mirror of https://github.com/ospab/ostp.git
86 lines
3.0 KiB
JSON
86 lines
3.0 KiB
JSON
{
|
|
// OSTP Server Configuration
|
|
"mode": "server",
|
|
"log_level": "info",
|
|
|
|
// The address and port the server listens on for incoming OSTP connections.
|
|
"listen": "0.0.0.0:50000",
|
|
|
|
// List of valid keys. Clients must use one of these to connect.
|
|
"access_keys": [
|
|
"a1d8795a93553c08b4e89b017a16ca52"
|
|
],
|
|
|
|
// Optional proxy for outbound traffic.
|
|
"outbound": {
|
|
"enabled": false,
|
|
"protocol": "socks5",
|
|
"address": "127.0.0.1",
|
|
"port": 9050,
|
|
// default_action: 'proxy' (all through proxy) or 'direct' (bypass proxy by default).
|
|
"default_action": "proxy",
|
|
"rules": [
|
|
{
|
|
"domain_suffix": [".onion"],
|
|
"action": "proxy"
|
|
}
|
|
]
|
|
},
|
|
|
|
// Web control panel & Management API
|
|
"api": {
|
|
"enabled": false,
|
|
"bind": "0.0.0.0:9090",
|
|
// Static API token for Relay servers (optional)
|
|
"token": "",
|
|
// Secret URL path to hide panel from scanners (e.g. "mySecret123")
|
|
"webpath": "",
|
|
// Login credentials for web panel (password stored as SHA256 hash)
|
|
"username": "",
|
|
"password_hash": ""
|
|
},
|
|
|
|
// Fallback TCP proxy: unrecognized connections are proxied to a web server (anti-DPI).
|
|
"fallback": {
|
|
"enabled": false,
|
|
"listen": "0.0.0.0:443",
|
|
// Target web server (e.g., local nginx or caddy)
|
|
"target": "127.0.0.1:8080"
|
|
},
|
|
|
|
// Reality (XTLS) / UoT Masquerade parameters
|
|
"reality": {
|
|
"enabled": false,
|
|
"dest": "www.microsoft.com:443",
|
|
"private_key": "6FVg53jUBTt-dJ52F1Zu1RBCcW1gr9K84WdynBb7i80",
|
|
"pbk": "c9QjERoaqFGoKBd-9ZpNzj51E8B93fcnEQT_cohEk2E",
|
|
"sid": "960223edfa174fc5",
|
|
"sni_list": ["www.microsoft.com"]
|
|
},
|
|
"debug": false,
|
|
|
|
// Встроенный DNS-сервер
|
|
"dns": {
|
|
// Полный режим: кастомные домены + AdBlock списки + DoH форвардинг
|
|
"enabled": false,
|
|
// Перехватывать весь UDP-трафик к порту 53 и резолвить через DoH
|
|
// (работает даже если enabled=false, предотвращает DNS-утечки через сервер)
|
|
"intercept_all_port53": false,
|
|
// УДП порт встроенного DNS (клиент может указать <server_ip>:50053 как DNS)
|
|
"local_port": 50053,
|
|
// DoH вверх: Cloudflare, Google, NextDNS и др.
|
|
"doh_upstream": "https://cloudflare-dns.com/dns-query",
|
|
// "doh_upstream": "https://dns.google/dns-query",
|
|
// "doh_upstream": "https://dns10.quad9.net/dns-query",
|
|
// Списки доменов для блокировки (формат: hosts-файл, ||domain^, один домен на строку)
|
|
"adblock_urls": [
|
|
// "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
|
|
// "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt"
|
|
],
|
|
// Кастомные домены: отвечаем A-записью напрямую (не через DoH)
|
|
"custom_domains": {
|
|
// "myserver.internal": "10.0.0.1",
|
|
// "home.local": "192.168.1.100"
|
|
}
|
|
}
|
|
} |