mirror of
https://github.com/XTLS/Xray-examples.git
synced 2024-11-24 09:31:29 +00:00
Vision配置示例更新 (#128)
* Update config_client.json * Update config_server.json * Update config_server.json * Update config_server.json * Update config_server.json * Create nginx.conf * Create README.md
This commit is contained in:
parent
ae379bf770
commit
ad496cb607
16
VLESS-TCP-XTLS-Vision/README.md
Normal file
16
VLESS-TCP-XTLS-Vision/README.md
Normal file
|
@ -0,0 +1,16 @@
|
|||
:+1:**XTLS Vision [简介](https://github.com/XTLS/Xray-core/discussions/1295)**
|
||||
|
||||
**使用提醒:**
|
||||
|
||||
:exclamation:相对于 XTLS Vision 的使用基数,目前几乎没有收到 **配置正确** 的 Vision 被封端口的报告,**配置正确** 指的是:
|
||||
|
||||
1. 服务端使用合理的端口,禁回国流量
|
||||
2. 只配置 XTLS Vision,不兼容普通 TLS 代理
|
||||
3. 回落到网页,不回落/分流到其它代理协议
|
||||
4. 客户端启用 uTLS(fingerprint) [#1](https://github.com/XTLS/Xray-core/issues/1544#issuecomment-1399194727)
|
||||
|
||||
首先,如果你特别不想被封,**请先选择一个干净的 IP**,并按照 **配置正确** 去搭建、使用 XTLS Vision。
|
||||
|
||||
**但是,即使你这样做了,也无法保证 100% 不被封**。自去年底始,很多人的未知流量秒封 IP,TLS in TLS 流量隔天封端口。XTLS Vision 不是未知流量,且完整处理了 TLS in TLS 特征,目前看来效果显著。**但这并不意味着,用 XTLS Vision 可以 100% 不被封,认识到这一点是非常、非常重要的,不要自己偶然被封就大惊小怪**。
|
||||
|
||||
**因为除了协议本身,还有很多角度能封你**。以 IP 为例,你无法保证 IP 真的干净,无法避免被邻居波及,无法避免整个 IP 段被重点拉清单。也有可能某些地区的 GFW 有独特的标准,比如某个 IP 只有寥寥数人访问连却能跑那么多流量,封。**如果你的 XTLS Vision 被封了,但没有出现去年底 TLS 那样的大规模被封报告,我真心建议你换端口、换 IP、换服务商依次试一遍**。 [#2](https://github.com/XTLS/Xray-core/issues/1544#issuecomment-1402118517)
|
|
@ -25,8 +25,8 @@
|
|||
},
|
||||
"inbounds": [
|
||||
{
|
||||
"listen": "127.0.0.1",
|
||||
"port": 10808, // v2rayN 本地监听端口
|
||||
"listen": "127.0.0.1", // 填 0.0.0.0 表示允许来自局域网的连接
|
||||
"port": 10808, // v2rayN 本地socks监听端口
|
||||
"protocol": "socks",
|
||||
"settings": {
|
||||
"udp": true
|
||||
|
@ -40,8 +40,8 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"listen": "127.0.0.1",
|
||||
"port": 10809, // v2rayN 本地监听端口
|
||||
"listen": "127.0.0.1", // 填 "0.0.0.0" 表示允许来自局域网的连接
|
||||
"port": 10809, // v2rayN 本地http监听端口
|
||||
"protocol": "http",
|
||||
"sniffing": {
|
||||
"enabled": true,
|
||||
|
@ -58,11 +58,11 @@
|
|||
"settings": {
|
||||
"vnext": [
|
||||
{
|
||||
"address": "", // VPS的IP
|
||||
"port": 16387, // VPS的端口
|
||||
"address": "", // 地址,服务端的域名或IP
|
||||
"port": 443, // 端口,与服务端一致
|
||||
"users": [
|
||||
{
|
||||
"id": "", // 用户ID
|
||||
"id": "", // 用户ID,与服务端一致
|
||||
"encryption": "none",
|
||||
"flow": "xtls-rprx-vision"
|
||||
}
|
||||
|
@ -74,9 +74,9 @@
|
|||
"network": "tcp",
|
||||
"security": "tls",
|
||||
"tlsSettings": {
|
||||
"serverName": "", // 证书中包含的域名
|
||||
"serverName": "", // SNI,如果"address"填的是服务端的域名,可留空,如果"address"填的是服务端的IP,此处填服务端的证书中包含的域名
|
||||
"allowInsecure": false,
|
||||
"fingerprint": "chrome" // 通过 uTLS 库 模拟 Chrome / Firefox / Safari 或随机生成的指纹
|
||||
"fingerprint": "chrome" // 用于配置指定 TLS Client Hello 的指纹,Xray 将通过 uTLS 库 模拟 TLS 指纹,或随机生成
|
||||
}
|
||||
},
|
||||
"tag": "proxy"
|
||||
|
@ -84,6 +84,10 @@
|
|||
{
|
||||
"protocol": "freedom",
|
||||
"tag": "direct"
|
||||
},
|
||||
{
|
||||
"protocol": "blackhole",
|
||||
"tag": "block"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -16,26 +16,40 @@
|
|||
},
|
||||
"inbounds": [
|
||||
{
|
||||
"listen": "0.0.0.0",
|
||||
"port": 16387, // 端口
|
||||
"listen": "0.0.0.0", // "0.0.0.0" 表示同时监听IPv4和IPv6
|
||||
"port": 443, // 服务端监听的端口
|
||||
"protocol": "vless",
|
||||
"settings": {
|
||||
"clients": [
|
||||
{
|
||||
"id": "", // 用户ID
|
||||
"id": "", // 用户ID,执行 xray uuid 生成,或 1-30 字节的字符串
|
||||
"flow": "xtls-rprx-vision"
|
||||
}
|
||||
],
|
||||
"decryption": "none"
|
||||
"decryption": "none",
|
||||
"fallbacks": [
|
||||
{
|
||||
"dest": "8001",
|
||||
"xver": 1
|
||||
},
|
||||
{
|
||||
"alpn": "h2",
|
||||
"dest": "8002",
|
||||
"xver": 1
|
||||
}
|
||||
]
|
||||
},
|
||||
"streamSettings": {
|
||||
"network": "tcp",
|
||||
"security": "tls",
|
||||
"tlsSettings": {
|
||||
"rejectUnknownSni": true,
|
||||
"minVersion": "1.2",
|
||||
"certificates": [
|
||||
{
|
||||
"certificateFile": "/etc/ssl/private/fullchain.cer", // 证书
|
||||
"keyFile": "/etc/ssl/private/private.key" //私钥
|
||||
"ocspStapling": 3600,
|
||||
"certificateFile": "/etc/ssl/private/fullchain.cer", // 证书文件,建议用fullchain(全SSL证书链),若只有网站证书,会出现v2rayN能使用,v2rayNG不能使用的情况,通常不区分扩展名
|
||||
"keyFile": "/etc/ssl/private/private.key" // 私钥文件
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -58,5 +72,12 @@
|
|||
"protocol": "blackhole",
|
||||
"tag": "block"
|
||||
}
|
||||
]
|
||||
],
|
||||
"policy": {
|
||||
"levels": {
|
||||
"0": {
|
||||
"handshake": 2, // 连接建立时的握手时间限制,单位为秒,默认值为 4,建议与默认值不同
|
||||
"connIdle": 120 // 连接空闲的时间限制,单位为秒,默认值为 300,建议与默认值不同
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
69
VLESS-TCP-XTLS-Vision/nginx.conf
Normal file
69
VLESS-TCP-XTLS-Vision/nginx.conf
Normal file
|
@ -0,0 +1,69 @@
|
|||
user nginx;
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log notice;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
"" close;
|
||||
}
|
||||
|
||||
map $proxy_protocol_addr $proxy_forwarded_elem {
|
||||
~^[0-9.]+$ "for=$proxy_protocol_addr";
|
||||
~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\"";
|
||||
default "for=unknown";
|
||||
}
|
||||
|
||||
map $http_forwarded $proxy_add_forwarded {
|
||||
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
|
||||
default "$proxy_forwarded_elem";
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 127.0.0.1:8001 proxy_protocol;
|
||||
listen 127.0.0.1:8002 http2 proxy_protocol;
|
||||
set_real_ip_from 127.0.0.1;
|
||||
|
||||
location / {
|
||||
sub_filter $proxy_host $host;
|
||||
sub_filter_once off;
|
||||
|
||||
proxy_pass https://www.lovelive-anime.jp;
|
||||
proxy_set_header Host $proxy_host;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header X-Real-IP $proxy_protocol_addr;
|
||||
proxy_set_header Forwarded $proxy_add_forwarded;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
||||
|
||||
resolver 1.1.1.1;
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue