Add a minimal VLESS-XHTTP-Reality configuration

VLESS-XHTTP-Reality/minimal-steal_others/README.en.md

@@ -0,0 +1,9 @@
+# VLESS-XHTTP-Reality-steal_others
+
+[Reality](https://github.com/XTLS/REALITY) and [XHTTP](https://github.com/XTLS/Xray-core/discussions/4113) are two major techniques of Project X which are up-to-date. This example provides a minimal configuration, which can be used for new versions of Xray-core (and cannot be used for low versions, recommended >= [v25.3.6](https://github.com/XTLS/Xray-core/releases/tag/v25.3.6) ). There are also more complicated configurations provided by other community repositories.
+
+#### Note
+
+* Leave the fields blank as much as possible to ensure that users who have not configured their own will be responded to by xray-core with an error.
+* Considering practicality, [domain name sniffing](https://xtls.github.io/config/inbound.html#sniffingobject) is enabled.
+* The `"fingerprint"` field for Reality has a safe default value of `"chrome"` since version 24.12.18, so it is omitted in this example. Old versions of Xray-Core without a default value should not be able to recognize this configuration file (due to the `"target"` field), so it should be safe to omit it here.

VLESS-XHTTP-Reality/minimal-steal_others/README.md

@@ -0,0 +1,12 @@
+# VLESS-XHTTP-Reality-steal_others
+
+[Reality](https://github.com/XTLS/REALITY)与[XHTTP](https://github.com/XTLS/Xray-core/discussions/4113)是XTLS项目的两项主要且较新的技术。本示例配置提供一个极简配置，其可在较新版本的Xray-core使用（且无法在低版本使用，建议版本不旧于[v25.3.6](https://github.com/XTLS/Xray-core/releases/tag/v25.3.6)）。目前亦有社区成员在其他仓库提供更复杂的配置方案。
+
+另外根据[一些经验](https://github.com/XTLS/Xray-core/issues/1027)，对于中国大陆用户建议使用[禁回国流量的路由规则](server-block-cn.jsonc)，以避免服务器向境内网站发起连接而被标记为代理。
+
+#### 备注
+
+* 待填字段尽可能留空了，确保未自行配置的用户将被xray-core回应以报错。
+* 考虑到实用性，开启了[域名嗅探](https://xtls.github.io/config/inbound.html#sniffingobject)。
+
+* Reality设定的`"fingerprint"`字段自24.12.18版本已有安全的默认值`"chrome"`，故不再标注。没有默认值的旧版Xray-core应该会因无法识别这个配置文件（因target字段），所以此处省略应该是安全的。

VLESS-XHTTP-Reality/minimal-steal_others/client-bypass-cn.jsonc

@@ -0,0 +1,77 @@
+{
+    "routing": {
+        "rules": [
+            {
+                "ip": [
+                    "geoip:private"
+                ],
+                "outboundTag": "direct"
+            },
+            {
+                "type": "field",
+                "ip": [
+                    "geoip:cn"
+                ],
+                "outboundTag": "direct"
+            },
+            {
+                "type": "field",
+                "domain": [
+                    "geosite:cn"
+                ],
+                "outboundTag": "direct"
+            }
+        ]
+    },
+    "inbounds": [
+        {
+            "listen": "127.0.0.1",
+            "port": 10808,
+            "protocol": "socks"
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "vless",
+            "settings": {
+                "vnext": [
+                    {
+                        "address": "", // 服务端的域名或 IP
+                        "port": 443, // 填入配置服务器入站时设定的监听端口
+                        "users": [
+                            {
+                                "id": "", // 与服务端一致
+                                "encryption": "none",
+                                "flow": ""
+                            }
+                        ]
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "xhttp",
+                "xhttpSettings": {
+                    "path": "/yourpath" // 与服务端一致
+                },
+                "security": "reality",
+                "realitySettings": {
+                    "serverName": "", // 在服务端所设serverNames列表中选择一个填入
+                    "publicKey": "", // 服务端执行 xray x25519 生成，私钥对应的公钥，填 "Public key" 的值
+                    "shortId": "", // 服务端 shortIds 之一
+                    "spiderX": "/somepath", // 爬虫初始路径与参数，建议每个客户端不同
+                    "fingerprint": "chrome" // 使用 uTLS 库模拟客户端 TLS 指纹。，为强调而保留。
+                }
+            },
+            "tag": "proxy"
+        },
+        {
+            "protocol": "freedom",
+            "tag": "direct"
+        },
+        {
+            "protocol": "blackhole",
+            "tag": "block"
+        }
+
+    ]
+}

VLESS-XHTTP-Reality/minimal-steal_others/client.jsonc

@@ -0,0 +1,63 @@
+{
+    "routing": {
+        "rules": [
+            {
+                "ip": [
+                    "geoip:private"
+                ],
+                "outboundTag": "direct"
+            }
+        ]
+    },
+    "inbounds": [
+        {
+            "listen": "127.0.0.1",
+            "port": 10808,
+            "protocol": "socks"
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "vless",
+            "settings": {
+                "vnext": [
+                    {
+                        "address": "", // 服务端的域名或 IP
+                        "port": 443, // 填入配置服务器入站时设定的监听端口
+                        "users": [
+                            {
+                                "id": "", // 与服务端一致
+                                "encryption": "none",
+                                "flow": ""
+                            }
+                        ]
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "xhttp",
+                "xhttpSettings": {
+                    "path": "/yourpath" // 与服务端一致
+                },
+                "security": "reality",
+                "realitySettings": {
+                    "serverName": "", // 在服务端所设serverNames列表中选择一个填入
+                    "publicKey": "", // 服务端执行 xray x25519 生成，私钥对应的公钥，填 "Public key" 的值
+                    "shortId": "", // 服务端 shortIds 之一
+                    "spiderX": "/somepath", // 爬虫初始路径与参数，建议每个客户端不同
+                    "fingerprint": "chrome" // 使用 uTLS 库模拟客户端 TLS 指纹。，为强调而保留。
+                }
+            },
+            "tag": "proxy"
+        },
+        {
+            "protocol": "freedom",
+            "tag": "direct"
+        },
+        {
+            "protocol": "blackhole",
+            "tag": "block"
+        }
+
+    ]
+}

VLESS-XHTTP-Reality/minimal-steal_others/server-block-cn.jsonc

@@ -0,0 +1,79 @@
+{
+    "routing": {
+        "domainStrategy": "IPIfNonMatch",
+        "rules": [
+           {
+               "type": "field",
+               "ip": [
+                   "geoip:cn"
+               ],
+               "outboundTag": "block"
+           },
+           {
+               "type": "field",
+               "domain": [
+                   "geosite:cn"
+               ],
+               "outboundTag": "block"
+           }
+        ]
+    },
+    "inbounds": [
+        {
+            "listen": "0.0.0.0",
+            "port": 443, // 可根据实际情况更换端口
+            "protocol": "vless",
+            "settings": {
+                "clients": [
+                    {
+                        "id": "", // 长度为 1-30 字节的任意字符串，或执行 xray uuid 生成
+                        "flow": ""
+                    }
+                ],
+                "decryption": "none"
+            },
+            "streamSettings": {
+                "network": "xhttp",
+                "xhttpSettings": {
+                    "path": "/yourpath" // 自行设定路径
+                },
+                "security": "reality",
+                "realitySettings": {
+                    // 此target字段原名为dest，从24.10.31版本开始开始使用新名称。
+                    // 目标网站最低标准：国外网站，支持 TLSv1.3 与 H2，域名非跳转用（主域名可能被用于跳转到 www）。详见 https://github.com/XTLS/REALITY
+                    "target": "example.com:443",
+                    "serverNames": [
+                    // 客户端可用的 serverName 列表，暂不支持 * 通配符
+                    // 执行 xray tls ping 目标网站网址，填 "Allowed domains" 的值
+                    ],
+                    "privateKey": "", // 执行 xray x25519 生成，填 "Private key" 的值
+                    "shortIds": [ // 客户端可用的 shortId 列表，可用于区分不同的客户端
+                        // "", // 若有此项，客户端 shortId 可为空
+                        "00", // 0 到 f，长度为 2 的倍数，长度上限为 16
+                        "01",
+                        "02"
+                    ]
+                }
+            },
+            "sniffing": {
+                "enabled": true,
+                "destOverride": [
+                    "http",
+                    "tls",
+                    "quic"
+                ]
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "freedom",
+            "tag": "direct"
+        },
+        {
+            "protocol": "blackhole",
+            "tag": "block"
+        }
+
+    ]
+}

VLESS-XHTTP-Reality/minimal-steal_others/server.jsonc

@@ -0,0 +1,60 @@
+{
+    "inbounds": [
+        {
+            "listen": "0.0.0.0",
+            "port": 443, // 可根据实际情况更换端口
+            "protocol": "vless",
+            "settings": {
+                "clients": [
+                    {
+                        "id": "", // 长度为 1-30 字节的任意字符串，或执行 xray uuid 生成
+                        "flow": ""
+                    }
+                ],
+                "decryption": "none"
+            },
+            "streamSettings": {
+                "network": "xhttp",
+                "xhttpSettings": {
+                    "path": "/yourpath" // 自行设定路径
+                },
+                "security": "reality",
+                "realitySettings": {
+                    // 此target字段原名为dest，从24.10.31版本开始开始使用新名称。
+                    // 目标网站最低标准：国外网站，支持 TLSv1.3 与 H2，域名非跳转用（主域名可能被用于跳转到 www）。详见 https://github.com/XTLS/REALITY
+                    "target": "example.com:443",
+                    "serverNames": [
+                    // 客户端可用的 serverName 列表，暂不支持 * 通配符
+                    // 执行 xray tls ping 目标网站网址，填 "Allowed domains" 的值
+                    ],
+                    "privateKey": "", // 执行 xray x25519 生成，填 "Private key" 的值
+                    "shortIds": [ // 客户端可用的 shortId 列表，可用于区分不同的客户端
+                        // "", // 若有此项，客户端 shortId 可为空
+                        "00", // 0 到 f，长度为 2 的倍数，长度上限为 16
+                        "01",
+                        "02"
+                    ]
+                }
+            },
+            "sniffing": {
+                "enabled": true,
+                "destOverride": [
+                    "http",
+                    "tls",
+                    "quic"
+                ]
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "freedom",
+            "tag": "direct"
+        },
+        {
+            "protocol": "blackhole",
+            "tag": "block"
+        }
+
+    ]
+}