Install sing-box/xray and configure vless / tuic / hysteria2 / shadowtls for reality or tls (letsencrypt) over different transport protocols (tcp, http, grpc and websocket) with user management capability in CLI, TUI and Telegram bot by a single command in docker compose!
Since haproxy have an option called strict-sni , people can use it to avoid exposure of their certificate and hence disclosure of their IP address. This is vital specially when CDN is used.
Online crawler services or censor by iterating over limited IPv4 public address space looking at their port 443, or sending HTTPS request to that IP, can retrieve the valid SSL certificate and map the CN field to SNI used in the client side. This can potentially lead to blockage of both IP and Domain name.
strict-sni can resolve this problem. It must be add as the following:
Since haproxy have an option called
strict-sni
, people can use it to avoid exposure of their certificate and hence disclosure of their IP address. This is vital specially when CDN is used. Online crawler services or censor by iterating over limited IPv4 public address space looking at their port 443, or sending HTTPS request to that IP, can retrieve the valid SSL certificate and map the CN field to SNI used in the client side. This can potentially lead to blockage of both IP and Domain name.strict-sni
can resolve this problem. It must be add as the following:As it can prevent from utilization of Allow Insecure option, you can add an option item in the menu to be chosen when CDN is used.
Thanks for perfect script.