Vision配置示例更新 (#128)

* Update config_client.json

* Update config_server.json

* Update config_server.json

* Update config_server.json

* Update config_server.json

* Create nginx.conf

* Create README.md
This commit is contained in:
chika0801 2023-03-07 12:57:12 +08:00 committed by GitHub
parent ae379bf770
commit ad496cb607
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 126 additions and 16 deletions

View file

@ -0,0 +1,16 @@
:+1:**XTLS Vision [简介](https://github.com/XTLS/Xray-core/discussions/1295)**
**使用提醒:**
:exclamation:相对于 XTLS Vision 的使用基数,目前几乎没有收到 **配置正确** 的 Vision 被封端口的报告,**配置正确** 指的是:
1. 服务端使用合理的端口,禁回国流量
2. 只配置 XTLS Vision不兼容普通 TLS 代理
3. 回落到网页,不回落/分流到其它代理协议
4. 客户端启用 uTLSfingerprint [#1](https://github.com/XTLS/Xray-core/issues/1544#issuecomment-1399194727)
首先,如果你特别不想被封,**请先选择一个干净的 IP**,并按照 **配置正确** 去搭建、使用 XTLS Vision。
**但是,即使你这样做了,也无法保证 100% 不被封**。自去年底始,很多人的未知流量秒封 IPTLS in TLS 流量隔天封端口。XTLS Vision 不是未知流量,且完整处理了 TLS in TLS 特征,目前看来效果显著。**但这并不意味着,用 XTLS Vision 可以 100% 不被封,认识到这一点是非常、非常重要的,不要自己偶然被封就大惊小怪**。
**因为除了协议本身,还有很多角度能封你**。以 IP 为例,你无法保证 IP 真的干净,无法避免被邻居波及,无法避免整个 IP 段被重点拉清单。也有可能某些地区的 GFW 有独特的标准,比如某个 IP 只有寥寥数人访问连却能跑那么多流量,封。**如果你的 XTLS Vision 被封了,但没有出现去年底 TLS 那样的大规模被封报告,我真心建议你换端口、换 IP、换服务商依次试一遍**。 [#2](https://github.com/XTLS/Xray-core/issues/1544#issuecomment-1402118517)

View file

@ -25,8 +25,8 @@
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10808, // v2rayN
"listen": "127.0.0.1", // 0.0.0.0
"port": 10808, // v2rayN socks
"protocol": "socks",
"settings": {
"udp": true
@ -40,8 +40,8 @@
}
},
{
"listen": "127.0.0.1",
"port": 10809, // v2rayN
"listen": "127.0.0.1", // "0.0.0.0"
"port": 10809, // v2rayN http
"protocol": "http",
"sniffing": {
"enabled": true,
@ -58,11 +58,11 @@
"settings": {
"vnext": [
{
"address": "", // VPSIP
"port": 16387, // VPS
"address": "", // IP
"port": 443, //
"users": [
{
"id": "", // ID
"id": "", // ID
"encryption": "none",
"flow": "xtls-rprx-vision"
}
@ -74,9 +74,9 @@
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "", //
"serverName": "", // SNI"address""address"IP
"allowInsecure": false,
"fingerprint": "chrome" // uTLS Chrome / Firefox / Safari
"fingerprint": "chrome" // TLS Client Hello Xray uTLS TLS
}
},
"tag": "proxy"
@ -84,6 +84,10 @@
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}

View file

@ -16,26 +16,40 @@
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 16387, //
"listen": "0.0.0.0", // "0.0.0.0" IPv4IPv6
"port": 443, //
"protocol": "vless",
"settings": {
"clients": [
{
"id": "", // ID
"id": "", // ID xray uuid 1-30
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
"decryption": "none",
"fallbacks": [
{
"dest": "8001",
"xver": 1
},
{
"alpn": "h2",
"dest": "8002",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.2",
"certificates": [
{
"certificateFile": "/etc/ssl/private/fullchain.cer", //
"keyFile": "/etc/ssl/private/private.key" //
"ocspStapling": 3600,
"certificateFile": "/etc/ssl/private/fullchain.cer", // fullchainSSLv2rayN使v2rayNG使
"keyFile": "/etc/ssl/private/private.key" //
}
]
}
@ -58,5 +72,12 @@
"protocol": "blackhole",
"tag": "block"
}
]
],
"policy": {
"levels": {
"0": {
"handshake": 2, // 4
"connIdle": 120 // 300
}
}
}

View file

@ -0,0 +1,69 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log main;
map $http_upgrade $connection_upgrade {
default upgrade;
"" close;
}
map $proxy_protocol_addr $proxy_forwarded_elem {
~^[0-9.]+$ "for=$proxy_protocol_addr";
~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\"";
default "for=unknown";
}
map $http_forwarded $proxy_add_forwarded {
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
default "$proxy_forwarded_elem";
}
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 127.0.0.1:8001 proxy_protocol;
listen 127.0.0.1:8002 http2 proxy_protocol;
set_real_ip_from 127.0.0.1;
location / {
sub_filter $proxy_host $host;
sub_filter_once off;
proxy_pass https://www.lovelive-anime.jp;
proxy_set_header Host $proxy_host;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_ssl_server_name on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header Forwarded $proxy_add_forwarded;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
resolver 1.1.1.1;
}
}
}