Files
jiedian/docs/STACK.md
T
dekun f0a3317e8b feat: proxy admin panel via nginx port 80 to avoid exposing 8444
Route the panel through a secret subpath on port 80, remove the separate
8444 listener, and document common troubleshooting in docs.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-16 09:45:26 +08:00

23 lines
974 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# 方案决策记录
## 已确认选型
| 项目 | 选择 | 理由 |
|------|------|------|
| 协议栈 | **VLESS + Reality + Hysteria2 双栈** | Reality 抗主动探测;Hysteria2 作 UDP 备用与流媒体 |
| 服务端 | **sing-box** | 单进程同时跑 Reality 与 Hysteria2,配置统一 |
| 系统 | **Ubuntu 22.04/24.04 或 Debian 12** | 脚本基于 apt,其他发行版需手动适配 |
| 面板 | **无** | 个人 15 人,手改 `.env` + 模板即可 |
## 端口规划
- `443/TCP` — VLESS + Reality(主力)
- `8443/UDP` — Hysteria2(备用)
- `80/TCP` — ACME 验证 + 管理面板 Nginx 反向代理
- `127.0.0.1:8080` — Nginx 伪装静态页(Reality fallback 场景)
- `127.0.0.1:5080` — Flask 面板后端(不对外暴露)
## 单协议简化
若只想维护一种协议,删除 `server/sing-box.json.template` 中的 `hysteria2-in` inbound,并跳过证书申请步骤即可,仅保留 Reality。