github/Xray-examples
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-examples.git synced 2025-09-21 06:34:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:995be44bfcbfe5f270e8572dd6ce874a17fa44a8
Branches Tags
github:main github:Del-`path`-on-Xray
...
compare: github:Del-`path`-on-Xray
Branches Tags
github:main github:Del-`path`-on-Xray

60 Commits
995be44bfc ... Del-`path`

Author SHA1 Message Date
xqzr
2a3aa86e4a Update Caddyfile 2024-10-26 03:10:34 +08:00
xqzr
ef8962658d Update nginx.conf 2024-10-26 02:55:19 +08:00
xqzr
f092fd7ae3 Update server.jsonc 2024-10-26 02:54:54 +08:00
xqzr
fb19ed3ed6 Update Caddyfile 2024-10-26 02:48:55 +08:00
xqzr
f7e1a4e5b4 Update server.jsonc 2024-10-26 02:38:33 +08:00
xqzr
100e729cc7 Update nginx.conf 2024-10-26 02:37:34 +08:00
yuhan6665
061321ad1c Update all json file to jsonc (#199) 2024-10-21 11:49:47 -04:00
风扇滑翔翼
c6ec3122f5 Add VLESS-TCP-REALITY(Without being stolen) 2024-10-20 12:05:33 +00:00
yuhan6665
bebf51e5f7 Add VLESS-H3-Caddy two modes 2024-10-17 04:54:23 -04:00
yuhan6665
2fe711231a Refactor VLESS-HTTP-Caddy folder 2024-10-17 03:58:05 -04:00
yuhan6665
301c7c0193 Delete Quic 2024-10-17 03:40:05 -04:00
mmmray
ca705fbd0b SplitHTTP: Add suggestion to disable nginx access logs 2024-08-31 11:58:34 +02:00
xor
129be747c3 Fix caddy reverse proxy latency (#195) 2024-08-26 10:22:31 -04:00
xqzr
34d78cc926 Starting with "application/grpc" 2024-08-02 22:33:20 +08:00
xqzr
8c9e1c5f4f Starting with "application/grpc" 2024-08-02 22:32:28 +08:00
IRN-Kawakaze
2988294bdc Fix incorrect formatting. (#192) 2024-07-22 23:28:03 +02:00
IRN-Kawakaze
4c64126604 Add SplitHTTP-HTTP3 config (#191) 2024-07-22 21:42:06 +02:00
chshouyu
d9d8f77541 Update websocket path ed from 2048 to 2560 2024-06-23 03:23:55 +08:00
mmmray
9d40021c5b Simplify SplitHTTP further, and add Caddyfile (#188) 
* Simplify SplitHTTP further, and add Caddyfile

* raise log level

* enable udp

---------

Co-authored-by: 风扇滑翔翼 <Fangliding.fshxy@outlook.com>
 2024-06-22 04:36:22 +08:00
iamtrazy
f605cda6a0 fixes for splitHttp nginx conf (#187) 
* Update nginx.conf

removed unnecessary components from nginx conf

* fix: minor changes
 2024-06-21 23:39:00 +08:00
iamtrazy
2a8fe45acd feat: added splitHttp nginx reverse proxy exmaple 2024-06-21 10:59:39 -04:00
zonescape
0ba800fd7c fix port datatype 2024-05-02 19:43:46 +08:00
风扇滑翔翼
ecefc32120 Remove deprecated config 2024-03-22 05:22:18 +00:00
风扇滑翔翼
f42d177c46 #172 2024-03-22 04:56:11 +00:00
xqzr
cb619022bb keepalive_timeout 30m; 2024-01-29 20:53:39 +08:00
xqzr
059bdf1a97 Update README.md 2024-01-29 20:51:27 +08:00
xqzr
e0548899bb Update README.md 2024-01-29 20:50:34 +08:00
xqzr
1732809e5f Update README.ENG.md 2024-01-29 20:46:45 +08:00
チセ
a47a984a08 Update config_server.json 2024-01-20 16:39:14 -05:00
kiriknik
7f4e176d9b Update generate.sh 
A little patch to generate qr code)
 2023-12-29 10:46:15 -05:00
xqzr
7486946d72 Add IPv6 Listen 2023-12-04 17:51:17 +08:00
xqzr
4ea3d4e023 Change all timeout 2023-12-04 17:47:05 +08:00
xqzr
a736984061 Update nginx.conf 2023-12-04 17:42:52 +08:00
xqzr
5ee22a1aa4 Update README.md 2023-12-04 17:42:25 +08:00
xqzr
33595f9c0d Update README.ENG.md 2023-12-04 17:40:36 +08:00
xqzr
152dd028c6 Update README.md 2023-12-04 17:38:28 +08:00
xqzr
08978ee233 Add IPv6 Listen 2023-11-02 21:51:51 +08:00
xqzr
97210cfd0e Add IPv6 Listen 2023-11-02 21:51:12 +08:00
xqzr
9a6a9ab54a add permit_without_stream 2023-11-02 21:34:39 +08:00
woodlyer
31a1c6cbf5 Update config_client.jsonc 
add shortId
 2023-09-07 12:26:51 -04:00
woodlyer
13d0158470 Update config_server.jsonc 2023-09-07 12:26:19 -04:00
yuhan6665
0e8377e3c2 Update README.md 2023-09-04 17:32:42 -04:00
yuhan6665
9910881d58 Update README.md 2023-09-04 10:36:12 -04:00
KoinuDayo
2aea6cb507 Add VLESS-TCP-XTLS-Vision-REALITY 2023-09-04 10:16:41 -04:00
Mohammad Reza Gharabaghi
2dc42bc0df Add gRPC over REALITY 2023-05-21 22:31:23 -04:00
bghandchi
004c490c7b Auto generate script for all in one configs (#145) 
* fixes default template value for password at server.json:237

* Auto config generation script

* Readme fix

* remove ?ed=2048

* remove h2 tcp
 2023-04-13 13:04:12 -04:00
yuhan6665
d35c6f5aaa Update README.ENG.md url fix 
Update vmess_ws_tls.json comment translate

Update vmess_tcp_tls.json comment translate

Update vless_ws_tls.json comment trnslate

Update vless_tcp_xtls.json comment translate

Update vless_tcp_tls.json comment translate

Update trojan_tcp_tls.json comment translate

Create README.ENG.md

Update README.md add link README.ENG.md

Update README.md add link README.ENG.md

Create README.ENG.md

Update README.md add link README.ENG.md

Create README.ENG.md

Update client.json comment transalate

Update server.json comment translate

Update README.md add english translate

Update README.md add english link

Create README.ENG.md

Update Caddyfile comment translate

Update client.json comment translate

Update server.json comment translate

Update README.md add link README.ENG.md

Create RREADME.ENG.md

Update config_client_tcp_tls.json translate comment

Update config_client_ws_tls.json translate comment

Update config_server.json comment translate

Update README.md add link README.ENG.md

Create README.ENG.md

Update config_client.json comment translate

Update config_server.json comment translate

Update client.json translate comment

Update server.json translate comment

Update README.md add link README.ENG.md

Create README.ENG.md

Update server.json translate comment

Update README.md add link README.ENG.md

Update README.md

Create README.ENG.md

Co-authored-by: lk29 <12291632+lk29@users.noreply.github.com>
 2023-04-05 21:08:31 -04:00
stupidloud
28052d756d Update client.json 2023-03-31 10:24:46 -04:00
lk29
11609f587f translate ENGLISH README.md 2023-03-11 20:39:49 -05:00
lk29
3bdf2a23ff Update README.md add link README.ENG.md 2023-03-11 20:38:27 -05:00
lk29
cebb145398 add ENGLISH translate (#133) 
* add translate ENGLISH version README.md

* Update README.md add link README.ENG.md

* Update config_server.json - translation of comments into english

* Update config_client.json translation of comments into english

* Update config_server.json translation of comments into english

* Update config_client.json, translation of comments into english

* Update config_server.json translation of comments into english
 2023-03-11 20:37:52 -05:00
chika0801
5ae00c5bb2 Update config_server.json 2023-03-08 11:02:40 -05:00
chika0801
ad496cb607 Vision配置示例更新 (#128) 
* Update config_client.json

* Update config_server.json

* Update config_server.json

* Update config_server.json

* Update config_server.json

* Create nginx.conf

* Create README.md
 2023-03-06 23:57:12 -05:00
Bahman
ae379bf770 fixes default template value for password at server.json:237 2023-02-17 09:47:20 -05:00
ws2bhhh
4effea1dc1 Update client.json 
消除可能的歧义
 2023-02-04 12:22:34 -05:00
ws2bhhh
5c0b1523f1 Update Caddyfile 
消除可能的歧义
 2023-02-04 12:22:07 -05:00
Saoshyanet
6c979e4f0e Introduce sed for fast replacement in all-in-one readme. (#117) 
* Fast replacement using sed

* Fast replacement using sed
 2023-02-04 12:19:22 -05:00
Woman Life Freedom
5d6676b34c Fixed All-in-One-fallbacks-Nginx routing (#114) 
* Fixed routing issue + Add API config

* Fixed typo

* Removed shadowsocks because of similar links

* Fixed typo

---------

Co-authored-by: wlfvpn <vpn.womanlifefreedom.vip>
 2023-01-27 23:17:42 -05:00
alibij
1ab20c3d42 Update nginx.conf 
fix problem in ubuntu 20 LTS to connect nginx
 2023-01-27 23:14:58 -05:00
alibij
3f7674acb3 Update server.json 
fix problem in ubuntu 20 LTS to connect nginx
 2023-01-27 23:14:46 -05:00
139 changed files with 2255 additions and 707 deletions
Expand all files Collapse all files

33
All-in-One-fallbacks-Nginx/README.md
View File

@@ -26,7 +26,7 @@ Nginx is used to serve a decoy website to avoid active probing. It's also used t
## How it works?
The Vless-TCP-XTLS is the HTTPS entrypoint. For every incoming request after doing TLS-Termination, based on the **Path**, **SNI** or **ALPN type**, the request is passed to another inbound(sub-config). For example:
* If the **Path=/vlessws**, the request is passed to **@vless-ws** inbound.
* If the **Path=/vlws**, the request is passed to **@vless-ws** inbound.
* If the **Path=/vmtc**, the request is passed to **@vmess-tcp**.
* If **ALPN=HTTP2** and at the same time the **SNI=trh2o.example.com** then the request is passed to **@trojan-h2**.
@@ -37,17 +37,30 @@ VMESS-gRPC Request ------> Xray Vless-TCP-XTLS(443) ----**alpn=h2**----> fallbac
## What to change before use?
* Xray server.json
* **SSL Certificates and keys** absolute paths in Vless-TCP-XTLS (`inbounds[0].streamSettings.xtlsSettings.certificates`)
* For the main domain:
* `sed -i 's/\/etc\/ssl\/example.com\/domain.pem/PATH_TO_YOUR_FULLCHAIN/g' *`
* `sed -i 's/\/etc\/ssl\/example.com\/domain-key.pem/PATH_TO_THE_FULLCHAINS_CERT/g' *`
* For the domain behind cdn:
* `sed -i 's/\/etc\/ssl\/behindcdn.com\/domain.pem/PATH_TO_YOUR_FULLCHAIN/g' *`
* `sed -i 's/\/etc\/ssl\/behindcdn.com\/domain-key.pem/PATH_TO_THE_FULLCHAINS_CERT/g' *`
* **Your Domain** in both and server (for fallbacks section) and client configs.
* `sed -i 's/example.com/YOUR_DOMAIN/g' *`
* `sed -i 's/behindcdn.com/YOUR_CDN_DOMAIN/g' *` (if you don't have one, remove the config for cdn domain from inbounds[0].streamSettings.tlsSettings.certificates in server.json)
* **Password** of Trojan and ShadowSocks configs
* `sed -i 's/desdemona99/YOUR_PASSWORD/g' *`
* **UUID** of Vless and VMESS configs
* `sed -i 's/90e4903e-66a4-45f7-abda-fd5d5ed7f797/YOUR_UUID/g' *`
* **(Optional)** Path of all sub-configs. For **Websocket**-->`wsSettings.path`, for **TCP**-->`tcpSettings.header.request.path`, for **gRPC**-->`grpcSettings.serviceName` and for **H2**-->`httpSettings.path`.
* **(Optional)** The SNIs of H2 fallbacks (`inbounds[0].settings.fallbacks.[].name`) could also be changed but they should be consistent between client and server. (Read the notes on HTTP2 inbounds)
* Nginx nginx.conf
* Domain names
* `sed -i 's/example.com/YOUR_DOMAIN/g' *`
* `sed -i 's/behindcdn.com/YOUR_CDN_DOMAIN/g' *` (if you don't have one, leave YOUR_CDN_DOMAIN blank.)
* **(Optional)** If gRPC serviceNames are changed in server.json, they **should** also be changed in Nginx config
## Notes:
* Tested with **Xray 1.7.0** (Xray, Penetrates Everything.) Custom (go1.19.4 linux/amd64)
* Tested with **Xray 1.7.2** (Xray, Penetrates Everything.) Custom (go1.19.4 linux/amd64)
* For a little better performance, a DNS Cache could be setup (on 127.0.0.53 in this case) and used for resolving DNS queries. To enable xray to use it uncomment the corresponding rule from the `routing.settings.rules` in server.json.
* Multiple domains could be used at the same time, including domains behind cloudflare CDN. (For cloudflare, make sure websocket and gRPC are enabled in Network section). In this configuration these domains are **example.com** and **behindcdn.com**
* HTTP2 inbounds (Trojan-H2, Vless-H2, VMESS-H2 and ShadowSocks-H2)
@@ -55,7 +68,8 @@ VMESS-gRPC Request ------> Xray Vless-TCP-XTLS(443) ----**alpn=h2**----> fallbac
* It's possible to create a CNAME dns record for all the H2 SNIs and use that as the address of the client config without setting custom SNI on client but it's optinal.
* It is assumed that the **example.com** domain has a **wildcard certificate**. If it's **not** a wildcard certificate or if it's a self-signed certificate, then `streamSettings.tlsSettings.allowInsecure` in the **client configuration** must be `true`.
* Put `nginx.conf` to your `/etc/nginx/conf.d/` then `systemctl restart nginx`
* If restarting nginx failed, you might have to remove socket files first `rm /dev/shm/{h1.sock,h2c.sock} && nginx -t && systemctl restart nginx`
## Client link examples
@@ -73,3 +87,16 @@ VMESS-gRPC Request ------> Xray Vless-TCP-XTLS(443) ----**alpn=h2**----> fallbac
| VMESS-WS | `vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJ3cyIsCiAgICAicGF0aCI6ICIvdm13cyIsCiAgICAicG9ydCI6ICI0NDMiLAogICAgInBzIjogIlZNRVNTLVdTIiwKICAgICJzY3kiOiAibm9uZSIsCiAgICAic25pIjogIiIsCiAgICAidGxzIjogInRscyIsCiAgICAidHlwZSI6ICIiLAogICAgInYiOiAiMiIKfQo=` |
| VMESS-gRPC | `vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJncnBjIiwKICAgICJwYXRoIjogInZtZ3JwYyIsCiAgICAicG9ydCI6ICI0NDMiLAogICAgInBzIjogIlZNRVNTLWdSUEMiLAogICAgInNjeSI6ICJub25lIiwKICAgICJzbmkiOiAiIiwKICAgICJ0bHMiOiAidGxzIiwKICAgICJ0eXBlIjogImh0dHAiLAogICAgInYiOiAiMiIKfQo=` |
| VMESS-H2 | `vmess://ewogICAgImFkZCI6ICJleGFtcGxlLmNvbSIsCiAgICAiYWlkIjogIjAiLAogICAgImhvc3QiOiAiIiwKICAgICJpZCI6ICI5MGU0OTAzZS02NmE0LTQ1ZjctYWJkYS1mZDVkNWVkN2Y3OTciLAogICAgIm5ldCI6ICJodHRwIiwKICAgICJwYXRoIjogIi92bWgyIiwKICAgICJwb3J0IjogIjQ0MyIsCiAgICAicHMiOiAiVk1FU1MtSDIiLAogICAgInNjeSI6ICJub25lIiwKICAgICJzbmkiOiAidm1oMm8uZXhhbXBsZS5jb20iLAogICAgInRscyI6ICJ0bHMiLAogICAgInR5cGUiOiAiaHR0cCIsCiAgICAidiI6ICIyIgp9Cg==` |
## Config generation script
To make all the necessary changes to all the files in this folder a simple script is provided.
### Steps
* Open `generate.sh` and change the top lines to your correct values.
* Run `bash generate.sh -m` inside this folder.
* All the files are changed and your config links are stored in `result.txt`
* Run `bash generate.sh -b` to get one base64 string for all of your configs.
* Run `bash generate.sh -q` to get separate qr codes for all your configs.
* Run `bash generate.sh -r` to revert all the changes. This is necessary for generating configs with new values.
### Important note
Run `-b` and `-q` only after running `-m`. The script should run inside this folder.

0
All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-H2-TLS.json → All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-H2-TLS.jsonc
View File

0
All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-TCP-TLS.json → All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-TCP-TLS.jsonc
View File

2
All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-WS-TLS.json → All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-WS-TLS.jsonc
View File

@@ -28,7 +28,7 @@
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ssws"
"path": "/ssws?ed=2560"
},
"security": "tls",
"tlsSettings": {

0
All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-gRPC.json → All-in-One-fallbacks-Nginx/client.configs/ShadowSocks-gRPC.jsonc
View File

0
All-in-One-fallbacks-Nginx/client.configs/Trojan-H2-TLS.json → All-in-One-fallbacks-Nginx/client.configs/Trojan-H2-TLS.jsonc
View File

0
All-in-One-fallbacks-Nginx/client.configs/Trojan-TCP-TLS.json → All-in-One-fallbacks-Nginx/client.configs/Trojan-TCP-TLS.jsonc
View File

2
All-in-One-fallbacks-Nginx/client.configs/Trojan-WS-TLS.json → All-in-One-fallbacks-Nginx/client.configs/Trojan-WS-TLS.jsonc
View File

@@ -27,7 +27,7 @@
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/trojanws"
"path": "/trojanws?ed=2560"
},
"security": "tls",
"tlsSettings": {

0
All-in-One-fallbacks-Nginx/client.configs/Trojan-gRPC-TLS.json → All-in-One-fallbacks-Nginx/client.configs/Trojan-gRPC-TLS.jsonc
View File

0
All-in-One-fallbacks-Nginx/client.configs/VMESS-H2-TLS.json → All-in-One-fallbacks-Nginx/client.configs/VMESS-H2-TLS.jsonc
View File

0
All-in-One-fallbacks-Nginx/client.configs/VMESS-TCP-TLS.json → All-in-One-fallbacks-Nginx/client.configs/VMESS-TCP-TLS.jsonc
View File

2
All-in-One-fallbacks-Nginx/client.configs/VMESS-WS-TLS.json → All-in-One-fallbacks-Nginx/client.configs/VMESS-WS-TLS.jsonc
View File

@@ -33,7 +33,7 @@
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/vmws"
"path": "/vmws?ed=2560"
},
"security": "tls",
"tlsSettings": {

0
All-in-One-fallbacks-Nginx/client.configs/VMESS-gRPC-TLS.json → All-in-One-fallbacks-Nginx/client.configs/VMESS-gRPC-TLS.jsonc
View File

0
All-in-One-fallbacks-Nginx/client.configs/Vless-H2-TLS.json → All-in-One-fallbacks-Nginx/client.configs/Vless-H2-TLS.jsonc
View File

0
All-in-One-fallbacks-Nginx/client.configs/Vless-TCP-TLS.json → All-in-One-fallbacks-Nginx/client.configs/Vless-TCP-TLS.jsonc
View File

0
All-in-One-fallbacks-Nginx/client.configs/Vless-TCP-XTLS.json → All-in-One-fallbacks-Nginx/client.configs/Vless-TCP-XTLS.jsonc
View File

2
All-in-One-fallbacks-Nginx/client.configs/Vless-WS-TLS.json → All-in-One-fallbacks-Nginx/client.configs/Vless-WS-TLS.jsonc
View File

@@ -32,7 +32,7 @@
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/vlws"
"path": "/vlws?ed=2560"
},
"security": "tls",
"tlsSettings": {

0
All-in-One-fallbacks-Nginx/client.configs/Vless-gRPC-TLS.json → All-in-One-fallbacks-Nginx/client.configs/Vless-gRPC-TLS.jsonc
View File

160
All-in-One-fallbacks-Nginx/generate.sh Normal file
View File

@@ -0,0 +1,160 @@
#!/bin/bash
#################################
# main domain #
#################################
export main_domain="your.domain.com" # Change this to the correct value
export main_domain_crt="\/path\/to\/main\/domain\/fullchain.pem" # Change this to the correct value
export main_domain_key="\/path\/to\/main\/domain\/privkey.pem" # Change this to the correct value
#################################
# behind cdn domain #
#################################
export cdn_domain="" # Change this to the correct value
export cdn_domain_crt="\/path\/to\/cdn\/domain\/fullchain.pem" # Change this to the correct value
export cdn_domain_key="\/path\/to\/cdn\/domain\/privkey.pem" # Change this to the correct value
#################################
# uuid/pass #
#################################
export myid=`xray uuid` # (optional) Let xray pick a random uuid or change it
export mypass=`date | md5sum | cut -c -15` # (optional) Set a password or let script pick one at random
#######################################################################################
#######################################################################################
###### Do not change anything below this line unless you know what you're doing. ######
#######################################################################################
#######################################################################################
#################################
# fake data #
#################################
export fake_domain="example.com"
export fake_cdn_domain="behindcdn.com"
export fakepass="desdemona99"
export fakeid="90e4903e-66a4-45f7-abda-fd5d5ed7f797"
export fake_domain_crt_path="\/etc\/ssl\/example.com\/domain.pem"
export fake_domain_key_path="\/etc\/ssl\/example.com\/domain-key.pem"
export fake_cdn_domain_crt_path="\/etc\/ssl\/behindcdn.com\/domain.pem"
export fake_cdn_domain_key_path="\/etc\/ssl\/behindcdn.com\/domain-key.pem"
Help()
{
echo "*************************************************************************"
echo "*************************************************************************"
echo "Please read the contents of this file and change all the required fields."
echo "*************************************************************************"
echo "*************************************************************************"
echo
echo
echo "Commands"
echo
echo "m Make and store the configs in result.txt."
echo "r Revert all the changes."
echo "q Print the qr codes of configs in terminal. Run this after running with -m."
echo "b Print one base64 link for all configs in terminal. Run this after running with -m."
echo
echo
echo "Usage: "
echo
echo " bash setup.sh <-command> "
echo
}
Revert()
{
git restore client.configs/* server.json nginx.conf
}
Make()
{
#################################
# main domain #
#################################
sed -i "s/$fake_domain_crt_path/$main_domain_crt/g" server.json client.configs/* nginx.conf
sed -i "s/$fake_domain_key_path/$main_domain_key/g" server.json client.configs/* nginx.conf
sed -i "s/$fake_domain/$main_domain/g" server.json client.configs/* nginx.conf
#################################
# behind cdn domain #
#################################
if [ "$cdn_domain" == "" ]; then
echo "No domain behind cdn set. Removing related fields."
sed -i "146 s/.$//" server.json
sed -i "147,152d" server.json
fi
sed -i "s/$fake_cdn_domain_crt_path/$cdn_domain_crt/g" server.json client.configs/* nginx.conf
sed -i "s/$fake_cdn_domain_key_path/$cdn_domain_key/g" server.json client.configs/* nginx.conf
sed -i "s/$fake_cdn_domain/$cdn_domain/g" server.json client.configs/* nginx.conf
#################################
# uuid/pass #
#################################
sed -i "s/$fakeid/$myid/g" server.json client.configs/* nginx.conf
sed -i "s/$fakepass/$mypass/g" server.json client.configs/* nginx.conf
#################################
# configs #
#################################
rm result.txt
touch result.txt
#grep "| Trojan-TCP |" README.md | cut -f2 -d"\`" | sed "s/$fake_domain/$main_domain/g" | sed "s/$fakepass/$mypass/g" >> result.txt
grep "| Trojan-WS |" README.md | cut -f2 -d"\`" | sed "s/$fake_domain/$main_domain/g" | sed "s/$fakepass/$mypass/g" >> result.txt
grep "| Trojan-gRPC |" README.md | cut -f2 -d"\`" | sed "s/$fake_domain/$main_domain/g" | sed "s/$fakepass/$mypass/g" >> result.txt
#grep "| Trojan-H2 |" README.md | cut -f2 -d"\`" | sed "s/$fake_domain/$main_domain/g" | sed "s/$fakepass/$mypass/g" >> result.txt
#grep "| Vless-TCP |" README.md | cut -f2 -d"\`" | sed "s/$fake_domain/$main_domain/g" | sed "s/$fakeid/$myid/g" >> result.txt
grep "| Vless-WS |" README.md | cut -f2 -d"\`" | sed "s/$fake_domain/$main_domain/g" | sed "s/$fakeid/$myid/g" >> result.txt
grep "| Vless-gRPC |" README.md | cut -f2 -d"\`" | sed "s/$fake_domain/$main_domain/g" | sed "s/$fakeid/$myid/g" >> result.txt
#grep "| Vless-H2 |" README.md | cut -f2 -d"\`" | sed "s/$fake_domain/$main_domain/g" | sed "s/$fakeid/$myid/g" >> result.txt
#grep "| VMESS-TCP |" README.md | cut -f2 -d"\`" | cut -c 9- | base64 -d | sed "s/$fake_domain/$main_domain/g" | sed "s/$fakeid/$myid/g" | base64 -w 0 | sed "s/^/vmess:\/\//" >> result.txt
grep "| VMESS-WS |" README.md | cut -f2 -d"\`" | cut -c 9- | base64 -d | sed "s/$fake_domain/$main_domain/g" | sed "s/$fakeid/$myid/g" | base64 -w 0 | sed "s/^/\nvmess:\/\//" >> result.txt
grep "| VMESS-gRPC |" README.md | cut -f2 -d"\`" | cut -c 9- | base64 -d | sed "s/$fake_domain/$main_domain/g" | sed "s/$fakeid/$myid/g" | base64 -w 0 | sed "s/^/\nvmess:\/\//" >> result.txt
#grep "| VMESS-H2 |" README.md | cut -f2 -d"\`" | cut -c 9- | base64 -d | sed "s/$fake_domain/$main_domain/g" | sed "s/$fakeid/$myid/g" | base64 -w 0 | sed "s/^/\nvmess:\/\//" >> result.txt
echo >> result.txt
}
Print64()
{
cat result.txt | base64 -w 0
echo
}
Printqr()
{
while read line; do
export t=`echo $line | cut -c -2`
if [ "$t" == "vm" ]; then
echo $line | cut -c 9- | base64 -d | grep "\"ps\":" | sed -n -e 's/"ps": "//p' | sed -n -e 's/",//p' | sed -n -e 's/ *//p'
curl qrcode.show -d $line
else
echo $line | sed -n -e 's/^.*#//p'
curl qrcode.show -d $line
fi
done < result.txt
}
while getopts "mrqb" option; do
case $option in
r)
Revert
exit;;
m)
Make
exit;;
b)
Print64
exit;;
q)
Printqr
exit;;
\?)
Help
exit;;
esac
done
Help

189
All-in-One-fallbacks-Nginx/server.json → All-in-One-fallbacks-Nginx/server.jsonc
View File

@@ -2,16 +2,50 @@
"log": {
"loglevel": "info"
},
"api": {
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"stats": {},
"policy": {
"levels": {
"0": {
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true,
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 62789,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api",
"sniffing": null
},
{
"tag": "Vless-TCP-XTLS",
"port": 443, // This is TLS entrypoint. This entrypoint does the SSL Termination then routes the request based on the Path or ALPN type.
"protocol": "vless",
"settings": {
"clients": [
{
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
"flow": "xtls-rprx-vision"
{ "email": "general@vless-tcp-xtls", //Change to your own email
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", //Change to your own email
"flow": "xtls-rprx-vision",
"level": 0
// "flow": "xtls-rprx-direct"
}
],
@@ -127,7 +161,10 @@
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
},
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -138,8 +175,10 @@
"protocol": "vless",
"settings": {
"clients": [
{
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797" //Change to your own UUID
{ "email":"general@vless-ws", //Change to your own email
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", //Change to your own UUID
"level": 0
}
],
"decryption": "none"
@@ -154,7 +193,10 @@
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
},
{
@@ -163,6 +205,7 @@
"settings": {
"clients": [
{
"email": "general@vmess-ws",
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
"level": 0
}
@@ -178,7 +221,10 @@
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
},
{
@@ -187,7 +233,9 @@
"settings": {
"clients": [
{
"password": "desdemona99"
"email":"general@trojan-ws",
"password": "desdemona99",
"level": 0
}
]
},
@@ -201,7 +249,10 @@
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
},
{
@@ -210,8 +261,10 @@
"port": 4001,
"protocol": "shadowsocks",
"settings": {
"email":"general@shadowsocks-ws",
"method": "chacha20-ietf-poly1305",
"password": "desdemona99"
"password": "desdemona99",
"level": 0
},
"streamSettings": {
"network": "ws",
@@ -222,7 +275,10 @@
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
},
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -234,7 +290,9 @@
"settings": {
"clients": [
{
"password": "desdemona99"
"email":"general@trojan-tcp",
"password": "desdemona99",
"level": 0
}
],
"fallbacks": [
@@ -254,7 +312,10 @@
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
},
{
@@ -263,7 +324,9 @@
"settings": {
"clients": [
{
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797"
"email":"general@vless-tcp",
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
"level": 0
}
],
"decryption": "none"
@@ -276,14 +339,19 @@
"header": {
"type": "http",
"request": {
"path": ["/vltc"]
"path": [
"/vltc"
]
}
}
}
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
},
{
@@ -292,6 +360,7 @@
"settings": {
"clients": [
{
"email":"general@vmess-tcp",
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
"level": 0
}
@@ -305,7 +374,9 @@
"header": {
"type": "http",
"request": {
"path": ["/vmtc"] //,
"path": [
"/vmtc"
] //,
// "headers": {
// "Host": ["www.varzesh3.com"]
// }
@@ -315,7 +386,10 @@
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
},
{
@@ -325,7 +399,9 @@
"protocol": "shadowsocks",
"settings": {
"method": "chacha20-ietf-poly1305",
"password": "desdemona99"
"password": "desdemona99",
"email": "general@shadowsocks-tcp",
"level":0
},
"streamSettings": {
"network": "tcp",
@@ -334,14 +410,19 @@
"header": {
"type": "http",
"request": {
"path": ["/sstc"]
"path": [
"/sstc"
]
}
}
}
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
},
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -355,7 +436,9 @@
"settings": {
"clients": [
{
"password": "desdemona99"
"email": "general@trojan-grpc",
"password": "desdemona99",
"level":0
}
]
},
@@ -375,7 +458,9 @@
"settings": {
"clients": [
{
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797"
"email":"general@vless-grpc",
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
"level": 0
}
],
"decryption": "none"
@@ -396,6 +481,7 @@
"settings": {
"clients": [
{
"email":"general@vmess-grpc",
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", //Change to your own UUID
"level": 0
}
@@ -427,7 +513,10 @@
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
},
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -439,7 +528,9 @@
"settings": {
"clients": [
{
"password": "desdemona99"
"email":"general@trojan-h2",
"password": "desdemona99",
"level": 0
}
]
},
@@ -457,7 +548,9 @@
"settings": {
"clients": [
{
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797" //Change to your own UUID
"email":"general@vless-h2", //Change to your own email
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797", //Change to your own UUID
"level": 0
}
],
"decryption": "none"
@@ -471,7 +564,10 @@
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
},
{
@@ -480,6 +576,7 @@
"settings": {
"clients": [
{
"email":"general@vmess-h2",
"id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
"level": 0
}
@@ -494,7 +591,10 @@
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
},
{
@@ -505,7 +605,8 @@
"settings": {
"method": "chacha20-ietf-poly1305",
"password": "desdemona99", //Change to your own password
"email": "2011@gmail.com"
"email": "general@shadowsocks-h2",
"level": 0
},
"streamSettings": {
"network": "h2",
@@ -516,7 +617,10 @@
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
"destOverride": [
"http",
"tls"
]
}
} //,
// {
@@ -581,7 +685,7 @@
},
{
"protocol": "blackhole",
"tag": "blackhole"
"tag": "blocked"
},
{
// A DNS Cache can be setup and added here to imporve performance (the corresponding rule should be uncommented)
@@ -595,8 +699,14 @@
],
"routing": {
"domainStrategy": "AsIs",
"settings": {
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
// {
// // DNS Cache rule
// "type": "field",
@@ -606,15 +716,18 @@
// },
{
"type": "field",
"outboundTag": "blackhole",
"ip": ["geoip:private"]
"outboundTag": "blocked",
"ip": [
"geoip:private"
]
},
{
"type": "field", // Block BitTorrent protocol
"outboundTag": "blackhole",
"protocol": ["bittorrent"]
"outboundTag": "blocked",
"protocol": [
"bittorrent"
]
}
]
}
}
}

21
ReverseProxy/README.ENG.md Normal file
View File

@@ -0,0 +1,21 @@
# reverse proxy
# principle
Xray Client <--- VMESS/SS ---> Xray Portal (requires public IP) <--- VMESS/SS ---> Xray Bridge
# illustrate
In the configuration, the internal network device uses `bridge.json`, the device with public network ip uses `portal.json`, and the device connected to the intranet through `portal` uses `client.json`.
In practical applications, `VMESS-TCP, Shadowsocks-2022`, etc. can be used as the transmission protocols from Xray Client to Xray Portal, and from Xray Bridge to Xray Portal.
## psk
Shadowsocks 2022 uses a pre-shared key similar to WireGuard for the password.
Use `openssl rand -base64 <length>` to generate a shadowsocks-rust compatible key, the length depends on the encryption method used.
| encryption method | key length |
|--------------------------------|-----:|
| 2022-blake3-aes-128-gcm | 16 |
| 2022-blake3-aes-256-gcm | 32 |
| 2022-blake3-chacha20-poly1305 | 32 |
In the Go implementation, 32-bit keys always work.

3
ReverseProxy/README.md
View File

@@ -1,5 +1,8 @@
[ENGLISH](README.ENG.md)
# 反向代理
# 原理
Xray Client <--- VMESS/SS ---> Xray Portal(需要公网 IP) <--- VMESS/SS ---> Xray Bridge
# 说明
配置中,内网设备使用的配置为 `bridge.json`,有公网 ip 的设备使用 `portal.json`,通过`portal`连接到内网的设备使用`client.json`

0
ReverseProxy/Shadowsocks-2022/bridge.json → ReverseProxy/Shadowsocks-2022/bridge.jsonc
View File

0
ReverseProxy/Shadowsocks-2022/client.json → ReverseProxy/Shadowsocks-2022/client.jsonc
View File

0
ReverseProxy/Shadowsocks-2022/portal.json → ReverseProxy/Shadowsocks-2022/portal.jsonc
View File

20
ReverseProxy/VLESS-TCP-XTLS-WS/README.ENG.md Normal file
View File

@@ -0,0 +1,20 @@
# VLESS over TCP with XTLS + fallback & split
Cooperate with fallback, use port 443 + XTLS + WS and route diversion to realize reverse proxy and enhance concealment.
There are two client connection methods: VLESS over WS with TLS / VLESS over TCP with XTLS
The portal setting defaults to the web server on port 80 (it can also be replaced with a database, FTP, etc.), refer to [VLESS-TCP-XTLS-WHATEVER](https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-WHATEVER/README.md)
# additional configuration
If your portal is outside the country, you can use routing splitting to achieve scientific Internet access + access to intranet devices at the same time.
## Routing split
According to the prompt in the configuration, in the `Portal` configuration, uncomment the first route:
```
// "ip": [
// "geoip:private"
// ],
```
At this time, when the traffic matches the `"external"` or `"externalws"` label, and the target ip of the access is a `private ip address`, the traffic will be forwarded to the bridge, and the rest of the traffic will go direct.

2
ReverseProxy/VLESS-TCP-XTLS-WS/README.md
View File

@@ -1,5 +1,7 @@
# VLESS over TCP with XTLS + 回落 & 分流
[ENGLISH](README.ENG.md)
配合回落,使用 443 端口 + XTLS + WS 和路由分流,实现反向代理,增强隐蔽性。
客户端连接方式有 VLESS over WS with TLS / VLESS over TCP with XTLS 两种

0
ReverseProxy/VLESS-TCP-XTLS-WS/bridge.json → ReverseProxy/VLESS-TCP-XTLS-WS/bridge.jsonc
View File

0
ReverseProxy/VLESS-TCP-XTLS-WS/client_tcp.json → ReverseProxy/VLESS-TCP-XTLS-WS/client_tcp.jsonc
View File

0
ReverseProxy/VLESS-TCP-XTLS-WS/client_ws.json → ReverseProxy/VLESS-TCP-XTLS-WS/client_ws.jsonc
View File

0
ReverseProxy/VLESS-TCP-XTLS-WS/portal.json → ReverseProxy/VLESS-TCP-XTLS-WS/portal.jsonc
View File

0
ReverseProxy/Vmess-TCP/bridge.json → ReverseProxy/Vmess-TCP/bridge.jsonc
View File

0
ReverseProxy/Vmess-TCP/client.json → ReverseProxy/Vmess-TCP/client.jsonc
View File

0
ReverseProxy/Vmess-TCP/portal.json → ReverseProxy/Vmess-TCP/portal.jsonc
View File

239
Shadowsocks-2022/README.ENG.md Normal file
View File

@@ -0,0 +1,239 @@
#Shadowsocks2022
Server-side JSON
```json
{
"inbounds": [
{
"port": 1234,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "{{ psk }}",
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
```
Server-side JSON (multi-user)
```json
{
"inbounds": [
{
"port": 1234,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "{{ server psk }}",
"clients": [
{
"password": "{{ user psk }}",
"email": "my user"
}
],
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
```
Server-side JSON (transit)
```json
{
"inbounds": [
{
"port": 1234,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "{{ relay psk }}",
"clients": [
{
"address": "server",
"port": 1234,
"password": "{{ server/user psk }}",
"email": "my server"
}
],
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
```
Client JSON
```json
{
"inbounds": [
{
"port": 10801,
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 10802,
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 1234,
"method": "2022-blake3-aes-128-gcm",
"password": "{{ psk }}"
}
]
}
}
]
}
```
Client JSON (UDP over TCP)
```json
{
"inbounds": [
{
"port": 10801,
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 10802,
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 1234,
"method": "2022-blake3-aes-128-gcm",
"password": "{{ psk }}",
"uot": true
}
]
}
}
]
}
```
Client JSON (multi-user)
```json
{
"inbounds": [
{
"port": 10801,
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 10802,
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 1234,
"method": "2022-blake3-aes-128-gcm",
"password": "{{ server psk }}:{{ user psk }}"
}
]
}
}
]
}
```
Client JSON (transit)
```json
{
"inbounds": [
{
"port": 10801,
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 10802,
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 1234,
"method": "2022-blake3-aes-128-gcm",
"password": "{{ relay psk }}:{{ user psk }}"
}
]
}
}
]
}
```
## Password
Shadowsocks 2022 uses a pre-shared key similar to WireGuard for the password.
Use `openssl rand -base64 <length>` to generate a shadowsocks-rust compatible key, the length depends on the encryption method used.
| encryption method | key length |
|--------------------------------|-----:|
| 2022-blake3-aes-128-gcm | 16 |
| 2022-blake3-aes-256-gcm | 32 |
| 2022-blake3-chacha20-poly1305 | 32 |
In the Go implementation, 32-bit keys always work.

2
Shadowsocks-2022/README.md
View File

@@ -1,5 +1,7 @@
# Shadowsocks 2022
[ENGLISH](README.ENG.md)
服务端 JSON
```json

81
Shadowsocks-AEAD/README.ENG.md Normal file
View File

@@ -0,0 +1,81 @@
#Shadowsocks AEAD Quick Start
Server-side JSON
```json
{
"inbounds": [
{
"port": 12345,
"protocol": "shadowsocks",
"settings": {
"clients": [
{
"password": "example_user_1",
"method": "aes-128-gcm"
},
{
"password": "example_user_2",
"method": "aes-256-gcm"
},
{
"password": "example_user_3",
"method": "chacha20-poly1305"
}
],
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
```
Client JSON
```json
{
"inbounds": [
{
"port": 10801,
"protocol": "socks",
"settings": {
"udp": true
}
},
{
"port": 10802,
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "",
"port": 12345,
"password": "example_user_1",
"method": "aes-128-gcm"
}
]
}
}
]
}
```
## What's happening
No need for a graphical interface, just [**Xray-core**](https://github.com/XTLS/Xray-core) can quickly establish Shadowsocks AEAD encryption that supports Socks, HTTP proxy and **UDP FullCone** tunnel.
Xray-core has perfect support for UDP, thanks to the refactoring of each inbound and outbound code. The inbound UDP of Socks can accept requests from any network port.
As you can see, Xray-core also fully unleashes the potential of AEAD, **the server supports multiple users on a single port**, which is not implemented in any official version of Shadowsocks.
So when you need Shadowsocks, you only need Xray-core to solve the problem: high performance, cross-platform, easy to compile, and more powerful functions out of the box.

2
Shadowsocks-AEAD/README.md
View File

@@ -1,5 +1,7 @@
# Shadowsocks AEAD 快速上手
[ENGLISH](README.ENG.md)
服务端 JSON
```json

0
Shadowsocks-TCP/client.json → Shadowsocks-TCP/client.jsonc
View File

0
Shadowsocks-TCP/server.json → Shadowsocks-TCP/server.jsonc
View File

0
Socks5-TLS/config_client.json → Socks5-TLS/config_client.jsonc
View File

0
Socks5-TLS/config_server.json → Socks5-TLS/config_server.jsonc
View File

0
Trojan-TCP-TLS (minimal)/config_client.json → Trojan-TCP-TLS (minimal)/config_client.jsonc
View File

0
Trojan-TCP-TLS (minimal)/config_server.json → Trojan-TCP-TLS (minimal)/config_server.jsonc
View File

8
Trojan-TCP-XTLS/config_client.json → Trojan-TCP-XTLS/config_client.jsonc
View File

@@ -29,10 +29,10 @@
"settings": {
"servers": [
{
"address": "example.com", // IP
"flow": "xtls-rprx-direct", // Linux "xtls-rprx-splice"
"address": "example.com", // your domain name or server IP
"flow": "xtls-rprx-direct", // Linux or android can be changed to "xtls-rprx-splice"
"port": 443,
"password": "your_password" //
"password": "your_password" // your password
}
]
},
@@ -40,7 +40,7 @@
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "example.com" //
"serverName": "example.com" // your domain name
}
}
}

10
Trojan-TCP-XTLS/config_server.json → Trojan-TCP-XTLS/config_server.jsonc
View File

@@ -9,7 +9,7 @@
"settings": {
"clients": [
{
"password":"your_password", //
"password":"your_password", // password
"flow": "xtls-rprx-direct"
}
],
@@ -35,12 +35,12 @@
],
"certificates": [
{
"certificateFile": "/path/to/cert", //
"keyFile": "/path/to/key", //
"ocspStapling": 3600 // 3600
"certificateFile": "/path/to/cert", // Certificate file absolute directory
"keyFile": "/path/to/key", // Key file absolute directory
"ocspStapling": 3600 // Verification cycle 3600 Second
}
],
"minVersion": "1.2" // ecc使 TLSv1.2 ecc
"minVersion": "1.2" // If it is an ecc certificate, use TLSv1.2 at least. If you don't know the certificate type or it is not an ecc certificate, delete this line
}
}
}

36
Trojan-gRPC-Caddy2/Nginx/README.ENG.md Normal file
View File

@@ -0,0 +1,36 @@
# Trojan-gRPC-Caddy2/Nginx
## Schematic (Caddy):
Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server
## Nginx:
At the same time, you can also choose to use Nginx. A sample configuration snippet is as follows (partially from [@xqzr](https://github.com/xqzr)):
```conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
index index.html;
root /var/www/html;
ssl_certificate /path/to/example.cer;
ssl_certificate_key /path/to/example.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE -RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
client_header_timeout 1w;
keepalive_timeout 30m;
# Fill in /your ServiceName after location
location /your ServiceName {
if ($content_type !~ "application/grpc") {
return 404;
}
client_max_body_size 0;
client_body_buffer_size 512k;
grpc_set_header X-Real-IP $remote_addr;
client_body_timeout 1w;
grpc_read_timeout 1w;
grpc_send_timeout 1w;
grpc_pass unix:/dev/shm/Xray-Trojan-gRPC.socket;
}
}
```

17
Trojan-gRPC-Caddy2/Nginx/README.md
View File

@@ -1,12 +1,14 @@
# Trojan-gRPC-Caddy2Nginx
[ENGLISH](README.ENG.md)
## 原理图 (Caddy)
Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server
## Nginx
同时,您也可以选择使用 Nginx。示例配置片段如下部分来自 [@xqzr](https://github.com/xqzr)
```conf
server {
listen 443 ssl http2 so_keepalive=on;
listen [::]:443 ssl http2 so_keepalive=on;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
index index.html;
@@ -17,18 +19,19 @@ server {
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
client_header_timeout 52w;
keepalive_timeout 52w;
client_header_timeout 1w;
keepalive_timeout 30m;
# 在 location 后填写 /你的 ServiceName
location /你的 ServiceName {
if ($content_type !~ "application/grpc") {
if ($content_type !~ "^application/grpc") {
return 404;
}
client_max_body_size 0;
client_body_buffer_size 512k;
grpc_set_header X-Real-IP $remote_addr;
client_body_timeout 52w;
grpc_read_timeout 52w;
client_body_timeout 1w;
grpc_read_timeout 1w;
grpc_send_timeout 1w;
grpc_pass unix:/dev/shm/Xray-Trojan-gRPC.socket;
}
}

0
Trojan-gRPC-Caddy2/Nginx/client.json → Trojan-gRPC-Caddy2/Nginx/client.jsonc
View File

0
Trojan-gRPC-Caddy2/Nginx/server.json → Trojan-gRPC-Caddy2/Nginx/server.jsonc
View File

3
VLESS-GRPC/Caddyfile
View File

@@ -1,9 +1,10 @@
xx.com {
@grpc {
protocol grpc
path # 填写 /你的 ServiceName/*
path /ServiceName/* # 修改为你自己的 ServiceName且仅能存在两个斜杠。/MyService/ServiceName/*会导致错误)
}
reverse_proxy @grpc unix//dev/shm/Xray-VLESS-gRPC.socket {
flush_interval -1
transport http {
versions h2c
}

36
VLESS-GRPC/README.ENG.md Normal file
View File

@@ -0,0 +1,36 @@
# VLESS-GRPC
## Schematic (Caddy):
Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server
## Nginx:
At the same time, you can also choose to use Nginx. A sample configuration snippet is as follows (partially from [@xqzr](https://github.com/xqzr)):
```conf
server {
listen 443 ssl http2 so_keepalive=on;
listen [::]:443 ssl http2 so_keepalive=on;
server_name example.com;
index index.html;
root /var/www/html;
ssl_certificate /path/to/example.cer;
ssl_certificate_key /path/to/example.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE -RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
client_header_timeout 52w;
keepalive_timeout 52w;
# Fill in /your ServiceName after location
location /your ServiceName {
if ($content_type !~ "application/grpc") {
return 404;
}
client_max_body_size 0;
client_body_buffer_size 512k;
grpc_set_header X-Real-IP $remote_addr;
client_body_timeout 52w;
grpc_read_timeout 52w;
grpc_pass unix:/dev/shm/Xray-VLESS-gRPC.socket;
}
}
```

16
VLESS-GRPC/README.md
View File

@@ -1,11 +1,14 @@
# VLESS-GRPC
[ENGLISH](README.ENG.md)
## 原理图 (Caddy)
Xray client <--- gRPC(TLS) ---> Caddy2 <--- gRPC(cleartext) ---> Xray server
## Nginx
同时,您也可以选择使用 Nginx。示例配置片段如下部分来自 [@xqzr](https://github.com/xqzr)
```conf
server {
listen 443 ssl http2 so_keepalive=on;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
index index.html;
@@ -16,18 +19,19 @@ server {
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
client_header_timeout 52w;
keepalive_timeout 52w;
client_header_timeout 1w;
keepalive_timeout 30m;
# 在 location 后填写 /你的 ServiceName
location /你的 ServiceName {
if ($content_type !~ "application/grpc") {
if ($content_type !~ "^application/grpc") {
return 404;
}
client_max_body_size 0;
client_body_buffer_size 512k;
grpc_set_header X-Real-IP $remote_addr;
client_body_timeout 52w;
grpc_read_timeout 52w;
client_body_timeout 1w;
grpc_read_timeout 1w;
grpc_send_timeout 1w;
grpc_pass unix:/dev/shm/Xray-VLESS-gRPC.socket;
}
}

5
VLESS-GRPC/client.json → VLESS-GRPC/client.jsonc
View File

@@ -36,10 +36,11 @@
"network": "grpc",
"security": "tls",
"grpcSettings": {
"serviceName": "", // ServiceName
"serviceName": "", // ServiceName
"multiMode": false,
//"idle_timeout": 60, //
//"initial_windows_size": 35536 // Cloudflare CDN Cloudflare CDN h2 GOAWAY
//"initial_windows_size": 35536, // Cloudflare CDN Cloudflare CDN h2 GOAWAY
//"permit_without_stream": true // Cloudflare CDN Cloudflare CDN
}
}
},

0
VLESS-GRPC/server.json → VLESS-GRPC/server.jsonc
View File

9
VLESS-HTTP-Caddy/README.md Normal file
View File

@@ -0,0 +1,9 @@
Xray 基于 HTTP/2 或 HTTP/3 的传输方式完整按照 HTTP 标准实现,可以通过其它的 HTTP 服务器(如 Caddy进行中转。
Caddy 使用 reverse_proxy 模块,一般使用 path 分流,主路径伪装为网站,中间人无法探测到 Xray-core请使用复杂 path
Caddy 默认开启 UDP 同端口的 HTTP/3 服务器,目前支持三种中转方式
- HTTP/2
- HTTP/3 解密后重新加密
- HTTP/3 转 H2C

4
VLESS-H2C-Caddy2/Caddyfile → VLESS-HTTP-Caddy/VLESS-H2C-Caddy/Caddyfile
View File

@@ -1,6 +1,10 @@
xx.com {
log {
level DEBUG
}
root * /var/www
file_server
tls CA.crt priv.key # 换成你的证书和私钥,绝对路径
reverse_proxy /path 127.0.0.1:2001 {
transport http {

0
VLESS-H2C-Caddy2/README.md → VLESS-HTTP-Caddy/VLESS-H2C-Caddy/README.md
View File

0
VLESS-H2C-Caddy2/client.json → VLESS-HTTP-Caddy/VLESS-H2C-Caddy/client.jsonc
View File

0
VLESS-H2C-Caddy2/server.json → VLESS-HTTP-Caddy/VLESS-H2C-Caddy/server.jsonc
View File

17
VLESS-HTTP-Caddy/VLESS-H3-Caddy/Caddyfile Normal file
View File

@@ -0,0 +1,17 @@
xx.com {
log {
level DEBUG
}
root * /var/www
file_server
tls CA.crt priv.key # 换成你的证书和私钥,绝对路径
reverse_proxy /path 127.0.0.1:2001 {
transport http {
tls
tls_client_auth CA.crt priv.key # 换成你的证书和私钥,绝对路径
tls_server_name xx.com
versions 3
}
}
}

7
VLESS-HTTP-Caddy/VLESS-H3-Caddy/README.md Normal file
View File

@@ -0,0 +1,7 @@
# 原理图:
Xray client <--- H3 ---> Caddy2 <--- H3 ---> Xray server
注意:
由于 H3 没有解密的明文传输标准 这种模式 Caddy 解密流量之后 会重新加密 会增加少许延迟和负载
目前仅 Caddy2 的 v2.9.0-beta.2 版及以后完美支持 Xray 的 H3 入站。

73
VLESS-HTTP-Caddy/VLESS-H3-Caddy/client.jsonc Normal file
View File

@@ -0,0 +1,73 @@
{
"log":{},
"inbounds":[
{
"port":"1080",
"protocol":"socks",
"settings":{
"auth":"noauth",
"udp":true
}
},
{
"port":"1081",
"protocol":"http",
"settings":{}
}
],
"outbounds":[
{
"protocol":"vless",
"settings":{
"vnext":[
{
"address":"xx.com",
"port":443,
"users":[
{
"id":"",
"encryption":"none"
}
]
}
]
},
"streamSettings":{
"network":"http",
"security":"tls",
"httpSettings":{
"host":[
"xx.com"
],
"path":"/path"
}
},
"tlsSettings":{
"alpn":["h3"],
"serverName":"xx.com"
}
},
{
"tag":"direct",
"protocol":"freedom",
"settings":{}
},
{
"tag":"blocked",
"protocol":"blackhole",
"settings":{}
}
],
"routing":{
"domainStrategy":"IPOnDemand",
"rules":[
{
"type":"field",
"ip":[
"geoip:private"
],
"outboundTag":"direct"
}
]
}
}

66
VLESS-HTTP-Caddy/VLESS-H3-Caddy/server.jsonc Normal file
View File

@@ -0,0 +1,66 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 2001,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "",
"email": "love@example.com"
}
],
"decryption": "none"
},
"streamSettings": {
"security": "tls",
"network": "http",
"httpSettings": {
"path": "/path",
"host": [
"xx.com"
]
},
"tlsSettings": {
// "rejectUnknownSni": true,
"minVersion": "1.3",
"alpn": ["h3"],
"certificates": [
{
"certificateFile": "CA.crt", // 换成你的证书,绝对路径
"keyFile": "priv.key" // 换成你的私钥,绝对路径
}
]
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": {}
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
}
]
}
}

11
VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/Caddyfile Normal file
View File

@@ -0,0 +1,11 @@
xx.com {
log {
level DEBUG
}
root * /var/www
file_server
tls CA.crt priv.key # 换成你的证书和私钥,绝对路径
reverse_proxy /path h2c://127.0.0.1:2001 {
}
}

5
VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/README.md Normal file
View File

@@ -0,0 +1,5 @@
# 原理图:
Xray client <--- H3 ---> Caddy2 <--- H2C ---> Xray server
注意:
目前仅 Caddy2 的 v2.9.0-beta.2 版及以后完美支持 H3 转换 H2C 对接 Xray 的 H2C 入站。

73
VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/client.jsonc Normal file
View File

@@ -0,0 +1,73 @@
{
"log":{},
"inbounds":[
{
"port":"1080",
"protocol":"socks",
"settings":{
"auth":"noauth",
"udp":true
}
},
{
"port":"1081",
"protocol":"http",
"settings":{}
}
],
"outbounds":[
{
"protocol":"vless",
"settings":{
"vnext":[
{
"address":"xx.com",
"port":443,
"users":[
{
"id":"",
"encryption":"none"
}
]
}
]
},
"streamSettings":{
"network":"http",
"security":"tls",
"httpSettings":{
"host":[
"xx.com"
],
"path":"/path"
},
"tlsSettings":{
"alpn":["h3"],
"serverName":"xx.com"
}
}
},
{
"tag":"direct",
"protocol":"freedom",
"settings":{}
},
{
"tag":"blocked",
"protocol":"blackhole",
"settings":{}
}
],
"routing":{
"domainStrategy":"IPOnDemand",
"rules":[
{
"type":"field",
"ip":[
"geoip:private"
],
"outboundTag":"direct"
}
]
}
}

55
VLESS-HTTP-Caddy/VLESS-H3-To-H2C-Caddy/server.jsonc Normal file
View File

@@ -0,0 +1,55 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 2001,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "",
"email": "love@example.com"
}
],
"decryption": "none"
},
"streamSettings": {
"security": "none",
"network": "http",
"httpSettings": {
"path": "/path",
"host": [
"xx.com"
]
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": {}
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
}
]
}
}

5
VLESS-TCP-REALITY(Without being stolen)/README.md Normal file
View File

@@ -0,0 +1,5 @@
# 不会被偷跑流量的 REALITY
一个老生常谈的问题,对于非法请求, reality都会无脑转发流量去dest如果reality的dest指向一个cloudflare网站那么相当于服务端变成了CF的端口转发任何人扫过来都可以拿来嫖。
目前的解决办法是不要使用这类的网站作为 dest, 懂一点的会告诉你用 nginx 的 stream 滤一遍 SNI 并丢掉非法请求,但是其实 Xray 本身就支持这种操作,这也是这个模板的原理

56
VLESS-TCP-REALITY(Without being stolen)/config_client.jsonc Normal file
View File

@@ -0,0 +1,56 @@
// 直接从其他示例里 copy 过来的,客户端不需要任何特殊修改,要填的东西也一致
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10808,
"protocol": "socks",
"settings": {
"udp": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
],
"routeOnly": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "127.0.0.1",
"port": 443,
"users": [
{
"id": "", // Needs to match server side
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"fingerprint": "chrome",
"serverName": "speed.cloudflare.com",
"publicKey": "",
"spiderX": "",
"shortId": ""
}
},
"tag": "proxy"
}
]
}

93
VLESS-TCP-REALITY(Without being stolen)/config_server.jsonc Normal file
View File

@@ -0,0 +1,93 @@
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"tag": "dokodemo-in",
"port": 443,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1",
"port": 4431, // 指向内网中的 reality 端口,示例是这个端口,如果要自己修改了记得这里和下面的 reality 入站都要修改
"network": "tcp"
},
"sniffing": { // 这里的 sniffing 不是多余的,别乱动
"enabled": true,
"destOverride": [
"tls"
],
"routeOnly": true
}
},
{
"listen": "127.0.0.1",
"port": 4431, // 见上 如果和其他服务冲突了可以换
"protocol": "vless",
"settings": {
"clients": [
{
"id": "" // uuid
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
// 下方要求和普通 reality 一致,这里演示 dest 设置为 cloudflare 不被偷跑流量所以设置为 speed.cloudflare.com 了
// 你可以设置为其他 CF 网站,如果你的 dest 不是这种网站你也不用点了进来不是吗
"dest": "speed.cloudflare.com:443",
"serverNames": [
"speed.cloudflare.com"
],
"privateKey": "", // 运行 `xray x25519` 生成
"shortIds": [
"",
"0123456789abcdef"
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
],
"routeOnly": true
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "blcok"
}
],
"routing": {
"rules": [
{
"inboundTag": [
"dokodemo-in"
],
// 重要,这个域名列表需要和 realitySettings 的 serverNames 保持一致
"domain": [
"speed.cloudflare.com"
],
"outboundTag": "direct"
},
{
"inboundTag": [
"dokodemo-in"
],
"outboundTag": "blcok"
}
]
}
}

0
VLESS-TCP-TLS (maximal by rprx)/config_client.json → VLESS-TCP-TLS (maximal by rprx)/config_client.jsonc
View File

0
VLESS-TCP-TLS (maximal by rprx)/config_server.json → VLESS-TCP-TLS (maximal by rprx)/config_server.jsonc
View File

18
VLESS-TCP-TLS (minimal by rprx)/README.ENG.md Normal file
View File

@@ -0,0 +1,18 @@
# VLESS over TCP with TLS + fallback (simplest configuration)
You need to have a domain name resolved to the server IP, and apply for a certificate, such as let's encrypt
You also need an Nginx: (or any web server like Caddy)
1. Use the package manager that comes with the system to install nginx. For details, please Google
2. The default configuration of nginx is to listen to port 80, no need to modify
3. Optional: Find and replace the index.html and other files that come with nginx
4. Execute `systemctl enable nginx` to set up autostart
5. Execute `systemctl start nginx` to start nginx
If the server has a firewall enabled or the VPS has a security group, remember to allow ports TCP/80 and 443
---
Next, you can learn about [site building configuration](<../VLESS-TCP-TLS%20(maximal%20by%20rprx)>) (fall back to advanced usage), try [advanced configuration](<../VLESS- TCP-TLS-WS%20(recommended)>) (distribution to WebSocket)

1
VLESS-TCP-TLS (minimal by rprx)/README.md
View File

@@ -1,4 +1,5 @@
# VLESS over TCP with TLS + 回落(最简配置)
[ENGLISH](README.ENG.md)
你需要有一个解析到服务器 IP 的域名,并且申请了证书,比如 let's encrypt

0
VLESS-TCP-TLS (minimal by rprx)/config_client.json → VLESS-TCP-TLS (minimal by rprx)/config_client.jsonc
View File

0
VLESS-TCP-TLS (minimal by rprx)/config_server.json → VLESS-TCP-TLS (minimal by rprx)/config_server.jsonc
View File

13
VLESS-TCP-TLS-WS (recommended)/README.ENG.md Normal file
View File

@@ -0,0 +1,13 @@
# VLESS over TCP with TLS + fallback & split to WebSocket (advanced configuration)
This is a superset of [Minimal Configuration](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>), using the powerful fallback and distribution features of VLESS, it realizes port 443 VLESS over TCP with TLS and Perfect coexistence of any WSS
This configuration is for reference. You can replace VLESS on WS with any other protocol such as VMess, and set more PATHs and protocol coexistence.
After deployment, you can connect to the server through VLESS over TCP with TLS and any WebSocket with TLS at the same time, the latter of which can be through CDN
According to the actual measurement, the performance of VLESS fallback shunt WS is stronger than that of Nginx reverse generation WS. The traditional VMess + WSS solution can be completely migrated without loss of compatibility.
---
Next, you can try [Ultimate Configuration](../VLESS-TCP-XTLS-WHATEVER): switch to XTLS to achieve ultimate performance, and offload to VMess over TCP, and more fallback and offload suggestions, not only Xray

1
VLESS-TCP-TLS-WS (recommended)/README.md
View File

@@ -1,4 +1,5 @@
# VLESS over TCP with TLS + 回落 & 分流 to WebSocket进阶配置
[ENGLISH](README.ENG.md)
这里是 [最简配置](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>) 的超集,利用 VLESS 强大的回落分流特性,实现了 443 端口 VLESS over TCP with TLS 和任意 WSS 的完美共存

0
VLESS-TCP-TLS-WS (recommended)/config_client_tcp_tls.json → VLESS-TCP-TLS-WS (recommended)/config_client_tcp_tls.jsonc
View File

0
VLESS-TCP-TLS-WS (recommended)/config_client_ws_tls.json → VLESS-TCP-TLS-WS (recommended)/config_client_ws_tls.jsonc
View File

0
VLESS-TCP-TLS-WS (recommended)/config_server.json → VLESS-TCP-TLS-WS (recommended)/config_server.jsonc
View File

0
VLESS-TCP-TLS-proxy protocol/config_client.json → VLESS-TCP-TLS-proxy protocol/config_client.jsonc
View File

0
VLESS-TCP-TLS-proxy protocol/config_server.json → VLESS-TCP-TLS-proxy protocol/config_server.jsonc
View File

0
VLESS-TCP-TLS/config_client.json → VLESS-TCP-TLS/config_client.jsonc
View File

0
VLESS-TCP-TLS/config_server.json → VLESS-TCP-TLS/config_server.jsonc
View File

7
VLESS-TCP-XTLS-Vision-REALITY/README.md Normal file
View File

@@ -0,0 +1,7 @@
# This is a minimal configuration file.
**About dest**
If you use `1.1.1.1:443` as dest, an IP certificate is used. You can also leave `serverNames` empty, it is a possible way to bypass [Iran's speed restrictions.](https://t.me/hysteria_github/78830/149362).
**About REALITY**
See [XTLS/REALITY](https://github.com/XTLS/REALITY).
In English See [REALITY.ENG](REALITY.ENG.md)

102
VLESS-TCP-XTLS-Vision-REALITY/REALITY.ENG.md Normal file
View File

@@ -0,0 +1,102 @@
# REALITY
### THE NEXT FUTURE
Server side implementation of REALITY protocol, a fork of package tls in Go 1.19.5.
For client side, please follow https://github.com/XTLS/Xray-core/blob/main/transport/internet/reality/reality.go.
TODO List: TODO
## VLESS-XTLS-uTLS-REALITY example for [Xray-core](https://github.com/XTLS/Xray-core) [ENG]
```json5
{
"inbounds": [ // Server-side inbound configuration
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // Required, generated with ./xray uuid or a 1-30 character string
"flow": "xtls-rprx-vision" // Optional, if specified, clients must enable XTLS
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false, // Optional, if true, outputs debug information
"dest": "example.com:443", // Required, format similar to VLESS fallbacks' dest
"xver": 0, // Optional, format similar to VLESS fallbacks' xver
"serverNames": [ // Required, list of serverNames available to clients, * wildcard is not supported yet
"example.com",
"www.example.com"
],
"privateKey": "", // Required, generated with ./xray x25519
"minClientVer": "", // Optional, minimum client Xray version, format x.y.z
"maxClientVer": "", // Optional, maximum client Xray version, format x.y.z
"maxTimeDiff": 0, // Optional, maximum allowed time difference in milliseconds
"shortIds": [ // Required, list of shortIds available to clients, can be used to distinguish different clients
"", // If this item exists, client shortId can be empty
"0123456789abcdef" // 0 to f, length is a multiple of 2, maximum length is 16
]
}
}
}
]
}
```
By replacing TLS with REALITY, **you can eliminate server-side TLS fingerprint characteristics**, maintain forward secrecy, **and render certificate chain attacks ineffective**. **This allows for pointing to another website** without the need to purchase a domain or configure a TLS server, **making it more convenient to present a specified SNI throughout the entire TLS handshake**.
Typical use cases for proxying involve minimum requirements for target websites: **foreign websites, support for TLSv1.3 and H2, with non-redirected domains** (the primary domain may be used for redirection to www). Bonus features include proximity in IP (more similar with low latency), encrypted handshake messages after the Server Hello (e.g., dl.google.com), and OCSP Stapling. **Configuration bonuses include blocking traffic back to your country, forwarding TCP/80, and UDP/443** (REALITY externally appears as port forwarding, so it might be better for less commonly used destination IPs).
**REALITY can also be used in conjunction with proxy protocols other than XTLS**, but it is not recommended as they exhibit clear TLS-in-TLS characteristics that have already been targeted. REALITY's next major goal is the "**prebuilt mode**," which involves collecting target website features in advance, while XTLS's next major goal is **0-RTT**.
```json5
{
"outbounds": [ // Client-side outbound configuration
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "", // Server's domain or IP
"port": 443,
"users": [
{
"id": "", // Matching the server-side
"flow": "xtls-rprx-vision", // Matching the server-side
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false, // Optional, outputs debug information if true
"fingerprint": "chrome", // Required, simulates the client TLS fingerprint using the uTLS library
"serverName": "", // One of the server's serverNames
"publicKey": "", // The public key corresponding to the server's private key
"shortId": "", // One of the server's shortIds
"spiderX": "" // Initial path and parameters for web crawlers, recommended to be different for each client
}
}
}
]
}
```
REALITY clients should receive a "**temporary trusted certificate**" signed by the "**temporary authentication key.**" However, three scenarios can lead to receiving the target website's genuine certificate:
1. The REALITY server rejects the client's Client Hello, and traffic is redirected to the target website.
2. The client's Client Hello is redirected to the target website by a man-in-the-middle.
3. A man-in-the-middle attack occurs, which could be assisted by the target website or be a certificate chain attack.
REALITY clients can perfectly distinguish between temporary trusted certificates, genuine certificates, and invalid certificates, and decide the next steps:
1. When a temporary trusted certificate is received, the connection is usable, and everything proceeds as usual.
2. When a genuine certificate is received, the client enters spider mode.
3. When an invalid certificate is received, a TLS alert is triggered, and the connection is terminated.

56
VLESS-TCP-XTLS-Vision-REALITY/config_client.jsonc Normal file
View File

@@ -0,0 +1,56 @@
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10808,
"protocol": "socks",
"settings": {
"udp": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
],
"routeOnly": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "",
"port": 443,
"users": [
{
"id": "", // Needs to match server side
"encryption": "none",
"flow": "xtls-rprx-vision"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"fingerprint": "chrome",
"serverName": "", // A website that support TLS1.3 and h2. If your dest is `1.1.1.1:443`, then leave it empty
"publicKey": "", // run `xray x25519` to generate. Public and private keys need to be corresponding.
"spiderX": "", // If your dest is `1.1.1.1:443`, then you can fill it with `/dns-query/` or just leave it empty
"shortId": "" // Required
}
},
"tag": "proxy"
}
]
}

50
VLESS-TCP-XTLS-Vision-REALITY/config_server.jsonc Normal file
View File

@@ -0,0 +1,50 @@
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // run `xray uuid` to generate
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"dest": "", // A website that support TLS1.3 and h2. You can also use `1.1.1.1:443` as dest
"serverNames": [
"" // A server name in the cert of dest site. If you use `1.1.1.1:443` as dest, then you can leave `serverNames` empty, it is a possible ways to bypass Iran's internet speed restrictions.
],
"privateKey": "", // run `xray x25519` to generate. Public and private keys need to be corresponding.
"shortIds": [// Required, list of shortIds available to clients, can be used to distinguish different clients
"", // If this item exists, client shortId can be empty
"0123456789abcdef" // 0 to f, length is a multiple of 2, maximum length is 16
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
],
"routeOnly": true
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
}
]
}

16
VLESS-TCP-XTLS-Vision/README.ENG.md Normal file
View File

@@ -0,0 +1,16 @@
:+1:**XTLS Vision [Introduction](https://github.com/XTLS/Xray-core/discussions/1295)**
**Usage Reminder:**
:exclamation: Compared with the usage base of XTLS Vision, there are almost no reports of Vision being blocked with **correct configuration**. **Correct configuration** refers to:
1. The server uses a reasonable port and prohibits traffic returning to China
2. Only configure XTLS Vision, not compatible with ordinary TLS proxy
3. Fall back to the web page, do not fall back/distribute to other proxy agreements
4. Client enables uTLS (fingerprint) [#1](https://github.com/XTLS/Xray-core/issues/1544#issuecomment-1399194727)
First of all, if you really don't want to be blocked, **please choose a clean IP** first, and build and use XTLS Vision according to **correct configuration**.
**However, even if you do this, there is no guarantee that you will not be blocked** 100%. Since the end of last year, many people's unknown traffic has been blocked in seconds, and TLS in TLS traffic has been blocked every other day. XTLS Vision is not unknown traffic, and fully handles TLS in TLS features, so far it seems to be effective. **But this does not mean that XTLS Vision can be 100% unblocked. It is very, very important to realize this, and don't make a fuss if you are accidentally blocked**.
**Because besides the agreement itself, there are many angles that can block you**. Taking IP as an example, you can't guarantee that the IP is really clean, you can't avoid being affected by neighbors, and you can't avoid the entire IP segment being pulled out of the list. It is also possible that GFWs in certain regions have unique standards. For example, if a certain IP has only a few people accessing it, but it can run so much traffic, it will be blocked. **If your XTLS Vision is blocked, but there is no large-scale blocked report like TLS at the end of last year, I sincerely suggest that you change the port, change the IP, and change the service provider to try again**. [#2](https://github.com/XTLS/Xray-core/issues/1544#issuecomment-1402118517)

18
VLESS-TCP-XTLS-Vision/README.md Normal file
View File

@@ -0,0 +1,18 @@
:+1:**XTLS Vision [简介](https://github.com/XTLS/Xray-core/discussions/1295)**
[ENGLISH](README.ENG.md)
**使用提醒:**
:exclamation:相对于 XTLS Vision 的使用基数,目前几乎没有收到 **配置正确** 的 Vision 被封端口的报告,**配置正确** 指的是:
1. 服务端使用合理的端口,禁回国流量
2. 只配置 XTLS Vision不兼容普通 TLS 代理
3. 回落到网页,不回落/分流到其它代理协议
4. 客户端启用 uTLSfingerprint [#1](https://github.com/XTLS/Xray-core/issues/1544#issuecomment-1399194727)
首先,如果你特别不想被封,**请先选择一个干净的 IP**,并按照 **配置正确** 去搭建、使用 XTLS Vision。
**但是,即使你这样做了,也无法保证 100% 不被封**。自去年底始,很多人的未知流量秒封 IPTLS in TLS 流量隔天封端口。XTLS Vision 不是未知流量,且完整处理了 TLS in TLS 特征,目前看来效果显著。**但这并不意味着,用 XTLS Vision 可以 100% 不被封,认识到这一点是非常、非常重要的,不要自己偶然被封就大惊小怪**。
**因为除了协议本身,还有很多角度能封你**。以 IP 为例,你无法保证 IP 真的干净,无法避免被邻居波及,无法避免整个 IP 段被重点拉清单。也有可能某些地区的 GFW 有独特的标准,比如某个 IP 只有寥寥数人访问连却能跑那么多流量,封。**如果你的 XTLS Vision 被封了,但没有出现去年底 TLS 那样的大规模被封报告,我真心建议你换端口、换 IP、换服务商依次试一遍**。 [#2](https://github.com/XTLS/Xray-core/issues/1544#issuecomment-1402118517)

22
VLESS-TCP-XTLS-Vision/config_client.json → VLESS-TCP-XTLS-Vision/config_client.jsonc
View File

@@ -25,8 +25,8 @@
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10808, // v2rayN
"listen": "127.0.0.1", // Fill in 0.0.0.0 to allow connections from LAN
"port": 10808, // local socks listening port
"protocol": "socks",
"settings": {
"udp": true
@@ -40,8 +40,8 @@
}
},
{
"listen": "127.0.0.1",
"port": 10809, // v2rayN
"listen": "127.0.0.1", // Fill in "0.0.0.0" to allow connections from LAN
"port": 10809, // Local http listening port
"protocol": "http",
"sniffing": {
"enabled": true,
@@ -58,11 +58,11 @@
"settings": {
"vnext": [
{
"address": "", // VPSIP
"port": 16387, // VPS
"address": "", // Address, domain name or IP of the server
"port": 443, // Port, consistent with the server
"users": [
{
"id": "", // ID
"id": "", // User ID, consistent with the server
"encryption": "none",
"flow": "xtls-rprx-vision"
}
@@ -74,9 +74,9 @@
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "", //
"serverName": "", // SNI, if "address" is filled with the domain name of the server, it can be left blank. If "address" is filled with the IP of the server, fill in the domain name contained in the certificate of the server here
"allowInsecure": false,
"fingerprint": "chrome" // uTLS Chrome / Firefox / Safari
"fingerprint": "chrome" // Used to configure the fingerprint of the specified TLS Client Hello, Xray will simulate the TLS fingerprint through the uTLS library, or generate it randomly
}
},
"tag": "proxy"
@@ -84,6 +84,10 @@
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

62
VLESS-TCP-XTLS-Vision/config_server.json
View File

@@ -1,62 +0,0 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:cn"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 16387, // 端口
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // 用户ID
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/ssl/private/fullchain.cer", // 证书
"keyFile": "/etc/ssl/private/private.key" //私钥
}
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

84
VLESS-TCP-XTLS-Vision/config_server.jsonc Normal file
View File

@@ -0,0 +1,84 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:cn"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0", // "0.0.0.0" Indicates listening to both IPv4 and IPv6
"port": 443, // The port on which the server listens
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // User ID, perform xray uuid generation, or a string of 1-30 bytes
"flow": "xtls-rprx-vision"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": "8001",
"xver": 1
},
{
"alpn": "h2",
"dest": "8002",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.2",
"certificates": [
{
"ocspStapling": 3600,
"certificateFile": "/etc/ssl/private/fullchain.cer", // For the certificate file, it is recommended to use fullchain (full SSL certificate chain). If there is only a website certificate, v2rayN can be used but v2rayNG cannot be used. Usually, the extension is not distinguished
"keyFile": "/etc/ssl/private/private.key" // private key file
}
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
],
"policy": {
"levels": {
"0": {
"handshake": 2, // The handshake time limit when the connection is established, in seconds, the default value is 4, it is recommended to be different from the default value
"connIdle": 120 // Connection idle time limit in seconds, the default value is 300, it is recommended to be different from the default value
}
}
}
}

69
VLESS-TCP-XTLS-Vision/nginx.conf Normal file
View File

@@ -0,0 +1,69 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log main;
map $http_upgrade $connection_upgrade {
default upgrade;
"" close;
}
map $proxy_protocol_addr $proxy_forwarded_elem {
~^[0-9.]+$ "for=$proxy_protocol_addr";
~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\"";
default "for=unknown";
}
map $http_forwarded $proxy_add_forwarded {
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
default "$proxy_forwarded_elem";
}
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 127.0.0.1:8001 proxy_protocol;
listen 127.0.0.1:8002 http2 proxy_protocol;
set_real_ip_from 127.0.0.1;
location / {
sub_filter $proxy_host $host;
sub_filter_once off;
proxy_pass https://www.lovelive-anime.jp;
proxy_set_header Host $proxy_host;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_ssl_server_name on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header Forwarded $proxy_add_forwarded;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
resolver 1.1.1.1;
}
}
}

18
VLESS-TCP-XTLS-WHATEVER/README.md
View File

@@ -1,18 +0,0 @@
# VLESS over TCP with XTLS + 回落 & 分流 to WHATEVER终极配置
这里是 [进阶配置](<../VLESS-TCP-TLS-WS%20(recommended)>) 的超集,利用 VLESS 强大的回落分流特性,实现了 443 端口尽可能多的协议、配置的完美共存,包括 [XTLS Direct Mode](https://github.com/rprx/v2fly-github-io/blob/master/docs/config/protocols/vless.md#xtls-%E9%BB%91%E7%A7%91%E6%8A%80)
客户端可以同时通过下列方式连接到服务器,其中 WS 都可以通过 CDN
1. VLESS over TCP with XTLS数倍性能首选方式
2. VLESS over TCP with TLS
3. VLESS over WS with TLS
4. VMess over TCP with TLS不推荐
5. VMess over WS with TLS
6. Trojan over TCP with TLS
---
这里设置默认回落到 Xray 的 Trojan 协议,再继续回落到 80 端口的 Web 服务器也可以换成数据库、FTP 等)
你还可以配置回落到 Caddy 的 forwardproxy 等其它也防探测的代理,以及分流到任何支持 WebSocket 的代理,都没有问题

37
VLESS-TCP-XTLS-WHATEVER/config_client/trojan_tcp_tls.json
View File

@@ -1,37 +0,0 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 10800,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "trojan",
"settings": {
"servers": [
{
"address": "example.com", // 换成你的域名或服务器 IP发起请求时无需解析域名了
"port": 443,
"password": "", // 填写你的密码
"level": 0
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "example.com" // 换成你的域名
}
}
}
]
}

42
VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_tls.json
View File

@@ -1,42 +0,0 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 10800,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "example.com", // 换成你的域名或服务器 IP发起请求时无需解析域名了
"port": 443,
"users": [
{
"id": "", // 填写你的 UUID
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "example.com" // 换成你的域名
}
}
}
]
}

43
VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_xtls.json
View File

@@ -1,43 +0,0 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 10800,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "example.com", // 换成你的域名或服务器 IP发起请求时无需解析域名了
"port": 443,
"users": [
{
"id": "", // 填写你的 UUID
"flow": "xtls-rprx-direct",
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls", // 需要使用 XTLS
"xtlsSettings": {
"serverName": "example.com" // 换成你的域名
}
}
}
]
}

Some files were not shown because too many files have changed in this diff Show More