github/v2ray-examples
1
0
Fork 0
mirror of https://github.com/v2fly/v2ray-examples.git synced 2025-04-02 00:59:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/v2fly/v2ray-examples into v2fly-master

Browse Source
This commit is contained in:
touamano 2021-09-01 10:54:35 +08:00
commit c9de6ce437
59 changed files with 957 additions and 1673 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -21,6 +21,7 @@
### 举例
<!-- 此处 yaml 仅用作语法高亮,实际内容为 json -->
```yaml
{
"log": {
@ -34,6 +35,7 @@
### 客户端
<!-- 此处 yaml 仅用作语法高亮,实际内容为 json -->
```yaml
{
"log": {
@ -70,8 +72,6 @@
{
"users": [
{
"alterId": 4,
"security": "aes-128-gcm",
"id": ""
}
],
@ -91,6 +91,7 @@
### 服务端
<!-- 此处 yaml 仅用作语法高亮,实际内容为 json -->
```yaml
{
"log": {
@ -116,7 +117,6 @@
"clients": [
{
"id": "",
"alterId": 4
}
]
}
@ -124,7 +124,7 @@
],
"outbounds": [
{
"protocol": "freedom",
"protocol": "freedom"
},
{
"protocol": "blackhole",

88
ShadowSocks-Relay/config_client.json
View File

@ -1,88 +0,0 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "",
"port": 0,
"method": "",
"password": ""
}
]
},
"streamSettings": {},
"mux": {
"enabled": false
},
"proxySettings": {
"tag": "out"
}
},
{
"tag": "out",
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "",
"port": 0,
"method": "",
"password": ""
}
]
},
"mux": {
"enabled": false
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct"
}
]
}
}

57
Shadowsocks-TCP/client.json Normal file
View File

@ -0,0 +1,57 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": "1080",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
}
},
{
"listen": "127.0.0.1",
"port": "1081",
"protocol": "http"
}
],
"outbounds": [
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "{{ host }}",
"port": 1234,
"method": "chacha20-ietf-poly1305",
"password": "{{ password}}"
}
]
},
"streamSettings": {
"network": "tcp"
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
}
]
}

41
Shadowsocks-TCP/server.json Normal file
View File

@ -0,0 +1,41 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 1234,
"protocol": "shadowsocks",
"settings": {
"method": "chacha20-ietf-poly1305",
"password": "{{ password }}"
},
"streamSettings": {
"network": "tcp"
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

84
Shadowsocks-Websocket-Web-TLS/README - zh-CN.md
View File

@ -1,42 +1,42 @@
# 这是一个使用 V2Ray 作为 ss + v2ray plugin 服务端的示例
> 完整的设置还需要一个web服务器解密TLS后将请求转发给后端的v2ray位于127.0.0.1:10000。由于 https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE 已经有了服务器的设置这里不再赘述可以按需参考白话文教程里的web服务器设置。
**config_server_redirect.json 和 config_server_domainsocket.json 选其一**
如果使用domain socket需要修改/etc/systemd/system/v2ray.service
在[Service]部分添加
```
RuntimeDirectory=ss-loop
```
'ss-loop'对应config.json里的"dsSettings"部分的path里的文件夹"/var/run/ss-loop"
修改完成后需要执行
```
systemctl disable v2ray.service
systemctl enable v2ray.service
```
否则由于fhs脚本使用的nobody用户的权限不够无法在/var/run里新建文件夹'ss-loop'而导致启动失败。
## 客户端配置示意
**你应该按照服务端的设置修改对应的参数**
### shadowsocks windows 客户端关键部分示例如下:
```
Server IP: example.com
Server Port: 443
Passowrd: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin Options: tls;mode=websocket;path=/michi;host=example.com
```
### shadowsocks Android plugin 关键部分示例如下:
**需安装 shadowsocks 和 v2ray plugin并搭配一同使用**
```
Plugin: v2ray
Configure:
Transport mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent connections: 1
Certificate for TLS verification: Not set
```
# 这是一个使用 V2Ray 作为 ss + v2ray plugin 服务端的示例
> 完整的设置还需要一个web服务器解密TLS后将请求转发给后端的v2ray位于127.0.0.1:10000。由于 https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE 已经有了服务器的设置这里不再赘述可以按需参考白话文教程里的web服务器设置。
**config_server_redirect.json 和 config_server_domainsocket.json 选其一**
如果使用domain socket需要修改/etc/systemd/system/v2ray.service
在[Service]部分添加
```
RuntimeDirectory=ss-loop
```
'ss-loop'对应config.json里的"dsSettings"部分的path里的文件夹"/var/run/ss-loop"
修改完成后需要执行
```
systemctl disable v2ray.service
systemctl enable v2ray.service
```
否则由于fhs脚本使用的nobody用户的权限不够无法在/var/run里新建文件夹'ss-loop'而导致启动失败。
## 客户端配置示意
**你应该按照服务端的设置修改对应的参数**
### shadowsocks windows 客户端关键部分示例如下:
```
Server IP: example.com
Server Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin Options: tls;mode=websocket;path=/michi;host=example.com
```
### shadowsocks Android plugin 关键部分示例如下:
**需安装 shadowsocks 和 v2ray plugin并搭配一同使用**
```
Plugin: v2ray
Configuration:
Transport mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent connections: 1
Certificate for TLS verification: Not set
```

90
Shadowsocks-Websocket-Web-TLS/README.md
View File

@ -1,45 +1,45 @@
# This is the server config.json example to utilizing V2ray as the server for Shadowsocks + V2Ray Plugin
> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server at 127.0.0.1:10000.
> You can find the web server example at https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration
中文用户请看 Readme - zh-CN. md
**Choose either one of config_server_redirect.json and config_server_domainsocket.json**
If you choose to use config_server_domainsocket.json remember to modify the systemd service file @ /etc/systemd/system/v2ray.service.
Add the following line to the block starting with [Service]
```
RuntimeDirectory=ss-loop
```
'ss-loop' corresponds to the "/var/run/ss-loop" folder in the "dsSettings" part of the config.json.
Execute the following commands to re-enable the v2ray.service.
```
systemctl disable v2ray.service
systemctl enable v2ray.service
```
Since nobody user does not have the right permission to create the 'ss-loop' folder in /var/run.
## Client configuration examples
**You should change the parameters according to your server configs**
### shadowsocks windows client configuration examples
```
Server IP: example.com
Server Port: 443
Passowrd: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin Options: tls;mode=websocket;path=/michi;host=example.com
```
### shadowsocks Android plugin configuration examples
> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store.
```
Plugin: v2ray
Configure...:
Transport mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent connections: 1
Certificate for TLS verification: Not set
```
# This is the server config.json example to utilizing V2ray as the server for Shadowsocks + V2Ray Plugin
> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server at 127.0.0.1:10000.
> You can find the web server example at https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration
中文用户请看 Readme - zh-CN. md
**Choose either one of config_server_redirect.json and config_server_domainsocket.json**
If you choose to use config_server_domainsocket.json remember to modify the systemd service file @ /etc/systemd/system/v2ray.service.
Add the following line to the block starting with [Service]
```
RuntimeDirectory=ss-loop
```
'ss-loop' corresponds to the "/var/run/ss-loop" folder in the "dsSettings" part of the config.json.
Execute the following commands to re-enable the v2ray.service.
```
systemctl disable v2ray.service
systemctl enable v2ray.service
```
Since nobody user does not have the right permission to create the 'ss-loop' folder in /var/run.
## Client configuration examples
**You should change the parameters according to your server configs**
### shadowsocks windows client configuration examples
```
Server IP: example.com
Server Port: 443
Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
Encryption: chacha20-ietf-poly1305
Plugin Program: pathToYourV2ray-plugin_windows_arch.exe
Plugin Options: tls;mode=websocket;path=/michi;host=example.com
```
### shadowsocks Android plugin configuration examples
> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store.
```
Plugin: v2ray
Configuration:
Transport mode: websocket-tls
Hostname: example.com
Path: /michi
Concurrent connections: 1
Certificate for TLS verification: Not set
```

166
Shadowsocks-Websocket-Web-TLS/config_server_domainsocket.json
View File

@ -1,83 +1,83 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"inboundTag": "wsdoko",
"outboundTag": "ssmux"
},
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
}
]
},
"inbounds": [
{
"port": 10000,
"listen": "127.0.0.1",
"protocol": "dokodemo-door",
"tag": "wsdoko",
"settings": {
"address": "v1.mux.cool",
"followRedirect": false,
"network": "tcp, udp"
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/michi"
}
}
},
{
"port": 9000,
"protocol": "shadowsocks",
"settings": {
"method": "chacha20-ietf-poly1305",
"ota": false,
"password": "ifYouWantToKeepYourPassphraseSafeChangeThis!!",
"network": "tcp,udp"
},
"streamSettings": {
"network": "domainsocket"
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
},
{
"protocol": "freedom",
"tag": "ssmux",
"streamSettings": {
"network": "domainsocket"
}
}
],
"dsSettings": {
"path": "/var/run/ss-loop/ss-loop.sock"
}
}
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"inboundTag": "wsdoko",
"outboundTag": "ssmux"
},
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
}
]
},
"inbounds": [
{
"port": 10000,
"listen": "127.0.0.1",
"protocol": "dokodemo-door",
"tag": "wsdoko",
"settings": {
"address": "v1.mux.cool",
"followRedirect": false,
"network": "tcp, udp"
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/michi"
}
}
},
{
"port": 9000,
"protocol": "shadowsocks",
"settings": {
"method": "chacha20-ietf-poly1305",
"ota": false,
"password": "ifYouWantToKeepYourPassphraseSafeChangeThis!!",
"network": "tcp,udp"
},
"streamSettings": {
"network": "domainsocket"
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
},
{
"protocol": "freedom",
"tag": "ssmux",
"streamSettings": {
"network": "domainsocket"
}
}
],
"dsSettings": {
"path": "/var/run/ss-loop/ss-loop.sock"
}
}

154
Shadowsocks-Websocket-Web-TLS/config_server_redirect.json
View File

@ -1,77 +1,77 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"inboundTag": "wsdoko",
"outboundTag": "ssredirect"
},
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
}
]
},
"inbounds": [
{
"port": 10000,
"listen": "127.0.0.1",
"protocol": "dokodemo-door",
"tag": "wsdoko",
"settings": {
"address": "v1.mux.cool",
"followRedirect": false,
"network": "tcp, udp"
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/michi"
}
}
},
{
"port": 9000,
"protocol": "shadowsocks",
"settings": {
"method": "chacha20-ietf-poly1305",
"ota": false,
"password": "ifYouWantToKeepYourPassphraseSafeChangeThis!!",
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
},
{
"protocol": "freedom",
"tag": "ssredirect",
"settings": {
"redirect": "127.0.0.1:9000"
}
}
]
}
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"inboundTag": "wsdoko",
"outboundTag": "ssredirect"
},
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
}
]
},
"inbounds": [
{
"port": 10000,
"listen": "127.0.0.1",
"protocol": "dokodemo-door",
"tag": "wsdoko",
"settings": {
"address": "v1.mux.cool",
"followRedirect": false,
"network": "tcp, udp"
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/michi"
}
}
},
{
"port": 9000,
"protocol": "shadowsocks",
"settings": {
"method": "chacha20-ietf-poly1305",
"ota": false,
"password": "ifYouWantToKeepYourPassphraseSafeChangeThis!!",
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
},
{
"protocol": "freedom",
"tag": "ssredirect",
"settings": {
"redirect": "127.0.0.1:9000"
}
}
]
}

76
Socks5-TLS/README.md Normal file
View File

@ -0,0 +1,76 @@
## 关于 SOCKS5 over TLS 方案的安全提示
该配置组合应仅供技术研究/参考使用,因为 **SOCKS5 over TLS 几乎不提供隐密性保证,可被简单地主动探测**
### 探测方式
对任意未知 TLS 业务,若怀疑其为 SOCKS5/TLS 业务,审查者可向该端口建立一个 TLS 连接并在其上传送 SOCKS5 载荷。
若该服务对 SOCKS5 请求做出响应,无论是否设置 SOCKS5 的鉴权机制,审查者均可通过回包内容一次准确判断该业务是否为 SOCKS5 / TLS。
来自 [@studentmain](https://github.com/studentmain) 的两个典型样例对话:
```
-> 05 01 01
<- 05 ff
```
```
-> 05 02 00 02
<- 05 00 / 05 02
```
### 参考资料
[RFC1928](https://tools.ietf.org/html/rfc1928) 节录如下:
```
The client connects to the server, and sends a version
identifier/method selection message:
+----+----------+----------+
|VER | NMETHODS | METHODS |
+----+----------+----------+
| 1 | 1 | 1 to 255 |
+----+----------+----------+
The VER field is set to X'05' for this version of the protocol. The
NMETHODS field contains the number of method identifier octets that
appear in the METHODS field.
The server selects from one of the methods given in METHODS, and
sends a METHOD selection message:
+----+--------+
|VER | METHOD |
+----+--------+
| 1 | 1 |
+----+--------+
If the selected METHOD is X'FF', none of the methods listed by the
client are acceptable, and the client MUST close the connection.
The values currently defined for METHOD are:
o X'00' NO AUTHENTICATION REQUIRED
o X'01' GSSAPI
o X'02' USERNAME/PASSWORD
o X'03' to X'7F' IANA ASSIGNED
o X'80' to X'FE' RESERVED FOR PRIVATE METHODS
o X'FF' NO ACCEPTABLE METHODS
```
[RFC1929](https://tools.ietf.org/html/rfc1929) 节录如下:
```
The server verifies the supplied UNAME and PASSWD, and sends the
following response:
+----+--------+
|VER | STATUS |
+----+--------+
| 1 | 1 |
+----+--------+
A STATUS field of X'00' indicates success. If the server returns a
`failure' (STATUS value other than X'00') status, it MUST close the
connection.
```

7
Socks5-TLS/config_client.json
View File

@ -10,7 +10,7 @@
"ip": [
"geoip:private"
],
"tag": "direct"
"outboundTag": "direct"
}
]
},
@ -35,7 +35,7 @@
{
"protocol": "socks",
"settings": {
"server": [
"servers": [
{
"address": "",
"port": 1234,
@ -52,8 +52,7 @@
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "example.domain",
"allowInsecure": false
"serverName": "example.domain"
}
},
"tag": "proxy"

33
Trojan-TCP-TLS (minimal)/config_client.json Normal file
View File

@ -0,0 +1,33 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 10800,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "trojan",
"settings": {
"servers": [
{
"address": "example.com",
"port": 443,
"password": "your password"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls"
}
}
]
}

39
Trojan-TCP-TLS (minimal)/config_server.json Normal file
View File

@ -0,0 +1,39 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 443,
"protocol": "trojan",
"settings": {
"clients": [
{
"password":"your password",
"email": "love@v2fly.org"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "/path/to/fullchain.crt",
"keyFile": "/path/to/private.key"
}
]
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}

3
VLESS-H2C-Caddy2/client.json
View File

@ -25,7 +25,8 @@
"port":443,
"users":[
{
"id":""
"id":"",
"encryption":"none"
}
]
}

3
VLESS-H2C-Caddy2/server.json
View File

@ -13,7 +13,8 @@
"id": "",
"email": "love@v2fly.org"
}
]
],
"decryption": "none"
},
"streamSettings": {
"security": "none",

4
VLESS-TCP-TLS (maximal by rprx)/README.md
View File

@ -1,6 +1,6 @@
# VLESS + TCP + TLS + 回落(最强配置)
# VLESS over TCP with TLS + 回落(建站配置)
你应当先了解 [最简配置](<https://github.com/v2fly/v2ray-examples/tree/master/VLESS-TCP-TLS%20(minimal%20by%20rprx)>),若你有进阶需求如同时建站等,可以参考此配置
你应当先了解 [最简配置](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>) 等其它配置,若你有同时建站的需求,可以参考并结合此配置
此配置含 VLESS 回落高级用法:

2
VLESS-TCP-TLS (maximal by rprx)/config_server.json
View File

@ -22,7 +22,7 @@
},
{
"alpn": "h2",
"dest": "/dev/shm/h2.sock",
"dest": "/dev/shm/h2c.sock",
"xver": 1
}
]

23
VLESS-TCP-TLS (maximal by rprx)/nginx.conf
View File

@ -45,28 +45,7 @@ http {
server {
listen unix:/dev/shm/default.sock proxy_protocol;
server_name _;
root /usr/share/nginx/html;
set_real_ip_from 127.0.0.1;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen unix:/dev/shm/h2.sock http2 proxy_protocol;
listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
server_name _;
root /usr/share/nginx/html;

8
VLESS-TCP-TLS (minimal by rprx)/README.md
View File

@ -1,8 +1,8 @@
# VLESS + TCP + TLS + 回落(最简配置)
# VLESS over TCP with TLS + 回落(最简配置)
你需要有一个解析到服务器 IP 的域名,并且申请了证书,比如 let's encrypt
你还需要一个 Nginx
你还需要一个 Nginx(或者 Caddy 等任一 Web 服务器)
1. 用系统自带的包管理器安装 nginx具体方法请 Google
2. nginx 的默认配置就是监听 80 端口,无需修改
@ -11,3 +11,7 @@
5. 执行 `systemctl start nginx` 启动 nginx
若服务器开启了防火墙或 VPS 有安全组,记得放行 TCP/80、443 端口
---
接下来,你可以了解 [建站配置](<../VLESS-TCP-TLS%20(maximal%20by%20rprx)>)(回落高级用法)、尝试 [进阶配置](<../VLESS-TCP-TLS-WS%20(recommended)>)(分流 to WebSocket

9
VLESS-TCP-TLS-WS (recommended)/README.md Normal file
View File

@ -0,0 +1,9 @@
# VLESS over TCP with TLS + 回落 & 分流 to WebSocket进阶配置
这里是 [最简配置](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>) 的超集,利用 VLESS 强大的回落分流特性,实现了 443 端口 VLESS over TCP with TLS 和任意 WSS 的完美共存
该配置供参考,你可以将 WS 上的 VLESS 换成 VMess 等其它任何协议,以及设置更多 PATH、协议共存都可以做到
部署后,你可以同时通过 VLESS over TCP with TLS 和任意 WebSocket with TLS 方式连接到服务器,其中后者都可以通过 CDN
经实测VLESS 回落分流 WS 比 Nginx 反代 WS 性能更强,传统的 VMess + WSS 方案完全可以迁移过来,且不失兼容

42
VLESS-TCP-TLS-WS (recommended)/config_client_tcp_tls.json Normal file
View File

@ -0,0 +1,42 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 10800,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "example.com", // IP
"port": 443,
"users": [
{
"id": "", // UUID
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "example.com" //
}
}
}
]
}

45
VLESS-TCP-TLS-WS (recommended)/config_client_ws_tls.json Normal file
View File

@ -0,0 +1,45 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 10800,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "example.com", // IP
"port": 443,
"users": [
{
"id": "", // UUID
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"serverName": "example.com" //
},
"wsSettings": {
"path": "/websocket" // PATH
}
}
}
]
}

74
VLESS-TCP-TLS-WS (recommended)/config_server.json Normal file
View File

@ -0,0 +1,74 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // UUID
"level": 0,
"email": "love@v2fly.org"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 80
},
{
"path": "/websocket", // PATH
"dest": 1234,
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "/path/to/fullchain.crt", //
"keyFile": "/path/to/private.key" //
}
]
}
}
},
{
"port": 1234,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // UUID
"level": 0,
"email": "love@v2fly.org"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true, // Nginx/Caddy WS
"path": "/websocket" // PATH
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}

2
VLESS-TCP-TLS-proxy protocol/config_client.json
View File

@ -65,7 +65,7 @@
"ip": [
"geoip:private"
],
"tag": "direct"
"outboundTag": "direct"
}
]
}

24
VLESS-TCP-TLS-proxy protocol/nginx.conf
View File

@ -37,30 +37,14 @@ http {
server {
listen 127.0.0.1:8001 proxy_protocol;
server_name yourserver_8001.com;
set_real_ip_from 192.168.1.0/24;
charset utf-8;
access_log logs/yourserver_8001.access.log proxy;
location / {
root /var/www/html;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
}
server {
listen 127.0.0.1:8002 http2 proxy_protocol;
server_name yourserver_8002.com;
server_name yourserver.com;
set_real_ip_from 127.0.0.1;
charset utf-8;
access_log logs/yourserver_8002.access.log proxy;
access_log logs/yourserver.access.log proxy;
location / {
root /var/www/html;

6
VLESS-TCP-TLS/config_client.json
View File

@ -27,7 +27,7 @@
{
"address": "1.2.3.4",
"port": 443,
"user": [
"users": [
{
"id": "",
"encryption": "none",
@ -65,8 +65,8 @@
"ip": [
"geoip:private"
],
"tag": "direct"
"outboundTag": "direct"
}
]
}
}
}

20
VLESS-TCP-TLS/nginx.conf
View File

@ -34,28 +34,12 @@ http {
server {
listen 127.0.0.1:8001;
server_name yourserver_8001.com;
charset utf-8;
access_log logs/yourserver_8001.access.log main;
location / {
root /var/www/html;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
}
server {
listen 127.0.0.1:8002 http2;
server_name yourserver_8002.com;
server_name yourserver.com;
charset utf-8;
access_log logs/yourserver_8002.access.log main;
access_log logs/yourserver.access.log main;
location / {
root /var/www/html;

6
VLESS-TCP/config_client.json
View File

@ -27,7 +27,7 @@
{
"address": "1.2.3.4",
"port": 1234,
"user": [
"users": [
{
"id": "",
"encryption": "none",
@ -55,8 +55,8 @@
"ip": [
"geoip:private"
],
"tag": "direct"
"outboundTag": "direct"
}
]
}
}
}

47
VLESS-gRPC-TLS/config_client.json Normal file
View File

@ -0,0 +1,47 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": "1080",
"protocol": "socks",
"settings": {
"auth": "noauth"
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "your_server_ip",
"port": 443,
"users": [
{
"id": "",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "gun",
"security": "tls",
"tlsSettings": {
"serverName": "your_domain",
"alpn": [
"h2"
]
},
"grpcSettings": {
"serviceName": "GunService"
}
}
}
]
}

46
VLESS-gRPC-TLS/config_server.json Normal file
View File

@ -0,0 +1,46 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "",
"email": "love@v2fly.org"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "gun",
"security": "tls",
"tlsSettings": {
"serverName": "your_domain",
"alpn": [
"h2"
],
"certificates": [
{
"certificateFile": "/path/to/fullchain.crt",
"keyFile": "/path/to/private.key"
}
]
},
"grpcSettings": {
"serviceName": "GunService"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
}
]
}

40
VLESS-mKCPSeed/config_client.json Normal file
View File

@ -0,0 +1,40 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "{{ host }}",
"port": "{{ port }}",
"users": [
{
"id": "{{ uuid }}",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "kcp",
"kcpSettings": {
"seed": "{{ seed }}"
}
}
}
]
}

30
VLESS-mKCPSeed/config_server.json Normal file
View File

@ -0,0 +1,30 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"protocol": "vless",
"port": "{{ port }}",
"settings": {
"decryption":"none",
"clients": [
{
"id": "{{ id }}"
}
]
},
"streamSettings": {
"network": "kcp",
"kcpSettings": {
"seed": "{{ seed }}"
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}

9
VMess-HTTP/config_client.json
View File

@ -10,7 +10,7 @@
"ip": [
"geoip:private"
],
"tag": "direct"
"outboundTag": "direct"
}
]
},
@ -39,12 +39,9 @@
{
"address": "",
"port": 1234,
"user": [
"users": [
{
"id": "",
"alterId": 4,
"security": "auto",
"testsEnabled": "VMessAEAD"
"id": ""
}
]
}

6
VMess-HTTP/config_server.json
View File

@ -22,11 +22,9 @@
"settings": {
"clients": [
{
"id": "",
"alterId": 4
"id": ""
}
],
"disableInsecureEncryption": true
]
},
"streamSettings": {
"network": "tcp",

11
VMess-HTTP2/Caddy/Caddyfile
View File

@ -1,11 +0,0 @@
https://example.domain {
tls kiri_so@outlook.com
root /var/www/
proxy /test https://127.0.0.1:8443 {
header_upstream Host "example.domain"
header_upstream X-Forwarded-Proto "https"
insecure_skip_verify
}
}

111
VMess-HTTP2/Caddy/config_client.json
View File

@ -1,111 +0,0 @@
{
"outbound": {
"streamSettings": {
"network": "h2",
"kcpSettings": null,
"httpSettings": {
"host": [
"example.domain"
],
"path": "/test"
},
"tcpSettings": null,
"tlsSettings": {},
"security": "tls"
},
"tag": "agentout",
"protocol": "vmess",
"mux": {
"enabled": true
},
"settings": {
"vnext": [
{
"users": [
{
"alterId": 100,
"security": "aes-128-gcm",
"id": "0cdf8a45-303d-4fed-9780-29aa7f54175e"
}
],
"port": 443,
"address": "example.domain"
}
]
}
},
"log": {
"access": "",
"loglevel": "info",
"error": ""
},
"outboundDetour": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"response": null
}
},
{
"tag": "blockout",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
}
],
"inbound": {
"streamSettings": null,
"settings": {
"ip": "127.0.0.1",
"udp": true,
"clients": null,
"auth": "noauth"
},
"protocol": "socks",
"port": 1080,
"listen": "0.0.0.0"
},
"inboundDetour": null,
"routing": {
"settings": {
"rules": [
{
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"domain": null,
"type": "field",
"port": null,
"outboundTag": "direct"
}
],
"domainStrategy": "IPIfNonMatch"
},
"strategy": "rules"
},
"dns": {
"servers": [
"8.8.8.8",
"8.8.4.4",
"localhost"
]
}
}

91
VMess-HTTP2/Caddy/config_server.json
View File

@ -1,91 +0,0 @@
{
"outbound": {
"streamSettings": null,
"tag": null,
"protocol": "freedom",
"mux": null,
"settings": null
},
"log": {
"access": "/var/log/v2ray/access.log",
"loglevel": "error",
"error": "/var/log/v2ray/error.log"
},
"inboundDetour": null,
"inbound": {
"streamSettings": {
"network": "h2",
"kcpSettings": null,
"httpSettings": {
"host": [
"example.domain"
],
"path": "/test"
},
"tcpSettings": null,
"tlsSettings": {
"certificates": [
{
"keyFile": "/path/to/example.domain.key",
"certificateFile": "/path/to/example.domain/fullchain.cer"
}
]
},
"security": "tls"
},
"listen": null,
"protocol": "vmess",
"port": 8443,
"settings": {
"ip": null,
"udp": true,
"clients": [
{
"alterId": 100,
"security": "aes-128-gcm",
"id": "0cdf8a45-303d-4fed-9780-29aa7f54175e"
}
],
"auth": null
}
},
"outboundDetour": [
{
"tag": "blocked",
"protocol": "blackhole",
"settings": null
}
],
"routing": {
"strategy": "rules",
"settings": {
"rules": [
{
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"domain": null,
"type": "field",
"port": null,
"outboundTag": "blocked"
}
],
"domainStrategy": null
}
},
"dns": null
}

17
VMess-HTTP2/config_client.json
View File

@ -10,7 +10,7 @@
"ip": [
"geoip:private"
],
"tag": "direct"
"outboundTag": "direct"
}
]
},
@ -39,10 +39,9 @@
{
"address": "",
"port": 1234,
"user": [
"users": [
{
"id": "",
"alterId": 4,
"security": "none"
}
]
@ -51,17 +50,7 @@
},
"streamSettings": {
"network": "http",
"httpSettings": {
"host": [
"example.domain"
],
"path": ""
},
"security": "tls",
"tlsSettings": {
"serverName": "example.domain",
"allowInsecure": false
}
"security": "tls"
},
"tag": "proxy"
},

12
VMess-HTTP2/config_server.json
View File

@ -22,20 +22,12 @@
"settings": {
"clients": [
{
"id": "",
"alterId": 4
"id": ""
}
],
"disableInsecureEncryption": false
]
},
"streamSettings": {
"network": "http",
"httpSettings": {
"host": [
"example.domain"
],
"path": ""
},
"security": "tls",
"tlsSettings": {
"certificates": [

11
VMess-TCP-TLS/config_client.json
View File

@ -10,7 +10,7 @@
"ip": [
"geoip:private"
],
"tag": "direct"
"outboundTag": "direct"
}
]
},
@ -39,10 +39,9 @@
{
"address": "",
"port": 1234,
"user": [
"users": [
{
"id": "",
"alterId": 4,
"security": "none"
}
]
@ -51,11 +50,7 @@
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "example.domain",
"allowInsecure": false
}
"security": "tls"
},
"tag": "proxy"
},

6
VMess-TCP-TLS/config_server.json
View File

@ -22,11 +22,9 @@
"settings": {
"clients": [
{
"id": "",
"alterId": 4
"id": ""
}
],
"disableInsecureEncryption": false
]
},
"streamSettings": {
"network": "tcp",

9
VMess-TCP/config_client.json
View File

@ -10,7 +10,7 @@
"ip": [
"geoip:private"
],
"tag": "direct"
"outboundTag": "direct"
}
]
},
@ -39,12 +39,9 @@
{
"address": "",
"port": 1234,
"user": [
"users": [
{
"id": "",
"alterId": 4,
"security": "auto",
"testsEnabled": "VMessAEAD"
"id": ""
}
]
}

6
VMess-TCP/config_server.json
View File

@ -22,11 +22,9 @@
"settings": {
"clients": [
{
"id": "",
"alterId": 4
"id": ""
}
],
"disableInsecureEncryption": true
]
},
"streamSettings": {
"network": "tcp"

17
VMess-Websocket-TLS/Caddy-Header/Caddyfile
View File

@ -1,17 +0,0 @@
https://example.domain * {
gzip
tls kiri_so@outlook.com
proxy / https://www.baidu.com
log / stdout "{request}"
rewrite {
if {host} is google.com
to /test
}
proxy /test localhost:1234 {
websocket
without /test
}
}

112
VMess-Websocket-TLS/Caddy-Header/config_client.json
View File

@ -1,112 +0,0 @@
{
"outbound": {
"streamSettings": {
"network": "ws",
"kcpSettings": null,
"wsSettings": {
"headers": {
"host": "google.com"
},
"path": "/"
},
"tcpSettings": null,
"tlsSettings": {},
"security": "tls"
},
"tag": "agentout",
"protocol": "vmess",
"mux": {
"enabled": true,
"concurrency": 8
},
"settings": {
"vnext": [
{
"users": [
{
"alterId": 100,
"security": "aes-128-gcm",
"id": "e2b39869-7e9e-411b-a561-00904419bed9"
}
],
"port": 443,
"address": "example.domain"
}
]
}
},
"log": {
"access": "",
"loglevel": "info",
"error": ""
},
"outboundDetour": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"response": null
}
},
{
"tag": "blockout",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
}
],
"inbound": {
"streamSettings": null,
"settings": {
"ip": "127.0.0.1",
"udp": true,
"clients": null,
"auth": "noauth"
},
"protocol": "socks",
"port": 10086,
"listen": "0.0.0.0"
},
"inboundDetour": null,
"routing": {
"settings": {
"rules": [
{
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"domain": null,
"type": "field",
"port": null,
"outboundTag": "direct"
}
],
"domainStrategy": "IPIfNonMatch"
},
"strategy": "rules"
},
"dns": {
"servers": [
"8.8.8.8",
"8.8.4.4",
"localhost"
]
}
}

89
VMess-Websocket-TLS/Caddy-Header/config_server.json
View File

@ -1,89 +0,0 @@
{
"outbound": {
"streamSettings": null,
"tag": null,
"protocol": "freedom",
"mux": null,
"settings": null
},
"log": {
"access": "/var/log/v2ray/access.log",
"loglevel": "info",
"error": "/var/log/v2ray/error.log"
},
"outboundDetour": [
{
"tag": "direct",
"protocol": "freedom",
"settings": null
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": null
}
],
"inbound": {
"streamSettings": {
"network": "ws",
"kcpSettings": null,
"wsSettings": {
"headers": {
"host": "google.com"
},
"path": "/"
},
"tcpSettings": null,
"tlsSettings": {},
"security": ""
},
"settings": {
"ip": null,
"udp": true,
"clients": [
{
"alterId": 100,
"security": "aes-128-gcm",
"id": "e2b39869-7e9e-411b-a561-00904419bed9"
}
],
"auth": null
},
"protocol": "vmess",
"port": 1234,
"listen": null
},
"inboundDetour": null,
"routing": {
"settings": {
"rules": [
{
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"domain": null,
"type": "field",
"port": null,
"outboundTag": "blocked"
}
],
"domainStrategy": null
},
"strategy": "rules"
},
"dns": null
}

10
VMess-Websocket-TLS/Caddy-Path/Caddyfile
View File

@ -1,10 +0,0 @@
https://example.domain {
root /usr/local/caddy/www/aria2
timeouts none
tls kiri_so@outlook.com
gzip
proxy /test localhost:1234 {
websocket
header_upstream -Origin
}
}

109
VMess-Websocket-TLS/Caddy-Path/config_client.json
View File

@ -1,109 +0,0 @@
{
"outbound": {
"streamSettings": {
"network": "ws",
"kcpSettings": null,
"wsSettings": {
"path": "/test"
},
"tcpSettings": null,
"tlsSettings": {},
"security": "tls"
},
"tag": "agentout",
"protocol": "vmess",
"mux": {
"enabled": true,
"concurrency": 8
},
"settings": {
"vnext": [
{
"users": [
{
"alterId": 100,
"security": "aes-128-gcm",
"id": "e2b39869-7e9e-411b-a561-00904419bed9"
}
],
"port": 443,
"address": "example.domain"
}
]
}
},
"log": {
"access": "",
"loglevel": "info",
"error": ""
},
"outboundDetour": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"response": null
}
},
{
"tag": "blockout",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
}
],
"inbound": {
"streamSettings": null,
"settings": {
"ip": "127.0.0.1",
"udp": true,
"clients": null,
"auth": "noauth"
},
"protocol": "socks",
"port": 10086,
"listen": "0.0.0.0"
},
"inboundDetour": null,
"routing": {
"settings": {
"rules": [
{
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"domain": null,
"type": "field",
"port": null,
"outboundTag": "direct"
}
],
"domainStrategy": "IPIfNonMatch"
},
"strategy": "rules"
},
"dns": {
"servers": [
"8.8.8.8",
"8.8.4.4",
"localhost"
]
}
}

86
VMess-Websocket-TLS/Caddy-Path/config_server.json
View File

@ -1,86 +0,0 @@
{
"outbound": {
"streamSettings": null,
"tag": null,
"protocol": "freedom",
"mux": null,
"settings": null
},
"log": {
"access": "/var/log/v2ray/access.log",
"loglevel": "info",
"error": "/var/log/v2ray/error.log"
},
"outboundDetour": [
{
"tag": "direct",
"protocol": "freedom",
"settings": null
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": null
}
],
"inbound": {
"streamSettings": {
"network": "ws",
"kcpSettings": null,
"wsSettings": {
"path": "/test"
},
"tcpSettings": null,
"tlsSettings": {},
"security": ""
},
"settings": {
"ip": null,
"udp": true,
"clients": [
{
"alterId": 100,
"security": "aes-128-gcm",
"id": "e2b39869-7e9e-411b-a561-00904419bed9"
}
],
"auth": null
},
"protocol": "vmess",
"port": 1234,
"listen": null
},
"inboundDetour": null,
"routing": {
"settings": {
"rules": [
{
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"domain": null,
"type": "field",
"port": null,
"outboundTag": "blocked"
}
],
"domainStrategy": null
},
"strategy": "rules"
},
"dns": null
}

145
VMess-Websocket-TLS/Nginx/config_client.json
View File

@ -1,145 +0,0 @@
{
"outbound": {
"protocol": "freedom",
"settings": {},
"tag": "direct"
},
"inboundDetour": [
{
"port": 1086,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"auth": "noauth",
"timeout": 300,
"udp": true
}
}
],
"outboundDetour": [
{
"mux": {
"concurrency": 6,
"enabled": true
},
"protocol": "vmess",
"settings": {
"vnext": [
{
"users": [
{
"id": "97c0ec9c-dc4e-11e7-9296-cec278b6b50a",
//"level""policy""levels":0,core3.1
"level": 0,
"alterId": 0,
"security": "aes-128-cfb"
}
],
"address": "domain.Name",
"port": 443
}
]
},
"streamSettings": {
"tlsSettings": {
"allowInsecure": false
},
"wsSettings": {
"headers": {
"Host": "domain.Name"
},
"path": "/PATH/"
},
"network": "ws",
"security": "tls"
},
"tag": "proxy"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "block"
}
],
"dns": {
"servers": [
"8.8.8.8",
"8.8.4.4"
]
},
"inbound": {
"port": 1087,
"listen": "127.0.0.1",
"protocol": "http",
"settings": {
"timeout": 300
}
},
// "policy"core3.1
"policy": {
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0,
"connIdle": 150,
"handshake": 4
}
}
},
"routing": {
"settings": {
"rules": [
{
"type": "field",
"domain": [
"geosite:cn"
],
"outboundTag": "direct"
},
{
"type": "field",
"domain": [
"google",
"facebook",
"youtube",
"twitter",
"instagram",
"gmail",
"domain:twimg.com",
"domain:t.co"
],
"outboundTag": "proxy"
},
{
"type": "field",
"ip": [
"8.8.8.8/32",
"8.8.4.4/32",
"91.108.56.0/22",
"91.108.4.0/22",
"109.239.140.0/24",
"149.154.164.0/22",
"91.108.56.0/23",
"67.198.55.0/24",
"149.154.168.0/22",
"149.154.172.0/22"
],
"outboundTag": "proxy"
},
{
"type": "field",
"ip": [
"192.168.0.0/16",
"10.0.0.0/8",
"172.16.0.0/12",
"127.0.0.0/8",
"geoip:cn"
],
"outboundTag": "direct"
}
],
"domainStrategy": "IPIfNonMatch"
},
"strategy": "rules"
}
}

103
VMess-Websocket-TLS/Nginx/config_client_ver4.2.json
View File

@ -1,103 +0,0 @@
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"port": 10086,
"listen": "0.0.0.0",
"tag": "socks-in",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": false
}
},
{
"port": 1087,
"listen": "0.0.0.0",
"tag": "http-in",
"protocol": "http",
"settings": {}
}
],
"outbounds": [
{
"mux": {
"concurrency": 32,
"enabled": true
},
"protocol": "vmess",
"settings": {
"vnext": [
{
"users": [
{
//uuid
"id": "UUID",
"alterId": 64,
"security": "auto"
}
],
//
"address": "domain.Name",
"port": 1234
}
]
},
"streamSettings": {
"tlsSettings": {
"allowInsecure": false
},
"wsSettings": {
"headers": {
"User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.4489.62 Safari/537.36",
//
"Host": "HOST",
"Accept-Encoding": "gzip",
"Pragma": "no-cache"
},
//ws
"path": "/PATH/"
},
"network": "ws",
"security": "tls"
},
"tag": "proxy"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
},
{
"protocol": "freedom",
"settings": {},
"tag": "dicert"
}
],
"routing": {
//
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"domain": [
//host
"domain:domain.Name"
],
"outboundTag": "dicert"
},
{
"type": "field",
"inboundTag": [
"socks-in",
"http-in"
],
"outboundTag": "proxy"
}
]
},
"other": {}
}

84
VMess-Websocket-TLS/Nginx/config_server.json
View File

@ -1,84 +0,0 @@
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
// "debug" "info" "warning" "error" "debug""error" "none" "warning"
"loglevel": "debug"
},
//"policy"core3.1
"policy": {
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0,
"connIdle": 150,
"handshake": 4
}
}
},
"inbound": {
//"0.0.0.0"
"listen": "127.0.0.1",
"port": 10086,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "7f43b638-dc47-11e7-9296-cec278b6b50a",
//"level""policy""levels":0,core3.1
"level": 0,
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"security": "auto",
"wsSettings": {
"path": "/PATH/",
"headers": {
"Host": "domain.Name"
}
}
}
},
"outbound": {
"protocol": "freedom",
"settings": { }
},
"outboundDetour": [
{
"protocol": "blackhole",
"settings": { },
"tag": "blocked"
}
],
"routing": {
"strategy": "rules",
"settings": {
"rules": [
{
"type": "field",
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"outboundTag": "blocked"
}
]
}
}
}

54
VMess-Websocket-TLS/Nginx/config_server_ver4.2.json
View File

@ -1,54 +0,0 @@
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"port": 10086,
"listen": "127.0.0.1",
"tag": "vmess-in",
"protocol": "vmess",
"settings": {
"clients": [
{
//UUID
"id": "UUID",
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
//ws
"path": "/PATH/",
"headers": { }
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": { },
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": { },
"tag": "blocked"
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"inboundTag": [
"vmess-in"
],
"outboundTag": "direct"
}
]
}
}

131
VMess-Websocket-TLS/Nginx/nginx_Domain.Name.conf
View File

@ -1,131 +0,0 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
#####本配置使用正常环境 debian9_x64 nginx_1.10.3 openssl_1.1.0f v2ray_4.2
#####兼容客户端Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, and Java 8
#####注:切勿修改<nginx.conf>中的内容,但<该文件>与<nginx.conf>中的<参数重叠>那么会<遵从前者>
server {
# 禁用不需要的请求方式 以下只允许 get、post
if ($request_method !~ ^(POST|GET)$) {
return 444;
}
listen 127.0.0.1:80;
server_name domain.Name; #注:填写自己的域名
return 301 https://$host/;
}
upstream v2ray {
server 127.0.0.1:10086; #注v2ray后端监听地址、端口
keepalive 2176; # 链接池空闲链接数
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
#要开启 HTTP/2 注意nginx版本
#可以使用 nginx -V 检查
listen 127.0.0.1:443 ssl http2 backlog=1024 so_keepalive=120s:60s:10 reuseport; # backlog是nginx 监听队列 默认是511 使用命令 ss -tnl查看(Send-Q);
#设置编码
charset utf-8;
#证书配置
ssl_certificate PATH; #注:填写自己证书路径
ssl_certificate_key PATH; #注:填写密钥路径
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
ssl_protocols TLSv1.2;
#openssl ciphers
#注:懒人配置 https://mozilla.github.io/server-side-tls/ssl-config-generator/
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
#安全设定
#屏蔽请求类型
if ($request_method !~ ^(POST|GET)$) {
return 444;
}
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
###测试前请使用较少的时间
### https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
add_header Strict-Transport-Security max-age=15 always;
#openssl dhparam -out dhparam.pem 2048
#openssl dhparam -out dhparam.pem 4096
#ssl_dhparam /home/dhparam.pem;
#ssl_ecdh_curve secp384r1;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
#ssl_stapling on;
#ssl_stapling_verify on;
#resolver_timeout 10s;
#resolver [去掉括号并将文字改成你希望的dns服务器ip地址] valid=300s;
#范例 resolver 2.2.2.2 valid=300s;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.php ;
server_name domain.Name; #注: 将domain.Name 替换成你的域名
location /GLMzpX/ { #注:修改路径
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; #此处与<map>对应
proxy_set_header Host $http_host;
# 向后端传递访客ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_requests 25600;
keepalive_timeout 300 300;
proxy_buffering off;
proxy_buffer_size 8k;
#后端错误重定向
proxy_intercept_errors on;
error_page 400 = URL; # url是一个网站地址。例如:https://www.xxxx.com/
if ($http_host = "domain.Name" ) { #注: 修改 domain.Name 为自己的域名
#v2ray 后端 查看上面"upstream"字段
proxy_pass http://v2ray;
}
}
}

17
VMess-Websocket-TLS/config_client.json
View File

@ -10,7 +10,7 @@
"ip": [
"geoip:private"
],
"tag": "direct"
"outboundTag": "direct"
}
]
},
@ -39,10 +39,9 @@
{
"address": "",
"port": 1234,
"user": [
"users": [
{
"id": "",
"alterId": 4,
"security": "none"
}
]
@ -51,17 +50,7 @@
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "",
"headers": {
"Host": "example.domain"
}
},
"security": "tls",
"tlsSettings": {
"serverName": "example.domain",
"allowInsecure": false
}
"security": "tls"
},
"tag": "proxy"
},

12
VMess-Websocket-TLS/config_server.json
View File

@ -22,20 +22,12 @@
"settings": {
"clients": [
{
"id": "",
"alterId": 4
"id": ""
}
],
"disableInsecureEncryption": false
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "",
"headers": {
"Host": "example.domain"
}
},
"security": "tls",
"tlsSettings": {
"certificates": [

17
VMess-Websocket/config_client.json
View File

@ -10,7 +10,7 @@
"ip": [
"geoip:private"
],
"tag": "direct"
"outboundTag": "direct"
}
]
},
@ -39,25 +39,16 @@
{
"address": "",
"port": 1234,
"user": [
"users": [
{
"id": "",
"alterId": 4,
"security": "auto",
"testsEnabled": "VMessAEAD"
"id": ""
}
]
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "",
"headers": {
"Host": ""
}
}
"network": "ws"
},
"tag": "proxy"
},

12
VMess-Websocket/config_server.json
View File

@ -22,20 +22,12 @@
"settings": {
"clients": [
{
"id": "",
"alterId": 4
"id": ""
}
],
"disableInsecureEncryption": true
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "",
"headers": {
"Host": ""
}
},
"security": "none"
}
}

39
VMess-mKCPSeed/config_client.json Normal file
View File

@ -0,0 +1,39 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "{{ host }}",
"port": "{{ port }}",
"users": [
{
"id": "{{ uuid }}"
}
]
}
]
},
"streamSettings": {
"network": "kcp",
"kcpSettings": {
"seed": "{{ seed }}"
}
}
}
]
}

27
VMess-mKCPSeed/config_server.json Normal file
View File

@ -0,0 +1,27 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"protocol": "vmess",
"port": "{{ port }}",
"settings": {
"clients": [
{
"id": "{{ uuid }}"
}
]
},
"streamSettings": {
"network": "kcp",
"kcpSettings": {
"seed": "{{ seed }}"
}
}
}
],
"outbounds": [
{"protocol": "freedom"}
]
}