feat: add certificate and private-key to vmess listener

2024-11-16 03:32:33 +08:00 · 2023-10-07 17:08:54 +08:00 · 2023-10-07 17:08:54 +08:00 · d8fe7a52d6
commit d8fe7a52d6
parent 791ecfbb32
4 changed files with 32 additions and 10 deletions
--- a/docs/config.yaml
+++ b/docs/config.yaml
@ -937,6 +937,9 @@ listeners:
        uuid: 9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68
        alterId: 1
    # ws-path: "/" # 如果不为空则开启websocket传输层
+    # 下面两项如果填写则开启tls（需要同时填写）
+    # certificate: ./server.crt
+    # private-key: ./server.key

  - name: tuic-in-1
    type: tuic
--- a/listener/config/vmess.go
+++ b/listener/config/vmess.go
@ -11,10 +11,12 @@ type VmessUser struct {
 }

 type VmessServer struct {
-	Enable bool
-	Listen string
-	Users  []VmessUser
-	WsPath string
+	Enable      bool
+	Listen      string
+	Users       []VmessUser
+	WsPath      string
+	Certificate string
+	PrivateKey  string
 }

 func (t VmessServer) String() string {
--- a/listener/inbound/vmess.go
+++ b/listener/inbound/vmess.go
@ -9,8 +9,10 @@ import (

 type VmessOption struct {
 	BaseOption
-	Users  []VmessUser `inbound:"users"`
-	WsPath string      `inbound:"ws-path,omitempty"`
+	Users       []VmessUser `inbound:"users"`
+	WsPath      string      `inbound:"ws-path,omitempty"`
+	Certificate string      `inbound:"certificate,omitempty"`
+	PrivateKey  string      `inbound:"private-key,omitempty"`
 }

 type VmessUser struct {
@ -47,10 +49,12 @@ func NewVmess(options *VmessOption) (*Vmess, error) {
 		Base:   base,
 		config: options,
 		vs: LC.VmessServer{
-			Enable: true,
-			Listen: base.RawAddress(),
-			Users:  users,
-			WsPath: options.WsPath,
+			Enable:      true,
+			Listen:      base.RawAddress(),
+			Users:       users,
+			WsPath:      options.WsPath,
+			Certificate: options.Certificate,
+			PrivateKey:  options.PrivateKey,
 		},
 	}, nil
 }
--- a/listener/sing_vmess/server.go
+++ b/listener/sing_vmess/server.go
@ -2,6 +2,7 @@ package sing_vmess

 import (
 	"context"
+	"crypto/tls"
 	"net"
 	"net/http"
 	"net/url"
@ -67,8 +68,16 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)

 	sl = &Listener{false, config, nil, service}

+	tlsConfig := &tls.Config{}
 	var httpMux *http.ServeMux

+	if config.Certificate != "" && config.PrivateKey != "" {
+		cert, err := N.ParseCert(config.Certificate, config.PrivateKey, C.Path)
+		if err != nil {
+			return nil, err
+		}
+		tlsConfig.Certificates = []tls.Certificate{cert}
+	}
 	if config.WsPath != "" {
 		httpMux = http.NewServeMux()
 		httpMux.HandleFunc(config.WsPath, func(w http.ResponseWriter, r *http.Request) {
@ -79,6 +88,7 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
 			}
 			sl.HandleConn(conn, tunnel)
 		})
+		tlsConfig.NextProtos = append(tlsConfig.NextProtos, "http/1.1")
 	}

 	for _, addr := range strings.Split(config.Listen, ",") {
@ -89,6 +99,9 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
 		if err != nil {
 			return nil, err
 		}
+		if len(tlsConfig.Certificates) > 0 {
+			l = tls.NewListener(l, tlsConfig)
+		}
 		sl.listeners = append(sl.listeners, l)

 		go func() {