Requirements
- Domain
- example.com
- nocdn.example.com
- xray.example.com
- Nginx 1.25 With Module
- –with-stream
- –with-stream_ssl_module
- –with-stream_ssl_preread_module
- –with-http_realip_module
- Xray With Reality Support
Nignx Configuration
Setup stream{ } To Separate Data Streams
$ssl_preread_server_name
Separate Data Streams From Different SNIproxy_protocol
Transmit Real IP
stream {
map $ssl_preread_server_name $backend {
xray.example.com xray;
default default_h1_2_ssl;
}
upstream xray {
server unix:/tmp/xray.sock;
}
upstream default_h1_2_ssl {
server unix:/tmp/h1_2_ssl.sock;
}
server {
listen 443 reuseport;
listen [::]:443 reuseport;
proxy_pass $backend;
ssl_preread on;
proxy_protocol on;
}
}
Redirect All HTTP to HTTPS
⚠️ If Try To Issue SSL Certificate May Cause Problem
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
Setup Domain
server{
listen unix:/tmp/h1_2_ssl.sock ssl proxy_protocol;
server_name example.com nocdn.example.com xray.example.com;
http2 on;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
}
Xray Configuration
"serverNames"&"dest"To Fallback To example.comtcp.acceptProxyProtocol = trueIf Useproxy_protocolOn Upstream
"inbounds": [{
"listen": "/tmp/xray.sock,0777",
"protocol": "vless",
"settings": {
"clients": [{
"id": "5588ca48-d557-4090-9858-2b203184dc2b",
"flow": "xtls-rprx-vision"
}],
"streamSettings": {
"network": "tcp",
"tcpSettings": {
"acceptProxyProtocol": true
},
"security": "reality",
"realitySettings": {
"show": false,
"dest": "/tmp/h1_2_ssl.sock",
"xver": 1,
"serverNames": ["xray.example.com"],
"privateKey": "ABsEBcMj78e8cvOX09m8W9p9LjcLwPZa8Y8gFnHnlHY=",
"shortIds": [""]
}
}
}]