// Configs here can not contain "bypassing sanctions" contents (inappropriate on US GitHub) // Please join the official Xray Iranian group https://t.me/projectXhttp to get the whole working configs // Serverless with MitM-Domain-Fronting for Iran v1 // Xray-core v25.2.21+ // Requires a self-signed-certificate: you can create it using "./xray tls cert -ca -file=mycert" command // also, the certificate must be imported into "Trusted-Root-Certification-Authorities" of system/browser { "log": { "loglevel": "warning", "dnsLog": false, "access": "none" }, "dns":{ "hosts": { "geosite:category-ads-all": ["10.10.34.36", "2001:4188:2:600:10:10:34:36"] }, "servers": [ "h2c://1.1.1.1/dns-query", {"address": "localhost", "domains": ["geosite:private", "geosite:category-ir"]} ], "tag": "dns-query", "disableFallback": true }, "inbounds": [ { "tag": "dns-in", "port": 10853, "protocol": "dokodemo-door", "settings": { "address": "1.1.1.1", "port": 53, "network": "tcp,udp" } }, { "tag": "socks-in", "port": 10808, "protocol": "socks", "sniffing": { "enabled": true, "destOverride": ["http", "tls", "quic"], "routeOnly": false }, "settings": {"udp": true} }, { "port": 4431, "tag": "tls-decrypt-h11", "protocol": "dokodemo-door", "settings": { "network": "tcp", "port": 443, "followRedirect": true }, "streamSettings": { "security": "tls", "tlsSettings": { "alpn": ["http/1.1"], "certificates": [ { "usage": "issue", "certificateFile": "mycert.crt", // certificate path "keyFile": "mycert.key" // private-key path } ] } } }, { "port": 4432, "tag": "tls-decrypt-h211", "protocol": "dokodemo-door", "settings": { "network": "tcp", "port": 443, "followRedirect": true }, "streamSettings": { "security": "tls", "tlsSettings": { "alpn": ["h2","http/1.1"], "certificates": [ { "usage": "issue", "certificateFile": "mycert.crt", // certificate path "keyFile": "mycert.key" // private-key path } ] } } } ], "outbounds": [ { "tag": "block", "protocol": "blackhole" }, { "tag": "direct", "protocol": "freedom", "settings": {"domainStrategy": "ForceIP"} }, { "tag": "redirect-out-h11", "protocol": "freedom", "settings": { "redirect": "127.0.0.1:4431" } }, { "tag": "redirect-out-h211", "protocol": "freedom", "settings": { "redirect": "127.0.0.1:4432" } }, { "tag": "tls-repack-dns", "protocol": "freedom", "settings": {"domainStrategy": "ForceIP"}, "streamSettings": { "security": "tls", "tlsSettings": { "serverName": "www.bing.com", "verifyPeerCertInNames": ["fromMitM", "www.bing.com"], "alpn": ["fromMitM"], "fingerprint": "chrome" } } }, { "tag": "tls-repack-google", "protocol": "freedom", "settings": {"domainStrategy": "ForceIP"}, "streamSettings": { "security": "tls", "tlsSettings": { "serverName": "www.google.com", "verifyPeerCertInNames": ["fromMitM", "www.google.com", "dns.google", "www.googlevideo.com", "www.youtube.com"], "alpn": ["fromMitM"], "fingerprint": "chrome" } } }, { "tag": "tls-repack-meta", "protocol": "freedom", "settings": {"domainStrategy": "ForceIP"}, "streamSettings": { "security": "tls", "tlsSettings": { "serverName": "www.whatsapp.com", "verifyPeerCertInNames": ["fromMitM", "www.whatsapp.com", "www.facebook.com", "www.ar.meta.com", "www.fb.com", "www.whatsapp.net", "www.atlassolutions.com", "www.secure.facebook.com", "www.extern.facebook.com", "www.internet.org", "www.oculus.com", "www.wit.ai", "www.facebook-dns.com", "www.instagram.com", "www.meta.com", "www.external-disputes.meta.com", "www.fbe2e.com", "www.cloud.x2p.facebook.net", "www.secure.latest.facebook.com"], "alpn": ["fromMitM"], "fingerprint": "chrome" } } }, { "tag": "tls-repack-fastly", "protocol": "freedom", "settings": {"domainStrategy": "ForceIP"}, "streamSettings": { "security": "tls", "tlsSettings": { "serverName": "www.fastly.com", "verifyPeerCertInNames": ["fromMitM", "www.fastly.com", "www.reddit.com", "x.com"], "alpn": ["fromMitM"], "fingerprint": "chrome" } } }, { "tag": "dns-out", "protocol": "dns", "settings": {"nonIPQuery": "skip", "network": "tcp", "address": "1.1.1.1", "port": 53}, "streamSettings": { "sockopt": { "dialerProxy": "chain1-fragment" } } }, { "tag": "super-fragment", "protocol": "freedom", "settings": { "fragment": { "packets": "tlshello", "length": "6", "interval": "0" } }, "streamSettings": { "sockopt": { "dialerProxy": "chain1-fragment" } } }, { "tag": "chain1-fragment", "protocol": "freedom", "settings": { "fragment": { "packets": "1-3", "length": "517", "interval": "1" } }, "streamSettings": { "sockopt": { "dialerProxy": "chain2-fragment" } } }, { "tag": "chain2-fragment", "protocol": "freedom", "settings": { "domainStrategy": "ForceIP", "fragment": { "packets": "1-1", "length": "1", "interval": "2" } }, "streamSettings": { "sockopt": { "tcpNoDelay": true } } }, { "tag": "udp-noises", "protocol": "freedom", "settings": { "domainStrategy": "ForceIP", "noises": [ {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "10"} ] } } ], "routing": { "domainStrategy": "IPOnDemand", "rules": [ {"outboundTag": "dns-out", "inboundTag": ["dns-in"] }, {"outboundTag": "dns-out", "inboundTag": ["socks-in"], "port": 53 }, {"outboundTag": "tls-repack-dns", "inboundTag": ["dns-query"] }, {"outboundTag": "block", "domain": ["geosite:category-ads-all"] }, {"outboundTag": "block", "ip": ["10.10.34.0/24", "2001:4188:2:600:10:10:34:36", "2001:4188:2:600:10:10:34:35"] }, {"outboundTag": "direct", "domain": ["geosite:private", "geosite:category-ir"] }, {"outboundTag": "direct", "ip": ["geoip:private", "geoip:ir"] }, {"outboundTag": "chain1-fragment", // or "super-fragment" "inboundTag": ["socks-in"], "network": "tcp", "ip": ["geoip:cloudflare", "geoip:cloudfront"] }, { "outboundTag": "redirect-out-h11", "inboundTag": ["socks-in"], "network": "tcp", "protocol": ["tls"], "port": 443, "domain": ["domain:googlevideo.com"] }, { "outboundTag": "redirect-out-h211", "inboundTag": ["socks-in"], "network": "tcp", "protocol": ["tls"], "port": 443, "domain": ["geosite:youtube", "geosite:x", "geosite:reddit", "geosite:meta"] }, {"outboundTag": "tls-repack-google", "domain": ["geosite:youtube", "domain:googlevideo.com"], "inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"] }, {"outboundTag": "tls-repack-meta", "domain": ["geosite:meta"], "inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"] }, {"outboundTag": "tls-repack-fastly", "domain": ["geosite:x", "geosite:reddit"], "inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"] }, {"outboundTag": "udp-noises", "network": "udp" }, {"outboundTag": "chain1-fragment", // or "super-fragment" "network": "tcp" } ] } }