Add VLESS-TCP-REALITY(Without being stolen)

2025-01-18 22:09:29 +08:00 · 2024-10-20 12:05:33 +00:00 · 2024-10-20 12:05:33 +00:00 · c6ec3122f5
commit c6ec3122f5
parent bebf51e5f7
3 changed files with 154 additions and 0 deletions
--- a/stolen)/README.md
+++ b/stolen)/README.md
@ -0,0 +1,5 @@
+# 不会被偷跑流量的 REALITY
+
+一个老生常谈的问题，对于非法请求, reality都会无脑转发流量去dest，如果reality的dest指向一个cloudflare网站，那么相当于服务端变成了CF的端口转发，任何人扫过来都可以拿来嫖。
+
+目前的解决办法是不要使用这类的网站作为 dest, 懂一点的会告诉你用 nginx 的 stream 滤一遍 SNI 并丢掉非法请求，但是其实 Xray 本身就支持这种操作，这也是这个模板的原理
--- a/stolen)/config_client.jsonc
+++ b/stolen)/config_client.jsonc
@ -0,0 +1,56 @@
+// 直接从其他示例里 copy 过来的，客户端不需要任何特殊修改，要填的东西也一致
+{
+    "log": {
+        "loglevel": "debug"
+    },
+    "inbounds": [
+        {
+            "listen": "127.0.0.1", 
+            "port": 10808, 
+            "protocol": "socks",
+            "settings": {
+                "udp": true
+            },
+            "sniffing": {
+                "enabled": true,
+                "destOverride": [
+                    "http",
+                    "tls",
+                    "quic"
+                ],
+                "routeOnly": true
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "vless",
+            "settings": {
+                "vnext": [
+                    {
+                        "address": "127.0.0.1", 
+                        "port": 443, 
+                        "users": [
+                            {
+                                "id": "", // Needs to match server side
+                                "encryption": "none"
+                            }
+                        ]
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "reality",
+                "realitySettings": {
+                    "fingerprint": "chrome", 
+                    "serverName": "speed.cloudflare.com",
+                    "publicKey": "",
+                    "spiderX": "",
+                    "shortId": ""
+                }
+            },
+            "tag": "proxy"
+        }
+    ]
+}
--- a/stolen)/config_server.jsonc
+++ b/stolen)/config_server.jsonc
@ -0,0 +1,93 @@
+{
+    "log": {
+        "loglevel": "debug"
+    },
+    "inbounds": [
+        {
+            "tag": "dokodemo-in",
+            "port": 443,
+            "protocol": "dokodemo-door",
+            "settings": {
+                "address": "127.0.0.1",
+                "port": 4431,  // 指向内网中的 reality 端口，示例是这个端口，如果要自己修改了记得这里和下面的 reality 入站都要修改
+                "network": "tcp"
+            },
+            "sniffing": { // 这里的 sniffing 不是多余的，别乱动
+                "enabled": true,
+                "destOverride": [
+                    "tls"
+                ],
+                "routeOnly": true
+            }
+        },
+        {
+            "listen": "127.0.0.1",
+            "port": 4431, // 见上 如果和其他服务冲突了可以换
+            "protocol": "vless",
+            "settings": {
+                "clients": [
+                    {
+                        "id": "" // uuid
+                    }
+                ],
+                "decryption": "none"
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "reality",
+                "realitySettings": {
+                    // 下方要求和普通 reality 一致，这里演示 dest 设置为 cloudflare 不被偷跑流量所以设置为 speed.cloudflare.com 了
+                    // 你可以设置为其他 CF 网站，如果你的 dest 不是这种网站你也不用点了进来不是吗
+                    "dest": "speed.cloudflare.com:443",
+                    "serverNames": [
+                        "speed.cloudflare.com"
+                    ],
+                    "privateKey": "", // 运行 `xray x25519` 生成
+                    "shortIds": [
+                        "",
+                        "0123456789abcdef"
+                    ]
+                }
+            },
+            "sniffing": {
+                "enabled": true,
+                "destOverride": [
+                    "http",
+                    "tls",
+                    "quic"
+                ],
+                "routeOnly": true
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "freedom",
+            "tag": "direct"
+        },
+        {
+            "protocol": "blackhole",
+            "tag": "blcok"
+        }
+    ],
+    "routing": {
+        "rules": [
+            {
+                "inboundTag": [
+                    "dokodemo-in"
+                ],
+                // 重要，这个域名列表需要和 realitySettings 的 serverNames 保持一致
+                "domain": [
+                    "speed.cloudflare.com"
+                ],
+                "outboundTag": "direct"
+            },
+            {
+                "inboundTag": [
+                    "dokodemo-in"
+                ],
+                "outboundTag": "blcok"
+            }
+        ]
+    }
+}