├── README.md ├── VLESS-HTTP2-REALITY ├── README.md ├── config_client.json ├── config_server.json └── config_server_shared_port.json ├── VLESS-SplitHTTP-TLS ├── config_client(HTTP3).json ├── config_client.json ├── config_server.json └── nginx.conf ├── VLESS-Vision-REALITY ├── README.md ├── config_client.json ├── config_server.json ├── nginx_sni_shunting │ ├── config_server.json │ └── nginx.conf └── steal_oneself │ ├── config_server.json │ └── nginx.conf ├── VLESS-Vision-TLS ├── README.md ├── config_client.json ├── config_server.json └── nginx.conf ├── VLESS-WebSocket_or_HTTPUpgrade-TLS ├── HTTPUpgrade_config_client.json ├── HTTPUpgrade_config_server.json ├── WebSocket_config_client.json ├── WebSocket_config_server.json └── nginx.conf ├── VLESS-XHTTP-REALITY └── steal_oneself │ ├── config_client.json │ ├── config_server.json │ └── nginx.conf ├── VLESS-gRPC-REALITY ├── README.md ├── config_client.json ├── config_server.json └── config_server_shared_port.json ├── VLESS-gRPC-TLS ├── README.md ├── config_client.json ├── config_server.json └── nginx.conf ├── self-use ├── nginx_server_vps1.conf ├── xray_server_vps1.json ├── xray_server_vps2.json └── xray_server_vps3.json ├── v2rayNG_custom_local_dns.json ├── v2rayNG_custom_remote_dns.json ├── v2rayN_custom_local_dns.json ├── v2rayN_custom_remote_dns.json ├── warning.md ├── wireguard_for_v1.8.0-v1.8.4.md └── wireguard_for_v1.8.6_or_higher.md /README.md: -------------------------------------------------------------------------------- 1 | ## **配置介绍:** 2 | 3 | | | 无需注册域名 | 解决 TLS in TLS | 自带多路复用 | 通过 CDN 访问 | 4 | | :--- | :---: | :---: | :---: | :---: | 5 | | **VLESS-Vision-REALITY** | :heavy_check_mark: | :heavy_check_mark: | :x: | :x: | 6 | | **VLESS-Vision-TLS** | :x: | :heavy_check_mark: | :x: | :x: | 7 | | **VLESS-gRPC/HTTP2-REALITY** | :heavy_check_mark: | :x: | :heavy_check_mark: | :x: | 8 | | **VLESS-gRPC-TLS** | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | 9 | | **VLESS-WebSocket/HTTPUpgrade-TLS** | :x: | :x: | :x: | :heavy_check_mark: | 10 | 11 | | | 使用 uTLS | 使用 Vision | 服务端 TLS 指纹 | Mux(TCP) | Mux(UDP) | MPTCP | 12 | | :--- | :---: | :---: | :---: | :---: | :---: | :---: | 13 | | **VLESS-Vision-REALITY** | 必选 | 建议使用 | **1** | **2** | :heavy_check_mark: | :heavy_check_mark: | 14 | | **VLESS-Vision-TLS** | 建议使用 | 建议使用 | Go | **2** | :heavy_check_mark: | :heavy_check_mark: | 15 | | **VLESS-gRPC/HTTP2-REALITY** | 必选 | 不能 | **1** | **3** | :heavy_check_mark: | :heavy_check_mark: | 16 | | **VLESS-gRPC-TLS** | 建议使用 | 不能 | Nginx | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | 17 | | **VLESS-WebSocket/HTTPUpgrade-TLS** | 建议使用 | 不能 | Nginx | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | 18 | 19 | **1:** 由 `"dest": "",` 目标网站决定,如偷自己时为Nginx
20 | **2:** 使用Vision时不能
21 | **3:** 自带多路复用 22 | 23 | [**Mux**](https://xtls.github.io/Xray-docs-next/config/outbound.html#muxobject) 24 | 25 | ```jsonc 26 | "mux": { 27 | "enabled": true, // 若打游戏建议 false 28 | "concurrency": -1, // 不使用 Mux(TCP) 29 | "xudpConcurrency": 16, // 使用 Mux(UDP) ,是 UDP over TCP,若使用 Vision,还会加 padding 30 | "xudpProxyUDP443": "reject" 31 | } 32 | ``` 33 | 34 | > Mux 配置只需在客户端启用,服务端自动适配 35 | 36 | [**MPTCP**](https://github.com/XTLS/Xray-core/pull/2520#issuecomment-1711212084) 37 | 38 | ```jsonc 39 | "sockopt": { 40 | "tcpMptcp": true, 41 | "tcpNoDelay": true 42 | } 43 | ``` 44 | 45 | > MPTCP 配置需在客户端,服务端同时启用
46 | > 需要 Xray-core 版本 1.8.6 或更高
47 | > 需要 Linux 内核版本 5.6 或更高 48 | 49 | :+1:**XTLS Vision [原理](https://github.com/XTLS/Xray-core/discussions/1295) [安装指南](https://github.com/chika0801/Xray-install)** 50 | 51 | :+1:**REALITY [设计哲学](https://github.com/XTLS/Xray-core/issues/1689#issuecomment-1439447009) [原理拾零](https://github.com/XTLS/Xray-core/issues/1891#issuecomment-1495439413) [配置说明](https://github.com/XTLS/REALITY#readme)** 52 | 53 | ## **[GUI 客户端](https://github.com/XTLS/Xray-core/blob/main/README.md#gui-clients)** 54 | -------------------------------------------------------------------------------- /VLESS-HTTP2-REALITY/README.md: -------------------------------------------------------------------------------- 1 | ### 注意: 2 | 3 | :exclamation:gRPC/H2 建议在有优化回程路由的VPS上使用。如 CN2-GIA、AS9929/AS10099、CMI/CMIN2、AS4837 等。并且你到VPS之间的延迟越低越好。建议参考 NaïveProxy 的 [Performance Tuning](https://github.com/klzgrad/naiveproxy/wiki/Performance-Tuning) 进行优化。除此以外,可以参考[文档](https://xtls.github.io/Xray-docs-next/config/transports/h2.html#httpobject),使用[健康检查](config_client.json#L56-L57)参数。 4 | 5 | ### v2rayN - V6.19 及以上版本 配置示例 6 | 7 |
点击查看
8 | 9 | | 名称 | 值 | 10 | | :--- | :--- | 11 | | 地址 | 服务端的 IP | 12 | | 端口 | 443 | 13 | | 用户ID | chika | 14 | | 流控 | 留空 | 15 | | 加密方式 | none | 16 | | 传输协议 | h2 | 17 | | 伪装类型 | none | 18 | | 伪装域名 | 留空 | 19 | | 路径 | 留空 | 20 | | 传输层安全 | reality | 21 | | SNI | `www.lovelive-anime.jp` | 22 | | Fingerprint | chrome | 23 | | PublicKey | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 24 | | ShortId | 6ba85179e30d4fc2 | 25 | | SpiderX | 留空 | 26 | 27 |
28 | 29 | ### v2rayNG - V1.8.1 及以上版本 配置示例 30 | 31 |
点击查看
32 | 33 | | 名称 | 值 | 34 | | :--- | :--- | 35 | | 地址 | 服务端的 IP | 36 | | 端口 | 443 | 37 | | 用户ID | chika | 38 | | 流控 | 留空 | 39 | | 加密方式 | none | 40 | | 传输协议 | h2 | 41 | | 伪装类型 | --- | 42 | | 伪装域名 | 留空 | 43 | | path | 留空 | 44 | | 传输层安全 | reality | 45 | | SNI | `www.lovelive-anime.jp` | 46 | | Fingerprint | chrome | 47 | | PublicKey | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 48 | | ShortID | 6ba85179e30d4fc2 | 49 | | SpiderX | 留空 | 50 | 51 |
52 | 53 | ### Shadowrocket - V2.2.31 及以上版本 配置示例 54 | 55 |
点击查看
56 | 57 | | 名称 | 值 | 58 | | :--- | :--- | 59 | | 类型 | VLESS | 60 | | 地址 | 服务端的 IP | 61 | | 端口 | 443 | 62 | | UUID | chika | 63 | | TLS | 选上 | 64 | | XTLS | none | 65 | | 允许不安全 | 不选 | 66 | | SNI | `www.lovelive-anime.jp` | 67 | | ALPN | 留空 | 68 | | 公钥 | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 69 | | 短 ID | 6ba85179e30d4fc2 | 70 | | 传输方式 | | 71 | | 名称 | h2 | 72 | | Host | `www.example.com` | 73 | | 路径 | / | 74 | | 多路复用 | 不选 | 75 | | TCP 快速打开 | 不选 | 76 | | UDP 转发 | 选上 | 77 | | 代理通过 | 不选 | 78 | 79 |
80 | 81 | ### PassWall - V4.61 及以上版本 配置示例 82 | 83 |
点击查看
84 | 85 | | 名称 | 值 | 86 | | :--- | :--- | 87 | | 类型 | Xray | 88 | | 传输协议 | VLESS | 89 | | 地址(支持域名) | 服务端的 IP | 90 | | 端口 | 443 | 91 | | 加密方式 | none | 92 | | ID | chika | 93 | | TLS | 勾上 | 94 | | flow | 停用 | 95 | | REALITY | 勾上 | 96 | | 域名 | `www.lovelive-anime.jp` | 97 | | 公钥 | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 98 | | Short Id | 6ba85179e30d4fc2 | 99 | | Spider X | 留空 | 100 | | 指纹伪造 | chrome | 101 | | 传输协议 | HTTP/2 | 102 | | HTTP/2 主机名 | 留空 | 103 | | HTTP/2 路径 | 留空 | 104 | | 健康检查 | 不勾 | 105 | | MUX | 不勾 | 106 | 107 |
108 | 109 | ### ShadowSocksR Plus+ 配置示例 110 | 111 |
点击查看
112 | 113 | | 名称 | 值 | 114 | | :--- | :--- | 115 | | 服务器节点类型 | V2Ray/Xray | 116 | | V2Ray/XRay 协议 | VLESS | 117 | | 服务器地址 | 服务端的 IP | 118 | | 端口 | 443 | 119 | | Vmess/VLESS ID (UUID) | chika | 120 | | VLESS 加密 | none | 121 | | 传输协议 | HTTP/2 | 122 | | HTTP/2 主机名 | 留空 | 123 | | HTTP/2 路径 | 留空 | 124 | | H2/gRPC 健康检查 | 不勾 | 125 | | TLS | 不勾 | 126 | | REALITY | 勾上 | 127 | | Public key | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 128 | | Short ID | 6ba85179e30d4fc2 | 129 | | spiderX | 留空 | 130 | | 指纹伪造 | chrome | 131 | | TLS 主机名 | `www.lovelive-anime.jp` | 132 | | Mux | 不勾 | 133 | | 启用自动切换 | 不勾 | 134 | | 本地端口 | 1234 | 135 | 136 |
137 | 138 | ### HomeProxy 配置示例 139 | 140 |
点击查看
141 | 142 | | 名称 | 值 | 143 | | :--- | :--- | 144 | | 类型 | VLESS | 145 | | 地址 | 服务端的 IP | 146 | | 端口 | 443 | 147 | | UUID | chika | 148 | | 流控 | 无 | 149 | | 传输层 | HTTP | 150 | | 主机 | `www.example.com` | 151 | | 路径 | 留空 | 152 | | 方式 | 未指定 | 153 | | 空闲超时 | 留空 | 154 | | Ping 超时 | 留空 | 155 | | 数据包编码 | Xudp (Xray-core) | 156 | | 多路复用 | 不勾 | 157 | | TLS | 勾上 | 158 | | TLS SNI | `www.lovelive-anime.jp` | 159 | | TLS ALPN | 留空 | 160 | | 允许不安全连接 | 不勾 | 161 | | 最低 TLS 版本 | 默认 | 162 | | 最大 TLS 版本 | 默认 | 163 | | 密码套件 | -- 请选择 -- | 164 | | 追加自签名证书 | 不勾 | 165 | | uTLS 指纹 | Chrome | 166 | | REALITY | 勾上 | 167 | | REALITY 公钥 | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 168 | | REALITY 标识符 | 6ba85179e30d4fc2 | 169 | | TCP 快速打开 | 不勾 | 170 | | 多路径 TCP(MPTCP) | 不勾 | 171 | | UDP 分片 | 不勾 | 172 | 173 |
174 | -------------------------------------------------------------------------------- /VLESS-HTTP2-REALITY/config_client.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "ip": [ 9 | "geoip:private" 10 | ], 11 | "outboundTag": "direct" 12 | } 13 | ] 14 | }, 15 | "inbounds": [ 16 | { 17 | "listen": "127.0.0.1", 18 | "port": 10808, 19 | "protocol": "socks" 20 | }, 21 | { 22 | "listen": "127.0.0.1", 23 | "port": 10809, 24 | "protocol": "http" 25 | } 26 | ], 27 | "outbounds": [ 28 | { 29 | "protocol": "vless", 30 | "settings": { 31 | "vnext": [ 32 | { 33 | "address": "", 34 | "port": 443, 35 | "users": [ 36 | { 37 | "id": "chika", // 与服务端一致 38 | "encryption": "none" 39 | } 40 | ] 41 | } 42 | ] 43 | }, 44 | "streamSettings": { 45 | "network": "h2", 46 | "security": "reality", 47 | "realitySettings": { 48 | "fingerprint": "chrome", 49 | "serverName": "www.lovelive-anime.jp", // 与服务端一致 50 | "publicKey": "Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw", // 服务端执行 xray x25519 生成,私钥对应的公钥,填 "Public key" 的值 51 | "shortId": "6ba85179e30d4fc2" // 与服务端一致 52 | }, 53 | "httpSettings": { 54 | "host": [], // 与服务端一致 55 | "path": "/", // 与服务端一致 56 | "read_idle_timeout": 60, 57 | "health_check_timeout": 20 58 | } 59 | }, 60 | "tag": "proxy" 61 | }, 62 | { 63 | "protocol": "freedom", 64 | "tag": "direct" 65 | } 66 | ] 67 | } 68 | -------------------------------------------------------------------------------- /VLESS-HTTP2-REALITY/config_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "port": "443", 9 | "network": "udp", 10 | "outboundTag": "block" 11 | } 12 | ] 13 | }, 14 | "inbounds": [ 15 | { 16 | "listen": "0.0.0.0", 17 | "port": 443, 18 | "protocol": "vless", 19 | "settings": { 20 | "clients": [ 21 | { 22 | "id": "chika" // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成 23 | } 24 | ], 25 | "decryption": "none" 26 | }, 27 | "streamSettings": { 28 | "network": "h2", 29 | "security": "reality", 30 | "realitySettings": { 31 | "dest": "www.lovelive-anime.jp:443", // 目标网站最低标准:国外网站,支持 TLSv1.3、X25519 与 H2,域名非跳转用(主域名可能被用于跳转到 www) 32 | "serverNames": [ // 客户端可用的 serverName 列表,暂不支持 * 通配符,在 Chrome 里输入 "dest" 的网址 -> F12 -> 安全 -> F5 -> 主要来源(安全),填证书中 SAN 的值 33 | "www.lovelive-anime.jp", 34 | "lovelive-anime.jp" 35 | ], 36 | "privateKey": "2KZ4uouMKgI8nR-LDJNP1_MHisCJOmKGj9jUjZLncVU", // 执行 xray x25519 生成,填 "Private key" 的值 37 | "shortIds": [ // 客户端可用的 shortId 列表,可用于区分不同的客户端,0 到 f,长度为 2 的倍数,长度上限为 16,可留空,或执行 openssl rand -hex 1到8 生成 38 | "6ba85179e30d4fc2", 39 | "b9" 40 | ] 41 | }, 42 | "httpSettings": { 43 | "host": [], // 若不写此字段或值留空时,将使用默认值 "www.example.com",若设置此字段,需要两端值一致才能连接成功,"host": [""] 不是值留空 44 | "path": "/" // 若不写此字段或值留空时,将使用默认值 "/",若设置此字段,需要两端值一致才能连接成功,"path": "" 不是值留空 45 | } 46 | }, 47 | "sniffing": { 48 | "enabled": true, 49 | "destOverride": [ 50 | "http", 51 | "tls", 52 | "quic" 53 | ] 54 | } 55 | } 56 | ], 57 | "outbounds": [ 58 | { 59 | "protocol": "freedom", 60 | "tag": "direct" 61 | }, 62 | { 63 | "protocol": "blackhole", 64 | "tag": "block" 65 | } 66 | ] 67 | } 68 | -------------------------------------------------------------------------------- /VLESS-HTTP2-REALITY/config_server_shared_port.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "port": "443", 9 | "network": "udp", 10 | "outboundTag": "block" 11 | } 12 | ] 13 | }, 14 | "inbounds": [ 15 | { 16 | "listen": "0.0.0.0", 17 | "port": 443, 18 | "protocol": "vless", 19 | "settings": { 20 | "clients": [ 21 | { 22 | "id": "chika", // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成 23 | "flow": "xtls-rprx-vision" 24 | } 25 | ], 26 | "decryption": "none", 27 | "fallbacks": [ 28 | { 29 | "dest": "8004", 30 | "xver": 1 31 | } 32 | ] 33 | }, 34 | "streamSettings": { 35 | "network": "tcp", 36 | "security": "reality", 37 | "realitySettings": { 38 | "dest": "www.lovelive-anime.jp:443", // 目标网站最低标准:国外网站,支持 TLSv1.3、X25519 与 H2,域名非跳转用(主域名可能被用于跳转到 www) 39 | "serverNames": [ // 客户端可用的 serverName 列表,暂不支持 * 通配符,在 Chrome 里输入 "dest" 的网址 -> F12 -> 安全 -> F5 -> 主要来源(安全),填证书中 SAN 的值 40 | "www.lovelive-anime.jp", 41 | "lovelive-anime.jp" 42 | ], 43 | "privateKey": "2KZ4uouMKgI8nR-LDJNP1_MHisCJOmKGj9jUjZLncVU", // 执行 xray x25519 生成,填 "Private key" 的值 44 | "shortIds": [ // 客户端可用的 shortId 列表,可用于区分不同的客户端,0 到 f,长度为 2 的倍数,长度上限为 16,可留空,或执行 openssl rand -hex 1到8 生成 45 | "6ba85179e30d4fc2", 46 | "b9" 47 | ] 48 | } 49 | }, 50 | "sniffing": { 51 | "enabled": true, 52 | "destOverride": [ 53 | "http", 54 | "tls", 55 | "quic" 56 | ] 57 | } 58 | }, 59 | { 60 | "listen": "127.0.0.1", 61 | "port": 8004, 62 | "protocol": "vless", 63 | "settings": { 64 | "clients": [ 65 | { 66 | "id": "chika" 67 | } 68 | ], 69 | "decryption": "none" 70 | }, 71 | "streamSettings": { 72 | "network": "h2", 73 | "httpSettings": { 74 | "host": [], // 若不写此字段或值留空时,将使用默认值 "www.example.com",若设置此字段,需要两端值一致才能连接成功,"host": [""] 不是值留空 75 | "path": "/" // 若不写此字段或值留空时,将使用默认值 "/",若设置此字段,需要两端值一致才能连接成功,"path": "" 不是值留空 76 | }, 77 | "sockopt": { 78 | "acceptProxyProtocol": true 79 | } 80 | }, 81 | "sniffing": { 82 | "enabled": true, 83 | "destOverride": [ 84 | "http", 85 | "tls", 86 | "quic" 87 | ] 88 | } 89 | } 90 | ], 91 | "outbounds": [ 92 | { 93 | "protocol": "freedom", 94 | "tag": "direct" 95 | }, 96 | { 97 | "protocol": "blackhole", 98 | "tag": "block" 99 | } 100 | ] 101 | } 102 | -------------------------------------------------------------------------------- /VLESS-SplitHTTP-TLS/config_client(HTTP3).json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "ip": [ 9 | "geoip:private" 10 | ], 11 | "outboundTag": "direct" 12 | } 13 | ] 14 | }, 15 | "inbounds": [ 16 | { 17 | "listen": "127.0.0.1", 18 | "port": 10808, 19 | "protocol": "socks" 20 | }, 21 | { 22 | "listen": "127.0.0.1", 23 | "port": 10809, 24 | "protocol": "http" 25 | } 26 | ], 27 | "outbounds": [ 28 | { 29 | "protocol": "vless", 30 | "settings": { 31 | "vnext": [ 32 | { 33 | "address": "", 34 | "port": 443, 35 | "users": [ 36 | { 37 | "id": "chika", // 与服务端一致 38 | "encryption": "none" 39 | } 40 | ] 41 | } 42 | ] 43 | }, 44 | "streamSettings": { 45 | "network": "splithttp", 46 | "splithttpSettings": { 47 | "path": "/lovelive", // 与服务端一致 48 | "host": "chika.example.com" // 若 "address": "" 中填的是 VPS 的 IP,此处必须填 Nginx 配置中 server_name 的值,否则会因在 Nginx 配置中启用了 ssl_reject_handshake 而连接失败 49 | }, 50 | "security": "tls", 51 | "tlsSettings": { 52 | "serverName": "", 53 | "alpn": [ 54 | "h3" 55 | ] 56 | } 57 | }, 58 | "tag": "proxy" 59 | }, 60 | { 61 | "protocol": "freedom", 62 | "tag": "direct" 63 | } 64 | ] 65 | } 66 | -------------------------------------------------------------------------------- /VLESS-SplitHTTP-TLS/config_client.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "ip": [ 9 | "geoip:private" 10 | ], 11 | "outboundTag": "direct" 12 | } 13 | ] 14 | }, 15 | "inbounds": [ 16 | { 17 | "listen": "127.0.0.1", 18 | "port": 10808, 19 | "protocol": "socks" 20 | }, 21 | { 22 | "listen": "127.0.0.1", 23 | "port": 10809, 24 | "protocol": "http" 25 | } 26 | ], 27 | "outbounds": [ 28 | { 29 | "protocol": "vless", 30 | "settings": { 31 | "vnext": [ 32 | { 33 | "address": "", 34 | "port": 443, 35 | "users": [ 36 | { 37 | "id": "chika", // 与服务端一致 38 | "encryption": "none" 39 | } 40 | ] 41 | } 42 | ] 43 | }, 44 | "streamSettings": { 45 | "network": "splithttp", 46 | "splithttpSettings": { 47 | "path": "/lovelive", // 与服务端一致 48 | "host": "chika.example.com" // 若 "address": "" 中填的是 VPS 的 IP,此处必须填 Nginx 配置中 server_name 的值,否则会因在 Nginx 配置中启用了 ssl_reject_handshake 而连接失败 49 | }, 50 | "security": "tls", 51 | "tlsSettings": { 52 | "serverName": "", 53 | "fingerprint": "chrome" 54 | } 55 | }, 56 | "tag": "proxy" 57 | }, 58 | { 59 | "protocol": "freedom", 60 | "tag": "direct" 61 | } 62 | ] 63 | } 64 | -------------------------------------------------------------------------------- /VLESS-SplitHTTP-TLS/config_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "port": "443", 9 | "network": "udp", 10 | "outboundTag": "block" 11 | } 12 | ] 13 | }, 14 | "inbounds": [ 15 | { 16 | "listen": "127.0.0.1", 17 | "port": 8001, 18 | "protocol": "vless", 19 | "settings": { 20 | "clients": [ 21 | { 22 | "id": "chika" // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成 23 | } 24 | ], 25 | "decryption": "none" 26 | }, 27 | "streamSettings": { 28 | "network": "splithttp", 29 | "splithttpSettings": { 30 | "path": "/lovelive" 31 | } 32 | }, 33 | "sniffing": { 34 | "enabled": true, 35 | "destOverride": [ 36 | "http", 37 | "tls", 38 | "quic" 39 | ] 40 | } 41 | } 42 | ], 43 | "outbounds": [ 44 | { 45 | "protocol": "freedom", 46 | "tag": "direct" 47 | }, 48 | { 49 | "protocol": "blackhole", 50 | "tag": "block" 51 | } 52 | ] 53 | } 54 | -------------------------------------------------------------------------------- /VLESS-SplitHTTP-TLS/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | 4 | error_log /var/log/nginx/error.log notice; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | log_format main '[$time_local] $remote_addr "$http_referer" "$http_user_agent"'; 13 | access_log /var/log/nginx/access.log main; 14 | 15 | map $http_upgrade $connection_upgrade { 16 | default upgrade; 17 | "" close; 18 | } 19 | 20 | map $remote_addr $proxy_forwarded_elem { 21 | ~^[0-9.]+$ "for=$remote_addr"; 22 | ~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\""; 23 | default "for=unknown"; 24 | } 25 | 26 | map $http_forwarded $proxy_add_forwarded { 27 | "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; 28 | default "$proxy_forwarded_elem"; 29 | } 30 | 31 | server { 32 | listen 80; 33 | listen [::]:80; 34 | return 301 https://$host$request_uri; 35 | } 36 | 37 | server { 38 | listen 443 ssl default_server; 39 | listen [::]:443 ssl default_server; 40 | 41 | ssl_reject_handshake on; 42 | 43 | ssl_protocols TLSv1.2 TLSv1.3; 44 | 45 | ssl_session_timeout 1h; 46 | ssl_session_cache shared:SSL:10m; 47 | } 48 | 49 | server { 50 | listen 443 ssl; 51 | listen [::]:443 ssl; 52 | http2 on; # This directive appeared in version 1.25.1. Otherwise use it like this. "listen 443 ssl http2; listen [::]:443 ssl http2;" 53 | 54 | listen 443 quic reuseport; 55 | listen [::]:443 quic reuseport; 56 | 57 | # 填 SSL 证书中包含的域名,建议将域名指向服务端的 IP,多个域名以空格分隔 58 | server_name example.com chika.example.com; 59 | 60 | ssl_certificate /etc/ssl/private/fullchain.cer; 61 | ssl_certificate_key /etc/ssl/private/private.key; 62 | 63 | ssl_protocols TLSv1.2 TLSv1.3; 64 | ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305; 65 | ssl_prefer_server_ciphers on; 66 | 67 | ssl_stapling on; 68 | ssl_stapling_verify on; 69 | resolver 1.1.1.1 valid=60s; 70 | resolver_timeout 2s; 71 | 72 | client_header_buffer_size 8k; 73 | 74 | # Nginx 配置中的 location /lovelive 需与 Xray 服务端配置中的 "path": "/lovelive" 一致 75 | location /lovelive { 76 | proxy_pass http://127.0.0.1:8001; 77 | proxy_http_version 1.1; 78 | proxy_request_buffering off; 79 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 80 | proxy_redirect off; 81 | } 82 | 83 | # 反向代理配置由 https://www.digitalocean.com/community/tools/nginx 生成 84 | location / { 85 | sub_filter $proxy_host $host; 86 | sub_filter_once off; 87 | 88 | set $website www.lovelive-anime.jp; 89 | proxy_pass https://$website; 90 | resolver 1.1.1.1; 91 | 92 | proxy_set_header Host $proxy_host; 93 | 94 | proxy_http_version 1.1; 95 | proxy_cache_bypass $http_upgrade; 96 | 97 | proxy_ssl_server_name on; 98 | 99 | proxy_set_header Upgrade $http_upgrade; 100 | proxy_set_header Connection $connection_upgrade; 101 | proxy_set_header X-Real-IP $remote_addr; 102 | proxy_set_header Forwarded $proxy_add_forwarded; 103 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 104 | proxy_set_header X-Forwarded-Proto $scheme; 105 | proxy_set_header X-Forwarded-Host $host; 106 | proxy_set_header X-Forwarded-Port $server_port; 107 | 108 | proxy_connect_timeout 60s; 109 | proxy_send_timeout 60s; 110 | proxy_read_timeout 60s; 111 | } 112 | } 113 | } 114 | -------------------------------------------------------------------------------- /VLESS-Vision-REALITY/README.md: -------------------------------------------------------------------------------- 1 | ### v2rayN - V6.19 及以上版本 配置示例 2 | 3 |
点击查看
4 | 5 | | 名称 | 值 | 6 | | :--- | :--- | 7 | | 地址 | 服务端的 IP | 8 | | 端口 | 443 | 9 | | 用户ID | chika | 10 | | 流控 | xtls-rprx-vision | 11 | | 加密方式 | none | 12 | | 传输协议 | tcp | 13 | | 伪装类型 | none | 14 | | 伪装域名 | 留空 | 15 | | 路径 | 留空 | 16 | | 传输层安全 | reality | 17 | | SNI | `www.lovelive-anime.jp` | 18 | | Fingerprint | chrome | 19 | | PublicKey | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 20 | | ShortId | 6ba85179e30d4fc2 | 21 | | SpiderX | 留空 | 22 | 23 |
24 | 25 | ### v2rayNG - V1.8.1 及以上版本 配置示例 26 | 27 |
点击查看
28 | 29 | | 名称 | 值 | 30 | | :--- | :--- | 31 | | 地址 | 服务端的 IP | 32 | | 端口 | 443 | 33 | | 用户ID | chika | 34 | | 流控 | xtls-rprx-vision | 35 | | 加密方式 | none | 36 | | 传输协议 | tcp | 37 | | 伪装类型 | none | 38 | | 伪装域名 | 留空 | 39 | | path | 留空 | 40 | | 传输层安全 | reality | 41 | | SNI | `www.lovelive-anime.jp` | 42 | | Fingerprint | chrome | 43 | | PublicKey | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 44 | | ShortID | 6ba85179e30d4fc2 | 45 | | SpiderX | 留空 | 46 | 47 |
48 | 49 | ### Shadowrocket - V2.2.31 及以上版本 配置示例 50 | 51 |
点击查看
52 | 53 | | 名称 | 值 | 54 | | :--- | :--- | 55 | | 类型 | VLESS | 56 | | 地址 | 服务端的 IP | 57 | | 端口 | 443 | 58 | | UUID | chika | 59 | | TLS | 选上 | 60 | | XTLS | xtls-rprx-vision | 61 | | 允许不安全 | 不选 | 62 | | SNI | `www.lovelive-anime.jp` | 63 | | ALPN | 留空 | 64 | | 公钥 | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 65 | | 短 ID | 6ba85179e30d4fc2 | 66 | | 传输方式 | none | 67 | | 多路复用 | 不选 | 68 | | TCP 快速打开 | 不选 | 69 | | UDP 转发 | 选上 | 70 | | 代理通过 | 不选 | 71 | 72 |
73 | 74 | ### PassWall - V4.61 及以上版本 配置示例 75 | 76 |
点击查看
77 | 78 | | 名称 | 值 | 79 | | :--- | :--- | 80 | | 类型 | Xray | 81 | | 传输协议 | VLESS | 82 | | 地址(支持域名) | 服务端的 IP | 83 | | 端口 | 443 | 84 | | 加密方式 | none | 85 | | ID | chika | 86 | | TLS | 勾上 | 87 | | flow | xtls-rprx-vision | 88 | | REALITY | 勾上 | 89 | | 域名 | `www.lovelive-anime.jp` | 90 | | 公钥 | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 91 | | Short Id | 6ba85179e30d4fc2 | 92 | | Spider X | 留空 | 93 | | 指纹伪造 | chrome | 94 | | 传输协议 | TCP | 95 | | 伪装类型 | none | 96 | 97 |
98 | 99 | ### ShadowSocksR Plus+ 配置示例 100 | 101 |
点击查看
102 | 103 | | 名称 | 值 | 104 | | :--- | :--- | 105 | | 服务器节点类型 | V2Ray/Xray | 106 | | V2Ray/XRay 协议 | VLESS | 107 | | 服务器地址 | 服务端的 IP | 108 | | 端口 | 443 | 109 | | Vmess/VLESS ID (UUID) | chika | 110 | | VLESS 加密 | none | 111 | | 传输协议 | TCP | 112 | | 伪装类型 | 无 | 113 | | TLS | 不勾 | 114 | | REALITY | 勾上 | 115 | | Public key | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 116 | | Short ID | 6ba85179e30d4fc2 | 117 | | spiderX | 留空 | 118 | | 流控(Flow) | xtls-rprx-vision | 119 | | 指纹伪造 | chrome | 120 | | TLS 主机名 | `www.lovelive-anime.jp` | 121 | | Mux | 不勾 | 122 | | 启用自动切换 | 不勾 | 123 | | 本地端口 | 1234 | 124 | 125 |
126 | 127 | ### HomeProxy 配置示例 128 | 129 |
点击查看
130 | 131 | | 名称 | 值 | 132 | | :--- | :--- | 133 | | 类型 | VLESS | 134 | | 地址 | 服务端的 IP | 135 | | 端口 | 443 | 136 | | UUID | chika | 137 | | 流控 | xtls-rprx-vision | 138 | | 传输层 | 无 | 139 | | 数据包编码 | Xudp (Xray-core) | 140 | | 多路复用 | 不勾 | 141 | | TLS | 勾上 | 142 | | TLS SNI | `www.lovelive-anime.jp` | 143 | | TLS ALPN | 留空 | 144 | | 允许不安全连接 | 不勾 | 145 | | 最低 TLS 版本 | 默认 | 146 | | 最大 TLS 版本 | 默认 | 147 | | 密码套件 | -- 请选择 -- | 148 | | 追加自签名证书 | 不勾 | 149 | | uTLS 指纹 | Chrome | 150 | | REALITY | 勾上 | 151 | | REALITY 公钥 | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 152 | | REALITY 标识符 | 6ba85179e30d4fc2 | 153 | | TCP 快速打开 | 不勾 | 154 | | 多路径 TCP(MPTCP) | 不勾 | 155 | | UDP 分片 | 不勾 | 156 | 157 |
158 | -------------------------------------------------------------------------------- /VLESS-Vision-REALITY/config_client.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "ip": [ 9 | "geoip:private" 10 | ], 11 | "outboundTag": "direct" 12 | } 13 | ] 14 | }, 15 | "inbounds": [ 16 | { 17 | "listen": "127.0.0.1", 18 | "port": 10808, 19 | "protocol": "socks" 20 | }, 21 | { 22 | "listen": "127.0.0.1", 23 | "port": 10809, 24 | "protocol": "http" 25 | } 26 | ], 27 | "outbounds": [ 28 | { 29 | "protocol": "vless", 30 | "settings": { 31 | "vnext": [ 32 | { 33 | "address": "", 34 | "port": 443, 35 | "users": [ 36 | { 37 | "id": "chika", // 与服务端一致 38 | "encryption": "none", 39 | "flow": "xtls-rprx-vision" 40 | } 41 | ] 42 | } 43 | ] 44 | }, 45 | "streamSettings": { 46 | "network": "tcp", 47 | "security": "reality", 48 | "realitySettings": { 49 | "fingerprint": "chrome", 50 | "serverName": "www.lovelive-anime.jp", // 与服务端一致 51 | "publicKey": "Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw", // 服务端执行 xray x25519 生成,私钥对应的公钥,填 "Public key" 的值 52 | "shortId": "6ba85179e30d4fc2" // 与服务端一致 53 | } 54 | }, 55 | "tag": "proxy" 56 | }, 57 | { 58 | "protocol": "freedom", 59 | "tag": "direct" 60 | } 61 | ] 62 | } 63 | -------------------------------------------------------------------------------- /VLESS-Vision-REALITY/config_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "inbounds": [ 6 | { 7 | "listen": "0.0.0.0", 8 | "port": 443, 9 | "protocol": "vless", 10 | "settings": { 11 | "clients": [ 12 | { 13 | "id": "chika", // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成 14 | "flow": "xtls-rprx-vision" 15 | } 16 | ], 17 | "decryption": "none" 18 | }, 19 | "streamSettings": { 20 | "network": "tcp", 21 | "security": "reality", 22 | "realitySettings": { 23 | "dest": "www.lovelive-anime.jp:443", // 目标网站最低标准:国外网站,支持 TLSv1.3、X25519 与 H2,域名非跳转用(主域名可能被用于跳转到 www) 24 | "serverNames": [ // 客户端可用的 serverName 列表,暂不支持 * 通配符,在 Chrome 里输入 "dest" 的网址 -> F12 -> 安全 -> F5 -> 主要来源(安全),填证书中 SAN 的值 25 | "www.lovelive-anime.jp", 26 | "lovelive-anime.jp" 27 | ], 28 | "privateKey": "2KZ4uouMKgI8nR-LDJNP1_MHisCJOmKGj9jUjZLncVU", // 执行 xray x25519 生成,填 "Private key" 的值 29 | "shortIds": [ // 客户端可用的 shortId 列表,可用于区分不同的客户端,0 到 f,长度为 2 的倍数,长度上限为 16,可留空,或执行 openssl rand -hex 1到8 生成 30 | "6ba85179e30d4fc2", 31 | "b9" 32 | ] 33 | } 34 | }, 35 | "sniffing": { 36 | "enabled": true, 37 | "destOverride": [ 38 | "http", 39 | "tls", 40 | "quic" 41 | ] 42 | } 43 | } 44 | ], 45 | "outbounds": [ 46 | { 47 | "protocol": "freedom", 48 | "tag": "direct" 49 | }, 50 | { 51 | "protocol": "blackhole", 52 | "tag": "block" 53 | } 54 | ] 55 | } 56 | -------------------------------------------------------------------------------- /VLESS-Vision-REALITY/nginx_sni_shunting/config_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "inbounds": [ 6 | { 7 | "listen": "127.0.0.1", 8 | "port": 8001, 9 | "protocol": "vless", 10 | "settings": { 11 | "clients": [ 12 | { 13 | "id": "chika", 14 | "flow": "xtls-rprx-vision" 15 | } 16 | ], 17 | "decryption": "none" 18 | }, 19 | "streamSettings": { 20 | "network": "tcp", 21 | "security": "reality", 22 | "realitySettings": { 23 | "dest": "8002", 24 | "xver": 1, // 发送 PROXY protocol 25 | "serverNames": [ 26 | "example.com" // 与 Nginx 配置中的 server_name 一致 27 | ], 28 | "privateKey": "", 29 | "shortIds": [ 30 | "" 31 | ] 32 | }, 33 | "tcpSettings": { 34 | "acceptProxyProtocol": true 35 | } 36 | }, 37 | "sniffing": { 38 | "enabled": true, 39 | "destOverride": [ 40 | "http", 41 | "tls", 42 | "quic" 43 | ] 44 | } 45 | }, 46 | { 47 | "listen": "127.0.0.1", 48 | "port": 8003, 49 | "protocol": "vless", 50 | "settings": { 51 | "clients": [ 52 | { 53 | "id": "chika", 54 | "flow": "xtls-rprx-vision" 55 | } 56 | ], 57 | "decryption": "none" 58 | }, 59 | "streamSettings": { 60 | "network": "tcp", 61 | "security": "reality", 62 | "realitySettings": { 63 | "dest": "8004", 64 | "xver": 1, // 发送 PROXY protocol 65 | "serverNames": [ 66 | "chika.example.com" // 与 Nginx 配置中的 server_name 一致 67 | ], 68 | "privateKey": "", 69 | "shortIds": [ 70 | "" 71 | ] 72 | }, 73 | "tcpSettings": { 74 | "acceptProxyProtocol": true 75 | } 76 | }, 77 | "sniffing": { 78 | "enabled": true, 79 | "destOverride": [ 80 | "http", 81 | "tls", 82 | "quic" 83 | ] 84 | } 85 | } 86 | ], 87 | "outbounds": [ 88 | { 89 | "protocol": "freedom", 90 | "tag": "direct" 91 | }, 92 | { 93 | "protocol": "blackhole", 94 | "tag": "block" 95 | } 96 | ] 97 | } 98 | -------------------------------------------------------------------------------- /VLESS-Vision-REALITY/nginx_sni_shunting/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | 4 | error_log /var/log/nginx/error.log notice; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | stream { 12 | map $ssl_preread_server_name $name { 13 | example.com backend1; 14 | chika.example.com backend2; 15 | default default_backend; 16 | } 17 | 18 | upstream backend1 { 19 | server 127.0.0.1:8001; 20 | } 21 | 22 | upstream backend2 { 23 | server 127.0.0.1:8003; 24 | } 25 | 26 | upstream default_backend { 27 | server 127.0.0.1:8011; 28 | } 29 | 30 | server { 31 | listen 443; 32 | listen [::]:443; 33 | proxy_pass $name; 34 | ssl_preread on; 35 | 36 | proxy_protocol on; 37 | } 38 | } 39 | 40 | http { 41 | log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"'; 42 | access_log /var/log/nginx/access.log main; 43 | 44 | map $http_upgrade $connection_upgrade { 45 | default upgrade; 46 | "" close; 47 | } 48 | 49 | map $proxy_protocol_addr $proxy_forwarded_elem { 50 | ~^[0-9.]+$ "for=$proxy_protocol_addr"; 51 | ~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\""; 52 | default "for=unknown"; 53 | } 54 | 55 | map $http_forwarded $proxy_add_forwarded { 56 | "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; 57 | default "$proxy_forwarded_elem"; 58 | } 59 | 60 | server { 61 | listen 80; 62 | listen [::]:80; 63 | return 301 https://$host$request_uri; 64 | } 65 | 66 | server { 67 | listen 127.0.0.1:8011 ssl proxy_protocol; 68 | 69 | ssl_reject_handshake on; 70 | 71 | ssl_protocols TLSv1.2 TLSv1.3; 72 | } 73 | 74 | server { 75 | listen 127.0.0.1:8002 ssl proxy_protocol; 76 | http2 on; # This directive appeared in version 1.25.1. Otherwise use it like this. "listen 127.0.0.1:8002 ssl http2 proxy_protocol;" 77 | 78 | set_real_ip_from 127.0.0.1; 79 | real_ip_header proxy_protocol; 80 | 81 | ssl_certificate /etc/ssl/private/example.com.cer; 82 | ssl_certificate_key /etc/ssl/private/example.com.key; 83 | 84 | ssl_protocols TLSv1.2 TLSv1.3; 85 | ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305; 86 | ssl_prefer_server_ciphers on; 87 | 88 | ssl_session_timeout 1h; 89 | ssl_session_cache shared:SSL:10m; 90 | 91 | ssl_stapling on; 92 | ssl_stapling_verify on; 93 | resolver 1.1.1.1 valid=60s; 94 | resolver_timeout 2s; 95 | 96 | location / { 97 | sub_filter $proxy_host $host; 98 | sub_filter_once off; 99 | 100 | set $website www.lovelive-anime.jp; 101 | proxy_pass https://$website; 102 | resolver 1.1.1.1; 103 | 104 | proxy_set_header Host $proxy_host; 105 | 106 | proxy_http_version 1.1; 107 | proxy_cache_bypass $http_upgrade; 108 | 109 | proxy_ssl_server_name on; 110 | 111 | proxy_set_header Upgrade $http_upgrade; 112 | proxy_set_header Connection $connection_upgrade; 113 | proxy_set_header X-Real-IP $proxy_protocol_addr; 114 | proxy_set_header Forwarded $proxy_add_forwarded; 115 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 116 | proxy_set_header X-Forwarded-Proto $scheme; 117 | proxy_set_header X-Forwarded-Host $host; 118 | proxy_set_header X-Forwarded-Port $server_port; 119 | 120 | proxy_connect_timeout 60s; 121 | proxy_send_timeout 60s; 122 | proxy_read_timeout 60s; 123 | } 124 | } 125 | 126 | server { 127 | listen 127.0.0.1:8004 ssl proxy_protocol; 128 | http2 on; # This directive appeared in version 1.25.1. Otherwise use it like this. "listen 127.0.0.1:8004 ssl http2 proxy_protocol;" 129 | 130 | set_real_ip_from 127.0.0.1; 131 | real_ip_header proxy_protocol; 132 | 133 | ssl_certificate /etc/ssl/private/chika.example.com.cer; 134 | ssl_certificate_key /etc/ssl/private/chika.example.com.key; 135 | 136 | ssl_protocols TLSv1.2 TLSv1.3; 137 | ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305; 138 | ssl_prefer_server_ciphers on; 139 | 140 | ssl_session_timeout 1h; 141 | ssl_session_cache shared:SSL:10m; 142 | 143 | ssl_stapling on; 144 | ssl_stapling_verify on; 145 | resolver 1.1.1.1 valid=60s; 146 | resolver_timeout 2s; 147 | 148 | location / { 149 | sub_filter $proxy_host $host; 150 | sub_filter_once off; 151 | 152 | set $website www.lovelive-anime.jp; 153 | proxy_pass https://$website; 154 | resolver 1.1.1.1; 155 | 156 | proxy_set_header Host $proxy_host; 157 | 158 | proxy_http_version 1.1; 159 | proxy_cache_bypass $http_upgrade; 160 | 161 | proxy_ssl_server_name on; 162 | 163 | proxy_set_header Upgrade $http_upgrade; 164 | proxy_set_header Connection $connection_upgrade; 165 | proxy_set_header X-Real-IP $proxy_protocol_addr; 166 | proxy_set_header Forwarded $proxy_add_forwarded; 167 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 168 | proxy_set_header X-Forwarded-Proto $scheme; 169 | proxy_set_header X-Forwarded-Host $host; 170 | proxy_set_header X-Forwarded-Port $server_port; 171 | 172 | proxy_connect_timeout 60s; 173 | proxy_send_timeout 60s; 174 | proxy_read_timeout 60s; 175 | } 176 | } 177 | } 178 | -------------------------------------------------------------------------------- /VLESS-Vision-REALITY/steal_oneself/config_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "inbounds": [ 6 | { 7 | "listen": "0.0.0.0", 8 | "port": 443, 9 | "protocol": "vless", 10 | "settings": { 11 | "clients": [ 12 | { 13 | "id": "chika", 14 | "flow": "xtls-rprx-vision" 15 | } 16 | ], 17 | "decryption": "none" 18 | }, 19 | "streamSettings": { 20 | "network": "tcp", 21 | "security": "reality", 22 | "realitySettings": { 23 | "dest": "8001", 24 | "xver": 1, // 发送 PROXY protocol 25 | "serverNames": [ 26 | "example.com", // 与 Nginx 配置中的 server_name 一致 27 | "chika.example.com" 28 | ], 29 | "privateKey": "", 30 | "shortIds": [ 31 | "" 32 | ] 33 | } 34 | }, 35 | "sniffing": { 36 | "enabled": true, 37 | "destOverride": [ 38 | "http", 39 | "tls", 40 | "quic" 41 | ] 42 | } 43 | } 44 | ], 45 | "outbounds": [ 46 | { 47 | "protocol": "freedom", 48 | "tag": "direct" 49 | }, 50 | { 51 | "protocol": "blackhole", 52 | "tag": "block" 53 | } 54 | ] 55 | } 56 | -------------------------------------------------------------------------------- /VLESS-Vision-REALITY/steal_oneself/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | 4 | error_log /var/log/nginx/error.log notice; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"'; 13 | access_log /var/log/nginx/access.log main; 14 | 15 | map $http_upgrade $connection_upgrade { 16 | default upgrade; 17 | "" close; 18 | } 19 | 20 | map $proxy_protocol_addr $proxy_forwarded_elem { 21 | ~^[0-9.]+$ "for=$proxy_protocol_addr"; 22 | ~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\""; 23 | default "for=unknown"; 24 | } 25 | 26 | map $http_forwarded $proxy_add_forwarded { 27 | "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; 28 | default "$proxy_forwarded_elem"; 29 | } 30 | 31 | server { 32 | listen 80; 33 | listen [::]:80; 34 | return 301 https://$host$request_uri; 35 | } 36 | 37 | server { 38 | listen 127.0.0.1:8001 ssl default_server; 39 | 40 | ssl_reject_handshake on; 41 | 42 | ssl_protocols TLSv1.2 TLSv1.3; 43 | 44 | ssl_session_timeout 1h; 45 | ssl_session_cache shared:SSL:10m; 46 | } 47 | 48 | server { 49 | listen 127.0.0.1:8001 ssl proxy_protocol; 50 | http2 on; # This directive appeared in version 1.25.1. Otherwise use it like this. "listen 127.0.0.1:8001 ssl http2 proxy_protocol;" 51 | 52 | set_real_ip_from 127.0.0.1; 53 | real_ip_header proxy_protocol; 54 | 55 | # 填 SSL 证书中包含的域名,建议将域名指向服务端的 IP,多个域名以空格分隔 56 | server_name example.com chika.example.com; 57 | 58 | ssl_certificate /etc/ssl/private/fullchain.cer; 59 | ssl_certificate_key /etc/ssl/private/private.key; 60 | 61 | ssl_protocols TLSv1.2 TLSv1.3; 62 | ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305; 63 | ssl_prefer_server_ciphers on; 64 | 65 | ssl_stapling on; 66 | ssl_stapling_verify on; 67 | resolver 1.1.1.1 valid=60s; 68 | resolver_timeout 2s; 69 | 70 | # 反向代理配置由 https://www.digitalocean.com/community/tools/nginx 生成 71 | location / { 72 | sub_filter $proxy_host $host; 73 | sub_filter_once off; 74 | 75 | set $website www.lovelive-anime.jp; 76 | proxy_pass https://$website; 77 | resolver 1.1.1.1; 78 | 79 | proxy_set_header Host $proxy_host; 80 | 81 | proxy_http_version 1.1; 82 | proxy_cache_bypass $http_upgrade; 83 | 84 | proxy_ssl_server_name on; 85 | 86 | proxy_set_header Upgrade $http_upgrade; 87 | proxy_set_header Connection $connection_upgrade; 88 | proxy_set_header X-Real-IP $proxy_protocol_addr; 89 | proxy_set_header Forwarded $proxy_add_forwarded; 90 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 91 | proxy_set_header X-Forwarded-Proto $scheme; 92 | proxy_set_header X-Forwarded-Host $host; 93 | proxy_set_header X-Forwarded-Port $server_port; 94 | 95 | proxy_connect_timeout 60s; 96 | proxy_send_timeout 60s; 97 | proxy_read_timeout 60s; 98 | } 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /VLESS-Vision-TLS/README.md: -------------------------------------------------------------------------------- 1 | **将 chika.example.com 替换成你的 SSL 证书中包含的域名** 2 | 3 | ### v2rayN - V6.19 及以上版本 配置示例 4 | 5 |
点击查看
6 | 7 | | 名称 | 值 | 8 | | :--- | :--- | 9 | | 地址 | 服务端的 IP | 10 | | 端口 | 443 | 11 | | 用户ID | chika | 12 | | 流控 | xtls-rprx-vision | 13 | | 加密方式 | none | 14 | | 传输协议 | tcp | 15 | | 伪装类型 | none | 16 | | 伪装域名 | 留空 | 17 | | 路径 | 留空 | 18 | | 传输层安全 | tls | 19 | | SNI | chika.example.com | 20 | | Fingerprint | chrome | 21 | | Alpn | 留空 | 22 | | 路过证书验证 | false | 23 | 24 |
25 | 26 | ### v2rayNG - V1.8.1 及以上版本 配置示例 27 | 28 |
点击查看
29 | 30 | | 名称 | 值 | 31 | | :--- | :--- | 32 | | 地址 | 服务端的 IP | 33 | | 端口 | 443 | 34 | | 用户ID | chika | 35 | | 流控 | xtls-rprx-vision | 36 | | 加密方式 | none | 37 | | 传输协议 | tcp | 38 | | 伪装类型 | none | 39 | | 伪装域名 | 留空 | 40 | | path | 留空 | 41 | | 传输层安全 | tls | 42 | | SNI | chika.example.com | 43 | | Fingerprint | chrome | 44 | | Alpn | 留空 | 45 | | 跳过证书验证 | false | 46 | 47 |
48 | 49 | ### Shadowrocket - V2.2.31 及以上版本 配置示例 50 | 51 |
点击查看
52 | 53 | | 名称 | 值 | 54 | | :--- | :--- | 55 | | 类型 | VLESS | 56 | | 地址 | 服务端的 IP | 57 | | 端口 | 443 | 58 | | UUID | chika | 59 | | TLS | 选上 | 60 | | XTLS | xtls-rprx-vision | 61 | | 允许不安全 | 不选 | 62 | | SNI | chika.example.com | 63 | | ALPN | 留空 | 64 | | 公钥 | 留空 | 65 | | 短 ID | 留空 | 66 | | 传输方式 | none | 67 | | 多路复用 | 不选 | 68 | | TCP 快速打开 | 不选 | 69 | | UDP 转发 | 选上 | 70 | | 代理通过 | 不选 | 71 | 72 |
73 | 74 | ### PassWall - V4.61 及以上版本 配置示例 75 | 76 |
点击查看
77 | 78 | | 名称 | 值 | 79 | | :--- | :--- | 80 | | 类型 | Xray | 81 | | 传输协议 | VLESS | 82 | | 地址(支持域名) | 服务端的 IP | 83 | | 端口 | 443 | 84 | | 加密方式 | none | 85 | | ID | chika | 86 | | TLS | 勾上 | 87 | | flow | xtls-rprx-vision | 88 | | REALITY | 不勾 | 89 | | alpn | 默认 | 90 | | 域名 | chika.example.com | 91 | | 允许不安全连接 | 不勾 | 92 | | 指纹伪造 | chrome | 93 | | 传输协议 | TCP | 94 | | 伪装类型 | none | 95 | 96 |
97 | 98 | ### ShadowSocksR Plus+ 配置示例 99 | 100 |
点击查看
101 | 102 | | 名称 | 值 | 103 | | :--- | :--- | 104 | | 服务器节点类型 | V2Ray/Xray | 105 | | V2Ray/XRay 协议 | VLESS | 106 | | 服务器地址 | 服务端的 IP | 107 | | 端口 | 443 | 108 | | Vmess/VLESS ID (UUID) | chika | 109 | | VLESS 加密 | none | 110 | | 传输协议 | TCP | 111 | | 伪装类型 | 无 | 112 | | TLS | 勾上 | 113 | | 流控(Flow) | xtls-rprx-vision | 114 | | 指纹伪造 | chrome | 115 | | TLS 主机名 | chika.example.com | 116 | | TLS ALPN | 留空 | 117 | | 允许不安全连接 | 不勾 | 118 | | Mux | 不勾 | 119 | | 自签证书 | 不勾 | 120 | | 启用自动切换 | 不勾 | 121 | | 本地端口 | 1234 | 122 | 123 |
124 | 125 | ### HomeProxy 配置示例 126 | 127 |
点击查看
128 | 129 | | 名称 | 值 | 130 | | :--- | :--- | 131 | | 类型 | VLESS | 132 | | 地址 | 服务端的 IP | 133 | | 端口 | 443 | 134 | | UUID | chika | 135 | | 流控 | xtls-rprx-vision | 136 | | 传输层 | 无 | 137 | | 数据包编码 | Xudp (Xray-core) | 138 | | 多路复用 | 不勾 | 139 | | TLS | 勾上 | 140 | | TLS SNI | chika.example.com | 141 | | TLS ALPN | 留空 | 142 | | 允许不安全连接 | 不勾 | 143 | | 最低 TLS 版本 | 默认 | 144 | | 最大 TLS 版本 | 默认 | 145 | | 密码套件 | -- 请选择 -- | 146 | | 追加自签名证书 | 不勾 | 147 | | uTLS 指纹 | Chrome | 148 | | REALITY | 不勾 | 149 | | TCP 快速打开 | 不勾 | 150 | | 多路径 TCP(MPTCP) | 不勾 | 151 | | UDP 分片 | 不勾 | 152 | 153 |
154 | -------------------------------------------------------------------------------- /VLESS-Vision-TLS/config_client.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "ip": [ 9 | "geoip:private" 10 | ], 11 | "outboundTag": "direct" 12 | } 13 | ] 14 | }, 15 | "inbounds": [ 16 | { 17 | "listen": "127.0.0.1", 18 | "port": 10808, 19 | "protocol": "socks" 20 | }, 21 | { 22 | "listen": "127.0.0.1", 23 | "port": 10809, 24 | "protocol": "http" 25 | } 26 | ], 27 | "outbounds": [ 28 | { 29 | "protocol": "vless", 30 | "settings": { 31 | "vnext": [ 32 | { 33 | "address": "", 34 | "port": 443, 35 | "users": [ 36 | { 37 | "id": "chika", // 与服务端一致 38 | "encryption": "none", 39 | "flow": "xtls-rprx-vision" 40 | } 41 | ] 42 | } 43 | ] 44 | }, 45 | "streamSettings": { 46 | "network": "tcp", 47 | "security": "tls", 48 | "tlsSettings": { 49 | "serverName": "", 50 | "fingerprint": "chrome" 51 | } 52 | }, 53 | "tag": "proxy" 54 | }, 55 | { 56 | "protocol": "freedom", 57 | "tag": "direct" 58 | } 59 | ] 60 | } 61 | -------------------------------------------------------------------------------- /VLESS-Vision-TLS/config_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "inbounds": [ 6 | { 7 | "listen": "0.0.0.0", 8 | "port": 443, 9 | "protocol": "vless", 10 | "settings": { 11 | "clients": [ 12 | { 13 | "id": "chika", // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成 14 | "flow": "xtls-rprx-vision" 15 | } 16 | ], 17 | "decryption": "none", 18 | "fallbacks": [ 19 | { 20 | "dest": "8001", 21 | "xver": 1 // 发送 PROXY protocol 22 | }, 23 | { 24 | "alpn": "h2", 25 | "dest": "8002", 26 | "xver": 1 // 发送 PROXY protocol 27 | } 28 | ] 29 | }, 30 | "streamSettings": { 31 | "network": "tcp", 32 | "security": "tls", 33 | "tlsSettings": { 34 | "rejectUnknownSni": true, 35 | "minVersion": "1.2", 36 | "certificates": [ 37 | { 38 | "ocspStapling": 3600, 39 | "certificateFile": "/etc/ssl/private/fullchain.cer", 40 | "keyFile": "/etc/ssl/private/private.key" 41 | } 42 | ] 43 | } 44 | }, 45 | "sniffing": { 46 | "enabled": true, 47 | "destOverride": [ 48 | "http", 49 | "tls", 50 | "quic" 51 | ] 52 | } 53 | } 54 | ], 55 | "outbounds": [ 56 | { 57 | "protocol": "freedom", 58 | "tag": "direct" 59 | }, 60 | { 61 | "protocol": "blackhole", 62 | "tag": "block" 63 | } 64 | ] 65 | } 66 | -------------------------------------------------------------------------------- /VLESS-Vision-TLS/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | 4 | error_log /var/log/nginx/error.log notice; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"'; 13 | access_log /var/log/nginx/access.log main; 14 | 15 | map $http_upgrade $connection_upgrade { 16 | default upgrade; 17 | "" close; 18 | } 19 | 20 | map $proxy_protocol_addr $proxy_forwarded_elem { 21 | ~^[0-9.]+$ "for=$proxy_protocol_addr"; 22 | ~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\""; 23 | default "for=unknown"; 24 | } 25 | 26 | map $http_forwarded $proxy_add_forwarded { 27 | "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; 28 | default "$proxy_forwarded_elem"; 29 | } 30 | 31 | server { 32 | listen 127.0.0.1:8001 proxy_protocol; 33 | listen 127.0.0.1:8002 proxy_protocol; 34 | http2 on; # This directive appeared in version 1.25.1. Otherwise use it like this. "listen 127.0.0.1:8002 http2 proxy_protocol;" 35 | 36 | set_real_ip_from 127.0.0.1; 37 | real_ip_header proxy_protocol; 38 | 39 | # 反向代理配置由 https://www.digitalocean.com/community/tools/nginx 生成 40 | location / { 41 | sub_filter $proxy_host $host; 42 | sub_filter_once off; 43 | 44 | set $website www.lovelive-anime.jp; 45 | proxy_pass https://$website; 46 | resolver 1.1.1.1; 47 | 48 | proxy_set_header Host $proxy_host; 49 | 50 | proxy_http_version 1.1; 51 | proxy_cache_bypass $http_upgrade; 52 | 53 | proxy_ssl_server_name on; 54 | 55 | proxy_set_header Upgrade $http_upgrade; 56 | proxy_set_header Connection $connection_upgrade; 57 | proxy_set_header X-Real-IP $proxy_protocol_addr; 58 | proxy_set_header Forwarded $proxy_add_forwarded; 59 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 60 | proxy_set_header X-Forwarded-Proto $scheme; 61 | proxy_set_header X-Forwarded-Host $host; 62 | proxy_set_header X-Forwarded-Port $server_port; 63 | 64 | proxy_connect_timeout 60s; 65 | proxy_send_timeout 60s; 66 | proxy_read_timeout 60s; 67 | } 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /VLESS-WebSocket_or_HTTPUpgrade-TLS/HTTPUpgrade_config_client.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "ip": [ 9 | "geoip:private" 10 | ], 11 | "outboundTag": "direct" 12 | } 13 | ] 14 | }, 15 | "inbounds": [ 16 | { 17 | "listen": "127.0.0.1", 18 | "port": 10808, 19 | "protocol": "socks" 20 | }, 21 | { 22 | "listen": "127.0.0.1", 23 | "port": 10809, 24 | "protocol": "http" 25 | } 26 | ], 27 | "outbounds": [ 28 | { 29 | "protocol": "vless", 30 | "settings": { 31 | "vnext": [ 32 | { 33 | "address": "", 34 | "port": 443, 35 | "users": [ 36 | { 37 | "id": "chika", // 与服务端一致 38 | "encryption": "none" 39 | } 40 | ] 41 | } 42 | ] 43 | }, 44 | "streamSettings": { 45 | "network": "httpupgrade", 46 | "httpupgradeSettings": { 47 | "path": "/lovelive?ed=2560", // 与服务端一致,建议增加 ?ed=2560 以启用 0-RTT 降低延迟 48 | "host": "chika.example.com" // 若 "address": "" 中填的是 VPS 的 IP,此处必须填 Nginx 配置中 server_name 的值,否则会因在 Nginx 配置中启用了 ssl_reject_handshake 而连接失败 49 | }, 50 | "security": "tls", 51 | "tlsSettings": { 52 | "serverName": "", 53 | "fingerprint": "chrome" 54 | } 55 | }, 56 | "tag": "proxy" 57 | }, 58 | { 59 | "protocol": "freedom", 60 | "tag": "direct" 61 | } 62 | ] 63 | } 64 | -------------------------------------------------------------------------------- /VLESS-WebSocket_or_HTTPUpgrade-TLS/HTTPUpgrade_config_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "port": "443", 9 | "network": "udp", 10 | "outboundTag": "block" 11 | } 12 | ] 13 | }, 14 | "inbounds": [ 15 | { 16 | "listen": "127.0.0.1", 17 | "port": 8001, 18 | "protocol": "vless", 19 | "settings": { 20 | "clients": [ 21 | { 22 | "id": "chika" // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成 23 | } 24 | ], 25 | "decryption": "none" 26 | }, 27 | "streamSettings": { 28 | "network": "httpupgrade", 29 | "httpupgradeSettings": { 30 | "path": "/lovelive" 31 | } 32 | }, 33 | "sniffing": { 34 | "enabled": true, 35 | "destOverride": [ 36 | "http", 37 | "tls", 38 | "quic" 39 | ] 40 | } 41 | } 42 | ], 43 | "outbounds": [ 44 | { 45 | "protocol": "freedom", 46 | "tag": "direct" 47 | }, 48 | { 49 | "protocol": "blackhole", 50 | "tag": "block" 51 | } 52 | ] 53 | } 54 | -------------------------------------------------------------------------------- /VLESS-WebSocket_or_HTTPUpgrade-TLS/WebSocket_config_client.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "ip": [ 9 | "geoip:private" 10 | ], 11 | "outboundTag": "direct" 12 | } 13 | ] 14 | }, 15 | "inbounds": [ 16 | { 17 | "listen": "127.0.0.1", 18 | "port": 10808, 19 | "protocol": "socks" 20 | }, 21 | { 22 | "listen": "127.0.0.1", 23 | "port": 10809, 24 | "protocol": "http" 25 | } 26 | ], 27 | "outbounds": [ 28 | { 29 | "protocol": "vless", 30 | "settings": { 31 | "vnext": [ 32 | { 33 | "address": "", 34 | "port": 443, 35 | "users": [ 36 | { 37 | "id": "chika", // 与服务端一致 38 | "encryption": "none" 39 | } 40 | ] 41 | } 42 | ] 43 | }, 44 | "streamSettings": { 45 | "network": "ws", 46 | "wsSettings": { 47 | "path": "/lovelive?ed=2560", // 与服务端一致,建议增加 ?ed=2560 以启用 0-RTT 降低延迟 48 | "host": "chika.example.com" // 若 "address": "" 中填的是 VPS 的 IP,此处必须填 Nginx 配置中 server_name 的值,否则会因在 Nginx 配置中启用了 ssl_reject_handshake 而连接失败 49 | }, 50 | "security": "tls", 51 | "tlsSettings": { 52 | "serverName": "", 53 | "fingerprint": "chrome" 54 | } 55 | }, 56 | "tag": "proxy" 57 | }, 58 | { 59 | "protocol": "freedom", 60 | "tag": "direct" 61 | } 62 | ] 63 | } 64 | -------------------------------------------------------------------------------- /VLESS-WebSocket_or_HTTPUpgrade-TLS/WebSocket_config_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "port": "443", 9 | "network": "udp", 10 | "outboundTag": "block" 11 | } 12 | ] 13 | }, 14 | "inbounds": [ 15 | { 16 | "listen": "127.0.0.1", 17 | "port": 8001, 18 | "protocol": "vless", 19 | "settings": { 20 | "clients": [ 21 | { 22 | "id": "chika" // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成 23 | } 24 | ], 25 | "decryption": "none" 26 | }, 27 | "streamSettings": { 28 | "network": "ws", 29 | "wsSettings": { 30 | "path": "/lovelive" 31 | } 32 | }, 33 | "sniffing": { 34 | "enabled": true, 35 | "destOverride": [ 36 | "http", 37 | "tls", 38 | "quic" 39 | ] 40 | } 41 | } 42 | ], 43 | "outbounds": [ 44 | { 45 | "protocol": "freedom", 46 | "tag": "direct" 47 | }, 48 | { 49 | "protocol": "blackhole", 50 | "tag": "block" 51 | } 52 | ] 53 | } 54 | -------------------------------------------------------------------------------- /VLESS-WebSocket_or_HTTPUpgrade-TLS/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | 4 | error_log /var/log/nginx/error.log notice; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | log_format main '[$time_local] $remote_addr "$http_referer" "$http_user_agent"'; 13 | access_log /var/log/nginx/access.log main; 14 | 15 | map $http_upgrade $connection_upgrade { 16 | default upgrade; 17 | "" close; 18 | } 19 | 20 | map $remote_addr $proxy_forwarded_elem { 21 | ~^[0-9.]+$ "for=$remote_addr"; 22 | ~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\""; 23 | default "for=unknown"; 24 | } 25 | 26 | map $http_forwarded $proxy_add_forwarded { 27 | "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; 28 | default "$proxy_forwarded_elem"; 29 | } 30 | 31 | server { 32 | listen 80; 33 | listen [::]:80; 34 | return 301 https://$host$request_uri; 35 | } 36 | 37 | server { 38 | listen 443 ssl default_server; 39 | listen [::]:443 ssl default_server; 40 | 41 | ssl_reject_handshake on; 42 | 43 | ssl_protocols TLSv1.2 TLSv1.3; 44 | 45 | ssl_session_timeout 1h; 46 | ssl_session_cache shared:SSL:10m; 47 | } 48 | 49 | server { 50 | listen 443 ssl; 51 | listen [::]:443 ssl; 52 | http2 on; # This directive appeared in version 1.25.1. Otherwise use it like this. "listen 443 ssl http2; listen [::]:443 ssl http2;" 53 | 54 | # 填 SSL 证书中包含的域名,建议将域名指向服务端的 IP,多个域名以空格分隔 55 | server_name example.com chika.example.com; 56 | 57 | ssl_certificate /etc/ssl/private/fullchain.cer; 58 | ssl_certificate_key /etc/ssl/private/private.key; 59 | 60 | ssl_protocols TLSv1.2 TLSv1.3; 61 | ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305; 62 | ssl_prefer_server_ciphers on; 63 | 64 | ssl_stapling on; 65 | ssl_stapling_verify on; 66 | resolver 1.1.1.1 valid=60s; 67 | resolver_timeout 2s; 68 | 69 | client_header_buffer_size 8k; 70 | 71 | # Nginx 配置中的 location = /lovelive 需与 Xray 服务端配置中的 "path": "/lovelive" 一致 72 | location = /lovelive { 73 | if ($http_upgrade != "websocket") { 74 | return 404; 75 | } 76 | 77 | proxy_pass http://127.0.0.1:8001; 78 | proxy_http_version 1.1; 79 | proxy_set_header Upgrade $http_upgrade; 80 | proxy_set_header Connection "upgrade"; 81 | proxy_set_header X-Real-IP $remote_addr; 82 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 83 | proxy_set_header Host $host; 84 | proxy_redirect off; 85 | } 86 | 87 | # 反向代理配置由 https://www.digitalocean.com/community/tools/nginx 生成 88 | location / { 89 | sub_filter $proxy_host $host; 90 | sub_filter_once off; 91 | 92 | set $website www.lovelive-anime.jp; 93 | proxy_pass https://$website; 94 | resolver 1.1.1.1; 95 | 96 | proxy_set_header Host $proxy_host; 97 | 98 | proxy_http_version 1.1; 99 | proxy_cache_bypass $http_upgrade; 100 | 101 | proxy_ssl_server_name on; 102 | 103 | proxy_set_header Upgrade $http_upgrade; 104 | proxy_set_header Connection $connection_upgrade; 105 | proxy_set_header X-Real-IP $remote_addr; 106 | proxy_set_header Forwarded $proxy_add_forwarded; 107 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 108 | proxy_set_header X-Forwarded-Proto $scheme; 109 | proxy_set_header X-Forwarded-Host $host; 110 | proxy_set_header X-Forwarded-Port $server_port; 111 | 112 | proxy_connect_timeout 60s; 113 | proxy_send_timeout 60s; 114 | proxy_read_timeout 60s; 115 | } 116 | } 117 | } 118 | -------------------------------------------------------------------------------- /VLESS-XHTTP-REALITY/steal_oneself/config_client.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "ip": [ 9 | "geoip:private" 10 | ], 11 | "outboundTag": "direct" 12 | } 13 | ] 14 | }, 15 | "inbounds": [ 16 | { 17 | "listen": "127.0.0.1", 18 | "port": 10808, 19 | "protocol": "socks" 20 | }, 21 | { 22 | "listen": "127.0.0.1", 23 | "port": 10809, 24 | "protocol": "http" 25 | } 26 | ], 27 | "outbounds": [ 28 | { 29 | "protocol": "vless", 30 | "settings": { 31 | "vnext": [ 32 | { 33 | "address": "", 34 | "port": 443, 35 | "users": [ 36 | { 37 | "id": "chika", // 与服务端一致 38 | "encryption": "none" 39 | } 40 | ] 41 | } 42 | ] 43 | }, 44 | "streamSettings": { 45 | "network": "xhttp", 46 | "xhttpSettings": { 47 | "path": "/lovelive" // 与服务端一致 48 | }, 49 | "security": "reality", 50 | "realitySettings": { 51 | "fingerprint": "chrome", 52 | "serverName": "example.com", // 与服务端一致 53 | "publicKey": "", 54 | "shortId": "" 55 | } 56 | }, 57 | "tag": "proxy" 58 | }, 59 | { 60 | "protocol": "freedom", 61 | "tag": "direct" 62 | } 63 | ] 64 | } 65 | -------------------------------------------------------------------------------- /VLESS-XHTTP-REALITY/steal_oneself/config_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "inbounds": [ 6 | { 7 | "listen": "@xhttp", 8 | "protocol": "vless", 9 | "settings": { 10 | "decryption": "none", 11 | "clients": [ 12 | { 13 | "id": "chika" 14 | } 15 | ] 16 | }, 17 | "streamSettings": { 18 | "network": "xhttp", 19 | "xhttpSettings": { 20 | "path": "/lovelive" 21 | } 22 | }, 23 | "sniffing": { 24 | "enabled": true, 25 | "destOverride": [ 26 | "http", 27 | "tls", 28 | "quic" 29 | ] 30 | } 31 | }, 32 | { 33 | "listen": "0.0.0.0", 34 | "port": 443, 35 | "protocol": "vless", 36 | "settings": { 37 | "decryption": "none", 38 | "fallbacks": [ 39 | { 40 | "dest": "@xhttp" 41 | } 42 | ] 43 | }, 44 | "streamSettings": { 45 | "network": "tcp", 46 | "security": "reality", 47 | "realitySettings": { 48 | "target": "8001", 49 | "xver": 1, // 发送 PROXY protocol 50 | "serverNames": [ 51 | "example.com", // 与 Nginx 配置中的 server_name 一致 52 | "chika.example.com" 53 | 54 | ], 55 | "privateKey": "", 56 | "shortIds": [ 57 | "" 58 | ] 59 | } 60 | } 61 | } 62 | ], 63 | "outbounds": [ 64 | { 65 | "protocol": "freedom", 66 | "tag": "direct" 67 | }, 68 | { 69 | "protocol": "blackhole", 70 | "tag": "block" 71 | } 72 | ] 73 | } 74 | -------------------------------------------------------------------------------- /VLESS-XHTTP-REALITY/steal_oneself/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | 4 | error_log /var/log/nginx/error.log notice; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"'; 13 | access_log /var/log/nginx/access.log main; 14 | 15 | map $http_upgrade $connection_upgrade { 16 | default upgrade; 17 | "" close; 18 | } 19 | 20 | map $proxy_protocol_addr $proxy_forwarded_elem { 21 | ~^[0-9.]+$ "for=$proxy_protocol_addr"; 22 | ~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\""; 23 | default "for=unknown"; 24 | } 25 | 26 | map $http_forwarded $proxy_add_forwarded { 27 | "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; 28 | default "$proxy_forwarded_elem"; 29 | } 30 | 31 | server { 32 | listen 80; 33 | listen [::]:80; 34 | return 301 https://$host$request_uri; 35 | } 36 | 37 | server { 38 | listen 127.0.0.1:8001 ssl default_server; 39 | 40 | ssl_reject_handshake on; 41 | 42 | ssl_protocols TLSv1.2 TLSv1.3; 43 | 44 | ssl_session_timeout 1h; 45 | ssl_session_cache shared:SSL:10m; 46 | } 47 | 48 | server { 49 | listen 127.0.0.1:8001 ssl proxy_protocol; 50 | http2 on; # This directive appeared in version 1.25.1. Otherwise use it like this. "listen 127.0.0.1:8001 ssl http2 proxy_protocol;" 51 | 52 | set_real_ip_from 127.0.0.1; 53 | real_ip_header proxy_protocol; 54 | 55 | # 填 SSL 证书中包含的域名,建议将域名指向服务端的 IP,多个域名以空格分隔 56 | server_name example.com chika.example.com; 57 | 58 | ssl_certificate /etc/ssl/private/fullchain.cer; 59 | ssl_certificate_key /etc/ssl/private/private.key; 60 | 61 | ssl_protocols TLSv1.2 TLSv1.3; 62 | ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305; 63 | ssl_prefer_server_ciphers on; 64 | 65 | ssl_stapling on; 66 | ssl_stapling_verify on; 67 | resolver 1.1.1.1 valid=60s; 68 | resolver_timeout 2s; 69 | 70 | # 反向代理配置由 https://www.digitalocean.com/community/tools/nginx 生成 71 | location / { 72 | sub_filter $proxy_host $host; 73 | sub_filter_once off; 74 | 75 | set $website www.lovelive-anime.jp; 76 | proxy_pass https://$website; 77 | resolver 1.1.1.1; 78 | 79 | proxy_set_header Host $proxy_host; 80 | 81 | proxy_http_version 1.1; 82 | proxy_cache_bypass $http_upgrade; 83 | 84 | proxy_ssl_server_name on; 85 | 86 | proxy_set_header Upgrade $http_upgrade; 87 | proxy_set_header Connection $connection_upgrade; 88 | proxy_set_header X-Real-IP $proxy_protocol_addr; 89 | proxy_set_header Forwarded $proxy_add_forwarded; 90 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 91 | proxy_set_header X-Forwarded-Proto $scheme; 92 | proxy_set_header X-Forwarded-Host $host; 93 | proxy_set_header X-Forwarded-Port $server_port; 94 | 95 | proxy_connect_timeout 60s; 96 | proxy_send_timeout 60s; 97 | proxy_read_timeout 60s; 98 | } 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /VLESS-gRPC-REALITY/README.md: -------------------------------------------------------------------------------- 1 | ### 注意: 2 | 3 | :exclamation:gRPC/H2 建议在有优化回程路由的VPS上使用。如 CN2-GIA、AS9929/AS10099、CMI/CMIN2、AS4837 等。并且你到VPS之间的延迟越低越好。建议参考 NaïveProxy 的 [Performance Tuning](https://github.com/klzgrad/naiveproxy/wiki/Performance-Tuning) 进行优化。除此以外,可以参考[文档](https://xtls.github.io/Xray-docs-next/config/transports/grpc.html#grpcobject),使用[健康检查](config_client.json#L57-L58)参数。 4 | 5 | ### v2rayN - V6.19 及以上版本 配置示例 6 | 7 |
点击查看
8 | 9 | | 名称 | 值 | 10 | | :--- | :--- | 11 | | 地址 | 服务端的 IP | 12 | | 端口 | 443 | 13 | | 用户ID | chika | 14 | | 流控 | 留空 | 15 | | 加密方式 | none | 16 | | 传输协议 | grpc | 17 | | | multi | 18 | | 伪装域名 | 留空 | 19 | | 路径 | lovelive | 20 | | 传输层安全 | reality | 21 | | SNI | `www.lovelive-anime.jp` | 22 | | Fingerprint | chrome | 23 | | PublicKey | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 24 | | ShortId | 6ba85179e30d4fc2 | 25 | | SpiderX | 留空 | 26 | 27 |
28 | 29 | ### v2rayNG - V1.8.1 及以上版本 配置示例 30 | 31 |
点击查看
32 | 33 | | 名称 | 值 | 34 | | :--- | :--- | 35 | | 地址 | 服务端的 IP | 36 | | 端口 | 443 | 37 | | 用户ID | chika | 38 | | 流控 | 留空 | 39 | | 加密方式 | none | 40 | | 传输协议 | grpc | 41 | | gRPC 传输模式 | multi | 42 | | 伪装域名 | 留空 | 43 | | path | lovelive | 44 | | 传输层安全 | reality | 45 | | SNI | `www.lovelive-anime.jp` | 46 | | Fingerprint | chrome | 47 | | PublicKey | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 48 | | ShortID | 6ba85179e30d4fc2 | 49 | | SpiderX | 留空 | 50 | 51 |
52 | 53 | ### Shadowrocket - V2.2.31 及以上版本 配置示例 54 | 55 |
点击查看
56 | 57 | | 名称 | 值 | 58 | | :--- | :--- | 59 | | 类型 | VLESS | 60 | | 地址 | 服务端的 IP | 61 | | 端口 | 443 | 62 | | UUID | chika | 63 | | TLS | 选上 | 64 | | XTLS | none | 65 | | 允许不安全 | 不选 | 66 | | SNI | `www.lovelive-anime.jp` | 67 | | ALPN | 留空 | 68 | | 公钥 | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 69 | | 短 ID | 6ba85179e30d4fc2 | 70 | | 传输方式 | | 71 | | 名称 | grpc | 72 | | Host | 留空 | 73 | | 服务名称 | lovelive | 74 | | 多路复用 | 不选 | 75 | | TCP 快速打开 | 不选 | 76 | | UDP 转发 | 选上 | 77 | | 代理通过 | 不选 | 78 | 79 |
80 | 81 | ### PassWall - V4.61 及以上版本 配置示例 82 | 83 |
点击查看
84 | 85 | | 名称 | 值 | 86 | | :--- | :--- | 87 | | 类型 | Xray | 88 | | 传输协议 | VLESS | 89 | | 地址(支持域名) | 服务端的 IP | 90 | | 端口 | 443 | 91 | | 加密方式 | none | 92 | | ID | chika | 93 | | TLS | 勾上 | 94 | | flow | 停用 | 95 | | REALITY | 勾上 | 96 | | 域名 | `www.lovelive-anime.jp` | 97 | | 公钥 | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 98 | | Short Id | 6ba85179e30d4fc2 | 99 | | Spider X | 留空 | 100 | | 指纹伪造 | chrome | 101 | | 传输协议 | gRPC | 102 | | ServiceName | lovelive | 103 | | gRPC 传输模式 | multi | 104 | | 健康检查 | 不勾 | 105 | | 初始窗口大小 | 0 | 106 | | MUX | 不勾 | 107 | 108 |
109 | 110 | ### ShadowSocksR Plus+ 配置示例 111 | 112 |
点击查看
113 | 114 | | 名称 | 值 | 115 | | :--- | :--- | 116 | | 服务器节点类型 | V2Ray/Xray | 117 | | V2Ray/XRay 协议 | VLESS | 118 | | 服务器地址 | 服务端的 IP | 119 | | 端口 | 443 | 120 | | Vmess/VLESS ID (UUID) | chika | 121 | | VLESS 加密 | none | 122 | | 传输协议 | gRPC | 123 | | gRPC 服务名称 | lovelive | 124 | | gRPC 模式 | Multi | 125 | | 初始窗口大小 | 0 | 126 | | H2/gRPC 健康检查 | 不勾 | 127 | | TLS | 不勾 | 128 | | REALITY | 勾上 | 129 | | Public key | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 130 | | Short ID | 6ba85179e30d4fc2 | 131 | | spiderX | 留空 | 132 | | 指纹伪造 | chrome | 133 | | TLS 主机名 | `www.lovelive-anime.jp` | 134 | | Mux | 不勾 | 135 | | 启用自动切换 | 不勾 | 136 | | 本地端口 | 1234 | 137 | 138 |
139 | 140 | ### HomeProxy 配置示例 141 | 142 |
点击查看
143 | 144 | | 名称 | 值 | 145 | | :--- | :--- | 146 | | 类型 | VLESS | 147 | | 地址 | 服务端的 IP | 148 | | 端口 | 443 | 149 | | UUID | chika | 150 | | 流控 | 无 | 151 | | 传输层 | gRPC | 152 | | gRPC 服务名称 | lovelive | 153 | | 空闲超时 | 留空 | 154 | | Ping 超时 | 留空 | 155 | | 数据包编码 | Xudp (Xray-core) | 156 | | 多路复用 | 不勾 | 157 | | TLS | 勾上 | 158 | | TLS SNI | `www.lovelive-anime.jp` | 159 | | TLS ALPN | 留空 | 160 | | 允许不安全连接 | 不勾 | 161 | | 最低 TLS 版本 | 默认 | 162 | | 最大 TLS 版本 | 默认 | 163 | | 密码套件 | -- 请选择 -- | 164 | | 追加自签名证书 | 不勾 | 165 | | uTLS 指纹 | Chrome | 166 | | REALITY | 勾上 | 167 | | REALITY 公钥 | Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw | 168 | | REALITY 标识符 | 6ba85179e30d4fc2 | 169 | | TCP 快速打开 | 不勾 | 170 | | 多路径 TCP(MPTCP) | 不勾 | 171 | | UDP 分片 | 不勾 | 172 | 173 |
174 | -------------------------------------------------------------------------------- /VLESS-gRPC-REALITY/config_client.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "ip": [ 9 | "geoip:private" 10 | ], 11 | "outboundTag": "direct" 12 | } 13 | ] 14 | }, 15 | "inbounds": [ 16 | { 17 | "listen": "127.0.0.1", 18 | "port": 10808, 19 | "protocol": "socks" 20 | }, 21 | { 22 | "listen": "127.0.0.1", 23 | "port": 10809, 24 | "protocol": "http" 25 | } 26 | ], 27 | "outbounds": [ 28 | { 29 | "protocol": "vless", 30 | "settings": { 31 | "vnext": [ 32 | { 33 | "address": "", 34 | "port": 443, 35 | "users": [ 36 | { 37 | "id": "chika", // 与服务端一致 38 | "encryption": "none" 39 | } 40 | ] 41 | } 42 | ] 43 | }, 44 | "streamSettings": { 45 | "network": "grpc", 46 | "security": "reality", 47 | "realitySettings": { 48 | "fingerprint": "chrome", 49 | "serverName": "www.lovelive-anime.jp", // 与服务端一致 50 | "publicKey": "Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw", // 服务端执行 xray x25519 生成,私钥对应的公钥,填 "Public key" 的值 51 | "shortId": "6ba85179e30d4fc2" // 与服务端一致 52 | }, 53 | "grpcSettings": { 54 | "serviceName": "lovelive", // 与服务端一致 55 | "multiMode": true, 56 | "idle_timeout": 60, 57 | "health_check_timeout": 20 58 | } 59 | }, 60 | "tag": "proxy" 61 | }, 62 | { 63 | "protocol": "freedom", 64 | "tag": "direct" 65 | } 66 | ] 67 | } 68 | -------------------------------------------------------------------------------- /VLESS-gRPC-REALITY/config_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "port": "443", 9 | "network": "udp", 10 | "outboundTag": "block" 11 | } 12 | ] 13 | }, 14 | "inbounds": [ 15 | { 16 | "listen": "0.0.0.0", 17 | "port": 443, 18 | "protocol": "vless", 19 | "settings": { 20 | "clients": [ 21 | { 22 | "id": "chika" // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成 23 | } 24 | ], 25 | "decryption": "none" 26 | }, 27 | "streamSettings": { 28 | "network": "grpc", 29 | "security": "reality", 30 | "realitySettings": { 31 | "dest": "www.lovelive-anime.jp:443", // 目标网站最低标准:国外网站,支持 TLSv1.3、X25519 与 H2,域名非跳转用(主域名可能被用于跳转到 www) 32 | "serverNames": [ // 客户端可用的 serverName 列表,暂不支持 * 通配符,在 Chrome 里输入 "dest" 的网址 -> F12 -> 安全 -> F5 -> 主要来源(安全),填证书中 SAN 的值 33 | "www.lovelive-anime.jp", 34 | "lovelive-anime.jp" 35 | ], 36 | "privateKey": "2KZ4uouMKgI8nR-LDJNP1_MHisCJOmKGj9jUjZLncVU", // 执行 xray x25519 生成,填 "Private key" 的值 37 | "shortIds": [ // 客户端可用的 shortId 列表,可用于区分不同的客户端,0 到 f,长度为 2 的倍数,长度上限为 16,可留空,或执行 openssl rand -hex 1到8 生成 38 | "6ba85179e30d4fc2", 39 | "b9" 40 | ] 41 | }, 42 | "grpcSettings": { 43 | "serviceName": "lovelive" // 若起始为斜杠时为自定义 path,至少要两个斜杠,例如在服务端填写 "/lovelive/sif/chika|riko",客户端可填写 "/lovelive/sif/chika" 或 "/lovelive/sif/riko",客户端填写 "/lovelive/sif" 将连接失败 44 | } 45 | }, 46 | "sniffing": { 47 | "enabled": true, 48 | "destOverride": [ 49 | "http", 50 | "tls", 51 | "quic" 52 | ] 53 | } 54 | } 55 | ], 56 | "outbounds": [ 57 | { 58 | "protocol": "freedom", 59 | "tag": "direct" 60 | }, 61 | { 62 | "protocol": "blackhole", 63 | "tag": "block" 64 | } 65 | ] 66 | } 67 | -------------------------------------------------------------------------------- /VLESS-gRPC-REALITY/config_server_shared_port.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "port": "443", 9 | "network": "udp", 10 | "outboundTag": "block" 11 | } 12 | ] 13 | }, 14 | "inbounds": [ 15 | { 16 | "listen": "0.0.0.0", 17 | "port": 443, 18 | "protocol": "vless", 19 | "settings": { 20 | "clients": [ 21 | { 22 | "id": "chika", // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成 23 | "flow": "xtls-rprx-vision" 24 | } 25 | ], 26 | "decryption": "none", 27 | "fallbacks": [ 28 | { 29 | "dest": "8004", 30 | "xver": 1 31 | } 32 | ] 33 | }, 34 | "streamSettings": { 35 | "network": "tcp", 36 | "security": "reality", 37 | "realitySettings": { 38 | "dest": "www.lovelive-anime.jp:443", // 目标网站最低标准:国外网站,支持 TLSv1.3、X25519 与 H2,域名非跳转用(主域名可能被用于跳转到 www) 39 | "serverNames": [ // 客户端可用的 serverName 列表,暂不支持 * 通配符,在 Chrome 里输入 "dest" 的网址 -> F12 -> 安全 -> F5 -> 主要来源(安全),填证书中 SAN 的值 40 | "www.lovelive-anime.jp", 41 | "lovelive-anime.jp" 42 | ], 43 | "privateKey": "2KZ4uouMKgI8nR-LDJNP1_MHisCJOmKGj9jUjZLncVU", // 执行 xray x25519 生成,填 "Private key" 的值 44 | "shortIds": [ // 客户端可用的 shortId 列表,可用于区分不同的客户端,0 到 f,长度为 2 的倍数,长度上限为 16,可留空,或执行 openssl rand -hex 1到8 生成 45 | "6ba85179e30d4fc2", 46 | "b9" 47 | ] 48 | } 49 | }, 50 | "sniffing": { 51 | "enabled": true, 52 | "destOverride": [ 53 | "http", 54 | "tls", 55 | "quic" 56 | ] 57 | } 58 | }, 59 | { 60 | "listen": "127.0.0.1", 61 | "port": 8004, 62 | "protocol": "vless", 63 | "settings": { 64 | "clients": [ 65 | { 66 | "id": "chika" 67 | } 68 | ], 69 | "decryption": "none" 70 | }, 71 | "streamSettings": { 72 | "network": "grpc", 73 | "grpcSettings": { 74 | "serviceName": "lovelive" // 若起始为斜杠时为自定义 path,至少要两个斜杠,例如在服务端填写 "/lovelive/sif/chika|riko",客户端可填写 "/lovelive/sif/chika" 或 "/lovelive/sif/riko",客户端填写 "/lovelive/sif" 将连接失败 75 | }, 76 | "sockopt": { 77 | "acceptProxyProtocol": true 78 | } 79 | }, 80 | "sniffing": { 81 | "enabled": true, 82 | "destOverride": [ 83 | "http", 84 | "tls", 85 | "quic" 86 | ] 87 | } 88 | } 89 | ], 90 | "outbounds": [ 91 | { 92 | "protocol": "freedom", 93 | "tag": "direct" 94 | }, 95 | { 96 | "protocol": "blackhole", 97 | "tag": "block" 98 | } 99 | ] 100 | } 101 | -------------------------------------------------------------------------------- /VLESS-gRPC-TLS/README.md: -------------------------------------------------------------------------------- 1 | ### 注意: 2 | 3 | :exclamation:gRPC/H2 建议在有优化回程路由的VPS上使用。如 CN2-GIA、AS9929/AS10099、CMI/CMIN2、AS4837 等。并且你到VPS之间的延迟越低越好。建议参考 NaïveProxy 的 [Performance Tuning](https://github.com/klzgrad/naiveproxy/wiki/Performance-Tuning) 进行优化。除此以外,可以参考[文档](https://xtls.github.io/Xray-docs-next/config/transports/grpc.html#grpcobject),使用[健康检查](config_client.json#L50-L51)参数。 4 | 5 | **将 chika.example.com 替换成你的 SSL 证书中包含的域名** 6 | 7 | ### v2rayN - V6.19 及以上版本 配置示例 8 | 9 |
点击查看
10 | 11 | | 名称 | 值 | 12 | | :--- | :--- | 13 | | 地址 | 服务端的 IP | 14 | | 端口 | 443 | 15 | | 用户ID | chika | 16 | | 流控 | 留空 | 17 | | 加密方式 | none | 18 | | 传输协议 | grpc | 19 | | | multi | 20 | | 伪装域名 | 留空 | 21 | | 路径 | chika | 22 | | 传输层安全 | tls | 23 | | SNI | chika.example.com | 24 | | Fingerprint | chrome | 25 | | Alpn | 留空 | 26 | | 路过证书验证 | false | 27 | 28 |
29 | 30 | ### v2rayNG - V1.8.1 及以上版本 配置示例 31 | 32 |
点击查看
33 | 34 | | 名称 | 值 | 35 | | :--- | :--- | 36 | | 地址 | 服务端的 IP | 37 | | 端口 | 443 | 38 | | 用户ID | chika | 39 | | 流控 | 留空 | 40 | | 加密方式 | none | 41 | | 传输协议 | grpc | 42 | | gRPC 传输模式 | multi | 43 | | 伪装域名 | 留空 | 44 | | path | chika | 45 | | 传输层安全 | tls | 46 | | SNI | chika.example.com | 47 | | Fingerprint | chrome | 48 | | Alpn | 留空 | 49 | | 路过证书验证 | false | 50 | 51 |
52 | 53 | ### Shadowrocket - V2.2.31 及以上版本 配置示例 54 | 55 |
点击查看
56 | 57 | | 名称 | 值 | 58 | | :--- | :--- | 59 | | 类型 | VLESS | 60 | | 地址 | 服务端的 IP | 61 | | 端口 | 443 | 62 | | UUID | chika | 63 | | TLS | 选上 | 64 | | XTLS | none | 65 | | 允许不安全 | 不选 | 66 | | SNI | chika.example.com | 67 | | ALPN | 留空 | 68 | | 公钥 | 留空 | 69 | | 短 ID | 留空 | 70 | | 传输方式 | | 71 | | 名称 | grpc | 72 | | Host | 留空 | 73 | | 服务名称 | chika | 74 | | 多路复用 | 不选 | 75 | | TCP 快速打开 | 不选 | 76 | | UDP 转发 | 选上 | 77 | | 代理通过 | 不选 | 78 | 79 |
80 | 81 | ### PassWall - V4.61 及以上版本 配置示例 82 | 83 |
点击查看
84 | 85 | | 名称 | 值 | 86 | | :--- | :--- | 87 | | 类型 | Xray | 88 | | 传输协议 | VLESS | 89 | | 地址(支持域名) | 服务端的 IP | 90 | | 端口 | 443 | 91 | | 加密方式 | none | 92 | | ID | chika | 93 | | TLS | 勾上 | 94 | | flow | 停用 | 95 | | REALITY | 不勾 | 96 | | alpn | 默认 | 97 | | 域名 | chika.example.com | 98 | | 允许不安全连接 | 不勾 | 99 | | 指纹伪造 | chrome | 100 | | 传输协议 | gRPC | 101 | | ServiceName | chika | 102 | | gRPC 传输模式 | multi | 103 | | 健康检查 | 不勾 | 104 | | 初始窗口大小 | 0 | 105 | | MUX | 不勾 | 106 | 107 |
108 | 109 | ### ShadowSocksR Plus+ 配置示例 110 | 111 |
点击查看
112 | 113 | | 名称 | 值 | 114 | | :--- | :--- | 115 | | 服务器节点类型 | V2Ray/Xray | 116 | | V2Ray/XRay 协议 | VLESS | 117 | | 服务器地址 | 服务端的 IP | 118 | | 端口 | 443 | 119 | | Vmess/VLESS ID (UUID) | chika | 120 | | VLESS 加密 | none | 121 | | 传输协议 | gRPC | 122 | | gRPC 服务名称 | chika | 123 | | gRPC 模式 | Multi | 124 | | 初始窗口大小 | 0 | 125 | | H2/gRPC 健康检查 | 不勾 | 126 | | TLS | 勾上 | 127 | | 指纹伪造 | chrome | 128 | | TLS 主机名 | chika.example.com | 129 | | TLS ALPN | 留空 | 130 | | 允许不安全连接 | 不勾 | 131 | | Mux | 不勾 | 132 | | 自签证书 | 不勾 | 133 | | 启用自动切换 | 不勾 | 134 | | 本地端口 | 1234 | 135 | 136 |
137 | 138 | ### HomeProxy 配置示例 139 | 140 |
点击查看
141 | 142 | | 名称 | 值 | 143 | | :--- | :--- | 144 | | 类型 | VLESS | 145 | | 地址 | 服务端的 IP | 146 | | 端口 | 443 | 147 | | UUID | chika | 148 | | 流控 | 无 | 149 | | 传输层 | gRPC | 150 | | gRPC 服务名称 | lovelive | 151 | | 空闲超时 | 留空 | 152 | | Ping 超时 | 留空 | 153 | | 数据包编码 | Xudp (Xray-core) | 154 | | 多路复用 | 不勾 | 155 | | TLS | 勾上 | 156 | | TLS SNI | chika.example.com | 157 | | TLS ALPN | 留空 | 158 | | 允许不安全连接 | 不勾 | 159 | | 最低 TLS 版本 | 默认 | 160 | | 最大 TLS 版本 | 默认 | 161 | | 密码套件 | -- 请选择 -- | 162 | | 追加自签名证书 | 不勾 | 163 | | uTLS 指纹 | Chrome | 164 | | REALITY | 不勾 | 165 | | TCP 快速打开 | 不勾 | 166 | | 多路径 TCP(MPTCP) | 不勾 | 167 | | UDP 分片 | 不勾 | 168 | 169 |
170 | -------------------------------------------------------------------------------- /VLESS-gRPC-TLS/config_client.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "ip": [ 9 | "geoip:private" 10 | ], 11 | "outboundTag": "direct" 12 | } 13 | ] 14 | }, 15 | "inbounds": [ 16 | { 17 | "listen": "127.0.0.1", 18 | "port": 10808, 19 | "protocol": "socks" 20 | }, 21 | { 22 | "listen": "127.0.0.1", 23 | "port": 10809, 24 | "protocol": "http" 25 | } 26 | ], 27 | "outbounds": [ 28 | { 29 | "protocol": "vless", 30 | "settings": { 31 | "vnext": [ 32 | { 33 | "address": "", 34 | "port": 443, 35 | "users": [ 36 | { 37 | "id": "chika", // 与服务端一致 38 | "encryption": "none" 39 | } 40 | ] 41 | } 42 | ] 43 | }, 44 | "streamSettings": { 45 | "network": "grpc", 46 | "grpcSettings": { 47 | "serviceName": "lovelive", // 与服务端一致 48 | "multiMode": true, 49 | "idle_timeout": 60, 50 | "health_check_timeout": 20 51 | }, 52 | "security": "tls", 53 | "tlsSettings": { 54 | "serverName": "", 55 | "fingerprint": "chrome" 56 | } 57 | }, 58 | "tag": "proxy" 59 | }, 60 | { 61 | "protocol": "freedom", 62 | "tag": "direct" 63 | } 64 | ] 65 | } 66 | -------------------------------------------------------------------------------- /VLESS-gRPC-TLS/config_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "routing": { 6 | "rules": [ 7 | { 8 | "port": "443", 9 | "network": "udp", 10 | "outboundTag": "block" 11 | } 12 | ] 13 | }, 14 | "inbounds": [ 15 | { 16 | "listen": "127.0.0.1", 17 | "port": 8001, 18 | "protocol": "vless", 19 | "settings": { 20 | "clients": [ 21 | { 22 | "id": "chika" // 长度为 1-30 字节的任意字符串,或执行 xray uuid 生成 23 | } 24 | ], 25 | "decryption": "none" 26 | }, 27 | "streamSettings": { 28 | "network": "grpc", 29 | "grpcSettings": { 30 | "serviceName": "lovelive" // 若起始为斜杠时为自定义 path,至少要两个斜杠,例如在服务端填写 "/lovelive/sif/chika|riko",客户端可填写 "/lovelive/sif/chika" 或 "/lovelive/sif/riko",客户端填写 "/lovelive/sif" 将连接失败,在 Nginx 配置中填写 location /lovelive/sif 可同时兼容多个 path,否则填写 location /lovelive/sif/chika 只兼容其中一个 path 31 | } 32 | }, 33 | "sniffing": { 34 | "enabled": true, 35 | "destOverride": [ 36 | "http", 37 | "tls", 38 | "quic" 39 | ] 40 | } 41 | } 42 | ], 43 | "outbounds": [ 44 | { 45 | "protocol": "freedom", 46 | "tag": "direct" 47 | }, 48 | { 49 | "protocol": "blackhole", 50 | "tag": "block" 51 | } 52 | ] 53 | } 54 | -------------------------------------------------------------------------------- /VLESS-gRPC-TLS/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | 4 | error_log /var/log/nginx/error.log notice; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | log_format main '[$time_local] $remote_addr "$http_referer" "$http_user_agent"'; 13 | access_log /var/log/nginx/access.log main; 14 | 15 | map $http_upgrade $connection_upgrade { 16 | default upgrade; 17 | "" close; 18 | } 19 | 20 | map $remote_addr $proxy_forwarded_elem { 21 | ~^[0-9.]+$ "for=$remote_addr"; 22 | ~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\""; 23 | default "for=unknown"; 24 | } 25 | 26 | map $http_forwarded $proxy_add_forwarded { 27 | "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; 28 | default "$proxy_forwarded_elem"; 29 | } 30 | 31 | server { 32 | listen 80; 33 | listen [::]:80; 34 | return 301 https://$host$request_uri; 35 | } 36 | 37 | server { 38 | listen 443 ssl default_server; 39 | listen [::]:443 ssl default_server; 40 | 41 | ssl_reject_handshake on; 42 | 43 | ssl_protocols TLSv1.2 TLSv1.3; 44 | 45 | ssl_session_timeout 1h; 46 | ssl_session_cache shared:SSL:10m; 47 | } 48 | 49 | server { 50 | listen 443 ssl; 51 | listen [::]:443 ssl; 52 | http2 on; # This directive appeared in version 1.25.1. Otherwise use it like this. "listen 443 ssl http2; listen [::]:443 ssl http2;" 53 | 54 | # 填 SSL 证书中包含的域名,建议将域名指向服务端的 IP,多个域名以空格分隔 55 | server_name example.com chika.example.com; 56 | 57 | ssl_certificate /etc/ssl/private/fullchain.cer; 58 | ssl_certificate_key /etc/ssl/private/private.key; 59 | 60 | ssl_protocols TLSv1.2 TLSv1.3; 61 | ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305; 62 | ssl_prefer_server_ciphers on; 63 | 64 | ssl_stapling on; 65 | ssl_stapling_verify on; 66 | resolver 1.1.1.1 valid=60s; 67 | resolver_timeout 2s; 68 | 69 | client_header_timeout 1h; 70 | keepalive_timeout 30m; 71 | 72 | # Nginx 配置中的 location /lovelive 需与 Xray 服务端配置中的 "serviceName": "lovelive" 一致 73 | location /lovelive { 74 | if ($content_type !~ "application/grpc") { 75 | return 404; 76 | } 77 | 78 | grpc_pass 127.0.0.1:8001; 79 | grpc_read_timeout 1h; 80 | grpc_send_timeout 1h; 81 | grpc_set_header X-Real-IP $remote_addr; 82 | grpc_socket_keepalive on; 83 | 84 | client_body_buffer_size 1m; 85 | client_body_timeout 1h; 86 | client_max_body_size 0; 87 | } 88 | 89 | # 反向代理配置由 https://www.digitalocean.com/community/tools/nginx 生成 90 | location / { 91 | sub_filter $proxy_host $host; 92 | sub_filter_once off; 93 | 94 | set $website www.lovelive-anime.jp; 95 | proxy_pass https://$website; 96 | resolver 1.1.1.1; 97 | 98 | proxy_set_header Host $proxy_host; 99 | 100 | proxy_http_version 1.1; 101 | proxy_cache_bypass $http_upgrade; 102 | 103 | proxy_ssl_server_name on; 104 | 105 | proxy_set_header Upgrade $http_upgrade; 106 | proxy_set_header Connection $connection_upgrade; 107 | proxy_set_header X-Real-IP $remote_addr; 108 | proxy_set_header Forwarded $proxy_add_forwarded; 109 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 110 | proxy_set_header X-Forwarded-Proto $scheme; 111 | proxy_set_header X-Forwarded-Host $host; 112 | proxy_set_header X-Forwarded-Port $server_port; 113 | 114 | proxy_connect_timeout 60s; 115 | proxy_send_timeout 60s; 116 | proxy_read_timeout 60s; 117 | } 118 | } 119 | } 120 | -------------------------------------------------------------------------------- /self-use/nginx_server_vps1.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | 4 | error_log /var/log/nginx/error.log notice; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"'; 13 | access_log /var/log/nginx/access.log main; 14 | 15 | map $http_upgrade $connection_upgrade { 16 | default upgrade; 17 | "" close; 18 | } 19 | 20 | map $proxy_protocol_addr $proxy_forwarded_elem { 21 | ~^[0-9.]+$ "for=$proxy_protocol_addr"; 22 | ~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\""; 23 | default "for=unknown"; 24 | } 25 | 26 | map $http_forwarded $proxy_add_forwarded { 27 | "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; 28 | default "$proxy_forwarded_elem"; 29 | } 30 | 31 | server { 32 | listen 80; 33 | listen [::]:80; 34 | return 301 https://$host$request_uri; 35 | } 36 | 37 | server { 38 | listen unix:/dev/shm/nginx.sock ssl default_server; 39 | 40 | ssl_reject_handshake on; 41 | 42 | ssl_protocols TLSv1.2 TLSv1.3; 43 | 44 | ssl_session_timeout 1h; 45 | ssl_session_cache shared:SSL:10m; 46 | } 47 | 48 | server { 49 | listen unix:/dev/shm/nginx.sock ssl proxy_protocol; 50 | http2 on; 51 | 52 | set_real_ip_from unix:; 53 | real_ip_header proxy_protocol; 54 | 55 | server_name example.com www.example.com; 56 | 57 | ssl_certificate /etc/ssl/private/fullchain.cer; 58 | ssl_certificate_key /etc/ssl/private/private.key; 59 | 60 | ssl_protocols TLSv1.2 TLSv1.3; 61 | ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305; 62 | ssl_prefer_server_ciphers on; 63 | 64 | ssl_stapling on; 65 | ssl_stapling_verify on; 66 | resolver 1.1.1.1 valid=60s; 67 | resolver_timeout 2s; 68 | 69 | location / { 70 | sub_filter $proxy_host $host; 71 | sub_filter_once off; 72 | 73 | set $website www.lovelive-anime.jp; 74 | proxy_pass https://$website; 75 | resolver 1.1.1.1; 76 | 77 | proxy_set_header Host $proxy_host; 78 | 79 | proxy_http_version 1.1; 80 | proxy_cache_bypass $http_upgrade; 81 | 82 | proxy_ssl_server_name on; 83 | 84 | proxy_set_header Upgrade $http_upgrade; 85 | proxy_set_header Connection $connection_upgrade; 86 | proxy_set_header X-Real-IP $proxy_protocol_addr; 87 | proxy_set_header Forwarded $proxy_add_forwarded; 88 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 89 | proxy_set_header X-Forwarded-Proto $scheme; 90 | proxy_set_header X-Forwarded-Host $host; 91 | proxy_set_header X-Forwarded-Port $server_port; 92 | 93 | proxy_connect_timeout 60s; 94 | proxy_send_timeout 60s; 95 | proxy_read_timeout 60s; 96 | } 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /self-use/xray_server_vps1.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "dns": { 6 | "servers": [ 7 | "https+local://8.8.8.8/dns-query" 8 | ], 9 | "clientIp": "" 10 | }, 11 | "routing": { 12 | "domainStrategy": "IPIfNonMatch", 13 | "rules": [ 14 | { 15 | "domain": [ 16 | "geosite:netflix" 17 | ], 18 | "user": [ 19 | "chika" 20 | ], 21 | "outboundTag": "taipei" 22 | }, 23 | { 24 | "domain": [ 25 | "geosite:netflix" 26 | ], 27 | "outboundTag": "singapore" 28 | }, 29 | { 30 | "domain": [ 31 | "geosite:openai" 32 | ], 33 | "outboundTag": "tokyo" 34 | }, 35 | { 36 | "ip": [ 37 | "geoip:cn" 38 | ], 39 | "outboundTag": "tokyo" 40 | }, 41 | { 42 | "ip": [ 43 | "geoip:private" 44 | ], 45 | "outboundTag": "block" 46 | } 47 | ] 48 | }, 49 | "inbounds": [ 50 | { 51 | "listen": "0.0.0.0", 52 | "port": 443, 53 | "protocol": "vless", 54 | "settings": { 55 | "clients": [ 56 | { 57 | "id": "honoka", 58 | "flow": "xtls-rprx-vision" 59 | }, 60 | { 61 | "id": "umi", 62 | "flow": "xtls-rprx-vision" 63 | }, 64 | { 65 | "id": "chika", 66 | "flow": "xtls-rprx-vision", 67 | "email": "chika" 68 | } 69 | ], 70 | "decryption": "none" 71 | }, 72 | "streamSettings": { 73 | "network": "tcp", 74 | "security": "reality", 75 | "realitySettings": { 76 | "dest": "/dev/shm/nginx.sock", 77 | "xver": 1, 78 | "serverNames": [ 79 | "example.com", 80 | "www.example.com" 81 | ], 82 | "privateKey": "", 83 | "shortIds": [ 84 | "" 85 | ] 86 | } 87 | }, 88 | "sniffing": { 89 | "enabled": true, 90 | "destOverride": [ 91 | "http", 92 | "tls", 93 | "quic" 94 | ] 95 | } 96 | } 97 | ], 98 | "outbounds": [ 99 | { 100 | "protocol": "freedom", 101 | "settings": { 102 | "domainStrategy": "ForceIPv4" 103 | }, 104 | "streamSettings": { 105 | "sockopt": { 106 | "tcpFastOpen": true 107 | } 108 | }, 109 | "tag": "direct" 110 | }, 111 | { 112 | "protocol": "blackhole", 113 | "tag": "block" 114 | }, 115 | { 116 | "protocol": "shadowsocks", 117 | "settings": { 118 | "servers": [ 119 | { 120 | "address": "", 121 | "port": 80, 122 | "method": "2022-blake3-aes-128-gcm", 123 | "password": "" 124 | } 125 | ] 126 | }, 127 | "streamSettings": { 128 | "sockopt": { 129 | "tcpMptcp": true, 130 | "tcpNoDelay": true 131 | } 132 | }, 133 | "tag": "taipei" 134 | }, 135 | { 136 | "protocol": "shadowsocks", 137 | "settings": { 138 | "servers": [ 139 | { 140 | "address": "", 141 | "port": 80, 142 | "method": "2022-blake3-aes-128-gcm", 143 | "password": "" 144 | } 145 | ] 146 | }, 147 | "streamSettings": { 148 | "sockopt": { 149 | "tcpMptcp": true, 150 | "tcpNoDelay": true 151 | } 152 | }, 153 | "tag": "singapore" 154 | }, 155 | { 156 | "protocol": "shadowsocks", 157 | "settings": { 158 | "servers": [ 159 | { 160 | "address": "", 161 | "port": 80, 162 | "method": "2022-blake3-aes-128-gcm", 163 | "password": "" 164 | } 165 | ] 166 | }, 167 | "tag": "tokyo" 168 | } 169 | ], 170 | "policy": { 171 | "levels": { 172 | "0": { 173 | "handshake": 2, 174 | "connIdle": 120 175 | } 176 | } 177 | } 178 | } 179 | -------------------------------------------------------------------------------- /self-use/xray_server_vps2.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "dns": { 6 | "servers": [ 7 | "https+local://1.1.1.1/dns-query" 8 | ] 9 | }, 10 | "inbounds": [ 11 | { 12 | "listen": "0.0.0.0", 13 | "port": 80, 14 | "protocol": "shadowsocks", 15 | "settings": { 16 | "method": "2022-blake3-aes-128-gcm", 17 | "password": "", 18 | "network": "tcp,udp" 19 | }, 20 | "streamSettings": { 21 | "sockopt": { 22 | "tcpMptcp": true, 23 | "tcpNoDelay": true 24 | } 25 | } 26 | } 27 | ], 28 | "outbounds": [ 29 | { 30 | "protocol": "freedom", 31 | "settings": { 32 | "domainStrategy": "ForceIPv4" 33 | }, 34 | "streamSettings": { 35 | "sockopt": { 36 | "tcpFastOpen": true 37 | } 38 | } 39 | } 40 | ] 41 | } 42 | -------------------------------------------------------------------------------- /self-use/xray_server_vps3.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "dns": { 6 | "servers": [ 7 | "https+local://1.1.1.1/dns-query" 8 | ] 9 | }, 10 | "inbounds": [ 11 | { 12 | "listen": "0.0.0.0", 13 | "port": 80, 14 | "protocol": "shadowsocks", 15 | "settings": { 16 | "method": "2022-blake3-aes-128-gcm", 17 | "password": "", 18 | "network": "tcp,udp" 19 | } 20 | } 21 | ], 22 | "outbounds": [ 23 | { 24 | "protocol": "freedom", 25 | "settings": { 26 | "domainStrategy": "ForceIPv4" 27 | }, 28 | "streamSettings": { 29 | "sockopt": { 30 | "tcpFastOpen": true 31 | } 32 | } 33 | } 34 | ] 35 | } 36 | -------------------------------------------------------------------------------- /v2rayNG_custom_local_dns.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "dns": { 6 | "hosts": { 7 | "geosite:category-ads-all": "127.0.0.1" 8 | }, 9 | "servers": [ 10 | { 11 | "address": "https://1.1.1.1/dns-query", 12 | "domains": [ 13 | "geosite:geolocation-!cn" 14 | ], 15 | "skipFallback": true 16 | }, 17 | "https+local://223.5.5.5/dns-query" 18 | ], 19 | "queryStrategy": "UseIPv4" 20 | }, 21 | "routing": { 22 | "domainStrategy": "AsIs", 23 | "rules": [ 24 | { 25 | "inboundTag": [ 26 | "dns-in" 27 | ], 28 | "outboundTag": "dns-out" 29 | }, 30 | { 31 | "port": "853", 32 | "network": "tcp", 33 | "outboundTag": "block" 34 | }, 35 | { 36 | "port": "443,853", 37 | "network": "udp", 38 | "outboundTag": "block" 39 | }, 40 | { 41 | "ip": [ 42 | "1.1.1.1" 43 | ], 44 | "outboundTag": "proxy" 45 | }, 46 | { 47 | "domain": [ 48 | "geosite:category-ads-all" 49 | ], 50 | "outboundTag": "block" 51 | }, 52 | { 53 | "type": "field", 54 | "domain": [ 55 | "geosite:geolocation-!cn" 56 | ], 57 | "outboundTag": "proxy" 58 | }, 59 | { 60 | "ip": [ 61 | "geoip:cn", 62 | "geoip:private" 63 | ], 64 | "outboundTag": "direct" 65 | } 66 | ] 67 | }, 68 | "inbounds": [ 69 | { 70 | "listen": "127.0.0.1", 71 | "port": 10808, 72 | "protocol": "socks", 73 | "settings": { 74 | "udp": true 75 | }, 76 | "sniffing": { 77 | "enabled": true, 78 | "destOverride": [ 79 | "http", 80 | "tls", 81 | "quic" 82 | ], 83 | "routeOnly": true 84 | } 85 | }, 86 | { 87 | "listen": "127.0.0.1", 88 | "port": 10853, 89 | "protocol": "dokodemo-door", 90 | "settings": { 91 | "address": "223.5.5.5", 92 | "port": 53, 93 | "network": "udp" 94 | }, 95 | "tag": "dns-in" 96 | } 97 | ], 98 | "outbounds": [ 99 | { 100 | // 粘贴你的客户端配置,需要保留 "tag": "proxy" 101 | "tag": "proxy" 102 | }, 103 | { 104 | "protocol": "freedom", 105 | "settings": { 106 | "domainStrategy": "ForceIPv4" 107 | }, 108 | "tag": "direct" 109 | }, 110 | { 111 | "protocol": "blackhole", 112 | "tag": "block" 113 | }, 114 | { 115 | "protocol": "dns", 116 | "settings": { 117 | "nonIPQuery": "drop" // 若不写此字段,将使用默认值 "drop",阻止非 A 和 AAAA 记录查询,若设置为 "skip",则允许非 A 和 AAAA 记录查询 118 | }, 119 | "proxySettings": { 120 | "tag": "direct" // 当 "nonIPQuery" 设置为 "skip" 时,若不写此字段,将使用本地网络出站;若设置此字段,将使用对应 "tag" 出站,目的地址对应 "dns-in" 中的 "settings" 字段的内容 121 | }, 122 | "tag": "dns-out" 123 | } 124 | ] 125 | } 126 | -------------------------------------------------------------------------------- /v2rayNG_custom_remote_dns.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "dns": { 6 | "hosts": { 7 | "geosite:category-ads-all": "127.0.0.1" 8 | }, 9 | "servers": [ 10 | "https://1.1.1.1/dns-query" 11 | ], 12 | "queryStrategy": "UseIPv4" 13 | }, 14 | "routing": { 15 | "domainStrategy": "AsIs", 16 | "rules": [ 17 | { 18 | "inboundTag": [ 19 | "dns-in" 20 | ], 21 | "outboundTag": "dns-out" 22 | }, 23 | { 24 | "port": "853", 25 | "network": "tcp", 26 | "outboundTag": "block" 27 | }, 28 | { 29 | "port": "443,853", 30 | "network": "udp", 31 | "outboundTag": "block" 32 | }, 33 | { 34 | "ip": [ 35 | "1.1.1.1" 36 | ], 37 | "outboundTag": "proxy" 38 | }, 39 | { 40 | "domain": [ 41 | "geosite:category-ads-all" 42 | ], 43 | "outboundTag": "block" 44 | }, 45 | { 46 | "type": "field", 47 | "domain": [ 48 | "geosite:geolocation-!cn" 49 | ], 50 | "ip": [ 51 | "geoip:!cn" 52 | ], 53 | "outboundTag": "proxy" 54 | }, 55 | { 56 | "ip": [ 57 | "geoip:cn", 58 | "geoip:private" 59 | ], 60 | "outboundTag": "direct" 61 | } 62 | ] 63 | }, 64 | "inbounds": [ 65 | { 66 | "listen": "127.0.0.1", 67 | "port": 10808, 68 | "protocol": "socks", 69 | "settings": { 70 | "udp": true 71 | }, 72 | "sniffing": { 73 | "enabled": true, 74 | "destOverride": [ 75 | "http", 76 | "tls", 77 | "quic" 78 | ], 79 | "routeOnly": true 80 | } 81 | }, 82 | { 83 | "listen": "127.0.0.1", 84 | "port": 10853, 85 | "protocol": "dokodemo-door", 86 | "settings": { 87 | "address": "1.1.1.1", 88 | "port": 53, 89 | "network": "udp" 90 | }, 91 | "tag": "dns-in" 92 | } 93 | ], 94 | "outbounds": [ 95 | { 96 | // 粘贴你的客户端配置,需要保留 "tag": "proxy" 97 | "tag": "proxy" 98 | }, 99 | { 100 | "protocol": "freedom", 101 | "settings": { 102 | "domainStrategy": "ForceIPv4" 103 | }, 104 | "tag": "direct" 105 | }, 106 | { 107 | "protocol": "blackhole", 108 | "tag": "block" 109 | }, 110 | { 111 | "protocol": "dns", 112 | "settings": { 113 | "nonIPQuery": "drop" // 若不写此字段,将使用默认值 "drop",阻止非 A 和 AAAA 记录查询,若设置为 "skip",则允许非 A 和 AAAA 记录查询 114 | }, 115 | "proxySettings": { 116 | "tag": "proxy" // 当 "nonIPQuery" 设置为 "skip" 时,若不写此字段,将使用本地网络出站;若设置此字段,将使用对应 "tag" 出站,目的地址对应 "dns-in" 中的 "settings" 字段的内容 117 | }, 118 | "tag": "dns-out" 119 | } 120 | ] 121 | } 122 | -------------------------------------------------------------------------------- /v2rayN_custom_local_dns.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "dns": { 6 | "servers": [ 7 | "https+local://223.5.5.5/dns-query" 8 | ], 9 | "queryStrategy": "UseIPv4" 10 | }, 11 | "routing": { 12 | "domainStrategy": "IPIfNonMatch", 13 | "rules": [ 14 | { 15 | "domain": [ 16 | "geosite:category-ads-all" 17 | ], 18 | "outboundTag": "block" 19 | }, 20 | { 21 | "domain": [ 22 | "geosite:geolocation-!cn" 23 | ], 24 | "outboundTag": "proxy" 25 | }, 26 | { 27 | "type": "field", 28 | "ip": [ 29 | "geoip:cn", 30 | "geoip:private" 31 | ], 32 | "outboundTag": "direct" 33 | } 34 | ] 35 | }, 36 | "inbounds": [ 37 | { 38 | "listen": "127.0.0.1", 39 | "port": 10808, 40 | "protocol": "socks" 41 | }, 42 | { 43 | "listen": "127.0.0.1", 44 | "port": 10809, 45 | "protocol": "http" 46 | } 47 | ], 48 | "outbounds": [ 49 | { 50 | // 粘贴你的客户端配置,需要保留 "tag": "proxy" 51 | "tag": "proxy" 52 | }, 53 | { 54 | "protocol": "freedom", 55 | "settings": { 56 | "domainStrategy": "ForceIPv4" 57 | }, 58 | "tag": "direct" 59 | }, 60 | { 61 | "protocol": "blackhole", 62 | "tag": "block" 63 | } 64 | ] 65 | } 66 | -------------------------------------------------------------------------------- /v2rayN_custom_remote_dns.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "warning" 4 | }, 5 | "dns": { 6 | "servers": [ 7 | "https://1.1.1.1/dns-query" 8 | ], 9 | "queryStrategy": "UseIPv4" 10 | }, 11 | "routing": { 12 | "domainStrategy": "IPIfNonMatch", 13 | "rules": [ 14 | { 15 | "ip": [ 16 | "1.1.1.1" 17 | ], 18 | "outboundTag": "proxy" 19 | }, 20 | { 21 | "domain": [ 22 | "geosite:category-ads-all" 23 | ], 24 | "outboundTag": "block" 25 | }, 26 | { 27 | "domain": [ 28 | "geosite:geolocation-!cn" 29 | ], 30 | "outboundTag": "proxy" 31 | }, 32 | { 33 | "type": "field", 34 | "ip": [ 35 | "geoip:cn", 36 | "geoip:private" 37 | ], 38 | "outboundTag": "direct" 39 | } 40 | ] 41 | }, 42 | "inbounds": [ 43 | { 44 | "listen": "127.0.0.1", 45 | "port": 10808, 46 | "protocol": "socks" 47 | }, 48 | { 49 | "listen": "127.0.0.1", 50 | "port": 10809, 51 | "protocol": "http" 52 | } 53 | ], 54 | "outbounds": [ 55 | { 56 | // 粘贴你的客户端配置,需要保留 "tag": "proxy" 57 | "tag": "proxy" 58 | }, 59 | { 60 | "protocol": "freedom", 61 | "settings": { 62 | "domainStrategy": "ForceIPv4" 63 | }, 64 | "tag": "direct" 65 | }, 66 | { 67 | "protocol": "blackhole", 68 | "tag": "block" 69 | } 70 | ] 71 | } 72 | -------------------------------------------------------------------------------- /warning.md: -------------------------------------------------------------------------------- 1 | ### :memo: 2 | 3 | 是的,请不要使用代理访问境内 IP 网站,这是一个基本实践问题,**因为你使用任何代理访问境内网站,代理的 IP 都会被记录、上传、标记。** 4 | 5 | 这套机制已经很成熟了,根据内部人士的消息,一旦“你”使用代理访问了境内 IP,“你”就会被标记为在使用此代理(甚至还会标注情商)。 6 | 7 | 1. 因为你直连那个 VPS,并且时间吻合,所以本地 IP 被标记了。 8 | 2. 你挂着代理打开了境内应用比如微信,于是... 9 | 10 | 以上是早已被部署的检测方式,所以实践中应在服务端屏蔽所有境内 IP。 [#0](https://github.com/XTLS/Xray-core/discussions/593#discussioncomment-845165) 11 | 12 | --- 13 | 14 | ### :memo: 15 | 16 | 相对于 XTLS Vision 的使用基数,目前几乎没有收到 **配置正确** 的 Vision 被封端口的报告,**配置正确** 指的是: 17 | 18 | 1. 服务端使用合理的端口,禁回国流量 19 | 2. 只配置 XTLS Vision,不兼容普通 TLS 代理 20 | 3. 回落到网页,不回落/分流到其它代理协议 21 | 4. 客户端启用 uTLS(fingerprint) [#1.1](https://github.com/XTLS/Xray-core/issues/1544#issuecomment-1399194727) 22 | 23 | --- 24 | 25 | 首先,如果你特别不想被封,**请先选择一个干净的 IP**,并按照 **配置正确** 去搭建、使用 XTLS Vision。 26 | 27 | **但是,即使你这样做了,也无法保证 100% 不被封**。自去年底始,很多人的未知流量秒封 IP,TLS in TLS 流量隔天封端口。XTLS Vision 不是未知流量,且完整处理了 TLS in TLS 特征,目前看来效果显著。**但这并不意味着,用 XTLS Vision 可以 100% 不被封,认识到这一点是非常、非常重要的,不要自己偶然被封就大惊小怪**。 28 | 29 | **因为除了协议本身,还有很多角度能封你**。以 IP 为例,你无法保证 IP 真的干净,无法避免被邻居波及,无法避免整个 IP 段被重点拉清单。也有可能某些地区的 GFW 有独特的标准,比如某个 IP 只有寥寥数人访问连却能跑那么多流量,封。**如果你的 XTLS Vision 被封了,但没有出现去年底 TLS 那样的大规模被封报告,我真心建议你换端口、换 IP、换服务商依次试一遍**。 30 | 31 | XTLS Vision 完全没有特征吗?也不是,我就可以把它封得很精准。此外,两年前我就想出了很多种角度来不带 collateral damage 地精准封锁 FQ 流量,一个不剩。~当时我连文章草稿都写好了,只是没发,还是不给 GFW 提供弹药了,万一他们还没想到~。 32 | 33 | 最后,没看过黑镜第一季第一集的,建议去看一遍。 [#1.2](https://github.com/XTLS/Xray-core/issues/1544#issuecomment-1402118517) 34 | 35 | --- 36 | 37 | 如果你之前用了其它协议导致 TCP/443 端口被封,**Vision 并没有“解封已经被封的端口”的能力**,换个 IP 或端口 38 | 39 | 如果这是你新开到的 IP,说明这个 IP 的 TCP/443 端口已经被别人搞封了,换个 IP 或端口 [#1.3](https://github.com/XTLS/Xray-core/issues/1670#issuecomment-1436240888) 40 | 41 | ### :memo: 42 | 43 | 看来好多人还不知道代码里 Vision 只支持纯净入站或另一个 Vision 入站,~当然要改也是不难的~ [#2.1](https://github.com/XTLS/Xray-core/issues/1612#issuecomment-1418829266) 44 | 45 | --- 46 | 47 | 其实我早就看到了这个问题 [#1500](https://github.com/XTLS/Xray-core/issues/1500) ,~只是不想改~ 48 | 49 | 因为根据历史,机场会用 SS 或 VMess 中转 XTLS 出墙,XTLS 把苦力活全干了,还给 GFW 喂了大量数据,却对社区没有任何帮助 50 | 我觉得这样并不好,所以我不会去改它,当然 PR is acceptable [#2.2](https://github.com/XTLS/Xray-core/issues/1612#issuecomment-1418880212) 51 | 52 | --- 53 | 54 | ~这个 bug 是这样的~,要中转的话不能用 Vision,~但其实可以 REALITY H2 / gRPC~ 55 | 56 | ~以前我只知道 SS / VMess 中转机场,现在 Trojan 也开始了~ 57 | 58 | 我说一下这个问题在哪,你们中转这些协议,支持的客户端是多,但是会给用机场的小白传达一种错误信息:~机场都在用(名言)~ 59 | 60 | 现在还在用 SS / VMess 的机场很多,但很少直接过墙了,大都是中转 / IPLC,而后者很贵,机场要赚钱的,~所以可想而知是什么~ 61 | 62 | 它们的安全性详见 [#1811 (comment)](https://github.com/XTLS/Xray-core/discussions/1811#discussioncomment-5355075) ,~我是觉得那一层加密是自欺欺人,因为迟早全解密了,在 GFW 面前其实无异于裸 Socks5~ [#2.3](https://github.com/XTLS/Xray-core/issues/1844#issuecomment-1479639520) 63 | 64 | ### :memo: 65 | 66 | 现在可以直接配置 REALITY H2 服务端,实测 N 个请求只开一条 H2,延迟超低,纵享丝滑。"flow" 为空,"network" 改为 "h2" 即可。 67 | 68 | 另一种方式是配置 REALITY VLESS 回落至 H2C,它可以与 Vision 共存,但暂不建议。H2 自带 MUX,理论上也可以减轻 TLS in TLS 特征,是否有效仍需实测。~但若目标域名在白名单内,可能测不出区别。~ [#3.1](https://t.me/projectXtls/57) 69 | 70 | --- 71 | 72 | 与 VLESS 回落功能无关,我看了下群,都什么理解啊,主动探测连 REALITY 那关都过不去,还轮得到 VLESS 回落? 73 | 74 | 用了 REALITY,VLESS 的回落就不是给你回落到网站用的,是给 Vision 与 H2 / gRPC 同端口共存用的。 [#3.2](https://github.com/XTLS/Xray-core/issues/1769#issuecomment-1464820362) 75 | 76 | --- 77 | 78 | REALITY 是 TLSv1.3,VLESS 有回落很正常,默认回落到 H2C 或 gRPC 就能共存了,~但这俩协议不一定不封端口,风险自负~ 79 | 80 | ~其实我有个猜想,就是对于白名单网站,可能现在 GFW 并不分析流量模型,所以测不出来封不封端口~ [#3.3](https://github.com/XTLS/Xray-core/issues/1769#issuecomment-1464821647) 81 | 82 | --- 83 | 84 | gun(gRPC)最初就是 @DuckSoft 看到 CloudFlare 支持 gRPC 回源后写的,不是“gRPC后来也发展到过CDN”。 85 | 86 | REALITY 不能过免费 CDN,故 gRPC 与 H2 区别不大,由于 gRPC 是 over H2,**直接用 H2 相对省一点点**。 87 | REALITY 支持 gRPC 是顺手写的,just for fun,~毕竟相比于 H2 大家更喜欢 gRPC,多 padding 一点可能还是好事?~ 88 | 89 | 你可以看到 Xray-core 内 REALITY 的第一个 commit 就有 REALITY H2 客户端支持,本来是没打算支持 gRPC 的。 90 | ~但是 REALITY WS 就算了吧,这个组合属实没有必要。~ [#3.4](https://github.com/XTLS/Xray-core/discussions/1719#discussioncomment-5138312) 91 | 92 | ### :memo: 93 | 94 | 关于机场,说实话,我对机场落地这类技术,持保留态度。 95 | 96 | 从去年底乃至这些年的经验来看,**很多时候,GFW 的封锁策略优先讲究一个最多人用、最大收益,而不是你协议特征明不明显。** 97 | TLS 类一疯狂,指纹和 TLS in TLS 检测就被重点安排上了,反而是小众的 UDP 类没有被针对、还可以用。 98 | 要说特征,其实混淆后的 UDP 包一眼假,检测起来比 TLS 类更容易,只是机场已经遍地 TLS 类,而 UDP 类还是自建居多。 99 | 100 | 那谁会成为靶子就很明显了,这也好理解,**假如你是 GFW 的供应商,最后交差个 FQ 封锁率才百分之几的东西,不太合适吧。** 101 | 肯定先找用的人多的下手,也就是机场喜欢用的那些什么 SS / VMess,什么 Trojan,针对研究,一封一片,效果拔群。 102 | 103 | ~所以~ [#4.1](https://github.com/XTLS/Xray-core/issues/1767#issuecomment-1464882669) 104 | 105 | --- 106 | 107 | 开混淆可以暂时解决“没有真正的 h3 server 而露馅”的问题,但是带来了另一个问题,**即变成了全随机数,它本身就是更明显的特征** 108 | 109 | 以前对于 SS 这类“全随机数是不是最大的特征”还有过争议,现在已经没有悬念了,**GFW 直接封了目标 IP 也不会有什么附带伤害** 110 | 111 | 根据目前的反馈,暂时只有部分地区的 GFW 把该策略应用到了 UDP,且暂时只是封端口,~但是一旦机场大规模上,就~ [#4.2](https://github.com/XTLS/Xray-core/issues/1767#issuecomment-1465101806) 112 | 113 | ### :memo: 114 | 115 | 不稀罕,你不说我差点忘了,去年我有个套 CF 的 WSS 遇到了不断升级的“智能墙”: 116 | 117 | - 最初,WSS 被精准阻断(网站能上),研究发现用 [Browser Dialer](https://github.com/XTLS/Xray-core/pull/421) 就能解决,所以是 Golang WSS 指纹被针对了。 118 | - 不久后,又被精准阻断,**研究发现若一段时间内用浏览器打开过网页,WSS 才能用,加个自动请求解决了。** 119 | - 最后,众所周知,TLS in TLS 检测被部署了,CF 节点倒没被直接封端口,但即时丢包干扰更恶心,相信不少人都深有体会。 [#5.1](https://github.com/XTLS/Xray-core/issues/1750#issuecomment-1459340564) 120 | 121 | --- 122 | 123 | 顺便,我说一下 WSS 代理为什么能被精准识别: 124 | 125 | - **指纹:即使开了伪装,它发的 ALPN 始终为** `http/1.1~`,**一眼 WSS,实际上无法做到我们想要的“藏木于林”,只会裸送人头。** 126 | - 握手:WSS 内层的 WS 要多握手一次,时序特征非常独特。其实开 [early data](https://github.com/XTLS/Xray-core/pull/375) 可以缓解,若不得不用 WSS,建议 `?ed=2048` 127 | - TLS in TLS:这是 TLS 代理普遍存在的特征,需要针对性处理。多路复用可以缓解内层 TLS 握手特征,但却加重了“加密套娃”的特征,参考 [**XTLS Vision, TLS in TLS, to the star and beyond**](https://github.com/XTLS/Xray-core/discussions/1295) #1295 第二大段,所以目前 XTLS Vision 是较优解法。 128 | 129 | **所以我现在的建议是:不要用 WSS,并且它应当被列为 deprecated**。套 CDN 有 gRPC,直连有 N 种姿势,已无任何必要用 WSS。 [#5.2](https://github.com/XTLS/Xray-core/issues/1750#issuecomment-1459469821) 130 | 131 | ### :memo: 132 | 133 | > ~当然也有可能是被疯狂主动探测,记录握手超时时间,看像不像 Xray 的默认 60 秒~ 134 | 135 | 对于这一点,我建议大家修改一下 policy 的 handshake 和 connIdle 等,不要用默认值,不然特征太明显 136 | 137 | ~中间人多收集些数据,分析出握手 60 秒超时 + 连接 300 秒超时,这不是 *ray 还能是啥~ [#6](https://github.com/XTLS/Xray-core/issues/1511#issuecomment-1376887076) 138 | 139 | ### :memo: 140 | 141 | 1. [**XTLS-REALITY** 自己偷自己时,**serverName**填的域名与实际**SSL**证书包含的域名不一致时,也能连接](https://github.com/XTLS/Xray-core/issues/1681#issuecomment-1436655742) #1681 (comment) 142 | 2. ~总有人问这个问题我是没想到的~,我系统性地回答一下:首先对于非 REALITY 客户端,REALITY 服务端只是端口转发。其次你直接访问 https://IP ,浏览器发的 TLS Client Hello 中不含 SNI,HTTP 头中的 Host 也不对,此时会得到何种响应完全取决于目标网站的策略,大概率会得到奇奇怪怪的响应,这是正常的,当然你的浏览器还会报证书不符。最后若你想用浏览器验证 REALITY 的端口转发,正确的做法是修改系统 hosts 文件,将目标域名指向你服务端的 IP,再用浏览器直接访问目标域名,可以访问即正常,并且你可以在浏览器 F12 的 Network 中看到实际上连接的是你服务端的 IP。 [#7](https://github.com/XTLS/Xray-core/discussions/1800#discussioncomment-5321705) 143 | 144 | ### :memo: 145 | 146 | 其实 @tdjnodj 的想法是有一定价值的。 147 | 148 | 我先纠正一个常见的错误观点,**“封了就是被识别,识别了就一定封”,其实是不对的。** 149 | 150 | * 有时候封你真的只是“范围攻击”,比如特殊时期,很多仅建站的 IP 也会被封 151 | * **很多时候识别了却不立刻封,是因为留着可以匹配一下流量包长、时间,推出你可能上了哪些网站、你是 tg 上哪位等,GFW 没少这么干** 152 | 对于 SS / VMess 这类缺乏前向安全的协议,GFW 还能通过云服务拿到密码,直接解密你以前、以后的所有流量,你干了什么它一清二楚 153 | 这个“云服务”包括不限于手机应用云备份、输入法上传数据等,就算你都关了,你总装有国产软件吧,~某浏览器插件直接上传你浏览记录~ 154 | 155 | **直接封了你,你反而会换用那些更难被识别、监控的协议,所以说大多数时候识别了也不必封,留着监控更有价值,这是 GFW 的基本操作。** 但是有些时期,上面要求的是封锁率、要看到封锁的效果,GFW 就会把识别出来的协议封掉,~比如现在~,但这种情况不会一直持续。 156 | 157 | 所以 @tdjnodj 想法的价值就在于,**不严的时候,我们可以在 REALITY 外面套一个已知被识别,但被留着监控的协议**,可以是 Socks5 / HTTP / Shadowsocks / VMess / Trojan / VLESS without flow 等等,让 GFW 错误地以为我们在访问 [www.bing.com](http://www.bing.com) ,~碟中谍之我预判了你的预判~。 158 | 159 | 这一想法扩展了 REALITY 的应用场景,毕竟直接使用 REALITY 的对外表现为端口转发,万一被无脑封,~说不定这一想法会上位成主流玩法~。 [#8](https://github.com/XTLS/Xray-core/discussions/1811#discussioncomment-5355075) 160 | 161 | ### :memo: 162 | 163 | 这个 issue 我没看,只想回复这一句: 164 | 165 | > 不了解背后的代码实现,但是 shadowTLS 目前是可以国内外域名通吃,几乎不挑域名(v3需要挑域名),不知道为何reality对域名的要求这么严格,求大神解答或者等正式的release吧 166 | 167 | [XTLS/REALITY#2 (comment)](https://github.com/XTLS/REALITY/pull/2#issuecomment-1479956295) 168 | 169 | **简单来说,不是能不能的问题,而是应不应该的问题,这些协议握手时要连接目标服务端,你的国外机器填个国内域名合适吗** 170 | 171 | 这个原因是非常显而易见的啊,写模板时我以为一笔带过提醒一下,大家就明白了,~真的是我高估了~ [#9.1](https://github.com/XTLS/Xray-core/issues/1891#issuecomment-1499073501) 172 | 173 | --- 174 | 175 | > 能不能在网站标准里提一下不能用被墙的网站和有国内镜像的网站,我试一次封几分钟IP,才想明白这件事 176 | 177 | 啊,这个还要说吗,对不起,是我高估了大家的。。。 178 | 179 | https://twitter.com/kkitown/status/1636277251179438081 这位更是重量级 180 | 181 | 其实非要填国内网站,也不是不行,问题是,人家又没放国外机器上,其次,会产生各种回国流量,一眼 REALITY 加端口转发 [#9.2](https://github.com/XTLS/REALITY/pull/2#issuecomment-1479956295) 182 | 183 | ### :memo: 184 | 185 | > > > ~当然也有可能是被疯狂主动探测,记录握手超时时间,看像不像 Xray 的默认 60 秒~ 186 | > > 187 | > > 188 | > > 对于这一点,我建议大家修改一下 policy 的 handshake 和 connIdle 等,不要用默认值,不然特征太明显 189 | > > ~中间人多收集些数据,分析出握手 60 秒超时 + 连接 300 秒超时,这不是 *ray 还能是啥~ 190 | > 191 | > 192 | > 是不是可以理解: 193 | > ``` 194 | > * 回落仍然是必要的 195 | > 196 | > * 如果可以Nginx前置的情况(非xtls)前置更好一点 197 | > ``` 198 | 199 | 回落当然是必要的,尤其是现在我们大规模用 uTLS 模仿浏览器指纹,GFW 一个探测,没网页的话岂不是一眼假? 200 | 201 | 服务端指纹特征是一个值得解决的问题。 [#10.1](https://github.com/XTLS/Xray-core/issues/1511#issuecomment-1382042986) 202 | 203 | --- 204 | 205 | 我看到 sing-box 的 Trojan 有回落,不过有这样一段话: 206 | 207 | > 没有证据表明 GFW 基于 HTTP 响应检测并阻止 Trojan 服务器,并且在服务器上打开标准 http/s 端口是一个更大的特征。 208 | 209 | ~其实去年就看到了,并且去年我还看到隔壁也这么说,没有证据表明 balabala,不知道“回落无用论”又是什么政治正确还是~ 210 | 211 | **还是想得不够多。** 212 | 213 | GFW 有没有区别对待有/无回落的服务器,目前没有人对比测试过,但一个很浅显的道理是: 214 | 215 | **当你发现没有回落好像也不会被封时,有没有一种可能,正是因为绝大多数人都配置了回落,GFW 才没把它纳入封锁依据。** **如果大家的代理服务器普遍没有回落,那么会是一个谁都看得出来的、送人头的特征,GFW 一定会将其纳入封锁依据。** 216 | 217 | 多想一步,就能推出“回落无用论”是错的。鼓励大家不配回落,更是自废武功,~GFW 喜闻乐见~。 218 | 219 | 当然现在我更推荐 TLS 级别的回落,也就是 REALITY,解决了传统回落的指纹问题,~VLESS 回落的文章还咕着就又成传统的了~。 [#10.2](https://github.com/XTLS/Xray-core/pull/1916#issuecomment-1500457011) 220 | 221 | --- 222 | 223 | > > 当然现在我更推荐 TLS 级别的回落,也就是 REALITY,解决了传统回落的指纹问题,VLESS 回落的文章还咕着就又成传统的了。 224 | > > 225 | > 可以理解成是推俗称的自己偷自己吗?😂 226 | 227 | 是的,而且解决了 TLS 最令人诟病的 CA 问题,并且限制了客户端只能用浏览器指纹,都更安全,~早预告过 REALITY 是默秒全~。 228 | 229 | 关于回落是否有必要,之前预告 REALITY 时,我也以另一个角度评论过:[#1511 (comment)](https://github.com/XTLS/Xray-core/issues/1511#issuecomment-1382042986) 230 | 231 | > 回落当然是必要的,尤其是现在我们大规模用 uTLS 模仿浏览器指纹,GFW 一个探测,没网页的话岂不是一眼假? 232 | 233 | 现在的情况是,Golang 的 TLS 指纹早已明显被针对了,于是我们不得不大规模用浏览器指纹。 234 | 235 | 然后 GFW 天天看你用浏览器访问某个网站,好奇探测一下,连网页都没,这,不太合适吧,~当 GFW 傻~。 [#10.3](https://github.com/XTLS/Xray-core/pull/1916#issuecomment-1500491248) 236 | 237 | ### :memo: 238 | 239 | 看到近期群里的一些发言,真是令人无语,有没有一点基本的 Linux 和编程常识啊。 240 | 241 | **Xray 占几百兆内存,并不代表这是最低要求,而是正是因为你有空闲的内存,Xray 才会拿来当缓存、备用,因为不用白不用。** 242 | 243 | 仅此而已,内存完全够用的情况下,却非要追求这个数据的好看,想捂着不让 Xray 用,有什么意义呢?VPS 商家给你退钱? 244 | 245 | --- 246 | 247 | **对于 Xray 这样的代理类软件,内存占用大头在于对被代理数据的缓存,能用的内存多就能多缓存一些数据,麻烦搞清楚状况。** [#11.1](https://github.com/XTLS/Xray-core/issues/1880#issuecomment-1505982997) 248 | 249 | --- 250 | 251 | 换句话说,内存占用大头取决于你要的缓存数据能力,**每个代理软件的默认策略不一样**,你调低缓存自然就可以实现数据的好看。 [#11.2](https://github.com/XTLS/Xray-core/issues/1880#issuecomment-1506049230) 252 | 253 | ### :memo: 254 | 255 | 目标网站/域名的选择会极大程度地影响 REALITY 代理的延迟、速度、稳定性等: 256 | 257 | 1. 至少目前,REALITY 每次都要去拿握手包,需要注意目标网站近不近、稳不稳定(请求多了就把你半拉黑也是一种不稳定)。 258 | 2. 运营商层面可能会给某些域名更高的流量优先级,拥堵时优先保证它们的流量通过。 259 | 3. GFW 层面至少有黑名单(google)和白名单(microsoft),可能还有其它名单,比如偶尔干扰/限速名单(github?) 260 | 261 | 你们对照排查一下。 [#12.1](https://github.com/XTLS/Xray-core/issues/2017#issuecomment-1532345891) 262 | 263 | --- 264 | 265 | ~也可能是你们天天逮着 microsoft、apple 之类的偷,GFW 开始测试了~,有人说伊朗那边就有运营商在“内测” yahoo 的 IP 白名单。 266 | 267 | REALITY 以后会出个缓存模式,提前采集目标网站的特征,就不用每次都去拿了,这也是相对于 ShadowTLS 之类的优势之一。 268 | 269 | 还有就是 REALITY 隐藏玩法的任意 SNI、无 SNI,对 REALITY 来说,只要服务端 serverNames 写了,客户端 serverName 就能填。 我需要说明一下不是只有 1.1.1.1 和 8.8.8.8,而是绝大多数网站都有“默认证书”。不过不希望这个玩法泛滥,因为特征明显。 [#12.2](https://github.com/XTLS/Xray-core/issues/2017#issuecomment-1532359978) 270 | 271 | ### :memo: 272 | 273 | 顺便先简单说一下 v1.8.1 [增强版 XUDP](https://github.com/XTLS/Xray-core/issues/1963#issuecomment-1512532299) 的 [Global ID & UoT Migration](https://xtls.github.io/development/protocols/muxcool.html#%E6%96%B0%E5%BB%BA%E5%AD%90%E8%BF%9E%E6%8E%A5-new) 有什么效果: 274 | 275 | v1.8.1 以前,你用任何 UoT,假设服务端用 A 端口与多目标通信,若 TCP 断了,比如切换网络,重连后服务端会改用 B 端口。 v1.8.1 开始,你用 VLESS(包括 Mux.Cool),即使 TCP 断了,重连后服务端还是会用 A 端口。 276 | 277 | 尤其是,对 P2P 有奇效。从某种程度上来说,这才是真正的 FullCone。双端 Xray-core v1.8.1+ 自动启用,无需额外配置。 278 | 279 | 可以用 [NatTypeTester](https://github.com/HMBSbige/NatTypeTester),先连接家里 WiFi 测一下,再连接手机热点(流量)测一下,你会发现服务端出口端口没变,~挺神奇的。~ 280 | 281 | ~更多内容,咕咕咕,请等文章。~ [#13](https://github.com/XTLS/Xray-core/issues/2017#issuecomment-1532488765) 282 | 283 | ### :memo: 284 | 285 | 都是 TLS,但怎么用 TLS,是有讲究的,有句话我早就想对鼓吹 Trojan 平替 VLESS 的人说:**真以为 Trojan 能用一辈子?** 早在三年前的 VLESS BETA 我就给你们说过,光套一层加密并不能掩盖里面的时序特征,所以 VLESS 有 flow 机制。 但是呢,以前的 GFW 没上手段,简单套个 TLS 在实践上的确还可以用,就像 WSS ALPN 一直很明显,但以前它能用。 它们还能用,我就没必要提前出牌,等 GFW 上了手段,我再继续出牌,并且不推荐大家再用旧的 WS、无 flow 等。 286 | 287 | 有一点需要再次强调,我支持的始终是 TLS 上的百花齐放,而不是 TCP 上的,原因以前说过很多,可以去 [v2ray](https://github.com/v2ray/v2ray-core/issues/2523#issuecomment-636548331) 翻翻。 前段时间不是有个论文嘛,~算了不想说了,有空时再评论。~ [#14](https://github.com/XTLS/Xray-core/issues/2017#issuecomment-1532568938) 288 | 289 | ### :memo: 290 | 291 | 还是简单说一下各协议 2023 现状(对于中国大多数地区) 292 | 293 | 1. SS 全随机数类秒封 IP;IPv6 不一定封,~因人品而异~;绕过“省钱规则”曾经不封,目前不知道,但若流行了肯定会封,参考 SSR 294 | 2. Trojan、WSS 隔天封端口;Cloudflare 不封但干扰会很严重,因地区而异 295 | 3. 黑名单是单连接 TLS in TLS 握手典型特征,因为用强 padding(Vision)或开 mux 就能绕过,注意不要让猪队友客户端连接 296 | 4. REALITY 类偷白名单域名的话即使有上述特征也不封;甲骨文等太黑的 IP 段偷大厂/偷别人不一定连得上 297 | 5. Hysteria、TUIC 不一定封,因配置、地区而异;可能会遇到 QoS 限速,因运营商而异;总之就是使用体验严重因人而异 298 | 299 | 所以你可以看到以前的流行协议在今年是什么样的存活状况,**事实上今年自建的大都是新协议,非 IPLC 中转用的协议原理也没差** **你的主观印象中“今年能连接国外网络的人数并没有减少”,严格来说就是因为自建,一些人把它透明化了,卖中转给机场和个人** [#15](https://github.com/XTLS/Xray-core/issues/2317#issuecomment-1637142176) 300 | -------------------------------------------------------------------------------- /wireguard_for_v1.8.0-v1.8.4.md: -------------------------------------------------------------------------------- 1 | ### 使用 **[warp-reg](https://github.com/badafans/warp-reg)**,注册warp账号 2 | 3 | ``` 4 | curl -sLo warp-reg https://github.com/badafans/warp-reg/releases/download/v1.0/main-linux-amd64 && chmod +x warp-reg && ./warp-reg && rm warp-reg 5 | ``` 6 | 7 | ### 使用 **[warp-reg.sh](https://github.com/chise0713/warp-reg.sh)**,注册warp账号 8 | 9 | ``` 10 | bash -c "$(curl -L warp-reg.vercel.app)" 11 | ``` 12 | 13 | ### 使用 **api.zeroteam.top**,获取warp账号 14 | 15 | ``` 16 | curl -sL "https://api.zeroteam.top/warp?format=sing-box" | grep -Eo --color=never '"2606:4700:[0-9a-f:]+/128"|"private_key":"[0-9a-zA-Z\/+]+="|"reserved":\[[0-9]+(,[0-9]+){2}\]' 17 | ``` 18 | 19 | - 复制输出的 IPv6 地址,替换下面配置中的 `2606:4700::` 20 | - 复制输出的 `private_key` 值,粘贴到下面配置中 `secretKey` 后的 `""` 中 21 | - 复制输出的 `reserved` 值,粘贴到下面配置中 `reserved` 后的 `[]` 中 22 | 23 | ### "outbounds" 24 | 25 | ```jsonc 26 | { 27 | "protocol": "freedom", 28 | "settings": { 29 | "domainStrategy": "UseIPv4" 30 | }, 31 | "proxySettings": { 32 | "tag": "warp" 33 | }, 34 | "tag": "warp-IPv4" 35 | }, 36 | { 37 | "protocol": "freedom", 38 | "settings": { 39 | "domainStrategy": "UseIPv6" 40 | }, 41 | "proxySettings": { 42 | "tag": "warp" 43 | }, 44 | "tag": "warp-IPv6" 45 | }, 46 | { 47 | "protocol": "wireguard", 48 | "settings": { 49 | "secretKey": "", // 粘贴你的 "private_key" 值 50 | "address": [ 51 | "172.16.0.2/32", 52 | "2606:4700::/128" // 粘贴你的 warp IPv6 地址,结尾加 /128 53 | ], 54 | "peers": [ 55 | { 56 | "publicKey": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=", 57 | "allowedIPs": [ 58 | "0.0.0.0/0", 59 | "::/0" 60 | ], 61 | "endpoint": "162.159.192.1:2408" // IPv6 地址 [2606:4700:d0::a29f:c001]:2408,或填写域名 engage.cloudflareclient.com:2408 62 | } 63 | ], 64 | "reserved":[0, 0, 0], // 粘贴你的 "reserved" 值 65 | "mtu": 1280 66 | }, 67 | "tag": "warp" 68 | } 69 | ``` 70 | 71 | 编辑 **/usr/local/etc/xray/config.json**,按需增加 **"routing"**,**"inbounds"**,**"outbounds"** 的内容(注意检查json格式),输入 `systemctl restart xray` 重启Xray,访问[chat.openai.com/cdn-cgi/trace](https://chat.openai.com/cdn-cgi/trace)查看是否为Cloudflare的IP。 72 | 73 | ### "routing" 74 | 75 | ```jsonc 76 | { 77 | "domain": [ 78 | "geosite:openai" 79 | ], 80 | "outboundTag": "warp-IPv4" // 若需使用 cloudflare 的 IPv6,改为 "warp-IPv6" 81 | } 82 | ``` 83 | 84 | ### "inbounds" 85 | 86 | ```jsonc 87 | "sniffing": { 88 | "enabled": true, 89 | "destOverride": [ 90 | "http", 91 | "tls", 92 | "quic" 93 | ] 94 | } 95 | ``` 96 | 97 | ### "dns" 98 | 99 | ```jsonc 100 | "dns": { 101 | "servers": [ 102 | "https://1.1.1.1/dns-query" 103 | ], 104 | "queryStrategy": "UseIP" // 若不写此参数,默认值 UseIP,即同时查询 A 和 AAAA 记录,可选值 UseIPv4 和 UseIPv6,其它记录类型由系统 DNS 查询 105 | } 106 | ``` 107 | 108 | ### 服务端配置示例 109 | 110 | ```jsonc 111 | { 112 | "log": { 113 | "loglevel": "warning" 114 | }, 115 | "dns": { 116 | "servers": [ 117 | "https://1.1.1.1/dns-query" 118 | ], 119 | "queryStrategy": "UseIP" 120 | }, 121 | "routing": { 122 | "domainStrategy": "IPIfNonMatch", 123 | "rules": [ 124 | { 125 | "domain": [ 126 | "geosite:openai" 127 | ], 128 | "outboundTag": "warp-IPv4" 129 | }, 130 | { 131 | "ip": [ 132 | "geoip:cn" 133 | ], 134 | "outboundTag": "warp" 135 | } 136 | ] 137 | }, 138 | "inbounds": [ 139 | { 140 | // 粘贴你的服务端配置 141 | "sniffing": { 142 | "enabled": true, 143 | "destOverride": [ 144 | "http", 145 | "tls", 146 | "quic" 147 | ] 148 | } 149 | } 150 | ], 151 | "outbounds": [ 152 | { 153 | "protocol": "freedom", 154 | "settings": { 155 | "domainStrategy": "UseIP" 156 | }, 157 | "tag": "direct" 158 | }, 159 | { 160 | "protocol": "blackhole", 161 | "tag": "block" 162 | }, 163 | { 164 | "protocol": "freedom", 165 | "settings": { 166 | "domainStrategy": "UseIPv4" 167 | }, 168 | "proxySettings": { 169 | "tag": "warp" 170 | }, 171 | "tag": "warp-IPv4" 172 | }, 173 | { 174 | "protocol": "freedom", 175 | "settings": { 176 | "domainStrategy": "UseIPv6" 177 | }, 178 | "proxySettings": { 179 | "tag": "warp" 180 | }, 181 | "tag": "warp-IPv6" 182 | }, 183 | { 184 | "protocol": "wireguard", 185 | "settings": { 186 | "secretKey": "", 187 | "address": [ 188 | "172.16.0.2/32", 189 | "2606:4700::/128" 190 | ], 191 | "peers": [ 192 | { 193 | "publicKey": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=", 194 | "allowedIPs": [ 195 | "0.0.0.0/0", 196 | "::/0" 197 | ], 198 | "endpoint": "162.159.192.1:2408" 199 | } 200 | ], 201 | "reserved":[0, 0, 0], 202 | "mtu": 1280 203 | }, 204 | "tag": "warp" 205 | } 206 | ] 207 | } 208 | ``` 209 | -------------------------------------------------------------------------------- /wireguard_for_v1.8.6_or_higher.md: -------------------------------------------------------------------------------- 1 | ### 使用 **[warp-reg](https://github.com/badafans/warp-reg)**,注册warp账号 2 | 3 | ``` 4 | curl -sLo warp-reg https://github.com/badafans/warp-reg/releases/download/v1.0/main-linux-amd64 && chmod +x warp-reg && ./warp-reg && rm warp-reg 5 | ``` 6 | 7 | ### 使用 **[warp-reg.sh](https://github.com/chise0713/warp-reg.sh)**,注册warp账号 8 | 9 | ``` 10 | bash -c "$(curl -L warp-reg.vercel.app)" 11 | ``` 12 | 13 | ### 使用 **api.zeroteam.top**,获取warp账号 14 | 15 | ``` 16 | curl -sL "https://api.zeroteam.top/warp?format=sing-box" | grep -Eo --color=never '"2606:4700:[0-9a-f:]+/128"|"private_key":"[0-9a-zA-Z\/+]+="|"reserved":\[[0-9]+(,[0-9]+){2}\]' 17 | ``` 18 | 19 | - 复制输出的 IPv6 地址,替换下面配置中的 `2606:4700::` 20 | - 复制输出的 `private_key` 值,粘贴到下面配置中 `secretKey` 后的 `""` 中 21 | - 复制输出的 `reserved` 值,粘贴到下面配置中 `reserved` 后的 `[]` 中 22 | 23 | ### "outbounds" 24 | 25 | ```jsonc 26 | { 27 | "protocol": "wireguard", 28 | "settings": { 29 | "secretKey": "", // 粘贴你的 "private_key" 值 30 | "address": [ 31 | "172.16.0.2/32", 32 | "2606:4700::/128" // 粘贴你的 warp IPv6 地址,结尾加 /128 33 | ], 34 | "peers": [ 35 | { 36 | "publicKey": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=", 37 | "allowedIPs": [ 38 | "0.0.0.0/0", 39 | "::/0" 40 | ], 41 | "endpoint": "162.159.192.1:2408" // IPv6 地址 [2606:4700:d0::a29f:c001]:2408,或填写域名 engage.cloudflareclient.com:2408 42 | } 43 | ], 44 | "reserved":[0, 0, 0], // 粘贴你的 "reserved" 值 45 | "mtu": 1280, 46 | "domainStrategy": "ForceIPv6v4" // 若需使用 cloudflare 的 IPv4,改为 "ForceIPv4" 47 | }, 48 | "tag": "warp" 49 | } 50 | ``` 51 | 52 | 编辑 **/usr/local/etc/xray/config.json**,按需增加 **"routing"**,**"inbounds"**,**"outbounds"** 的内容(注意检查json格式),输入 `systemctl restart xray` 重启Xray,访问[chat.openai.com/cdn-cgi/trace](https://chat.openai.com/cdn-cgi/trace)查看是否为Cloudflare的IP。 53 | 54 | ### "routing" 55 | 56 | ```jsonc 57 | { 58 | "domain": [ 59 | "geosite:openai" 60 | ], 61 | "outboundTag": "warp" 62 | } 63 | ``` 64 | 65 | ### "inbounds" 66 | 67 | ```jsonc 68 | "sniffing": { 69 | "enabled": true, 70 | "destOverride": [ 71 | "http", 72 | "tls", 73 | "quic" 74 | ] 75 | } 76 | ``` 77 | 78 | ### "dns" 79 | 80 | ```jsonc 81 | "dns": { 82 | "servers": [ 83 | "https://1.1.1.1/dns-query" 84 | ], 85 | "queryStrategy": "UseIP" // 若不写此参数,默认值 UseIP,即同时查询 A 和 AAAA 记录,可选值 UseIPv4 和 UseIPv6,其它记录类型由系统 DNS 查询 86 | } 87 | ``` 88 | 89 | ### 服务端配置示例 90 | 91 | ```jsonc 92 | { 93 | "log": { 94 | "loglevel": "warning" 95 | }, 96 | "dns": { 97 | "servers": [ 98 | "https://1.1.1.1/dns-query" 99 | ], 100 | "queryStrategy": "UseIP" 101 | }, 102 | "routing": { 103 | "domainStrategy": "IPIfNonMatch", 104 | "rules": [ 105 | { 106 | "domain": [ 107 | "geosite:openai" 108 | ], 109 | "outboundTag": "warp" 110 | }, 111 | { 112 | "ip": [ 113 | "geoip:cn" 114 | ], 115 | "outboundTag": "warp" 116 | } 117 | ] 118 | }, 119 | "inbounds": [ 120 | { 121 | // 粘贴你的服务端配置 122 | "sniffing": { 123 | "enabled": true, 124 | "destOverride": [ 125 | "http", 126 | "tls", 127 | "quic" 128 | ] 129 | } 130 | } 131 | ], 132 | "outbounds": [ 133 | { 134 | "protocol": "freedom", 135 | "settings": { 136 | "domainStrategy": "UseIP" 137 | }, 138 | "tag": "direct" 139 | }, 140 | { 141 | "protocol": "blackhole", 142 | "tag": "block" 143 | }, 144 | { 145 | "protocol": "wireguard", 146 | "settings": { 147 | "secretKey": "", 148 | "address": [ 149 | "172.16.0.2/32", 150 | "2606:4700::/128" 151 | ], 152 | "peers": [ 153 | { 154 | "publicKey": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=", 155 | "allowedIPs": [ 156 | "0.0.0.0/0", 157 | "::/0" 158 | ], 159 | "endpoint": "162.159.192.1:2408" 160 | } 161 | ], 162 | "reserved":[0, 0, 0], 163 | "mtu": 1280, 164 | "domainStrategy": "ForceIPv6v4" // 1 165 | }, 166 | "tag": "warp" 167 | } 168 | ] 169 | } 170 | ``` 171 | 172 | **1:** 若不写此参数,或留空,默认值 "ForceIP"。
173 | 当目标地址为域名时,使用 Xray-core 内置 DNS 服务器查询获取 IP(若没写 `"dns"` 配置,使用系统 DNS),将此 IP 通过 wireguard 发出连接。 174 | 175 | | domainStrategy | [test-ipv6.com](https://test-ipv6.com/) | [bgp.he.net](https://bgp.he.net/) | [chat.openai.com](https://chat.openai.com/cdn-cgi/trace) | 176 | | :--- | :---: | :---: | :---: | 177 | | ForceIPv6v4 | IPv6v4地址 | IPv6地址 | IPv6地址 | 178 | | ForceIPv6 | 网站打不开 | IPv6地址 | IPv6地址 | 179 | | ForceIPv4v6 | IPv6v4地址 **2** | IPv4地址 | IPv4地址 | 180 | | ForceIPv4 | IPv4地址 | IPv4地址 | IPv4地址 | 181 | | ForceIP | IPv6v4地址 **3** | IPv6地址 | IPv6地址 | 182 | 183 | **2:** 提示`你已经有 IPv6 地址了,但你的浏览器不太愿意用,这一点比较令人担心。`
184 | **3:** 有机率提示`你已经有 IPv6 地址了,但你的浏览器不太愿意用,这一点比较令人担心。` 185 | --------------------------------------------------------------------------------