Update README.ENG.md url fix

Update vmess_ws_tls.json comment translate

Update vmess_tcp_tls.json comment translate

Update vless_ws_tls.json comment trnslate

Update vless_tcp_xtls.json comment translate

Update vless_tcp_tls.json comment translate

Update trojan_tcp_tls.json comment translate

Create README.ENG.md

Update README.md add link README.ENG.md

Update README.md add link README.ENG.md

Create README.ENG.md

Update README.md add link README.ENG.md

Create README.ENG.md

Update client.json comment transalate

Update server.json comment translate

Update README.md add english translate

Update README.md add english link

Create README.ENG.md

Update Caddyfile comment translate

Update client.json comment translate

Update server.json comment translate

Update README.md add link README.ENG.md

Create RREADME.ENG.md

Update config_client_tcp_tls.json translate comment

Update config_client_ws_tls.json translate comment

Update config_server.json comment translate

Update README.md add link README.ENG.md

Create README.ENG.md

Update config_client.json comment translate

Update config_server.json comment translate

Update client.json translate comment

Update server.json translate comment

Update README.md add link README.ENG.md

Create README.ENG.md

Update server.json translate comment

Update README.md add link README.ENG.md

Update README.md

Create README.ENG.md

Co-authored-by: lk29 <12291632+lk29@users.noreply.github.com>
This commit is contained in:
yuhan6665 2023-04-05 20:57:50 -04:00
parent 28052d756d
commit d35c6f5aaa
18 changed files with 482 additions and 4 deletions

View File

@ -0,0 +1,21 @@
# reverse proxy
# principle
Xray Client <--- VMESS/SS ---> Xray Portal (requires public IP) <--- VMESS/SS ---> Xray Bridge
# illustrate
In the configuration, the internal network device uses `bridge.json`, the device with public network ip uses `portal.json`, and the device connected to the intranet through `portal` uses `client.json`.
In practical applications, `VMESS-TCP, Shadowsocks-2022`, etc. can be used as the transmission protocols from Xray Client to Xray Portal, and from Xray Bridge to Xray Portal.
## psk
Shadowsocks 2022 uses a pre-shared key similar to WireGuard for the password.
Use `openssl rand -base64 <length>` to generate a shadowsocks-rust compatible key, the length depends on the encryption method used.
| encryption method | key length |
|--------------------------------|-----:|
| 2022-blake3-aes-128-gcm | 16 |
| 2022-blake3-aes-256-gcm | 32 |
| 2022-blake3-chacha20-poly1305 | 32 |
In the Go implementation, 32-bit keys always work.

View File

@ -1,5 +1,8 @@
[ENGLISH](README.ENG.md)
# 反向代理 # 反向代理
# 原理 # 原理
Xray Client <--- VMESS/SS ---> Xray Portal(需要公网 IP) <--- VMESS/SS ---> Xray Bridge Xray Client <--- VMESS/SS ---> Xray Portal(需要公网 IP) <--- VMESS/SS ---> Xray Bridge
# 说明 # 说明
配置中,内网设备使用的配置为 `bridge.json`,有公网 ip 的设备使用 `portal.json`,通过`portal`连接到内网的设备使用`client.json` 配置中,内网设备使用的配置为 `bridge.json`,有公网 ip 的设备使用 `portal.json`,通过`portal`连接到内网的设备使用`client.json`
@ -18,4 +21,4 @@ Shadowsocks 2022 使用与 WireGuard 类似的预共享密钥作为密码。
| 2022-blake3-aes-256-gcm | 32 | | 2022-blake3-aes-256-gcm | 32 |
| 2022-blake3-chacha20-poly1305 | 32 | | 2022-blake3-chacha20-poly1305 | 32 |
在 Go 实现中32 位密钥始终工作。 在 Go 实现中32 位密钥始终工作。

View File

@ -0,0 +1,20 @@
# VLESS over TCP with XTLS + fallback & split
Cooperate with fallback, use port 443 + XTLS + WS and route diversion to realize reverse proxy and enhance concealment.
There are two client connection methods: VLESS over WS with TLS / VLESS over TCP with XTLS
The portal setting defaults to the web server on port 80 (it can also be replaced with a database, FTP, etc.), refer to [VLESS-TCP-XTLS-WHATEVER](https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-WHATEVER/README.md)
# additional configuration
If your portal is outside the country, you can use routing splitting to achieve scientific Internet access + access to intranet devices at the same time.
## Routing split
According to the prompt in the configuration, in the `Portal` configuration, uncomment the first route:
```
// "ip": [
// "geoip:private"
// ],
```
At this time, when the traffic matches the `"external"` or `"externalws"` label, and the target ip of the access is a `private ip address`, the traffic will be forwarded to the bridge, and the rest of the traffic will go direct.

View File

@ -1,5 +1,7 @@
# VLESS over TCP with XTLS + 回落 & 分流 # VLESS over TCP with XTLS + 回落 & 分流
[ENGLISH](README.ENG.md)
配合回落,使用 443 端口 + XTLS + WS 和路由分流,实现反向代理,增强隐蔽性。 配合回落,使用 443 端口 + XTLS + WS 和路由分流,实现反向代理,增强隐蔽性。
客户端连接方式有 VLESS over WS with TLS / VLESS over TCP with XTLS 两种 客户端连接方式有 VLESS over WS with TLS / VLESS over TCP with XTLS 两种

View File

@ -0,0 +1,239 @@
#Shadowsocks2022
Server-side JSON
```json
{
"inbounds": [
{
"port": 1234,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "{{ psk }}",
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
```
Server-side JSON (multi-user)
```json
{
"inbounds": [
{
"port": 1234,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "{{ server psk }}",
"clients": [
{
"password": "{{ user psk }}",
"email": "my user"
}
],
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
```
Server-side JSON (transit)
```json
{
"inbounds": [
{
"port": 1234,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "{{ relay psk }}",
"clients": [
{
"address": "server",
"port": 1234,
"password": "{{ server/user psk }}",
"email": "my server"
}
],
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
```
Client JSON
```json
{
"inbounds": [
{
"port": 10801,
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 10802,
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 1234,
"method": "2022-blake3-aes-128-gcm",
"password": "{{ psk }}"
}
]
}
}
]
}
```
Client JSON (UDP over TCP)
```json
{
"inbounds": [
{
"port": 10801,
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 10802,
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 1234,
"method": "2022-blake3-aes-128-gcm",
"password": "{{ psk }}",
"uot": true
}
]
}
}
]
}
```
Client JSON (multi-user)
```json
{
"inbounds": [
{
"port": 10801,
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 10802,
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 1234,
"method": "2022-blake3-aes-128-gcm",
"password": "{{ server psk }}:{{ user psk }}"
}
]
}
}
]
}
```
Client JSON (transit)
```json
{
"inbounds": [
{
"port": 10801,
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 10802,
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 1234,
"method": "2022-blake3-aes-128-gcm",
"password": "{{ relay psk }}:{{ user psk }}"
}
]
}
}
]
}
```
## Password
Shadowsocks 2022 uses a pre-shared key similar to WireGuard for the password.
Use `openssl rand -base64 <length>` to generate a shadowsocks-rust compatible key, the length depends on the encryption method used.
| encryption method | key length |
|--------------------------------|-----:|
| 2022-blake3-aes-128-gcm | 16 |
| 2022-blake3-aes-256-gcm | 32 |
| 2022-blake3-chacha20-poly1305 | 32 |
In the Go implementation, 32-bit keys always work.

View File

@ -1,5 +1,7 @@
# Shadowsocks 2022 # Shadowsocks 2022
[ENGLISH](README.ENG.md)
服务端 JSON 服务端 JSON
```json ```json
@ -236,4 +238,4 @@ Shadowsocks 2022 使用与 WireGuard 类似的预共享密钥作为密码。
| 2022-blake3-aes-256-gcm | 32 | | 2022-blake3-aes-256-gcm | 32 |
| 2022-blake3-chacha20-poly1305 | 32 | | 2022-blake3-chacha20-poly1305 | 32 |
在 Go 实现中32 位密钥始终工作。 在 Go 实现中32 位密钥始终工作。

View File

@ -0,0 +1,81 @@
#Shadowsocks AEAD Quick Start
Server-side JSON
```json
{
"inbounds": [
{
"port": 12345,
"protocol": "shadowsocks",
"settings": {
"clients": [
{
"password": "example_user_1",
"method": "aes-128-gcm"
},
{
"password": "example_user_2",
"method": "aes-256-gcm"
},
{
"password": "example_user_3",
"method": "chacha20-poly1305"
}
],
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
```
Client JSON
```json
{
"inbounds": [
{
"port": 10801,
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 10802,
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "",
"port": 12345,
"password": "example_user_1",
"method": "aes-128-gcm"
}
]
}
}
]
}
```
## What's happening
No need for a graphical interface, just [**Xray-core**](https://github.com/XTLS/Xray-core) can quickly establish Shadowsocks AEAD encryption that supports Socks, HTTP proxy and **UDP FullCone** tunnel.
Xray-core has perfect support for UDP, thanks to the refactoring of each inbound and outbound code. The inbound UDP of Socks can accept requests from any network port.
As you can see, Xray-core also fully unleashes the potential of AEAD, **the server supports multiple users on a single port**, which is not implemented in any official version of Shadowsocks.
So when you need Shadowsocks, you only need Xray-core to solve the problem: high performance, cross-platform, easy to compile, and more powerful functions out of the box.

View File

@ -1,5 +1,7 @@
# Shadowsocks AEAD 快速上手 # Shadowsocks AEAD 快速上手
[ENGLISH](README.ENG.md)
服务端 JSON 服务端 JSON
```json ```json

View File

@ -0,0 +1,35 @@
# Trojan-gRPC-Caddy2/Nginx
## Schematic (Caddy):
Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server
## Nginx:
At the same time, you can also choose to use Nginx. A sample configuration snippet is as follows (partially from [@xqzr](https://github.com/xqzr)):
```conf
server {
listen 443 ssl http2 so_keepalive=on;
listen [::]:443 ssl http2 so_keepalive=on;
server_name example.com;
index index.html;
root /var/www/html;
ssl_certificate /path/to/example.cer;
ssl_certificate_key /path/to/example.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE -RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
client_header_timeout 52w;
keepalive_timeout 52w;
# Fill in /your ServiceName after location
location /your ServiceName {
if ($content_type !~ "application/grpc") {
return 404;
}
client_max_body_size 0;
client_body_buffer_size 512k;
grpc_set_header X-Real-IP $remote_addr;
client_body_timeout 52w;
grpc_read_timeout 52w;
grpc_pass unix:/dev/shm/Xray-Trojan-gRPC.socket;
}
}
```

View File

@ -1,4 +1,6 @@
# Trojan-gRPC-Caddy2Nginx # Trojan-gRPC-Caddy2Nginx
[ENGLISH](README.ENG.md)
## 原理图 (Caddy) ## 原理图 (Caddy)
Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server
## Nginx ## Nginx

35
VLESS-GRPC/README.ENG.md Normal file
View File

@ -0,0 +1,35 @@
# VLESS-GRPC
## Schematic (Caddy):
Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server
## Nginx:
At the same time, you can also choose to use Nginx. A sample configuration snippet is as follows (partially from [@xqzr](https://github.com/xqzr)):
```conf
server {
listen 443 ssl http2 so_keepalive=on;
server_name example.com;
index index.html;
root /var/www/html;
ssl_certificate /path/to/example.cer;
ssl_certificate_key /path/to/example.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE -RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
client_header_timeout 52w;
keepalive_timeout 52w;
# Fill in /your ServiceName after location
location /your ServiceName {
if ($content_type !~ "application/grpc") {
return 404;
}
client_max_body_size 0;
client_body_buffer_size 512k;
grpc_set_header X-Real-IP $remote_addr;
client_body_timeout 52w;
grpc_read_timeout 52w;
grpc_pass unix:/dev/shm/Xray-VLESS-gRPC.socket;
}
}
```

View File

@ -1,4 +1,6 @@
# VLESS-GRPC # VLESS-GRPC
[ENGLISH](README.ENG.md)
## 原理图 (Caddy) ## 原理图 (Caddy)
Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server
## Nginx ## Nginx

View File

@ -0,0 +1,18 @@
# VLESS over TCP with TLS + fallback (simplest configuration)
You need to have a domain name resolved to the server IP, and apply for a certificate, such as let's encrypt
You also need an Nginx: (or any web server like Caddy)
1. Use the package manager that comes with the system to install nginx. For details, please Google
2. The default configuration of nginx is to listen to port 80, no need to modify
3. Optional: Find and replace the index.html and other files that come with nginx
4. Execute `systemctl enable nginx` to set up autostart
5. Execute `systemctl start nginx` to start nginx
If the server has a firewall enabled or the VPS has a security group, remember to allow ports TCP/80 and 443
---
Next, you can learn about [site building configuration](<../VLESS-TCP-TLS%20(maximal%20by%20rprx)>) (fall back to advanced usage), try [advanced configuration](<../VLESS- TCP-TLS-WS%20(recommended)>) (distribution to WebSocket)

View File

@ -1,4 +1,5 @@
# VLESS over TCP with TLS + 回落(最简配置) # VLESS over TCP with TLS + 回落(最简配置)
[ENGLISH](README.ENG.md)
你需要有一个解析到服务器 IP 的域名,并且申请了证书,比如 let's encrypt 你需要有一个解析到服务器 IP 的域名,并且申请了证书,比如 let's encrypt

View File

@ -0,0 +1,13 @@
# VLESS over TCP with TLS + fallback & split to WebSocket (advanced configuration)
This is a superset of [Minimal Configuration](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>), using the powerful fallback and distribution features of VLESS, it realizes port 443 VLESS over TCP with TLS and Perfect coexistence of any WSS
This configuration is for reference. You can replace VLESS on WS with any other protocol such as VMess, and set more PATHs and protocol coexistence.
After deployment, you can connect to the server through VLESS over TCP with TLS and any WebSocket with TLS at the same time, the latter of which can be through CDN
According to the actual measurement, the performance of VLESS fallback shunt WS is stronger than that of Nginx reverse generation WS. The traditional VMess + WSS solution can be completely migrated without loss of compatibility.
---
Next, you can try [Ultimate Configuration](../VLESS-TCP-XTLS-WHATEVER): switch to XTLS to achieve ultimate performance, and offload to VMess over TCP, and more fallback and offload suggestions, not only Xray

View File

@ -1,4 +1,5 @@
# VLESS over TCP with TLS + 回落 & 分流 to WebSocket进阶配置 # VLESS over TCP with TLS + 回落 & 分流 to WebSocket进阶配置
[ENGLISH](README.ENG.md)
这里是 [最简配置](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>) 的超集,利用 VLESS 强大的回落分流特性,实现了 443 端口 VLESS over TCP with TLS 和任意 WSS 的完美共存 这里是 [最简配置](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>) 的超集,利用 VLESS 强大的回落分流特性,实现了 443 端口 VLESS over TCP with TLS 和任意 WSS 的完美共存

View File

@ -1,6 +1,6 @@
# VLESS over TCP with XTLS + fallback & split to WHATEVER (ultimate configuration) # VLESS over TCP with XTLS + fallback & split to WHATEVER (ultimate configuration)
This is a superset of [Advanced Configuration](<../VLESS-TCP-TLS-WS%20(recommended)>), using the powerful fallback and shunt features of VLESS, it realizes as many protocols and configurations as possible on port 443. Perfect coexistence, including [XTLS Direct Mode](https://github.com/rprx/v2fly-github-io/blob/master/docs/config/protocols/vless.md#xtls-%E9%BB%91%E7 %A7%91%E6%8A%80) This is a superset of [Advanced Configuration](<../VLESS-TCP-TLS-WS%20(recommended)>), using the powerful fallback and shunt features of VLESS, it realizes as many protocols and configurations as possible on port 443. Perfect coexistence, including [XTLS Direct Mode](https://github.com/rprx/v2fly-github-io/blob/master/docs/config/protocols/vless.md#xtls-%E9%BB%91%E7%A7%91%E6%8A%80)
The client can connect to the server through the following methods at the same time, and WS can pass through the CDN The client can connect to the server through the following methods at the same time, and WS can pass through the CDN

View File

@ -1 +1,2 @@
# (目前)请勿使用此配置过墙,记得套 TLS # (目前)请勿使用此配置过墙,记得套 TLS
# (currently) do not use this configuration to go through the wall, remember to set TLS