search

chika0801 / sing-box-examples

sing-box 配置示例
https://github.com/SagerNet/sing-box
1.61k stars 270 forks source link

I want to ask how to install vless port 80 on sing-box server. Thanks admin #112

Closed Thaomtam closed 2 months ago

Thaomtam commented 2 months ago

My sample configuration. { "type": "vmess", "listen": "::", "listen_port": 80, "sniff": true, "sniff_override_destination": false, "users": [ { "uuid": "thoi-tiet-openwrt", "alterId": 0 } ], "transport": { "headers": { "Host": "m.tiktok.com" }, "type": "ws", "path": "/video", "max_early_data": 2048, "early_data_header_name": "Sec-WebSocket-Protocol" } } I can use vmess, but when I change to vless, the system reports an error. Chika0801 can you help me perfect it

chika0801 commented 2 months ago

I looked at your configuration and found that you used VMESS+WS before. Because TLS protection was not used, VMESS's own encryption method was used for encryption.

Please do not use VLESS as the protocol when not using TLS. The reason is that the VLESS protocol itself is not designed to be self-encrypting. There are safety issues with this use.

Thaomtam commented 2 months ago

tks

Thaomtam commented 2 months ago

server { listen 80; listen [::]:80; return 301 https://$host$request_uri; }

server {
    listen                  127.0.0.1:8001 ssl default_server;

    ssl_reject_handshake    on;

    ssl_protocols           TLSv1.2 TLSv1.3;

    ssl_session_timeout     1h;
    ssl_session_cache       shared:SSL:10m;
}

i have 2 servers. 1 uses nginx reality, the other one I use reality to handshake with the domain I signed on server 1. I want to know how to enable handshake from nginx 1. tks ad

chika0801 commented 2 months ago

Let's say you have VPS1, which is NGINX listening on 443, and the NGINX configuration is a standard (simple) configuration with, for example, an SSL certificate in the configuration.

Then your VPS2's REALITY server-side configuration has

                    “handshake”: {
                        “server”: “”, // Requires the site to support TLS 1.3, X25519 and H2 for domains that are not redirects.
                        “server_port”: 443
                    }, // Requires the site to support TLS 1.3, X25519 and H2, with “server_port”: 443 for domain non-hops.

Translated with DeepL.com (free version)

Server here, you can fill in the domain name, if you point this domain name to the IP of VPS1, the SSL certificate also corresponds to this domain name.

This is the common principle.

server can also fill in the VPS1 IP, this filling method you have to ensure that “server_name” is included in your own SSL certificate.

Thaomtam commented 2 months ago

tks sir