API tools faq
paste
Advertisement
Guest User

freedom-mix

a guest
Apr 9th, 2022
95
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.05 KB | None | 0 0
raw download clone embed print report
  1. HAPROXY.CFG
  2.  
  3. global
  4. log /dev/log local0
  5. log /dev/log local1 info
  6. #chroot /var/lib/haproxy
  7. stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
  8. stats timeout 30s
  9. #user haproxy
  10. #group haproxy
  11. daemon
  12.  
  13. # Default SSL material locations
  14. ca-base /etc/ssl/certs
  15. crt-base /etc/ssl/private
  16.  
  17. # intermediate configuration
  18. ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
  19. ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
  20. ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
  21.  
  22. ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
  23. ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
  24. ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
  25.  
  26. ssl-dh-param-file /etc/ssl/certs/dhparam.pem
  27.  
  28. defaults
  29. log global
  30. mode http
  31. option tcplog
  32. option dontlognull
  33. timeout connect 5000
  34. timeout client 50000
  35. timeout server 50000
  36. errorfile 400 /etc/haproxy/errors/400.http
  37. errorfile 403 /etc/haproxy/errors/403.http
  38. errorfile 408 /etc/haproxy/errors/408.http
  39. errorfile 500 /etc/haproxy/errors/500.http
  40. errorfile 502 /etc/haproxy/errors/502.http
  41. errorfile 503 /etc/haproxy/errors/503.http
  42. errorfile 504 /etc/haproxy/errors/504.http
  43.  
  44. # Naive auth
  45. userlist users
  46. user username insecure-password password
  47.  
  48. frontend ssl_passthrough
  49. mode tcp
  50. bind *:443
  51. tcp-request inspect-delay 5s
  52. tcp-request content accept if { req_ssl_hello_type 1 }
  53. use_backend tcp_loopback if { req_ssl_sni -i your.domain.com }
  54. default_backend nginx_tcp
  55.  
  56. backend tcp_loopback
  57. mode tcp
  58. server loopback-for-tcp abns@haproxy-tcp send-proxy-v2
  59.  
  60. # Nginx
  61. backend nginx_tcp
  62. mode tcp
  63. server nginx 127.0.0.1:8082 send-proxy-v2
  64.  
  65. frontend tls
  66. mode tcp
  67. bind abns@haproxy-tcp accept-proxy ssl crt /etc/haproxy/certs/fullchain.pem alpn h2,http/1.1
  68.  
  69. tcp-request inspect-delay 5s
  70. tcp-request content accept if HTTP
  71.  
  72. # V2ray checks
  73. acl v2ray_host hdr(host) -i your.domain.com
  74. acl hdr_connection_upgrade hdr(Connection) -i upgrade
  75. acl hdr_upgrade_websocket hdr(Upgrade) -i websocket
  76. acl websocket_path path -i /ray
  77. use_backend v2ray_vless-ws if v2ray_host websocket_path hdr_connection_upgrade hdr_upgrade_websocket
  78.  
  79. # HTTP Web
  80. use_backend redir_https if HTTP
  81.  
  82. # V2ray
  83. default_backend v2ray_trojan-tcp
  84.  
  85. # V2ray backend
  86. backend v2ray_vless-tcp
  87. mode tcp
  88. server v2ray 127.0.0.1:56667 send-proxy
  89.  
  90. backend v2ray_vless-ws
  91. mode tcp
  92. server v2ray 127.0.0.1:56666 send-proxy
  93.  
  94. backend v2ray_trojan-tcp
  95. mode tcp
  96. server v2ray 127.0.0.1:56665 send-proxy
  97.  
  98. # TCP-HTTP bridge
  99. backend redir_https
  100. mode tcp
  101. server loopback-for-https abns@haproxy-https send-proxy-v2
  102.  
  103. # Naive checks
  104. frontend fe-https
  105. mode http
  106. option httplog
  107. bind abns@haproxy-https accept-proxy
  108. option http-use-proxy-header
  109. acl login base_dom login-somekey.domain.com
  110. acl auth_ok http_auth(users)
  111. http-request auth if login !auth_ok
  112. http-request redirect location https://your.domain.com if login auth_ok
  113. use_backend proxy if auth_ok
  114. default_backend nginx-h2
  115.  
  116. # Naive backend
  117. backend proxy
  118. http-request del-header proxy-authorization
  119. server naive 127.0.0.1:8888
  120.  
  121. # Nginx
  122. backend nginx-h2
  123. server nginx 127.0.0.1:8082 send-proxy-v2 ssl verify none alpn h2
  124.  
  125.  
  126.  
  127.  
  128.  
  129. XRAY.JSON
  130.  
  131. {
  132. "log": {
  133. "loglevel": "warning",
  134. "access": "/var/log/xray/ws-access.log",
  135. "error": "/var/log/xray/ws-error.log"
  136. },
  137. "routing": {
  138. "domainStrategy": "AsIs",
  139. "rules": [
  140. {
  141. "type": "field",
  142. "ip": [
  143. "geoip:private"
  144. ],
  145. "outboundTag": "block"
  146. }
  147. ]
  148. },
  149. "inbounds": [
  150. {
  151. "port": 56667,
  152. "listen": "127.0.0.1",
  153. "protocol": "vless",
  154. "settings": {
  155. "clients": [{
  156. "id": "uuid"
  157. }],
  158. "decryption": "none",
  159. "fallbacks": [{
  160. "alpn": "",
  161. "dest": 8081,
  162. "xver": 1
  163. },
  164. {
  165. "alpn": "h2",
  166. "dest": 8082,
  167. "xver": 1
  168. }
  169. ]
  170. },
  171. "streamSettings": {
  172. "tlsSettings": {
  173. "alpn": [
  174. "h2",
  175. "http/1.1"
  176. ]
  177. },
  178. "tcpSettings": {
  179. "acceptProxyProtocol": true
  180. }
  181. }
  182. },
  183. {
  184. "port": 56666,
  185. "listen": "127.0.0.1",
  186. "protocol": "vless",
  187. "settings": {
  188. "clients": [
  189. {
  190. "id": "uuid",
  191. "level": 1,
  192. "alterId": 100
  193. }
  194. ],
  195. "decryption": "none"
  196. },
  197. "streamSettings": {
  198. "network": "ws",
  199. "wsSettings": {
  200. "acceptProxyProtocol": true,
  201. "path": "/ray",
  202. "host": ["your.domain.com"]
  203. }
  204. }
  205. },
  206. {
  207. "port": "56665",
  208. "listen": "127.0.0.1",
  209. "protocol": "trojan",
  210. "settings": {
  211. "clients": [{
  212. "password": "changeme"
  213. }],
  214. "fallbacks": [{
  215. "alpn": "",
  216. "dest": 56667,
  217. "xver": 1
  218. }]
  219. },
  220. "streamSettings": {
  221. "network": "tcp",
  222. "security": "none",
  223. "tcpSettings": {
  224. "acceptProxyProtocol": true
  225. }
  226. }
  227. }
  228. ],
  229. "outbounds": [
  230. {
  231. "protocol": "freedom",
  232. "tag": "direct"
  233. },
  234. {
  235. "protocol": "blackhole",
  236. "tag": "blocked"
  237. }
  238. ]
  239. }
  240.  
  241.  
  242.  
  243.  
  244. NGINX.CONF
  245.  
  246. listen 127.0.0.1:8081 ssl proxy_protocol;
  247. listen 127.0.0.1:8082 ssl http2 proxy_protocol;
  248. set_real_ip_from 127.0.0.1;
  249. real_ip_header X-Forwarded-For;
  250. real_ip_recursive on;
  251. real_ip_header proxy_protocol;
  252.  
  253.  
  254.  
  255.  
  256. XRAY-CLIENT-WS.JSON
  257.  
  258. {
  259. "log": {
  260. "loglevel": "debug"
  261. },
  262. "routing": {
  263. "domainStrategy": "AsIs",
  264. "rules": [
  265. {
  266. "type": "field",
  267. "ip": ["geoip:private"],
  268. "outboundTag": "direct"
  269. }
  270. ]
  271. },
  272. "dns": {"servers": ["8.8.8.8"]},
  273. "inbounds": [{
  274. "port": 10800,
  275. "listen": "127.0.0.1",
  276. "tag": "socks-ws-inbound",
  277. "protocol": "socks",
  278. "settings": {
  279. "auth": "noauth",
  280. "udp": true,
  281. "ip": "127.0.0.1"
  282. },
  283. "sniffing": {
  284. "enabled": false,
  285. "destOverride": ["http", "tls"]
  286. }
  287. }],
  288. "outbounds": [{
  289. "protocol": "vless",
  290. "settings": {
  291. "vnext": [{
  292. "address": "your.domain.com",
  293. "port": 443,
  294. "users": [
  295. { "id": "uuid",
  296. "encryption": "none",
  297. "alterId": 100 }
  298. ]
  299. }]
  300. },
  301. "streamSettings": {
  302. "network": "ws",
  303. "security": "tls",
  304. "tlsSettings": {
  305. "serverName": "your.domain.com"
  306. },
  307. "wsSettings": {
  308. "path": "/ray",
  309. "headers": {
  310. "Host": "your.domain.com"
  311. }
  312. }
  313. }
  314. },{
  315. "protocol": "freedom",
  316. "settings": {},
  317. "tag": "direct"
  318. },{
  319. "protocol": "blackhole",
  320. "settings": {},
  321. "tag": "blocked"
  322. }],
  323. "policy": {
  324. "levels": {
  325. "0": {
  326. "uplinkOnly": 0,
  327. "downlinkOnly": 0
  328. }
  329. },
  330. "system": {
  331. "statsInboundUplink": false,
  332. "statsInboundDownlink": false,
  333. "statsOutboundUplink": false,
  334. "statsOutboundDownlink": false
  335. }
  336. },
  337. "other": {}
  338. }
  339.  
  340.  
  341.  
  342.  
  343. XRAY-CLIENT-TCP.JSON
  344.  
  345. {
  346. "log": {
  347. "loglevel": "debug"
  348. },
  349. "routing": {
  350. "domainStrategy": "AsIs",
  351. "rules": [
  352. {
  353. "type": "field",
  354. "ip": ["geoip:private"],
  355. "outboundTag": "direct"
  356. }
  357. ]
  358. },
  359. "dns": {"servers": ["8.8.8.8"]},
  360. "inbounds": [{
  361. "port": 10800,
  362. "listen": "127.0.0.1",
  363. "tag": "socks-ws-inbound",
  364. "protocol": "socks",
  365. "settings": {
  366. "auth": "noauth",
  367. "udp": true,
  368. "ip": "127.0.0.1"
  369. },
  370. "sniffing": {
  371. "enabled": false,
  372. "destOverride": ["http", "tls"]
  373. }
  374. }],
  375. "outbounds": [{
  376. "protocol": "vless",
  377. "settings": {
  378. "vnext": [{
  379. "address": "your.domain.com",
  380. "port": 443,
  381. "users": [
  382. { "id": "uuid",
  383. "encryption": "none",
  384. "alterId": 100 }
  385. ]
  386. }]
  387. },
  388. "streamSettings": {
  389. "network": "tcp",
  390. "security": "tls",
  391. "tlsSettings": {
  392. "serverName": "your.domain.com"
  393. }
  394. }
  395. },{
  396. "protocol": "freedom",
  397. "settings": {},
  398. "tag": "direct"
  399. },{
  400. "protocol": "blackhole",
  401. "settings": {},
  402. "tag": "blocked"
  403. }],
  404. "policy": {
  405. "levels": {
  406. "0": {
  407. "uplinkOnly": 0,
  408. "downlinkOnly": 0
  409. }
  410. },
  411. "system": {
  412. "statsInboundUplink": false,
  413. "statsInboundDownlink": false,
  414. "statsOutboundUplink": false,
  415. "statsOutboundDownlink": false
  416. }
  417. },
  418. "other": {}
  419. }
  420.  
  421.  
  422.  
  423.  
  424. XRAY-CLIENT-TROJAN.JSON
  425.  
  426. {
  427. "log": {
  428. "loglevel": "debug"
  429. },
  430. "dns": {"servers": ["8.8.8.8"]},
  431. "inbounds": [{
  432. "port": 10800,
  433. "listen": "127.0.0.1",
  434. "tag": "socks-ws-inbound",
  435. "protocol": "socks",
  436. "settings": {
  437. "auth": "noauth",
  438. "udp": true,
  439. "ip": "127.0.0.1"
  440. },
  441. "sniffing": {
  442. "enabled": false,
  443. "destOverride": ["http", "tls"]
  444. }
  445. }],
  446. "outbounds": [{
  447. "protocol": "trojan",
  448. "settings": {
  449. "servers": [{
  450. "address": "your.domain.com",
  451. "port": 443,
  452. "password": "changeme"
  453. }
  454. ]
  455. },
  456. "streamSettings": {
  457. "network": "tcp",
  458. "security": "tls"
  459. }
  460. }]
  461. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!