关于Reality的回落(dest)的一些理解,不知道对不对 #2327
Unanswered
Benjamin1919
asked this question in
Q&A
Replies: 1 comment 3 replies
-
|
问题1 是的
我觉得nginx那边没什么影响代理和增强安全性要特别注意的参数。 |
Beta Was this translation helpful? Give feedback.
3 replies
-
|
Nginx设置可以从digital ocean那个模板修改而来,一般会带点反爬虫什么的能让Nginx设置看起来更像真实建站设置 |
Beta Was this translation helpful? Give feedback.
-
|
麻烦大佬指一下路,谢谢~ |
Beta Was this translation helpful? Give feedback.
-
|
https://www.digitalocean.com/community/tools/nginx |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
1. 普通vless回落和Reality回落的区别:
在reality出现之前,xray的入站流量由TLSObject完成证书解密,所以vless回落是明文的,同时又因为nginx同一端口不能同时处理http/1.1和h2c,所以fallbacks要设置2个alpn回落到2个不同端口,然后nginx用这2个端口分别监听http/1.1和h2c;
而Reality的回落本质上是TLS转发,以“自己偷自己”为例,RealityObject里dest填一个本地端口,nginx仅通过这一个端口就可以同时处理http/1.1和h2,而且证书解密是由nginx完成的。
2. Reality的dest填本地端口时,怎样写最好?
“自己偷自己”时,dest要填一个本地端口,比如80;根据dest的定义,xray会自动补全为“127.0.0.1:80”,但127.0.0.1只代表本地IPv4地址,假如我用IPv6地址访问我自建的网站,那是不是就没法回落到nginx里了?
可不可以这样写:
"dest": "127.0.0.1:80", "[::1]:80"或者
“dest”: "localhost:80"3. Nginx哪些参数对Reality有影响?
在“自己偷自己”配置下,证书解密由nginx完成,那么在nginx里开启ssl_stapling是不是也会降低reality的握手延迟?
是不是nginx还有其他参数如果设置得当的话,会提升用reality科学上网的体验或者增强安全性?
如果有错误,还请大佬们不吝赐教🤝
Beta Was this translation helpful? Give feedback.
All reactions