Add VLESS-TCP-REALITY(Without being stolen)

This commit is contained in:
风扇滑翔翼 2024-10-20 12:05:33 +00:00 committed by GitHub
parent bebf51e5f7
commit c6ec3122f5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 154 additions and 0 deletions

View file

@ -0,0 +1,5 @@
# 不会被偷跑流量的 REALITY
一个老生常谈的问题,对于非法请求, reality都会无脑转发流量去dest如果reality的dest指向一个cloudflare网站那么相当于服务端变成了CF的端口转发任何人扫过来都可以拿来嫖。
目前的解决办法是不要使用这类的网站作为 dest, 懂一点的会告诉你用 nginx 的 stream 滤一遍 SNI 并丢掉非法请求,但是其实 Xray 本身就支持这种操作,这也是这个模板的原理

View file

@ -0,0 +1,56 @@
// 直接从其他示例里 copy 过来的,客户端不需要任何特殊修改,要填的东西也一致
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10808,
"protocol": "socks",
"settings": {
"udp": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
],
"routeOnly": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "127.0.0.1",
"port": 443,
"users": [
{
"id": "", // Needs to match server side
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"fingerprint": "chrome",
"serverName": "speed.cloudflare.com",
"publicKey": "",
"spiderX": "",
"shortId": ""
}
},
"tag": "proxy"
}
]
}

View file

@ -0,0 +1,93 @@
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"tag": "dokodemo-in",
"port": 443,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1",
"port": 4431, // 指向内网中的 reality 端口,示例是这个端口,如果要自己修改了记得这里和下面的 reality 入站都要修改
"network": "tcp"
},
"sniffing": { // 这里的 sniffing 不是多余的,别乱动
"enabled": true,
"destOverride": [
"tls"
],
"routeOnly": true
}
},
{
"listen": "127.0.0.1",
"port": 4431, // 见上 如果和其他服务冲突了可以换
"protocol": "vless",
"settings": {
"clients": [
{
"id": "" // uuid
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
// 下方要求和普通 reality 一致,这里演示 dest 设置为 cloudflare 不被偷跑流量所以设置为 speed.cloudflare.com 了
// 你可以设置为其他 CF 网站,如果你的 dest 不是这种网站你也不用点了进来不是吗
"dest": "speed.cloudflare.com:443",
"serverNames": [
"speed.cloudflare.com"
],
"privateKey": "", // 运行 `xray x25519` 生成
"shortIds": [
"",
"0123456789abcdef"
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
],
"routeOnly": true
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "blcok"
}
],
"routing": {
"rules": [
{
"inboundTag": [
"dokodemo-in"
],
// 重要,这个域名列表需要和 realitySettings 的 serverNames 保持一致
"domain": [
"speed.cloudflare.com"
],
"outboundTag": "direct"
},
{
"inboundTag": [
"dokodemo-in"
],
"outboundTag": "blcok"
}
]
}
}