├── images ├── QR.png ├── NekoBoxCore.png ├── v2rayNGConfig.png ├── NekoBoxVLESSSettings.png └── v2rayNGNewConnection.png ├── regenerate-client-settings.sh ├── get-client-settings.sh ├── get-client-qr.sh ├── docker-compose.yaml ├── Dockerfile ├── Makefile ├── LICENSE ├── entrypoint.sh ├── config.json └── README.md /images/QR.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myelectronix/xtls-reality-docker/HEAD/images/QR.png -------------------------------------------------------------------------------- /images/NekoBoxCore.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myelectronix/xtls-reality-docker/HEAD/images/NekoBoxCore.png -------------------------------------------------------------------------------- /images/v2rayNGConfig.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myelectronix/xtls-reality-docker/HEAD/images/v2rayNGConfig.png -------------------------------------------------------------------------------- /images/NekoBoxVLESSSettings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myelectronix/xtls-reality-docker/HEAD/images/NekoBoxVLESSSettings.png -------------------------------------------------------------------------------- /images/v2rayNGNewConnection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/myelectronix/xtls-reality-docker/HEAD/images/v2rayNGNewConnection.png -------------------------------------------------------------------------------- /regenerate-client-settings.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | rm -rf config/.lockfile 3 | echo "The proxy-server will be restarted. New client settings will be created on startup" 4 | killall /opt/xray/xray 5 | -------------------------------------------------------------------------------- /get-client-settings.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "IP Address: $(curl -s ifconfig.me)" 3 | echo "UUID: $(cat config/uuid)" 4 | echo "Public key: $(cat config/public)" 5 | echo "SNI: ${SNI}" 6 | echo "ShortID: ${SHORT_ID}" -------------------------------------------------------------------------------- /get-client-qr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | EXT_IP=$(curl -s ifconfig.me) 3 | UUID=$(cat config/uuid) 4 | PUB_KEY=$(cat config/public) 5 | 6 | echo "vless://${UUID}@${EXT_IP}:443?security=reality&encryption=none&pbk=${PUB_KEY}&headerType=none&fp=chrome&type=tcp&flow=xtls-rprx-vision&sni=${SNI}&sid=${SHORT_ID}#MyVLESS" > config/client_qr.txt 7 | qrencode -t ansiutf8 < config/client_qr.txt -------------------------------------------------------------------------------- /docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3.8' 2 | services: 3 | xtls-reality: 4 | image: myelectronix/xtls-reality:latest 5 | environment: 6 | - SNI=www.samsung.com 7 | - SHORT_ID=aabbccdd 8 | container_name: xtls-reality 9 | restart: always 10 | ports: 11 | - "443:443" 12 | volumes: 13 | - xtls-reality-volume:/opt/xray/config 14 | volumes: 15 | xtls-reality-volume: -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:latest 2 | LABEL mantainer="myelectronix" 3 | 4 | ARG XRAY_CORE_VERSION=v1.8.4 5 | ENV SNI=www.samsung.com 6 | ENV SHORT_ID=aabbccdd 7 | 8 | RUN set -e &&\ 9 | apk add --no-cache bash libqrencode curl &&\ 10 | wget https://github.com/XTLS/Xray-core/releases/download/${XRAY_CORE_VERSION}/Xray-linux-64.zip &&\ 11 | mkdir /opt/xray &&\ 12 | mkdir /opt/xray/config &&\ 13 | unzip ./Xray-linux-64.zip -d /opt/xray &&\ 14 | rm -rf Xray-linux-64.zip 15 | 16 | WORKDIR /opt/xray 17 | 18 | COPY config.json config/config.json 19 | COPY get-client-qr.sh . 20 | COPY get-client-settings.sh . 21 | COPY regenerate-client-settings.sh . 22 | COPY entrypoint.sh . 23 | 24 | EXPOSE 443 25 | ENTRYPOINT [ "/bin/bash","./entrypoint.sh" ] 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | export XTLS_VERSION=1.8.4 2 | export DOCKER_REPO="myelectronix/xtls-reality" 3 | 4 | 5 | .PHONY: build build-local build-and-run-local 6 | 7 | all: build-and-run-local 8 | 9 | build-release: 10 | @echo "Making production version ${XTLS_VERSION} of XTLS-reality proxy server" 11 | docker build -t "${DOCKER_REPO}:${XTLS_VERSION}" -t "${DOCKER_REPO}:latest" . --no-cache 12 | docker push "${DOCKER_REPO}:${XTLS_VERSION}" 13 | docker push "${DOCKER_REPO}:latest" 14 | 15 | build-local: 16 | @echo "Making version of XTLS-reality proxy server for testing on local machine" 17 | docker build -t "${DOCKER_REPO}:local" . --no-cache 18 | 19 | build-and-run-local: 20 | @echo "Making version of XTLS-reality proxy server for testing on local machine" 21 | @if docker ps | grep xtls-reality ; then\ 22 | docker rm --force xtls-reality ;\ 23 | fi 24 | docker build -t "${DOCKER_REPO}:local" . --no-cache 25 | docker run -d --rm --name xtls-reality -p 443:443 -v xtls-reality-volume:/opt/xray/config ${DOCKER_REPO}:local -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 myelectronix 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #LOCKFILE for generate uuid and keys in first start 4 | LOCKFILE=config/.lockfile 5 | if [ ! -f $LOCKFILE ] 6 | then 7 | 8 | #generate uuid 9 | echo "Generate UUID..." 10 | /opt/xray/xray uuid > config/uuid 11 | 12 | 13 | #generate Public & Private keys 14 | echo "Generate public & private keys..." 15 | /opt/xray/xray x25519 > config/keys 16 | 17 | #Create files with Public & Private keys 18 | awk '/Public/{print $3}' config/keys > config/public 19 | awk '/Private/{print $3}' config/keys > config/private 20 | 21 | UUID=$(cat config/uuid) 22 | PRIVATE=$(cat config/private) 23 | 24 | #set uuid in config.json 25 | sed -i 's/"id":.*/"id": "'${UUID}'",/' config/config.json 26 | 27 | #set private key in config.json 28 | sed -i 's/"privateKey":.*/"privateKey": "'${PRIVATE}'",/' config/config.json 29 | 30 | #create lockfile 31 | touch $LOCKFILE 32 | fi 33 | 34 | sed -i 's/"dest":.*/"dest": "'${SNI}':443",/' config/config.json 35 | sed -i '/serverNames/{n;s/.*/\t\t\t\t"'${SNI}'"/}' config/config.json 36 | sed -i '/shortIds/{n;s/.*/\t\t\t\t"'${SHORT_ID}'"/}' config/config.json 37 | 38 | #run proxy 39 | echo "XTLS reality starting..." 40 | /opt/xray/xray run -config /opt/xray/config/config.json 41 | 42 | -------------------------------------------------------------------------------- /config.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "error" 4 | }, 5 | "routing": { 6 | "rules": [], 7 | "domainStrategy": "AsIs" 8 | }, 9 | "inbounds": [ 10 | { 11 | "port": 443, 12 | "protocol": "vless", 13 | "tag": "vless_tls", 14 | "settings": { 15 | "clients": [ 16 | { 17 | "id": "", 18 | "flow": "xtls-rprx-vision" 19 | } 20 | ], 21 | "decryption": "none" 22 | }, 23 | "streamSettings": { 24 | "network": "tcp", 25 | "security": "reality", 26 | "realitySettings": { 27 | "show": false, 28 | "dest": "", 29 | "xver": 0, 30 | "serverNames": [ 31 | "" 32 | ], 33 | "privateKey": "", 34 | "minClientVer": "", 35 | "maxClientVer": "", 36 | "maxTimeDiff": 0, 37 | "shortIds": [ 38 | "aabbccdd" 39 | ] 40 | } 41 | }, 42 | "sniffing": { 43 | "enabled": true, 44 | "destOverride": [ 45 | "http", 46 | "tls" 47 | ] 48 | } 49 | } 50 | ], 51 | "outbounds": [ 52 | { 53 | "protocol": "freedom", 54 | "tag": "direct" 55 | }, 56 | { 57 | "protocol": "blackhole", 58 | "tag": "block" 59 | } 60 | ] 61 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | # XTLS-reality-docker 4 | 5 | This is a simple docker image which starts up in just a few seconds and launch a proxy-server ready to accept client connections. This proxy-server does not encrypt your data, but it can masquerade your traffic as a regular TLS-connection. To unauthorized users your proxy-server will look like a harmless site. 6 | 7 | 8 | To get it running, just copy & paste the snippet below in your terminal: 9 | 10 | ```bash 11 | sudo docker run -d --rm -p 443:443 -v xtls-reality-volume:/opt/xray/config --name xtls-reality myelectronix/xtls-reality 12 | ``` 13 | 14 | The XTLS-Reality proxy server will be up and ready to accept connections on port 443. 15 | 16 | To get more detailed information, go to [Quick Start](#-quick-start). 17 | 18 | 19 | 20 | ## Sources 21 | 22 | | Name | URL 23 | | :--: | :-----: | 24 | | GitHub | | 25 | | Docker Hub | | 26 | | XTLS GitHub | | 27 | | Habr | | 28 | 29 | 30 | ## Container properties 31 | 32 | 33 | ### Environment variables 34 | 35 | | Variable | Description | Default value | 36 | | :------: | :---------: | :-----------: | 37 | | SNI | A website address for masquerade. It must support TLSv1.3 and HTTP/2 | www.samsung.com | 38 | | SHORT_ID | Short ID. You can generate any 32-bit number in HEX-format | aabbccdd | 39 | 40 | 41 | 42 | ### Container commands 43 | 44 | After container was run using `docker run` or `docker compose up` command, it's possible to execute additional commands using `docker exec` command. For example, `sudo docker exec xtls-reality bash get-client-qr.sh`. See table below to get the full list of supported commands. 45 | 46 | | Command | Description | 47 | | :------: | :---------: | 48 | | `get-client-qr.sh` | Outputs a QR-code with client settings. You can scan this code by a mobile application (for exampe, v2rayNG) and get a quick connection. | | 49 | | `get-client-settings.sh` | Outputs a client settings in text form | 50 | | `regenerate-client-settings.sh` | Generate a new UUID, Private and Public key. Docker container must be reload | 51 | 52 | 53 | 54 | ## Quick Start 55 | 56 | ### 1. Prerequisites 57 | 58 | 1. Any hardware or vps/vds server running Linux. You must have administrative rights on this machine. 59 | 2. Docker installation on your server.For more information please see https://docs.docker.com/engine/install/ 60 | 3. Your server must have a public IP-address 61 | 62 | ### 2. XTLS-reality proxy server run 63 | You can run XTLS-reality proxy server in two ways of your choice: docker run or docker compose. 64 | 65 | #### 2.1. Docker run 66 | Pull the latest version of XTLS-reality-docker image: 67 | ```bash 68 | sudo docker pull myelectronix/xtls-reality:latest 69 | ``` 70 | 71 | Copy & paste the following command to run XTLS-reality-docker:
72 | 73 | ```bash 74 | sudo docker run -d --rm \ 75 | -p 443:443 \ 76 | -e SNI=YOUR_SNI \ 77 | -e SHORT_ID=YOUR_SHORT_ID \ 78 | -v xtls-reality-volume:/opt/xray/config \ 79 | --name xtls-reality myelectronix/xtls-reality:latest 80 | ``` 81 | 82 | **⚠️ Note:** You must specify the desired values instead ***YOUR_SNI*** and ***YOUR_SHORT_ID***. You can skip these lines in the command, in this case the default values will be used. 83 | 84 | To check a status of the container you can execute the following command 85 | ```bash 86 | sudo docker ps 87 | ``` 88 | The output should look like this 89 | ```bash 90 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 91 | 82d35a13b672 myelectronix/xtls-reality "/bin/bash ./entrypo…" 8 seconds ago Up 7 seconds 0.0.0.0:443->443/tcp, :::443->443/tcp xtls-reality 92 | ``` 93 | 94 | #### 2.2. Docker compose 95 | The another way of start up XTLS-reality proxy-server is docker compose. Docker compose saves all startup options in a special file and can automatically restart containers if they fail. Firts of all you must install docker compose plugin. For more information please see https://docs.docker.com/compose/install/linux/ 96 | 97 | After install docker compose plugin clone this git repository: 98 | 99 | ```bash 100 | git clone https://github.com/myelectronix/xtls-reality-docker 101 | ``` 102 | 103 | 104 | Change your work directory and run docker compose 105 | ```bash 106 | cd xtls-reality-docker 107 | docker compose up -d 108 | ``` 109 | 110 | **⚠️ Note:** You can specify the desired values ***SNI*** and ***SHORT_ID*** in `docker-compose.yaml` file before launch docker compose or leave a default values. 111 | 112 | To check a status of the container you can execute the following command 113 | ```bash 114 | sudo docker ps 115 | ``` 116 | The output should look like this 117 | ```bash 118 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 119 | 82d35a13b672 myelectronix/xtls-reality "/bin/bash ./entrypo…" 8 seconds ago Up 7 seconds 0.0.0.0:443->443/tcp, :::443->443/tcp xtls-reality 120 | ``` 121 | 122 | 123 | ### 3. Get client configuration 124 | After run XTLS-reality docker you can get a settings for client connection. You have a two ways for get connection: QR-code or text form. To get the QR code, run the following command 125 | ```bash 126 | sudo docker exec xtls-reality bash get-client-qr.sh 127 | ``` 128 | The result will be a generated QR-code in your terminal as shown below 129 | 130 |

131 | 132 | To get the text form settings, run the following command 133 | ```bash 134 | sudo docker exec xtls-reality bash get-client-settings.sh 135 | ``` 136 | The result will be a text settings in your terminal as shown below 137 | ```bash 138 | IP Address: XXX.XXX.XXX.XXX 139 | UUID: e4a047bb-fd0a-4742-b52d-4ef83fae4ef2 140 | Public key: gF5RvoxnC5btsqZ9YvNLtH-gaUfcrDXDLif-NM7oFQ4 141 | SNI: www.samsung.com 142 | ShortID: aabbccdd 143 | ``` 144 | 145 | ### 4. Connecting Clients 146 | 147 | You can use various proxy client programs to connect to your XTLS reality proxy. 148 | 149 | If you use **windows** you can use [NekoBox](https://github.com/MatsuriDayo/nekoray/releases) 150 | 151 | In **NekoBox** window select *Preferences - Basic Settings - Core* and set *sing-box* button 152 | 153 |

154 | 155 | Then select *Server - New Profile - VLESS* and set the settings according to the picture below, use your IP-address, UUID, SNI, Public key and ShortID. 156 | 157 |

158 | 159 | Then save the settings and launch your proxy. For testing the connection use *Current Select - URL Test* 160 | 161 | If you use **android** you can install [v2rayNG](https://play.google.com/store/apps/details?id=com.v2ray.ang&hl=en_US) 162 | 163 | To connection v2rayNG select *Import config from QRcode* and scan QR-code with your settings. 164 |

165 | 166 | As a result you should have a new connection in the list. 167 | 168 |

169 | 170 | Activate it and use your XTLS-reality proxy. 171 | 172 | 173 | ## Stop and remove 174 | To stop and remove your XTLS-reality-docker container execute the following command 175 | ```bash 176 | sudo docker rm --force xtls-reality 177 | ``` 178 | Your settings (UUID, Private and Public keys) storaged in special docker volume. So they won't change when you delete a container and start a new one. If you desire remove all your settings execute the following command after stop and remove docker container. 179 | ```bash 180 | sudo docker volume rm xtls-reality-volume 181 | ``` 182 | 183 | --------------------------------------------------------------------------------