{"id":34,"date":"2025-01-27T21:43:56","date_gmt":"2025-01-27T13:43:56","guid":{"rendered":"http:\/\/jp5.ssqwert.eu.org\/?p=34"},"modified":"2025-01-27T21:43:56","modified_gmt":"2025-01-27T13:43:56","slug":"%e6%89%8b%e6%90%93reality-%e5%81%b7%e8%87%aa%e5%b7%b1-%e6%9c%89%e8%af%81%e4%b9%a6-nginx-acme-%e6%9c%80%e5%bc%ba%e6%8a%97%e5%b0%81%e9%94%81%e5%8d%8f%e8%ae%ae%e4%b9%8b%e4%b8%80-%e4%bf%9d%e5%a7%86","status":"publish","type":"post","link":"https:\/\/jp5.ssqwert.eu.org\/index.php\/2025\/01\/27\/%e6%89%8b%e6%90%93reality-%e5%81%b7%e8%87%aa%e5%b7%b1-%e6%9c%89%e8%af%81%e4%b9%a6-nginx-acme-%e6%9c%80%e5%bc%ba%e6%8a%97%e5%b0%81%e9%94%81%e5%8d%8f%e8%ae%ae%e4%b9%8b%e4%b8%80-%e4%bf%9d%e5%a7%86\/","title":{"rendered":"\u624b\u6413Reality | \u5077\u81ea\u5df1 \u6709\u8bc1\u4e66 Nginx Acme \u6700\u5f3a\u6297\u5c01\u9501\u534f\u8bae\u4e4b\u4e00 \u4fdd\u59c6\u7ea7\u6559\u7a0b"},"content":{"rendered":"\n

#VPS\u8d2d\u4e70\u8fde\u63a5
VKVM\u5b98\u7f51<\/a><\/p>\n\n\n\n

#\u5b89\u88c5sudo
apt install sudo<\/p>\n\n\n\n

#Nginx\u5b89\u88c5
sudo apt update && sudo apt upgrade -y && apt-get install -y gcc g++ libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev wget sudo make curl socat cron && wget https:\/\/nginx.org\/download\/nginx-1.27.1.tar.gz && tar -xvf nginx-1.27.1.tar.gz && cd nginx-1.27.1 && .\/configure \u2013prefix=\/usr\/local\/nginx \u2013sbin-path=\/usr\/sbin\/nginx \u2013conf-path=\/etc\/nginx\/nginx.conf \u2013with-http_stub_status_module \u2013with-http_ssl_module \u2013with-http_realip_module \u2013with-http_sub_module \u2013with-stream \u2013with-stream_ssl_module \u2013with-stream_ssl_preread_module \u2013with-http_v2_module && make && make install && cd<\/p>\n\n\n\n

#service\u8def\u5f84
\/lib\/systemd\/system<\/p>\n\n\n\n

#\u91cd\u542fnginx
systemctl daemon-reload && systemctl enable nginx.service<\/p>\n\n\n\n

#nginx\u914d\u7f6e\u8def\u5f84
\/etc\/nginx\/<\/p>\n\n\n\n

#\u5b89\u88c5acme\uff1a
curl https:\/\/get.acme.sh | sh<\/p>\n\n\n\n

#\u6dfb\u52a0\u8f6f\u94fe\u63a5\uff1a
ln -s \/root\/.acme.sh\/acme.sh \/usr\/local\/bin\/acme.sh<\/p>\n\n\n\n

#\u5207\u6362CA\u673a\u6784\uff1a
acme.sh \u2013set-default-ca \u2013server letsencrypt<\/p>\n\n\n\n

#cloudflare API
export CF_Key=\u4f60\u7684API Token
export CF_Email=\u4f60\u7684Cloudflare\u6ce8\u518c\u90ae\u7bb1<\/p>\n\n\n\n

#\u7533\u8bf7\u8bc1\u4e66\uff1a
acme.sh \u2013issue \u2013dns dns_cf -d \u4f60\u7684\u57df\u540d<\/p>\n\n\n\n

#\u5b89\u88c5\u8bc1\u4e66
acme.sh \u2013install-cert -d \u4f60\u7684\u57df\u540d \u2013ecc \\
\u2013key-file \/etc\/ssl\/private\/private.key \\
\u2013fullchain-file \/etc\/ssl\/private\/fullchain.cer \\
\u2013reloadcmd \u201csystemctl force-reload nginx\u201d<\/p>\n\n\n\n

#Xray\u5b89\u88c5
bash -c \u201c$(curl -L https:\/\/github.com\/XTLS\/Xray-install\/raw\/main\/install-release.sh)\u201d @ install -u root<\/p>\n\n\n\n

#Xray \u914d\u7f6e\u8def\u5f84
\/usr\/local\/etc\/xray<\/p>\n\n\n\n

\u7ae0\u8282\uff1a
00:00 \u524d\u8a00
00:59 Reality\u539f\u7406
04:27 VPS\u63a8\u8350
06:31 \u89e3\u6790\u57df\u540d
06:51 \u5b89\u88c5nginx
08:12 \u7533\u8bf7\u8bc1\u4e66
09:47 \u5b89\u88c5\u548c\u914d\u7f6exray\u914d\u7f6e
12:48 \u914d\u7f6ev2rayN
14:25 \u4f2a\u88c5\u7f51\u7ad9<\/p>\n\n\n\n

#nginx.service\u914d\u7f6e\u6587\u4ef6<\/p>\n\n\n\n

[Unit]<\/p>\n\n\n\n

Description=A high performance web server and a reverse proxy server<\/p>\n\n\n\n

Documentation=man:nginx(8)<\/p>\n\n\n\n

After=network.target nss-lookup.target<\/p>\n\n\n\n

[Service]<\/p>\n\n\n\n

Type=forking<\/p>\n\n\n\n

PIDFile=\/usr\/local\/nginx\/logs\/nginx.pid<\/p>\n\n\n\n

ExecStartPre=\/usr\/sbin\/nginx -t -q -g ‘daemon on; master_process on;’<\/p>\n\n\n\n

ExecStart=\/usr\/sbin\/nginx -g ‘daemon on; master_process on;’<\/p>\n\n\n\n

ExecReload=\/usr\/sbin\/nginx -g ‘daemon on; master_process on;’ -s reload<\/p>\n\n\n\n

ExecStop=-\/sbin\/start-stop-daemon –quiet –stop –retry QUIT\/5 –pidfile \/run\/nginx.pid<\/p>\n\n\n\n

TimeoutStopSec=5<\/p>\n\n\n\n

KillMode=mixed<\/p>\n\n\n\n

[Install]<\/p>\n\n\n\n

WantedBy=multi-user.target<\/p>\n\n\n\n

#nginx\u914d\u7f6e\u6587\u4ef6<\/p>\n\n\n\n

user root;<\/p>\n\n\n\n

worker_processes auto;<\/p>\n\n\n\n

error_log \/usr\/local\/nginx\/logs\/error.log notice;<\/p>\n\n\n\n

pid \/usr\/local\/nginx\/logs\/nginx.pid;<\/p>\n\n\n\n

events {<\/p>\n\n\n\n

worker_connections 1024;<\/p>\n\n\n\n

}<\/p>\n\n\n\n

http {<\/p>\n\n\n\n

log_format main ‘[$time_local] $proxy_protocol_addr “$http_referer” “$http_user_agent”‘;<\/p>\n\n\n\n

access_log \/usr\/local\/nginx\/logs\/access.log main;<\/p>\n\n\n\n

map $http_upgrade $connection_upgrade {<\/p>\n\n\n\n

default upgrade;<\/p>\n\n\n\n

“” close;<\/p>\n\n\n\n

}<\/p>\n\n\n\n

map $proxy_protocol_addr $proxy_forwarded_elem {<\/p>\n\n\n\n

~^[0-9.]+$ “for=$proxy_protocol_addr”;<\/p>\n\n\n\n

~^[0-9A-Fa-f:.]+$ “for=\\”[$proxy_protocol_addr]\\””;<\/p>\n\n\n\n

default “for=unknown”;<\/p>\n\n\n\n

}<\/p>\n\n\n\n

map $http_forwarded $proxy_add_forwarded {<\/p>\n\n\n\n

“~^(,[ \\\\t]*)*([!#$%&’*+.^_`|~0-9A-Za-z-]+=([!#$%&’*+.^_`|~0-9A-Za-z-]+|\\”([\\\\t \\\\x21\\\\x23-\\\\x5B\\\\x5D-\\\\x7E\\\\x80-\\\\xFF]|\\\\\\\\[\\\\t \\\\x21-\\\\x7E\\\\x80-\\\\xFF])*\\”))?(;([!#$%&’*+.^_`|~0-9A-Za-z-]+=([!#$%&’*+.^_`|~0-9A-Za-z-]+|\\”([\\\\t \\\\x21\\\\x23-\\\\x5B\\\\x5D-\\\\x7E\\\\x80-\\\\xFF]|\\\\\\\\[\\\\t \\\\x21-\\\\x7E\\\\x80-\\\\xFF])*\\”))?)*([ \\\\t]*,([ \\\\t]*([!#$%&’*+.^_`|~0-9A-Za-z-]+=([!#$%&’*+.^_`|~0-9A-Za-z-]+|\\”([\\\\t \\\\x21\\\\x23-\\\\x5B\\\\x5D-\\\\x7E\\\\x80-\\\\xFF]|\\\\\\\\[\\\\t \\\\x21-\\\\x7E\\\\x80-\\\\xFF])*\\”))?(;([!#$%&’*+.^_`|~0-9A-Za-z-]+=([!#$%&’*+.^_`|~0-9A-Za-z-]+|\\”([\\\\t \\\\x21\\\\x23-\\\\x5B\\\\x5D-\\\\x7E\\\\x80-\\\\xFF]|\\\\\\\\[\\\\t \\\\x21-\\\\x7E\\\\x80-\\\\xFF])*\\”))?)*)?)*$” “$http_forwarded, $proxy_forwarded_elem”;<\/p>\n\n\n\n

default “$proxy_forwarded_elem”;<\/p>\n\n\n\n

}<\/p>\n\n\n\n

server {<\/p>\n\n\n\n

listen 80;<\/p>\n\n\n\n

listen [::]:80;<\/p>\n\n\n\n

return<\/strong> 301 https:\/\/$host$request_uri;<\/p>\n\n\n\n

}<\/p>\n\n\n\n

server {<\/p>\n\n\n\n

listen 127.0.0.1:8003 ssl default_server;<\/p>\n\n\n\n

ssl_reject_handshake on;<\/p>\n\n\n\n

ssl_protocols TLSv1.2 TLSv1.3;<\/p>\n\n\n\n

ssl_session_timeout 1h;<\/p>\n\n\n\n

ssl_session_cache shared:SSL:10m;<\/p>\n\n\n\n

ssl_early_data on;<\/p>\n\n\n\n

}<\/p>\n\n\n\n

server {<\/p>\n\n\n\n

listen 127.0.0.1:8003 ssl proxy_protocol;<\/p>\n\n\n\n

set_real_ip_from 127.0.0.1;<\/p>\n\n\n\n

real_ip_header proxy_protocol;<\/p>\n\n\n\n

server_name xx.com; # \u586b\u7531 Nginx \u52a0\u8f7d\u7684 SSL \u8bc1\u4e66\u4e2d\u5305\u542b\u7684\u57df\u540d\uff0c\u5efa\u8bae\u5c06\u57df\u540d\u6307\u5411\u670d\u52a1\u7aef\u7684 IP<\/p>\n\n\n\n

ssl_certificate \/etc\/ssl\/private\/fullchain.cer;<\/p>\n\n\n\n

ssl_certificate_key \/etc\/ssl\/private\/private.key;<\/p>\n\n\n\n

ssl_protocols TLSv1.2 TLSv1.3;<\/p>\n\n\n\n

ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;<\/p>\n\n\n\n

ssl_session_tickets on;<\/p>\n\n\n\n

ssl_stapling on;<\/p>\n\n\n\n

ssl_stapling_verify on;<\/p>\n\n\n\n

resolver 1.1.1.1 valid=60s;<\/p>\n\n\n\n

resolver_timeout 2s;<\/p>\n\n\n\n

location \/ {<\/p>\n\n\n\n

sub_filter $proxy_host $host;<\/p>\n\n\n\n

sub_filter_once off;<\/p>\n\n\n\n

set $website www.lovelive-anime.jp;<\/p>\n\n\n\n

proxy_pass https:\/\/$website;<\/p>\n\n\n\n

resolver 1.1.1.1;<\/p>\n\n\n\n

proxy_set_header Host $proxy_host;<\/p>\n\n\n\n

proxy_http_version 1.1;<\/p>\n\n\n\n

proxy_cache_bypass $http_upgrade;<\/p>\n\n\n\n

proxy_ssl_server_name on;<\/p>\n\n\n\n

proxy_set_header Upgrade $http_upgrade;<\/p>\n\n\n\n

proxy_set_header Connection $connection_upgrade;<\/p>\n\n\n\n

proxy_set_header X-Real-IP $proxy_protocol_addr;<\/p>\n\n\n\n

proxy_set_header Forwarded $proxy_add_forwarded;<\/p>\n\n\n\n

proxy_set_header X-Forwarded-For<\/strong> $proxy_add_x_forwarded_for;<\/p>\n\n\n\n

proxy_set_header X-Forwarded-Proto $scheme;<\/p>\n\n\n\n

proxy_set_header X-Forwarded-Host $host;<\/p>\n\n\n\n

proxy_set_header X-Forwarded-Port $server_port;<\/p>\n\n\n\n

proxy_connect_timeout 60s;<\/p>\n\n\n\n

proxy_send_timeout 60s;<\/p>\n\n\n\n

proxy_read_timeout 60s;<\/p>\n\n\n\n

proxy_set_header Early-Data $ssl_early_data;<\/p>\n\n\n\n

}<\/p>\n\n\n\n

}<\/p>\n\n\n\n

}<\/p>\n\n\n\n

#xray\u914d\u7f6e\u6587\u4ef6<\/p>\n\n\n\n

{<\/p>\n\n\n\n

“log”: {<\/p>\n\n\n\n

“loglevel”: “warning”<\/p>\n\n\n\n

},<\/p>\n\n\n\n

“routing”: {<\/p>\n\n\n\n

“domainStrategy”: “IPIfNonMatch”,<\/p>\n\n\n\n

“rules”: [<\/p>\n\n\n\n

{<\/p>\n\n\n\n

“type”: “field”,<\/p>\n\n\n\n

“port”: “443”,<\/p>\n\n\n\n

“network”: “udp”,<\/p>\n\n\n\n

“outboundTag”: “block”<\/p>\n\n\n\n

},<\/p>\n\n\n\n

{<\/p>\n\n\n\n

“type”: “field”,<\/p>\n\n\n\n

“ip”: [<\/p>\n\n\n\n

“geoip:cn”,<\/p>\n\n\n\n

“geoip:private”<\/p>\n\n\n\n

],<\/p>\n\n\n\n

“outboundTag”: “block”<\/p>\n\n\n\n

}<\/p>\n\n\n\n

]<\/p>\n\n\n\n

},<\/p>\n\n\n\n

“inbounds”: [<\/p>\n\n\n\n

{<\/p>\n\n\n\n

“listen”: “0.0.0.0”,<\/p>\n\n\n\n

“port”: 443,<\/p>\n\n\n\n

“protocol”: “vless”,<\/p>\n\n\n\n

“settings”: {<\/p>\n\n\n\n

“clients”: [<\/p>\n\n\n\n

{<\/p>\n\n\n\n

“id”: “”, \/\/ run `xray uuid` to generate<\/p>\n\n\n\n

“flow”: “xtls-rprx-vision”<\/p>\n\n\n\n

}<\/p>\n\n\n\n

],<\/p>\n\n\n\n

“decryption”: “none”<\/p>\n\n\n\n

},<\/p>\n\n\n\n

“streamSettings”: {<\/p>\n\n\n\n

“network”: “tcp”,<\/p>\n\n\n\n

“security”: “reality”,<\/p>\n\n\n\n

“realitySettings”: {<\/p>\n\n\n\n

“show”: false<\/strong>,<\/p>\n\n\n\n

“dest”: “8003”,<\/p>\n\n\n\n

“xver”: 1,<\/p>\n\n\n\n

“serverNames”: [<\/p>\n\n\n\n

“” \/\/ server name<\/p>\n\n\n\n

],<\/p>\n\n\n\n

“privateKey”: “”, \/\/ run `xray x25519` to generate<\/p>\n\n\n\n

“shortIds”: [<\/p>\n\n\n\n

“” \/\/ 0 to f, length is a multiple of 2, maximum length is 16<\/p>\n\n\n\n

]<\/p>\n\n\n\n

}<\/p>\n\n\n\n

},<\/p>\n\n\n\n

“sniffing”: {<\/p>\n\n\n\n

“enabled”: true<\/strong>,<\/p>\n\n\n\n

“destOverride”: [<\/p>\n\n\n\n

“http”,<\/p>\n\n\n\n

“tls”,<\/p>\n\n\n\n

“quic”<\/p>\n\n\n\n

]<\/p>\n\n\n\n

}<\/p>\n\n\n\n

}<\/p>\n\n\n\n

],<\/p>\n\n\n\n

“outbounds”: [<\/p>\n\n\n\n

{<\/p>\n\n\n\n

“protocol”: “freedom”,<\/p>\n\n\n\n

“tag”: “direct”<\/p>\n\n\n\n

},<\/p>\n\n\n\n

{<\/p>\n\n\n\n

“protocol”: “blackhole”,<\/p>\n\n\n\n

“tag”: “block”<\/p>\n\n\n\n

}<\/p>\n\n\n\n

],<\/p>\n\n\n\n

“policy”: {<\/p>\n\n\n\n

“levels”: {<\/p>\n\n\n\n

“0”: {<\/p>\n\n\n\n

“handshake”: 2,<\/p>\n\n\n\n

“connIdle”: 120<\/p>\n\n\n\n

}<\/p>\n\n\n\n

}<\/p>\n\n\n\n

}<\/p>\n\n\n\n

}<\/p>\n","protected":false},"excerpt":{"rendered":"

#VPS\u8d2d\u4e70\u8fde\u63a5VKVM\u5b98\u7f51 #\u5b89\u88c5sudoapt install sudo #Nginx\u5b89\u88c5sud […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-34","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/jp5.ssqwert.eu.org\/index.php\/wp-json\/wp\/v2\/posts\/34","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jp5.ssqwert.eu.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jp5.ssqwert.eu.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jp5.ssqwert.eu.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jp5.ssqwert.eu.org\/index.php\/wp-json\/wp\/v2\/comments?post=34"}],"version-history":[{"count":1,"href":"https:\/\/jp5.ssqwert.eu.org\/index.php\/wp-json\/wp\/v2\/posts\/34\/revisions"}],"predecessor-version":[{"id":35,"href":"https:\/\/jp5.ssqwert.eu.org\/index.php\/wp-json\/wp\/v2\/posts\/34\/revisions\/35"}],"wp:attachment":[{"href":"https:\/\/jp5.ssqwert.eu.org\/index.php\/wp-json\/wp\/v2\/media?parent=34"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jp5.ssqwert.eu.org\/index.php\/wp-json\/wp\/v2\/categories?post=34"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jp5.ssqwert.eu.org\/index.php\/wp-json\/wp\/v2\/tags?post=34"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}