mirror of
https://github.com/XTLS/Xray-examples.git
synced 2024-11-08 18:13:13 +00:00
Add VLESS-TCP-REALITY(Without being stolen)
This commit is contained in:
parent
bebf51e5f7
commit
c6ec3122f5
5
VLESS-TCP-REALITY(Without being stolen)/README.md
Normal file
5
VLESS-TCP-REALITY(Without being stolen)/README.md
Normal file
|
@ -0,0 +1,5 @@
|
|||
# 不会被偷跑流量的 REALITY
|
||||
|
||||
一个老生常谈的问题,对于非法请求, reality都会无脑转发流量去dest,如果reality的dest指向一个cloudflare网站,那么相当于服务端变成了CF的端口转发,任何人扫过来都可以拿来嫖。
|
||||
|
||||
目前的解决办法是不要使用这类的网站作为 dest, 懂一点的会告诉你用 nginx 的 stream 滤一遍 SNI 并丢掉非法请求,但是其实 Xray 本身就支持这种操作,这也是这个模板的原理
|
56
VLESS-TCP-REALITY(Without being stolen)/config_client.jsonc
Normal file
56
VLESS-TCP-REALITY(Without being stolen)/config_client.jsonc
Normal file
|
@ -0,0 +1,56 @@
|
|||
// 直接从其他示例里 copy 过来的,客户端不需要任何特殊修改,要填的东西也一致
|
||||
{
|
||||
"log": {
|
||||
"loglevel": "debug"
|
||||
},
|
||||
"inbounds": [
|
||||
{
|
||||
"listen": "127.0.0.1",
|
||||
"port": 10808,
|
||||
"protocol": "socks",
|
||||
"settings": {
|
||||
"udp": true
|
||||
},
|
||||
"sniffing": {
|
||||
"enabled": true,
|
||||
"destOverride": [
|
||||
"http",
|
||||
"tls",
|
||||
"quic"
|
||||
],
|
||||
"routeOnly": true
|
||||
}
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"protocol": "vless",
|
||||
"settings": {
|
||||
"vnext": [
|
||||
{
|
||||
"address": "127.0.0.1",
|
||||
"port": 443,
|
||||
"users": [
|
||||
{
|
||||
"id": "", // Needs to match server side
|
||||
"encryption": "none"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"streamSettings": {
|
||||
"network": "tcp",
|
||||
"security": "reality",
|
||||
"realitySettings": {
|
||||
"fingerprint": "chrome",
|
||||
"serverName": "speed.cloudflare.com",
|
||||
"publicKey": "",
|
||||
"spiderX": "",
|
||||
"shortId": ""
|
||||
}
|
||||
},
|
||||
"tag": "proxy"
|
||||
}
|
||||
]
|
||||
}
|
93
VLESS-TCP-REALITY(Without being stolen)/config_server.jsonc
Normal file
93
VLESS-TCP-REALITY(Without being stolen)/config_server.jsonc
Normal file
|
@ -0,0 +1,93 @@
|
|||
{
|
||||
"log": {
|
||||
"loglevel": "debug"
|
||||
},
|
||||
"inbounds": [
|
||||
{
|
||||
"tag": "dokodemo-in",
|
||||
"port": 443,
|
||||
"protocol": "dokodemo-door",
|
||||
"settings": {
|
||||
"address": "127.0.0.1",
|
||||
"port": 4431, // 指向内网中的 reality 端口,示例是这个端口,如果要自己修改了记得这里和下面的 reality 入站都要修改
|
||||
"network": "tcp"
|
||||
},
|
||||
"sniffing": { // 这里的 sniffing 不是多余的,别乱动
|
||||
"enabled": true,
|
||||
"destOverride": [
|
||||
"tls"
|
||||
],
|
||||
"routeOnly": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"listen": "127.0.0.1",
|
||||
"port": 4431, // 见上 如果和其他服务冲突了可以换
|
||||
"protocol": "vless",
|
||||
"settings": {
|
||||
"clients": [
|
||||
{
|
||||
"id": "" // uuid
|
||||
}
|
||||
],
|
||||
"decryption": "none"
|
||||
},
|
||||
"streamSettings": {
|
||||
"network": "tcp",
|
||||
"security": "reality",
|
||||
"realitySettings": {
|
||||
// 下方要求和普通 reality 一致,这里演示 dest 设置为 cloudflare 不被偷跑流量所以设置为 speed.cloudflare.com 了
|
||||
// 你可以设置为其他 CF 网站,如果你的 dest 不是这种网站你也不用点了进来不是吗
|
||||
"dest": "speed.cloudflare.com:443",
|
||||
"serverNames": [
|
||||
"speed.cloudflare.com"
|
||||
],
|
||||
"privateKey": "", // 运行 `xray x25519` 生成
|
||||
"shortIds": [
|
||||
"",
|
||||
"0123456789abcdef"
|
||||
]
|
||||
}
|
||||
},
|
||||
"sniffing": {
|
||||
"enabled": true,
|
||||
"destOverride": [
|
||||
"http",
|
||||
"tls",
|
||||
"quic"
|
||||
],
|
||||
"routeOnly": true
|
||||
}
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"protocol": "freedom",
|
||||
"tag": "direct"
|
||||
},
|
||||
{
|
||||
"protocol": "blackhole",
|
||||
"tag": "blcok"
|
||||
}
|
||||
],
|
||||
"routing": {
|
||||
"rules": [
|
||||
{
|
||||
"inboundTag": [
|
||||
"dokodemo-in"
|
||||
],
|
||||
// 重要,这个域名列表需要和 realitySettings 的 serverNames 保持一致
|
||||
"domain": [
|
||||
"speed.cloudflare.com"
|
||||
],
|
||||
"outboundTag": "direct"
|
||||
},
|
||||
{
|
||||
"inboundTag": [
|
||||
"dokodemo-in"
|
||||
],
|
||||
"outboundTag": "blcok"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue