兩個 inbound 都要設置 sniffing,並配置對應的路由規則
{
"outbounds": [
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# HTTP, SOCKS5 混合端口 | |
mixed-port: 7890 | |
# 允许局域网的连接(可用来共享代理) | |
allow-lan: true | |
# 规则模式:Rule(规则) / Global(全局代理)/ Direct(全局直连) | |
mode: Rule | |
# 设置日志输出级别 (默认级别:info,级别越高日志输出量越大,越倾向于调试) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
zone_name=$1 | |
record_name=$2 | |
api_key=$3 | |
current_ip=`curl -s https://api.ipify.org` | |
zone_id=`curl -s -X GET "https://api.cloudflare.com/client/v4/zones" \ | |
-H "Authorization: Bearer ${api_key}" -H "Content-Type: application/json" \ | |
| jq -r ".result | .[] | select(.name == \"${zone_name}\") | .id"` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
scholar.example.com { | |
timeouts 5m | |
proxy / https://scholar.google.com.hk { | |
except /robots.txt /usercontent | |
header_upstream X-Real-IP {remote} | |
header_upstream X-Forwarded-For {remote} | |
header_upstream User-Agent {>User-Agent} | |
# header_upstream X-Real-IP {>CF-Connecting-IP} | |
# header_upstream X-Forwarded-For {>CF-Connecting-IP} | |
header_upstream Accept-Language zh-HK |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
type=v2board # 必填这个 | |
server_type=v2ray # 必填这个 | |
api=webapi # webapi 或 db,表示 webapi 对接或数据库对接 | |
# webapi 对接 | |
webapi_url=https://www.yourdomain.com/ # webapi url,填写面板主页地址 | |
webapi_key= # webapi key | |
node_id=1 # 节点id | |
soga_key= # 授权key,社区版无需填写,最多支持88用户,商业版无限制 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
echo "Getting the latest version of trojan-go" | |
latest_version="$(curl -s "https://api.github.com/repos/p4gefau1t/trojan-go/releases" | jq '.[0].tag_name' --raw-output)" | |
echo "${latest_version}" | |
trojango_link="https://github.com/p4gefau1t/trojan-go/releases/download/${latest_version}/trojan-go-linux-amd64.zip" | |
mkdir -p "/usr/bin/trojan-go" | |
mkdir -p "/etc/trojan-go" |
NewerOlder