王小美
Follow

完美的 Trojan 和 Nginx 443 端口共存方案 :02banger:

stream {
    map $ssl_preread_server_name $backend_name {
        trojan.example.com before_trojan;
        default web;
    }

    upstream before_trojan {
        server 127.0.0.1:7999;
    }

    upstream web {
        server 127.0.0.1:443;
    }

    upstream trojan {
        server 127.0.0.1:1501;
    }

    server {
        listen [public.ip]:443 reuseport;
        proxy_pass $backend_name;
        ssl_preread on;
        proxy_protocol on;
    }

    server {
        listen 127.0.0.1:7999 proxy_protocol;
        proxy_pass trojan;
    }
}

http {
    # ...

    server {
        listen 127.0.0.1:443 ssl http2 proxy_protocol; 

        set_real_ip_from 127.0.0.1;
        real_ip_header proxy_protocol;
        real_ip_recursive on;

        # ...
    }
}
· · Web · 1 · 0 · 4
王小美

With Amazon EC2 and elastic IPs, the server doesn’t actually know its IP as with most any other server.

With Amazon EC2 and elastic IPs, the server doesn’t actually know its IP as with most any other server.

So you need to tell your linux to allow processes to bind to the non-local address. Just add the following line into /etc/sysctl.conf file:

# allow processes to bind to the non-local address
# (necessary for apache/nginx in Amazon EC2)
net.ipv4.ip_nonlocal_bind = 1

and then reload your sysctl.conf by:

$ sysctl -p /etc/sysctl.conf

which will be fine on reboots.

stackoverflow.com/a/13141104/8

0
Sign in to participate in the conversation
小森林

每个人都有属于自己的一片森林,也许我们从来不曾走过,但它一直在那里,总会在那里。迷失的人迷失了,相逢的人会再相逢。愿这里,成为属于你的小森林。

Trending now

Resources

Developers

What is Mastodon?

hello.2heng.xin

More…

v3.5.3 · Privacy policy