diff --git a/README.md b/README.md index 3676ab8..e698df9 100644 --- a/README.md +++ b/README.md @@ -1 +1,3 @@ -# Xray-examples \ No newline at end of file +# Xray-examples + +Forked from [v2ray-examples](https://github.com/v2fly/v2ray-examples) diff --git a/Shadowsocks-TCP/client.json b/Shadowsocks-TCP/client.json new file mode 100644 index 0000000..4e2f13e --- /dev/null +++ b/Shadowsocks-TCP/client.json @@ -0,0 +1,57 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "shadowsocks", + "settings": { + "servers": [ + { + "address": "{{ host }}", + "port": "{{ port }}", + "method": "chacha20-ietf-poly1305", + "password": "{{ password}}" + } + ] + }, + "streamSettings": { + "network": "tcp" + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} \ No newline at end of file diff --git a/Shadowsocks-TCP/server.json b/Shadowsocks-TCP/server.json new file mode 100644 index 0000000..003d3e9 --- /dev/null +++ b/Shadowsocks-TCP/server.json @@ -0,0 +1,41 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "block" + } + ] + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 1234, + "protocol": "shadowsocks", + "settings": { + "method": "chacha20-ietf-poly1305", + "password": "{{ password }}" + }, + "streamSettings": { + "network": "tcp" + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ] +} diff --git a/Socks5-TLS/README.md b/Socks5-TLS/README.md new file mode 100644 index 0000000..9199c56 --- /dev/null +++ b/Socks5-TLS/README.md @@ -0,0 +1,76 @@ +## 关于 SOCKS5 over TLS 方案的安全提示 + +该配置组合应仅供技术研究/参考使用,因为 **SOCKS5 over TLS 几乎不提供隐密性保证,可被简单地主动探测**。 + +### 探测方式 +对任意未知 TLS 业务,若怀疑其为 SOCKS5/TLS 业务,审查者可向该端口建立一个 TLS 连接并在其上传送 SOCKS5 载荷。 + +若该服务对 SOCKS5 请求做出响应,无论是否设置 SOCKS5 的鉴权机制,审查者均可通过回包内容一次准确判断该业务是否为 SOCKS5 / TLS。 + +来自 [@studentmain](https://github.com/studentmain) 的两个典型样例对话: + +``` +-> 05 01 01 +<- 05 ff +``` + +``` +-> 05 02 00 02 +<- 05 00 / 05 02 +``` + +### 参考资料 +[RFC1928](https://tools.ietf.org/html/rfc1928) 节录如下: +``` + The client connects to the server, and sends a version + identifier/method selection message: + + +----+----------+----------+ + |VER | NMETHODS | METHODS | + +----+----------+----------+ + | 1 | 1 | 1 to 255 | + +----+----------+----------+ + + The VER field is set to X'05' for this version of the protocol. The + NMETHODS field contains the number of method identifier octets that + appear in the METHODS field. + + The server selects from one of the methods given in METHODS, and + sends a METHOD selection message: + + +----+--------+ + |VER | METHOD | + +----+--------+ + | 1 | 1 | + +----+--------+ + + If the selected METHOD is X'FF', none of the methods listed by the + client are acceptable, and the client MUST close the connection. + + The values currently defined for METHOD are: + + o X'00' NO AUTHENTICATION REQUIRED + o X'01' GSSAPI + o X'02' USERNAME/PASSWORD + o X'03' to X'7F' IANA ASSIGNED + o X'80' to X'FE' RESERVED FOR PRIVATE METHODS + o X'FF' NO ACCEPTABLE METHODS + +``` + +[RFC1929](https://tools.ietf.org/html/rfc1929) 节录如下: + +``` + The server verifies the supplied UNAME and PASSWD, and sends the + following response: + + +----+--------+ + |VER | STATUS | + +----+--------+ + | 1 | 1 | + +----+--------+ + + A STATUS field of X'00' indicates success. If the server returns a + `failure' (STATUS value other than X'00') status, it MUST close the + connection. +``` diff --git a/Socks5-TLS/config_client.json b/Socks5-TLS/config_client.json new file mode 100644 index 0000000..6c55150 --- /dev/null +++ b/Socks5-TLS/config_client.json @@ -0,0 +1,66 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "socks", + "settings": { + "servers": [ + { + "address": "", + "port": 1234, + "users": [ + { + "user": "", + "pass": "" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "serverName": "example.domain", + "allowInsecure": false + } + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} diff --git a/Socks5-TLS/config_server.json b/Socks5-TLS/config_server.json new file mode 100644 index 0000000..b5a9227 --- /dev/null +++ b/Socks5-TLS/config_server.json @@ -0,0 +1,57 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "block" + } + ] + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 1234, + "protocol": "socks", + "settings": { + "auth": "password", + "accounts": [ + { + "user": "", + "pass": "" + } + ], + "udp": true, + "ip": "127.0.0.1" + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "certificates": [ + { + "certificateFile": "/path/to/certificate.crt", + "keyFile": "/path/to/key.key" + } + ] + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ] +} diff --git a/Trojan-TCP-TLS (minimal)/config_client.json b/Trojan-TCP-TLS (minimal)/config_client.json new file mode 100644 index 0000000..8d76999 --- /dev/null +++ b/Trojan-TCP-TLS (minimal)/config_client.json @@ -0,0 +1,33 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10800, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "trojan", + "settings": { + "servers": [ + { + "address": "example.com", + "port": 443, + "password": "your password" + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls" + } + } + ] +} \ No newline at end of file diff --git a/Trojan-TCP-TLS (minimal)/config_server.json b/Trojan-TCP-TLS (minimal)/config_server.json new file mode 100644 index 0000000..62c6616 --- /dev/null +++ b/Trojan-TCP-TLS (minimal)/config_server.json @@ -0,0 +1,39 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 443, + "protocol": "trojan", + "settings": { + "clients": [ + { + "password":"your password", + "email": "love@example.com" + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "alpn": [ + "http/1.1" + ], + "certificates": [ + { + "certificateFile": "/path/to/fullchain.crt", + "keyFile": "/path/to/private.key" + } + ] + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom" + } + ] +} \ No newline at end of file diff --git a/VLESS-H2C-Caddy2/Caddyfile b/VLESS-H2C-Caddy2/Caddyfile new file mode 100644 index 0000000..1484448 --- /dev/null +++ b/VLESS-H2C-Caddy2/Caddyfile @@ -0,0 +1,10 @@ +xx.com { + root * /var/www + file_server + + reverse_proxy /path 127.0.0.1:2001 { + transport http { + versions h2c + } + } +} diff --git a/VLESS-H2C-Caddy2/README.md b/VLESS-H2C-Caddy2/README.md new file mode 100644 index 0000000..9ba4102 --- /dev/null +++ b/VLESS-H2C-Caddy2/README.md @@ -0,0 +1,5 @@ +# 原理图: +Xray client <--- H2 ---> Caddy2 <--- H2C ---> Xray server + +注意: +目前仅 Caddy2 的 v2.2.0-rc.1 版及以后完美支持 Xray 的 H2C,实现 H2(HTTP/2)应用。 diff --git a/VLESS-H2C-Caddy2/client.json b/VLESS-H2C-Caddy2/client.json new file mode 100644 index 0000000..26c1282 --- /dev/null +++ b/VLESS-H2C-Caddy2/client.json @@ -0,0 +1,69 @@ +{ + "log":{}, + "inbounds":[ + { + "port":"1080", + "protocol":"socks", + "settings":{ + "auth":"noauth", + "udp":true + } + }, + { + "port":"1081", + "protocol":"http", + "settings":{} + } + ], + "outbounds":[ + { + "protocol":"vless", + "settings":{ + "vnext":[ + { + "address":"xx.com", + "port":443, + "users":[ + { + "id":"", + "encryption":"none" + } + ] + } + ] + }, + "streamSettings":{ + "network":"h2", + "security":"tls", + "httpSettings":{ + "host":[ + "xx.com" + ], + "path":"/path" + } + } + }, + { + "tag":"direct", + "protocol":"freedom", + "settings":{} + }, + { + "tag":"blocked", + "protocol":"blackhole", + "settings":{} + } + ], + "routing":{ + "domainStrategy":"IPOnDemand", + "rules":[ + { + "type":"field", + "ip":[ + "geoip:private" + ], + "outboundTag":"direct" + } + ] + } +} diff --git a/VLESS-H2C-Caddy2/server.json b/VLESS-H2C-Caddy2/server.json new file mode 100644 index 0000000..9b919be --- /dev/null +++ b/VLESS-H2C-Caddy2/server.json @@ -0,0 +1,55 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 2001, + "listen": "127.0.0.1", + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", + "email": "love@example.com" + } + ], + "decryption": "none" + }, + "streamSettings": { + "security": "none", + "network": "h2", + "httpSettings": { + "path": "/path", + "host": [ + "xx.com" + ] + } + } + } + ], + "outbounds": [ + { + "tag": "direct", + "protocol": "freedom", + "settings": {} + }, + { + "tag": "blocked", + "protocol": "blackhole", + "settings": {} + } + ], + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } + ] + } +} diff --git a/VLESS-TCP-TLS (maximal by rprx)/README.md b/VLESS-TCP-TLS (maximal by rprx)/README.md new file mode 100644 index 0000000..fb868fb --- /dev/null +++ b/VLESS-TCP-TLS (maximal by rprx)/README.md @@ -0,0 +1,18 @@ +# VLESS over TCP with TLS + 回落(建站配置) + +你应当先了解 [最简配置](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>) 等其它配置,若你有同时建站的需求,可以参考并结合此配置 + +此配置含 VLESS 回落高级用法: + +1. PROXY protocol,专用于传递请求的真实来源 IP 和端口 +2. 支持 h2 访问:ALPN 协商结果为 h2 时单独转发 +3. 使用 Unix domain socket,比环回地址效率更高 + +Nginx 说明与注意事项: + +1. nginx.conf 根据 CentOS 8 dnf 的 nginx 修改而来 +2. 80 端口的 http 请求均被带 URI 301 到 https +3. 重启 nginx 时可能需要手动删除它 bind 的 socket + +Xray 服务端 info 级别的 error 日志中有每次回落的详细原因
+Nginx 的 access 日志中每行末尾有请求的真实来源 IP 和端口 diff --git a/VLESS-TCP-TLS (maximal by rprx)/config_client.json b/VLESS-TCP-TLS (maximal by rprx)/config_client.json new file mode 100644 index 0000000..a93646d --- /dev/null +++ b/VLESS-TCP-TLS (maximal by rprx)/config_client.json @@ -0,0 +1,42 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10800, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "example.com", // 换成你的域名或服务器 IP(发起请求时无需解析域名了) + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "serverName": "example.com" // 换成你的域名 + } + } + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-TLS (maximal by rprx)/config_server.json b/VLESS-TCP-TLS (maximal by rprx)/config_server.json new file mode 100644 index 0000000..240bafb --- /dev/null +++ b/VLESS-TCP-TLS (maximal by rprx)/config_server.json @@ -0,0 +1,53 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 443, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", // 填写你的 UUID + "level": 0, + "email": "love@example.com" + } + ], + "decryption": "none", + "fallbacks": [ + { + "dest": "/dev/shm/default.sock", + "xver": 1 + }, + { + "alpn": "h2", + "dest": "/dev/shm/h2c.sock", + "xver": 1 + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "alpn": [ + "h2", + "http/1.1" + ], + "certificates": [ + { + "certificateFile": "/path/to/fullchain.crt", // 换成你的证书,绝对路径 + "keyFile": "/path/to/private.key" // 换成你的私钥,绝对路径 + } + ] + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom" + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-TLS (maximal by rprx)/nginx.conf b/VLESS-TCP-TLS (maximal by rprx)/nginx.conf new file mode 100644 index 0000000..8b99c90 --- /dev/null +++ b/VLESS-TCP-TLS (maximal by rprx)/nginx.conf @@ -0,0 +1,100 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" ' + '$proxy_protocol_addr:$proxy_protocol_port'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + + server { + #listen 80 default_server; + #listen [::]:80 default_server; + listen [::]:80 default ipv6only=off; + return 301 https://$http_host$request_uri; + } + + server { + listen unix:/dev/shm/default.sock proxy_protocol; + listen unix:/dev/shm/h2c.sock http2 proxy_protocol; + server_name _; + root /usr/share/nginx/html; + + set_real_ip_from 127.0.0.1; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + + location / { + } + + error_page 404 /404.html; + location = /40x.html { + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } + } + +# Settings for a TLS enabled server. +# +# server { +# listen 443 ssl http2 default_server; +# listen [::]:443 ssl http2 default_server; +# server_name _; +# root /usr/share/nginx/html; +# +# ssl_certificate "/etc/pki/nginx/server.crt"; +# ssl_certificate_key "/etc/pki/nginx/private/server.key"; +# ssl_session_cache shared:SSL:1m; +# ssl_session_timeout 10m; +# ssl_ciphers PROFILE=SYSTEM; +# ssl_prefer_server_ciphers on; +# +# # Load configuration files for the default server block. +# include /etc/nginx/default.d/*.conf; +# +# location / { +# } +# +# error_page 404 /404.html; +# location = /40x.html { +# } +# +# error_page 500 502 503 504 /50x.html; +# location = /50x.html { +# } +# } + +} + diff --git a/VLESS-TCP-TLS (minimal by rprx)/README.md b/VLESS-TCP-TLS (minimal by rprx)/README.md new file mode 100644 index 0000000..0aa687a --- /dev/null +++ b/VLESS-TCP-TLS (minimal by rprx)/README.md @@ -0,0 +1,17 @@ +# VLESS over TCP with TLS + 回落(最简配置) + +你需要有一个解析到服务器 IP 的域名,并且申请了证书,比如 let's encrypt + +你还需要一个 Nginx:(或者 Caddy 等任一 Web 服务器) + +1. 用系统自带的包管理器安装 nginx,具体方法请 Google +2. nginx 的默认配置就是监听 80 端口,无需修改 +3. 可选:找到并替换掉 nginx 自带的 index.html 等文件 +4. 执行 `systemctl enable nginx` 设置开机自启 +5. 执行 `systemctl start nginx` 启动 nginx + +若服务器开启了防火墙或 VPS 有安全组,记得放行 TCP/80、443 端口 + +--- + +接下来,你可以了解 [建站配置](<../VLESS-TCP-TLS%20(maximal%20by%20rprx)>)(回落高级用法)、尝试 [进阶配置](<../VLESS-TCP-TLS-WS%20(recommended)>)(分流 to WebSocket) diff --git a/VLESS-TCP-TLS (minimal by rprx)/config_client.json b/VLESS-TCP-TLS (minimal by rprx)/config_client.json new file mode 100644 index 0000000..e1e330d --- /dev/null +++ b/VLESS-TCP-TLS (minimal by rprx)/config_client.json @@ -0,0 +1,39 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10800, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "example.com", // 换成你的域名 + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls" + } + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-TLS (minimal by rprx)/config_server.json b/VLESS-TCP-TLS (minimal by rprx)/config_server.json new file mode 100644 index 0000000..2819034 --- /dev/null +++ b/VLESS-TCP-TLS (minimal by rprx)/config_server.json @@ -0,0 +1,46 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 443, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", // 填写你的 UUID + "level": 0, + "email": "love@example.com" + } + ], + "decryption": "none", + "fallbacks": [ + { + "dest": 80 + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "alpn": [ + "http/1.1" + ], + "certificates": [ + { + "certificateFile": "/path/to/fullchain.crt", // 换成你的证书,绝对路径 + "keyFile": "/path/to/private.key" // 换成你的私钥,绝对路径 + } + ] + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom" + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-TLS-WS (recommended)/README.md b/VLESS-TCP-TLS-WS (recommended)/README.md new file mode 100644 index 0000000..19609c1 --- /dev/null +++ b/VLESS-TCP-TLS-WS (recommended)/README.md @@ -0,0 +1,13 @@ +# VLESS over TCP with TLS + 回落 & 分流 to WebSocket(进阶配置) + +这里是 [最简配置](<../VLESS-TCP-TLS%20(minimal%20by%20rprx)>) 的超集,利用 VLESS 强大的回落分流特性,实现了 443 端口 VLESS over TCP with TLS 和任意 WSS 的完美共存 + +该配置供参考,你可以将 WS 上的 VLESS 换成 VMess 等其它任何协议,以及设置更多 PATH、协议共存,都可以做到 + +部署后,你可以同时通过 VLESS over TCP with TLS 和任意 WebSocket with TLS 方式连接到服务器,其中后者都可以通过 CDN + +经实测,VLESS 回落分流 WS 比 Nginx 反代 WS 性能更强,传统的 VMess + WSS 方案完全可以迁移过来,且不失兼容 + +--- + +接下来,你可以尝试 [终极配置](../VLESS-TCP-XTLS-WHATEVER):换用 XTLS 实现极致性能,还有分流到 VMess over TCP,以及更多回落分流建议,不只 Xray diff --git a/VLESS-TCP-TLS-WS (recommended)/config_client_tcp_tls.json b/VLESS-TCP-TLS-WS (recommended)/config_client_tcp_tls.json new file mode 100644 index 0000000..a93646d --- /dev/null +++ b/VLESS-TCP-TLS-WS (recommended)/config_client_tcp_tls.json @@ -0,0 +1,42 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10800, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "example.com", // 换成你的域名或服务器 IP(发起请求时无需解析域名了) + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "serverName": "example.com" // 换成你的域名 + } + } + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-TLS-WS (recommended)/config_client_ws_tls.json b/VLESS-TCP-TLS-WS (recommended)/config_client_ws_tls.json new file mode 100644 index 0000000..8df0f6f --- /dev/null +++ b/VLESS-TCP-TLS-WS (recommended)/config_client_ws_tls.json @@ -0,0 +1,45 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10800, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "example.com", // 换成你的域名或服务器 IP(发起请求时无需解析域名了) + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "ws", + "security": "tls", + "tlsSettings": { + "serverName": "example.com" // 换成你的域名 + }, + "wsSettings": { + "path": "/websocket" // 必须换成自定义的 PATH,需要和服务端的一致 + } + } + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-TLS-WS (recommended)/config_server.json b/VLESS-TCP-TLS-WS (recommended)/config_server.json new file mode 100644 index 0000000..ffd8149 --- /dev/null +++ b/VLESS-TCP-TLS-WS (recommended)/config_server.json @@ -0,0 +1,74 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 443, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", // 填写你的 UUID + "level": 0, + "email": "love@example.com" + } + ], + "decryption": "none", + "fallbacks": [ + { + "dest": 80 + }, + { + "path": "/websocket", // 必须换成自定义的 PATH + "dest": 1234, + "xver": 1 + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "alpn": [ + "http/1.1" + ], + "certificates": [ + { + "certificateFile": "/path/to/fullchain.crt", // 换成你的证书,绝对路径 + "keyFile": "/path/to/private.key" // 换成你的私钥,绝对路径 + } + ] + } + } + }, + { + "port": 1234, + "listen": "127.0.0.1", + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", // 填写你的 UUID + "level": 0, + "email": "love@example.com" + } + ], + "decryption": "none" + }, + "streamSettings": { + "network": "ws", + "security": "none", + "wsSettings": { + "acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行 + "path": "/websocket" // 必须换成自定义的 PATH,需要和上面的一致 + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom" + } + ] +} diff --git a/VLESS-TCP-TLS-proxy protocol/config_client.json b/VLESS-TCP-TLS-proxy protocol/config_client.json new file mode 100644 index 0000000..28c3e83 --- /dev/null +++ b/VLESS-TCP-TLS-proxy protocol/config_client.json @@ -0,0 +1,72 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "1.2.3.4", + "port": 443, + "user": [ + { + "id": "", + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "serverName": "example.domain", + "allowInsecure": false, + "alpn": [ + "h2", + "http/1.1" + ], + "disableSessionResumption": true + } + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ], + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "tag": "direct" + } + ] + } +} \ No newline at end of file diff --git a/VLESS-TCP-TLS-proxy protocol/config_server.json b/VLESS-TCP-TLS-proxy protocol/config_server.json new file mode 100644 index 0000000..192fc7a --- /dev/null +++ b/VLESS-TCP-TLS-proxy protocol/config_server.json @@ -0,0 +1,56 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 443, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", + "level": 0, + "email": "love@example.com" + } + ], + "decryption": "none", + "fallbacks": [ + { + "dest": 8001, + "xver": 1 + }, + { + "alpn": "h2", + "dest": 8002, + "xver": 1 + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "serverName": "example.domain", + "alpn": [ + "h2", + "http/1.1" + ], + "certificates": [ + { + "certificateFile": "/path/to/fullchain.crt", + "keyFile": "/path/to/private.key" + } + ] + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-TLS-proxy protocol/nginx.conf b/VLESS-TCP-TLS-proxy protocol/nginx.conf new file mode 100644 index 0000000..19decd3 --- /dev/null +++ b/VLESS-TCP-TLS-proxy protocol/nginx.conf @@ -0,0 +1,57 @@ +worker_processes auto; +worker_cpu_affinity auto; +worker_rlimit_nofile 65535; + +error_log logs/error.log warn; + +pid logs/nginx.pid; + +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + +http { + + include mime.types; + default_type application/octet-stream; + + index index.html index.htm; + + proxy_set_header X-Real-IP $proxy_protocol_addr; + proxy_set_header X-Forwarded-For $proxy_protocol_addr; + + log_format proxy '$proxy_protocol_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + + sendfile on; + + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + server { + listen 127.0.0.1:8001 proxy_protocol; + listen 127.0.0.1:8002 http2 proxy_protocol; + server_name yourserver.com; + + set_real_ip_from 127.0.0.1; + + charset utf-8; + + access_log logs/yourserver.access.log proxy; + + location / { + root /var/www/html; + } + + error_page 404 /404.html; + + error_page 500 502 503 504 /50x.html; + } +} diff --git a/VLESS-TCP-TLS/config_client.json b/VLESS-TCP-TLS/config_client.json new file mode 100644 index 0000000..01572d1 --- /dev/null +++ b/VLESS-TCP-TLS/config_client.json @@ -0,0 +1,72 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "1.2.3.4", + "port": 443, + "users": [ + { + "id": "", + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "serverName": "example.domain", + "allowInsecure": false, + "alpn": [ + "h2", + "http/1.1" + ], + "disableSessionResumption": true + } + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ], + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + } +} diff --git a/VLESS-TCP-TLS/config_server.json b/VLESS-TCP-TLS/config_server.json new file mode 100644 index 0000000..bc9c6fd --- /dev/null +++ b/VLESS-TCP-TLS/config_server.json @@ -0,0 +1,54 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 443, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", + "level": 0, + "email": "love@example.com" + } + ], + "decryption": "none", + "fallbacks": [ + { + "dest": 8001 + }, + { + "alpn": "h2", + "dest": 8002 + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "serverName": "example.domain", + "alpn": [ + "h2", + "http/1.1" + ], + "certificates": [ + { + "certificateFile": "/path/to/fullchain.crt", + "keyFile": "/path/to/private.key" + } + ] + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-TLS/nginx.conf b/VLESS-TCP-TLS/nginx.conf new file mode 100644 index 0000000..f5d139b --- /dev/null +++ b/VLESS-TCP-TLS/nginx.conf @@ -0,0 +1,52 @@ +worker_processes auto; +worker_cpu_affinity auto; +worker_rlimit_nofile 65535; + +error_log logs/error.log warn; + +pid logs/nginx.pid; + +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + +http { + + include mime.types; + default_type application/octet-stream; + + index index.html index.htm; + + log_format main '$remote_addr - $remote_user [$time_local] $status ' + '"$request" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + sendfile on; + + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + server { + listen 127.0.0.1:8001; + listen 127.0.0.1:8002 http2; + server_name yourserver.com; + + charset utf-8; + + access_log logs/yourserver.access.log main; + + location / { + root /var/www/html; + } + + error_page 404 /404.html; + + error_page 500 502 503 504 /50x.html; + } +} diff --git a/VLESS-TCP-XTLS-WHATEVER/README.md b/VLESS-TCP-XTLS-WHATEVER/README.md new file mode 100644 index 0000000..07b4933 --- /dev/null +++ b/VLESS-TCP-XTLS-WHATEVER/README.md @@ -0,0 +1,18 @@ +# VLESS over TCP with XTLS + 回落 & 分流 to WHATEVER(终极配置) + +这里是 [进阶配置](<../VLESS-TCP-TLS-WS%20(recommended)>) 的超集,利用 VLESS 强大的回落分流特性,实现了 443 端口尽可能多的协议、配置的完美共存,包括 [XTLS Direct Mode](https://github.com/rprx/v2fly-github-io/blob/master/docs/config/protocols/vless.md#xtls-%E9%BB%91%E7%A7%91%E6%8A%80) + +客户端可以同时通过下列方式连接到服务器,其中 WS 都可以通过 CDN + +1. VLESS over TCP with XTLS,数倍性能,首选方式 +2. VLESS over TCP with TLS +3. VLESS over WS with TLS +4. VMess over TCP with TLS,不推荐 +5. VMess over WS with TLS +6. Trojan over TCP with TLS + +--- + +这里设置默认回落到 Xray 的 Trojan 协议,再继续回落到 80 端口的 Web 服务器(也可以换成数据库、FTP 等) + +你还可以配置回落到 Caddy 的 forwardproxy 等其它也防探测的代理,以及分流到任何支持 WebSocket 的代理,都没有问题 diff --git a/VLESS-TCP-XTLS-WHATEVER/config_client/trojan_tcp_tls.json b/VLESS-TCP-XTLS-WHATEVER/config_client/trojan_tcp_tls.json new file mode 100644 index 0000000..ef9b529 --- /dev/null +++ b/VLESS-TCP-XTLS-WHATEVER/config_client/trojan_tcp_tls.json @@ -0,0 +1,37 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10800, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "trojan", + "settings": { + "servers": [ + { + "address": "example.com", // 换成你的域名或服务器 IP(发起请求时无需解析域名了) + "port": 443, + "password": "", // 填写你的密码 + "level": 0 + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "serverName": "example.com" // 换成你的域名 + } + } + } + ] +} diff --git a/VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_tls.json b/VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_tls.json new file mode 100644 index 0000000..a93646d --- /dev/null +++ b/VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_tls.json @@ -0,0 +1,42 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10800, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "example.com", // 换成你的域名或服务器 IP(发起请求时无需解析域名了) + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "serverName": "example.com" // 换成你的域名 + } + } + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_xtls.json b/VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_xtls.json new file mode 100644 index 0000000..2e19aca --- /dev/null +++ b/VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_xtls.json @@ -0,0 +1,43 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10800, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "example.com", // 换成你的域名或服务器 IP(发起请求时无需解析域名了) + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "flow": "xtls-rprx-direct", + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "xtls", // 需要使用 XTLS + "xtlsSettings": { + "serverName": "example.com" // 换成你的域名 + } + } + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-XTLS-WHATEVER/config_client/vless_ws_tls.json b/VLESS-TCP-XTLS-WHATEVER/config_client/vless_ws_tls.json new file mode 100644 index 0000000..8df0f6f --- /dev/null +++ b/VLESS-TCP-XTLS-WHATEVER/config_client/vless_ws_tls.json @@ -0,0 +1,45 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10800, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "example.com", // 换成你的域名或服务器 IP(发起请求时无需解析域名了) + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "ws", + "security": "tls", + "tlsSettings": { + "serverName": "example.com" // 换成你的域名 + }, + "wsSettings": { + "path": "/websocket" // 必须换成自定义的 PATH,需要和服务端的一致 + } + } + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-XTLS-WHATEVER/config_client/vmess_tcp_tls.json b/VLESS-TCP-XTLS-WHATEVER/config_client/vmess_tcp_tls.json new file mode 100644 index 0000000..b8e8258 --- /dev/null +++ b/VLESS-TCP-XTLS-WHATEVER/config_client/vmess_tcp_tls.json @@ -0,0 +1,52 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10800, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "example.com", // 换成你的域名或服务器 IP(发起请求时无需解析域名了) + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "security": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "serverName": "example.com" // 换成你的域名 + }, + "tcpSettings": { + "header": { + "type": "http", + "request": { + "path": [ + "/vmesstcp" // 必须换成自定义的 PATH,需要和服务端的一致 + ] + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-XTLS-WHATEVER/config_client/vmess_ws_tls.json b/VLESS-TCP-XTLS-WHATEVER/config_client/vmess_ws_tls.json new file mode 100644 index 0000000..eba28ef --- /dev/null +++ b/VLESS-TCP-XTLS-WHATEVER/config_client/vmess_ws_tls.json @@ -0,0 +1,45 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10800, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "example.com", // 换成你的域名或服务器 IP(发起请求时无需解析域名了) + "port": 443, + "users": [ + { + "id": "", // 填写你的 UUID + "security": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "ws", + "security": "tls", + "tlsSettings": { + "serverName": "example.com" // 换成你的域名 + }, + "wsSettings": { + "path": "/vmessws" // 必须换成自定义的 PATH,需要和服务端的一致 + } + } + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP-XTLS-WHATEVER/config_server.json b/VLESS-TCP-XTLS-WHATEVER/config_server.json new file mode 100644 index 0000000..73172da --- /dev/null +++ b/VLESS-TCP-XTLS-WHATEVER/config_server.json @@ -0,0 +1,163 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 443, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", // 填写你的 UUID + "flow": "xtls-rprx-direct", + "level": 0, + "email": "love@example.com" + } + ], + "decryption": "none", + "fallbacks": [ + { + "dest": 1310, // 默认回落到 Xray 的 Trojan 协议 + "xver": 1 + }, + { + "path": "/websocket", // 必须换成自定义的 PATH + "dest": 1234, + "xver": 1 + }, + { + "path": "/vmesstcp", // 必须换成自定义的 PATH + "dest": 2345, + "xver": 1 + }, + { + "path": "/vmessws", // 必须换成自定义的 PATH + "dest": 3456, + "xver": 1 + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "xtls", + "xtlsSettings": { + "alpn": [ + "http/1.1" + ], + "certificates": [ + { + "certificateFile": "/path/to/fullchain.crt", // 换成你的证书,绝对路径 + "keyFile": "/path/to/private.key" // 换成你的私钥,绝对路径 + } + ] + } + } + }, + { + "port": 1310, + "listen": "127.0.0.1", + "protocol": "trojan", + "settings": { + "clients": [ + { + "password": "", // 填写你的密码 + "level": 0, + "email": "love@example.com" + } + ], + "fallbacks": [ + { + "dest": 80 // 或者回落到其它也防探测的代理 + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "none", + "tcpSettings": { + "acceptProxyProtocol": true + } + } + }, + { + "port": 1234, + "listen": "127.0.0.1", + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", // 填写你的 UUID + "level": 0, + "email": "love@example.com" + } + ], + "decryption": "none" + }, + "streamSettings": { + "network": "ws", + "security": "none", + "wsSettings": { + "acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行 + "path": "/websocket" // 必须换成自定义的 PATH,需要和分流的一致 + } + } + }, + { + "port": 2345, + "listen": "127.0.0.1", + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "", // 填写你的 UUID + "level": 0, + "email": "love@example.com" + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "none", + "tcpSettings": { + "acceptProxyProtocol": true, + "header": { + "type": "http", + "request": { + "path": [ + "/vmesstcp" // 必须换成自定义的 PATH,需要和分流的一致 + ] + } + } + } + } + }, + { + "port": 3456, + "listen": "127.0.0.1", + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "", // 填写你的 UUID + "level": 0, + "email": "love@example.com" + } + ] + }, + "streamSettings": { + "network": "ws", + "security": "none", + "wsSettings": { + "acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行 + "path": "/vmessws" // 必须换成自定义的 PATH,需要和分流的一致 + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom" + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP/README.md b/VLESS-TCP/README.md new file mode 100644 index 0000000..b4a8935 --- /dev/null +++ b/VLESS-TCP/README.md @@ -0,0 +1 @@ +# (目前)请勿使用此配置过墙,记得套 TLS \ No newline at end of file diff --git a/VLESS-TCP/config_client.json b/VLESS-TCP/config_client.json new file mode 100644 index 0000000..31729a2 --- /dev/null +++ b/VLESS-TCP/config_client.json @@ -0,0 +1,62 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "1.2.3.4", + "port": 1234, + "user": [ + { + "id": "", + "encryption": "none", + "level": 0 + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp" + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ], + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + } +} \ No newline at end of file diff --git a/VLESS-TCP/config_server.json b/VLESS-TCP/config_server.json new file mode 100644 index 0000000..0ab8621 --- /dev/null +++ b/VLESS-TCP/config_server.json @@ -0,0 +1,36 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 1234, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "", + "level": 0, + "email": "love@example.com" + } + ], + "decryption": "none", + "fallbacks": [ + { + "dest": 8001 + } + ] + }, + "streamSettings": { + "network": "tcp" + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + } + ] +} \ No newline at end of file diff --git a/VLESS-TCP/nginx.conf b/VLESS-TCP/nginx.conf new file mode 100644 index 0000000..052c25f --- /dev/null +++ b/VLESS-TCP/nginx.conf @@ -0,0 +1,51 @@ +worker_processes auto; +worker_cpu_affinity auto; +worker_rlimit_nofile 65535; + +error_log logs/error.log warn; + +pid logs/nginx.pid;; + +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + +http { + + include mime.types; + default_type application/octet-stream; + + index index.html index.htm + + log_format main '$remote_addr - $remote_user [$time_local] $status ' + '"$request" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + sendfile on; + + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + server { + listen 127.0.0.1:8001; + server_name yourserver_8001.com; + + charset utf-8; + + access_log logs/yourserver_8001.access.log main; + + location / { + root /var/www/html; + } + + error_page 404 /404.html; + + error_page 500 502 503 504 /50x.html; + } +} diff --git a/VLESS-mKCPSeed/config_client.json b/VLESS-mKCPSeed/config_client.json new file mode 100644 index 0000000..a8d4c34 --- /dev/null +++ b/VLESS-mKCPSeed/config_client.json @@ -0,0 +1,40 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 1080, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "{{ host }}", + "port": "{{ port }}", + "users": [ + { + "id": "{{ uuid }}", + "encryption": "none" + } + ] + } + ] + }, + "streamSettings": { + "network": "kcp", + "kcpSettings": { + "seed": "{{ seed }}" + } + } + } + ] +} \ No newline at end of file diff --git a/VLESS-mKCPSeed/config_server.json b/VLESS-mKCPSeed/config_server.json new file mode 100644 index 0000000..8e907bd --- /dev/null +++ b/VLESS-mKCPSeed/config_server.json @@ -0,0 +1,26 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "protocol": "vless", + "port": "{{ port }}", + "settings": { + "decryption":"none", + "clients": [ + {"id": "{{ }}"} + ] + }, + "streamSettings": { + "network": "kcp", + "kcpSettings": { + "seed": "{{ seed }}" + } + } + } + ], + "outbounds": [ + {"protocol": "freedom"} + ] +} diff --git a/VMess-HTTP/config_client.json b/VMess-HTTP/config_client.json new file mode 100644 index 0000000..f3064e5 --- /dev/null +++ b/VMess-HTTP/config_client.json @@ -0,0 +1,91 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "", + "port": 1234, + "users": [ + { + "id": "" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "tcpSettings": { + "header": { + "type": "http", + "request": { + "version": "1.1", + "method": "GET", + "path": [ + "/" + ], + "headers": { + "Host": [ + "www.bing.com", + "www.cloudflare.com", + "www.amazon.com" + ], + "User-Agent": [ + "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 Edg/84.0.522.49", + "Mozilla/5.0 (iPhone; CPU iPhone OS 13_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/84.0.4147.71 Mobile/15E148 Safari/604.1" + ], + "Accept-Encoding": [ + "gzip, deflate" + ], + "Connection": [ + "keep-alive" + ], + "Pragma": "no-cache" + } + } + } + }, + "security": "none" + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} diff --git a/VMess-HTTP/config_server.json b/VMess-HTTP/config_server.json new file mode 100644 index 0000000..057eb2c --- /dev/null +++ b/VMess-HTTP/config_server.json @@ -0,0 +1,71 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "block" + } + ] + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 1234, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "" + } + ] + }, + "streamSettings": { + "network": "tcp", + "tcpSettings": { + "header": { + "type": "http", + "response": { + "version": "1.1", + "status": "200", + "reason": "OK", + "headers": { + "Content-Type": [ + "application/octet-stream", + "video/mpeg", + "application/x-msdownload", + "text/html", + "application/x-shockwave-flash" + ], + "Transfer-Encoding": [ + "chunked" + ], + "Connection": [ + "keep-alive" + ], + "Pragma": "no-cache" + } + } + } + }, + "security": "none" + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ] +} diff --git a/VMess-HTTP2/config_client.json b/VMess-HTTP2/config_client.json new file mode 100644 index 0000000..dca39f7 --- /dev/null +++ b/VMess-HTTP2/config_client.json @@ -0,0 +1,62 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "", + "port": 1234, + "users": [ + { + "id": "", + "security": "none" + } + ] + } + ] + }, + "streamSettings": { + "network": "http", + "security": "tls" + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} diff --git a/VMess-HTTP2/config_server.json b/VMess-HTTP2/config_server.json new file mode 100644 index 0000000..f4f3205 --- /dev/null +++ b/VMess-HTTP2/config_server.json @@ -0,0 +1,53 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "block" + } + ] + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 1234, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "" + } + ] + }, + "streamSettings": { + "network": "http", + "security": "tls", + "tlsSettings": { + "certificates": [ + { + "certificateFile": "/path/to/certificate.crt", + "keyFile": "/path/to/key.key" + } + ] + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ] +} diff --git a/VMess-TCP-TLS/config_client.json b/VMess-TCP-TLS/config_client.json new file mode 100644 index 0000000..60ba57a --- /dev/null +++ b/VMess-TCP-TLS/config_client.json @@ -0,0 +1,62 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "", + "port": 1234, + "users": [ + { + "id": "", + "security": "none" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls" + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} diff --git a/VMess-TCP-TLS/config_server.json b/VMess-TCP-TLS/config_server.json new file mode 100644 index 0000000..5b40b63 --- /dev/null +++ b/VMess-TCP-TLS/config_server.json @@ -0,0 +1,53 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "block" + } + ] + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 1234, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "" + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "certificates": [ + { + "certificateFile": "/path/to/certificate.crt", + "keyFile": "/path/to/key.key" + } + ] + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ] +} diff --git a/VMess-TCP/config_client.json b/VMess-TCP/config_client.json new file mode 100644 index 0000000..852e399 --- /dev/null +++ b/VMess-TCP/config_client.json @@ -0,0 +1,60 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "", + "port": 1234, + "users": [ + { + "id": "" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp" + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} \ No newline at end of file diff --git a/VMess-TCP/config_server.json b/VMess-TCP/config_server.json new file mode 100644 index 0000000..8f379ea --- /dev/null +++ b/VMess-TCP/config_server.json @@ -0,0 +1,44 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "block" + } + ] + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 1234, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "" + } + ] + }, + "streamSettings": { + "network": "tcp" + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ] +} diff --git a/VMess-Websocket-TLS/config_client.json b/VMess-Websocket-TLS/config_client.json new file mode 100644 index 0000000..ee49c62 --- /dev/null +++ b/VMess-Websocket-TLS/config_client.json @@ -0,0 +1,62 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "", + "port": 1234, + "users": [ + { + "id": "", + "security": "none" + } + ] + } + ] + }, + "streamSettings": { + "network": "ws", + "security": "tls" + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} diff --git a/VMess-Websocket-TLS/config_server.json b/VMess-Websocket-TLS/config_server.json new file mode 100644 index 0000000..6d86245 --- /dev/null +++ b/VMess-Websocket-TLS/config_server.json @@ -0,0 +1,53 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "block" + } + ] + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 1234, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "" + } + ] + }, + "streamSettings": { + "network": "ws", + "security": "tls", + "tlsSettings": { + "certificates": [ + { + "certificateFile": "/path/to/certificate.crt", + "keyFile": "/path/to/key.key" + } + ] + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ] +} diff --git a/VMess-Websocket/config_client.json b/VMess-Websocket/config_client.json new file mode 100644 index 0000000..07d11a2 --- /dev/null +++ b/VMess-Websocket/config_client.json @@ -0,0 +1,60 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "direct" + } + ] + }, + "inbounds": [ + { + "listen": "127.0.0.1", + "port": "1080", + "protocol": "socks", + "settings": { + "auth": "noauth", + "udp": true, + "ip": "127.0.0.1" + } + }, + { + "listen": "127.0.0.1", + "port": "1081", + "protocol": "http" + } + ], + "outbounds": [ + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "", + "port": 1234, + "users": [ + { + "id": "" + } + ] + } + ] + }, + "streamSettings": { + "network": "ws" + }, + "tag": "proxy" + }, + { + "protocol": "freedom", + "tag": "direct" + } + ] +} diff --git a/VMess-Websocket/config_server.json b/VMess-Websocket/config_server.json new file mode 100644 index 0000000..3a6bba7 --- /dev/null +++ b/VMess-Websocket/config_server.json @@ -0,0 +1,45 @@ +{ + "log": { + "loglevel": "warning" + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "block" + } + ] + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 1234, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "" + } + ] + }, + "streamSettings": { + "network": "ws", + "security": "none" + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ] +} diff --git a/VMess-mKCPSeed/config_client.json b/VMess-mKCPSeed/config_client.json new file mode 100644 index 0000000..a7ef6cd --- /dev/null +++ b/VMess-mKCPSeed/config_client.json @@ -0,0 +1,40 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 1080, + "listen": "127.0.0.1", + "protocol": "socks", + "settings": { + "udp": true + } + } + ], + "outbounds": [ + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "{{ host }}", + "port": "{{ port }}", + "users": [ + { + "id": "{{ uuid }}", + "encryption": "none" + } + ] + } + ] + }, + "streamSettings": { + "network": "kcp", + "kcpSettings": { + "seed": "{{ seed }}" + } + } + } + ] +} \ No newline at end of file diff --git a/VMess-mKCPSeed/config_server.json b/VMess-mKCPSeed/config_server.json new file mode 100644 index 0000000..5d72033 --- /dev/null +++ b/VMess-mKCPSeed/config_server.json @@ -0,0 +1,26 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "protocol": "vmess", + "port": "{{ port }}", + "settings": { + "decryption":"none", + "clients": [ + {"id": "{{ }}"} + ] + }, + "streamSettings": { + "network": "kcp", + "kcpSettings": { + "seed": "{{ seed }}" + } + } + } + ], + "outbounds": [ + {"protocol": "freedom"} + ] +}