Creating a Universal Hybrid Resource (Clearnet + Darknet). ||V2.0||

Source: Dev.to

Configuration

# Hidden service directory for Tor
HiddenServiceDir /var/lib/tor/hidden_service/

# Local listener for Darknet traffic
listen 127.0.0.1:8080;
access_log off;
root /var/www/html;
add_header X-Entrance "Darknet-Tor";

# Public HTTPS listener
listen 443 ssl http2;
ssl_certificate /etc/ssl/certs/cf_origin_cert.pem;
ssl_protocols TLSv1.2 TLSv1.3;

location / {
    # Proxy for VLESS/V2Ray traffic
    location /mysecretpath {
        proxy_pass http://127.0.0.1:10000;
    }
}

# Redirect HTTP to HTTPS for the clearnet domain
server {
    listen 80;
    server_name mysuperfastsite.com;
    return 301 https://$host$request_uri;
}

Final workflow

Clearnet user

1. Enters mysuperfastsite.com.
2. Request goes to Cloudflare (the nearest edge server).
3. Cloudflare applies DDoS protection and forwards the request to your Nginx via HTTP/3.
4. DPI sees only legitimate traffic to Cloudflare.
5. Speed is maximized thanks to CDN caching.

Darknet user (or under total blockade)

1. Enters the .onion address in the Tor Browser.
2. The request traverses three Tor nodes and reaches the server on localhost:8080.
3. Availability remains 100 % as long as the server is up, independent of DNS or IP blocks.

VLESS (Personal VPN) user

1. Uses a client (e.g., v2rayNG) with the address mysuperfastsite.com and the path /mysecretpath.
2. Nginx intercepts this path and forwards it to the Xray kernel.
3. Provides a private, unblocked communication channel.

This embodies the “dual‑use” philosophy: one server, one configuration, complete freedom of access method.