本文最后更新于 650 天前,其中的信息可能已经有所发展或是发生改变。
# cat /etc/nginx/conf.d/default.conf
server {
listen 80;
listen 443 ssl;
server_name example.com; # example.com改成你的伪装域名
#access_log /var/log/nginx/host.access.log main; # Nginx日志,按需求开启
# SSL设置
ssl_certificate /usr/share/nginx/cert/1_example.com_bundle.crt; # SSL证书文件
ssl_certificate_key /usr/share/nginx/cert/2_example.com.key; # SSL证书密钥
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# 伪装站点
location / {
proxy_ssl_server_name on;
proxy_pass https://proxy.example.com/; # 反代的网址
proxy_set_header Accept-Encoding '';
sub_filter "proxy.example.com" "example.com"; # 替换proxy.example.com为exapmle.com
sub_filter_once off;
# 向后端传递访客真实IP
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# V2Ray反代
location /v2ray {
proxy_redirect off;
proxy_intercept_errors on;
error_page 400 = https://example.com/;
proxy_pass http://127.0.0.1:5055; #假设WebSocket监听端口为5055
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
# 向后端传递访客真实IP
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
