2023-11-09 12:35:40 +03:00
|
|
|
// This config is based on
|
|
|
|
// https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-Vision-REALITY/REALITY.ENG.md
|
2023-10-24 23:13:26 +03:00
|
|
|
{
|
|
|
|
"log": {
|
2023-10-27 14:15:09 +03:00
|
|
|
"access": "none",
|
2023-10-24 23:13:26 +03:00
|
|
|
"error": "",
|
2023-10-27 14:15:09 +03:00
|
|
|
"loglevel": "warning",
|
|
|
|
"dnsLog": false
|
2023-10-24 23:13:26 +03:00
|
|
|
},
|
2023-11-19 17:49:38 +03:00
|
|
|
// Turns on traffic statistics, see https://xtls.github.io/en/config/stats.html#statsobject
|
|
|
|
// and https://xtls.github.io/en/config/policy.html#policyobject
|
|
|
|
// and special "api" tag below
|
|
|
|
"stats": {
|
|
|
|
},
|
|
|
|
"policy": {
|
|
|
|
"levels": {
|
|
|
|
// default level
|
|
|
|
"0": {
|
|
|
|
"statsUserUplink": true,
|
|
|
|
"statsUserDownlink": true
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"system": {
|
|
|
|
"statsOutboundUplink": true,
|
|
|
|
"statsOutboundDownlink": true
|
|
|
|
}
|
|
|
|
},
|
|
|
|
// enables API interface https://xtls.github.io/en/config/api.html#apiobject
|
|
|
|
"api": {
|
|
|
|
"tag": "api",
|
|
|
|
"services": [ "StatsService" ]
|
|
|
|
},
|
2023-11-09 12:35:40 +03:00
|
|
|
// client-side inbound configuration
|
2023-10-24 23:13:26 +03:00
|
|
|
"inbounds": [
|
2023-11-19 17:49:38 +03:00
|
|
|
// gRPC API inbound, used to get statistics
|
|
|
|
{
|
|
|
|
"listen": "127.0.0.1",
|
|
|
|
"port": 8080,
|
|
|
|
"protocol": "dokodemo-door",
|
|
|
|
"settings": {
|
|
|
|
"address": "127.0.0.1"
|
|
|
|
},
|
|
|
|
"tag": "api"
|
|
|
|
},
|
|
|
|
// socks proxy
|
2023-10-24 23:13:26 +03:00
|
|
|
{
|
|
|
|
"tag": "socks",
|
|
|
|
"port": 800,
|
|
|
|
"listen": "127.0.0.1",
|
|
|
|
"protocol": "socks",
|
2023-11-09 12:35:40 +03:00
|
|
|
// used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject
|
2023-10-24 23:13:26 +03:00
|
|
|
"sniffing": {
|
|
|
|
"enabled": true,
|
|
|
|
"destOverride": [
|
|
|
|
"http",
|
|
|
|
"tls"
|
2023-12-14 17:24:26 +03:00
|
|
|
],
|
|
|
|
"routeOnly": true
|
2023-10-24 23:13:26 +03:00
|
|
|
},
|
2023-11-19 17:49:38 +03:00
|
|
|
// settings of inbound "protocol" (see above)
|
2023-10-24 23:13:26 +03:00
|
|
|
"settings": {
|
|
|
|
"auth": "noauth",
|
2023-11-09 12:35:40 +03:00
|
|
|
"udp": true
|
2023-10-24 23:13:26 +03:00
|
|
|
}
|
|
|
|
},
|
2023-11-19 17:49:38 +03:00
|
|
|
// http/https proxy
|
2023-10-24 23:13:26 +03:00
|
|
|
{
|
|
|
|
"tag": "http",
|
|
|
|
"port": 801,
|
|
|
|
"listen": "127.0.0.1",
|
|
|
|
"protocol": "http",
|
2023-11-09 12:35:40 +03:00
|
|
|
// used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject
|
2023-10-24 23:13:26 +03:00
|
|
|
"sniffing": {
|
|
|
|
"enabled": true,
|
|
|
|
"destOverride": [
|
|
|
|
"http",
|
|
|
|
"tls"
|
|
|
|
],
|
2023-12-14 17:24:26 +03:00
|
|
|
"routeOnly": true
|
2023-10-24 23:13:26 +03:00
|
|
|
},
|
2023-11-19 17:49:38 +03:00
|
|
|
// settings of inbound "protocol" (see above)
|
2023-10-24 23:13:26 +03:00
|
|
|
"settings": {
|
|
|
|
"auth": "noauth",
|
2023-11-09 12:35:40 +03:00
|
|
|
"udp": true
|
2023-10-24 23:13:26 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
],
|
2023-11-09 12:35:40 +03:00
|
|
|
// client-side outbound configuration
|
2023-10-24 23:13:26 +03:00
|
|
|
"outbounds": [
|
2024-01-02 14:20:29 +03:00
|
|
|
// fallback, see `routing` section
|
2023-10-24 23:13:26 +03:00
|
|
|
{
|
|
|
|
"tag": "proxy",
|
|
|
|
"protocol": "vless",
|
2023-11-09 12:35:40 +03:00
|
|
|
// VLESS settings
|
2023-10-24 23:13:26 +03:00
|
|
|
"settings": {
|
|
|
|
"vnext": [
|
|
|
|
{
|
2023-11-09 12:35:40 +03:00
|
|
|
// IPv4 or IPv6 address of your xray server, or its domain name
|
2023-10-24 23:13:26 +03:00
|
|
|
"address": "server_address",
|
2023-11-09 12:35:40 +03:00
|
|
|
"port": 443,
|
2023-10-24 23:13:26 +03:00
|
|
|
"users": [
|
|
|
|
{
|
2023-11-09 12:35:40 +03:00
|
|
|
// should match server side
|
2023-10-24 23:13:26 +03:00
|
|
|
"id": "client_id",
|
|
|
|
"email": "client_email",
|
|
|
|
"encryption": "none",
|
2023-11-09 12:35:40 +03:00
|
|
|
"flow": "xtls-rprx-vision"
|
2023-10-24 23:13:26 +03:00
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
2023-11-09 12:35:40 +03:00
|
|
|
// settings of transport protocol, https://xtls.github.io/en/config/transport.html#streamsettingsobject
|
2023-10-24 23:13:26 +03:00
|
|
|
"streamSettings": {
|
2023-11-09 12:35:40 +03:00
|
|
|
"network": "tcp",
|
|
|
|
// transport layer encription, xtls + fallback
|
2023-10-24 23:13:26 +03:00
|
|
|
"security": "reality",
|
|
|
|
"realitySettings": {
|
2023-11-09 12:35:40 +03:00
|
|
|
// tls client hello fingerprint; here client appears as chrome to websites
|
2023-10-24 23:13:26 +03:00
|
|
|
"fingerprint": "chrome",
|
2023-11-09 12:35:40 +03:00
|
|
|
// fake server name which client is attempting to connect in the TLS handshake
|
|
|
|
"serverName": "www.youtube.com",
|
|
|
|
// optional; if true, outputs debug information
|
2023-10-24 23:13:26 +03:00
|
|
|
"show": false,
|
2023-11-09 12:35:40 +03:00
|
|
|
// paired with privateKey from server config
|
2023-10-24 23:13:26 +03:00
|
|
|
"publicKey": "public_key",
|
2023-11-09 12:35:40 +03:00
|
|
|
// user short id
|
|
|
|
"shortId": "short_id"
|
2023-10-24 23:13:26 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
2023-11-09 12:35:40 +03:00
|
|
|
// this outbound is to guide traffic to local sites not through the server
|
2023-11-14 13:19:15 +03:00
|
|
|
// but directly from the client; `tag` is just an outbound label
|
2023-10-24 23:13:26 +03:00
|
|
|
"tag": "direct",
|
|
|
|
"protocol": "freedom",
|
|
|
|
"settings": {}
|
2024-01-02 14:20:29 +03:00
|
|
|
},
|
|
|
|
// for that should be blocked
|
|
|
|
{
|
|
|
|
"protocol": "blackhole",
|
|
|
|
"tag": "block"
|
2023-10-24 23:13:26 +03:00
|
|
|
}
|
|
|
|
],
|
2023-11-09 12:35:40 +03:00
|
|
|
// Forward each inbound connections to corresponding `outboundTag`. If no rules match,
|
|
|
|
// the traffic is sent out by the first outbound in `outbounds` section.
|
2023-10-24 23:13:26 +03:00
|
|
|
"routing": {
|
|
|
|
"domainStrategy": "AsIs",
|
|
|
|
"rules": [
|
2023-11-19 17:49:38 +03:00
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"inboundTag": [
|
|
|
|
"api"
|
|
|
|
],
|
|
|
|
"outboundTag": "api"
|
|
|
|
},
|
2024-01-28 13:09:50 +03:00
|
|
|
// guide udp traffic to `direct` outbound
|
2024-01-02 14:20:29 +03:00
|
|
|
{
|
|
|
|
"type": "field",
|
2024-01-28 13:09:50 +03:00
|
|
|
"network": "udp",
|
|
|
|
"outboundTag": "direct"
|
|
|
|
},
|
|
|
|
// block localhost connections through xray
|
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"ip": [
|
|
|
|
"geoip:private"
|
|
|
|
],
|
2024-01-02 14:20:29 +03:00
|
|
|
"outboundTag": "block"
|
|
|
|
},
|
2024-01-28 13:09:50 +03:00
|
|
|
// guide bittorent traffic to `direct` outbound
|
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"protocol": [ "bittorrent" ],
|
|
|
|
"outboundTag": "direct"
|
|
|
|
},
|
|
|
|
// traffic to popular ports of torrent trackers
|
2024-01-02 14:20:29 +03:00
|
|
|
// and to popular ports of torrent clients
|
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"port": "6969,6881-6889",
|
2024-01-28 13:09:50 +03:00
|
|
|
"outboundTag": "direct"
|
2024-01-02 14:20:29 +03:00
|
|
|
},
|
2024-01-28 13:09:50 +03:00
|
|
|
// traffic from popular ports of torrent clients
|
2024-01-02 14:20:29 +03:00
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"sourcePort": "6881-6889",
|
2024-01-28 13:09:50 +03:00
|
|
|
"outboundTag": "direct"
|
2024-01-02 14:20:29 +03:00
|
|
|
},
|
2024-02-21 19:33:21 +03:00
|
|
|
// exceptions for some *.ru sites that shouldn't be blocked or accessed directly
|
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"domain": [
|
|
|
|
"ext:customgeo.dat:coherence-extra-exceptions"
|
|
|
|
],
|
|
|
|
"outboundTag": "proxy"
|
|
|
|
},
|
2024-01-02 14:20:29 +03:00
|
|
|
// guide domestic sites traffic to `direct` outbound
|
2023-10-30 14:47:03 +03:00
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"domain": [
|
|
|
|
"geosite:cn",
|
2023-11-14 13:19:15 +03:00
|
|
|
"domain:cn",
|
|
|
|
// punycode for national Chinese top-level domains .中国, .中國, .公司, .网络
|
|
|
|
"domain:xn--fiqs8s",
|
|
|
|
"domain:xn--fiqz9s",
|
|
|
|
"domain:xn--55qx5d",
|
|
|
|
"domain:xn--io0a7i",
|
2023-10-30 14:47:03 +03:00
|
|
|
"domain:ru",
|
2023-11-14 13:19:15 +03:00
|
|
|
// punycode for cyrillic Russian top-level domain .рф
|
|
|
|
"domain:xn--p1ai",
|
2023-10-30 14:47:03 +03:00
|
|
|
"domain:by",
|
2023-11-14 13:19:15 +03:00
|
|
|
// punycode for national Belorussian top-level domain .бел
|
|
|
|
"domain:xn--90ais",
|
|
|
|
"domain:ir",
|
2023-11-15 09:46:06 +03:00
|
|
|
// extra domains that are used by domestic sites, see https://github.com/EvgenyNerush/coherence-grabber/tree/main
|
2024-01-28 11:52:54 +03:00
|
|
|
"ext:customgeo.dat:coherence-extra",
|
|
|
|
"ext:customgeo.dat:coherence-extra-plus"
|
2023-10-30 14:47:03 +03:00
|
|
|
],
|
|
|
|
"outboundTag": "direct"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"ip": [
|
|
|
|
"geoip:cn",
|
|
|
|
"geoip:ru",
|
|
|
|
"geoip:by",
|
|
|
|
"geoip:ir"
|
|
|
|
],
|
|
|
|
"outboundTag": "direct"
|
2023-10-24 23:13:26 +03:00
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|