From d00b801385ae64c5456dd34fa6a5955e5c002736 Mon Sep 17 00:00:00 2001 From: rnotlnglgq Date: Thu, 5 Jun 2025 19:20:46 +0000 Subject: [PATCH] Add a minimal VLESS-XHTTP-Reality configuration --- .../minimal-steal_others/README.en.md | 9 +++ .../minimal-steal_others/README.md | 12 +++ .../client-bypass-cn.jsonc | 77 ++++++++++++++++++ .../minimal-steal_others/client.jsonc | 63 +++++++++++++++ .../server-block-cn.jsonc | 79 +++++++++++++++++++ .../minimal-steal_others/server.jsonc | 60 ++++++++++++++ 6 files changed, 300 insertions(+) create mode 100644 VLESS-XHTTP-Reality/minimal-steal_others/README.en.md create mode 100644 VLESS-XHTTP-Reality/minimal-steal_others/README.md create mode 100644 VLESS-XHTTP-Reality/minimal-steal_others/client-bypass-cn.jsonc create mode 100644 VLESS-XHTTP-Reality/minimal-steal_others/client.jsonc create mode 100644 VLESS-XHTTP-Reality/minimal-steal_others/server-block-cn.jsonc create mode 100644 VLESS-XHTTP-Reality/minimal-steal_others/server.jsonc diff --git a/VLESS-XHTTP-Reality/minimal-steal_others/README.en.md b/VLESS-XHTTP-Reality/minimal-steal_others/README.en.md new file mode 100644 index 0000000..6176b83 --- /dev/null +++ b/VLESS-XHTTP-Reality/minimal-steal_others/README.en.md @@ -0,0 +1,9 @@ +# VLESS-XHTTP-Reality-steal_others + +[Reality](https://github.com/XTLS/REALITY) and [XHTTP](https://github.com/XTLS/Xray-core/discussions/4113) are two major techniques of Project X which are up-to-date. This example provides a minimal configuration, which can be used for new versions of Xray-core (and cannot be used for low versions, recommended >= [v25.3.6](https://github.com/XTLS/Xray-core/releases/tag/v25.3.6) ). There are also more complicated configurations provided by other community repositories. + +#### Note + +* Leave the fields blank as much as possible to ensure that users who have not configured their own will be responded to by xray-core with an error. +* Considering practicality, [domain name sniffing](https://xtls.github.io/config/inbound.html#sniffingobject) is enabled. +* The `"fingerprint"` field for Reality has a safe default value of `"chrome"` since version 24.12.18, so it is omitted in this example. Old versions of Xray-Core without a default value should not be able to recognize this configuration file (due to the `"target"` field), so it should be safe to omit it here. \ No newline at end of file diff --git a/VLESS-XHTTP-Reality/minimal-steal_others/README.md b/VLESS-XHTTP-Reality/minimal-steal_others/README.md new file mode 100644 index 0000000..765ad50 --- /dev/null +++ b/VLESS-XHTTP-Reality/minimal-steal_others/README.md @@ -0,0 +1,12 @@ +# VLESS-XHTTP-Reality-steal_others + +[Reality](https://github.com/XTLS/REALITY)与[XHTTP](https://github.com/XTLS/Xray-core/discussions/4113)是XTLS项目的两项主要且较新的技术。本示例配置提供一个极简配置,其可在较新版本的Xray-core使用(且无法在低版本使用,建议版本不旧于[v25.3.6](https://github.com/XTLS/Xray-core/releases/tag/v25.3.6))。目前亦有社区成员在其他仓库提供更复杂的配置方案。 + +另外根据[一些经验](https://github.com/XTLS/Xray-core/issues/1027),对于中国大陆用户建议使用[禁回国流量的路由规则](server-block-cn.jsonc),以避免服务器向境内网站发起连接而被标记为代理。 + +#### 备注 + +* 待填字段尽可能留空了,确保未自行配置的用户将被xray-core回应以报错。 +* 考虑到实用性,开启了[域名嗅探](https://xtls.github.io/config/inbound.html#sniffingobject)。 + +* Reality设定的`"fingerprint"`字段自24.12.18版本已有安全的默认值`"chrome"`,故不再标注。没有默认值的旧版Xray-core应该会因无法识别这个配置文件(因target字段),所以此处省略应该是安全的。 \ No newline at end of file diff --git a/VLESS-XHTTP-Reality/minimal-steal_others/client-bypass-cn.jsonc b/VLESS-XHTTP-Reality/minimal-steal_others/client-bypass-cn.jsonc new file mode 100644 index 0000000..4ba4f85 --- /dev/null +++ b/VLESS-XHTTP-Reality/minimal-steal_others/client-bypass-cn.jsonc @@ -0,0 +1,77 @@ +{ + "routing": { + "rules": [ + { + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + }, + { + "type": "field", + "ip": [ + "geoip:cn" + ], + "outboundTag": "direct" + }, + { + "type": "field", + "domain": [ + "geosite:cn" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": 10808, + "protocol": "socks" + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "", // 服务端的域名或 IP + "port": 443, // 填入配置服务器入站时设定的监听端口 + "users": [ + { + "id": "", // 与服务端一致 + "encryption": "none", + "flow": "" + } + ] + } + ] + }, + "streamSettings": { + "network": "xhttp", + "xhttpSettings": { + "path": "/yourpath" // 与服务端一致 + }, + "security": "reality", + "realitySettings": { + "serverName": "", // 在服务端所设serverNames列表中选择一个填入 + "publicKey": "", // 服务端执行 xray x25519 生成,私钥对应的公钥,填 "Public key" 的值 + "shortId": "", // 服务端 shortIds 之一 + "spiderX": "/somepath", // 爬虫初始路径与参数,建议每个客户端不同 + "fingerprint": "chrome" // 使用 uTLS 库模拟客户端 TLS 指纹。,为强调而保留。 + } + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + + ] +} diff --git a/VLESS-XHTTP-Reality/minimal-steal_others/client.jsonc b/VLESS-XHTTP-Reality/minimal-steal_others/client.jsonc new file mode 100644 index 0000000..c857754 --- /dev/null +++ b/VLESS-XHTTP-Reality/minimal-steal_others/client.jsonc @@ -0,0 +1,63 @@ +{ + "routing": { + "rules": [ + { + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": 10808, + "protocol": "socks" + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "", // 服务端的域名或 IP + "port": 443, // 填入配置服务器入站时设定的监听端口 + "users": [ + { + "id": "", // 与服务端一致 + "encryption": "none", + "flow": "" + } + ] + } + ] + }, + "streamSettings": { + "network": "xhttp", + "xhttpSettings": { + "path": "/yourpath" // 与服务端一致 + }, + "security": "reality", + "realitySettings": { + "serverName": "", // 在服务端所设serverNames列表中选择一个填入 + "publicKey": "", // 服务端执行 xray x25519 生成,私钥对应的公钥,填 "Public key" 的值 + "shortId": "", // 服务端 shortIds 之一 + "spiderX": "/somepath", // 爬虫初始路径与参数,建议每个客户端不同 + "fingerprint": "chrome" // 使用 uTLS 库模拟客户端 TLS 指纹。,为强调而保留。 + } + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + + ] +} diff --git a/VLESS-XHTTP-Reality/minimal-steal_others/server-block-cn.jsonc b/VLESS-XHTTP-Reality/minimal-steal_others/server-block-cn.jsonc new file mode 100644 index 0000000..bc7e406 --- /dev/null +++ b/VLESS-XHTTP-Reality/minimal-steal_others/server-block-cn.jsonc @@ -0,0 +1,79 @@ +{ + "routing": { + "domainStrategy": "IPIfNonMatch", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:cn" + ], + "outboundTag": "block" + }, + { + "type": "field", + "domain": [ + "geosite:cn" + ], + "outboundTag": "block" + } + ] + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 443, // 可根据实际情况更换端口 + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成 + "flow": "" + } + ], + "decryption": "none" + }, + "streamSettings": { + "network": "xhttp", + "xhttpSettings": { + "path": "/yourpath" // 自行设定路径 + }, + "security": "reality", + "realitySettings": { + // 此target字段原名为dest,从24.10.31版本开始开始使用新名称。 + // 目标网站最低标准:国外网站,支持 TLSv1.3 与 H2,域名非跳转用(主域名可能被用于跳转到 www)。详见 https://github.com/XTLS/REALITY + "target": "example.com:443", + "serverNames": [ + // 客户端可用的 serverName 列表,暂不支持 * 通配符 + // 执行 xray tls ping 目标网站网址,填 "Allowed domains" 的值 + ], + "privateKey": "", // 执行 xray x25519 生成,填 "Private key" 的值 + "shortIds": [ // 客户端可用的 shortId 列表,可用于区分不同的客户端 + // "", // 若有此项,客户端 shortId 可为空 + "00", // 0 到 f,长度为 2 的倍数,长度上限为 16 + "01", + "02" + ] + } + }, + "sniffing": { + "enabled": true, + "destOverride": [ + "http", + "tls", + "quic" + ] + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + + ] +} diff --git a/VLESS-XHTTP-Reality/minimal-steal_others/server.jsonc b/VLESS-XHTTP-Reality/minimal-steal_others/server.jsonc new file mode 100644 index 0000000..f1e79e7 --- /dev/null +++ b/VLESS-XHTTP-Reality/minimal-steal_others/server.jsonc @@ -0,0 +1,60 @@ +{ + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 443, // 可根据实际情况更换端口 + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成 + "flow": "" + } + ], + "decryption": "none" + }, + "streamSettings": { + "network": "xhttp", + "xhttpSettings": { + "path": "/yourpath" // 自行设定路径 + }, + "security": "reality", + "realitySettings": { + // 此target字段原名为dest,从24.10.31版本开始开始使用新名称。 + // 目标网站最低标准:国外网站,支持 TLSv1.3 与 H2,域名非跳转用(主域名可能被用于跳转到 www)。详见 https://github.com/XTLS/REALITY + "target": "example.com:443", + "serverNames": [ + // 客户端可用的 serverName 列表,暂不支持 * 通配符 + // 执行 xray tls ping 目标网站网址,填 "Allowed domains" 的值 + ], + "privateKey": "", // 执行 xray x25519 生成,填 "Private key" 的值 + "shortIds": [ // 客户端可用的 shortId 列表,可用于区分不同的客户端 + // "", // 若有此项,客户端 shortId 可为空 + "00", // 0 到 f,长度为 2 的倍数,长度上限为 16 + "01", + "02" + ] + } + }, + "sniffing": { + "enabled": true, + "destOverride": [ + "http", + "tls", + "quic" + ] + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + + ] +}