AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update xray on vps

Browse Source
This commit is contained in:
Dmitriy Kholkin 2023-10-01 23:44:08 +03:00
parent 099646c511
commit c0f2e70998
3 changed files with 71 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
machines/NixOS-VPS/services/nginx.nix
View File

@ -25,7 +25,7 @@
recommendedOptimisation = true; recommendedOptimisation = true;
# recommendedProxySettings = true; # recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
# recommendedZstdSettings = true; # forcing nginx rebuild recommendedZstdSettings = true;
appendConfig = '' appendConfig = ''
worker_processes auto; worker_processes auto;
''; '';
@ -39,10 +39,50 @@
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
default "$proxy_forwarded_elem"; default "$proxy_forwarded_elem";
} }
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
''; '';
eventsConfig = '' eventsConfig = ''
worker_connections 1024; worker_connections 1024;
''; '';
streamConfig = ''
map $ssl_preread_server_name $name {
auth.ataraxiadev.com auth_backend;
wg.ataraxiadev.com wg_backend;
anime.ataraxiadev.com anime_backend;
default default_backend;
}
upstream auth_backend {
server 127.0.0.1:8010;
}
upstream wg_backend {
server 127.0.0.1:8011;
}
upstream anime_backend {
server 127.0.0.1:8001;
}
upstream default_backend {
server 127.0.0.1:8020;
}
server {
listen 443 reuseport;
listen [::]:443 reuseport;
proxy_pass $name;
ssl_preread on;
proxy_protocol on;
}
'';
virtualHosts."reject" = {
listen = [{
addr = "127.0.0.1";
port = 8020;
ssl = true;
extraParameters = [ "proxy_protocol" ];
}];
rejectSSL = true;
};
}; };
} }

42
machines/NixOS-VPS/services/xtls.nix
View File

@ -1,59 +1,43 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
services.nginx.virtualHosts = { services.nginx.virtualHosts."anime.ataraxiadev.com" = {
"anime.ataraxiadev.com" = { onlySSL = true;
forceSSL = true;
enableACME = false; enableACME = false;
useACMEHost = "wg.ataraxiadev.com"; useACMEHost = "wg.ataraxiadev.com";
locations."/" = {
proxyWebsockets = true;
extraConfig = ''
proxy_pass http://127.0.0.1:5443;
'';
};
};
"xtls:8001" = {
enableACME = false;
forceSSL = false;
listen = [{ listen = [{
addr = "127.0.0.1";
port = 8001;
ssl = false;
extraParameters = [ "proxy_protocol" ];
} {
addr = "127.0.0.1"; addr = "127.0.0.1";
port = 8002; port = 8002;
ssl = false; ssl = true;
extraParameters = [ "http2" "proxy_protocol" ]; extraParameters = [ "proxy_protocol" ];
}]; }];
serverAliases = [ "anime.ataraxiadev.com" ]; extraConfig = ''
extraConfig = "set_real_ip_from 127.0.0.1;"; set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
ssl_early_data on;
resolver 127.0.0.1 valid=60s;
resolver_timeout 2s;
'';
locations."/" = { locations."/" = {
proxyPass = "https://monster-siren.hypergryph.com";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
sub_filter $proxy_host $host; sub_filter $proxy_host $host;
sub_filter_once off; sub_filter_once off;
proxy_pass https://www.crunchyroll.com;
proxy_set_header Host $proxy_host; proxy_set_header Host $proxy_host;
proxy_cache_bypass $http_upgrade; proxy_cache_bypass $http_upgrade;
proxy_ssl_server_name on; proxy_ssl_server_name on;
proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header Forwarded $proxy_add_forwarded; proxy_set_header Forwarded $proxy_add_forwarded;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 60s; proxy_connect_timeout 60s;
proxy_send_timeout 60s; proxy_send_timeout 60s;
proxy_read_timeout 60s; proxy_read_timeout 60s;
resolver 9.9.9.9; proxy_set_header Early-Data $ssl_early_data;
''; '';
}; };
}; };
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /srv/xray 0755 root root -" "d /srv/xray 0755 root root -"

1
profiles/overlay.nix
View File

@ -32,6 +32,7 @@ with lib; {
ripgrep-all = stable.ripgrep-all; ripgrep-all = stable.ripgrep-all;
spotify = master.spotify; spotify = master.spotify;
wine = prev.wineWowPackages.staging; wine = prev.wineWowPackages.staging;
xray = master.xray;
youtube-to-mpv = prev.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; }; youtube-to-mpv = prev.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; };
yt-dlp = master.yt-dlp; yt-dlp = master.yt-dlp;
steam = master.steam.override { steam = master.steam.override {