github/Xray-examples
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-examples.git synced 2025-09-21 22:54:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:main
Branches Tags
github:main github:Del-`path`-on-Xray
..
compare: github:Del-`path`-on-Xray
Branches Tags
github:main github:Del-`path`-on-Xray

6 Commits
main ... Del-`path`

Author SHA1 Message Date
xqzr
2a3aa86e4a Update Caddyfile 2024-10-26 03:10:34 +08:00
xqzr
ef8962658d Update nginx.conf 2024-10-26 02:55:19 +08:00
xqzr
f092fd7ae3 Update server.jsonc 2024-10-26 02:54:54 +08:00
xqzr
fb19ed3ed6 Update Caddyfile 2024-10-26 02:48:55 +08:00
xqzr
f7e1a4e5b4 Update server.jsonc 2024-10-26 02:38:33 +08:00
xqzr
100e729cc7 Update nginx.conf 2024-10-26 02:37:34 +08:00
34 changed files with 44 additions and 1768 deletions
Expand all files Collapse all files

40
All-in-One-fallbacks-Nginx/generate.sh
View File

@@ -45,15 +45,15 @@ Help()
echo "Please read the contents of this file and change all the required fields."
echo "*************************************************************************"
echo "*************************************************************************"
echo
echo
echo
echo
echo "Commands"
echo
echo "m Make and store the configs in result.txt."
echo "r Revert all the changes."
echo "q Print the qr codes of configs in terminal. Run this after running with -m."
echo "b Print one base64 link for all configs in terminal. Run this after running with -m."
echo
echo
echo
echo "Usage: "
echo
@@ -63,7 +63,7 @@ Help()
Revert()
{
git restore client.configs/* server.jsonc nginx.conf
git restore client.configs/* server.json nginx.conf
}
Make()
@@ -71,28 +71,28 @@ Make()
#################################
# main domain #
#################################
sed -i "s/$fake_domain_crt_path/$main_domain_crt/g" server.jsonc client.configs/* nginx.conf
sed -i "s/$fake_domain_key_path/$main_domain_key/g" server.jsonc client.configs/* nginx.conf
sed -i "s/$fake_domain/$main_domain/g" server.jsonc client.configs/* nginx.conf
sed -i "s/$fake_domain_crt_path/$main_domain_crt/g" server.json client.configs/* nginx.conf
sed -i "s/$fake_domain_key_path/$main_domain_key/g" server.json client.configs/* nginx.conf
sed -i "s/$fake_domain/$main_domain/g" server.json client.configs/* nginx.conf
#################################
# behind cdn domain #
#################################
if [ "$cdn_domain" == "" ]; then
echo "No domain behind cdn set. Removing related fields."
sed -i "146 s/.$//" server.jsonc
sed -i "147,152d" server.jsonc
sed -i "146 s/.$//" server.json
sed -i "147,152d" server.json
fi
sed -i "s/$fake_cdn_domain_crt_path/$cdn_domain_crt/g" server.jsonc client.configs/* nginx.conf
sed -i "s/$fake_cdn_domain_key_path/$cdn_domain_key/g" server.jsonc client.configs/* nginx.conf
sed -i "s/$fake_cdn_domain/$cdn_domain/g" server.jsonc client.configs/* nginx.conf
sed -i "s/$fake_cdn_domain_crt_path/$cdn_domain_crt/g" server.json client.configs/* nginx.conf
sed -i "s/$fake_cdn_domain_key_path/$cdn_domain_key/g" server.json client.configs/* nginx.conf
sed -i "s/$fake_cdn_domain/$cdn_domain/g" server.json client.configs/* nginx.conf
#################################
# uuid/pass #
#################################
sed -i "s/$fakeid/$myid/g" server.jsonc client.configs/* nginx.conf
sed -i "s/$fakepass/$mypass/g" server.jsonc client.configs/* nginx.conf
sed -i "s/$fakeid/$myid/g" server.json client.configs/* nginx.conf
sed -i "s/$fakepass/$mypass/g" server.json client.configs/* nginx.conf
#################################
# configs #
@@ -125,19 +125,19 @@ Printqr()
{
while read line; do
export t=`echo $line | cut -c -2`
if [ "$t" == "vm" ]; then
if [ "$t" == "vm" ]; then
echo $line | cut -c 9- | base64 -d | grep "\"ps\":" | sed -n -e 's/"ps": "//p' | sed -n -e 's/",//p' | sed -n -e 's/ *//p'
curl qrcode.show -d $line
else
echo $line | sed -n -e 's/^.*#//p'
curl qrcode.show -d $line
fi
fi
done < result.txt
}
while getopts "mrqb" option; do
case $option in
r)
r)
Revert
exit;;
m)
@@ -150,7 +150,7 @@ while getopts "mrqb" option; do
Printqr
exit;;
\?)
\?)
Help
exit;;
esac

428
LICENSE
View File

@@ -1,428 +0,0 @@
Attribution-ShareAlike 4.0 International
=======================================================================
Creative Commons Corporation ("Creative Commons") is not a law firm and
does not provide legal services or legal advice. Distribution of
Creative Commons public licenses does not create a lawyer-client or
other relationship. Creative Commons makes its licenses and related
information available on an "as-is" basis. Creative Commons gives no
warranties regarding its licenses, any material licensed under their
terms and conditions, or any related information. Creative Commons
disclaims all liability for damages resulting from their use to the
fullest extent possible.
Using Creative Commons Public Licenses
Creative Commons public licenses provide a standard set of terms and
conditions that creators and other rights holders may use to share
original works of authorship and other material subject to copyright
and certain other rights specified in the public license below. The
following considerations are for informational purposes only, are not
exhaustive, and do not form part of our licenses.
Considerations for licensors: Our public licenses are
intended for use by those authorized to give the public
permission to use material in ways otherwise restricted by
copyright and certain other rights. Our licenses are
irrevocable. Licensors should read and understand the terms
and conditions of the license they choose before applying it.
Licensors should also secure all rights necessary before
applying our licenses so that the public can reuse the
material as expected. Licensors should clearly mark any
material not subject to the license. This includes other CC-
licensed material, or material used under an exception or
limitation to copyright. More considerations for licensors:
wiki.creativecommons.org/Considerations_for_licensors
Considerations for the public: By using one of our public
licenses, a licensor grants the public permission to use the
licensed material under specified terms and conditions. If
the licensor's permission is not necessary for any reason--for
example, because of any applicable exception or limitation to
copyright--then that use is not regulated by the license. Our
licenses grant only permissions under copyright and certain
other rights that a licensor has authority to grant. Use of
the licensed material may still be restricted for other
reasons, including because others have copyright or other
rights in the material. A licensor may make special requests,
such as asking that all changes be marked or described.
Although not required by our licenses, you are encouraged to
respect those requests where reasonable. More considerations
for the public:
wiki.creativecommons.org/Considerations_for_licensees
=======================================================================
Creative Commons Attribution-ShareAlike 4.0 International Public
License
By exercising the Licensed Rights (defined below), You accept and agree
to be bound by the terms and conditions of this Creative Commons
Attribution-ShareAlike 4.0 International Public License ("Public
License"). To the extent this Public License may be interpreted as a
contract, You are granted the Licensed Rights in consideration of Your
acceptance of these terms and conditions, and the Licensor grants You
such rights in consideration of benefits the Licensor receives from
making the Licensed Material available under these terms and
conditions.
Section 1 -- Definitions.
a. Adapted Material means material subject to Copyright and Similar
Rights that is derived from or based upon the Licensed Material
and in which the Licensed Material is translated, altered,
arranged, transformed, or otherwise modified in a manner requiring
permission under the Copyright and Similar Rights held by the
Licensor. For purposes of this Public License, where the Licensed
Material is a musical work, performance, or sound recording,
Adapted Material is always produced where the Licensed Material is
synched in timed relation with a moving image.
b. Adapter's License means the license You apply to Your Copyright
and Similar Rights in Your contributions to Adapted Material in
accordance with the terms and conditions of this Public License.
c. BY-SA Compatible License means a license listed at
creativecommons.org/compatiblelicenses, approved by Creative
Commons as essentially the equivalent of this Public License.
d. Copyright and Similar Rights means copyright and/or similar rights
closely related to copyright including, without limitation,
performance, broadcast, sound recording, and Sui Generis Database
Rights, without regard to how the rights are labeled or
categorized. For purposes of this Public License, the rights
specified in Section 2(b)(1)-(2) are not Copyright and Similar
Rights.
e. Effective Technological Measures means those measures that, in the
absence of proper authority, may not be circumvented under laws
fulfilling obligations under Article 11 of the WIPO Copyright
Treaty adopted on December 20, 1996, and/or similar international
agreements.
f. Exceptions and Limitations means fair use, fair dealing, and/or
any other exception or limitation to Copyright and Similar Rights
that applies to Your use of the Licensed Material.
g. License Elements means the license attributes listed in the name
of a Creative Commons Public License. The License Elements of this
Public License are Attribution and ShareAlike.
h. Licensed Material means the artistic or literary work, database,
or other material to which the Licensor applied this Public
License.
i. Licensed Rights means the rights granted to You subject to the
terms and conditions of this Public License, which are limited to
all Copyright and Similar Rights that apply to Your use of the
Licensed Material and that the Licensor has authority to license.
j. Licensor means the individual(s) or entity(ies) granting rights
under this Public License.
k. Share means to provide material to the public by any means or
process that requires permission under the Licensed Rights, such
as reproduction, public display, public performance, distribution,
dissemination, communication, or importation, and to make material
available to the public including in ways that members of the
public may access the material from a place and at a time
individually chosen by them.
l. Sui Generis Database Rights means rights other than copyright
resulting from Directive 96/9/EC of the European Parliament and of
the Council of 11 March 1996 on the legal protection of databases,
as amended and/or succeeded, as well as other essentially
equivalent rights anywhere in the world.
m. You means the individual or entity exercising the Licensed Rights
under this Public License. Your has a corresponding meaning.
Section 2 -- Scope.
a. License grant.
1. Subject to the terms and conditions of this Public License,
the Licensor hereby grants You a worldwide, royalty-free,
non-sublicensable, non-exclusive, irrevocable license to
exercise the Licensed Rights in the Licensed Material to:
a. reproduce and Share the Licensed Material, in whole or
in part; and
b. produce, reproduce, and Share Adapted Material.
2. Exceptions and Limitations. For the avoidance of doubt, where
Exceptions and Limitations apply to Your use, this Public
License does not apply, and You do not need to comply with
its terms and conditions.
3. Term. The term of this Public License is specified in Section
6(a).
4. Media and formats; technical modifications allowed. The
Licensor authorizes You to exercise the Licensed Rights in
all media and formats whether now known or hereafter created,
and to make technical modifications necessary to do so. The
Licensor waives and/or agrees not to assert any right or
authority to forbid You from making technical modifications
necessary to exercise the Licensed Rights, including
technical modifications necessary to circumvent Effective
Technological Measures. For purposes of this Public License,
simply making modifications authorized by this Section 2(a)
(4) never produces Adapted Material.
5. Downstream recipients.
a. Offer from the Licensor -- Licensed Material. Every
recipient of the Licensed Material automatically
receives an offer from the Licensor to exercise the
Licensed Rights under the terms and conditions of this
Public License.
b. Additional offer from the Licensor -- Adapted Material.
Every recipient of Adapted Material from You
automatically receives an offer from the Licensor to
exercise the Licensed Rights in the Adapted Material
under the conditions of the Adapter's License You apply.
c. No downstream restrictions. You may not offer or impose
any additional or different terms or conditions on, or
apply any Effective Technological Measures to, the
Licensed Material if doing so restricts exercise of the
Licensed Rights by any recipient of the Licensed
Material.
6. No endorsement. Nothing in this Public License constitutes or
may be construed as permission to assert or imply that You
are, or that Your use of the Licensed Material is, connected
with, or sponsored, endorsed, or granted official status by,
the Licensor or others designated to receive attribution as
provided in Section 3(a)(1)(A)(i).
b. Other rights.
1. Moral rights, such as the right of integrity, are not
licensed under this Public License, nor are publicity,
privacy, and/or other similar personality rights; however, to
the extent possible, the Licensor waives and/or agrees not to
assert any such rights held by the Licensor to the limited
extent necessary to allow You to exercise the Licensed
Rights, but not otherwise.
2. Patent and trademark rights are not licensed under this
Public License.
3. To the extent possible, the Licensor waives any right to
collect royalties from You for the exercise of the Licensed
Rights, whether directly or through a collecting society
under any voluntary or waivable statutory or compulsory
licensing scheme. In all other cases the Licensor expressly
reserves any right to collect such royalties.
Section 3 -- License Conditions.
Your exercise of the Licensed Rights is expressly made subject to the
following conditions.
a. Attribution.
1. If You Share the Licensed Material (including in modified
form), You must:
a. retain the following if it is supplied by the Licensor
with the Licensed Material:
i. identification of the creator(s) of the Licensed
Material and any others designated to receive
attribution, in any reasonable manner requested by
the Licensor (including by pseudonym if
designated);
ii. a copyright notice;
iii. a notice that refers to this Public License;
iv. a notice that refers to the disclaimer of
warranties;
v. a URI or hyperlink to the Licensed Material to the
extent reasonably practicable;
b. indicate if You modified the Licensed Material and
retain an indication of any previous modifications; and
c. indicate the Licensed Material is licensed under this
Public License, and include the text of, or the URI or
hyperlink to, this Public License.
2. You may satisfy the conditions in Section 3(a)(1) in any
reasonable manner based on the medium, means, and context in
which You Share the Licensed Material. For example, it may be
reasonable to satisfy the conditions by providing a URI or
hyperlink to a resource that includes the required
information.
3. If requested by the Licensor, You must remove any of the
information required by Section 3(a)(1)(A) to the extent
reasonably practicable.
b. ShareAlike.
In addition to the conditions in Section 3(a), if You Share
Adapted Material You produce, the following conditions also apply.
1. The Adapter's License You apply must be a Creative Commons
license with the same License Elements, this version or
later, or a BY-SA Compatible License.
2. You must include the text of, or the URI or hyperlink to, the
Adapter's License You apply. You may satisfy this condition
in any reasonable manner based on the medium, means, and
context in which You Share Adapted Material.
3. You may not offer or impose any additional or different terms
or conditions on, or apply any Effective Technological
Measures to, Adapted Material that restrict exercise of the
rights granted under the Adapter's License You apply.
Section 4 -- Sui Generis Database Rights.
Where the Licensed Rights include Sui Generis Database Rights that
apply to Your use of the Licensed Material:
a. for the avoidance of doubt, Section 2(a)(1) grants You the right
to extract, reuse, reproduce, and Share all or a substantial
portion of the contents of the database;
b. if You include all or a substantial portion of the database
contents in a database in which You have Sui Generis Database
Rights, then the database in which You have Sui Generis Database
Rights (but not its individual contents) is Adapted Material,
including for purposes of Section 3(b); and
c. You must comply with the conditions in Section 3(a) if You Share
all or a substantial portion of the contents of the database.
For the avoidance of doubt, this Section 4 supplements and does not
replace Your obligations under this Public License where the Licensed
Rights include other Copyright and Similar Rights.
Section 5 -- Disclaimer of Warranties and Limitation of Liability.
a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
c. The disclaimer of warranties and limitation of liability provided
above shall be interpreted in a manner that, to the extent
possible, most closely approximates an absolute disclaimer and
waiver of all liability.
Section 6 -- Term and Termination.
a. This Public License applies for the term of the Copyright and
Similar Rights licensed here. However, if You fail to comply with
this Public License, then Your rights under this Public License
terminate automatically.
b. Where Your right to use the Licensed Material has terminated under
Section 6(a), it reinstates:
1. automatically as of the date the violation is cured, provided
it is cured within 30 days of Your discovery of the
violation; or
2. upon express reinstatement by the Licensor.
For the avoidance of doubt, this Section 6(b) does not affect any
right the Licensor may have to seek remedies for Your violations
of this Public License.
c. For the avoidance of doubt, the Licensor may also offer the
Licensed Material under separate terms or conditions or stop
distributing the Licensed Material at any time; however, doing so
will not terminate this Public License.
d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
License.
Section 7 -- Other Terms and Conditions.
a. The Licensor shall not be bound by any additional or different
terms or conditions communicated by You unless expressly agreed.
b. Any arrangements, understandings, or agreements regarding the
Licensed Material not stated herein are separate from and
independent of the terms and conditions of this Public License.
Section 8 -- Interpretation.
a. For the avoidance of doubt, this Public License does not, and
shall not be interpreted to, reduce, limit, restrict, or impose
conditions on any use of the Licensed Material that could lawfully
be made without permission under this Public License.
b. To the extent possible, if any provision of this Public License is
deemed unenforceable, it shall be automatically reformed to the
minimum extent necessary to make it enforceable. If the provision
cannot be reformed, it shall be severed from this Public License
without affecting the enforceability of the remaining terms and
conditions.
c. No term or condition of this Public License will be waived and no
failure to comply consented to unless expressly agreed to by the
Licensor.
d. Nothing in this Public License constitutes or may be interpreted
as a limitation upon, or waiver of, any privileges and immunities
that apply to the Licensor or You, including from the legal
processes of any jurisdiction or authority.
=======================================================================
Creative Commons is not a party to its public
licenses. Notwithstanding, Creative Commons may elect to apply one of
its public licenses to material it publishes and in those instances
will be considered the “Licensor.” The text of the Creative Commons
public licenses is dedicated to the public domain under the CC0 Public
Domain Dedication. Except for the limited purpose of indicating that
material is shared under a Creative Commons public license or as
otherwise permitted by the Creative Commons policies published at
creativecommons.org/policies, Creative Commons does not authorize the
use of the trademark "Creative Commons" or any other trademark or logo
of Creative Commons without its prior written consent including,
without limitation, in connection with any unauthorized modifications
to any of its public licenses or any other arrangements,
understandings, or agreements concerning use of licensed material. For
the avoidance of doubt, this paragraph does not form part of the
public licenses.
Creative Commons may be contacted at creativecommons.org.

15
MITM-Domain-Fronting/README.md
View File

@@ -1,15 +0,0 @@
# MITM 域前置
ray 很久很久就支持 MITM, 这个功能一直被雪藏,所以还是决定对代码小修改之后放出模板。
这是个仅客户端模板,作用是对请求进行 MITM 解密 TLS 后重新以假 SNI 发出 TLS 请求,达到强行域前置的目的。这只是一个演示其作用机制的模板,它的作用也不止于此,你单纯用来进行 TLS 卸载供后续程序处理或者把明文数据加密进 TLS 隧道什么的也是一种用法。
使用前请确保你足够了解 TLS 和 HTTPS 协议.(至少需要知道 SNI 和 alpn 的工作机制)
这里的接入方法选择了手动使用 socks5 代理,实际上 socks5 代理只是个把请求劫持到本地任意门入站的方法,实际上你可以用 hosts 或者任何方法把请求劫持到 tag 为 tls-decrypt 的那个入站,都可以满足需求。
**请仔细阅读我留下的每一行注释**,有助于你理解工作原理和正确部署。
这个东西能工作的前提是该网站**接受域前置或无 SNI 请求,且有 IP 没有被墙**,你可能需要靠扫描或者社区收集寻找这样可用的 SNI 和 IP 集。
演示网站我选择了 e-hentai, 主要因为它的前端结构比较简单,只要处理了这个域名别的资源都可以正常加载,其他网站可能还需要处理一些资源域名。

133
MITM-Domain-Fronting/config.jsonc
View File

@@ -1,133 +0,0 @@
{
"log": {
"loglevel": "debug"
},
"inbounds": [
// 请求在该入站中被解密
{
"port": 4431,
"listen": "127.0.0.1",
"tag": "tls-decrypt",
"protocol": "dokodemo-door",
"settings": {
"network": "tcp",
// 从 TLS 的 SNI 中读出目标地址并应用至请求,用于后续路由
"followRedirect": true
},
"streamSettings": {
"security": "tls",
"tlsSettings": {
// 根据实际情况填写,这里适合绝大多数情况,如果你的网站仅支持 http/1.1, 就只保留 http/1.1
// ps: 如果你选择了 http/1.1 那么你甚至可以用后续的路由模块屏蔽部分路径
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"usage": "issue",
"buildChain": "true",
// 下面的证书和私钥使用 xray tls cert -ca 命令生成,或者你的自签名证书也行
// 这会生成一个 CA 证书,每个新的要被 MITM 网站请求都会单独用这个 CA 签发一张临时证书
// 所以你只需要在系统信任这一张证书就可以了,或者你可以忍得了浏览器的红标无视风险继续访问也行
"certificate": [],
"key": []
}
]
}
}
},
// 真正用到的入站
{
"port": 10801,
"listen": "127.0.0.1",
"tag": "socks-in",
"protocol": "socks",
"sniffing": {
// 一般情况得开
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
// 请求在该出站被强行重定向到 tls-decrypt 进行解密
{
"tag": "redirect-out",
"protocol": "freedom",
"settings": {
"redirect": "127.0.0.1:4431"
}
},
// 明文请求在这里被重新加密为正常 HTTPS 请求
{
"tag": "tls-repack",
"protocol": "freedom",
"settings": {
// 你要连接到的服务器的最终IP以及端口大多数情况下需要手动寻找这样允许域前置的IP
"redirect": "104.20.19.168:443"
},
"streamSettings": {
"security": "tls",
"tlsSettings": {
// fromMitm 会在客户端发送仅有 alpn http/1.1(大多数时候是wss) 的情况下使用同样的alpn, 需要 v25.2.21+
// 旧版本没这个选项别直接把这玩意发出去了从上面的alpn选项复制下来(当然更新版本最好)
"alpn": [
"fromMitm"
],
// 你要发送的假 SNI, 根据你的网站接受的 SNI 而定
// 当然你也可以留空或者我这样乱填个ip, 这样就不会有任何 SNI 扩展被发送,前提是你的网站接受无 SNI 请求
"serverName": "11.45.1.4",
// 你期望服务端返回证书里的包含的域名,需要 v25.2.21+
// 如果是旧版本只能考虑开允许不安全,然后可以考虑文档中其他校验证书的方法进行验证
"verifyPeerCertInNames": [
"e-hentai.org",
// 特殊选项,尝试按从 dokodemo-door 入站进来的 SNI 对远端证书进行验证(或取自内置 DNS 的 DoH h2c hostname
"fromMitm"
]
}
}
},
// 无辜流量直接放行
{
"tag": "direct",
"protocol": "freedom"
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"inboundTag": [
"tls-decrypt"
],
// tls-repark 中定义了一些参数(比如IP和SNI), 不同的网站可能需要不同的参数
// 要支持更多的网站,可以新建更多的此类 freedom 出站,然后在这里把不同的明文请求按需求路由到不同的出站重新打包回 HTTPS
// 这里的域名来源就是 tls-decrypt 入站的 followRedirect, 所以一个本地端口就可以接受任何网站的请求并在核心中这样区分开
"domain": [
"e-hentai.org"
],
"outboundTag": "tls-repack"
},
{
"inboundTag": [
"socks-in"
],
// 你要 mitm 的网址
"domain": [
"e-hentai.org"
],
"outboundTag": "redirect-out"
},
{
"inboundTag": [
"socks-in"
],
"outboundTag": "direct"
}
]
}
}

2
README.md
View File

@@ -1,3 +1,3 @@
# Xray-examples
Some examples of uses for [Xray-core](https://github.com/XTLS/Xray-core)
Forked from [v2ray-examples](https://github.com/v2fly/v2ray-examples)

6
ReverseProxy/VLESS-TCP-XTLS-WS/client_tcp.jsonc
View File

@@ -41,7 +41,7 @@
"users": [
{
"id": "", // 填写你的 UUID
"flow": "xtls-rprx-vision",
"flow": "xtls-rprx-direct",
"encryption": "none",
"level": 0
}
@@ -51,8 +51,8 @@
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"security": "xtls",
"xtlsSettings": {
"serverName": "reverse.example" // 换成你的域名
}
}

6
ReverseProxy/VLESS-TCP-XTLS-WS/portal.jsonc
View File

@@ -19,7 +19,7 @@
"clients": [
{
"id": "", //填写你的 UUID
"flow": "xtls-rprx-vsion",
"flow": "xtls-rprx-direct",
"level": 0,
"email": "@external"
}
@@ -43,8 +43,8 @@
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"security": "xtls",
"xtlsSettings": {
"alpn": [
"http/1.1"
],

48
Serverless-for-Iran/README.md
View File

@@ -1,48 +0,0 @@
# Access almost all websites & services directly, for every person in Iran
**Configs here can not contain "bypassing sanctions" contents (inappropriate on US GitHub)**
**Please join the official Xray Iranian group https://t.me/projectXhttp to get the whole working configs**
# Serverless for Iran
Bypass censorship using TCP/TLS fragment and UDP noises.
It doesn't change your local IP, so it is not suitable for anonymity.
# Serverless with MitM-Domain-Fronting for Iran (Xray-core v25.9.5+)
Same as "Serverless for Iran" but use "DoH h2c + domain fronting" for DNS and MitM for these services that support domain fronting:
* YouTube
* X
* Reddit
* Meta (Facebook, Instagram, ...)
(This list will be updated)
**Requires a self-signed-certificate: You can create it using "./xray tls cert -ca -file=mycert" command.**
**Also, the certificate must be imported into "Trusted-Root-Certification-Authorities" of system/browser.**
## How to import the certificate into the system/browser:
**Windows**:
* System:
Right click on the certificate -> Install certificate -> Local machine -> Place all certificates in the following store -> Select "Trusted Root Certification Authorities"
* Browser(Chrome):
Settings -> Privacy and security -> Security -> Manage certificates -> Manage imported certificates from Windows -> Trusted Root Certification Authorities -> Import -> Select the certificate file -> Place all certificates in the following store -> Select "Trusted Root Certification Authorities"
**Android**:
* Chromium based browsers and Apps that support user-certificates:
Setting -> Security and privacy -> More security settings -> Install from device storage -> CA Certificate -> Install anyway -> Select the Certificate file on your storage.
* Firefox:
Run the firefox browser -> Settings -> About Firefox -> Tap the Firefox logo five times -> Navigate to Settings -> Secret Settings -> Toggle "Use third party CA certificates"

272
Serverless-for-Iran/serverless_for_Iran.jsonc
View File

@@ -1,272 +0,0 @@
// Configs here can not contain "bypassing sanctions" contents (inappropriate on US GitHub)
// Please join the official Xray Iranian group https://t.me/projectXhttp to get the whole working configs
{
"remarks": "Serverless",
"version": {
"min": "25.9.5"
},
"log": {
"loglevel": "warning", "dnsLog": false, "access": "none"
},
"policy": {
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0
}
}
},
"dns":{
"hosts": {
"geosite:category-ads-all": "#3",
"one.one.one.one": ["1.1.1.1", "1.0.0.1", "2606:4700:4700::1111", "2606:4700:4700::1001"],
"cloudflare-dns.com": "www.cloudflare.com"
},
"servers": [
{
"address": "fakedns",
"domains": ["domain:ir", "geosite:private", "geosite:category-ir", "full:www.cloudflare.com"],
"finalQuery": true
},
{
"tag": "no-filter-dns",
"address": "https://cloudflare-dns.com/dns-query",
"timeoutMs": 5000,
"finalQuery": true
},
{
"address": "localhost",
"domains": ["domain:ir", "geosite:private", "geosite:category-ir", "full:www.cloudflare.com"],
"finalQuery": true
}
],
"queryStrategy": "UseSystem",
"useSystemHosts": true
},
"inbounds": [
{
"tag": "dns-in",
"listen": "127.0.0.1",
"port": 10853,
"protocol": "tunnel",
"settings": {
"address": "one.one.one.one",
"port": 53,
"network": "tcp,udp"
},
"streamSettings": {
"sockopt": {
"tcpKeepAliveInterval": 1,
"tcpKeepAliveIdle": 46
}
}
},
{
"tag": "socks-in",
"listen": "127.0.0.1",
"port": 10808,
"protocol": "mixed",
"sniffing": {
"enabled": true,
"destOverride": ["fakedns"],
"routeOnly": false
},
"settings": {
"udp": true,
"ip": "127.0.0.1"
},
"streamSettings": {
"sockopt": {
"tcpKeepAliveInterval": 1,
"tcpKeepAliveIdle": 46
}
}
}
],
"outbounds": [
{
"tag": "block-out",
"protocol": "block"
},
{
"tag": "direct-out",
"protocol": "direct",
"streamSettings": {
"sockopt": {
"domainStrategy": "ForceIP",
"happyEyeballs": {
"tryDelayMs": 100,
"prioritizeIPv6": true,
"interleave": 2,
"maxConcurrentTry": 16
}
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"settings": {"nonIPQuery": "skip", "network": "tcp", "address": "one.one.one.one", "port": 53},
"streamSettings": {
"sockopt": {
"dialerProxy": "full-fragment"
}
}
},
{
"tag": "skip-fragment",
"protocol": "direct",
"settings": {
"fragment": {
"packets": "1-1",
"length": "130",
"interval": "190",
"maxSplit": "4"
}
},
"streamSettings": {
"sockopt": {
"dialerProxy": "_chain-skip"
}
}
},
{
"tag": "_chain-skip",
"protocol": "direct",
"settings": {
"fragment": {
"packets": "2-4",
"length": "1",
"interval": "1",
"maxSplit": "130"
}
},
"streamSettings": {
"sockopt": {
"domainStrategy": "ForceIP",
"happyEyeballs": {
"tryDelayMs": 300,
"prioritizeIPv6": true,
"interleave": 2,
"maxConcurrentTry": 16
}
}
}
},
{
"tag": "full-fragment",
"protocol": "direct",
"settings": {
"fragment": {
"packets": "1-1",
"length": "1",
"interval": "1",
"maxSplit": "517"
}
},
"streamSettings": {
"sockopt": {
"domainStrategy": "ForceIP",
"happyEyeballs": {
"tryDelayMs": 300,
"prioritizeIPv6": true,
"interleave": 2,
"maxConcurrentTry": 16
}
}
}
},
{
"tag": "udp-noises",
"protocol": "direct",
"settings": {
"targetStrategy": "ForceIP", // or "ForceIPv6v4" to prefer IPv6
"noises": [
{"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"}, {"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"},
{"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"}, {"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"},
{"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"}, {"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"},
{"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"}, {"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"},
{"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"}, {"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"},
{"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"}, {"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"},
{"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"}, {"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"},
{"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"}, {"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"},
{"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"}, {"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"},
{"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"}, {"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"},
{"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"}, {"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"},
{"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"}, {"type": "rand", "packet": "1250", "delay": "10", "applyTo": "ipv4"},
{"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}, {"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"},
{"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}, {"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"},
{"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}, {"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"},
{"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}, {"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"},
{"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}, {"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"},
{"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}, {"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"},
{"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}, {"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"},
{"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}, {"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"},
{"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}, {"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"},
{"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}, {"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"},
{"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}, {"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"},
{"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}, {"type": "rand", "packet": "1230", "delay": "10", "applyTo": "ipv6"}
]
}
}
],
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{"outboundTag": "block-out",
"domain": ["geosite:category-ads-all"]
},
{"outboundTag": "dns-out",
"inboundTag": ["dns-in"]
},
{"outboundTag": "dns-out",
"inboundTag": ["socks-in"], "port": 53
},
{"outboundTag": "full-fragment", // or "skip-fragment"
"inboundTag": ["no-filter-dns"]
},
{"outboundTag": "block-out",
"ip": ["0.0.0.0", "::"]
},
{"outboundTag": "direct-out",
"domain": ["domain:ir", "geosite:private", "geosite:category-ir"]
},
{"outboundTag": "direct-out",
"ip": ["geoip:private", "geoip:ir"]
},
{"outboundTag": "udp-noises",
"network": "udp", "protocol": ["quic"]
},
{"outboundTag": "udp-noises",
"network": "udp", "port": "443,2053,2083,2087,2096,8443"
},
{"outboundTag": "direct-out",
"network": "udp"
},
{"outboundTag": "full-fragment", // or "skip-fragment"
"network": "tcp", "protocol": ["tls"]
},
{"outboundTag": "full-fragment", // or "skip-fragment"
"network": "tcp", "port": "443,2053,2083,2087,2096,8443"
},
{"outboundTag": "full-fragment",
"network": "tcp", "protocol": ["http"]
},
{"outboundTag": "full-fragment",
"network": "tcp", "port": "80,8080,8880,2052,2082,2086,2095"
},
{"outboundTag": "full-fragment",
"network": "tcp"
}
]
}
}

347
Serverless-for-Iran/serverless_with_mitm_for_Iran.jsonc
View File

@@ -1,347 +0,0 @@
// Configs here can not contain "bypassing sanctions" contents (inappropriate on US GitHub)
// Please join the official Xray Iranian group https://t.me/projectXhttp to get the whole working configs
// Serverless with MitM-Domain-Fronting for Iran v4
// Xray-core v25.2.21+
// Requires a self-signed-certificate: You can create it using "./xray tls cert -ca -file=mycert" command.
// Also, the certificate must be imported into "Trusted-Root-Certification-Authorities" of system/browser.
{
"log": {
"loglevel": "warning", "dnsLog": false, "access": "none"
},
"dns":{
"hosts": {
"geosite:category-ads-all": ["10.10.34.36", "2001:4188:2:600:10:10:34:36"]
},
"servers": [
"h2c://1.1.1.1/dns-query",
{"address": "localhost", "domains": ["geosite:private", "geosite:category-ir"]}
],
"tag": "dns-query",
"disableFallback": true
},
"inbounds": [
{
"tag": "dns-in",
"port": 10853,
"protocol": "dokodemo-door",
"settings": {
"address": "1.1.1.1",
"port": 53,
"network": "tcp,udp"
}
},
{
"tag": "socks-in",
"port": 10808,
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"],
"routeOnly": false
},
"settings": {"udp": true}
},
{
"port": 4431,
"tag": "tls-decrypt-h11",
"protocol": "dokodemo-door",
"settings": {
"network": "tcp",
"port": 443,
"followRedirect": true
},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"alpn": ["http/1.1"],
"certificates": [
{
"usage": "issue",
"certificateFile": "mycert.crt", // certificate path
"keyFile": "mycert.key" // private-key path
}
]
}
}
},
{
"port": 4432,
"tag": "tls-decrypt-h211",
"protocol": "dokodemo-door",
"settings": {
"network": "tcp",
"port": 443,
"followRedirect": true
},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"alpn": ["h2","http/1.1"],
"certificates": [
{
"usage": "issue",
"certificateFile": "mycert.crt", // certificate path
"keyFile": "mycert.key" // private-key path
}
]
}
}
}
],
"outbounds": [
{
"tag": "block",
"protocol": "blackhole"
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {"domainStrategy": "ForceIP"}
},
{
"tag": "redirect-out-h11",
"protocol": "freedom",
"settings": {
"redirect": "127.0.0.1:4431"
}
},
{
"tag": "redirect-out-h211",
"protocol": "freedom",
"settings": {
"redirect": "127.0.0.1:4432"
}
},
{
"tag": "tls-repack-dns",
"protocol": "freedom",
"settings": {"domainStrategy": "ForceIP"},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"serverName": "www.microsoft.com",
"verifyPeerCertInNames": ["fromMitM", "www.microsoft.com"],
"alpn": ["fromMitM"],
"fingerprint": "chrome"
}
}
},
{
"tag": "tls-repack-google",
"protocol": "freedom",
"settings": {"domainStrategy": "ForceIP"},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"serverName": "www.google.com",
"verifyPeerCertInNames": ["fromMitM", "www.google.com", "dns.google", "www.googlevideo.com", "www.youtube.com"],
"alpn": ["fromMitM"],
"fingerprint": "chrome"
}
}
},
{
"tag": "tls-repack-meta",
"protocol": "freedom",
"settings": {"domainStrategy": "ForceIP"},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"serverName": "www.whatsapp.com",
"verifyPeerCertInNames": ["fromMitM", "www.whatsapp.com", "www.facebook.com", "www.ar.meta.com", "www.fb.com", "www.whatsapp.net", "www.atlassolutions.com", "www.secure.facebook.com", "www.extern.facebook.com", "www.internet.org", "www.oculus.com", "www.wit.ai", "www.facebook-dns.com", "www.instagram.com", "www.meta.com", "www.external-disputes.meta.com", "www.fbe2e.com", "www.cloud.x2p.facebook.net", "www.secure.latest.facebook.com"],
"alpn": ["fromMitM"],
"fingerprint": "chrome"
}
}
},
{
"tag": "tls-repack-fastly",
"protocol": "freedom",
"settings": {"domainStrategy": "ForceIP"},
"streamSettings": {
"security": "tls",
"tlsSettings": {
"serverName": "www.fastly.com",
"verifyPeerCertInNames": ["fromMitM", "www.fastly.com", "www.reddit.com", "x.com"],
"alpn": ["fromMitM"],
"fingerprint": "chrome"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"settings": {"nonIPQuery": "skip", "network": "tcp", "address": "1.1.1.1", "port": 53},
"streamSettings": {
"sockopt": {
"dialerProxy": "chain1-fragment"
}
}
},
{
"tag": "super-fragment",
"protocol": "freedom",
"settings": {
"fragment": {
"packets": "tlshello",
"length": "6",
"interval": "0"
}
},
"streamSettings": {
"sockopt": {
"dialerProxy": "chain1-fragment"
}
}
},
{
"tag": "chain1-fragment",
"protocol": "freedom",
"settings": {
"fragment": {
"packets": "1-3",
"length": "517",
"interval": "1"
}
},
"streamSettings": {
"sockopt": {
"dialerProxy": "chain2-fragment"
}
}
},
{
"tag": "chain2-fragment",
"protocol": "freedom",
"settings": {
"domainStrategy": "ForceIP",
"fragment": {
"packets": "1-1",
"length": "1",
"interval": "2"
}
}
},
{
"tag": "udp-noisesv4",
"protocol": "freedom",
"settings": {
"domainStrategy": "ForceIPv4",
"noises": [
{"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
{"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
{"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
{"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
{"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
{"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
{"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
{"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
{"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
{"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
{"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
{"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"}
]
}
},
{
"tag": "udp-noisesv6",
"protocol": "freedom",
"settings": {
"domainStrategy": "ForceIPv6",
"noises": [
{"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
{"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
{"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
{"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
{"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
{"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
{"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
{"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
{"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
{"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
{"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
{"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"}
]
}
}
],
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{"outboundTag": "dns-out",
"inboundTag": ["dns-in"]
},
{"outboundTag": "dns-out",
"inboundTag": ["socks-in"], "port": 53
},
{"outboundTag": "tls-repack-dns",
"inboundTag": ["dns-query"]
},
{"outboundTag": "block",
"domain": ["geosite:category-ads-all"]
},
{"outboundTag": "block",
"ip": ["10.10.34.0/24", "2001:4188:2:600:10:10:34:36", "2001:4188:2:600:10:10:34:35", "2001:4188:2:600:10:10:34:34"]
},
{"outboundTag": "direct",
"domain": ["geosite:private", "geosite:category-ir"]
},
{"outboundTag": "direct",
"ip": ["geoip:private", "geoip:ir"]
},
{"outboundTag": "chain1-fragment", // or "super-fragment"
"inboundTag": ["socks-in"],
"network": "tcp",
"ip": ["geoip:cloudflare", "geoip:cloudfront"]
},
{
"outboundTag": "redirect-out-h11",
"inboundTag": ["socks-in"],
"network": "tcp",
"protocol": ["tls"],
"port": 443,
"domain": ["domain:googlevideo.com"]
},
{
"outboundTag": "redirect-out-h211",
"inboundTag": ["socks-in"],
"network": "tcp",
"protocol": ["tls"],
"port": 443,
"domain": ["geosite:youtube", "geosite:x", "geosite:reddit", "geosite:meta"]
},
{"outboundTag": "tls-repack-google",
"domain": ["geosite:youtube", "domain:googlevideo.com"],
"inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
},
{"outboundTag": "tls-repack-meta",
"domain": ["geosite:meta"],
"inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
},
{"outboundTag": "tls-repack-fastly",
"domain": ["geosite:x", "geosite:reddit"],
"inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
},
{"outboundTag": "udp-noisesv4",
"network": "udp", "ip": ["0.0.0.0/0"], "port": 443
},
{"outboundTag": "udp-noisesv6",
"network": "udp", "ip": ["::/0"], "port": 443
},
{"outboundTag": "direct",
"network": "udp"
},
{"outboundTag": "chain1-fragment", // or "super-fragment"
"network": "tcp"
}
]
}
}

6
Trojan-TCP-XTLS/config_client.jsonc
View File

@@ -30,7 +30,7 @@
"servers": [
{
"address": "example.com", // your domain name or server IP
"flow": "xtls-rprx-vision", // Linux or android can be changed to "xtls-rprx-splice"
"flow": "xtls-rprx-direct", // Linux or android can be changed to "xtls-rprx-splice"
"port": 443,
"password": "your_password" // your password
}
@@ -38,8 +38,8 @@
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"security": "xtls",
"xtlsSettings": {
"serverName": "example.com" // your domain name
}
}

6
Trojan-TCP-XTLS/config_server.jsonc
View File

@@ -10,7 +10,7 @@
"clients": [
{
"password":"your_password", // password
"flow": "xtls-rprx-vison"
"flow": "xtls-rprx-direct"
}
],
"fallbacks": [
@@ -27,8 +27,8 @@
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"security": "xtls",
"xtlsSettings": {
"alpn": [
"http/1.1",
"h2"

0
VLESS-TCP-REALITY (without being stolen)/README.md → VLESS-TCP-REALITY(Without being stolen)/README.md
View File

0
VLESS-TCP-REALITY (without being stolen)/config_client.jsonc → VLESS-TCP-REALITY(Without being stolen)/config_client.jsonc
View File

6
VLESS-TCP-REALITY (without being stolen)/config_server.jsonc → VLESS-TCP-REALITY(Without being stolen)/config_server.jsonc
View File

@@ -67,7 +67,7 @@
},
{
"protocol": "blackhole",
"tag": "block"
"tag": "blcok"
}
],
"routing": {
@@ -86,8 +86,8 @@
"inboundTag": [
"dokodemo-in"
],
"outboundTag": "block"
"outboundTag": "blcok"
}
]
}
}
}

6
VLESS-TCP-TLS-WS/README.ENG.md → VLESS-TCP-TLS-WS (recommended)/README.ENG.md
View File

@@ -1,11 +1,5 @@
# VLESS over TCP with TLS + fallback & split to WebSocket (advanced configuration)
## Caution
**This configuration was tagged as recommended, however https://github.com/XTLS/Xray-core/issues/1750#issuecomment-1459469821 had mentioned its vulnerabilities and it should be tagged as <u>deprecated</u>.**
## Original Content
This is a superset of [Minimal Configuration](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>), using the powerful fallback and distribution features of VLESS, it realizes port 443 VLESS over TCP with TLS and Perfect coexistence of any WSS
This configuration is for reference. You can replace VLESS on WS with any other protocol such as VMess, and set more PATHs and protocol coexistence.

7
VLESS-TCP-TLS-WS/README.md → VLESS-TCP-TLS-WS (recommended)/README.md
View File

@@ -1,11 +1,4 @@
# VLESS over TCP with TLS + 回落 & 分流 to WebSocket进阶配置
## 注意
**这个配置过去被标记为推荐,然而 https://github.com/XTLS/Xray-core/issues/1750#issuecomment-1459469821 提到其安全缺陷,且它应当列为<u>已废弃</u>。**
## 原文
[ENGLISH](README.ENG.md)
这里是 [最简配置](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>) 的超集,利用 VLESS 强大的回落分流特性,实现了 443 端口 VLESS over TCP with TLS 和任意 WSS 的完美共存

0
VLESS-TCP-TLS-WS/config_client_tcp_tls.jsonc → VLESS-TCP-TLS-WS (recommended)/config_client_tcp_tls.jsonc
View File

0
VLESS-TCP-TLS-WS/config_client_ws_tls.jsonc → VLESS-TCP-TLS-WS (recommended)/config_client_ws_tls.jsonc
View File

0
VLESS-TCP-TLS-WS/config_server.jsonc → VLESS-TCP-TLS-WS (recommended)/config_server.jsonc
View File

2
VLESS-TLS-SplitHTTP-CaddyNginx/Caddyfile
View File

@@ -1,5 +1,5 @@
localhost:443 {
handle /split/* {
handle_path /split/* {
reverse_proxy http://127.0.0.1:1234
}
}

4
VLESS-TLS-SplitHTTP-CaddyNginx/nginx.conf
View File

@@ -15,8 +15,8 @@ server {
# of information.
# access_log off;
location /split {
proxy_pass http://127.0.0.1:1234;
location /split/ {
proxy_pass http://127.0.0.1:1234/;
proxy_http_version 1.1;
proxy_redirect off;
}

5
VLESS-TLS-SplitHTTP-CaddyNginx/server.jsonc
View File

@@ -16,10 +16,7 @@
"decryption": "none"
},
"streamSettings": {
"network": "splithttp",
"splithttpSettings": {
"path": "/split"
}
"network": "splithttp"
},
"sniffing": {
"enabled": true,

6
VLESS-WSS-Nginx/nginx.conf
View File

@@ -11,12 +11,12 @@ server {
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
# 在 location 后填写 /你的 path
location /你的 path {
# 在 location 后填写 /你的 path/
location /你的 path/ {
if ($http_upgrade != "websocket") {
return 404;
}
proxy_pass http://127.0.0.1:1234;
proxy_pass http://127.0.0.1:1234/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;

5
VLESS-WSS-Nginx/server.jsonc
View File

@@ -16,10 +16,7 @@
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/Path2WS" // 填写你的 path
}
"network": "ws"
},
"sniffing": {
"enabled": true,

9
VLESS-XHTTP-Reality/minimal-steal_others/README.en.md
View File

@@ -1,9 +0,0 @@
# VLESS-XHTTP-Reality-steal_others
[Reality](https://github.com/XTLS/REALITY) and [XHTTP](https://github.com/XTLS/Xray-core/discussions/4113) are two major techniques of Project X which are up-to-date. This example provides a minimal configuration, which can be used for new versions of Xray-core (and cannot be used for low versions, recommended >= [v25.3.6](https://github.com/XTLS/Xray-core/releases/tag/v25.3.6) ). There are also more complicated configurations provided by other community repositories.
#### Note
* Leave the fields blank as much as possible to ensure that users who have not configured their own will be responded to by xray-core with an error.
* Considering practicality, [domain name sniffing](https://xtls.github.io/config/inbound.html#sniffingobject) is enabled.
* The `"fingerprint"` field for Reality has a safe default value of `"chrome"` since version 24.12.18, so it is omitted in this example. Old versions of Xray-Core without a default value should not be able to recognize this configuration file (due to the `"target"` field), so it should be safe to omit it here.

12
VLESS-XHTTP-Reality/minimal-steal_others/README.md
View File

@@ -1,12 +0,0 @@
# VLESS-XHTTP-Reality-steal_others
[Reality](https://github.com/XTLS/REALITY)与[XHTTP](https://github.com/XTLS/Xray-core/discussions/4113)是XTLS项目的两项主要且较新的技术。本示例配置提供一个极简配置其可在较新版本的Xray-core使用且无法在低版本使用建议版本不旧于[v25.3.6](https://github.com/XTLS/Xray-core/releases/tag/v25.3.6))。目前亦有社区成员在其他仓库提供更复杂的配置方案。
另外根据[一些经验](https://github.com/XTLS/Xray-core/issues/1027),对于中国大陆用户建议使用[禁回国流量的路由规则](server-block-cn.jsonc),以避免服务器向境内网站发起连接而被标记为代理。
#### 备注
* 待填字段尽可能留空了确保未自行配置的用户将被xray-core回应以报错。
* 考虑到实用性,开启了[域名嗅探](https://xtls.github.io/config/inbound.html#sniffingobject)。
* Reality设定的`"fingerprint"`字段自24.12.18版本已有安全的默认值`"chrome"`故不再标注。没有默认值的旧版Xray-core应该会因无法识别这个配置文件因target字段所以此处省略应该是安全的。

77
VLESS-XHTTP-Reality/minimal-steal_others/client-bypass-cn.jsonc
View File

@@ -1,77 +0,0 @@
{
"routing": {
"rules": [
{
"ip": [
"geoip:private"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"geoip:cn"
],
"outboundTag": "direct"
},
{
"type": "field",
"domain": [
"geosite:cn"
],
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10808,
"protocol": "socks"
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "", // 服务端的域名或 IP
"port": 443, // 填入配置服务器入站时设定的监听端口
"users": [
{
"id": "", // 与服务端一致
"encryption": "none",
"flow": ""
}
]
}
]
},
"streamSettings": {
"network": "xhttp",
"xhttpSettings": {
"path": "/yourpath" // 与服务端一致
},
"security": "reality",
"realitySettings": {
"serverName": "", // 在服务端所设serverNames列表中选择一个填入
"publicKey": "", // 服务端执行 xray x25519 生成,私钥对应的公钥,填 "Public key" 的值
"shortId": "", // 服务端 shortIds 之一
"spiderX": "/somepath", // 爬虫初始路径与参数,建议每个客户端不同
"fingerprint": "chrome" // 使用 uTLS 库模拟客户端 TLS 指纹。,为强调而保留。
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

63
VLESS-XHTTP-Reality/minimal-steal_others/client.jsonc
View File

@@ -1,63 +0,0 @@
{
"routing": {
"rules": [
{
"ip": [
"geoip:private"
],
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10808,
"protocol": "socks"
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "", // 服务端的域名或 IP
"port": 443, // 填入配置服务器入站时设定的监听端口
"users": [
{
"id": "", // 与服务端一致
"encryption": "none",
"flow": ""
}
]
}
]
},
"streamSettings": {
"network": "xhttp",
"xhttpSettings": {
"path": "/yourpath" // 与服务端一致
},
"security": "reality",
"realitySettings": {
"serverName": "", // 在服务端所设serverNames列表中选择一个填入
"publicKey": "", // 服务端执行 xray x25519 生成,私钥对应的公钥,填 "Public key" 的值
"shortId": "", // 服务端 shortIds 之一
"spiderX": "/somepath", // 爬虫初始路径与参数,建议每个客户端不同
"fingerprint": "chrome" // 使用 uTLS 库模拟客户端 TLS 指纹。,为强调而保留。
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

79
VLESS-XHTTP-Reality/minimal-steal_others/server-block-cn.jsonc
View File

@@ -1,79 +0,0 @@
{
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:cn"
],
"outboundTag": "block"
},
{
"type": "field",
"domain": [
"geosite:cn"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443, // 可根据实际情况更换端口
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成
"flow": ""
}
],
"decryption": "none"
},
"streamSettings": {
"network": "xhttp",
"xhttpSettings": {
"path": "/yourpath" // 自行设定路径
},
"security": "reality",
"realitySettings": {
// 此target字段原名为dest从24.10.31版本开始开始使用新名称。
// 目标网站最低标准:国外网站,支持 TLSv1.3 与 H2域名非跳转用主域名可能被用于跳转到 www。详见 https://github.com/XTLS/REALITY
"target": "example.com:443",
"serverNames": [
// 客户端可用的 serverName 列表,暂不支持 * 通配符
// 执行 xray tls ping 目标网站网址,填 "Allowed domains" 的值
],
"privateKey": "", // 执行 xray x25519 生成,填 "Private key" 的值
"shortIds": [ // 客户端可用的 shortId 列表,可用于区分不同的客户端
// "", // 若有此项,客户端 shortId 可为空
"00", // 0 到 f长度为 2 的倍数,长度上限为 16
"01",
"02"
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

60
VLESS-XHTTP-Reality/minimal-steal_others/server.jsonc
View File

@@ -1,60 +0,0 @@
{
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443, // 可根据实际情况更换端口
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成
"flow": ""
}
],
"decryption": "none"
},
"streamSettings": {
"network": "xhttp",
"xhttpSettings": {
"path": "/yourpath" // 自行设定路径
},
"security": "reality",
"realitySettings": {
// 此target字段原名为dest从24.10.31版本开始开始使用新名称。
// 目标网站最低标准:国外网站,支持 TLSv1.3 与 H2域名非跳转用主域名可能被用于跳转到 www。详见 https://github.com/XTLS/REALITY
"target": "example.com:443",
"serverNames": [
// 客户端可用的 serverName 列表,暂不支持 * 通配符
// 执行 xray tls ping 目标网站网址,填 "Allowed domains" 的值
],
"privateKey": "", // 执行 xray x25519 生成,填 "Private key" 的值
"shortIds": [ // 客户端可用的 shortId 列表,可用于区分不同的客户端
// "", // 若有此项,客户端 shortId 可为空
"00", // 0 到 f长度为 2 的倍数,长度上限为 16
"01",
"02"
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

86
VLESS-XHTTP3-Nginx/client.jsonc
View File

@@ -1,86 +0,0 @@
{
"log": {},
"inbounds": [
{
"port": "1080",
"listen": "::1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "example.com",
"port": 443,
"users": [
{
"id": "", //填写你的 UUID
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "xhttp",
"xhttpSettings": {
"path": "", //填写你的 path
"mode": "stream-one", //如使用 downloadSettings下行不可用 stream-one可用 stream-up。
"#xmux": { //使用默认值。如需自定义:移除前面的 #(井号)。注意:不可超过 Nginx 的最高(上限)值。
"maxConcurrency": 128, //Nginx 默认上限 128。https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_max_concurrent_streams
"hMaxRequestTimes": 1000, //Nginx 默认上限 1000。https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests
"hMaxReusableSecs": 3600 //Nginx 默认上限 3600s(1h)。https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_time
},
"#downloadSettings": { //如需 H2 下行:移除前面的 #(井号)以使用 downloadSettings上面和 server.json 的 mode 更改为 stream-up。
"address": "example.com",
"port": 443,
"network": "xhttp",
"xhttpSettings": {
"path": "", //填写你的 path同上
"#xmux": { //使用默认值。如需自定义:移除前面的 #(井号)。注意:不可超过 Nginx 的最高(上限)值。
"maxConcurrency": 128, //Nginx 默认上限 128。https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_max_concurrent_streams
"hMaxRequestTimes": 1000, //Nginx 默认上限 1000。https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests
"hMaxReusableSecs": 3600 //Nginx 默认上限 3600s(1h)。https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_time
}
},
"security": "tls"
}
},
"security": "tls",
"tlsSettings": {
"alpn": [
"h3" //如遇到性能远不及预期并且 log 伴随“QUIC flood detected”可参考https://github.com/XTLS/Xray-core/discussions/4197
]
}
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": {}
}
],
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct"
}
]
}
}

26
VLESS-XHTTP3-Nginx/nginx.conf
View File

@@ -1,26 +0,0 @@
server {
listen [::]:443 ssl ipv6only=off reuseport;
listen [::]:443 quic reuseport ipv6only=off;
server_name example.com;
index index.html;
root /var/www/html;
http2 on;
ssl_certificate /path/to/example.cer;
ssl_certificate_key /path/to/example.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
client_header_timeout 5m;
keepalive_timeout 5m;
# 在 location 后填写 /你的 path/
location /你的 path/ {
client_max_body_size 0;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_body_timeout 5m;
grpc_read_timeout 315;
grpc_send_timeout 5m;
grpc_pass unix:/dev/shm/xrxh.socket;
}
}

50
VLESS-XHTTP3-Nginx/server.jsonc
View File

@@ -1,50 +0,0 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"listen": "/dev/shm/xrxh.socket,0666",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "" // 填写你的 UUID
}
],
"decryption": "none"
},
"streamSettings": {
"network": "xhttp",
"xhttpSettings": {
"mode": "stream-one", //如在 config.jsonc 使用 downloadSettings下行不可用 stream-one可用 stream-up。
"path": "" // 填写你的 path
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": {}
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
}
]
}
}