loskiq · May 27, 2025 16:00
diff --git a/nginx-virtualserver.conf b/nginx-virtualserver.conf
 server {
    listen      80;
    server_name domain.com;

    location / {
        return 301 https://$server_name$request_uri;
    }

 }

 server {
    listen      443 ssl;
    server_name domain.com;

    ssl_certificate     /etc/letsencrypt/live/domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

    add_header Strict-Transport-Security "max-age=63072000" always;

    root  /var/www/domain.com;
    index index.html;

    location / {
    }

    location ~* \.(gif|jpg|png|ico|css|woff2|js)$ {
        expires 30d;
    }

    location /gIpGOsES2PvEGo1xzZjYO7vSo2Z24bah {
        if ($content_type !~ "application/grpc") {
            return 404;
        }
        grpc_pass               unix:/dev/shm/xray.sock;
        grpc_set_header         X-Forwarded-For $proxy_add_x_forwarded_for;
        grpc_read_timeout       315;
        grpc_send_timeout       5m;
        client_max_body_size    0;
        client_body_timeout     5m;
    }

 }
diff --git a/nginx.conf b/nginx.conf
 user              www-data;
 worker_processes  auto;

 error_log  /var/log/nginx/error.log crit;
 pid        /var/run/nginx.pid;


 events {
    worker_connections  1024;
 }


 http {
    include                   /etc/nginx/mime.types;
    default_type              application/octet-stream;
    access_log                off;
    sendfile                  on;
    server_tokens             off;
    tcp_nopush                on;
    tcp_nodelay               on;
    keepalive_timeout         65;
    client_max_body_size      100M;
    http2                     on;

    ssl_protocols             TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_dhparam               /etc/ssl/private/dhparam.pem;
    ssl_ciphers               ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_session_timeout       10m;
    ssl_session_cache         shared:SSL:10m;
    ssl_session_tickets       off;

    include /etc/nginx/conf.d/*.conf;
 }
diff --git a/xray-client.yaml b/xray-client.yaml
 inbounds:
  - listen: 127.0.0.1
    port: 1082
    protocol: socks
    settings:
      udp: true
 outbounds:
  - protocol: vless
    settings:
      vnext:
        - address: domain.com
          port: 443
          users:
            - id: b831381d-6324-4d53-ad4f-8cda48b30811
              encryption: none
    streamSettings:
      network: xhttp
      security: tls
      xhttpSettings:
        mode: stream-one
        path: /gIpGOsES2PvEGo1xzZjYO7vSo2Z24bah
        xmux:
          maxConcurrency: 128
          hMaxRequestTimes: 1000
          hMaxReusableSecs: 3600
diff --git a/xray-server.yaml b/xray-server.yaml
 inbounds:
  - listen: /dev/shm/xray.sock,0666
    protocol: vless
    settings:
      clients:
        - id: b831381d-6324-4d53-ad4f-8cda48b30811 # loskiq
      decryption: none
    streamSettings:
      network: xhttp
      xhttpSettings:
        mode: stream-one
        path: /gIpGOsES2PvEGo1xzZjYO7vSo2Z24bah
 outbounds:
  - protocol: freedom
	server {
	listen 80;
	server_name domain.com;

	location / {
	return 301 https://$server_name$request_uri;
	}

	}

	server {
	listen 443 ssl;
	server_name domain.com;

	ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

	add_header Strict-Transport-Security "max-age=63072000" always;

	root /var/www/domain.com;
	index index.html;

	location / {
	}

	location ~* \.(gif\|jpg\|png\|ico\|css\|woff2\|js)$ {
	expires 30d;
	}

	location /gIpGOsES2PvEGo1xzZjYO7vSo2Z24bah {
	if ($content_type !~ "application/grpc") {
	return 404;
	}
	grpc_pass unix:/dev/shm/xray.sock;
	grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	grpc_read_timeout 315;
	grpc_send_timeout 5m;
	client_max_body_size 0;
	client_body_timeout 5m;
	}

	}
	user www-data;
	worker_processes auto;

	error_log /var/log/nginx/error.log crit;
	pid /var/run/nginx.pid;


	events {
	worker_connections 1024;
	}


	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;
	access_log off;
	sendfile on;
	server_tokens off;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	client_max_body_size 100M;
	http2 on;

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
	ssl_dhparam /etc/ssl/private/dhparam.pem;
	ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
	ssl_session_timeout 10m;
	ssl_session_cache shared:SSL:10m;
	ssl_session_tickets off;

	include /etc/nginx/conf.d/*.conf;
	}
	inbounds:
	- listen: 127.0.0.1
	port: 1082
	protocol: socks
	settings:
	udp: true
	outbounds:
	- protocol: vless
	settings:
	vnext:
	- address: domain.com
	port: 443
	users:
	- id: b831381d-6324-4d53-ad4f-8cda48b30811
	encryption: none
	streamSettings:
	network: xhttp
	security: tls
	xhttpSettings:
	mode: stream-one
	path: /gIpGOsES2PvEGo1xzZjYO7vSo2Z24bah
	xmux:
	maxConcurrency: 128
	hMaxRequestTimes: 1000
	hMaxReusableSecs: 3600
	inbounds:
	- listen: /dev/shm/xray.sock,0666
	protocol: vless
	settings:
	clients:
	- id: b831381d-6324-4d53-ad4f-8cda48b30811 # loskiq
	decryption: none
	streamSettings:
	network: xhttp
	xhttpSettings:
	mode: stream-one
	path: /gIpGOsES2PvEGo1xzZjYO7vSo2Z24bah
	outbounds:
	- protocol: freedom