2023-11-09 12:35:40 +03:00
|
|
|
// This config is based on
|
|
|
|
// https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-Vision-REALITY/REALITY.ENG.md
|
|
|
|
{
|
|
|
|
"log": {
|
|
|
|
"access": "none",
|
|
|
|
"error": "",
|
|
|
|
"loglevel": "warning",
|
|
|
|
"dnsLog": false
|
|
|
|
},
|
|
|
|
// Forward each inbound connections to corresponding `outboundTag`. If no rules match,
|
|
|
|
// the traffic is sent out by the first outbound in `outbounds` section.
|
|
|
|
"routing": {
|
|
|
|
"domainStrategy": "IPIfNonMatch",
|
|
|
|
"rules": [
|
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"port": "80",
|
|
|
|
"network": "udp",
|
|
|
|
"outboundTag": "block"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"ip": [
|
|
|
|
// localhost connections
|
|
|
|
"geoip:private"
|
|
|
|
],
|
|
|
|
"outboundTag": "block"
|
2023-11-15 09:46:06 +03:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"protocol": [ "bittorrent" ],
|
|
|
|
"outboundTag": "block"
|
|
|
|
},
|
|
|
|
// block domestic client traffic if it's coming somehow (e.g. wrong client config)
|
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"domain": [
|
|
|
|
"geosite:cn",
|
|
|
|
"domain:cn",
|
|
|
|
"domain:xn--fiqs8s",
|
|
|
|
"domain:xn--fiqz9s",
|
|
|
|
"domain:xn--55qx5d",
|
|
|
|
"domain:xn--io0a7i",
|
|
|
|
"domain:ru",
|
|
|
|
"domain:xn--p1ai",
|
|
|
|
"domain:by",
|
|
|
|
"domain:xn--90ais",
|
|
|
|
"domain:ir",
|
|
|
|
"ext:customgeo.dat:coherence-extra"
|
|
|
|
],
|
|
|
|
"outboundTag": "block"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "field",
|
|
|
|
"ip": [
|
|
|
|
"geoip:cn",
|
|
|
|
"geoip:ru",
|
|
|
|
"geoip:by",
|
|
|
|
"geoip:ir"
|
|
|
|
],
|
|
|
|
"outboundTag": "block"
|
2023-11-09 12:35:40 +03:00
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
// server-side inbound configuration
|
|
|
|
"inbounds": [
|
2023-11-10 13:36:07 +03:00
|
|
|
// main inbound, clients connect to it
|
2023-11-09 12:35:40 +03:00
|
|
|
{
|
|
|
|
"listen": "0.0.0.0",
|
|
|
|
"port": 443,
|
|
|
|
"protocol": "vless",
|
|
|
|
// VLESS settings
|
|
|
|
"settings": {
|
|
|
|
"clients": [
|
|
|
|
{
|
|
|
|
// can be generated with `xray uuid`
|
|
|
|
"id": "client_id",
|
|
|
|
// some email; appears in logs
|
|
|
|
"email": "client_email",
|
|
|
|
// Optional; if specified, clients must enable XTLS.
|
|
|
|
// XTLS is Xray's original technology, which doesn't encrypt TLS traffic (which is already encrypted),
|
|
|
|
// providing outstanding performance and no fingerprints of double-encrypted TLS.
|
|
|
|
// XTLS has the same security as TLS.
|
|
|
|
// https://xtls.github.io/en/config/transport.html#streamsettingsobject
|
|
|
|
"flow": "xtls-rprx-vision"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"decryption": "none"
|
|
|
|
},
|
|
|
|
// settings of transport protocol, https://xtls.github.io/en/config/transport.html#streamsettingsobject
|
|
|
|
"streamSettings": {
|
|
|
|
"network": "tcp",
|
|
|
|
"security": "reality",
|
|
|
|
// REALITY fallback options; see also https://xtls.github.io/en/config/features/fallback.html
|
|
|
|
"realitySettings": {
|
|
|
|
// optional; if true, outputs debug information
|
|
|
|
"show": false,
|
|
|
|
// with failed authentication VLESS will forward traffic to this address
|
|
|
|
"dest": "www.youtube.com:443",
|
|
|
|
"xver": 0,
|
2023-11-10 13:36:07 +03:00
|
|
|
// required; list of server names which client can provide to the server during the handshake.
|
|
|
|
// (The internet provider sees "serverName" of client config in the client-server traffic, then a censor
|
|
|
|
// can use this for active probing. Thus, this names should be in accordance with "dest" above.)
|
|
|
|
"serverNames": [
|
|
|
|
"www.youtube.com"
|
|
|
|
],
|
|
|
|
// required; generate with `xray x25519`; use paired publicKey in client configs
|
|
|
|
"privateKey": "private_key",
|
|
|
|
"shortIds": [
|
|
|
|
// required, list of shortIds available to clients, can be used to distinguish different clients
|
|
|
|
"short_id"
|
|
|
|
]
|
|
|
|
}
|
|
|
|
},
|
|
|
|
// used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject
|
|
|
|
"sniffing": {
|
|
|
|
"enabled": true,
|
|
|
|
"destOverride": [
|
|
|
|
"http",
|
|
|
|
"tls",
|
|
|
|
"quic"
|
|
|
|
]
|
|
|
|
}
|
|
|
|
},
|
|
|
|
// extra inbound; its main purpose is to get fallback to "dest" at port 80. Many regular websites
|
|
|
|
// have open ports 80 (http) and 443 (https).
|
|
|
|
{
|
|
|
|
"listen": "0.0.0.0",
|
|
|
|
"port": 80,
|
|
|
|
"protocol": "vless",
|
|
|
|
// VLESS settings
|
|
|
|
"settings": {
|
|
|
|
"clients": [
|
|
|
|
{
|
|
|
|
// can be generated with `xray uuid`
|
|
|
|
"id": "client_id",
|
|
|
|
// some email; appears in logs
|
|
|
|
"email": "client_email",
|
|
|
|
// Optional; if specified, clients must enable XTLS.
|
|
|
|
// XTLS is Xray's original technology, which doesn't encrypt TLS traffic (which is already encrypted),
|
|
|
|
// providing outstanding performance and no fingerprints of double-encrypted TLS.
|
|
|
|
// XTLS has the same security as TLS.
|
|
|
|
// https://xtls.github.io/en/config/transport.html#streamsettingsobject
|
|
|
|
"flow": "xtls-rprx-vision"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"decryption": "none"
|
|
|
|
},
|
|
|
|
// settings of transport protocol, https://xtls.github.io/en/config/transport.html#streamsettingsobject
|
|
|
|
"streamSettings": {
|
|
|
|
"network": "tcp",
|
|
|
|
"security": "reality",
|
|
|
|
// REALITY fallback options; see also https://xtls.github.io/en/config/features/fallback.html
|
|
|
|
"realitySettings": {
|
|
|
|
// optional; if true, outputs debug information
|
|
|
|
"show": false,
|
|
|
|
// with failed authentication VLESS will forward traffic to this address
|
|
|
|
"dest": "www.youtube.com:80",
|
|
|
|
"xver": 0,
|
|
|
|
// required; list of server names which client can provide to the server during the handshake.
|
|
|
|
// (The internet provider sees "serverName" of client config in the client-server traffic, then a censor
|
|
|
|
// can use this for active probing. Thus, this names should be in accordance with "dest" above.)
|
2023-11-09 12:35:40 +03:00
|
|
|
"serverNames": [
|
|
|
|
"www.youtube.com"
|
|
|
|
],
|
|
|
|
// required; generate with `xray x25519`; use paired publicKey in client configs
|
|
|
|
"privateKey": "private_key",
|
|
|
|
"shortIds": [
|
|
|
|
// required, list of shortIds available to clients, can be used to distinguish different clients
|
|
|
|
"short_id"
|
|
|
|
]
|
|
|
|
}
|
|
|
|
},
|
|
|
|
// used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject
|
|
|
|
"sniffing": {
|
|
|
|
"enabled": true,
|
|
|
|
"destOverride": [
|
|
|
|
"http",
|
|
|
|
"tls",
|
|
|
|
"quic"
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
],
|
|
|
|
// server-side outbound configuration
|
|
|
|
"outbounds": [
|
2023-11-15 09:46:06 +03:00
|
|
|
// direct connection
|
2023-11-09 12:35:40 +03:00
|
|
|
{
|
|
|
|
"protocol": "freedom",
|
|
|
|
"tag": "direct"
|
|
|
|
},
|
2023-11-15 09:46:06 +03:00
|
|
|
// for that should be blocked
|
2023-11-09 12:35:40 +03:00
|
|
|
{
|
|
|
|
"protocol": "blackhole",
|
|
|
|
"tag": "block"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|