add VLESS-TCP-XTLS-WS (#63)

* add VLESS-TCP-XTLS-WS

add reverse proxy examples

add VLESS-TCP-XTLS-WS

* Update README.md

fix typo

update

移除 client、bridge 配置中的 "allowInsecure": true
默认注释 portal.json 中仅转发内网流量的配置
update readme.md
This commit is contained in:
N1klaz 2022-07-02 22:33:14 +08:00 committed by GitHub
parent 7d3abd2153
commit 93377a4ac5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 543 additions and 9 deletions

View file

@ -1,10 +1,10 @@
# 反向代理
# 原理
Xray Client <--- VMESS/SS ---> Xray Protal(需要公网 IP) <--- VMESS/SS ---> Xray Bridge
Xray Client <--- VMESS/SS ---> Xray Portal(需要公网 IP) <--- VMESS/SS ---> Xray Bridge
# 说明
配置中,内网设备使用的配置为 `bridge.json`,有公网 ip 的设备使用 `protal.json`,通过`protal`连接到内网的设备使用`client.json`。
配置中,内网设备使用的配置为 `bridge.json`,有公网 ip 的设备使用 `portal.json`,通过`portal`连接到内网的设备使用`client.json`。
实际应用中,可以使用`VMESS-TCP、Shadowsocks-2022`等作为Xray Client 到 Xray Protal、Xray Bridge 到 Xray Protal 的传输协议。
实际应用中,可以使用`VMESS-TCP、Shadowsocks-2022`等作为Xray Client 到 Xray Portal、Xray Bridge 到 Xray Portal 的传输协议。
## psk

View file

@ -4,13 +4,11 @@
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"domainMatcher": "mph",
"rules": [
{
"type": "field",
"port": "0-65535",
"outboundTag": "proxy",
"enabled": true
"outboundTag": "proxy"
}
]
},

View file

@ -0,0 +1,54 @@
{
"log": {
"loglevel": "warning"
},
"reverse": {
"portals": [
{
"tag": "portal",
"domain": "reverse.proxy"
}
]
},
"inbounds": [
{
"tag": "external",
"port": 65511,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-256-gcm",
"password": "{{ psk external }}",
"network": "tcp,udp"
}
},
{
"tag": "interconn",
"port": 65510,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-256-gcm",
"password": "{{ psk interconn }}",
"network": "tcp,udp"
}
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"external"
],
"outboundTag": "portal"
},
{
"type": "field",
"inboundTag": [
"interconn"
],
"domain": [],
"outboundTag": "portal"
}
]
}
}

View file

@ -0,0 +1,21 @@
# VLESS over TCP with XTLS + 回落 & 分流
配合回落,使用 443 端口 + XTLS + WS 和路由分流,实现反向代理,增强隐蔽性。
客户端连接方式有 VLESS over WS with TLS / VLESS over TCP with XTLS 两种
portal 设置默认回落到 80 端口的 Web 服务器也可以换成数据库、FTP 等),参考 [VLESS-TCP-XTLS-WHATEVER](https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-WHATEVER/README.md)
# 额外配置
如果你的 portal 在境外,可以使用路由分流来同时实现科学上网 + 访问内网设备。
## 路由分流
根据配置内提示,在 `Portal` 配置中, 取消注释第一项路由中的:
```
// "ip": [
// "geoip:private"
// ],
```
此时流量匹配 `"external"``"externalws"` 标签,且访问的目标 ip 为`私有 ip 地址`时,才会将流量转发至 bridge其余流量走 direct。

View file

@ -0,0 +1,70 @@
{
"log": {
"loglevel": "warning"
},
"reverse": {
"bridges": [
{
"tag": "bridge",
"domain": "reverse.proxy"
}
]
},
"outbounds": [
{
"tag": "interconn",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "reverse.example", // IP
"port": 443,
"users": [
{
"id": "", // UUID
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"serverName": "reverse.example" //
},
"wsSettings": {
"path": "/interconn" // portal interconn path
}
}
},
{
"protocol": "freedom",
"settings": {},
"tag": "out"
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"bridge"
],
"domain": [
"full:reverse.proxy"
],
"outboundTag": "interconn"
},
{
"type": "field",
"inboundTag": [
"bridge"
],
"outboundTag": "out"
}
]
}
}

View file

@ -0,0 +1,65 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"port": "0-65535",
"outboundTag": "proxy"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": "2080",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
}
},
{
"listen": "127.0.0.1",
"port": "2081",
"protocol": "http"
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "reverse.example", // IP
"port": 443,
"users": [
{
"id": "", // UUID
"flow": "xtls-rprx-direct",
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "reverse.example" //
}
}
},
{
"protocol": "freedom",
"tag": "direct"
}
]
}

View file

@ -0,0 +1,67 @@
{
"log": {
"loglevel": "warning"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"port": "0-65535",
"outboundTag": "proxy"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": "2080",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
}
},
{
"listen": "127.0.0.1",
"port": "2081",
"protocol": "http"
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "reverse.example", // IP
"port": 443,
"users": [
{
"id": "", // UUID
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"serverName": "reverse.example" //
},
"wsSettings": {
"path": "/externalws" // portal externalws path
}
}
},
{
"protocol": "freedom",
"tag": "direct"
}
]
}

View file

@ -0,0 +1,51 @@
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
error_log logs/error.log warn;
pid logs/nginx.pid;;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
index index.html index.htm
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 127.0.0.1:80;
server_name yourserver_80.com;
charset utf-8;
access_log logs/yourserver_80.access.log main;
location / {
root /var/www/html;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
}
}

View file

@ -0,0 +1,146 @@
{
"log": {
"loglevel": "warning"
},
"reverse": {
"portals": [
{
"tag": "portal",
"domain": "reverse.proxy"
}
]
},
"inbounds": [
{
"tag": "external",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // UUID
"flow": "xtls-rprx-direct",
"level": 0,
"email": "@external"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 80
},
{
"path": "/interconn", // interconn PATH
"dest": 65510,
"xver": 1
},
{
"path": "/externalws", // externalws PATH
"dest": 65511,
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "./fullchain.crt", //
"keyFile": "./private.key" //
}
]
}
}
},
{
"tag": "externalws",
"port": 65511,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // UUID
"level": 0,
"email": "@externalws"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true, // Nginx/Caddy WS
"path": "/externalws"
}
}
},
{
"tag": "interconn",
"port": 65510,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // UUID
"level": 0,
"email": "@interconn"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/interconn"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"external",
"externalws"
],
// external bridge
//
// "ip": [
// "geoip:private"
// ],
"outboundTag": "portal"
},
{
"type": "field",
"inboundTag": [
"interconn"
],
"domain": [],
"outboundTag": "portal"
},
// 使
{
"type": "field",
"port": "0-65535",
"outboundTag": "direct"
}
]
}
}

View file

@ -4,13 +4,11 @@
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"domainMatcher": "mph",
"rules": [
{
"type": "field",
"port": "0-65535",
"outboundTag": "proxy",
"enabled": true
"outboundTag": "proxy"
}
]
},

View file

@ -0,0 +1,64 @@
{
"log": {
"loglevel": "warning"
},
"reverse": {
"portals": [
{
"tag": "portal",
"domain": "reverse.proxy"
}
]
},
"inbounds": [
{
"tag": "external",
"port": 65511,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "{{ uuid }}"
}
]
},
"streamSettings": {
"network": "tcp"
}
},
{
"tag": "interconn",
"port": 65510,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "{{ uuid }}"
}
]
},
"streamSettings": {
"network": "tcp"
}
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"external"
],
"outboundTag": "portal"
},
{
"type": "field",
"inboundTag": [
"interconn"
],
"domain": [],
"outboundTag": "portal"
}
]
}
}