mirror of
https://github.com/XTLS/Xray-examples.git
synced 2025-06-28 13:16:06 +08:00
added client link examples
This commit is contained in:
uzziel
parent
0bf00a7c28
commit
69f645476e
@ -1,6 +1,6 @@
|
||||
# Xray - All-in-one Configuration + Nginx(decoy website)
|
||||
|
||||
The configuration uses xray's `fallbacks` feature to enable this **Protocol-Transport** combinations at the same time on port 443:
|
||||
The configuration uses xray's `fallbacks` feature to enable these **Protocol-Transport** combinations at the same time on port 443:
|
||||
* HTTPS:443
|
||||
* Trojan-TCP-TLS
|
||||
* Trojan-WS-TLS
|
||||
@ -20,9 +20,9 @@ The configuration uses xray's `fallbacks` feature to enable this **Protocol-Tran
|
||||
* ShadowSocks-gRPC
|
||||
* ShadowSocks-H2-TLS
|
||||
|
||||
[Fallback](https://xtls.github.io/config/features/fallback.html) enables an inbound to forward the incoming request to another inbound.
|
||||
[Fallback](https://xtls.github.io/config/features/fallback.html) feature enables an inbound to forward the incoming request to another inbound or another process.
|
||||
|
||||
Nginx is used to serve a decoy website to avoid active probing. It is alsousedto route gRPC traffic(grpc_pass).
|
||||
Nginx is used to serve a decoy website to avoid active probing. It's also used to route gRPC traffic(grpc_pass).
|
||||
|
||||
## How it works?
|
||||
The Vless-TCP-XTLS is the HTTPS entrypoint. For every incoming request after doing TLS-Termination, based on the **Path**, **SNI** or **ALPN type**, the request is passed to another inbound(sub-config). For example:
|
||||
@ -39,14 +39,37 @@ VMESS-gRPC Request ------> Xray Vless-TCP-XTLS(443) ----**alpn=h2**----> fallbac
|
||||
* **SSL Certificates and keys** absolute paths in Vless-TCP-XTLS (`inbounds[0].streamSettings.xtlsSettings.certificates`)
|
||||
* **Password** of Trojan and ShadowSocks configs
|
||||
* **UUID** of Vless and VMESS configs
|
||||
* **(Optional)** Path of all sub-configs. For **Websocket**-->`wsSettings.path`, for **TCP**-->`tcpSettings.header.request.path`, for **gRPC**-->`grpcSettings.serviceName` and for **h2**-->`httpSettings.path`.
|
||||
* **(Optional)** Path of all sub-configs. For **Websocket**-->`wsSettings.path`, for **TCP**-->`tcpSettings.header.request.path`, for **gRPC**-->`grpcSettings.serviceName` and for **H2**-->`httpSettings.path`.
|
||||
* **(Optional)** The SNIs of H2 fallbacks (`inbounds[0].settings.fallbacks.[].name`) could also be changed but they should be consistent between client and server. (Read the notes on HTTP2 inbounds)
|
||||
|
||||
* Nginx nginx.conf
|
||||
* Domain names
|
||||
* **(Optional)** If gRPC serviceNames are changed in server.json, they **should** also be changed in Nginx config
|
||||
|
||||
|
||||
## Notes:
|
||||
* Tested with **Xray 1.6.1** (Xray, Penetrates Everything.) Custom (go1.19.2 linux/amd64)
|
||||
* [HTTP2 Transport does not support fallback based on `path`](https://xtls.github.io/config/transports/h2.html#http-2). That's why SNI is used instead.
|
||||
* Tested with **Xray 1.7.0** (Xray, Penetrates Everything.) Custom (go1.19.4 linux/amd64)
|
||||
* For a little better performance, a DNS Cache could be setup (on 127.0.0.53 in this case) and used for resolving DNS queries. To enable xray to use it uncomment the corresponding rule from the `routing.settings.rules` in server.json.
|
||||
* Multiple domains could be used at the same time, including domains behind cloudflare CDN. (For cloudflare, make sure websocket and gRPC are enabled in Network section). In this configuration these domains are **example.com** and **behindcdn.com**
|
||||
* HTTP2 inbounds (Trojan-H2, Vless-H2, VMESS-H2 and ShadowSocks-H2)
|
||||
* [HTTP2 Transport does not support fallback based on `path`](https://xtls.github.io/config/transports/h2.html#http-2). That's why SNI is used instead.
|
||||
* It's possible to create a CNAME dns record for all the H2 SNIs and use that as the address of the client config without setting custom SNI on client but it's optinal.
|
||||
|
||||
* It is assumed that the **example.com** domain has a **wildcard certificate**. If it's not a wildcard certificate or it it's a self-signed certificate, **allowInsecure** must be **ture** on client configuration.
|
||||
|
||||
|
||||
## Client link examples
|
||||
|
||||
| Combination | Link |
|
||||
| ----------- | ---- |
|
||||
| Trojan-TCP-TLS | trojan://desdemona99@example.com:443?security=tls&type=tcp#Trojan-TCP |
|
||||
| Trojan-WS-TLS | trojan://desdemona99@example.com:443?security=tls&type=ws&path=/trojanws#Trojna-WS |
|
||||
| Trojan-gRPC-TLS | trojan://desdemona99@example.com:443?security=tls&type=grpc&serviceName=trgrpc#Trojan-gRPC |
|
||||
| Trojan-H2-TLS | trojan://desdemona99@example.com:443?sni=trh2o.example.com&security=tls&type=http&path=/trh2#Trojan-H2 |
|
||||
| Vless-TCP-TLS | vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?security=tls&type=tcp#Vless-TCP |
|
||||
| Vless-WS-TLS | vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?security=tls&type=ws&path=/vlws#Vless-WS |
|
||||
| Vless-gRPC-TLS | vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?security=tls&type=grpc&serviceName=vlgrpc#Vless-gRPC |
|
||||
| Vless-H2-TLS | vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?sni=vlh2o.example.com&security=tls&type=http&path=/vlh2#Vless-H2 |
|
||||
| VMESS-TCP-TLS | vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJ0Y3AiLAogICAgInBhdGgiOiAiL3ZtdGMiLAogICAgInBvcnQiOiAiNDQzIiwKICAgICJwcyI6ICJWTUVTUy1UQ1AiLAogICAgInNjeSI6ICJub25lIiwKICAgICJzbmkiOiAiIiwKICAgICJ0bHMiOiAidGxzIiwKICAgICJ0eXBlIjogImh0dHAiLAogICAgInYiOiAiMiIKfQo= |
|
||||
| VMESS-WS-TLS | vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJ3cyIsCiAgICAicGF0aCI6ICIvdm13cyIsCiAgICAicG9ydCI6ICI0NDMiLAogICAgInBzIjogIlZNRVNTLVdTIiwKICAgICJzY3kiOiAibm9uZSIsCiAgICAic25pIjogIiIsCiAgICAidGxzIjogInRscyIsCiAgICAidHlwZSI6ICIiLAogICAgInYiOiAiMiIKfQo= |
|
||||
| VMESS-gRPC-TLS | vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJncnBjIiwKICAgICJwYXRoIjogInZtZ3JwYyIsCiAgICAicG9ydCI6ICI0NDMiLAogICAgInBzIjogIlZNRVNTLWdSUEMiLAogICAgInNjeSI6ICJub25lIiwKICAgICJzbmkiOiAiIiwKICAgICJ0bHMiOiAidGxzIiwKICAgICJ0eXBlIjogImh0dHAiLAogICAgInYiOiAiMiIKfQo= |
|
||||
| VMESS-H2-TLS | vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJodHRwIiwKICAgICJwYXRoIjogIi92bWgyIiwKICAgICJwb3J0IjogIjQ0MyIsCiAgICAicHMiOiAiVk1FU1MtSDIiLAogICAgInNjeSI6ICJub25lIiwKICAgICJzbmkiOiAidm1oMm8uZXhhbXBsZS5jb20iLAogICAgInRscyI6ICJ0bHMiLAogICAgInR5cGUiOiAiaHR0cCIsCiAgICAidiI6ICIyIgp9Cg== |
|
||||
Loading…
x
Reference in New Issue
Block a user