├── .github ├── FUNDING.yml └── workflows │ ├── xray_docker_reality.yml │ └── xray_docker_xhttp_reality.yml ├── README.MD ├── reality ├── Dockerfile ├── README.MD ├── SERVERNAMES.MD ├── VERSION ├── config.json └── entrypoint.sh └── xhttp_reality ├── Dockerfile ├── README.MD ├── VERSION ├── config.json └── entrypoint.sh /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: [wulabing] 4 | -------------------------------------------------------------------------------- /.github/workflows/xray_docker_reality.yml: -------------------------------------------------------------------------------- 1 | name: xray_docker_reality 2 | 3 | on: 4 | workflow_dispatch: 5 | schedule: 6 | - cron: '0 20 */2 * *' # UTC 20:00 UTC+8 04:00 7 | push: 8 | paths: 9 | - 'reality/Dockerfile' 10 | - '.github/workflows/xray_docker_reality.yml' 11 | - 'reality/entrypoint.sh' 12 | - 'reality/config.json' 13 | - 'reality/VERSION' 14 | pull_request: 15 | paths: 16 | - 'reality/Dockerfile' 17 | - '.github/workflows/xray_docker_reality.yml' 18 | - 'reality/entrypoint.sh' 19 | - 'reality/config.json' 20 | - 'reality/VERSION' 21 | 22 | jobs: 23 | build: 24 | runs-on: ubuntu-22.04 25 | steps: 26 | - name: Checkout 27 | uses: actions/checkout@v4 28 | 29 | - name: Docker Setup Buildx 30 | uses: docker/setup-buildx-action@v3 31 | 32 | - name: Set up QEMU 33 | uses: docker/setup-qemu-action@v3 34 | 35 | - name: Docker Login 36 | uses: docker/login-action@v3 37 | with: 38 | username: ${{ secrets.DOCKER_USERNAME }} 39 | password: ${{ secrets.DOCKER_PASSWORD }} 40 | 41 | - name: Extract first line of commit message 42 | shell: bash 43 | run: | 44 | VERSION=$(cat reality/VERSION) 45 | echo "VERSION=$VERSION" >> $GITHUB_ENV 46 | 47 | - name: Get latest Xray-core version (including pre-release) 48 | run: | 49 | LATEST_VERSION=$(curl -s https://api.github.com/repos/XTLS/Xray-core/releases | jq -r '.[0].tag_name') 50 | echo "XRAY_VERSION=$LATEST_VERSION" >> $GITHUB_ENV 51 | 52 | - name: Build and push Docker image 53 | uses: docker/build-push-action@v4.0.0 54 | with: 55 | context: ./reality 56 | file: ./reality/Dockerfile 57 | platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 58 | tags: | 59 | wulabing/xray_docker_reality:${{env.VERSION}}-ubuntu-22.04-xray-${{env.XRAY_VERSION}} 60 | wulabing/xray_docker_reality:latest 61 | push: true 62 | -------------------------------------------------------------------------------- /.github/workflows/xray_docker_xhttp_reality.yml: -------------------------------------------------------------------------------- 1 | name: xray_docker_xhttp_reality 2 | 3 | on: 4 | workflow_dispatch: 5 | schedule: 6 | - cron: '0 21 */2 * *' # UTC 21:00 UTC+8 05:00 7 | push: 8 | paths: 9 | - 'xhttp_reality/Dockerfile' 10 | - '.github/workflows/xray_docker_xhttp_reality.yml' 11 | - 'xhttp_reality/entrypoint.sh' 12 | - 'xhttp_reality/config.json' 13 | - 'xhttp_reality/VERSION' 14 | pull_request: 15 | paths: 16 | - 'xhttp_reality/Dockerfile' 17 | - '.github/workflows/xray_docker_xhttp_reality.yml' 18 | - 'xhttp_reality/entrypoint.sh' 19 | - 'xhttp_reality/config.json' 20 | - 'xhttp_reality/VERSION' 21 | 22 | jobs: 23 | build: 24 | runs-on: ubuntu-22.04 25 | steps: 26 | - name: Checkout 27 | uses: actions/checkout@v4 28 | 29 | - name: Docker Setup Buildx 30 | uses: docker/setup-buildx-action@v3 31 | 32 | - name: Set up QEMU 33 | uses: docker/setup-qemu-action@v3 34 | 35 | - name: Docker Login 36 | uses: docker/login-action@v3 37 | with: 38 | username: ${{ secrets.DOCKER_USERNAME }} 39 | password: ${{ secrets.DOCKER_PASSWORD }} 40 | 41 | - name: Extract first line of commit message 42 | shell: bash 43 | run: | 44 | VERSION=$(cat xhttp_reality/VERSION) 45 | echo "VERSION=$VERSION" >> $GITHUB_ENV 46 | 47 | - name: Get latest Xray-core version (including pre-release) 48 | run: | 49 | LATEST_VERSION=$(curl -s https://api.github.com/repos/XTLS/Xray-core/releases | jq -r '.[0].tag_name') 50 | echo "XRAY_VERSION=$LATEST_VERSION" >> $GITHUB_ENV 51 | 52 | - name: Build and push Docker image 53 | uses: docker/build-push-action@v4.0.0 54 | with: 55 | context: ./xhttp_reality 56 | file: ./xhttp_reality/Dockerfile 57 | platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 58 | tags: | 59 | wulabing/xray_docker_xhttp_reality:${{env.VERSION}}-ubuntu-22.04-xray-${{env.XRAY_VERSION}} 60 | wulabing/xray_docker_xhttp_reality:latest 61 | push: true 62 | -------------------------------------------------------------------------------- /README.MD: -------------------------------------------------------------------------------- 1 | ## xray_docker_reality 2 | xray reality docker 镜像 3 | 4 | [![xray_docker_reality_docker_image_build](https://github.com/wulabing/xray_docker/actions/workflows/xray_docker_reality.yml/badge.svg)](https://github.com/wulabing/xray_docker/actions/workflows/xray_docker_reality.yml) 5 | ![xray_docker_xhttp_reality_docker_image_build](https://github.com/wulabing/xray_docker/actions/workflows/xray_docker_xhttp_reality.yml/badge.svg) 6 | 7 | ## 注意事项 8 | 请确保在使用前已正确安装和配置 XRay 客户端。 9 | 为了保证安全和稳定,请勿将 UUID、私钥等敏感信息泄露给他人。 10 | 11 | ## 如何寻找合适的 SERVERNAMES 及 DEST 12 | 13 | 可以直接使用 docker 容器提供的默认值 14 | 您也可以自行寻找合适的 SERVERNAMES 及 DEST,请参考 [Reality - TLS - Scanner](https://github.com/XTLS/RealiTLScanner) 15 | 16 | ## 传送门 17 | 18 | - [xray_docker_reality](https://github.com/wulabing/xray_docker/tree/master/reality) 19 | - [xray_docker_xhttp_reality](https://github.com/wulabing/xray_docker/tree/master/xhttp_reality) 20 | 21 | ## 捐赠 22 | 23 | 您可以使用我的 搬瓦工 AFF 购买 VPS 24 | 25 | https://bandwagonhost.com/aff.php?aff=63939 26 | 27 | 您可以使用我的 JustMySocks AFF 购买搬瓦工提供的代理 28 | 29 | https://justmysocks.net/members/aff.php?aff=17621 30 | 31 | 您可以使用我的 DMIT AFF 购买 VPS 32 | 33 | https://www.dmit.io/aff.php?aff=3957 34 | 35 | 您可以使用我的 Vultr AFF 创建新的 Vultr 账号并使用 36 | 37 | https://www.vultr.com/?ref=6881279 38 | 39 | 您可以通过 USDT 支持我,感谢您的支持 40 | TRC20:TFannfnajNGYsMTuVDcXfZXXPbcaxAEffa 41 | -------------------------------------------------------------------------------- /reality/Dockerfile: -------------------------------------------------------------------------------- 1 | # builder 2 | FROM golang:alpine AS builder 3 | LABEL maintainer="wulabing " 4 | LABEL version="0.0.29" 5 | 6 | 7 | #ENV GOPROXY=https://goproxy.cn,direct 8 | WORKDIR /app 9 | 10 | RUN apk add --no-cache git curl jq && \ 11 | LATEST_VERSION_TAG=$(curl -s https://api.github.com/repos/XTLS/Xray-core/releases | jq -r '.[0].tag_name') && \ 12 | git clone https://github.com/XTLS/Xray-core.git . && \ 13 | git checkout $LATEST_VERSION_TAG && \ 14 | go mod download -x && \ 15 | go build -v -o xray /app/main/ 16 | 17 | # runner 18 | FROM alpine:latest AS runner 19 | 20 | 21 | ENV UUID="" 22 | ENV DEST="" 23 | ENV SERVERNAMES="" 24 | ENV PRIVATEKEY="" 25 | ENV SHORTIDS="" 26 | ENV NETWORK="" 27 | ENV INTERNAL_PORT="" 28 | ENV HOSTMODE_PORT="" 29 | ENV TZ=Asia/Shanghai 30 | 31 | WORKDIR / 32 | 33 | COPY ./entrypoint.sh / 34 | COPY ./config.json / 35 | 36 | COPY --from=builder /app/xray / 37 | 38 | RUN apk add --no-cache tzdata ca-certificates jq curl libqrencode-tools && \ 39 | mkdir -p /var/log/xray && \ 40 | wget -O /geosite.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat && \ 41 | wget -O /geoip.dat https://github.com/v2fly/geoip/releases/latest/download/geoip.dat && \ 42 | chmod +x /entrypoint.sh 43 | 44 | 45 | ENTRYPOINT ["./entrypoint.sh"] 46 | EXPOSE 443 47 | -------------------------------------------------------------------------------- /reality/README.MD: -------------------------------------------------------------------------------- 1 | ## xray_docker_reality 2 | xray reality docker 镜像 3 | 4 | [![xray_docker_reality_docker_image_build](https://github.com/wulabing/xray_docker/actions/workflows/xray_docker_reality.yml/badge.svg)](https://github.com/wulabing/xray_docker/actions/workflows/xray_docker_reality.yml) 5 | 6 | > 新的命令中添加了日志大小的限制,可以调整 max-size=100m 的数量来调整日志的最大大小,需要限制日志大小的用户请重新创建容器 7 | 8 | > 变更了镜像tag,不影响已经使用的用户 9 | 10 | > 本 xray_docker_reality 仓库会每两天在 UTC+8 04:00 自动构建镜像 11 | 12 | ## 懒人一键安装(docker已经准备好) 13 | ``` 14 | EXTERNAL_PORT=2333 && docker run -d --name xray_reality --restart=always --log-opt max-size=100m --log-opt max-file=3 -p $EXTERNAL_PORT:443 -e EXTERNAL_PORT=$EXTERNAL_PORT wulabing/xray_docker_reality:latest && sleep 3 && docker exec -it xray_reality cat /config_info.txt 15 | ``` 16 | 17 | ## 基础使用方法 18 | 19 | 如果你没有安装 docker 请先安装 docker 20 | 21 | ``` 22 | curl -fsSL get.docker.com -o get-docker.sh && sh get-docker.sh 23 | ``` 24 | ### 端口映射模式 25 | 如果你已经安装 docker,可以直接使用下面的命令,运行后会自动下载镜像并启动容器, 26 | EXTERNAL_PORT 为你想要使用的端口,如下所示,你将使用443端口 27 | 28 | ``` 29 | docker pull wulabing/xray_docker_reality:latest 30 | EXTERNAL_PORT=443 31 | docker run -d --name xray_reality --restart=always --log-opt max-size=100m --log-opt max-file=3 -p $EXTERNAL_PORT:443 -e EXTERNAL_PORT=$EXTERNAL_PORT wulabing/xray_docker_reality:latest 32 | ``` 33 | 34 | ### host 模式 35 | 如果你想使用 host 模式,你可以使用以下命令,运行后会自动下载镜像并启动容器, 36 | HOSTMODE_PORT 为你想要使用的端口,如下所示,你将使用443端口 37 | >请注意,如果你使用 host 模式,EXTERNAL_PORT 变量将不会生效,请使用 HOSTMODE_PORT 变量 38 | 39 | ``` 40 | docker pull wulabing/xray_docker_reality:latest 41 | HOSTMODE_PORT=443 42 | docker run -d --name xray_reality --restart=always --log-opt max-size=100m --log-opt max-file=3 --network host -e HOSTMODE_PORT=$HOSTMODE_PORT wulabing/xray_docker_reality:latest 43 | ``` 44 | 45 | 46 | 查看日志获取配置信息,如下所示,按照提示配置客户端即可, 47 | 48 | ``` 49 | docker logs -f xray_reality 50 | ``` 51 | 52 | ## 进阶使用方法 53 | 如果你不想使用 443 端口,你可以自定义端口,例如使用 8443 端口,如下所示 54 | 55 | ``` 56 | EXTERNAL_PORT=8443 57 | docker run -d --name xray_reality --restart=always --log-opt max-size=100m --log-opt max-file=3 -p $EXTERNAL_PORT:443 -e EXTERNAL_PORT=$EXTERNAL_PORT wulabing/xray_docker_reality:latest 58 | ``` 59 | 60 | 如果你想启动多个 reality 服务,你可以使用不同的容器名,并注意端口不要冲突,如下所示你将启动两个 reality 服务,分别使用444和445端口 61 | 62 | ``` 63 | EXTERNAL_PORT=444 64 | docker run -d --name xray_reality_1 --restart=always --log-opt max-size=100m --log-opt max-file=3 -p $EXTERNAL_PORT:443 -e EXTERNAL_PORT=$EXTERNAL_PORT wulabing/xray_docker_reality:latest 65 | 66 | EXTERNAL_PORT=445 67 | docker run -d --name xray_reality_2 --restart=always --log-opt max-size=100m --log-opt max-file=3 -p $EXTERNAL_PORT:443 -e EXTERNAL_PORT=$EXTERNAL_PORT wulabing/xray_docker_reality:latest 68 | ``` 69 | 70 | 如果你不想使用默认参数,你可以自定义参数,例如使用自定义的 UUID,以及自定义目标地址和服务器名称,如下所示,**支持的自定义参数请参考下方环境变量说明** 71 | 72 | 存在多个 SERVERNAMES 时使用空格分开,例如:www.apple.com images.apple.com 73 | 74 | 请注意,如果你使用自定义参数,你需要自己保证参数的正确性,否则可能会导致容器无法启动 75 | ``` 76 | EXTERNAL_PORT=443 77 | docker run -d --name xray_reality --restart=always --log-opt max-size=100m --log-opt max-file=3 -p $EXTERNAL_PORT:443 -e EXTERNAL_PORT=$EXTERNAL_PORT -e UUID="XXX" -e SERVERNAMES="www.apple.com images.apple.com" -e DEST="www.apple.com:443" -e PRIVATEKEY="XXX" wulabing/xray_docker_reality:latest 78 | ``` 79 | 80 | 使用以下命令删除已经创建的容器,如下所示,需要将 xray_reality 替换为你自己的容器名 (--name 所设置的名称) 81 | 82 | ``` 83 | docker rm -f xray_reality 84 | ``` 85 | 86 | 87 | ## 环境变量 88 | 你可以设置以下环境变量来自定义 XRay 的配置。 89 | * UUID:XRay 的唯一用户标识符。若未设置,脚本将自动生成一个随机 UUID。 90 | * DEST:目标地址。默认值为 www.apple.com:443。 91 | * SERVERNAMES:服务器名称列表。默认值为 www.apple.com images.apple.com。 92 | * PRIVATEKEY:私钥。若未设置,脚本将自动生成一个新的私钥和对应的公钥。 93 | * NETWORK:网络类型。默认值为 tcp。 94 | 95 | ## 常量 96 | * flow:xtls-rprx-vision 97 | * security:reality 98 | * shortIds:留空 99 | 100 | ## 注意事项 101 | 请确保在使用前已正确安装和配置 XRay 客户端。 102 | 为了保证安全和稳定,请勿将 UUID、私钥等敏感信息泄露给他人。 103 | 104 | ## 捐赠 105 | 106 | 您可以使用我的 搬瓦工 AFF 购买 VPS 107 | 108 | https://bandwagonhost.com/aff.php?aff=63939 109 | 110 | 您可以使用我的 JustMySocks AFF 购买搬瓦工提供的代理 111 | 112 | https://justmysocks.net/members/aff.php?aff=17621 113 | 114 | 您可以使用我的 DMIT AFF 购买 VPS 115 | 116 | https://www.dmit.io/aff.php?aff=3957 117 | 118 | 您可以使用我的 Vultr AFF 创建新的 Vultr 账号并使用 119 | 120 | https://www.vultr.com/?ref=6881279 121 | 122 | 您可以通过 USDT 支持我,感谢您的支持 123 | TRC20:TFannfnajNGYsMTuVDcXfZXXPbcaxAEffa 124 | -------------------------------------------------------------------------------- /reality/SERVERNAMES.MD: -------------------------------------------------------------------------------- 1 | ## 已知可用的 SERVERNAMES 及 DEST 列表 2 | 3 | | DEST | SERVERMANES | 说明 | 4 | |-------------------|--------------------------------|------------------------------------| 5 | | www.apple.com:443 | images.apple.com www.apple.com | Apple 使用了 akamai CDN,全球各地存在节点,并且知名 | 6 | -------------------------------------------------------------------------------- /reality/VERSION: -------------------------------------------------------------------------------- 1 | 0.0.29 -------------------------------------------------------------------------------- /reality/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "loglevel": "error", 4 | "access": "/var/log/xray/access.log", 5 | "error": "/var/log/xray/error.log" 6 | }, 7 | "api": { 8 | "tag": "api", 9 | "services": [ 10 | "HandlerService", 11 | "LoggerService", 12 | "StatsService" 13 | ] 14 | }, 15 | "stats": {}, 16 | "policy": { 17 | "levels": { 18 | "0": { 19 | "statsUserUplink": true, 20 | "statsUserDownlink": true 21 | } 22 | }, 23 | "system": { 24 | "statsInboundUplink": true, 25 | "statsInboundDownlink": true, 26 | "statsOutboundUplink": true, 27 | "statsOutboundDownlink": true 28 | } 29 | }, 30 | "dns": { 31 | "servers": [ 32 | "https+local://cloudflare-dns.com/dns-query", 33 | "1.1.1.1", 34 | "1.0.0.1", 35 | "8.8.8.8", 36 | "8.8.4.4", 37 | "localhost" 38 | ] 39 | }, 40 | "inbounds": [ 41 | { 42 | "tag": "dokodemo-in", 43 | "port": 443, 44 | "protocol": "dokodemo-door", 45 | "settings": { 46 | "address": "127.0.0.1", 47 | "port": 65432, 48 | "network": "tcp" 49 | }, 50 | "sniffing": { 51 | "enabled": true, 52 | "destOverride": ["tls"], 53 | "routeOnly": true 54 | } 55 | }, 56 | { 57 | "listen": "127.0.0.1", 58 | "port": 65432, 59 | "protocol": "vless", 60 | "settings": { 61 | "clients": [ 62 | { 63 | "id": "xx", 64 | "flow": "xtls-rprx-vision" 65 | } 66 | ], 67 | "decryption": "none" 68 | }, 69 | "streamSettings": { 70 | "network": "xx", 71 | "security": "reality", 72 | "realitySettings": { 73 | "show": true, 74 | "dest": "xx", 75 | "xver": 0, 76 | "maxTimeDiff": 0, 77 | "minClientVer": "", 78 | "serverNames": [ 79 | "xx" 80 | ], 81 | "privateKey": "xx", 82 | "shortIds": [ 83 | "" 84 | ] 85 | } 86 | }, 87 | "sniffing": { 88 | "enabled": true, 89 | "destOverride": [ 90 | "http", 91 | "tls" 92 | ] 93 | } 94 | } 95 | ], 96 | "outbounds": [ 97 | { 98 | "protocol": "freedom", 99 | "tag": "direct" 100 | }, 101 | { 102 | "protocol": "blackhole", 103 | "tag": "blocked" 104 | } 105 | ], 106 | "routing": { 107 | "domainStrategy": "IPIfNonMatch", 108 | "rules": [ 109 | { 110 | "inboundTag": ["dokodemo-in"], 111 | "domain": ["xx"], 112 | "outboundTag": "direct" 113 | }, 114 | { 115 | "inboundTag": ["dokodemo-in"], 116 | "outboundTag": "blocked" 117 | }, 118 | { 119 | "inboundTag": [ 120 | "api" 121 | ], 122 | "outboundTag": "api", 123 | "type": "field" 124 | }, 125 | { 126 | "domain": [ 127 | "domain:byr.pt" 128 | ], 129 | "type": "field", 130 | "outboundTag": "direct" 131 | }, 132 | { 133 | "domain": [ 134 | "domain:iqiyi.com", 135 | "domain:video.qq.com", 136 | "domain:youku.com" 137 | ], 138 | "type": "field", 139 | "outboundTag": "blocked" 140 | }, 141 | { 142 | "type": "field", 143 | "ip": [ 144 | "geoip:cn", 145 | "geoip:private" 146 | ], 147 | "outboundTag": "blocked" 148 | }, 149 | { 150 | "protocol": [ 151 | "bittorrent" 152 | ], 153 | "type": "field", 154 | "outboundTag": "blocked" 155 | } 156 | ] 157 | } 158 | } 159 | 160 | -------------------------------------------------------------------------------- /reality/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | if [ -f /config_info.txt ]; then 3 | echo "config.json exist" 4 | else 5 | IPV6=$(curl -6 -sSL --connect-timeout 3 --retry 2 ip.sb || echo "null") 6 | IPV4=$(curl -4 -sSL --connect-timeout 3 --retry 2 ip.sb || echo "null") 7 | if [ -z "$UUID" ]; then 8 | echo "UUID is not set, generate random UUID " 9 | UUID="$(/xray uuid)" 10 | echo "UUID: $UUID" 11 | fi 12 | 13 | if [ -z "$EXTERNAL_PORT" ]; then 14 | echo "EXTERNAL_PORT is not set, use default value 443" 15 | EXTERNAL_PORT=443 16 | fi 17 | 18 | if [ -n "$HOSTMODE_PORT" ];then 19 | EXTERNAL_PORT=$HOSTMODE_PORT 20 | jq ".inbounds[0].port=$HOSTMODE_PORT" /config.json >/config.json_tmp && mv /config.json_tmp /config.json 21 | fi 22 | 23 | if [ -z "$DEST" ]; then 24 | echo "DEST is not set. default value www.apple.com:443" 25 | DEST="www.apple.com:443" 26 | fi 27 | 28 | if [ -z "$SERVERNAMES" ]; then 29 | echo "SERVERNAMES is not set. use default value [\"www.apple.com\",\"images.apple.com\"]" 30 | SERVERNAMES="www.apple.com images.apple.com" 31 | fi 32 | 33 | if [ -z "$PRIVATEKEY" ]; then 34 | echo "PRIVATEKEY is not set. generate new key" 35 | /xray x25519 >/key 36 | PRIVATEKEY=$(cat /key | grep "Private" | awk -F ': ' '{print $2}') 37 | PUBLICKEY=$(cat /key | grep "Public" | awk -F ': ' '{print $2}') 38 | echo "Private key: $PRIVATEKEY" 39 | echo "Public key: $PUBLICKEY" 40 | fi 41 | 42 | if [ -z "$NETWORK" ]; then 43 | echo "NETWORK is not set,set default value tcp" 44 | NETWORK="tcp" 45 | fi 46 | 47 | # change config 48 | jq ".inbounds[1].settings.clients[0].id=\"$UUID\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json 49 | jq ".inbounds[1].streamSettings.realitySettings.dest=\"$DEST\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json 50 | 51 | SERVERNAMES_JSON_ARRAY="$(echo "[$(echo $SERVERNAMES | awk '{for(i=1;i<=NF;i++) printf "\"%s\",", $i}' | sed 's/,$//')]")" 52 | jq --argjson serverNames "$SERVERNAMES_JSON_ARRAY" '.inbounds[1].streamSettings.realitySettings.serverNames = $serverNames' /config.json >/config.json_tmp && mv /config.json_tmp /config.json 53 | jq --argjson serverNames "$SERVERNAMES_JSON_ARRAY" '.routing.rules[0].domain = $serverNames' /config.json >/config.json_tmp && mv /config.json_tmp /config.json 54 | 55 | jq ".inbounds[1].streamSettings.realitySettings.privateKey=\"$PRIVATEKEY\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json 56 | jq ".inbounds[1].streamSettings.network=\"$NETWORK\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json 57 | 58 | 59 | 60 | FIRST_SERVERNAME=$(echo $SERVERNAMES | awk '{print $1}') 61 | # config info with green color 62 | echo -e "\033[32m" >/config_info.txt 63 | echo "IPV6: $IPV6" >>/config_info.txt 64 | echo "IPV4: $IPV4" >>/config_info.txt 65 | echo "UUID: $UUID" >>/config_info.txt 66 | echo "DEST: $DEST" >>/config_info.txt 67 | echo "PORT: $EXTERNAL_PORT" >>/config_info.txt 68 | echo "SERVERNAMES: $SERVERNAMES (任选其一)" >>/config_info.txt 69 | echo "PRIVATEKEY: $PRIVATEKEY" >>/config_info.txt 70 | echo "PUBLICKEY: $PUBLICKEY" >>/config_info.txt 71 | echo "NETWORK: $NETWORK" >>/config_info.txt 72 | if [ "$IPV4" != "null" ]; then 73 | SUB_IPV4="vless://$UUID@$IPV4:$EXTERNAL_PORT?encryption=none&security=reality&type=$NETWORK&sni=$FIRST_SERVERNAME&fp=chrome&pbk=$PUBLICKEY&flow=xtls-rprx-vision#${IPV4}-wulabing_docker_vless_reality_vision" 74 | echo "IPV4 订阅连接: $SUB_IPV4" >>/config_info.txt 75 | echo -e "IPV4 订阅二维码:\n$(echo "$SUB_IPV4" | qrencode -o - -t UTF8)" >>/config_info.txt 76 | fi 77 | if [ "$IPV6" != "null" ];then 78 | SUB_IPV6="vless://$UUID@$IPV6:$EXTERNAL_PORT?encryption=none&security=reality&type=$NETWORK&sni=$FIRST_SERVERNAME&fp=chrome&pbk=$PUBLICKEY&flow=xtls-rprx-vision#${IPV6}-wulabing_docker_vless_reality_vision" 79 | echo "IPV6 订阅连接: $SUB_IPV6" >>/config_info.txt 80 | echo -e "IPV6 订阅二维码:\n$(echo "$SUB_IPV6" | qrencode -o - -t UTF8)" >>/config_info.txt 81 | fi 82 | 83 | 84 | echo -e "\033[0m" >>/config_info.txt 85 | 86 | fi 87 | 88 | # show config info 89 | cat /config_info.txt 90 | 91 | # run xray 92 | exec /xray -config /config.json 93 | -------------------------------------------------------------------------------- /xhttp_reality/Dockerfile: -------------------------------------------------------------------------------- 1 | # builder 2 | FROM golang:alpine AS builder 3 | LABEL maintainer="wulabing " 4 | LABEL version="0.0.29" 5 | 6 | 7 | #ENV GOPROXY=https://goproxy.cn,direct 8 | WORKDIR /app 9 | 10 | RUN apk add --no-cache git curl jq && \ 11 | LATEST_VERSION_TAG=$(curl -s https://api.github.com/repos/XTLS/Xray-core/releases | jq -r '.[0].tag_name') && \ 12 | git clone https://github.com/XTLS/Xray-core.git . && \ 13 | git checkout $LATEST_VERSION_TAG && \ 14 | go mod download -x && \ 15 | go build -v -o xray /app/main/ 16 | 17 | # runner 18 | FROM alpine:latest AS runner 19 | 20 | ENV UUID="" 21 | ENV DEST="" 22 | ENV SERVERNAMES="" 23 | ENV PRIVATEKEY="" 24 | ENV SHORTIDS="" 25 | ENV NETWORK="" 26 | ENV XHTTP_PATH="" 27 | ENV INTERNAL_PORT="" 28 | ENV HOSTMODE_PORT="" 29 | ENV TZ=Asia/Shanghai 30 | 31 | WORKDIR / 32 | 33 | COPY ./entrypoint.sh / 34 | COPY ./config.json / 35 | 36 | COPY --from=builder /app/xray / 37 | 38 | RUN apk add --no-cache tzdata ca-certificates jq curl libqrencode-tools && \ 39 | mkdir -p /var/log/xray && \ 40 | wget -O /geosite.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat && \ 41 | wget -O /geoip.dat https://github.com/v2fly/geoip/releases/latest/download/geoip.dat && \ 42 | chmod +x /entrypoint.sh 43 | 44 | 45 | ENTRYPOINT ["./entrypoint.sh"] 46 | EXPOSE 443 47 | -------------------------------------------------------------------------------- /xhttp_reality/README.MD: -------------------------------------------------------------------------------- 1 | ## xray_docker_xhttp_reality 2 | xray xhttp reality docker 镜像 3 | 4 | ![xray_docker_xhttp_reality_docker_image_build](https://github.com/wulabing/xray_docker/actions/workflows/xray_docker_xhttp_reality.yml/badge.svg) 5 | 6 | > 本 xray_docker_xhttp_reality 仓库会每两天在 UTC+8 05:00 自动构建镜像 7 | 8 | ## 懒人一键安装(docker已经准备好) 9 | ``` 10 | EXTERNAL_PORT=23333 && docker run -d --name xray_xhttp_reality --restart=always --log-opt max-size=100m --log-opt max-file=3 -p $EXTERNAL_PORT:443 -e EXTERNAL_PORT=$EXTERNAL_PORT wulabing/xray_docker_xhttp_reality:latest && sleep 3 && docker exec -it xray_xhttp_reality cat /config_info.txt 11 | ``` 12 | 13 | ## 基础使用方法 14 | 15 | 如果你没有安装 docker 请先安装 docker 16 | 17 | ``` 18 | curl -fsSL get.docker.com -o get-docker.sh && sh 19 | ``` 20 | 21 | ## 端口映射模式 22 | 23 | 如果你已经安装 docker,可以直接使用下面的命令,运行后会自动下载镜像并启动容器, 24 | EXTERNAL_PORT 为你想要使用的端口,如下所示,你将使用443端口 25 | 26 | ``` 27 | docker pull wulabing/xray_docker_xhttp_reality:latest 28 | EXTERNAL_PORT=443 29 | docker run -d --name xray_xhttp_reality --restart=always --log-opt max-size=100m --log-opt max-file=3 -p $EXTERNAL_PORT:443 -e EXTERNAL_PORT=$EXTERNAL_PORT wulabing/xray_docker_xhttp_reality:latest 30 | ``` 31 | 32 | ## host模式 33 | 34 | 如果你想使用 host 模式,你可以使用以下命令,运行后会自动下载镜像并启动容器, 35 | HOSTMODE_PORT 为你想要使用的端口,如下所示,你将使用443端口 36 | 37 | ``` 38 | docker pull wulabing/xray_docker_xhttp_reality:latest 39 | HOSTMODE_PORT=443 40 | docker run -d --name xray_xhttp_reality --restart=always --log-opt max-size=100m --log-opt max-file=3 --network host -e HOSTMODE_PORT=$HOSTMODE_PORT wulabing/xray_docker_xhttp_reality:latest 41 | ``` 42 | 43 | 查看日志获取配置信息,如下所示,按照提示配置客户端即可, 44 | 45 | ``` 46 | docker logs -f xray_xhttp_reality 47 | ``` 48 | 49 | ## 进阶使用方法 50 | 如果你不想使用 443 端口,你可以自定义端口,例如使用 8443 端口,如下所示 51 | 52 | ``` 53 | EXTERNAL_PORT=8443 54 | docker run -d --name xray_xhttp_reality --restart=always --log-opt max-size=100m --log-opt max-file=3 -p $EXTERNAL_PORT:443 -e EXTERNAL_PORT=$EXTERNAL_PORT wulabing/xray_docker_xhttp_reality:latest 55 | ``` 56 | 57 | 如果你想启动多个 xhttp_reality 服务,你可以使用不同的容器名,并注意端口不要冲突,如下所示你将启动两个 xhttp_reality 服务,分别使用444和445端口 58 | 59 | ``` 60 | EXTERNAL_PORT=444 61 | docker run -d --name xray_xhttp_reality_1 --restart=always --log-opt max-size=100m --log-opt max-file=3 -p $EXTERNAL_PORT:443 -e EXTERNAL_PORT=$EXTERNAL_PORT wulabing/xray_docker_xhttp_reality:latest 62 | 63 | EXTERNAL_PORT=445 64 | docker run -d --name xray_xhttp_reality_2 --restart=always --log-opt max-size=100m --log-opt max-file=3 -p $EXTERNAL_PORT:443 -e EXTERNAL_PORT=$EXTERNAL_PORT wulabing/xray_docker_xhttp_reality:latest 65 | ``` 66 | 67 | 如果你想使用自定义参数,例如使用自定义的 UUID,以及自定义目标地址和服务器名称,如下所示,**支持的自定义参数请参考下方环境变量说明** 68 | 69 | 存在多个 SERVERNAMES 时使用空格分开,例如:www.apple.com images.apple.com 70 | 71 | 请注意,如果你使用自定义参数,你需要自己保证参数的正确性,否则可能会导致容器无法启动 72 | ``` 73 | EXTERNAL_PORT=443 74 | docker run -d --name xray_xhttp_reality --restart=always --log-opt max-size=100m --log-opt max-file=3 -p $EXTERNAL_PORT:443 -e EXTERNAL_PORT=$EXTERNAL_PORT -e UUID="XXX" -e SERVERNAMES="www.apple.com images.apple.com" -e DEST="www.apple.com:443" -e PRIVATEKEY="XXX" wulabing/xray_docker_xhttp_reality:latest 75 | ``` 76 | 77 | 使用以下命令删除已经创建的容器,如下所示,需要将 xray_xhttp_reality 替换为你自己的容器名 (--name 所设置的名称) 78 | 79 | ``` 80 | docker rm -f xray_xhttp_reality 81 | ``` 82 | 83 | ## 环境变量 84 | 你可以设置以下环境变量来自定义 XRay 的配置。 85 | * UUID:XRay 的唯一用户标识符。若未设置,脚本将自动生成一个随机 UUID。 86 | * DEST:目标地址。默认值为 www.apple.com:443。 87 | * SERVERNAMES:服务器名称列表。默认值为 www.apple.com images.apple.com。 88 | * PRIVATEKEY:私钥。若未设置,脚本将自动生成一个新的私钥和对应的公钥。 89 | * NETWORK:网络类型。默认值为 xhttp,不要进行修改。 90 | 91 | ## 常量及默认值 92 | * flow:留空 93 | * security:reality 94 | * shortIds:留空 95 | * XHTTP_PATH:随机生成 96 | 97 | ## 注意事项 98 | 请确保在使用前已正确安装和配置 XRay 客户端。 99 | 为了保证安全和稳定,请勿将 UUID、私钥等敏感信息泄露给他人。 100 | 101 | ## 捐赠 102 | 103 | 您可以使用我的 搬瓦工 AFF 购买 VPS 104 | 105 | https://bandwagonhost.com/aff.php?aff=63939 106 | 107 | 您可以使用我的 JustMySocks AFF 购买搬瓦工提供的代理 108 | 109 | https://justmysocks.net/members/aff.php?aff=17621 110 | 111 | 您可以使用我的 DMIT AFF 购买 VPS 112 | 113 | https://www.dmit.io/aff.php?aff=3957 114 | 115 | 您可以使用我的 Vultr AFF 创建新的 Vultr 账号并使用 116 | 117 | https://www.vultr.com/?ref=6881279 118 | 119 | 您可以通过 USDT 支持我,感谢您的支持 120 | TRC20:TFannfnajNGYsMTuVDcXfZXXPbcaxAEffa -------------------------------------------------------------------------------- /xhttp_reality/VERSION: -------------------------------------------------------------------------------- 1 | 0.0.29 -------------------------------------------------------------------------------- /xhttp_reality/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "log": { 3 | "dnsLog": false, 4 | "access": "/var/log/xray/access.log", 5 | "error": "/var/log/xray/error.log", 6 | "loglevel": "error", 7 | "maskAddress": "" 8 | }, 9 | "routing": { 10 | "domainStrategy": "IPIfNonMatch", 11 | "rules": [ 12 | { 13 | "inboundTag": [ 14 | "api" 15 | ], 16 | "outboundTag": "api", 17 | "type": "field" 18 | }, 19 | { 20 | "domain": [ 21 | "domain:byr.pt" 22 | ], 23 | "type": "field", 24 | "outboundTag": "direct" 25 | }, 26 | { 27 | "domain": [ 28 | "domain:iqiyi.com", 29 | "domain:video.qq.com", 30 | "domain:youku.com" 31 | ], 32 | "type": "field", 33 | "outboundTag": "blocked" 34 | }, 35 | { 36 | "type": "field", 37 | "ip": [ 38 | "geoip:cn", 39 | 40 | "geoip:private" 41 | ], 42 | "outboundTag": "blocked" 43 | }, 44 | { 45 | "protocol": [ 46 | "bittorrent" 47 | ], 48 | "type": "field", 49 | "outboundTag": "blocked" 50 | } 51 | ] 52 | }, 53 | "dns": { 54 | "servers": [ 55 | "https+local://cloudflare-dns.com/dns-query", 56 | "1.1.1.1", 57 | "1.0.0.1", 58 | "8.8.8.8", 59 | "8.8.4.4", 60 | "localhost" 61 | ] 62 | }, 63 | "inbounds": [ 64 | { 65 | "listen": "127.0.0.1", 66 | "port": 65432, 67 | "protocol": "dokodemo-door", 68 | "settings": { 69 | "address": "127.0.0.1" 70 | }, 71 | "streamSettings": null, 72 | "tag": "api", 73 | "sniffing": null, 74 | "allocate": null 75 | }, 76 | { 77 | "listen": "0.0.0.0", 78 | "port": 443, 79 | "protocol": "vless", 80 | "settings": { 81 | "clients": [ 82 | { 83 | "flow": "", 84 | "id": "xx" 85 | } 86 | ], 87 | "decryption": "none", 88 | "fallbacks": [] 89 | }, 90 | "streamSettings": { 91 | "network": "xhttp", 92 | "realitySettings": { 93 | "dest": "xx", 94 | "maxClient": "", 95 | "maxTimediff": 0, 96 | "minClient": "", 97 | "privateKey": "xx", 98 | "serverNames": [ 99 | "xx" 100 | ], 101 | "shortIds": [ 102 | "" 103 | ], 104 | "show": false, 105 | "xver": 0 106 | }, 107 | "security": "reality", 108 | "xhttpSettings": { 109 | "headers": {}, 110 | "host": "", 111 | "mode": "auto", 112 | "noSSEHeader": false, 113 | "path": "xx", 114 | "scMaxBufferedPosts": 30, 115 | "scMaxEachPostBytes": "1000000", 116 | "scStreamUpServerSecs": "20-80", 117 | "xPaddingBytes": "100-1000" 118 | } 119 | }, 120 | "tag": "inbound-xx", 121 | "sniffing": { 122 | "enabled": false, 123 | "destOverride": [ 124 | "http", 125 | "tls", 126 | "quic", 127 | "fakedns" 128 | ], 129 | "metadataOnly": false, 130 | "routeOnly": false 131 | }, 132 | "allocate": { 133 | "strategy": "always", 134 | "refresh": 5, 135 | "concurrency": 3 136 | } 137 | } 138 | ], 139 | "outbounds": [ 140 | { 141 | "tag": "direct", 142 | "protocol": "freedom", 143 | "settings": { 144 | "domainStrategy": "AsIs", 145 | "redirect": "", 146 | "noises": [] 147 | } 148 | }, 149 | { 150 | "tag": "blocked", 151 | "protocol": "blackhole", 152 | "settings": {} 153 | } 154 | ], 155 | "transport": null, 156 | "policy": { 157 | "levels": { 158 | "0": { 159 | "statsUserDownlink": true, 160 | "statsUserUplink": true 161 | } 162 | }, 163 | "system": { 164 | "statsInboundDownlink": true, 165 | "statsInboundUplink": true, 166 | "statsOutboundDownlink": false, 167 | "statsOutboundUplink": false 168 | } 169 | }, 170 | "api": { 171 | "tag": "api", 172 | "services": [ 173 | "HandlerService", 174 | "LoggerService", 175 | "StatsService" 176 | ] 177 | }, 178 | "stats": {}, 179 | "reverse": null, 180 | "fakedns": null, 181 | "observatory": null, 182 | "burstObservatory": null 183 | } -------------------------------------------------------------------------------- /xhttp_reality/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | if [ -f /config_info.txt ]; then 3 | echo "config.json exist" 4 | else 5 | IPV6=$(curl -6 -sSL --connect-timeout 3 --retry 2 ip.sb || echo "null") 6 | IPV4=$(curl -4 -sSL --connect-timeout 3 --retry 2 ip.sb || echo "null") 7 | if [ -z "$UUID" ]; then 8 | echo "UUID is not set, generate random UUID " 9 | UUID="$(/xray uuid)" 10 | echo "UUID: $UUID" 11 | fi 12 | 13 | if [ -z "$XHTTP_PATH" ]; then 14 | echo "XHTTP_PATH is not set, generate random XHTTP_PATH " 15 | PATH_LENGTH="$(( RANDOM % 4 + 8 ))" 16 | XHTTP_PATH="/""$(/xray uuid | tr -d '-' | cut -c 1-$PATH_LENGTH)" 17 | echo "XHTTP_PATH: $XHTTP_PATH" 18 | fi 19 | 20 | if [ -z "$EXTERNAL_PORT" ]; then 21 | echo "EXTERNAL_PORT is not set, use default value 443" 22 | EXTERNAL_PORT=443 23 | fi 24 | 25 | if [ -n "$HOSTMODE_PORT" ];then 26 | EXTERNAL_PORT=$HOSTMODE_PORT 27 | jq ".inbounds[1].port=$HOSTMODE_PORT" /config.json >/config.json_tmp && mv /config.json_tmp /config.json 28 | fi 29 | 30 | if [ -z "$DEST" ]; then 31 | echo "DEST is not set. default value www.apple.com:443" 32 | DEST="www.apple.com:443" 33 | fi 34 | 35 | if [ -z "$SERVERNAMES" ]; then 36 | echo "SERVERNAMES is not set. use default value [\"www.apple.com\",\"images.apple.com\"]" 37 | SERVERNAMES="www.apple.com images.apple.com" 38 | fi 39 | 40 | if [ -z "$PRIVATEKEY" ]; then 41 | echo "PRIVATEKEY is not set. generate new key" 42 | /xray x25519 >/key 43 | PRIVATEKEY=$(cat /key | grep "Private" | awk -F ': ' '{print $2}') 44 | PUBLICKEY=$(cat /key | grep "Public" | awk -F ': ' '{print $2}') 45 | echo "Private key: $PRIVATEKEY" 46 | echo "Public key: $PUBLICKEY" 47 | fi 48 | 49 | if [ -z "$NETWORK" ]; then 50 | echo "NETWORK is not set,set default value xhttp" 51 | NETWORK="xhttp" 52 | fi 53 | 54 | # change config 55 | jq ".inbounds[1].settings.clients[0].id=\"$UUID\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json 56 | jq ".inbounds[1].streamSettings.realitySettings.dest=\"$DEST\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json 57 | jq ".inbounds[1].streamSettings.xhttpSettings.path=\"$XHTTP_PATH\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json 58 | 59 | SERVERNAMES_JSON_ARRAY="$(echo "[$(echo $SERVERNAMES | awk '{for(i=1;i<=NF;i++) printf "\"%s\",", $i}' | sed 's/,$//')]")" 60 | jq --argjson serverNames "$SERVERNAMES_JSON_ARRAY" '.inbounds[1].streamSettings.realitySettings.serverNames = $serverNames' /config.json >/config.json_tmp && mv /config.json_tmp /config.json 61 | # jq --argjson serverNames "$SERVERNAMES_JSON_ARRAY" '.routing.rules[0].domain = $serverNames' /config.json >/config.json_tmp && mv /config.json_tmp /config.json 62 | 63 | jq ".inbounds[1].streamSettings.realitySettings.privateKey=\"$PRIVATEKEY\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json 64 | jq ".inbounds[1].streamSettings.network=\"$NETWORK\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json 65 | 66 | 67 | 68 | FIRST_SERVERNAME=$(echo $SERVERNAMES | awk '{print $1}') 69 | # config info with green color 70 | echo -e "\033[32m" >/config_info.txt 71 | echo "IPV6: $IPV6" >>/config_info.txt 72 | echo "IPV4: $IPV4" >>/config_info.txt 73 | echo "UUID: $UUID" >>/config_info.txt 74 | echo "DEST: $DEST" >>/config_info.txt 75 | echo "PORT: $EXTERNAL_PORT" >>/config_info.txt 76 | echo "SERVERNAMES: $SERVERNAMES (任选其一)" >>/config_info.txt 77 | echo "PRIVATEKEY: $PRIVATEKEY" >>/config_info.txt 78 | echo "PUBLICKEY: $PUBLICKEY" >>/config_info.txt 79 | echo "NETWORK: $NETWORK" >>/config_info.txt 80 | echo "XHTTP_PATH: $XHTTP_PATH" >>/config_info.txt 81 | 82 | if [ "$IPV4" != "null" ]; then 83 | SUB_IPV4="vless://$UUID@$IPV4:$EXTERNAL_PORT?encryption=none&security=reality&type=$NETWORK&sni=$FIRST_SERVERNAME&fp=chrome&pbk=$PUBLICKEY&path=$XHTTP_PATH&mode=auto#${IPV4}-wulabing_docker_xhttp_reality" 84 | echo "IPV4 订阅连接: $SUB_IPV4" >>/config_info.txt 85 | echo -e "IPV4 订阅二维码:\n$(echo "$SUB_IPV4" | qrencode -o - -t UTF8)" >>/config_info.txt 86 | fi 87 | if [ "$IPV6" != "null" ];then 88 | SUB_IPV6="vless://$UUID@$IPV6:$EXTERNAL_PORT?encryption=none&security=reality&type=$NETWORK&sni=$FIRST_SERVERNAME&fp=chrome&pbk=$PUBLICKEY&path=$XHTTP_PATH&mode=auto#${IPV6}-wulabing_docker_xhttp_reality" 89 | echo "IPV6 订阅连接: $SUB_IPV6" >>/config_info.txt 90 | echo -e "IPV6 订阅二维码:\n$(echo "$SUB_IPV6" | qrencode -o - -t UTF8)" >>/config_info.txt 91 | fi 92 | 93 | 94 | echo -e "\033[0m" >>/config_info.txt 95 | 96 | fi 97 | 98 | # show config info 99 | cat /config_info.txt 100 | 101 | # run xray 102 | exec /xray -config /config.json 103 | --------------------------------------------------------------------------------