which is more secure and undetectable? nginx_sni_shunting OR steal_oneself

In terms of security, NGINX has a form of SNI triage, and because of this usage, usually SSL certificates are not necessarily loaded by NGINX. Assuming that the SNI is shunted to another local port on your VPS, you use the Xray program to listen on that one port and load the SSL certificate. From the standpoint of being scanned for server-side TLS fingerprints, the TLS fingerprints are for the GO language. However, the scanning of server-side TLS fingerprints has not been pointed out as one of the reasons why the VPS port or IP is blocked by the network firewall of the country in which it is located by some masters in the circle of Chinese VPN users that I know of. In the Chinese VPN community, for example, youtube has videos about TLS fingerprinting that are more about earning traffic.

REALITY of stealing their own form, for example, the back-end is by NGINX listening to the local port corresponding to dest in XRAY, and by NGINX load SSL certificate, then the TLS fingerprint is NGINX.

Due to the requirements of REALITY, the TLS fingerprinting emulation option for the client is a mandatory item, and a mandatory requirement if your client doesn't know anything about it.

As for the client's TLS fingerprint simulation function, in the Chinese circle, also and VPS is blocked or not, there are different voices.

So whether it is SNI diversion or not, who is better is based on your own actual way of using it. Generally speaking, my suggestion is that you use a specialized VPS for your proxy and another VPS for your website, which is not costly to use separately.

Translated with DeepL.com (free version)

chika0801 / Xray-examples

which is more secure and undetectable? nginx_sni_shunting OR steal_oneself #36