面板正常采用单端口模式
后端需要安装nginx

修改后端配置文件:

vi /root/shadowsocks/user-config.json

找到redirect字段,修改为:

"redirect": "*:443#127.0.0.1:12345",

目的是监听443端口,转发到本地的12345端口

亦可以监听多个端口:

"redirect" : ["*:80#127.0.0.1:1080", "*:443#127.0.0.1:1443"],

修改Nginx的配置文件:

vi /etc/nginx/nginx.conf

找到server段,修改 listen 443 ssl; 为:

listen 127.0.0.1:12345 ssl;

目的是监听本地的12345端口,并开启ssl
相应的,下面的代码中的443端口也要改为12345:

if ($server_port !~ 443){
        rewrite ^/.*$ https://$host$uri;
    }

当外部访问443端口时,SSR程序会判断是不是访问的网站;如果是,会自动转发到redirect设置的端口,这样网站也能正常打开,SSR客户端也能正常连接,并且原80端口转发443不受影响。

nginx完整代码:

server
{
    listen 80;
    listen 127.0.0.1:12345 ssl;
    server_name abc.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/abc.com/public;
    #error_page 404/404.html;
    ssl_certificate    /etc/letsencrypt/live/abc.com/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/abc.com/privkey.pem;
    if ($server_port !~ 12345){
        rewrite ^/.*$ https://$host$uri;
    }
    error_page 497  https://$host$uri;

    error_page 404 /404.html;
    error_page 502 /502.html;
    
    include enable-php-70.conf;
    include /www/server/panel/vhost/rewrite/abc.com.conf;
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        access_log off; 
    }
    location ~ .*\.(js|css)?$
    {
        expires      12h;
        access_log off; 
    }
    location \ {
 try_files $uri $uri/ /index.php$is_args$args;
}
    access_log  /www/wwwlogs/abc.com.log;
}

nginx默认页文件:

/usr/share/nginx/html

添加新评论