is there any step by step to setup nginx server and running reality configs?

[ExtremeDot]

hi i tried to setup reality with nginx server, my acknowloedge about nginx is about to zero, and no success anymore!

is there any step by step to how setup required nginx server to working reality protocol?

on some screen shots you provide chinese texts, it cant be translated. please comment them as text too.

[qist]

nginx 不能http代理reality 只能站点回落到nginx 可以使用tcp 代理然后域名分流

https://github.com/XTLS/Xray-core/issues/1972
或者使用这个方案
https://github.com/XTLS/Xray-core/issues/1970
下面是回落到自己nginx 配置
https://github.com/chika0801/Xray-examples/blob/main/VLESS-XTLS-uTLS-REALITY/steal_yourself/nginx.conf
参考这个 dest 添加nginx 监听端口端口 xver 值1  如果reality  监听非443 要让节点能访问
sub_filter                        $proxy_host $http_host; 
外部访问域名+端口

使用tcp 代理然后域名分流

# stream模块设置
stream {
    # SNI识别，将一个个域名映射成一个配置名
    map $ssl_preread_server_name $stream_map {
        website.example.com web;
        xtls.example.com beforextls;# 注意这里修改了
    }

    # upstream,也就是流量上游的配置
    upstream beforextls {
        server 127.0.0.1:7999;
    }
    upstream xtls {
        server 127.0.0.1:9000;
    }
    upstream web {
        server 127.0.0.1:443;
    }
    # stream模块监听服务器公网IP443端口，并进行端口复用
    server {
        listen [服务器公网IP]:443 reuseport;
        proxy_pass $stream_map;
        ssl_preread on;
        proxy_protocol on; # 开启Proxy protocol
    }
    server {
        listen 127.0.0.1:7999 proxy_protocol;# 开启Proxy protocol
        proxy_pass xtls; # 以真实的XTLS作为上游，这一层是与XTLS交互的“媒人”
    }
}

# Web服务器的配置
server {
    listen 80;# 我们只对443端口进行SNI分流，80端口依旧做Web服务；SNI分流也只能在443端口上跑TLS流量才能分流
    listen 127.0.0.1:443 ssl http2 proxy_protocol;# 监听本地443端口，要和上面的stream模块配置中的upstream配置对的上，开启Proxy protocol
    ......
    if ($ssl_protocol = "") {
        return 301 https://$host$request_uri;
    }
    index index.html index.htm index.php;
    try_files $uri $uri/ /index.php?$args;

    set_real_ip_from 127.0.0.1;# 从Proxy protocol获取真实IP
    real_ip_header proxy_protocol;
    ......
}

[ExtremeDot]

nginx: [emerg] "user" directive is not allowed here in /etc/nginx/conf.d/xray.conf

xray.conf

user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

[ExtremeDot]

i just copy https://github.com/chika0801/Xray-examples/blob/main/VLESS-XTLS-uTLS-REALITY/steal_yourself/nginx.conf file into

/etc/nginx/conf.d/xray.conf

then restart the nginx service.

could you please give me a example of working nginx.conf file? thanks.

[qist]

配置文件

/etc/nginx/nginx.conf

user nginx;
worker_processes auto;
worker_priority 1;
worker_shutdown_timeout 10s;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
    multi_accept on;
    use epoll;
}

http {
    log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"';
    access_log /var/log/nginx/access.log main;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ""      close;
    }

    map $proxy_protocol_addr $proxy_forwarded_elem {
        ~^[0-9.]+$        "for=$proxy_protocol_addr";
        ~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\"";
        default           "for=unknown";
    }

    map $http_forwarded $proxy_add_forwarded {
        "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
        default "$proxy_forwarded_elem";
    }

    include /etc/nginx/conf.d/*.conf;
}

/etc/nginx/conf.d/xray.conf

       server {
        listen 80;
        return 301 https://$host$request_uri;
    }

    server {
        listen              127.0.0.1:8003 ssl http2 proxy_protocol;
        set_real_ip_from    127.0.0.1;

        ssl_certificate     /etc/ssl/private/fullchain.cer;
        ssl_certificate_key /etc/ssl/private/private.key;

        ssl_protocols       TLSv1.2 TLSv1.3;
        ssl_ciphers         TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;

        ssl_session_timeout 1d;
        ssl_session_cache   shared:SSL:10m;
        ssl_session_tickets off;

        ssl_stapling        on;
        ssl_stapling_verify on;
        resolver            1.1.1.1 valid=60s;
        resolver_timeout    2s;

        location / {
            #sub_filter                         $proxy_host $http_host;
            sub_filter                         $proxy_host $host;
            sub_filter_once                    off;

            proxy_pass                         https://www.lovelive-anime.jp;
            proxy_set_header Host              $proxy_host;

            proxy_http_version                 1.1;
            proxy_cache_bypass                 $http_upgrade;

            proxy_ssl_server_name              on;

            proxy_set_header Upgrade           $http_upgrade;
            proxy_set_header Connection        $connection_upgrade;
            proxy_set_header X-Real-IP         $proxy_protocol_addr;
            proxy_set_header Forwarded         $proxy_add_forwarded;
            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host  $host;
            proxy_set_header X-Forwarded-Port  $server_port;

            proxy_connect_timeout              60s;
            proxy_send_timeout                 60s;
            proxy_read_timeout                 60s;

            resolver 1.1.1.1;
        }
    }

    server {
        listen              unix:/dev/shm/nginx.sock ssl http2 proxy_protocol;
        set_real_ip_from    unix:;

        ssl_certificate     /etc/ssl/private/fullchain.cer;
        ssl_certificate_key /etc/ssl/private/private.key;

        ssl_protocols       TLSv1.2 TLSv1.3;
        ssl_ciphers         TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;

        ssl_session_timeout 1d;
        ssl_session_cache   shared:SSL:10m;
        ssl_session_tickets off;

        ssl_stapling        on;
        ssl_stapling_verify on;
        resolver            1.1.1.1 valid=60s;
        resolver_timeout    2s;

        location / {
            #sub_filter                         $proxy_host $http_host;
            sub_filter                         $proxy_host $host;
            sub_filter_once                    off;

            proxy_pass                         https://www.lovelive-anime.jp;
            proxy_set_header Host              $proxy_host;

            proxy_http_version                 1.1;
            proxy_cache_bypass                 $http_upgrade;

            proxy_ssl_server_name              on;

            proxy_set_header Upgrade           $http_upgrade;
            proxy_set_header Connection        $connection_upgrade;
            proxy_set_header X-Real-IP         $proxy_protocol_addr;
            proxy_set_header Forwarded         $proxy_add_forwarded;
            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host  $host;
            proxy_set_header X-Forwarded-Port  $server_port;

            proxy_connect_timeout              60s;
            proxy_send_timeout                 60s;
            proxy_read_timeout                 60s;

            resolver 1.1.1.1;
        }
    }