Welcome! Log In Create A New Profile


Nginx as XRay backend

Posted by simsam 
Nginx as XRay backend
September 14, 2023 12:33PM
I tried to use Nginx as a reverse proxy and TLS handler for the XRay proxy framework. Nginx gets the WS connection on 443 and forwards it to 1000 or 2000 based on the URL. My setup works, but the problem is that it is unstable in terms of download speed. The speed test results for downloading a 100-MB file have been attached. I tried to optimize Nginx, but the result did not change. I have to mention I dockerized Xray and Nginx. Docker compose file has nothing special. The Nginx configuration is as follows:


proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering on;
proxy_buffer_size 256k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 300k;
proxy_connect_timeout 30;
proxy_send_timeout 200;
proxy_read_timeout 200;

user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;

events {
worker_connections 1024;

worker_rlimit_nofile 2048;

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush off;
tcp_nodelay on;

# # Configure timeouts
# client_body_timeout 12;
# client_header_timeout 12;
# send_timeout 10;

# Buffering
client_body_buffer_size 128k;
client_header_buffer_size 128k;
large_client_header_buffers 8 64k;
client_max_body_size 8m;

keepalive_timeout 75;
keepalive_requests 100000;
keepalive_disable msie6;

gzip off;
gzip_http_version 1.1;
gzip_disable "msie6";
gzip_comp_level 5;
gzip_min_length 100;
gzip_proxied any;
gzip_buffers 16 8k;
gzip_vary on;

# define files which should be compressed
gzip_types text/plain;
gzip_types text/css;
gzip_types application/javascript;
gzip_types application/json;
gzip_types application/vnd.ms-fontobject;
gzip_types application/x-font-ttf;
gzip_types font/opentype;
gzip_types image/svg+xml;
gzip_types image/x-icon;

include /etc/nginx/proxy.conf;
include /etc/nginx/conf.d/*.conf;


# server {
# listen 80;
# listen [::]:80;

# server_name ${SERVER_NAME};
# return 302 https://$server_name$request_uri;
# }

server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;

server_name *.${MAIN_SERVER_NAME} *.${SEC_SERVER_NAME};

ssl_certificate ${SSL_CERT_PATH};
ssl_certificate_key ${SSL_CERT_KEY};

# Authenticated Origin Pull is optional. Please refer to
# https://developers.cloudflare.com/ssl/origin/authenticated-origin-pull/
# ssl_client_certificate /etc/ssl/origin-pull-ca.pem;
# ssl_verify_client on;

ssl_session_timeout 1h;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;

server_tokens off;

ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers off;

location ${PATH-ONE} { #Replace with your own path name
if ($http_upgrade != "websocket") {
return 404;
proxy_pass http://xray:1000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";

location ${PATH-TWO} { #Replace with your own path name
if ($http_upgrade != "websocket") {
return 404;
proxy_pass http://xray:2000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";

# server {
# listen 90;
# server_name localhost;

# location /nginx-health {
# return 200 "healthy\n";
# add_header Content-Type text/plain;
# }
# }

Please help me to fix the problem.

Edited 1 time(s). Last edit at 09/14/2023 12:33PM by simsam.
open | download - photo_2023-09-02_14-28-05.jpg (64.1 KB)
open | download - photo_2023-09-02_14-28-17.jpg (45.3 KB)
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 49
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready