Deprecate VLESS-TCP-TLS-WS and add VLESS-XHTTP-Reality (#230)

* tag VLESS-TCP-TLS-WS as deprecated instead of recommended * Add a minimal VLESS-XHTTP-Reality configuration
2025-09-18 05:04:28 +08:00 · 2025-07-20 15:57:59 +00:00
parent d4e592b842
commit c7e8d285a0
11 changed files with 313 additions and 0 deletions
--- a/VLESS-TCP-TLS-WS/README.ENG.md
+++ b/VLESS-TCP-TLS-WS/README.ENG.md
@@ -0,0 +1,19 @@
+# VLESS over TCP with TLS + fallback & split to WebSocket (advanced configuration)
+
+## Caution
+
+**This configuration was tagged as recommended, however https://github.com/XTLS/Xray-core/issues/1750#issuecomment-1459469821 had mentioned its vulnerabilities and it should be tagged as <u>deprecated</u>.**
+
+## Original Content
+
+This is a superset of [Minimal Configuration](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>), using the powerful fallback and distribution features of VLESS, it realizes port 443 VLESS over TCP with TLS and Perfect coexistence of any WSS
+
+This configuration is for reference. You can replace VLESS on WS with any other protocol such as VMess, and set more PATHs and protocol coexistence.
+
+After deployment, you can connect to the server through VLESS over TCP with TLS and any WebSocket with TLS at the same time, the latter of which can be through CDN
+
+According to the actual measurement, the performance of VLESS fallback shunt WS is stronger than that of Nginx reverse generation WS. The traditional VMess + WSS solution can be completely migrated without loss of compatibility.
+
+---
+
+Next, you can try [Ultimate Configuration](../VLESS-TCP-XTLS-WHATEVER): switch to XTLS to achieve ultimate performance, and offload to VMess over TCP, and more fallback and offload suggestions, not only Xray
--- a/VLESS-TCP-TLS-WS/README.md
+++ b/VLESS-TCP-TLS-WS/README.md
@@ -0,0 +1,21 @@
+# VLESS over TCP with TLS + 回落 & 分流 to WebSocket（进阶配置）
+
+## 注意
+
+**这个配置过去被标记为推荐，然而 https://github.com/XTLS/Xray-core/issues/1750#issuecomment-1459469821 提到其安全缺陷，且它应当列为<u>已废弃</u>。**
+
+## 原文
+
+[ENGLISH](README.ENG.md)
+
+这里是 [最简配置](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>) 的超集，利用 VLESS 强大的回落分流特性，实现了 443 端口 VLESS over TCP with TLS 和任意 WSS 的完美共存
+
+该配置供参考，你可以将 WS 上的 VLESS 换成 VMess 等其它任何协议，以及设置更多 PATH、协议共存，都可以做到
+
+部署后，你可以同时通过 VLESS over TCP with TLS 和任意 WebSocket with TLS 方式连接到服务器，其中后者都可以通过 CDN
+
+经实测，VLESS 回落分流 WS 比 Nginx 反代 WS 性能更强，传统的 VMess + WSS 方案完全可以迁移过来，且不失兼容
+
+---
+
+接下来，你可以尝试 [终极配置](../VLESS-TCP-XTLS-WHATEVER)：换用 XTLS 实现极致性能，还有分流到 VMess over TCP，以及更多回落分流建议，不只 Xray
--- a/VLESS-TCP-TLS-WS/config_client_tcp_tls.jsonc
+++ b/VLESS-TCP-TLS-WS/config_client_tcp_tls.jsonc
@@ -0,0 +1,42 @@
+{
+    "log": {
+        "loglevel": "warning"
+    },
+    "inbounds": [
+        {
+            "port": 10800,
+            "listen": "127.0.0.1",
+            "protocol": "socks",
+            "settings": {
+                "udp": true
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "vless",
+            "settings": {
+                "vnext": [
+                    {
+                        "address": "example.com", // 换成你的域名或服务器 IP（发起请求时无需解析域名了）
+                        "port": 443,
+                        "users": [
+                            {
+                                "id": "", // 填写你的 UUID
+                                "encryption": "none",
+                                "level": 0
+                            }
+                        ]
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "tls",
+                "tlsSettings": {
+                    "serverName": "example.com" // 换成你的域名
+                }
+            }
+        }
+    ]
+}
--- a/VLESS-TCP-TLS-WS/config_client_ws_tls.jsonc
+++ b/VLESS-TCP-TLS-WS/config_client_ws_tls.jsonc
@@ -0,0 +1,45 @@
+{
+    "log": {
+        "loglevel": "warning"
+    },
+    "inbounds": [
+        {
+            "port": 10800,
+            "listen": "127.0.0.1",
+            "protocol": "socks",
+            "settings": {
+                "udp": true
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "vless",
+            "settings": {
+                "vnext": [
+                    {
+                        "address": "example.com", // 换成你的域名或服务器 IP（发起请求时无需解析域名了）
+                        "port": 443,
+                        "users": [
+                            {
+                                "id": "", // 填写你的 UUID
+                                "encryption": "none",
+                                "level": 0
+                            }
+                        ]
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "ws",
+                "security": "tls",
+                "tlsSettings": {
+                    "serverName": "example.com" // 换成你的域名
+                },
+                "wsSettings": {
+                    "path": "/websocket" // 必须换成自定义的 PATH，需要和服务端的一致
+                }
+            }
+        }
+    ]
+}
--- a/VLESS-TCP-TLS-WS/config_server.jsonc
+++ b/VLESS-TCP-TLS-WS/config_server.jsonc
@@ -0,0 +1,74 @@
+{
+    "log": {
+        "loglevel": "warning"
+    },
+    "inbounds": [
+        {
+            "port": 443,
+            "protocol": "vless",
+            "settings": {
+                "clients": [
+                    {
+                        "id": "", // 填写你的 UUID
+                        "level": 0,
+                        "email": "love@example.com"
+                    }
+                ],
+                "decryption": "none",
+                "fallbacks": [
+                    {
+                        "dest": 80
+                    },
+                    {
+                        "path": "/websocket", // 必须换成自定义的 PATH
+                        "dest": 1234,
+                        "xver": 1
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "tls",
+                "tlsSettings": {
+                    "alpn": [
+                        "http/1.1"
+                    ],
+                    "certificates": [
+                        {
+                            "certificateFile": "/path/to/fullchain.crt", // 换成你的证书，绝对路径
+                            "keyFile": "/path/to/private.key" // 换成你的私钥，绝对路径
+                        }
+                    ]
+                }
+            }
+        },
+        {
+            "port": 1234,
+            "listen": "127.0.0.1",
+            "protocol": "vless",
+            "settings": {
+                "clients": [
+                    {
+                        "id": "", // 填写你的 UUID
+                        "level": 0,
+                        "email": "love@example.com"
+                    }
+                ],
+                "decryption": "none"
+            },
+            "streamSettings": {
+                "network": "ws",
+                "security": "none",
+                "wsSettings": {
+                    "acceptProxyProtocol": true, // 提醒：若你用 Nginx/Caddy 等反代 WS，需要删掉这行
+                    "path": "/websocket" // 必须换成自定义的 PATH，需要和上面的一致
+                }
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "freedom"
+        }
+    ]
+}