Update Caddyfile

Update nginx.conf
Update server.jsonc
2025-09-20 22:24:28 +08:00 · 2024-10-26 03:10:34 +08:00 · 2024-10-26 02:55:19 +08:00 · 2024-10-26 02:54:54 +08:00 · 2024-10-26 02:48:55 +08:00 · 2024-10-26 02:38:33 +08:00
119 changed files with 783 additions and 590 deletions
--- a/All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-H2-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-H2-TLS.jsonc
--- a/All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-TCP-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-TCP-TLS.jsonc
--- a/All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-WS-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-WS-TLS.jsonc
@@ -28,7 +28,7 @@
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
-          "path": "/ssws?ed=2048"
+          "path": "/ssws?ed=2560"
        },
        "security": "tls",
        "tlsSettings": {
--- a/All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-gRPC.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-gRPC.jsonc
--- a/All-in-One-fallbacks-Nginx/client.configs/Trojan-H2-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/Trojan-H2-TLS.jsonc
--- a/All-in-One-fallbacks-Nginx/client.configs/Trojan-TCP-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/Trojan-TCP-TLS.jsonc
--- a/All-in-One-fallbacks-Nginx/client.configs/Trojan-WS-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/Trojan-WS-TLS.jsonc
@@ -27,7 +27,7 @@
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
-          "path": "/trojanws?ed=2048"
+          "path": "/trojanws?ed=2560"
        },
        "security": "tls",
        "tlsSettings": {
--- a/All-in-One-fallbacks-Nginx/client.configs/Trojan-gRPC-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/Trojan-gRPC-TLS.jsonc
--- a/All-in-One-fallbacks-Nginx/client.configs/VMESS-H2-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/VMESS-H2-TLS.jsonc
--- a/All-in-One-fallbacks-Nginx/client.configs/VMESS-TCP-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/VMESS-TCP-TLS.jsonc
--- a/All-in-One-fallbacks-Nginx/client.configs/VMESS-WS-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/VMESS-WS-TLS.jsonc
@@ -33,7 +33,7 @@
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
-          "path": "/vmws?ed=2048"
+          "path": "/vmws?ed=2560"
        },
        "security": "tls",
        "tlsSettings": {
--- a/All-in-One-fallbacks-Nginx/client.configs/VMESS-gRPC-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/VMESS-gRPC-TLS.jsonc
--- a/All-in-One-fallbacks-Nginx/client.configs/Vless-H2-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/Vless-H2-TLS.jsonc
--- a/All-in-One-fallbacks-Nginx/client.configs/Vless-TCP-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/Vless-TCP-TLS.jsonc
--- a/All-in-One-fallbacks-Nginx/client.configs/Vless-TCP-XTLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/Vless-TCP-XTLS.jsonc
--- a/All-in-One-fallbacks-Nginx/client.configs/Vless-WS-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/Vless-WS-TLS.jsonc
@@ -32,7 +32,7 @@
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
-          "path": "/vlws?ed=2048"
+          "path": "/vlws?ed=2560"
        },
        "security": "tls",
        "tlsSettings": {
--- a/All-in-One-fallbacks-Nginx/client.configs/Vless-gRPC-TLS.jsonc
+++ b/All-in-One-fallbacks-Nginx/client.configs/Vless-gRPC-TLS.jsonc
--- a/All-in-One-fallbacks-Nginx/generate.sh
+++ b/All-in-One-fallbacks-Nginx/generate.sh
@@ -132,7 +132,7 @@ Printqr()
            echo $line | sed -n -e 's/^.*#//p'
            curl qrcode.show -d $line
        fi 
-    done < result
+    done < result.txt
 }

 while getopts "mrqb" option; do
--- a/All-in-One-fallbacks-Nginx/server.jsonc
+++ b/All-in-One-fallbacks-Nginx/server.jsonc
--- a/ReverseProxy/Shadowsocks-2022/bridge.jsonc
+++ b/ReverseProxy/Shadowsocks-2022/bridge.jsonc
--- a/ReverseProxy/Shadowsocks-2022/client.jsonc
+++ b/ReverseProxy/Shadowsocks-2022/client.jsonc
--- a/ReverseProxy/Shadowsocks-2022/portal.jsonc
+++ b/ReverseProxy/Shadowsocks-2022/portal.jsonc
--- a/ReverseProxy/VLESS-TCP-XTLS-WS/bridge.jsonc
+++ b/ReverseProxy/VLESS-TCP-XTLS-WS/bridge.jsonc
--- a/ReverseProxy/VLESS-TCP-XTLS-WS/client_tcp.jsonc
+++ b/ReverseProxy/VLESS-TCP-XTLS-WS/client_tcp.jsonc
--- a/ReverseProxy/VLESS-TCP-XTLS-WS/client_ws.jsonc
+++ b/ReverseProxy/VLESS-TCP-XTLS-WS/client_ws.jsonc
--- a/ReverseProxy/VLESS-TCP-XTLS-WS/portal.jsonc
+++ b/ReverseProxy/VLESS-TCP-XTLS-WS/portal.jsonc
--- a/ReverseProxy/Vmess-TCP/bridge.jsonc
+++ b/ReverseProxy/Vmess-TCP/bridge.jsonc
--- a/ReverseProxy/Vmess-TCP/client.jsonc
+++ b/ReverseProxy/Vmess-TCP/client.jsonc
--- a/ReverseProxy/Vmess-TCP/portal.jsonc
+++ b/ReverseProxy/Vmess-TCP/portal.jsonc
--- a/Shadowsocks-TCP/client.jsonc
+++ b/Shadowsocks-TCP/client.jsonc
--- a/Shadowsocks-TCP/server.jsonc
+++ b/Shadowsocks-TCP/server.jsonc
--- a/Socks5-TLS/config_client.jsonc
+++ b/Socks5-TLS/config_client.jsonc
--- a/Socks5-TLS/config_server.jsonc
+++ b/Socks5-TLS/config_server.jsonc
--- a/(minimal)/config_client.jsonc
+++ b/(minimal)/config_client.jsonc
--- a/(minimal)/config_server.jsonc
+++ b/(minimal)/config_server.jsonc
--- a/Trojan-TCP-XTLS/config_client.jsonc
+++ b/Trojan-TCP-XTLS/config_client.jsonc
--- a/Trojan-TCP-XTLS/config_server.jsonc
+++ b/Trojan-TCP-XTLS/config_server.jsonc
--- a/Trojan-gRPC-Caddy2／Nginx/README.ENG.md
+++ b/Trojan-gRPC-Caddy2／Nginx/README.ENG.md
@@ -5,8 +5,8 @@ Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server
 At the same time, you can also choose to use Nginx. A sample configuration snippet is as follows (partially from [@xqzr](https://github.com/xqzr)):
 ```conf
 server {
-listen 443 ssl http2 so_keepalive=on;
-         listen [::]:443 ssl http2 so_keepalive=on;
+listen 443 ssl http2;
+         listen [::]:443 ssl http2;
 server_name example.com;

 index index.html;
@@ -17,8 +17,8 @@ ssl_certificate_key /path/to/example.key;
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE -RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

-client_header_timeout 52w;
-         keepalive_timeout 52w;
+client_header_timeout 1w;
+keepalive_timeout 30m;
 # Fill in /your ServiceName after location
 location /your ServiceName {
 if ($content_type !~ "application/grpc") {
@@ -27,8 +27,9 @@ return 404;
 client_max_body_size 0;
 client_body_buffer_size 512k;
 grpc_set_header X-Real-IP $remote_addr;
-client_body_timeout 52w;
-grpc_read_timeout 52w;
+client_body_timeout 1w;
+grpc_read_timeout 1w;
+grpc_send_timeout 1w;
 grpc_pass unix:/dev/shm/Xray-Trojan-gRPC.socket;
 }
 }
--- a/Trojan-gRPC-Caddy2／Nginx/README.md
+++ b/Trojan-gRPC-Caddy2／Nginx/README.md
@@ -7,8 +7,8 @@ Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server
 同时，您也可以选择使用 Nginx。示例配置片段如下（部分来自 [@xqzr](https://github.com/xqzr)）：
 ```conf
 server {
-	listen 443 ssl http2 so_keepalive=on;
-        listen [::]:443 ssl http2 so_keepalive=on;
+	listen 443 ssl http2;
+        listen [::]:443 ssl http2;
 	server_name example.com;

 	index index.html;
@@ -19,18 +19,19 @@ server {
 	ssl_protocols TLSv1.2 TLSv1.3;
 	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 	
-	client_header_timeout 52w;
-        keepalive_timeout 52w;
+	client_header_timeout 1w;
+        keepalive_timeout 30m;
 	# 在 location 后填写 /你的 ServiceName
 	location /你的 ServiceName {
-		if ($content_type !~ "application/grpc") {
+		if ($content_type !~ "^application/grpc") {
 			return 404;
 		}
 		client_max_body_size 0;
 		client_body_buffer_size 512k;
 		grpc_set_header X-Real-IP $remote_addr;
-		client_body_timeout 52w;
-		grpc_read_timeout 52w;
+		client_body_timeout 1w;
+		grpc_read_timeout 1w;
+		grpc_send_timeout 1w;
 		grpc_pass unix:/dev/shm/Xray-Trojan-gRPC.socket;
 	}
 }
--- a/Trojan-gRPC-Caddy2／Nginx/client.jsonc
+++ b/Trojan-gRPC-Caddy2／Nginx/client.jsonc
--- a/Trojan-gRPC-Caddy2／Nginx/server.jsonc
+++ b/Trojan-gRPC-Caddy2／Nginx/server.jsonc
--- a/VLESS-GRPC/Caddyfile
+++ b/VLESS-GRPC/Caddyfile
@@ -4,6 +4,7 @@ xx.com {
 		path /ServiceName/* # 修改为你自己的 ServiceName，且仅能存在两个斜杠。（如：/MyService/ServiceName/*会导致错误）
 	}
 	reverse_proxy @grpc unix//dev/shm/Xray-VLESS-gRPC.socket {
+		flush_interval -1
 		transport http {
 			versions h2c
 		}
--- a/VLESS-GRPC/README.ENG.md
+++ b/VLESS-GRPC/README.ENG.md
@@ -7,6 +7,7 @@ At the same time, you can also choose to use Nginx. A sample configuration snipp
 ```conf
 server {
 listen 443 ssl http2 so_keepalive=on;
+listen [::]:443 ssl http2 so_keepalive=on;
 server_name example.com;

 index index.html;
--- a/VLESS-GRPC/README.md
+++ b/VLESS-GRPC/README.md
@@ -7,7 +7,8 @@ Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server
 同时，您也可以选择使用 Nginx。示例配置片段如下（部分来自 [@xqzr](https://github.com/xqzr)）：
 ```conf
 server {
-	listen 443 ssl http2 so_keepalive=on;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
 	server_name example.com;

 	index index.html;
@@ -18,18 +19,19 @@ server {
 	ssl_protocols TLSv1.2 TLSv1.3;
 	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 	
-	client_header_timeout 52w;
-        keepalive_timeout 52w;
+	client_header_timeout 1w;
+        keepalive_timeout 30m;
 	# 在 location 后填写 /你的 ServiceName
 	location /你的 ServiceName {
-		if ($content_type !~ "application/grpc") {
+		if ($content_type !~ "^application/grpc") {
 			return 404;
 		}
 		client_max_body_size 0;
 		client_body_buffer_size 512k;
 		grpc_set_header X-Real-IP $remote_addr;
-		client_body_timeout 52w;
-		grpc_read_timeout 52w;
+		client_body_timeout 1w;
+		grpc_read_timeout 1w;
+		grpc_send_timeout 1w;
 		grpc_pass unix:/dev/shm/Xray-VLESS-gRPC.socket;
 	}
 }
--- a/VLESS-GRPC/client.jsonc
+++ b/VLESS-GRPC/client.jsonc
@@ -39,7 +39,8 @@
          "serviceName": "", //填写你的 ServiceName，不带任何斜杠
          "multiMode": false,
          //"idle_timeout": 60, //当这段时间内没有数据传输时，将会进行健康检查。可能会解决一些“断流”问题。
-          //"initial_windows_size": 35536 //通过 Cloudflare CDN 时，防止 Cloudflare CDN 发送意外的 h2 GOAWAY 帧以关闭现有连接。
+          //"initial_windows_size": 35536, //通过 Cloudflare CDN 时，防止 Cloudflare CDN 发送意外的 h2 GOAWAY 帧以关闭现有连接。
+          //"permit_without_stream": true //通过 Cloudflare CDN 且空闲（没有子连接）时，防止 Cloudflare CDN 关闭连接。
        }
      }
    },
--- a/VLESS-GRPC/server.jsonc
+++ b/VLESS-GRPC/server.jsonc
--- a/VLESS-HTTP-Caddy/README.md
+++ b/VLESS-HTTP-Caddy/README.md
@@ -0,0 +1,9 @@
+Xray 基于 HTTP/2 或 HTTP/3 的传输方式完整按照 HTTP 标准实现，可以通过其它的 HTTP 服务器（如 Caddy）进行中转。
+
+Caddy 使用 reverse_proxy 模块，一般使用 path 分流，主路径伪装为网站，中间人无法探测到 Xray-core（请使用复杂 path）。
+
+Caddy 默认开启 UDP 同端口的 HTTP/3 服务器，目前支持三种中转方式
+
+- HTTP/2
+- HTTP/3 解密后重新加密
+- HTTP/3 转 H2C
--- a/VLESS-HTTP-Caddy/VLESS-H2C-Caddy/Caddyfile
+++ b/VLESS-HTTP-Caddy/VLESS-H2C-Caddy/Caddyfile
@@ -1,6 +1,10 @@
 xx.com {
+    log {
+        level DEBUG
+    }
    root * /var/www
    file_server
+    tls CA.crt priv.key # 换成你的证书和私钥，绝对路径
    
    reverse_proxy /path 127.0.0.1:2001 {
        transport http {
--- a/VLESS-HTTP-Caddy/VLESS-H2C-Caddy/README.md
+++ b/VLESS-HTTP-Caddy/VLESS-H2C-Caddy/README.md
--- a/VLESS-HTTP-Caddy/VLESS-H2C-Caddy/client.jsonc
+++ b/VLESS-HTTP-Caddy/VLESS-H2C-Caddy/client.jsonc
--- a/VLESS-HTTP-Caddy/VLESS-H2C-Caddy/server.jsonc
+++ b/VLESS-HTTP-Caddy/VLESS-H2C-Caddy/server.jsonc
--- a/VLESS-HTTP-Caddy/VLESS-H3-Caddy/Caddyfile
+++ b/VLESS-HTTP-Caddy/VLESS-H3-Caddy/Caddyfile
@@ -0,0 +1,17 @@
+xx.com {
+    log {
+        level DEBUG
+    }
+    root * /var/www
+    file_server
+    tls CA.crt priv.key # 换成你的证书和私钥，绝对路径
+    
+    reverse_proxy /path 127.0.0.1:2001 {
+        transport http {
+            tls
+            tls_client_auth CA.crt priv.key # 换成你的证书和私钥，绝对路径
+            tls_server_name xx.com
+            versions 3
+        }
+    }
+}
--- a/VLESS-HTTP-Caddy/VLESS-H3-Caddy/README.md
+++ b/VLESS-HTTP-Caddy/VLESS-H3-Caddy/README.md
@@ -0,0 +1,7 @@
+# 原理图：
+Xray client <--- H3 ---> Caddy2 <--- H3 ---> Xray server
+
+注意：
+由于 H3 没有解密的明文传输标准 这种模式 Caddy 解密流量之后 会重新加密 会增加少许延迟和负载
+
+目前仅 Caddy2 的 v2.9.0-beta.2 版及以后完美支持 Xray 的 H3 入站。
--- a/VLESS-HTTP-Caddy/VLESS-H3-Caddy/client.jsonc
+++ b/VLESS-HTTP-Caddy/VLESS-H3-Caddy/client.jsonc
@@ -0,0 +1,73 @@
+{
+  "log":{},
+  "inbounds":[
+    {
+      "port":"1080",
+      "protocol":"socks",
+      "settings":{
+        "auth":"noauth",
+        "udp":true
+      }
+    },
+    {
+      "port":"1081",
+      "protocol":"http",
+      "settings":{}
+    }
+  ],
+  "outbounds":[
+    {
+      "protocol":"vless",
+      "settings":{
+        "vnext":[
+          {
+            "address":"xx.com",
+            "port":443,
+            "users":[
+              {
+                "id":"",
+                "encryption":"none"
+              }
+            ]
+          }
+        ]
+      },
+      "streamSettings":{
+        "network":"http",
+        "security":"tls",
+        "httpSettings":{
+          "host":[
+            "xx.com"
+          ],
+          "path":"/path"
+        }
+      },
+      "tlsSettings":{
+        "alpn":["h3"],
+        "serverName":"xx.com"
+      }
+    },
+    {
+      "tag":"direct",
+      "protocol":"freedom",
+      "settings":{}
+    },
+    {
+      "tag":"blocked",
+      "protocol":"blackhole",
+      "settings":{}
+    }
+  ],
+  "routing":{
+    "domainStrategy":"IPOnDemand",
+    "rules":[
+      {
+        "type":"field",
+        "ip":[
+          "geoip:private"
+        ],
+        "outboundTag":"direct"
+      }
+    ]
+  }
+}
--- a/VLESS-HTTP-Caddy/VLESS-H3-Caddy/server.jsonc
+++ b/VLESS-HTTP-Caddy/VLESS-H3-Caddy/server.jsonc
@@ -0,0 +1,66 @@
+{
+  "log": {
+    "loglevel": "warning"
+  },
+  "inbounds": [
+    {
+      "port": 2001,
+      "listen": "127.0.0.1",
+      "protocol": "vless",
+      "settings": {
+        "clients": [
+          {
+            "id": "",
+            "email": "love@example.com"
+          }
+        ],
+        "decryption": "none"
+      },
+      "streamSettings": {
+        "security": "tls",
+        "network": "http",
+        "httpSettings": {
+          "path": "/path",
+          "host": [
+            "xx.com"
+          ]
+        },
+        "tlsSettings": {
+          // "rejectUnknownSni": true,
+          "minVersion": "1.3",
+          "alpn": ["h3"],
+          "certificates": [
+              {
+                  "certificateFile": "CA.crt", // 换成你的证书，绝对路径
+                  "keyFile": "priv.key" // 换成你的私钥，绝对路径
+              }
+          ]
+        }
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "tag": "direct",
+      "protocol": "freedom",
+      "settings": {}
+    },
+    {
+      "tag": "blocked",
+      "protocol": "blackhole",
+      "settings": {}
+    }
+  ],
+  "routing": {
+    "domainStrategy": "AsIs",
+    "rules": [
+      {
+        "type": "field",
+        "ip": [
+          "geoip:private"
+        ],
+        "outboundTag": "blocked"
+      }
+    ]
+  }
+}
--- a/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/Caddyfile
+++ b/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/Caddyfile
@@ -0,0 +1,11 @@
+xx.com {
+    log {
+        level DEBUG
+    }
+    root * /var/www
+    file_server
+    tls CA.crt priv.key # 换成你的证书和私钥，绝对路径
+    
+    reverse_proxy /path h2c://127.0.0.1:2001 {
+    }
+}
--- a/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/README.md
+++ b/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/README.md
@@ -0,0 +1,5 @@
+# 原理图：
+Xray client <--- H3 ---> Caddy2 <--- H2C ---> Xray server
+
+注意：
+目前仅 Caddy2 的 v2.9.0-beta.2 版及以后完美支持 H3 转换 H2C 对接 Xray 的 H2C 入站。
--- a/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/client.jsonc
+++ b/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/client.jsonc
@@ -0,0 +1,73 @@
+{
+  "log":{},
+  "inbounds":[
+    {
+      "port":"1080",
+      "protocol":"socks",
+      "settings":{
+        "auth":"noauth",
+        "udp":true
+      }
+    },
+    {
+      "port":"1081",
+      "protocol":"http",
+      "settings":{}
+    }
+  ],
+  "outbounds":[
+    {
+      "protocol":"vless",
+      "settings":{
+        "vnext":[
+          {
+            "address":"xx.com",
+            "port":443,
+            "users":[
+              {
+                "id":"",
+                "encryption":"none"
+              }
+            ]
+          }
+        ]
+      },
+      "streamSettings":{
+        "network":"http",
+        "security":"tls",
+        "httpSettings":{
+          "host":[
+            "xx.com"
+          ],
+          "path":"/path"
+        },
+        "tlsSettings":{
+          "alpn":["h3"],
+          "serverName":"xx.com"
+        }
+      }
+    },
+    {
+      "tag":"direct",
+      "protocol":"freedom",
+      "settings":{}
+    },
+    {
+      "tag":"blocked",
+      "protocol":"blackhole",
+      "settings":{}
+    }
+  ],
+  "routing":{
+    "domainStrategy":"IPOnDemand",
+    "rules":[
+      {
+        "type":"field",
+        "ip":[
+          "geoip:private"
+        ],
+        "outboundTag":"direct"
+      }
+    ]
+  }
+}
--- a/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/server.jsonc
+++ b/VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/server.jsonc
@@ -0,0 +1,55 @@
+{
+  "log": {
+    "loglevel": "warning"
+  },
+  "inbounds": [
+    {
+      "port": 2001,
+      "listen": "127.0.0.1",
+      "protocol": "vless",
+      "settings": {
+        "clients": [
+          {
+            "id": "",
+            "email": "love@example.com"
+          }
+        ],
+        "decryption": "none"
+      },
+      "streamSettings": {
+        "security": "none",
+        "network": "http",
+        "httpSettings": {
+          "path": "/path",
+          "host": [
+            "xx.com"
+          ]
+        }
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "tag": "direct",
+      "protocol": "freedom",
+      "settings": {}
+    },
+    {
+      "tag": "blocked",
+      "protocol": "blackhole",
+      "settings": {}
+    }
+  ],
+  "routing": {
+    "domainStrategy": "AsIs",
+    "rules": [
+      {
+        "type": "field",
+        "ip": [
+          "geoip:private"
+        ],
+        "outboundTag": "blocked"
+      }
+    ]
+  }
+}
--- a/stolen)/README.md
+++ b/stolen)/README.md
@@ -0,0 +1,5 @@
+# 不会被偷跑流量的 REALITY
+
+一个老生常谈的问题，对于非法请求, reality都会无脑转发流量去dest，如果reality的dest指向一个cloudflare网站，那么相当于服务端变成了CF的端口转发，任何人扫过来都可以拿来嫖。
+
+目前的解决办法是不要使用这类的网站作为 dest, 懂一点的会告诉你用 nginx 的 stream 滤一遍 SNI 并丢掉非法请求，但是其实 Xray 本身就支持这种操作，这也是这个模板的原理
--- a/stolen)/config_client.jsonc
+++ b/stolen)/config_client.jsonc
@@ -0,0 +1,56 @@
+// 直接从其他示例里 copy 过来的，客户端不需要任何特殊修改，要填的东西也一致
+{
+    "log": {
+        "loglevel": "debug"
+    },
+    "inbounds": [
+        {
+            "listen": "127.0.0.1", 
+            "port": 10808, 
+            "protocol": "socks",
+            "settings": {
+                "udp": true
+            },
+            "sniffing": {
+                "enabled": true,
+                "destOverride": [
+                    "http",
+                    "tls",
+                    "quic"
+                ],
+                "routeOnly": true
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "vless",
+            "settings": {
+                "vnext": [
+                    {
+                        "address": "127.0.0.1", 
+                        "port": 443, 
+                        "users": [
+                            {
+                                "id": "", // Needs to match server side
+                                "encryption": "none"
+                            }
+                        ]
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "reality",
+                "realitySettings": {
+                    "fingerprint": "chrome", 
+                    "serverName": "speed.cloudflare.com",
+                    "publicKey": "",
+                    "spiderX": "",
+                    "shortId": ""
+                }
+            },
+            "tag": "proxy"
+        }
+    ]
+}
--- a/stolen)/config_server.jsonc
+++ b/stolen)/config_server.jsonc
@@ -0,0 +1,93 @@
+{
+    "log": {
+        "loglevel": "debug"
+    },
+    "inbounds": [
+        {
+            "tag": "dokodemo-in",
+            "port": 443,
+            "protocol": "dokodemo-door",
+            "settings": {
+                "address": "127.0.0.1",
+                "port": 4431,  // 指向内网中的 reality 端口，示例是这个端口，如果要自己修改了记得这里和下面的 reality 入站都要修改
+                "network": "tcp"
+            },
+            "sniffing": { // 这里的 sniffing 不是多余的，别乱动
+                "enabled": true,
+                "destOverride": [
+                    "tls"
+                ],
+                "routeOnly": true
+            }
+        },
+        {
+            "listen": "127.0.0.1",
+            "port": 4431, // 见上 如果和其他服务冲突了可以换
+            "protocol": "vless",
+            "settings": {
+                "clients": [
+                    {
+                        "id": "" // uuid
+                    }
+                ],
+                "decryption": "none"
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "reality",
+                "realitySettings": {
+                    // 下方要求和普通 reality 一致，这里演示 dest 设置为 cloudflare 不被偷跑流量所以设置为 speed.cloudflare.com 了
+                    // 你可以设置为其他 CF 网站，如果你的 dest 不是这种网站你也不用点了进来不是吗
+                    "dest": "speed.cloudflare.com:443",
+                    "serverNames": [
+                        "speed.cloudflare.com"
+                    ],
+                    "privateKey": "", // 运行 `xray x25519` 生成
+                    "shortIds": [
+                        "",
+                        "0123456789abcdef"
+                    ]
+                }
+            },
+            "sniffing": {
+                "enabled": true,
+                "destOverride": [
+                    "http",
+                    "tls",
+                    "quic"
+                ],
+                "routeOnly": true
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "freedom",
+            "tag": "direct"
+        },
+        {
+            "protocol": "blackhole",
+            "tag": "blcok"
+        }
+    ],
+    "routing": {
+        "rules": [
+            {
+                "inboundTag": [
+                    "dokodemo-in"
+                ],
+                // 重要，这个域名列表需要和 realitySettings 的 serverNames 保持一致
+                "domain": [
+                    "speed.cloudflare.com"
+                ],
+                "outboundTag": "direct"
+            },
+            {
+                "inboundTag": [
+                    "dokodemo-in"
+                ],
+                "outboundTag": "blcok"
+            }
+        ]
+    }
+}
--- a/rprx)/config_client.jsonc
+++ b/rprx)/config_client.jsonc
--- a/rprx)/config_server.jsonc
+++ b/rprx)/config_server.jsonc
--- a/rprx)/config_client.jsonc
+++ b/rprx)/config_client.jsonc
--- a/rprx)/config_server.jsonc
+++ b/rprx)/config_server.jsonc
--- a/(recommended)/config_client_tcp_tls.jsonc
+++ b/(recommended)/config_client_tcp_tls.jsonc
--- a/(recommended)/config_client_ws_tls.jsonc
+++ b/(recommended)/config_client_ws_tls.jsonc
--- a/(recommended)/config_server.jsonc
+++ b/(recommended)/config_server.jsonc
--- a/protocol/config_client.jsonc
+++ b/protocol/config_client.jsonc
--- a/protocol/config_server.jsonc
+++ b/protocol/config_server.jsonc
--- a/VLESS-TCP-TLS/config_client.jsonc
+++ b/VLESS-TCP-TLS/config_client.jsonc
--- a/VLESS-TCP-TLS/config_server.jsonc
+++ b/VLESS-TCP-TLS/config_server.jsonc
--- a/VLESS-TCP-XTLS-Vision-REALITY/config_client.jsonc
+++ b/VLESS-TCP-XTLS-Vision-REALITY/config_client.jsonc
@@ -44,7 +44,7 @@
                "security": "reality",
                "realitySettings": {
                    "fingerprint": "chrome", 
-                    "serverName": "bluearchive.jp", // If your dest is `1.1.1.1:443`, then leave it empty
+                    "serverName": "", // A website that support TLS1.3 and h2. If your dest is `1.1.1.1:443`, then leave it empty
                    "publicKey": "", // run `xray x25519` to generate. Public and private keys need to be corresponding.
                    "spiderX": "", // If your dest is `1.1.1.1:443`, then you can fill it with `/dns-query/` or just leave it empty
                    "shortId": "" // Required
--- a/VLESS-TCP-XTLS-Vision-REALITY/config_server.jsonc
+++ b/VLESS-TCP-XTLS-Vision-REALITY/config_server.jsonc
@@ -19,9 +19,9 @@
                "network": "tcp",
                "security": "reality",
                "realitySettings": {
-                    "dest": "bluearchive.jp:443", // You can also use `1.1.1.1:443` as dest
+                    "dest": "", // A website that support TLS1.3 and h2. You can also use `1.1.1.1:443` as dest
                    "serverNames": [
-                        "bluearchive.jp"    // If you use `1.1.1.1:443` as dest, then you can leave `serverNames` empty, it is a possible ways to bypass Iran's internet speed restrictions.
+                        ""    // A server name in the cert of dest site. If you use `1.1.1.1:443` as dest, then you can leave `serverNames` empty, it is a possible ways to bypass Iran's internet speed restrictions.
                    ],
                    "privateKey": "", // run `xray x25519` to generate. Public and private keys need to be corresponding.
                    "shortIds": [// Required, list of shortIds available to clients, can be used to distinguish different clients
--- a/VLESS-TCP-XTLS-Vision/config_client.jsonc
+++ b/VLESS-TCP-XTLS-Vision/config_client.jsonc
--- a/VLESS-TCP-XTLS-Vision/config_server.jsonc
+++ b/VLESS-TCP-XTLS-Vision/config_server.jsonc
--- a/VLESS-TCP-XTLS-WHATEVER/README.ENG.md
+++ b/VLESS-TCP-XTLS-WHATEVER/README.ENG.md
@@ -1,18 +0,0 @@
-# VLESS over TCP with XTLS + fallback & split to WHATEVER (ultimate configuration)
-
-This is a superset of [Advanced Configuration](<../VLESS-TCP-TLS-WS%20(recommended)>), using the powerful fallback and shunt features of VLESS, it realizes as many protocols and configurations as possible on port 443. Perfect coexistence, including [XTLS Direct Mode](https://github.com/rprx/v2fly-github-io/blob/master/docs/config/protocols/vless.md#xtls-%E9%BB%91%E7%A7%91%E6%8A%80)
-
-The client can connect to the server through the following methods at the same time, and WS can pass through the CDN
-
-1. VLESS over TCP with XTLS, several times the performance, the preferred method
-2. VLESS over TCP with TLS
-3. VLESS over WS with TLS
-4. VMess over TCP with TLS, not recommended
-5. VMess over WS with TLS
-6. Trojan over TCP with TLS
-
---
-
-Here it is set to fall back to the Trojan protocol of Xray by default, and then continue to fall back to the web server on port 80 (it can also be replaced with a database, FTP, etc.)
-
-You can also configure fallback to Caddy's forwardproxy and other proxies that are also anti-detection, and shunt to any proxy that supports WebSocket, no problem
--- a/VLESS-TCP-XTLS-WHATEVER/README.md
+++ b/VLESS-TCP-XTLS-WHATEVER/README.md
@@ -1,20 +0,0 @@
-# VLESS over TCP with XTLS + 回落 & 分流 to WHATEVER（终极配置）
-
-[ENGLISH](README.ENG.md)
-
-这里是 [进阶配置](<../VLESS-TCP-TLS-WS%20(recommended)>) 的超集，利用 VLESS 强大的回落分流特性，实现了 443 端口尽可能多的协议、配置的完美共存，包括 [XTLS Direct Mode](https://github.com/rprx/v2fly-github-io/blob/master/docs/config/protocols/vless.md#xtls-%E9%BB%91%E7%A7%91%E6%8A%80)
-
-客户端可以同时通过下列方式连接到服务器，其中 WS 都可以通过 CDN
-
-1. VLESS over TCP with XTLS，数倍性能，首选方式
-2. VLESS over TCP with TLS
-3. VLESS over WS with TLS
-4. VMess over TCP with TLS，不推荐
-5. VMess over WS with TLS
-6. Trojan over TCP with TLS
-
---
-
-这里设置默认回落到 Xray 的 Trojan 协议，再继续回落到 80 端口的 Web 服务器（也可以换成数据库、FTP 等）
-
-你还可以配置回落到 Caddy 的 forwardproxy 等其它也防探测的代理，以及分流到任何支持 WebSocket 的代理，都没有问题
--- a/VLESS-TCP-XTLS-WHATEVER/config_client/trojan_tcp_tls.json
+++ b/VLESS-TCP-XTLS-WHATEVER/config_client/trojan_tcp_tls.json
@@ -1,37 +0,0 @@
-{
-    "log": {
-        "loglevel": "warning"
-    },
-    "inbounds": [
-        {
-            "port": 10800,
-            "listen": "127.0.0.1",
-            "protocol": "socks",
-            "settings": {
-                "udp": true
-            }
-        }
-    ],
-    "outbounds": [
-        {
-            "protocol": "trojan",
-            "settings": {
-                "servers": [
-                    {
-                        "address": "example.com", // 换成你的域名或服务器 IP（发起请求时无需解析域名了）
-                        "port": 443,
-                        "password": "", // 填写你的密码
-                        "level": 0
-                    }
-                ]
-            },
-            "streamSettings": {
-                "network": "tcp",
-                "security": "tls",
-                "tlsSettings": {
-                    "serverName": "example.com" // 换成你的域名
-                }
-            }
-        }
-    ]
-}
--- a/VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_tls.json
+++ b/VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_tls.json
@@ -1,42 +0,0 @@
-{
-    "log": {
-        "loglevel": "warning"
-    },
-    "inbounds": [
-        {
-            "port": 10800,
-            "listen": "127.0.0.1",
-            "protocol": "socks",
-            "settings": {
-                "udp": true
-            }
-        }
-    ],
-    "outbounds": [
-        {
-            "protocol": "vless",
-            "settings": {
-                "vnext": [
-                    {
-                        "address": "example.com", // 换成你的域名或服务器 IP（发起请求时无需解析域名了）
-                        "port": 443,
-                        "users": [
-                            {
-                                "id": "", // 填写你的 UUID
-                                "encryption": "none",
-                                "level": 0
-                            }
-                        ]
-                    }
-                ]
-            },
-            "streamSettings": {
-                "network": "tcp",
-                "security": "tls",
-                "tlsSettings": {
-                    "serverName": "example.com" // 换成你的域名
-                }
-            }
-        }
-    ]
-}
--- a/VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_xtls.json
+++ b/VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_xtls.json
@@ -1,43 +0,0 @@
-{
-    "log": {
-        "loglevel": "warning"
-    },
-    "inbounds": [
-        {
-            "port": 10800,
-            "listen": "127.0.0.1",
-            "protocol": "socks",
-            "settings": {
-                "udp": true
-            }
-        }
-    ],
-    "outbounds": [
-        {
-            "protocol": "vless",
-            "settings": {
-                "vnext": [
-                    {
-                        "address": "example.com", // 换成你的域名或服务器 IP（发起请求时无需解析域名了）
-                        "port": 443,
-                        "users": [
-                            {
-                                "id": "", // 填写你的 UUID
-                                "flow": "xtls-rprx-direct",
-                                "encryption": "none",
-                                "level": 0
-                            }
-                        ]
-                    }
-                ]
-            },
-            "streamSettings": {
-                "network": "tcp",
-                "security": "xtls", // 需要使用 XTLS
-                "xtlsSettings": {
-                    "serverName": "example.com" // 换成你的域名
-                }
-            }
-        }
-    ]
-}
--- a/VLESS-TCP-XTLS-WHATEVER/config_client/vless_ws_tls.json
+++ b/VLESS-TCP-XTLS-WHATEVER/config_client/vless_ws_tls.json
@@ -1,45 +0,0 @@
-{
-    "log": {
-        "loglevel": "warning"
-    },
-    "inbounds": [
-        {
-            "port": 10800,
-            "listen": "127.0.0.1",
-            "protocol": "socks",
-            "settings": {
-                "udp": true
-            }
-        }
-    ],
-    "outbounds": [
-        {
-            "protocol": "vless",
-            "settings": {
-                "vnext": [
-                    {
-                        "address": "example.com", // 换成你的域名或服务器 IP（发起请求时无需解析域名了）
-                        "port": 443,
-                        "users": [
-                            {
-                                "id": "", // 填写你的 UUID
-                                "encryption": "none",
-                                "level": 0
-                            }
-                        ]
-                    }
-                ]
-            },
-            "streamSettings": {
-                "network": "ws",
-                "security": "tls",
-                "tlsSettings": {
-                    "serverName": "example.com" // 换成你的域名
-                },
-                "wsSettings": {
-                    "path": "/websocket" // 必须换成自定义的 PATH，需要和服务端的一致
-                }
-            }
-        }
-    ]
-}
--- a/VLESS-TCP-XTLS-WHATEVER/config_client/vmess_tcp_tls.json
+++ b/VLESS-TCP-XTLS-WHATEVER/config_client/vmess_tcp_tls.json
@@ -1,52 +0,0 @@
-{
-    "log": {
-        "loglevel": "warning"
-    },
-    "inbounds": [
-        {
-            "port": 10800,
-            "listen": "127.0.0.1",
-            "protocol": "socks",
-            "settings": {
-                "udp": true
-            }
-        }
-    ],
-    "outbounds": [
-        {
-            "protocol": "vmess",
-            "settings": {
-                "vnext": [
-                    {
-                        "address": "example.com", // 换成你的域名或服务器 IP（发起请求时无需解析域名了）
-                        "port": 443,
-                        "users": [
-                            {
-                                "id": "", // 填写你的 UUID
-                                "security": "none",
-                                "level": 0
-                            }
-                        ]
-                    }
-                ]
-            },
-            "streamSettings": {
-                "network": "tcp",
-                "security": "tls",
-                "tlsSettings": {
-                    "serverName": "example.com" // 换成你的域名
-                },
-                "tcpSettings": {
-                    "header": {
-                        "type": "http",
-                        "request": {
-                            "path": [
-                                "/vmesstcp" // 必须换成自定义的 PATH，需要和服务端的一致
-                            ]
-                        }
-                    }
-                }
-            }
-        }
-    ]
-}
--- a/VLESS-TCP-XTLS-WHATEVER/config_client/vmess_ws_tls.json
+++ b/VLESS-TCP-XTLS-WHATEVER/config_client/vmess_ws_tls.json
@@ -1,45 +0,0 @@
-{
-    "log": {
-        "loglevel": "warning"
-    },
-    "inbounds": [
-        {
-            "port": 10800,
-            "listen": "127.0.0.1",
-            "protocol": "socks",
-            "settings": {
-                "udp": true
-            }
-        }
-    ],
-    "outbounds": [
-        {
-            "protocol": "vmess",
-            "settings": {
-                "vnext": [
-                    {
-                        "address": "example.com", // 换成你的域名或服务器 IP（发起请求时无需解析域名了）
-                        "port": 443,
-                        "users": [
-                            {
-                                "id": "", // 填写你的 UUID
-                                "security": "none",
-                                "level": 0
-                            }
-                        ]
-                    }
-                ]
-            },
-            "streamSettings": {
-                "network": "ws",
-                "security": "tls",
-                "tlsSettings": {
-                    "serverName": "example.com" // 换成你的域名
-                },
-                "wsSettings": {
-                    "path": "/vmessws" // 必须换成自定义的 PATH，需要和服务端的一致
-                }
-            }
-        }
-    ]
-}
--- a/VLESS-TCP-XTLS-WHATEVER/config_server.json
+++ b/VLESS-TCP-XTLS-WHATEVER/config_server.json
@@ -1,163 +0,0 @@
-{
-    "log": {
-        "loglevel": "warning"
-    },
-    "inbounds": [
-        {
-            "port": 443,
-            "protocol": "vless",
-            "settings": {
-                "clients": [
-                    {
-                        "id": "", // fill in your UUID
-                        "flow": "xtls-rprx-direct",
-                        "level": 0,
-                        "email": "love@example.com"
-                    }
-                ],
-                "decryption": "none",
-                "fallbacks": [
-                    {
-                        "dest": 1310, // Fall back to Xray's Trojan protocol by default
-                        "xver": 1
-                    },
-                    {
-                        "path": "/websocket", // Must be replaced with a custom PATH
-                        "dest": 1234,
-                        "xver": 1
-                    },
-                    {
-                        "path": "/vmesstcp", // Must be replaced with a custom PATH
-                        "dest": 2345,
-                        "xver": 1
-                    },
-                    {
-                        "path": "/vmessws", // Must be replaced with a custom PATH
-                        "dest": 3456,
-                        "xver": 1
-                    }
-                ]
-            },
-            "streamSettings": {
-                "network": "tcp",
-                "security": "xtls",
-                "xtlsSettings": {
-                    "alpn": [
-                        "http/1.1"
-                    ],
-                    "certificates": [
-                        {
-                            "certificateFile": "/path/to/fullchain.crt", // Replace with your certificate, absolute path
-                            "keyFile": "/path/to/private.key" // Replace it with your private key, absolute path
-                        }
-                    ]
-                }
-            }
-        },
-        {
-            "port": 1310,
-            "listen": "127.0.0.1",
-            "protocol": "trojan",
-            "settings": {
-                "clients": [
-                    {
-                        "password": "", // fill in your password
-                        "level": 0,
-                        "email": "love@example.com"
-                    }
-                ],
-                "fallbacks": [
-                    {
-                        "dest": 80 // or fall back to other proxies that are also probing-proof
-                    }
-                ]
-            },
-            "streamSettings": {
-                "network": "tcp",
-                "security": "none",
-                "tcpSettings": {
-                    "acceptProxyProtocol": true
-                }
-            }
-        },
-        {
-            "port": 1234,
-            "listen": "127.0.0.1",
-            "protocol": "vless",
-            "settings": {
-                "clients": [
-                    {
-                        "id": "", // fill in your UUID
-                        "level": 0,
-                        "email": "love@example.com"
-                    }
-                ],
-                "decryption": "none"
-            },
-            "streamSettings": {
-                "network": "ws",
-                "security": "none",
-                "wsSettings": {
-                    "acceptProxyProtocol": true, // Reminder: If you use Nginx/Caddy to reverse generation WS, you need to delete this line
-                    "path": "/websocket" // It must be replaced with a custom PATH, which needs to be consistent with the shunt
-                }
-            }
-        },
-        {
-            "port": 2345,
-            "listen": "127.0.0.1",
-            "protocol": "vmess",
-            "settings": {
-                "clients": [
-                    {
-                        "id": "", // fill in your UUID
-                        "level": 0,
-                        "email": "love@example.com"
-                    }
-                ]
-            },
-            "streamSettings": {
-                "network": "tcp",
-                "security": "none",
-                "tcpSettings": {
-                    "acceptProxyProtocol": true,
-                    "header": {
-                        "type": "http",
-                        "request": {
-                            "path": [
-                                "/vmesstcp" // It must be replaced with a custom PATH, which needs to be consistent with the shunt
-                            ]
-                        }
-                    }
-                }
-            }
-        },
-        {
-            "port": 3456,
-            "listen": "127.0.0.1",
-            "protocol": "vmess",
-            "settings": {
-                "clients": [
-                    {
-                        "id": "", // fill in your UUID
-                        "level": 0,
-                        "email": "love@example.com"
-                    }
-                ]
-            },
-            "streamSettings": {
-                "network": "ws",
-                "security": "none",
-                "wsSettings": {
-                    "acceptProxyProtocol": true, // Reminder: If you use Nginx/Caddy to reverse generation WS, you need to delete this line
-                    "path": "/vmessws" // It must be replaced with a custom PATH, which needs to be consistent with the shunt
-                }
-            }
-        }
-    ],
-    "outbounds": [
-        {
-            "protocol": "freedom"
-        }
-    ]
-}
--- a/VLESS-TCP/config_client.jsonc
+++ b/VLESS-TCP/config_client.jsonc
--- a/VLESS-TCP/config_server.jsonc
+++ b/VLESS-TCP/config_server.jsonc
--- a/VLESS-TLS-SplitHTTP-CaddyNginx/Caddyfile
+++ b/VLESS-TLS-SplitHTTP-CaddyNginx/Caddyfile
@@ -0,0 +1,5 @@
+localhost:443 {
+	handle_path /split/* {
+		reverse_proxy http://127.0.0.1:1234
+	}
+}
--- a/VLESS-TLS-SplitHTTP-CaddyNginx/client.jsonc
+++ b/VLESS-TLS-SplitHTTP-CaddyNginx/client.jsonc
@@ -0,0 +1,46 @@
+{
+    "log": {
+      "loglevel": "warning"
+    },
+    "inbounds": [
+      {
+        "listen": "127.0.0.1",
+        "port": 10808,
+        "protocol": "socks",
+        "settings": {
+            "udp": true
+        }
+      }
+    ],
+    "outbounds": [
+      {
+        "protocol": "vless",
+        "settings": {
+          "vnext": [
+            {
+              "address": "",
+              "port": 443,
+              "users": [
+                {
+                  "id": "",
+                  "encryption": "none"
+                }
+              ]
+            }
+          ]
+        },
+        "streamSettings": {
+          "network": "splithttp",
+          "splithttpSettings": {
+            "path": "/split"
+          },
+          "security": "tls",
+          "tlsSettings": {
+            "serverName": ""
+          }
+        },
+        "tag": "proxy"
+      }
+    ]
+  }
+  
--- a/VLESS-TLS-SplitHTTP-CaddyNginx/nginx.conf
+++ b/VLESS-TLS-SplitHTTP-CaddyNginx/nginx.conf
@@ -0,0 +1,23 @@
+server {
+        listen 443 http2 ssl;
+        listen [::]:443 http2 ssl;
+
+        index index.html;
+        root /var/www/html;
+        ssl_certificate /path/to/example.cer;
+        ssl_certificate_key /path/to/example.cer;
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+        # splithttp produces very noisy access logs, as it sends many HTTP
+        # requests and uses querystrings for padding. It is recommended to turn
+        # them off after setup, or use custom log formats to limit the amount
+        # of information.
+        # access_log off;
+
+        location /split/ {
+            proxy_pass http://127.0.0.1:1234/;
+            proxy_http_version 1.1;
+            proxy_redirect off;
+        }
+}
--- a/VLESS-TLS-SplitHTTP-CaddyNginx/server.jsonc
+++ b/VLESS-TLS-SplitHTTP-CaddyNginx/server.jsonc
@@ -0,0 +1,38 @@
+{
+    "log": {
+      "loglevel": "warning"
+    },
+    "inbounds": [
+      {
+        "listen": "127.0.0.1",
+        "port": 1234,
+        "protocol": "vless",
+        "settings": {
+          "clients": [
+            {
+              "id": ""
+            }
+          ],
+          "decryption": "none"
+        },
+        "streamSettings": {
+          "network": "splithttp"
+        },
+        "sniffing": {
+          "enabled": true,
+          "destOverride": [
+            "http",
+            "tls",
+            "quic"
+          ]
+        }
+      }
+    ],
+    "outbounds": [
+      {
+        "protocol": "freedom",
+        "tag": "direct"
+      }
+    ]
+  }
+  
--- a/VLESS-TLS-SplitHTTP-H3/README.md
+++ b/VLESS-TLS-SplitHTTP-H3/README.md
@@ -0,0 +1,12 @@
+# VLESS-TLS-SplitHTTP-H3
+
+## 原理图：
+
+直连：Xray client <--- HTTP3 ---> Xray server
+
+配合 CDN 使用：Xray client <--- HTTP3 ---> CDN <--- HTTP2 or HTTP/1.1 ---> Xray server
+
+## 注意：
+
+默认配置仅支持客户端通过 HTTP3 直连服务端，如需和 CDN 一同使用，请参照注释修改服务端的 alpn。
+
--- a/VLESS-TLS-SplitHTTP-H3/client.jsonc
+++ b/VLESS-TLS-SplitHTTP-H3/client.jsonc
@@ -0,0 +1,54 @@
+{
+    "inbounds": [
+        {
+            "sniffing": {
+                "enabled": true,
+                "destOverride": [
+                    "http",
+                    "tls",
+                    "quic"
+                ]
+            },
+            "port": 10808,
+            "listen": "127.0.0.1",
+            "protocol": "socks",
+            "settings": {
+                "udp": true
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "vless",
+            "settings": {
+                "vnext": [
+                    {
+                        "address": "example.com", // Change to your domain.
+                        "port": 443,
+                        "users": [
+                            {
+                                "id": "UUID", // Change to your UUID.
+                                "encryption": "none"
+                            }
+                        ]
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "splithttp",
+                "security": "tls",
+                "splithttpSettings": {
+                    "path": "/splithttp",
+                    "host": "example.com" // Change to your domain.
+                },
+                "tlsSettings": {
+                    "serverName": "example.com", // Change to your domain.
+                    "alpn": [
+                        "h3"
+                    ]
+                }
+            }
+        }
+    ]
+}
+
--- a/VLESS-TLS-SplitHTTP-H3/server.jsonc
+++ b/VLESS-TLS-SplitHTTP-H3/server.jsonc
@@ -0,0 +1,54 @@
+{
+    "inbounds": [
+        {
+            "sniffing": {
+                "enabled": true,
+                "destOverride": [
+                    "http",
+                    "tls",
+                    "quic"
+                ]
+            },
+            "port": 443,
+            "listen": "0.0.0.0",
+            "protocol": "vless",
+            "settings": {
+                "clients": [
+                    {
+                        "id": "UUID" // Change to your UUID.
+                    }
+                ],
+                "decryption": "none"
+            },
+            "streamSettings": {
+                "network": "splithttp",
+                "security": "tls",
+                "splithttpSettings": {
+                    "path": "/splithttp",
+                    "host": "example.com" // Change to your domain.
+                },
+                "tlsSettings": {
+                    "rejectUnknownSni": true,
+                    "minVersion": "1.3",
+                    "alpn": [
+                        "h3" // If you want to use with CDN, you need to change alpn to ["h2", "http/1.1"].
+                    ],
+                    "certificates": [
+                        {
+                            "ocspStapling": 3600,
+                            "certificateFile": "/path/to/fullchain.pem", // Change to your fullchain file path.
+                            "keyFile": "/path/to/privkey.pem" // Change to your private key file path.
+                        }
+                    ]
+                }
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "tag": "direct",
+            "protocol": "freedom"
+        }
+    ]
+}
+
--- a/VLESS-WSS-Nginx/client.jsonc
+++ b/VLESS-WSS-Nginx/client.jsonc
@@ -36,14 +36,15 @@
        "network": "ws",
        "security": "tls",
        "wsSettings": {
-          "path": "/Path2WS?ed=2048" //?ed=2048 前面填写你的 path
+          "path": "/Path2WS?ed=2560" //?ed=2560 前面填写你的 path
        },
        "tlsSettings": {
          "allowInsecure": false,
-          "serverName": "xx.com",  //Equal to "SNI"
+          "serverName": "xx.com", //Equal to "SNI"
          "fingerprint": "chrome" //"chrome" or "firefox"
+        }
      }
-    }},
+    },
    {
      "tag": "direct",
      "protocol": "freedom",
@@ -60,9 +61,7 @@
    "rules": [
      {
        "type": "field",
-        "ip": [
-          "geoip:private"
-        ],
+        "ip": ["geoip:private"],
        "outboundTag": "direct"
      }
    ]
--- a/VLESS-WSS-Nginx/nginx.conf
+++ b/VLESS-WSS-Nginx/nginx.conf
@@ -1,5 +1,6 @@
 server {
 	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
 	server_name example.com;

 	index index.html;
@@ -10,12 +11,12 @@ server {
 	ssl_protocols TLSv1.2 TLSv1.3;
 	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 	
-	# 在 location 后填写 /你的 path
-	location /你的 path {
+	# 在 location 后填写 /你的 path/
+	location /你的 path/ {
 	if ($http_upgrade != "websocket") {
 		return 404;
 	}
-        proxy_pass http://127.0.0.1:1234;
+        proxy_pass http://127.0.0.1:1234/;
 	proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
@@ -23,6 +24,6 @@ server {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_read_timeout 52w;
+        proxy_read_timeout 5d;
    }
 }
--- a/VLESS-WSS-Nginx/server.jsonc
+++ b/VLESS-WSS-Nginx/server.jsonc
@@ -16,10 +16,7 @@
        "decryption": "none"
      },
      "streamSettings": {
-        "network": "ws",
-        "wsSettings": {
-          "path": "/Path2WS" // 填写你的 path
-        }
+        "network": "ws"
      },
 			"sniffing": {
 				"enabled": true,
--- a/VLESS-gRPC-REALITY/config_client.jsonc
+++ b/VLESS-gRPC-REALITY/config_client.jsonc
--- a/VLESS-gRPC-REALITY/config_server.jsonc
+++ b/VLESS-gRPC-REALITY/config_server.jsonc
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
xqzr	2a3aa86e4a	Update Caddyfile	2024-10-26 03:10:34 +08:00
xqzr	ef8962658d	Update nginx.conf	2024-10-26 02:55:19 +08:00
xqzr	f092fd7ae3	Update server.jsonc	2024-10-26 02:54:54 +08:00
xqzr	fb19ed3ed6	Update Caddyfile	2024-10-26 02:48:55 +08:00
xqzr	f7e1a4e5b4	Update server.jsonc	2024-10-26 02:38:33 +08:00
xqzr	100e729cc7	Update nginx.conf	2024-10-26 02:37:34 +08:00
yuhan6665	061321ad1c	Update all json file to jsonc (#199 )	2024-10-21 11:49:47 -04:00
风扇滑翔翼	c6ec3122f5	Add VLESS-TCP-REALITY(Without being stolen)	2024-10-20 12:05:33 +00:00
yuhan6665	bebf51e5f7	Add VLESS-H3-Caddy two modes	2024-10-17 04:54:23 -04:00
yuhan6665	2fe711231a	Refactor VLESS-HTTP-Caddy folder	2024-10-17 03:58:05 -04:00
yuhan6665	301c7c0193	Delete Quic	2024-10-17 03:40:05 -04:00
mmmray	ca705fbd0b	SplitHTTP: Add suggestion to disable nginx access logs	2024-08-31 11:58:34 +02:00
xor	129be747c3	Fix caddy reverse proxy latency (#195 )	2024-08-26 10:22:31 -04:00
xqzr	34d78cc926	Starting with "application/grpc"	2024-08-02 22:33:20 +08:00
xqzr	8c9e1c5f4f	Starting with "application/grpc"	2024-08-02 22:32:28 +08:00
IRN-Kawakaze	2988294bdc	Fix incorrect formatting. (#192 )	2024-07-22 23:28:03 +02:00
IRN-Kawakaze	4c64126604	Add SplitHTTP-HTTP3 config (#191 )	2024-07-22 21:42:06 +02:00
chshouyu	d9d8f77541	Update websocket path ed from 2048 to 2560	2024-06-23 03:23:55 +08:00
mmmray	9d40021c5b	Simplify SplitHTTP further, and add Caddyfile (#188 ) * Simplify SplitHTTP further, and add Caddyfile * raise log level * enable udp --------- Co-authored-by: 风扇滑翔翼 <Fangliding.fshxy@outlook.com>	2024-06-22 04:36:22 +08:00
iamtrazy	f605cda6a0	fixes for splitHttp nginx conf (#187 ) * Update nginx.conf removed unnecessary components from nginx conf * fix: minor changes	2024-06-21 23:39:00 +08:00
iamtrazy	2a8fe45acd	feat: added splitHttp nginx reverse proxy exmaple	2024-06-21 10:59:39 -04:00
zonescape	0ba800fd7c	fix port datatype	2024-05-02 19:43:46 +08:00
风扇滑翔翼	ecefc32120	Remove deprecated config	2024-03-22 05:22:18 +00:00
风扇滑翔翼	f42d177c46	#172	2024-03-22 04:56:11 +00:00
xqzr	cb619022bb	`keepalive_timeout 30m;`	2024-01-29 20:53:39 +08:00
xqzr	059bdf1a97	Update README.md	2024-01-29 20:51:27 +08:00
xqzr	e0548899bb	Update README.md	2024-01-29 20:50:34 +08:00
xqzr	1732809e5f	Update README.ENG.md	2024-01-29 20:46:45 +08:00
チセ	a47a984a08	Update config_server.json	2024-01-20 16:39:14 -05:00
kiriknik	7f4e176d9b	Update generate.sh A little patch to generate qr code)	2023-12-29 10:46:15 -05:00
xqzr	7486946d72	Add IPv6 Listen	2023-12-04 17:51:17 +08:00
xqzr	4ea3d4e023	Change all `timeout`	2023-12-04 17:47:05 +08:00
xqzr	a736984061	Update nginx.conf	2023-12-04 17:42:52 +08:00
xqzr	5ee22a1aa4	Update README.md	2023-12-04 17:42:25 +08:00
xqzr	33595f9c0d	Update README.ENG.md	2023-12-04 17:40:36 +08:00
xqzr	152dd028c6	Update README.md	2023-12-04 17:38:28 +08:00
xqzr	08978ee233	Add IPv6 Listen	2023-11-02 21:51:51 +08:00
xqzr	97210cfd0e	Add IPv6 Listen	2023-11-02 21:51:12 +08:00
xqzr	9a6a9ab54a	add `permit_without_stream`	2023-11-02 21:34:39 +08:00