/etc/caddy/caddy.json
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "127.0.0.1:1923"
}
]
}
],
"match": [
{
"path": [
"/vmess-ws-public"
]
}
]
}
]
}
],
"terminal": true
}
],
"tls_connection_policies": [
{
"certificate_selection": {
"any_tag": [
"cert0"
]
}
}
]
},
"srv1": {
"listen": [
":80"
],
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "127.0.0.1:1923"
}
]
}
],
"match": [
{
"path": [
"/vmess-ws-public"
]
}
]
}
]
}
],
"terminal": true
}
]
}
}
},
"tls": {
"certificates": {
"load_files": [
{
"certificate": "/etc/caddy/self-signed.crt",
"key": "/etc/caddy/self-signed.key",
"tags": [
"cert0"
]
}
]
}
}
}
}
Enable start at boot: sudo systemctl enable nftables
/etc/nftables.conf
table ip arinc9-vpn {
chain prerouting_dstnat {
type nat hook prerouting priority dstnat; policy accept;
ip daddr 149.91.1.15 iifname "ens18" udp dport 123 counter dnat to 162.159.192.1:2408
}
chain postrouting_srcnat {
type nat hook postrouting priority srcnat; policy accept;
oifname "ens18" counter masquerade
}
}
/etc/systemd/resolved.conf
[Resolve]
DNS=208.67.222.222#dns.opendns.com
FallbackDNS=208.67.220.220#dns.opendns.com
DNSSEC=no
DNSOverTLS=yes
Enable start at boot: systemctl enable sing-box@public
/etc/sing-box/public.json
{
"inbounds": [
{
"type": "vmess",
"listen": "127.0.0.1",
"listen_port": 1923,
"users": [
{
"uuid": "6be3e1b2-05e1-46a1-ad36-70aaabaa8d12"
}
],
"transport": {
"type": "ws",
"path": "/vmess-ws-public"
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
],
"route": {
"rules": [
{
"ip_cidr": "127.0.0.53/32",
"port": 53,
"action": "route",
"outbound": "direct"
},
{
"ip_is_private": true,
"action": "reject",
"method": "drop"
}
]
}
}