add VLESS-TCP-XTLS-WS

add reverse proxy examples add VLESS-TCP-XTLS-WS
2025-06-28 21:26:06 +08:00 · 2022-06-30 16:25:03 +08:00 · 2022-06-30 16:25:03 +08:00 · 99c3567db3
commit 99c3567db3
parent 7d3abd2153
10 changed files with 537 additions and 6 deletions
--- a/ReverseProxy/Shadowsocks-2022/client.json
+++ b/ReverseProxy/Shadowsocks-2022/client.json
@ -4,13 +4,11 @@
  },
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "domainMatcher": "mph",
    "rules": [
      {
        "type": "field",
        "port": "0-65535",
-        "outboundTag": "proxy",
+        "outboundTag": "proxy"
        "enabled": true
      }
    ]
  },
--- a/ReverseProxy/Shadowsocks-2022/portal.json
+++ b/ReverseProxy/Shadowsocks-2022/portal.json
@ -0,0 +1,54 @@
 {
  "log": {
    "loglevel": "warning"
  },
  "reverse": {
    "portals": [
      {
        "tag": "portal",
        "domain": "reverse.proxy"
      }
    ]
  },
  "inbounds": [
    {
      "tag": "external",
      "port": 65511,
      "protocol": "shadowsocks",
      "settings": {
        "method": "2022-blake3-aes-256-gcm",
        "password": "{{ psk external }}",
        "network": "tcp,udp"
      }
    },
    {
      "tag": "interconn",
      "port": 65510,
      "protocol": "shadowsocks",
      "settings": {
        "method": "2022-blake3-aes-256-gcm",
        "password": "{{ psk interconn }}",
        "network": "tcp,udp"
      }
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "inboundTag": [
          "external"
        ],
        "outboundTag": "portal"
      },
      {
        "type": "field",
        "inboundTag": [
          "interconn"
        ],
        "domain": [],
        "outboundTag": "portal"
      }
    ]
  }
 }
--- a/ReverseProxy/VLESS-TCP-XTLS-WS/README.md
+++ b/ReverseProxy/VLESS-TCP-XTLS-WS/README.md
@ -0,0 +1,15 @@
 # VLESS over TCP with XTLS + 回落 & 分流 
 配合回落，使用 443 端口 + XTLS + WS 和路由分流，实现反向代理，增强隐蔽性。
 客户端连接方式有 VLESS over WS with TLS / VLESS over TCP with XTLS 两种
 portal 设置默认回落到 80 端口的 Web 服务器（也可以换成数据库、FTP 等），参考 [VLESS-TCP-XTLS-WHATEVER](https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-WHATEVER/README.md)
 # 额外配置
 如果你的 portal 在境外，可以使用路由分流来同时实现科学上网 + 访问内网设备。
 ## 路由分流 
 根据配置内提示，在 `Portal` 配置中的路由设置为：
 匹配 `"external","externalws"` 标签，且访问的目标 ip 为`私有 ip`时，才将流量转发至 bridge，其余流量走 direct。
--- a/ReverseProxy/VLESS-TCP-XTLS-WS/bridge.json
+++ b/ReverseProxy/VLESS-TCP-XTLS-WS/bridge.json
@ -0,0 +1,71 @@
 {
  "log": {
    "loglevel": "warning"
  },
  "reverse": {
    "bridges": [
      {
        "tag": "bridge",
        "domain": "reverse.proxy"
      }
    ]
  },
  "outbounds": [
    {
      "tag": "interconn",
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "reverse.example", // 换成你的域名或 IP
            "port": 443,
            "users": [
              {
                "id": "", // 填写你的 UUID
                "encryption": "none",
                "level": 0
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "tlsSettings": {
          "allowInsecure": true,
          "serverName": "reverse.example" // 换成你的域名
        },
        "wsSettings": {
          "path": "/interconn" //对应 portal 中 interconn 的 path
        }
      }
    },
    {
      "protocol": "freedom",
      "settings": {},
      "tag": "out"
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "inboundTag": [
          "bridge"
        ],
        "domain": [
          "full:reverse.proxy"
        ],
        "outboundTag": "interconn"
      },
      {
        "type": "field",
        "inboundTag": [
          "bridge"
        ],
        "outboundTag": "out"
      }
    ]
  }
 }
--- a/ReverseProxy/VLESS-TCP-XTLS-WS/client_tcp.json
+++ b/ReverseProxy/VLESS-TCP-XTLS-WS/client_tcp.json
@ -0,0 +1,66 @@
 {
  "log": {
    "loglevel": "warning"
  },
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      {
        "type": "field",
        "port": "0-65535",
        "outboundTag": "proxy"
      }
    ]
  },
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": "2080",
      "protocol": "socks",
      "settings": {
        "auth": "noauth",
        "udp": true,
        "ip": "127.0.0.1"
      }
    },
    {
      "listen": "127.0.0.1",
      "port": "2081",
      "protocol": "http"
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "reverse.example", // 换成你的域名或服务器 IP
            "port": 443,
            "users": [
              {
                "id": "", // 填写你的 UUID
                "flow": "xtls-rprx-direct",
                "encryption": "none",
                "level": 0
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "xtls",
        "xtlsSettings": {
          "allowInsecure": true,
          "serverName": "reverse.example" // 换成你的域名
        }
      }
    },
    {
      "protocol": "freedom",
      "tag": "direct"
    }
  ]
 }
--- a/ReverseProxy/VLESS-TCP-XTLS-WS/client_ws.json
+++ b/ReverseProxy/VLESS-TCP-XTLS-WS/client_ws.json
@ -0,0 +1,68 @@
 {
  "log": {
    "loglevel": "warning"
  },
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      {
        "type": "field",
        "port": "0-65535",
        "outboundTag": "proxy"
      }
    ]
  },
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": "2080",
      "protocol": "socks",
      "settings": {
        "auth": "noauth",
        "udp": true,
        "ip": "127.0.0.1"
      }
    },
    {
      "listen": "127.0.0.1",
      "port": "2081",
      "protocol": "http"
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "reverse.example", // 换成你的域名或服务器 IP
            "port": 443,
            "users": [
              {
                "id": "", // 填写你的 UUID
                "encryption": "none",
                "level": 0
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "tlsSettings": {
          "allowInsecure": true,
          "serverName": "reverse.example" // 换成你的域名
        },
        "wsSettings": {
          "path": "/externalws" //对应 portal 中 externalws 的 path
        }
      }
    },
    {
      "protocol": "freedom",
      "tag": "direct"
    }
  ]
 }
--- a/ReverseProxy/VLESS-TCP-XTLS-WS/nginx.conf
+++ b/ReverseProxy/VLESS-TCP-XTLS-WS/nginx.conf
@ -0,0 +1,51 @@
 worker_processes auto;
 worker_cpu_affinity auto;
 worker_rlimit_nofile 65535;
 error_log logs/error.log warn;
 pid logs/nginx.pid;;
 events {
    worker_connections 1024;
    use epoll;
    multi_accept on;
 }
 http {
    include mime.types;
    default_type application/octet-stream;
    index    index.html index.htm
    log_format   main '$remote_addr - $remote_user [$time_local]  $status '
    '"$request" $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
    sendfile on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout 65;
    #gzip  on;
    server {
        listen 127.0.0.1:80;
        server_name yourserver_80.com;
        charset utf-8;
        access_log logs/yourserver_80.access.log main;
        location / {
            root /var/www/html;
        }
        error_page  404              /404.html;
        error_page 500 502 503 504 /50x.html;
    }
 }
--- a/ReverseProxy/VLESS-TCP-XTLS-WS/portal.json
+++ b/ReverseProxy/VLESS-TCP-XTLS-WS/portal.json
@ -0,0 +1,146 @@
 {
  "log": {
    "loglevel": "warning"
  },
  "reverse": {
    "portals": [
      {
        "tag": "portal",
        "domain": "reverse.proxy"
      }
    ]
  },
  "inbounds": [
    {
      "tag": "external",
      "port": 443,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "", //填写你的 UUID
            "flow": "xtls-rprx-direct",
            "level": 0,
            "email": "@external"
          }
        ],
        "decryption": "none",
        "fallbacks": [
          {
            "dest": 80
          },
          {
            "path": "/interconn", // 对应下面的 interconn 中的 PATH
            "dest": 65510,
            "xver": 1
          },
          {
            "path": "/externalws", // 对应下面的 externalws 中的 PATH
            "dest": 65511,
            "xver": 1
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "xtls",
        "xtlsSettings": {
          "alpn": [
            "http/1.1"
          ],
          "certificates": [
            {
              "certificateFile": "./fullchain.crt", // 换成你的证书，绝对路径
              "keyFile": "./private.key" // 换成你的私钥，绝对路径
            }
          ]
        }
      }
    },
    {
      "tag": "externalws",
      "port": 65511,
      "listen": "127.0.0.1",
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "", // 填写你的 UUID
            "level": 0,
            "email": "@externalws"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "ws",
        "security": "none",
        "wsSettings": {
          "acceptProxyProtocol": true, // 提醒：若你用 Nginx/Caddy 等反代 WS，需要删掉这行
          "path": "/externalws"
        }
      }
    },
    {
      "tag": "interconn",
      "port": 65510,
      "listen": "127.0.0.1",
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "", // 填写你的 UUID
            "level": 0,
            "email": "@interconn"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "ws",
        "security": "none",
        "wsSettings": {
          "acceptProxyProtocol": true,
          "path": "/interconn"
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "tag": "direct"
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "inboundTag": [
          "external",
          "externalws"
        ],
        // 默认将所有来自 external 的流量转发至bridge
        // 如果仅转发内网设备流量，则取消注释下面三行
        "ip": [
          "geoip:private"
        ],
        "outboundTag": "portal"
      },
      {
        "type": "field",
        "inboundTag": [
          "interconn"
        ],
        "domain": [],
        "outboundTag": "portal"
      },
      // 以下路由只会在第一条路由没被匹配到的情况下使用，因此无需额外处理
      {
        "type": "field",
        "port": "0-65535",
        "outboundTag": "direct"
      }
    ]
  }
 }
--- a/ReverseProxy/Vmess-TCP/client.json
+++ b/ReverseProxy/Vmess-TCP/client.json
@ -4,13 +4,11 @@
    },
    "routing": {
        "domainStrategy": "IPIfNonMatch",
        "domainMatcher": "mph",
        "rules": [
            {
                "type": "field",
                "port": "0-65535",
-                "outboundTag": "proxy",
+                "outboundTag": "proxy"
                "enabled": true
            }
        ]
    },
--- a/ReverseProxy/Vmess-TCP/portal.json
+++ b/ReverseProxy/Vmess-TCP/portal.json
@ -0,0 +1,64 @@
 {
  "log": {
    "loglevel": "warning"
  },
  "reverse": {
    "portals": [
      {
        "tag": "portal",
        "domain": "reverse.proxy"
      }
    ]
  },
  "inbounds": [
    {
      "tag": "external",
      "port": 65511,
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "{{ uuid }}"
          }
        ]
      },
      "streamSettings": {
        "network": "tcp"
      }
    },
    {
      "tag": "interconn",
      "port": 65510,
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "{{ uuid }}"
          }
        ]
      },
      "streamSettings": {
        "network": "tcp"
      }
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "inboundTag": [
          "external"
        ],
        "outboundTag": "portal"
      },
      {
        "type": "field",
        "inboundTag": [
          "interconn"
        ],
        "domain": [],
        "outboundTag": "portal"
      }
    ]
  }
 }