mirror of
https://github.com/XTLS/Xray-examples.git
synced 2025-03-01 18:39:29 +08:00
327 lines
10 KiB
JSON
327 lines
10 KiB
JSON
// Configs here can not contain "bypassing sanctions" contents (inappropriate on US GitHub)
|
|
// Please join the official Xray Iranian group https://t.me/projectXhttp to get the whole working configs
|
|
|
|
// Serverless with MitM-Domain-Fronting for Iran v1
|
|
// Xray-core v25.2.21+
|
|
|
|
// Requires a self-signed-certificate: you can create it using "./xray tls cert -ca -file=mycert" command
|
|
// also, the certificate must be imported into "Trusted-Root-Certification-Authorities" of system/browser
|
|
|
|
|
|
{
|
|
"log": {
|
|
"loglevel": "warning", "dnsLog": false, "access": "none"
|
|
},
|
|
|
|
"dns":{
|
|
"hosts": {
|
|
"geosite:category-ads-all": ["10.10.34.36", "2001:4188:2:600:10:10:34:36"]
|
|
},
|
|
"servers": [
|
|
"h2c://1.1.1.1/dns-query",
|
|
{"address": "localhost", "domains": ["geosite:private", "geosite:category-ir"]}
|
|
],
|
|
"tag": "dns-query",
|
|
"disableFallback": true
|
|
},
|
|
|
|
"inbounds": [
|
|
{
|
|
"tag": "dns-in",
|
|
"port": 10853,
|
|
"protocol": "dokodemo-door",
|
|
"settings": {
|
|
"address": "1.1.1.1",
|
|
"port": 53,
|
|
"network": "tcp,udp"
|
|
}
|
|
},
|
|
{
|
|
"tag": "socks-in",
|
|
"port": 10808,
|
|
"protocol": "socks",
|
|
"sniffing": {
|
|
"enabled": true,
|
|
"destOverride": ["http", "tls", "quic"],
|
|
"routeOnly": false
|
|
},
|
|
"settings": {"udp": true}
|
|
},
|
|
{
|
|
"port": 4431,
|
|
"tag": "tls-decrypt-h11",
|
|
"protocol": "dokodemo-door",
|
|
"settings": {
|
|
"network": "tcp",
|
|
"port": 443,
|
|
"followRedirect": true
|
|
},
|
|
"streamSettings": {
|
|
"security": "tls",
|
|
"tlsSettings": {
|
|
"alpn": ["http/1.1"],
|
|
"certificates": [
|
|
{
|
|
"usage": "issue",
|
|
"certificateFile": "mycert.crt", // certificate path
|
|
"keyFile": "mycert.key" // private-key path
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"port": 4432,
|
|
"tag": "tls-decrypt-h211",
|
|
"protocol": "dokodemo-door",
|
|
"settings": {
|
|
"network": "tcp",
|
|
"port": 443,
|
|
"followRedirect": true
|
|
},
|
|
"streamSettings": {
|
|
"security": "tls",
|
|
"tlsSettings": {
|
|
"alpn": ["h2","http/1.1"],
|
|
"certificates": [
|
|
{
|
|
"usage": "issue",
|
|
"certificateFile": "mycert.crt", // certificate path
|
|
"keyFile": "mycert.key" // private-key path
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
],
|
|
|
|
"outbounds": [
|
|
{
|
|
"tag": "block",
|
|
"protocol": "blackhole"
|
|
},
|
|
{
|
|
"tag": "direct",
|
|
"protocol": "freedom",
|
|
"settings": {"domainStrategy": "ForceIP"}
|
|
},
|
|
{
|
|
"tag": "redirect-out-h11",
|
|
"protocol": "freedom",
|
|
"settings": {
|
|
"redirect": "127.0.0.1:4431"
|
|
}
|
|
},
|
|
{
|
|
"tag": "redirect-out-h211",
|
|
"protocol": "freedom",
|
|
"settings": {
|
|
"redirect": "127.0.0.1:4432"
|
|
}
|
|
},
|
|
{
|
|
"tag": "tls-repack-dns",
|
|
"protocol": "freedom",
|
|
"settings": {"domainStrategy": "ForceIP"},
|
|
"streamSettings": {
|
|
"security": "tls",
|
|
"tlsSettings": {
|
|
"serverName": "www.bing.com",
|
|
"verifyPeerCertInNames": ["fromMitM", "www.bing.com"],
|
|
"alpn": ["fromMitM"],
|
|
"fingerprint": "chrome"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"tag": "tls-repack-google",
|
|
"protocol": "freedom",
|
|
"settings": {"domainStrategy": "ForceIP"},
|
|
"streamSettings": {
|
|
"security": "tls",
|
|
"tlsSettings": {
|
|
"serverName": "www.google.com",
|
|
"verifyPeerCertInNames": ["fromMitM", "www.google.com", "dns.google", "www.googlevideo.com", "www.youtube.com"],
|
|
"alpn": ["fromMitM"],
|
|
"fingerprint": "chrome"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"tag": "tls-repack-meta",
|
|
"protocol": "freedom",
|
|
"settings": {"domainStrategy": "ForceIP"},
|
|
"streamSettings": {
|
|
"security": "tls",
|
|
"tlsSettings": {
|
|
"serverName": "www.whatsapp.com",
|
|
"verifyPeerCertInNames": ["fromMitM", "www.whatsapp.com", "www.facebook.com", "www.ar.meta.com", "www.fb.com", "www.whatsapp.net", "www.atlassolutions.com", "www.secure.facebook.com", "www.extern.facebook.com", "www.internet.org", "www.oculus.com", "www.wit.ai", "www.facebook-dns.com", "www.instagram.com", "www.meta.com", "www.external-disputes.meta.com", "www.fbe2e.com", "www.cloud.x2p.facebook.net", "www.secure.latest.facebook.com"],
|
|
"alpn": ["fromMitM"],
|
|
"fingerprint": "chrome"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"tag": "tls-repack-fastly",
|
|
"protocol": "freedom",
|
|
"settings": {"domainStrategy": "ForceIP"},
|
|
"streamSettings": {
|
|
"security": "tls",
|
|
"tlsSettings": {
|
|
"serverName": "www.fastly.com",
|
|
"verifyPeerCertInNames": ["fromMitM", "www.fastly.com", "www.reddit.com", "x.com"],
|
|
"alpn": ["fromMitM"],
|
|
"fingerprint": "chrome"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"tag": "dns-out",
|
|
"protocol": "dns",
|
|
"settings": {"nonIPQuery": "skip", "network": "tcp", "address": "1.1.1.1", "port": 53},
|
|
"streamSettings": {
|
|
"sockopt": {
|
|
"dialerProxy": "chain1-fragment"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"tag": "super-fragment",
|
|
"protocol": "freedom",
|
|
"settings": {
|
|
"fragment": {
|
|
"packets": "tlshello",
|
|
"length": "6",
|
|
"interval": "0"
|
|
}
|
|
},
|
|
"streamSettings": {
|
|
"sockopt": {
|
|
"dialerProxy": "chain1-fragment"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"tag": "chain1-fragment",
|
|
"protocol": "freedom",
|
|
"settings": {
|
|
"fragment": {
|
|
"packets": "1-3",
|
|
"length": "517",
|
|
"interval": "1"
|
|
}
|
|
},
|
|
"streamSettings": {
|
|
"sockopt": {
|
|
"dialerProxy": "chain2-fragment"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"tag": "chain2-fragment",
|
|
"protocol": "freedom",
|
|
"settings": {
|
|
"domainStrategy": "ForceIP",
|
|
"fragment": {
|
|
"packets": "1-1",
|
|
"length": "1",
|
|
"interval": "2"
|
|
}
|
|
},
|
|
"streamSettings": {
|
|
"sockopt": {
|
|
"tcpNoDelay": true
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"tag": "udp-noises",
|
|
"protocol": "freedom",
|
|
"settings": {
|
|
"domainStrategy": "ForceIP",
|
|
"noises": [
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
|
|
{"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "10"}
|
|
]
|
|
}
|
|
}
|
|
],
|
|
|
|
"routing": {
|
|
"domainStrategy": "IPOnDemand",
|
|
"rules": [
|
|
{"outboundTag": "dns-out",
|
|
"inboundTag": ["dns-in"]
|
|
},
|
|
{"outboundTag": "dns-out",
|
|
"inboundTag": ["socks-in"], "port": 53
|
|
},
|
|
{"outboundTag": "tls-repack-dns",
|
|
"inboundTag": ["dns-query"]
|
|
},
|
|
{"outboundTag": "block",
|
|
"domain": ["geosite:category-ads-all"]
|
|
},
|
|
{"outboundTag": "block",
|
|
"ip": ["10.10.34.0/24", "2001:4188:2:600:10:10:34:36", "2001:4188:2:600:10:10:34:35"]
|
|
},
|
|
{"outboundTag": "direct",
|
|
"domain": ["geosite:private", "geosite:category-ir"]
|
|
},
|
|
{"outboundTag": "direct",
|
|
"ip": ["geoip:private", "geoip:ir"]
|
|
},
|
|
{"outboundTag": "chain1-fragment", // or "super-fragment"
|
|
"inboundTag": ["socks-in"],
|
|
"network": "tcp",
|
|
"ip": ["geoip:cloudflare", "geoip:cloudfront"]
|
|
},
|
|
{
|
|
"outboundTag": "redirect-out-h11",
|
|
"inboundTag": ["socks-in"],
|
|
"network": "tcp",
|
|
"protocol": ["tls"],
|
|
"port": 443,
|
|
"domain": ["domain:googlevideo.com"]
|
|
},
|
|
{
|
|
"outboundTag": "redirect-out-h211",
|
|
"inboundTag": ["socks-in"],
|
|
"network": "tcp",
|
|
"protocol": ["tls"],
|
|
"port": 443,
|
|
"domain": ["geosite:youtube", "geosite:x", "geosite:reddit", "geosite:meta"]
|
|
},
|
|
{"outboundTag": "tls-repack-google",
|
|
"domain": ["geosite:youtube", "domain:googlevideo.com"],
|
|
"inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
|
|
},
|
|
{"outboundTag": "tls-repack-meta",
|
|
"domain": ["geosite:meta"],
|
|
"inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
|
|
},
|
|
{"outboundTag": "tls-repack-fastly",
|
|
"domain": ["geosite:x", "geosite:reddit"],
|
|
"inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
|
|
},
|
|
{"outboundTag": "udp-noises",
|
|
"network": "udp"
|
|
},
|
|
{"outboundTag": "chain1-fragment", // or "super-fragment"
|
|
"network": "tcp"
|
|
}
|
|
]
|
|
}
|
|
}
|