From 8ca7091d767741ca55a18b9df6218d5d64e811f5 Mon Sep 17 00:00:00 2001 From: wlfvpn Date: Thu, 26 Jan 2023 08:43:00 +0000 Subject: [PATCH] Fixed routing issue + Add API config --- All-in-One-fallbacks-Nginx/README.md | 15 +- .../client.configs/ShadowSocks-WS-TLS.json | 2 +- .../client.configs/Trojan-WS-TLS.json | 2 +- .../client.configs/VMESS-WS-TLS.json | 2 +- .../client.configs/Vless-WS-TLS.json | 2 +- All-in-One-fallbacks-Nginx/server.json | 227 +++++++++++++----- 6 files changed, 184 insertions(+), 66 deletions(-) diff --git a/All-in-One-fallbacks-Nginx/README.md b/All-in-One-fallbacks-Nginx/README.md index f1234a2..5e663ed 100644 --- a/All-in-One-fallbacks-Nginx/README.md +++ b/All-in-One-fallbacks-Nginx/README.md @@ -47,7 +47,7 @@ VMESS-gRPC Request ------> Xray Vless-TCP-XTLS(443) ----**alpn=h2**----> fallbac * **(Optional)** If gRPC serviceNames are changed in server.json, they **should** also be changed in Nginx config ## Notes: -* Tested with **Xray 1.7.0** (Xray, Penetrates Everything.) Custom (go1.19.4 linux/amd64) +* Tested with **Xray 1.7.2** (Xray, Penetrates Everything.) Custom (go1.19.4 linux/amd64) * For a little better performance, a DNS Cache could be setup (on 127.0.0.53 in this case) and used for resolving DNS queries. To enable xray to use it uncomment the corresponding rule from the `routing.settings.rules` in server.json. * Multiple domains could be used at the same time, including domains behind cloudflare CDN. (For cloudflare, make sure websocket and gRPC are enabled in Network section). In this configuration these domains are **example.com** and **behindcdn.com** * HTTP2 inbounds (Trojan-H2, Vless-H2, VMESS-H2 and ShadowSocks-H2) @@ -55,21 +55,26 @@ VMESS-gRPC Request ------> Xray Vless-TCP-XTLS(443) ----**alpn=h2**----> fallbac * It's possible to create a CNAME dns record for all the H2 SNIs and use that as the address of the client config without setting custom SNI on client but it's optinal. * It is assumed that the **example.com** domain has a **wildcard certificate**. If it's **not** a wildcard certificate or if it's a self-signed certificate, then `streamSettings.tlsSettings.allowInsecure` in the **client configuration** must be `true`. - +* Put `nginx.conf` to your `/etc/nginx/conf.d/` then `sudo service restart nginx` +* You might need to remove socket files if restarting nginx failed `rm /dev/shm/{h1.sock,h2c.sock} && nginx -t && systemctl restart nginx` ## Client link examples | Combination | Link | | ----------- | ---- | | Trojan-TCP | `trojan://desdemona99@example.com:443?security=tls&type=tcp#Trojan-TCP` | -| Trojan-WS | `trojan://desdemona99@example.com:443?security=tls&type=ws&path=/trojanws#Trojna-WS` | +| Trojan-WS | `trojan://desdemona99@example.com:443?security=tls&type=ws&path=/trojanws?ed=2048#Trojna-WS` | | Trojan-gRPC | `trojan://desdemona99@example.com:443?security=tls&type=grpc&serviceName=trgrpc#Trojan-gRPC` | | Trojan-H2 | `trojan://desdemona99@example.com:443?sni=trh2o.example.com&security=tls&type=http&path=/trh2#Trojan-H2` | | Vless-TCP | `vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?security=tls&type=tcp#Vless-TCP` | -| Vless-WS | `vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?security=tls&type=ws&path=/vlws#Vless-WS` | +| Vless-WS | `vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?security=tls&type=ws?ed=2048&path=/vlws#Vless-WS` | | Vless-gRPC | `vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?security=tls&type=grpc&serviceName=vlgrpc#Vless-gRPC` | | Vless-H2 | `vless://90e4903e-66a4-45f7-abda-fd5d5ed7f797@example.com:443?sni=vlh2o.example.com&security=tls&type=http&path=/vlh2#Vless-H2` | | VMESS-TCP | `vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJ0Y3AiLAogICAgInBhdGgiOiAiL3ZtdGMiLAogICAgInBvcnQiOiAiNDQzIiwKICAgICJwcyI6ICJWTUVTUy1UQ1AiLAogICAgInNjeSI6ICJub25lIiwKICAgICJzbmkiOiAiIiwKICAgICJ0bHMiOiAidGxzIiwKICAgICJ0eXBlIjogImh0dHAiLAogICAgInYiOiAiMiIKfQo=` | | VMESS-WS | `vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJ3cyIsCiAgICAicGF0aCI6ICIvdm13cyIsCiAgICAicG9ydCI6ICI0NDMiLAogICAgInBzIjogIlZNRVNTLVdTIiwKICAgICJzY3kiOiAibm9uZSIsCiAgICAic25pIjogIiIsCiAgICAidGxzIjogInRscyIsCiAgICAidHlwZSI6ICIiLAogICAgInYiOiAiMiIKfQo=` | | VMESS-gRPC | `vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJncnBjIiwKICAgICJwYXRoIjogInZtZ3JwYyIsCiAgICAicG9ydCI6ICI0NDMiLAogICAgInBzIjogIlZNRVNTLWdSUEMiLAogICAgInNjeSI6ICJub25lIiwKICAgICJzbmkiOiAiIiwKICAgICJ0bHMiOiAidGxzIiwKICAgICJ0eXBlIjogImh0dHAiLAogICAgInYiOiAiMiIKfQo=` | -| VMESS-H2 | `vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJodHRwIiwKICAgICJwYXRoIjogIi92bWgyIiwKICAgICJwb3J0IjogIjQ0MyIsCiAgICAicHMiOiAiVk1FU1MtSDIiLAogICAgInNjeSI6ICJub25lIiwKICAgICJzbmkiOiAidm1oMm8uZXhhbXBsZS5jb20iLAogICAgInRscyI6ICJ0bHMiLAogICAgInR5cGUiOiAiaHR0cCIsCiAgICAidiI6ICIyIgp9Cg==` | \ No newline at end of file +| VMESS-H2 | `vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJodHRwIiwKICAgICJwYXRoIjogIi92bWgyIiwKICAgICJwb3J0IjogIjQ0MyIsCiAgICAicHMiOiAiVk1FU1MtSDIiLAogICAgInNjeSI6ICJub25lIiwKICAgICJzbmkiOiAidm1oMm8uZXhhbXBsZS5jb20iLAogICAgInRscyI6ICJ0bHMiLAogICAgInR5cGUiOiAiaHR0cCIsCiAgICAidiI6ICIyIgp9Cg==` | +| Shadowsocks-gRPC | `ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpkZXNkZW1vbmE5OQ==@example.com:443#ShadowSocks-gRPC` +| Shadowsocks-H2 | `ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpkZXNkZW1vbmE5OQ==@example.com:443#ShadowSocks-H2-TLS` +| Shadowsocks-TCP | `ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpkZXNkZW1vbmE5OQ==@example.com:443#ShadowSocks-TCP` +| Shadowsocks-WS | `ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpkZXNkZW1vbmE5OQ==@example.com:443#ShadowSocks-WS` \ No newline at end of file diff --git a/All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-WS-TLS.json b/All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-WS-TLS.json index b081221..5a3577f 100644 --- a/All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-WS-TLS.json +++ b/All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-WS-TLS.json @@ -28,7 +28,7 @@ "streamSettings": { "network": "ws", "wsSettings": { - "path": "/ssws" + "path": "/ssws?ed=2048" }, "security": "tls", "tlsSettings": { diff --git a/All-in-One-fallbacks-Nginx/client.configs/Trojan-WS-TLS.json b/All-in-One-fallbacks-Nginx/client.configs/Trojan-WS-TLS.json index 659c2c8..ec65637 100644 --- a/All-in-One-fallbacks-Nginx/client.configs/Trojan-WS-TLS.json +++ b/All-in-One-fallbacks-Nginx/client.configs/Trojan-WS-TLS.json @@ -27,7 +27,7 @@ "streamSettings": { "network": "ws", "wsSettings": { - "path": "/trojanws" + "path": "/trojanws?ed=2048" }, "security": "tls", "tlsSettings": { diff --git a/All-in-One-fallbacks-Nginx/client.configs/VMESS-WS-TLS.json b/All-in-One-fallbacks-Nginx/client.configs/VMESS-WS-TLS.json index e22c33e..0f76028 100644 --- a/All-in-One-fallbacks-Nginx/client.configs/VMESS-WS-TLS.json +++ b/All-in-One-fallbacks-Nginx/client.configs/VMESS-WS-TLS.json @@ -33,7 +33,7 @@ "streamSettings": { "network": "ws", "wsSettings": { - "path": "/vmws" + "path": "/vmws?ed=2048" }, "security": "tls", "tlsSettings": { diff --git a/All-in-One-fallbacks-Nginx/client.configs/Vless-WS-TLS.json b/All-in-One-fallbacks-Nginx/client.configs/Vless-WS-TLS.json index ca9d9ce..9605d51 100644 --- a/All-in-One-fallbacks-Nginx/client.configs/Vless-WS-TLS.json +++ b/All-in-One-fallbacks-Nginx/client.configs/Vless-WS-TLS.json @@ -32,7 +32,7 @@ "streamSettings": { "network": "ws", "wsSettings": { - "path": "/vlws" + "path": "/vlws?ed=2048" }, "security": "tls", "tlsSettings": { diff --git a/All-in-One-fallbacks-Nginx/server.json b/All-in-One-fallbacks-Nginx/server.json index 2249af8..5655d3f 100644 --- a/All-in-One-fallbacks-Nginx/server.json +++ b/All-in-One-fallbacks-Nginx/server.json @@ -2,16 +2,50 @@ "log": { "loglevel": "info" }, + "api": { + "services": [ + "HandlerService", + "LoggerService", + "StatsService" + ], + "tag": "api" + }, + "stats": {}, + "policy": { + "levels": { + "0": { + "statsUserUplink": true, + "statsUserDownlink": true + } + }, + "system": { + "statsInboundUplink": true, + "statsInboundDownlink": true, + "statsOutboundUplink": true, + "statsOutboundDownlink": true + } + }, "inbounds": [ + { + "listen": "127.0.0.1", + "port": 62789, + "protocol": "dokodemo-door", + "settings": { + "address": "127.0.0.1" + }, + "tag": "api", + "sniffing": null + }, { "tag": "Vless-TCP-XTLS", "port": 443, // This is TLS entrypoint. This entrypoint does the SSL Termination then routes the request based on the Path or ALPN type. "protocol": "vless", "settings": { "clients": [ - { - "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", - "flow": "xtls-rprx-vision" + { "email": "general@vless-tcp-xtls", //Change to your own email + "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", //Change to your own email + "flow": "xtls-rprx-vision", + "level": 0 // "flow": "xtls-rprx-direct" } ], @@ -127,7 +161,10 @@ }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } }, //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// @@ -138,8 +175,10 @@ "protocol": "vless", "settings": { "clients": [ - { - "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797" //Change to your own UUID + { "email":"general@vless-ws", //Change to your own email + "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", //Change to your own UUID + "level": 0 + } ], "decryption": "none" @@ -154,7 +193,10 @@ }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } }, { @@ -163,6 +205,7 @@ "settings": { "clients": [ { + "email": "general@vmess-ws", "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", "level": 0 } @@ -178,7 +221,10 @@ }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } }, { @@ -187,7 +233,9 @@ "settings": { "clients": [ { - "password": "desdemona99" + "email":"general@trojan-ws", + "password": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", + "level": 0 } ] }, @@ -201,7 +249,10 @@ }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } }, { @@ -210,8 +261,10 @@ "port": 4001, "protocol": "shadowsocks", "settings": { + "email":"general@shadowsocks-ws", "method": "chacha20-ietf-poly1305", - "password": "desdemona99" + "password": "desdemona99", + "level": 0 }, "streamSettings": { "network": "ws", @@ -222,7 +275,10 @@ }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } }, //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// @@ -234,7 +290,9 @@ "settings": { "clients": [ { - "password": "desdemona99" + "email":"general@trojan-tcp", + "password": "desdemona99", + "level": 0 } ], "fallbacks": [ @@ -254,7 +312,10 @@ }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } }, { @@ -263,7 +324,9 @@ "settings": { "clients": [ { - "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797" + "email":"general@vless-tcp", + "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", + "level": 0 } ], "decryption": "none" @@ -276,14 +339,19 @@ "header": { "type": "http", "request": { - "path": ["/vltc"] + "path": [ + "/vltc" + ] } } } }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } }, { @@ -292,6 +360,7 @@ "settings": { "clients": [ { + "email":"general@vmess-tcp", "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", "level": 0 } @@ -305,7 +374,9 @@ "header": { "type": "http", "request": { - "path": ["/vmtc"] //, + "path": [ + "/vmtc" + ] //, // "headers": { // "Host": ["www.varzesh3.com"] // } @@ -315,7 +386,10 @@ }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } }, { @@ -325,7 +399,9 @@ "protocol": "shadowsocks", "settings": { "method": "chacha20-ietf-poly1305", - "password": "desdemona99" + "password": "desdemona99", + "email": "general@shadowsocks-tcp", + "level":0 }, "streamSettings": { "network": "tcp", @@ -334,14 +410,19 @@ "header": { "type": "http", "request": { - "path": ["/sstc"] + "path": [ + "/sstc" + ] } } } }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } }, //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// @@ -354,8 +435,10 @@ "protocol": "trojan", "settings": { "clients": [ - { - "password": "desdemona99" + { + "email": "general@trojan-grpc", + "password": "desdemona99", + "level":0 } ] }, @@ -375,7 +458,9 @@ "settings": { "clients": [ { - "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797" + "email":"general@vless-grpc", + "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", + "level": 0 } ], "decryption": "none" @@ -396,6 +481,7 @@ "settings": { "clients": [ { + "email":"general@vmess-grpc", "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", //Change to your own UUID "level": 0 } @@ -427,7 +513,10 @@ }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } }, //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// @@ -438,8 +527,10 @@ "protocol": "trojan", "settings": { "clients": [ - { - "password": "desdemona99" + { + "email":"general@trojan-h2", + "password": "desdemona99", + "level": 0 } ] }, @@ -457,7 +548,9 @@ "settings": { "clients": [ { - "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797" //Change to your own UUID + "email":"general@vless-h2", //Change to your own email + "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", //Change to your own UUID + "level": 0 } ], "decryption": "none" @@ -471,7 +564,10 @@ }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } }, { @@ -479,7 +575,8 @@ "protocol": "vmess", "settings": { "clients": [ - { + { + "email":"general@vmess-h2", "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", "level": 0 } @@ -494,7 +591,10 @@ }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } }, { @@ -505,7 +605,8 @@ "settings": { "method": "chacha20-ietf-poly1305", "password": "desdemona99", //Change to your own password - "email": "2011@gmail.com" + "email": "general@shadowsocks-h2", + "level": 0 }, "streamSettings": { "network": "h2", @@ -516,7 +617,10 @@ }, "sniffing": { "enabled": true, - "destOverride": ["http", "tls"] + "destOverride": [ + "http", + "tls" + ] } } //, // { @@ -581,7 +685,7 @@ }, { "protocol": "blackhole", - "tag": "blackhole" + "tag": "blocked" }, { // A DNS Cache can be setup and added here to imporve performance (the corresponding rule should be uncommented) @@ -595,26 +699,35 @@ ], "routing": { "domainStrategy": "AsIs", - "settings": { - "rules": [ - // { - // // DNS Cache rule - // "type": "field", - // "port": 53, - // "network": "tcp,udp", - // "outboundTag": "DNS-Internal" - // }, - { - "type": "field", - "outboundTag": "blackhole", - "ip": ["geoip:private"] - }, - { - "type": "field", // Block BitTorrent protocol - "outboundTag": "blackhole", - "protocol": ["bittorrent"] - } - ] - } + "rules": [ + { + "inboundTag": [ + "api" + ], + "outboundTag": "api", + "type": "field" + }, + // { + // // DNS Cache rule + // "type": "field", + // "port": 53, + // "network": "tcp,udp", + // "outboundTag": "DNS-Internal" + // }, + { + "type": "field", + "outboundTag": "blocked", + "ip": [ + "geoip:private" + ] + }, + { + "type": "field", // Block BitTorrent protocol + "outboundTag": "blocked", + "protocol": [ + "bittorrent" + ] + } + ] } -} +} \ No newline at end of file