feat: add certificate and private-key to vmess listener
This commit is contained in:
gVisor bot
parent
3e5600c0db
commit
7fcd4e1199
4 changed files with 32 additions and 10 deletions
|
|
@ -937,6 +937,9 @@ listeners:
|
||||||
uuid: 9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68
|
uuid: 9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68
|
||||||
alterId: 1
|
alterId: 1
|
||||||
# ws-path: "/" # 如果不为空则开启websocket传输层
|
# ws-path: "/" # 如果不为空则开启websocket传输层
|
||||||
|
# 下面两项如果填写则开启tls(需要同时填写)
|
||||||
|
# certificate: ./server.crt
|
||||||
|
# private-key: ./server.key
|
||||||
|
|
||||||
- name: tuic-in-1
|
- name: tuic-in-1
|
||||||
type: tuic
|
type: tuic
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,8 @@ type VmessServer struct {
|
||||||
Listen string
|
Listen string
|
||||||
Users []VmessUser
|
Users []VmessUser
|
||||||
WsPath string
|
WsPath string
|
||||||
|
Certificate string
|
||||||
|
PrivateKey string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t VmessServer) String() string {
|
func (t VmessServer) String() string {
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,8 @@ type VmessOption struct {
|
||||||
BaseOption
|
BaseOption
|
||||||
Users []VmessUser `inbound:"users"`
|
Users []VmessUser `inbound:"users"`
|
||||||
WsPath string `inbound:"ws-path,omitempty"`
|
WsPath string `inbound:"ws-path,omitempty"`
|
||||||
|
Certificate string `inbound:"certificate,omitempty"`
|
||||||
|
PrivateKey string `inbound:"private-key,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type VmessUser struct {
|
type VmessUser struct {
|
||||||
|
|
@ -51,6 +53,8 @@ func NewVmess(options *VmessOption) (*Vmess, error) {
|
||||||
Listen: base.RawAddress(),
|
Listen: base.RawAddress(),
|
||||||
Users: users,
|
Users: users,
|
||||||
WsPath: options.WsPath,
|
WsPath: options.WsPath,
|
||||||
|
Certificate: options.Certificate,
|
||||||
|
PrivateKey: options.PrivateKey,
|
||||||
},
|
},
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ package sing_vmess
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"crypto/tls"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
|
@ -67,8 +68,16 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||||
|
|
||||||
sl = &Listener{false, config, nil, service}
|
sl = &Listener{false, config, nil, service}
|
||||||
|
|
||||||
|
tlsConfig := &tls.Config{}
|
||||||
var httpMux *http.ServeMux
|
var httpMux *http.ServeMux
|
||||||
|
|
||||||
|
if config.Certificate != "" && config.PrivateKey != "" {
|
||||||
|
cert, err := N.ParseCert(config.Certificate, config.PrivateKey, C.Path)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
tlsConfig.Certificates = []tls.Certificate{cert}
|
||||||
|
}
|
||||||
if config.WsPath != "" {
|
if config.WsPath != "" {
|
||||||
httpMux = http.NewServeMux()
|
httpMux = http.NewServeMux()
|
||||||
httpMux.HandleFunc(config.WsPath, func(w http.ResponseWriter, r *http.Request) {
|
httpMux.HandleFunc(config.WsPath, func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
@ -79,6 +88,7 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||||
}
|
}
|
||||||
sl.HandleConn(conn, tunnel)
|
sl.HandleConn(conn, tunnel)
|
||||||
})
|
})
|
||||||
|
tlsConfig.NextProtos = append(tlsConfig.NextProtos, "http/1.1")
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, addr := range strings.Split(config.Listen, ",") {
|
for _, addr := range strings.Split(config.Listen, ",") {
|
||||||
|
|
@ -89,6 +99,9 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
if len(tlsConfig.Certificates) > 0 {
|
||||||
|
l = tls.NewListener(l, tlsConfig)
|
||||||
|
}
|
||||||
sl.listeners = append(sl.listeners, l)
|
sl.listeners = append(sl.listeners, l)
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue