mirrors/easy-xray
1
0
Fork 0
mirror of https://github.com/EvgenyNerush/easy-xray.git synced 2024-11-21 16:25:23 +03:00
Code Issues Projects Releases Packages Wiki Activity
easy-xray/template_config_server.jsonc
Evgeny Nerush 520bca6992 add CDN support at the second ip address
2024-03-26 17:00:10 +03:00

288 lines
9.3 KiB
Text
Raw Blame History

// This config is based on
// https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-Vision-REALITY/REALITY.ENG.md
{
"log": {
"access": "none",
"error": "",
"loglevel": "warning",
"dnsLog": false
},
// Turns on traffic statistics, see https://xtls.github.io/en/config/stats.html#statsobject
// and https://xtls.github.io/en/config/policy.html#policyobject
// and special "api" tag below
"stats": {
},
"policy": {
"levels": {
// default level
"0": {
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
// enables API interface https://xtls.github.io/en/config/api.html#apiobject
"api": {
"tag": "api",
"services": [ "StatsService" ]
},
// Forward each inbound connections to corresponding `outboundTag`. If no rules match,
// the traffic is sent out by the first outbound in `outbounds` section.
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"inboundTag": [
"api"
],
"outboundTag": "api"
},
// guide udp traffic to `block` outbound
{
"type": "field",
"network": "udp",
"outboundTag": "block"
},
// block localhost connections through xray
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
},
// guide bittorent traffic to `block` outbound
{
"type": "field",
"protocol": [ "bittorrent" ],
"outboundTag": "block"
},
// block traffic to popular ports of torrent trackers
// and to popular ports of torrent clients
{
"type": "field",
"port": "6969,6881-6889",
"outboundTag": "block"
},
// block traffic from popular ports of torrent clients
{
"type": "field",
"sourcePort": "6881-6889",
"outboundTag": "block"
},
// exceptions for *.ru websites that shouldn't be blocked
{
"type": "field",
"domain": [
"ext:customgeo.dat:coherence-extra-exceptions"
],
"outboundTag": "direct"
},
// block domestic client traffic if it's coming somehow (e.g. wrong client config)
{
"type": "field",
"domain": [
"geosite:cn",
"domain:cn",
// punycode for national Chinese top-level domains .中国, .中國, .公司, .网络
"domain:xn--fiqs8s",
"domain:xn--fiqz9s",
"domain:xn--55qx5d",
"domain:xn--io0a7i",
"domain:ru",
// punycode for cyrillic Russian top-level domain .рф
"domain:xn--p1ai",
"domain:by",
// punycode for national Belorussian top-level domain .бел
"domain:xn--90ais",
"domain:ir",
// extra domains that are used by domestic sites, see https://github.com/EvgenyNerush/coherence-grabber/tree/main
"ext:customgeo.dat:coherence-extra"
],
"outboundTag": "block"
},
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:ru",
"geoip:by",
"geoip:ir"
],
"outboundTag": "block"
}
]
},
// server-side inbound configuration
"inbounds": [
// gRPC API inbound, used to get statistics
{
"listen": "127.0.0.1",
"port": 8080,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
},
// main inbound, clients connect to it
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
// VLESS settings
"settings": {
"clients": [
{
// can be generated with `xray uuid`
"id": "client_id",
// some email; appears in logs
"email": "client_email",
// Optional; if specified, clients must enable XTLS.
// XTLS is Xray's original technology, which doesn't encrypt TLS traffic (which is already encrypted),
// providing outstanding performance and no fingerprints of double-encrypted TLS.
// XTLS has the same security as TLS.
// https://xtls.github.io/en/config/transport.html#streamsettingsobject
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
// settings of transport protocol, https://xtls.github.io/en/config/transport.html#streamsettingsobject
"streamSettings": {
"network": "tcp",
"security": "reality",
// REALITY fallback options; see also https://xtls.github.io/en/config/features/fallback.html
"realitySettings": {
// optional; if true, outputs debug information
"show": false,
// with failed authentication VLESS will forward traffic to this address
"dest": "www.youtube.com:443",
"xver": 0,
// required; list of server names which client can provide to the server during the handshake.
// (The internet provider sees "serverName" of client config in the client-server traffic, then a censor
// can use this for active probing. Thus, this names should be in accordance with "dest" above.)
"serverNames": [
"www.youtube.com"
],
// required; generate with `xray x25519`; use paired publicKey in client configs
"privateKey": "private_key",
"shortIds": [
// required, list of shortIds available to clients, can be used to distinguish different clients
"short_id"
]
}
},
// used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"routeOnly": true
}
},
// extra inbound; its main purpose is to get fallback to "dest" at port 80. Many regular websites
// have open ports 80 (http) and 443 (https).
{
"listen": "0.0.0.0",
"port": 80,
"protocol": "vless",
// VLESS settings
"settings": {
"clients": [
{
// can be generated with `xray uuid`
"id": "client_id",
// some email; appears in logs
"email": "client_email",
// Optional; if specified, clients must enable XTLS.
// XTLS is Xray's original technology, which doesn't encrypt TLS traffic (which is already encrypted),
// providing outstanding performance and no fingerprints of double-encrypted TLS.
// XTLS has the same security as TLS.
// https://xtls.github.io/en/config/transport.html#streamsettingsobject
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
// settings of transport protocol, https://xtls.github.io/en/config/transport.html#streamsettingsobject
"streamSettings": {
"network": "tcp",
"security": "reality",
// REALITY fallback options; see also https://xtls.github.io/en/config/features/fallback.html
"realitySettings": {
// optional; if true, outputs debug information
"show": false,
// with failed authentication VLESS will forward traffic to this address
"dest": "www.youtube.com:80",
"xver": 0,
// required; list of server names which client can provide to the server during the handshake.
// (The internet provider sees "serverName" of client config in the client-server traffic, then a censor
// can use this for active probing. Thus, this names should be in accordance with "dest" above.)
"serverNames": [
"www.youtube.com"
],
// required; generate with `xray x25519`; use paired publicKey in client configs
"privateKey": "private_key",
"shortIds": [
// required, list of shortIds available to clients, can be used to distinguish different clients
"short_id"
]
}
},
// used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"routeOnly": true
}
},
// this inbound can be used with Nginx configured to listen grpc on IPv6 address;
// vless can't give a reasonable fallback when used with grpc, but nginx can;
// see 'CDN' section in Readme for details
{
"tag": "grpc",
"listen": "127.0.0.1",
"port": 50051,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "client_id"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "grpc",
"grpcSettings": {
// nginx config should contain `location /your_service_name`
"serviceName": "your_service_name"
}
}
}
],
// server-side outbound configuration
"outbounds": [
// direct connection; fallback, see `routing` section
{
"protocol": "freedom",
"tag": "direct"
},
// for that should be blocked
{
"protocol": "blackhole",
"tag": "block"
}
]
}
Reference in a new issue View git blame Copy permalink