Added web server support for v2ray-plugin gRPC mode.

prepare/v2ray_plugin_prepare.sh

@@ -65,12 +65,28 @@ quic_mode_logic(){
 }
 
 grpc_mode_logic(){
+ isDisableMux="disable"
  get_cdn_or_dnsonly_type_domain
- get_input_inbound_port 443
- firewallNeedOpenPort="${INBOUND_PORT}"
- shadowsocksport="${firewallNeedOpenPort}"
+ get_input_grpc_path
+ improt_package "webServer" "prepare.sh"
+ is_enable_web_server
+ if [ "${isEnableWeb}" = "disable" ]; then
+ get_input_inbound_port 443
+ firewallNeedOpenPort="${INBOUND_PORT}"
+ shadowsocksport="${firewallNeedOpenPort}"
+ elif [ "${isEnableWeb}" = "enable" ]; then
+ reset_if_ss_port_is_443
+ get_input_inbound_port 443 "TO_COMPARE_PORTS"
+ firewallNeedOpenPort="${INBOUND_PORT}"
+ web_server_menu
+ if [ "${web_flag}" = "1" ]; then
+ choose_caddy_version_menu
+ elif [ "${web_flag}" = "2" ]; then
+ choose_nginx_version_menu
+ fi
+ get_input_mirror_site
+ fi
  kill_process_if_port_occupy "${firewallNeedOpenPort}"
- is_disable_mux_logic
  if [ "${domainType}" = "DNS-Only" ]; then
  acme_get_certificate_by_force "${domain}"
  elif [ "${domainType}" = "CDN" ]; then

templates/config/v2ray_plugin_config.sh

@@ -7,7 +7,11 @@ config_ss_v2ray_plugin(){
  serverTcpAndUdp="tcp_only"
  serverPluginOpts="server;tls;mode=quic;host=${domain};cert=${cerPath};key=${keyPath}"
  elif [ "${libev_v2ray}" = "4" ]; then
- serverPluginOpts="server;tls;mode=grpc;host=${domain};cert=${cerPath};key=${keyPath}"
+ if [ "${isEnableWeb}" = "disable" ]; then
+ serverPluginOpts="server;tls;mode=grpc;host=${domain};serviceName=${grpcSN};cert=${cerPath};key=${keyPath}"
+ elif [ "${isEnableWeb}" = "enable" ]; then
+ serverPluginOpts="server;mode=grpc;serviceName=${grpcSN}"
+ fi
  fi
  ss_plugin_server_config
  if [ "${isDisableMux}" = "disable" ]; then

templates/sslinks/v2ray_plugin_link.sh

@@ -12,7 +12,7 @@ gen_ss_v2ray_plugin_link(){
  elif [ "${libev_v2ray}" = "3" ]; then
  clientPluginOpts="tls;mode=quic;host=${domain}${clientMux}"
  elif [ "${libev_v2ray}" = "4" ]; then
- clientPluginOpts="tls;mode=grpc;host=${domain}${clientMux}"
+ clientPluginOpts="tls;mode=grpc;host=${domain};serviceName=${grpcSN}${clientMux}"
  fi
  ss_plugins_client_links
 }

webServer/caddy_config.sh

@@ -1,4 +1,4 @@
-caddy_v1_config(){
+caddy_v1_ws_config(){
  cat > ${CADDY_CONF_FILE}<<-EOF
  ${domain}:${firewallNeedOpenPort} {
  gzip
@@ -20,7 +20,27 @@ caddy_v1_config(){
  EOF
 }
 
-caddy_v2_config(){
+caddy_v1_grpc_config(){
+ cat > ${CADDY_CONF_FILE}<<-EOF
+ ${domain}:${firewallNeedOpenPort} {
+ gzip
+ log /var/log/caddy-access.log
+ errors /var/log/caddy-error.log
+ tls ${cerPath} ${keyPath} {
+ protocols tls1.3
+ }
+ grpc localhost:${shadowsocksport} {
+ backend_is_insecure
+ }
+ proxy / ${mirror_site} {
+ transparent
+ except /${grpcSN}/Tun
+ }
+ }
+ EOF
+}
+
+caddy_v2_ws_config(){
  cat > ${CADDY_CONF_FILE}<<-EOF
  ${domain}:${firewallNeedOpenPort} {
  encode gzip
@@ -43,10 +63,53 @@ caddy_v2_config(){
  EOF
 }
 
+caddy_v2_grpc_config(){
+ cat > ${CADDY_CONF_FILE}<<-EOF
+ ${domain}:${firewallNeedOpenPort} {
+ encode gzip
+ log {
+ output file /var/log/caddy-access.log
+ format json
+ }
+ tls ${cerPath} ${keyPath} {
+ protocols tls1.3
+ }
+ @grpc {
+ protocol grpc
+ path /${grpcSN}/Tun
+ }
+ reverse_proxy @grpc localhost:${shadowsocksport} {
+ flush_interval -1
+ transport http {
+ versions h2c
+ }
+ }
+ @not-assets {
+ not path /${grpcSN}/Tun
+ }
+ reverse_proxy @not-assets ${mirror_site} {
+ header_up Host {http.reverse_proxy.upstream.hostport}
+ header_up X-Real-IP {http.request.remote}
+ header_up X-Forwarded-For {http.request.remote}
+ header_up X-Forwarded-Port {http.request.port}
+ header_up X-Forwarded-Proto {http.request.scheme}
+ }
+ }
+ EOF
+}
+
 caddy_config(){
  if [[ ${caddyVerFlag} = "1" ]]; then
- caddy_v1_config
+ if [[ -n ${grpcSN} ]]; then
+ caddy_v1_grpc_config
+ return
+ fi
+ caddy_v1_ws_config
  elif [[ ${caddyVerFlag} = "2" ]]; then
- caddy_v2_config
+ if [[ -n ${grpcSN} ]]; then
+ caddy_v2_grpc_config
+ return
+ fi
+ caddy_v2_ws_config
  fi
 }

webServer/nginx_config.sh

@@ -1,4 +1,4 @@
-nginx_config(){
+nginx_ws_config(){
  cat > /etc/nginx/nginx.conf<<-EOF
  user nginx;
  worker_processes auto;
@@ -55,4 +55,74 @@ nginx_config(){
  }
  }
  EOF
+}
+
+nginx_grpc_config(){
+ cat > /etc/nginx/nginx.conf<<-EOF
+ user nginx;
+ worker_processes auto;
+ error_log /var/log/nginx-error.log info;
+ pid /var/run/nginx.pid;
+ 
+ events {
+ accept_mutex on;
+ multi_accept on;
+ worker_connections 1024;
+ }
+ 
+ http {
+ keepalive_timeout 60;
+ access_log /var/log/nginx-access.log combined;
+ 
+ server {
+ listen 80;
+ listen [::]:80;
+ server_name ${domain};
+ return 301 https://\$http_host\$request_uri;
+ }
+ 
+ server{
+ listen ${firewallNeedOpenPort} ssl http2;
+ listen [::]:${firewallNeedOpenPort} ssl http2;
+ server_name ${domain};
+ ssl_certificate ${cerPath};
+ ssl_certificate_key ${keyPath};
+ ssl_protocols TLSv1.3;
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 10m;
+ add_header Strict-Transport-Security "max-age=31536000";
+ 
+ location /${grpcSN}/Tun {
+ grpc_pass localhost:${shadowsocksport};
+ grpc_read_timeout 1h;
+ grpc_send_timeout 1h;
+ grpc_set_header X-Real-IP \$remote_addr;
+ grpc_socket_keepalive on;
+ 
+ client_body_buffer_size 1m;
+ client_body_timeout 1h;
+ client_max_body_size 0;
+ }
+ 
+ location / {
+ sub_filter ${mirror_domain} ${domain};
+ sub_filter_once off;
+ proxy_set_header X-Real-IP \$remote_addr;
+ proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+ proxy_set_header Referer ${mirror_site};
+ proxy_set_header Host ${mirror_domain};
+ proxy_pass ${mirror_site};
+ proxy_set_header Accept-Encoding "";
+ }
+ }
+ }
+ EOF
+}
+
+nginx_config(){
+ if [[ -n ${grpcSN} ]]; then
+ nginx_grpc_config
+ return
+ fi
+ nginx_ws_config
 }