search

chika0801 / Xray-examples

Xray 配置示例
https://github.com/XTLS/Xray-core
604 stars 107 forks source link

Vless+xtls+utls+reality 偷自己的caddy.json配置 #9

Closed GreatBigWhiteWorld closed 1 year ago

GreatBigWhiteWorld commented 1 year ago

Hello,因为我习惯了Caddy,所以我让ChatGPT把你的nginx.conf转换成对应的Caddy配置,感觉结果怪怪的,麻烦看下

{
    "apps": {
        "http": {
            "servers": {
                "chika": {
                    "listen": [
                        "127.0.0.1:8001"
                    ],
                    "routes": [
                        {
                            "match": [
                                {
                                    "host": [
                                        "chika.example.com"
                                    ]
                                }
                            ],
                            "handle": [
                                {
                                    "handler": "subroute",
                                    "routes": [
                                        {
                                            "handle": [
                                                {
                                                    "handler": "substitute",
                                                    "response": [
                                                        {
                                                            "search": "($proxy_host",
                                                            "replace": "($host"
                                                        }
                                                    ],
                                                    "once": false
                                                },
                                                {
                                                    "handler": "reverse_proxy",
                                                    "upstreams": [
                                                        {
                                                            "dial": "https://www.lovelive-anime.jp"
                                                        }
                                                    ],
                                                    "headers": {
                                                        "Host": [
                                                            "{http.request.host}"
                                                        ],
                                                        "Upgrade": [
                                                            "{http.request.header.Upgrade}"
                                                        ],
                                                        "Connection": [
                                                            "{http.request.header.Connection}"
                                                        ],
                                                        "X-Real-IP": [
                                                            "{http.request.header.X-Real-IP}"
                                                        ],
                                                        "Forwarded": [
                                                            "{http.request.header.Forwarded}"
                                                        ],
                                                        "X-Forwarded-For": [
                                                            "{http.request.header.X-Forwarded-For}"
                                                        ],
                                                        "X-Forwarded-Proto": [
                                                            "{http.request.scheme}"
                                                        ],
                                                        "X-Forwarded-Host": [
                                                            "{http.request.host}"
                                                        ],
                                                        "X-Forwarded-Port": [
                                                            "{http.request.port}"
                                                        ]
                                                    },
                                                    "transport": {
                                                        "protocol": "http",
                                                        "tls": {}
                                                    }
                                                }
                                            ]
                                        }
                                    ]
                                }
                            ]
                        }
                    ],
                    "tls_connection_policies": [
                        {
                            "match": {
                                "sni": [
                                    "chika.example.com"
                                ]
                            },
                            "issuer_cert": "/etc/ssl/private/fullchain.cer",
                            "issuer_key": "/etc/ssl/private/private.key",
                            "protocols": [
                                "tls1.2",
                                "tls1.3"
                            ],
                            "session_tickets": true,
                            "stapling": true,
                            "stapling_verify": true,
                            "resolvers": [
                                "1.1.1.1"
                            ],
                            "resolvers_timeout": "2s"
                        }
                    ]
                },
                "redirect": {
                    "listen": [
                        ":80",
                        "[::]:80"
                    ],
                    "routes": [
                        {
                            "handle": [
                                {
                                    "handler": "redir",
                                    "uri": "/{uri}",
                                    "status_code": 301
                                }
                            ]
                        }
                    ]
                }
            }
        }
    }
}

AI发完配置说了以下几点: Please note the following points:

_1. The Nginx map directives are not directly translatable to Caddy. I've used substitute handler to replace occurrences in the response body. This may need further adjustment based on the actual content of the response.

  1. The Nginx location block is translated to a Caddy subroute block with a substitute and reverse_proxy handlers inside it.
  2. The Nginx ssl_ciphers directive has been omitted, as Caddy automatically handles modern and secure ciphers.
  3. The Nginx ssl_earlydata is set in the Caddy configuration.

Make sure to test thoroughly in a safe environment to ensure that the translation meets your specific requirements.

ArcCal commented 1 year ago

试试caddy官方工具?

https://github.com/caddyserver/nginx-adapter

chika0801 commented 1 year ago

我不会caddy,帮不到你。

GreatBigWhiteWorld commented 1 year ago

试试caddy官方工具?

https://github.com/caddyserver/nginx-adapter

这工具转换不了,很多类型不支持而且好像有很多bug

ws2bhhh commented 9 months ago

你好,还需要吗?总之先放下面了🤔

{
    auto_https disable_redirects
    servers 127.0.0.1:5000 {
        listener_wrappers {
            proxy_protocol
        }
        protocols h1 h2 h2c h3
    }
}

# 假服务器,用于欺骗caddy自动续签证书。
example.com:8443 {
    root * /usr/share/caddy
    file_server
    bind 127.0.0.1
}

# 由于自动https跳转不可用,所以手动实现https跳转。caddy自动续签证书也需要这个配置。
:80 {
    redir https://{host}{uri} permanent
    # 以下配置为单次使用,仅在第一次申请证书时有用,当下面配置启用时上面配置需要被注释。
    # root * /usr/share/caddy
    # file_server
    # log
}

# 回落服务器,用于处理xray的回落。
http://example.com:5000 {
    root * /usr/share/caddy
    file_server
    log
    bind 127.0.0.1
}
GreatBigWhiteWorld commented 9 months ago

你好,还需要吗?总之先放下面了🤔

{
  auto_https disable_redirects
  servers 127.0.0.1:5000 {
      listener_wrappers {
          proxy_protocol
      }
      protocols h1 h2 h2c h3
  }
}

# 假服务器,用于欺骗caddy自动续签证书。
example.com:8443 {
  root * /usr/share/caddy
  file_server
  bind 127.0.0.1
}

# 由于自动https跳转不可用,所以手动实现https跳转。caddy自动续签证书也需要这个配置。
:80 {
  redir https://{host}{uri} permanent
  # 以下配置为单次使用,仅在第一次申请证书时有用,当下面配置启用时上面配置需要被注释。
  # root * /usr/share/caddy
  # file_server
  # log
}

# 回落服务器,用于处理xray的回落。
http://example.com:5000 {
  root * /usr/share/caddy
  file_server
  log
  bind 127.0.0.1
}

回头再弄,先谢谢了