diff --git a/ReverseProxy/README.md b/ReverseProxy/README.md index d362988..8919be2 100644 --- a/ReverseProxy/README.md +++ b/ReverseProxy/README.md @@ -1,10 +1,10 @@ # 反向代理 # 原理 -Xray Client <--- VMESS/SS ---> Xray Protal(需要公网 IP) <--- VMESS/SS ---> Xray Bridge +Xray Client <--- VMESS/SS ---> Xray Portal(需要公网 IP) <--- VMESS/SS ---> Xray Bridge # 说明 -配置中,内网设备使用的配置为 `bridge.json`,有公网 ip 的设备使用 `protal.json`,通过`protal`连接到内网的设备使用`client.json`。 +配置中,内网设备使用的配置为 `bridge.json`,有公网 ip 的设备使用 `portal.json`,通过`portal`连接到内网的设备使用`client.json`。 -实际应用中,可以使用`VMESS-TCP、Shadowsocks-2022`等作为Xray Client 到 Xray Protal、Xray Bridge 到 Xray Protal 的传输协议。 +实际应用中,可以使用`VMESS-TCP、Shadowsocks-2022`等作为Xray Client 到 Xray Portal、Xray Bridge 到 Xray Portal 的传输协议。 ## psk diff --git a/ReverseProxy/Shadowsocks-2022/client.json b/ReverseProxy/Shadowsocks-2022/client.json index 569a1b6..4bbd37b 100644 --- a/ReverseProxy/Shadowsocks-2022/client.json +++ b/ReverseProxy/Shadowsocks-2022/client.json @@ -4,13 +4,11 @@ }, "routing": { "domainStrategy": "IPIfNonMatch", - "domainMatcher": "mph", "rules": [ { "type": "field", "port": "0-65535", - "outboundTag": "proxy", - "enabled": true + "outboundTag": "proxy" } ] }, diff --git a/ReverseProxy/Shadowsocks-2022/portal.json b/ReverseProxy/Shadowsocks-2022/portal.json new file mode 100644 index 0000000..3877a7a --- /dev/null +++ b/ReverseProxy/Shadowsocks-2022/portal.json @@ -0,0 +1,54 @@ +{ + "log": { + "loglevel": "warning" + }, + "reverse": { + "portals": [ + { + "tag": "portal", + "domain": "reverse.proxy" + } + ] + }, + "inbounds": [ + { + "tag": "external", + "port": 65511, + "protocol": "shadowsocks", + "settings": { + "method": "2022-blake3-aes-256-gcm", + "password": "{{ psk external }}", + "network": "tcp,udp" + } + }, + { + "tag": "interconn", + "port": 65510, + "protocol": "shadowsocks", + "settings": { + "method": "2022-blake3-aes-256-gcm", + "password": "{{ psk interconn }}", + "network": "tcp,udp" + } + } + ], + "routing": { + "rules": [ + { + "type": "field", + "inboundTag": [ + "external" + ], + "outboundTag": "portal" + }, + { + "type": "field", + "inboundTag": [ + "interconn" + ], + "domain": [], + "outboundTag": "portal" + } + ] + } +} \ No newline at end of file diff --git a/ReverseProxy/VLESS-TCP-XTLS-WS/README.md b/ReverseProxy/VLESS-TCP-XTLS-WS/README.md new file mode 100644 index 0000000..0a781b9 --- /dev/null +++ b/ReverseProxy/VLESS-TCP-XTLS-WS/README.md @@ -0,0 +1,21 @@ +# VLESS over TCP with XTLS + 回落 & 分流 + +配合回落,使用 443 端口 + XTLS + WS 和路由分流,实现反向代理,增强隐蔽性。 + +客户端连接方式有 VLESS over WS with TLS / VLESS over TCP with XTLS 两种 + +portal 设置默认回落到 80 端口的 Web 服务器(也可以换成数据库、FTP 等),参考 [VLESS-TCP-XTLS-WHATEVER](https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-WHATEVER/README.md) + +# 额外配置 +如果你的 portal 在境外,可以使用路由分流来同时实现科学上网 + 访问内网设备。 + +## 路由分流 +根据配置内提示,在 `Portal` 配置中, 取消注释第一项路由中的: +``` +// "ip": [ +// "geoip:private" +// ], +``` + +此时流量匹配 `"external"` 或 `"externalws"` 标签,且访问的目标 ip 为`私有 ip 地址`时,才会将流量转发至 bridge,其余流量走 direct。 + diff --git a/ReverseProxy/VLESS-TCP-XTLS-WS/bridge.json b/ReverseProxy/VLESS-TCP-XTLS-WS/bridge.json new file mode 100644 index 0000000..5cad826 --- /dev/null +++ b/ReverseProxy/VLESS-TCP-XTLS-WS/bridge.json @@ -0,0 +1,70 @@ +{ + "log": { + "loglevel": "warning" + }, + "reverse": { + "bridges": [ + { + "tag": "bridge", + "domain": "reverse.proxy" + } + ] + }, + "outbounds": [ + { + "tag": "interconn", + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "reverse.example", // 换成你的域名或 IP + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "ws", + "security": "tls", + "tlsSettings": { + "serverName": "reverse.example" // 换成你的域名 + }, + "wsSettings": { + "path": "/interconn" //对应 portal 中 interconn 的 path + } + } + }, + { + "protocol": "freedom", + "settings": {}, + "tag": "out" + } + ], + "routing": { + "rules": [ + { + "type": "field", + "inboundTag": [ + "bridge" + ], + "domain": [ + "full:reverse.proxy" + ], + "outboundTag": "interconn" + }, + { + "type": "field", + "inboundTag": [ + "bridge" + ], + "outboundTag": "out" + } + ] + } +} \ No newline at end of file diff --git a/ReverseProxy/VLESS-TCP-XTLS-WS/client_tcp.json b/ReverseProxy/VLESS-TCP-XTLS-WS/client_tcp.json new file mode 100644 index 0000000..e82c479 --- /dev/null +++ b/ReverseProxy/VLESS-TCP-XTLS-WS/client_tcp.json @@ -0,0 +1,65 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "IPIfNonMatch", + "rules": [ + { + "type": "field", + "port": "0-65535", + "outboundTag": "proxy" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "2080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "2081", + "protocol": "http" + } + ], + "outbounds": [ + { + "tag": "proxy", + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "reverse.example", // 换成你的域名或服务器 IP + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "flow": "xtls-rprx-direct", + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "xtls", + "xtlsSettings": { + "serverName": "reverse.example" // 换成你的域名 + } + } + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} \ No newline at end of file diff --git a/ReverseProxy/VLESS-TCP-XTLS-WS/client_ws.json b/ReverseProxy/VLESS-TCP-XTLS-WS/client_ws.json new file mode 100644 index 0000000..1d243c2 --- /dev/null +++ b/ReverseProxy/VLESS-TCP-XTLS-WS/client_ws.json @@ -0,0 +1,67 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "IPIfNonMatch", + "rules": [ + { + "type": "field", + "port": "0-65535", + "outboundTag": "proxy" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "2080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "2081", + "protocol": "http" + } + ], + "outbounds": [ + { + "tag": "proxy", + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "reverse.example", // 换成你的域名或服务器 IP + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "ws", + "security": "tls", + "tlsSettings": { + "serverName": "reverse.example" // 换成你的域名 + }, + "wsSettings": { + "path": "/externalws" //对应 portal 中 externalws 的 path + } + } + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} \ No newline at end of file diff --git a/ReverseProxy/VLESS-TCP-XTLS-WS/nginx.conf b/ReverseProxy/VLESS-TCP-XTLS-WS/nginx.conf new file mode 100644 index 0000000..1f3f18b --- /dev/null +++ b/ReverseProxy/VLESS-TCP-XTLS-WS/nginx.conf @@ -0,0 +1,51 @@ +worker_processes auto; +worker_cpu_affinity auto; +worker_rlimit_nofile 65535; + +error_log logs/error.log warn; + +pid logs/nginx.pid;; + +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + +http { + + include mime.types; + default_type application/octet-stream; + + index index.html index.htm + + log_format main '$remote_addr - $remote_user [$time_local] $status ' + '"$request" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + sendfile on; + + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + server { + listen 127.0.0.1:80; + server_name yourserver_80.com; + + charset utf-8; + + access_log logs/yourserver_80.access.log main; + + location / { + root /var/www/html; + } + + error_page 404 /404.html; + + error_page 500 502 503 504 /50x.html; + } +} \ No newline at end of file diff --git a/ReverseProxy/VLESS-TCP-XTLS-WS/portal.json b/ReverseProxy/VLESS-TCP-XTLS-WS/portal.json new file mode 100644 index 0000000..6da4cfd --- /dev/null +++ b/ReverseProxy/VLESS-TCP-XTLS-WS/portal.json @@ -0,0 +1,146 @@ +{ + "log": { + "loglevel": "warning" + }, + "reverse": { + "portals": [ + { + "tag": "portal", + "domain": "reverse.proxy" + } + ] + }, + "inbounds": [ + { + "tag": "external", + "port": 443, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", //填写你的 UUID + "flow": "xtls-rprx-direct", + "level": 0, + "email": "@external" + } + ], + "decryption": "none", + "fallbacks": [ + { + "dest": 80 + }, + { + "path": "/interconn", // 对应下面的 interconn 中的 PATH + "dest": 65510, + "xver": 1 + }, + { + "path": "/externalws", // 对应下面的 externalws 中的 PATH + "dest": 65511, + "xver": 1 + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "xtls", + "xtlsSettings": { + "alpn": [ + "http/1.1" + ], + "certificates": [ + { + "certificateFile": "./fullchain.crt", // 换成你的证书,绝对路径 + "keyFile": "./private.key" // 换成你的私钥,绝对路径 + } + ] + } + } + }, + { + "tag": "externalws", + "port": 65511, + "listen": "127.0.0.1", + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", // 填写你的 UUID + "level": 0, + "email": "@externalws" + } + ], + "decryption": "none" + }, + "streamSettings": { + "network": "ws", + "security": "none", + "wsSettings": { + "acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行 + "path": "/externalws" + } + } + }, + { + "tag": "interconn", + "port": 65510, + "listen": "127.0.0.1", + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", // 填写你的 UUID + "level": 0, + "email": "@interconn" + } + ], + "decryption": "none" + }, + "streamSettings": { + "network": "ws", + "security": "none", + "wsSettings": { + "acceptProxyProtocol": true, + "path": "/interconn" + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + } + ], + "routing": { + "rules": [ + { + "type": "field", + "inboundTag": [ + "external", + "externalws" + ], + // 默认将所有来自 external 的流量转发至bridge + // 如果仅转发内网设备流量,则取消注释下面三行 + // "ip": [ + // "geoip:private" + // ], + "outboundTag": "portal" + }, + { + "type": "field", + "inboundTag": [ + "interconn" + ], + "domain": [], + "outboundTag": "portal" + }, + // 以下路由只会在第一条路由没被匹配到的情况下使用,因此无需额外处理 + { + "type": "field", + "port": "0-65535", + "outboundTag": "direct" + } + ] + } +} \ No newline at end of file diff --git a/ReverseProxy/Vmess-TCP/client.json b/ReverseProxy/Vmess-TCP/client.json index c3fecf8..fe8682e 100644 --- a/ReverseProxy/Vmess-TCP/client.json +++ b/ReverseProxy/Vmess-TCP/client.json @@ -4,13 +4,11 @@ }, "routing": { "domainStrategy": "IPIfNonMatch", - "domainMatcher": "mph", "rules": [ { "type": "field", "port": "0-65535", - "outboundTag": "proxy", - "enabled": true + "outboundTag": "proxy" } ] }, diff --git a/ReverseProxy/Vmess-TCP/portal.json b/ReverseProxy/Vmess-TCP/portal.json new file mode 100644 index 0000000..3529ed6 --- /dev/null +++ b/ReverseProxy/Vmess-TCP/portal.json @@ -0,0 +1,64 @@ +{ + "log": { + "loglevel": "warning" + }, + "reverse": { + "portals": [ + { + "tag": "portal", + "domain": "reverse.proxy" + } + ] + }, + "inbounds": [ + { + "tag": "external", + "port": 65511, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "{{ uuid }}" + } + ] + }, + "streamSettings": { + "network": "tcp" + } + }, + { + "tag": "interconn", + "port": 65510, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "{{ uuid }}" + } + ] + }, + "streamSettings": { + "network": "tcp" + } + } + ], + "routing": { + "rules": [ + { + "type": "field", + "inboundTag": [ + "external" + ], + "outboundTag": "portal" + }, + { + "type": "field", + "inboundTag": [ + "interconn" + ], + "domain": [], + "outboundTag": "portal" + } + ] + } +} \ No newline at end of file