mirrors/easy-xray
1
0
Fork 0
mirror of https://github.com/EvgenyNerush/easy-xray.git synced 2025-03-14 20:21:01 +03:00
Code Issues Projects Releases Packages Wiki Activity

replace grpc by xtls

Browse source
This commit is contained in:
Evgeny Nerush 2023-11-09 12:35:40 +03:00
parent 48ab226b7f
commit b4f9588c89
4 changed files with 163 additions and 148 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
ex.sh
View file

@ -7,6 +7,19 @@ green='\033[0;32m'
yellow='\033[0;33m'
normal='\033[0m'
# strip lines with comments from jsonC
jsonc2json () {
if [ ! -v $1 ]
then
filename=$1
cat $filename | grep -v \/\/
else
echo "${red}jsonc2json: no argument is given${red}"
exit 1
fi
}
export PATH=$PATH:/usr/local/bin/ # for sudo user this can be not in PATH
if command -v xray > /dev/null
then
@ -111,15 +124,16 @@ containing only digits 0-9 and letters a-f, for instance
fi
fi
echo -e "${bold}Choose a fake site to mimic.${normal}
It is better if it is hosted by your VPS provider
or is in the same country. Better if it is popular.
(1) www.yahoo.com (default)
Better if it is: hosted by your VPS provider,
in the same country, it is popular,
and have only ports 80 (http) and 443 (https) open
(can check with `nmap -T4 hostname`)
(1) www.youtube.com (default)
(2) www.microsoft.com
(3) www.google.com
(4) www.nvidia.com
(5) www.amd.com
(6) www.samsung.com
(7) your variant"
(4) www.bing.com
(5) www.yahoo.com
(6) your variant"
read number
if [ ! -v $number ]
then
@ -131,26 +145,23 @@ or is in the same country. Better if it is popular.
fake_site="www.google.com"
elif [ $number -eq 4 ]
then
fake_site="www.nvidia.com"
fake_site="www.bing.com"
elif [ $number -eq 5 ]
then
fake_site="www.amd.com"
fake_site="www.yahoo.com"
elif [ $number -eq 6 ]
then
fake_site="www.samsung.com"
elif [ $number -eq 7 ]
then
echo -e "type your variant:"
read fake_site
if [ -v $fake_site ]
then
fake_site="www.yahoo.com"
fake_site="www.youtube.com"
fi
else
fake_site="www.yahoo.com"
fake_site="www.youtube.com"
fi
else
fake_site="www.yahoo.com"
fake_site="www.youtube.com"
fi
echo -e "${green}mimic ${fake_site}${normal}"
email="love@xray.com"
@ -158,7 +169,7 @@ or is in the same country. Better if it is popular.
{
\"id\": \"${id}\",
\"email\": \"${email}\",
\"flow\": \"\"
\"flow\": \"xtls-rprx-vision\"
}
]"
serverRealitySettings=" {
@ -170,35 +181,32 @@ or is in the same country. Better if it is popular.
\"shortIds\": [ \"${short_id}\" ]
}"
# make server config
cat template_config_server.json | jq ".inbounds[].settings.clients=${clients} | .inbounds[].streamSettings.realitySettings=${serverRealitySettings}" > config_server.json
jsonc2json template_config_server.jsonc | jq ".inbounds[].settings.clients=${clients} | .inbounds[].streamSettings.realitySettings=${serverRealitySettings}" > config_server.json
# then make the user (not root) an owner of a file
[[ $SUDO_USER ]] && chown "$SUDO_USER:$SUDO_USER" config_server.json
vnext=" [
{
\"address\": \"${address}\",
\"port\": 50051,
\"port\": 443,
\"users\": [
{
\"id\": \"${id}\",
\"alterId\": 0,
\"email\": \"${email}\",
\"security\": \"auto\",
\"encryption\": \"none\",
\"flow\": \"\"
\"flow\": \"xtls-rprx-vision\"
}
]
}
]"
clientRealitySettings=" {
\"serverName\": \"${fake_site}\",
\"fingerprint\": \"chrome\",
\"serverName\": \"${fake_site}\",
\"show\": false,
\"publicKey\": \"${public_key}\",
\"shortId\": \"${short_id}\",
\"spiderX\": \"\"
}"
# make main client config
cat template_config_client.json | jq ".outbounds |= map(if .settings.vnext then .settings.vnext=${vnext} else . end) | .outbounds |= map(if .streamSettings.realitySettings then .streamSettings.realitySettings=${clientRealitySettings} else . end)" > config_client.json
jsonc2json template_config_client.jsonc | jq ".outbounds |= map(if .settings.vnext then .settings.vnext=${vnext} else . end) | .outbounds |= map(if .streamSettings.realitySettings then .streamSettings.realitySettings=${clientRealitySettings} else . end)" > config_client.json
# then make the user (not root) an owner of a file
[[ $SUDO_USER ]] && chown "$SUDO_USER:$SUDO_USER" config_client.json
fi
@ -277,7 +285,7 @@ containing only digits 0-9 and letters a-f, for instance
{
\"id\": \"${id}\",
\"email\": \"${username}@example.com\",
\"flow\": \"\"
\"flow\": \"xtls-rprx-vision\"
}
"
cp config_server.json config_server.json.backup

65
template_config_client.json → template_config_client.jsonc
View file

@ -1,3 +1,5 @@
// This config is based on
// https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-Vision-REALITY/REALITY.ENG.md
{
"log": {
"access": "none",
@ -5,24 +7,25 @@
"loglevel": "warning",
"dnsLog": false
},
// client-side inbound configuration
"inbounds": [
{
"tag": "socks",
"port": 800,
"listen": "127.0.0.1",
"protocol": "socks",
// used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"routeOnly": false
]
},
// settings of inbound `protocol` (see above)
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
"udp": true
}
},
{
@ -30,6 +33,7 @@
"port": 801,
"listen": "127.0.0.1",
"protocol": "http",
// used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject
"sniffing": {
"enabled": true,
"destOverride": [
@ -38,75 +42,66 @@
],
"routeOnly": false
},
// settings of inbound `protocol` (see above)
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
"udp": true
}
}
],
// client-side outbound configuration
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
// VLESS settings
"settings": {
"vnext": [
{
// IPv4 or IPv6 address of your xray server, or its domain name
"address": "server_address",
"port": 50051,
"port": 443,
"users": [
{
// should match server side
"id": "client_id",
"alterId": 0,
"email": "client_email",
"security": "auto",
"encryption": "none",
"flow": ""
"flow": "xtls-rprx-vision"
}
]
}
]
},
// settings of transport protocol, https://xtls.github.io/en/config/transport.html#streamsettingsobject
"streamSettings": {
"network": "grpc",
"network": "tcp",
// transport layer encription, xtls + fallback
"security": "reality",
"realitySettings": {
"serverName": "www.yahoo.com",
// tls client hello fingerprint; here client appears as chrome to websites
"fingerprint": "chrome",
// fake server name which client is attempting to connect in the TLS handshake
"serverName": "www.youtube.com",
// optional; if true, outputs debug information
"show": false,
// paired with privateKey from server config
"publicKey": "public_key",
"shortId": "short_id",
"spiderX": ""
},
"grpcSettings": {
"serviceName": "",
"multiMode": false,
"idle_timeout": 60,
"health_check_timeout": 20,
"permit_without_stream": false,
"initial_windows_size": 0
// user short id
"shortId": "short_id"
}
},
"mux": {
"enabled": false,
"concurrency": -1
}
},
{
// this outbound is to guide traffic to local sites not through the server
// but directly from the client; `tag` is just a label of oubound
"tag": "direct",
"protocol": "freedom",
"settings": {}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
}
],
// Forward each inbound connections to corresponding `outboundTag`. If no rules match,
// the traffic is sent out by the first outbound in `outbounds` section.
"routing": {
"domainStrategy": "AsIs",
"rules": [

88
template_config_server.json
View file

@ -1,88 +0,0 @@
{
"log": {
"access": "none",
"error": "",
"loglevel": "warning",
"dnsLog": false
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"port": "80",
"network": "udp",
"outboundTag": "block"
},
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 50051,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "client_id",
"email": "client_email",
"flow": ""
}
],
"decryption": "none"
},
"streamSettings": {
"network": "grpc",
"security": "reality",
"realitySettings": {
"show": false,
"dest": "www.yahoo.com:443",
"xver": 0,
"serverNames": [
"www.yahoo.com"
],
"privateKey": "private_key",
"shortIds": [
"short_id"
]
},
"grpcSettings": {
"serviceName": ""
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
],
"policy": {
"levels": {
"0": {
"handshake": 2,
"connIdle": 120
}
}
}
}

100
template_config_server.jsonc Normal file
View file

@ -0,0 +1,100 @@
// This config is based on
// https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-Vision-REALITY/REALITY.ENG.md
{
"log": {
"access": "none",
"error": "",
"loglevel": "warning",
"dnsLog": false
},
// Forward each inbound connections to corresponding `outboundTag`. If no rules match,
// the traffic is sent out by the first outbound in `outbounds` section.
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"port": "80",
"network": "udp",
"outboundTag": "block"
},
{
"type": "field",
"ip": [
// localhost connections
"geoip:private"
],
"outboundTag": "block"
}
]
},
// server-side inbound configuration
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
// VLESS settings
"settings": {
"clients": [
{
// can be generated with `xray uuid`
"id": "client_id",
// some email; appears in logs
"email": "client_email",
// Optional; if specified, clients must enable XTLS.
// XTLS is Xray's original technology, which doesn't encrypt TLS traffic (which is already encrypted),
// providing outstanding performance and no fingerprints of double-encrypted TLS.
// XTLS has the same security as TLS.
// https://xtls.github.io/en/config/transport.html#streamsettingsobject
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
// settings of transport protocol, https://xtls.github.io/en/config/transport.html#streamsettingsobject
"streamSettings": {
"network": "tcp",
"security": "reality",
// REALITY fallback options; see also https://xtls.github.io/en/config/features/fallback.html
"realitySettings": {
// optional; if true, outputs debug information
"show": false,
// with failed authentication VLESS will forward traffic to this address
"dest": "www.youtube.com:443",
"xver": 0,
// required; list of server names which client can provide to the server during the handshake
"serverNames": [
"www.youtube.com"
],
// required; generate with `xray x25519`; use paired publicKey in client configs
"privateKey": "private_key",
"shortIds": [
// required, list of shortIds available to clients, can be used to distinguish different clients
"short_id"
]
}
},
// used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
// server-side outbound configuration
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}