docker-compose文件
version: "3.7"
services:
v2ray:
image: v2fly/v2fly-core
container_name: v2ray
restart: always
volumes:
- /root/v2ray/config.json:/etc/v2ray/config.json
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /root/v2ray/sock:/sock
tls-shunt-proxy:
image: hqhyco/tls-shunt-proxy:latest
container_name: tls-shunt-proxy
restart: always
ports:
- 443:443
- 80:80
volumes:
- /root/tls-shunt-proxy/config.yaml:/etc/tls-shunt-proxy/config.yaml
- /root/tls-shunt-proxy/certificates:/etc/ssl/tls-shunt-proxy/certificates
- /root/tls-shunt-proxy/www:/var/www/html
- /root/v2ray/sock:/sock
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
depends_on:
- v2ray
trojan:
image: p4gefau1t/trojan-go:latest
container_name: trojan
restart: always
# ports:
# - 3567:3567
volumes:
- /root/trojan/config.json:/etc/trojan-go/config.json
流量都从tls分流器进出,所以只开放80和443端口
tls分流器可以解析静态网页和自动获取ssl,这样就可以省略caddy了,配置文件具体看
https://github.com/liberal-boy/tls-shunt-proxy
listen: 0.0.0.0:443
redirecthttps: 0.0.0.0:80
vhosts:
- name: abc.com
tlsoffloading: true
managedcert: true
keytype: p256
alpn: h2,http/1.1
protocols: tls12,tls13
http:
handler: fileServer
args: /var/www/html
default:
handler: proxyPass
args: unix:/sock/v2ray.sock
trojan:
handler: proxyPass
args: trojan:4567
#可以添加多个站点
# - name: abc.com
# tlsoffloading: true
# managedcert: true
# keytype: p256
# alpn: http/1.1
# protocols: tls12,tls13
# default:
# handler: proxyPass
# args: wordpress:80
#反代其他应用alpn不用加h2
trojan使用的是trojan-go,因为trojangfw一定要ssl文件,trojan-go可以不要直接交给分流器处理
trojan的配置文件,”remote_addr”: “1.1.1.1”,已经没作用了,因为分流器会把http流量解析到/var/www/html,不会再叫给trojan处理了,这里随便写
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 4567,
"remote_addr": "1.1.1.1",
"remote_port": 80,
"log_level": 3,
"password": [
"123456"
],
"transport_plugin": {
"enabled": true,
"type": "plaintext"
},
"router": {
"enabled": false
}
}
“transport_plugin”: {
“enabled”: true,
“type”: “plaintext”
},这一段是trojan-go的插件,直接明文处理,因为分流器加了tls
v2ray的vmess配置
{
"inbounds": [
{
"protocol": "vmess",
"listen": "0.0.0.0",
"port": 10000,
"settings": {
"clients": [
{
"id": "cea35d87-696c-4dfc-be60-f1f7772cf80f"
}
]
},
"streamSettings": {
"network": "ds",
"dsSettings": {
"path": "/sock/v2ray.sock"
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
v2ray的vless配置
{
"inbounds": [
{
"protocol": "vless",
"listen": "0.0.0.0",
"port": 10000,
"settings": {
"clients": [
{
"id": "98bc7998-8e06-4193-84e2-38f2e10ee763"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ds",
"dsSettings": {
"path": "/sock/v2ray.sock"
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
采用的是ds,官方说相比 TCP,Domain Socket (以下简称 DS) 更为高效。根据测试反馈,速度超过 50Mbps 时,通常会有较明显的性能差距。
就是以sock这个文件来进行通信
要chmod 666 /root/v2ray/sock/v2ray.sock
原理简要的知道了就可以制作一键脚本了