Closed Thaomtam closed 2 months ago
I looked at your configuration and found that you used VMESS+WS before. Because TLS protection was not used, VMESS's own encryption method was used for encryption.
Please do not use VLESS as the protocol when not using TLS. The reason is that the VLESS protocol itself is not designed to be self-encrypting. There are safety issues with this use.
tks
server { listen 80; listen [::]:80; return 301 https://$host$request_uri; }
server {
listen 127.0.0.1:8001 ssl default_server;
ssl_reject_handshake on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_timeout 1h;
ssl_session_cache shared:SSL:10m;
}
i have 2 servers. 1 uses nginx reality, the other one I use reality to handshake with the domain I signed on server 1. I want to know how to enable handshake from nginx 1. tks ad
Let's say you have VPS1, which is NGINX listening on 443, and the NGINX configuration is a standard (simple) configuration with, for example, an SSL certificate in the configuration.
Then your VPS2's REALITY server-side configuration has
“handshake”: {
“server”: “”, // Requires the site to support TLS 1.3, X25519 and H2 for domains that are not redirects.
“server_port”: 443
}, // Requires the site to support TLS 1.3, X25519 and H2, with “server_port”: 443 for domain non-hops.
Translated with DeepL.com (free version)
Server here, you can fill in the domain name, if you point this domain name to the IP of VPS1, the SSL certificate also corresponds to this domain name.
This is the common principle.
server can also fill in the VPS1 IP, this filling method you have to ensure that “server_name” is included in your own SSL certificate.
tks sir
My sample configuration. { "type": "vmess", "listen": "::", "listen_port": 80, "sniff": true, "sniff_override_destination": false, "users": [ { "uuid": "thoi-tiet-openwrt", "alterId": 0 } ], "transport": { "headers": { "Host": "m.tiktok.com" }, "type": "ws", "path": "/video", "max_early_data": 2048, "early_data_header_name": "Sec-WebSocket-Protocol" } } I can use vmess, but when I change to vless, the system reports an error. Chika0801 can you help me perfect it