参考来源
https://lhy.life/20200909-haproxy/
HAProxy 配置
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 24h
timeout client 24h
timeout server 24h
frontend ssl
mode tcp
bind *:443
tcp-request inspect-delay 3s
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend trojan if { req_ssl_sni -i trojan.exp.com }
use_backend naiveproxy if { req_ssl_sni -i naive.exp.com }
use_backend v2ray if { req_ssl_sni -i v2ray.exp.com }
use_backend web1 if { req_ssl_sni -i web1.exp.com }
use_backend web2 if { req_ssl_sni -i web2.exp.com }
backend trojan
mode tcp
server trojan 127.0.0.1:350
backend naiveproxy
mode tcp
server naiveproxy 127.0.0.1:352
backend v2ray
mode tcp
server v2ray 127.0.0.1:353
backend web1
mode tcp
server web1 127.0.0.1:356
backend web2
mode tcp
server web2 127.0.0.1:357
Trojan 服务端配置
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 350,
"remote_addr": "127.0.0.1",
"remote_port": 351,
"password": [
"passwd1",
"passwd2"
],
"log_level": 1,
"ssl": {
"cert": "/path/cert.pem",
"key": "/path/key.pem",
"key_password": "",
"cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"alpn_port_override": {
"h2": 81
},
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"prefer_ipv4": false,
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"fast_open": false,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": "",
"cafile": ""
}
}
NaiveProxy 服务端 Caddy 配置
{
"admin": {
"disabled": true
},
"apps": {
"http": {
"servers": {
"web1": {
"listen": [":352"],
"routes": [{
"handle": [{
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"auth_user": "你的账户",
"auth_pass": "你的密码",
"probe_resistance": {"domain": "your-secret-link.localhost"}
}]
}, {
"match": [{"host": ["naive.exp.com"]}],
"handle": [{
"handler": "file_server",
"root": "/path/naive.exp.com",
"index_names": ["index.html"]
}],
"terminal": true
}],
"tls_connection_policies": [{
"match": {"sni": ["naive.exp.com"]}
}],
"automatic_https": {
"disable": true
}
}
}
},
"tls": {
"certificates": {
"load_files": [{
"certificate": "/path/cert.pem",
"key": "/path/key.pem"
}]
}
}
}
}
V2Ray 服务端配置
VLESS+TCP+TLS 和 VMess+WebSocket+TLS 配置
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 353,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "你的UUID",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 354
},
{
"path": "/yourpath",
"dest": 355
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "/path/to/fullchain.crt",
"keyFile": "/path/to/private.key"
}
]
}
}
},
{
"port": 355,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "你的UUID",
"level": 0,
"alterId": 4
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/yourpath 和上面一样"
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
Nginx 配置
user root root
...
events {
...
}
http {
...
## Trojan 伪装站点配置
server {
listen 80;
listen [::]:80;
server_name trojan.exp.com;
return 301 https://trojan.exp.com$request_uri;
}
server {
listen 351;
server_name trojan.exp.com;
index index.php index.html;
root /www/wwwroot/trojan.exp.com;
...
}
## NaiveProxy 配置(只处理http重定向至https)
server {
listen 80;
listen [::]:80;
server_name naive.exp.com;
return 301 https://naive.exp.com$request_uri;
}
## VLESS 回落站点配置
server {
listen 80;
listen [::]:80;
server_name v2ray.exp.com;
return 301 https://v2ray.exp.com$request_uri;
}
server {
listen 354;
server_name v2ray.exp.com;
index index.php index.html;
root /www/wwwroot/v2ray.exp.com;
...
}
## web1 站点配置
server {
listen 80;
listen [::]:80;
server_name web1.exp.com;
return 301 https://web1.exp.com$request_uri;
}
server {
listen 356 ssl http2;
server_name web1.exp.com;
index index.php index.html;
root /www/wwwroot/web1.exp.com;
ssl_certificate /path/to/fullchain.crt;
ssl_certificate_key /path/to/private.key;
...
}
## web2 站点配置
server {
listen 80;
listen [::]:80;
server_name web2.exp.com;
return 301 https://web2.exp.com$request_uri;
}
server {
listen 357 ssl http2;
server_name web2.exp.com;
index index.php index.html;
root /www/wwwroot/web2.exp.com;
ssl_certificate /path/to/fullchain.crt;
ssl_certificate_key /path/to/private.key;
...
}
...
}
为 Nginx 启用 PROXY protocol
HAProxy 配置
...
backend web1
mode tcp
server web1 127.0.0.1:356 send-proxy
backend web2
mode tcp
server web2 127.0.0.1:357 send-proxy
...
Nginx 配置
...
http {
...
## web1 站点配置
...
server {
listen 356 ssl http2 proxy_protocol;
server_name web1.exp.com;
index index.php index.html;
root /www/wwwroot/web1.exp.com;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
ssl_certificate /path/to/fullchain.crt;
ssl_certificate_key /path/to/private.key;
...
}
## web2 站点配置
...
server {
listen 357 ssl http2 proxy_protocol;
server_name web2.exp.com;
index index.php index.html;
root /www/wwwroot/web2.exp.com;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
ssl_certificate /path/to/fullchain.crt;
ssl_certificate_key /path/to/private.key;
...
}
...
}