github-mirrors/easy-xray
1
0
Fork 0
mirror of https://github.com/EvgenyNerush/easy-xray.git synced 2025-12-14 05:45:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

replace grpc by xtls

Browse Source
This commit is contained in:
Evgeny Nerush
2023-11-09 12:35:40 +03:00
parent 48ab226b7f
commit b4f9588c89
4 changed files with 163 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
ex.sh
View File

@@ -7,6 +7,19 @@ green='\033[0;32m'
yellow='\033[0;33m' yellow='\033[0;33m'
normal='\033[0m' normal='\033[0m'
# strip lines with comments from jsonC
jsonc2json () {
if [ ! -v $1 ]
then
filename=$1
cat $filename | grep -v \/\/
else
echo "${red}jsonc2json: no argument is given${red}"
exit 1
fi
}
export PATH=$PATH:/usr/local/bin/ # for sudo user this can be not in PATH export PATH=$PATH:/usr/local/bin/ # for sudo user this can be not in PATH
if command -v xray > /dev/null if command -v xray > /dev/null
then then
@@ -111,15 +124,16 @@ containing only digits 0-9 and letters a-f, for instance
fi fi
fi fi
echo -e "${bold}Choose a fake site to mimic.${normal} echo -e "${bold}Choose a fake site to mimic.${normal}
It is better if it is hosted by your VPS provider Better if it is: hosted by your VPS provider,
or is in the same country. Better if it is popular. in the same country, it is popular,
(1) www.yahoo.com (default) and have only ports 80 (http) and 443 (https) open
(can check with `nmap -T4 hostname`)
(1) www.youtube.com (default)
(2) www.microsoft.com (2) www.microsoft.com
(3) www.google.com (3) www.google.com
(4) www.nvidia.com (4) www.bing.com
(5) www.amd.com (5) www.yahoo.com
(6) www.samsung.com (6) your variant"
(7) your variant"
read number read number
if [ ! -v $number ] if [ ! -v $number ]
then then
@@ -131,26 +145,23 @@ or is in the same country. Better if it is popular.
fake_site="www.google.com" fake_site="www.google.com"
elif [ $number -eq 4 ] elif [ $number -eq 4 ]
then then
fake_site="www.nvidia.com" fake_site="www.bing.com"
elif [ $number -eq 5 ] elif [ $number -eq 5 ]
then then
fake_site="www.amd.com" fake_site="www.yahoo.com"
elif [ $number -eq 6 ] elif [ $number -eq 6 ]
then
fake_site="www.samsung.com"
elif [ $number -eq 7 ]
then then
echo -e "type your variant:" echo -e "type your variant:"
read fake_site read fake_site
if [ -v $fake_site ] if [ -v $fake_site ]
then then
fake_site="www.yahoo.com" fake_site="www.youtube.com"
fi fi
else else
fake_site="www.yahoo.com" fake_site="www.youtube.com"
fi fi
else else
fake_site="www.yahoo.com" fake_site="www.youtube.com"
fi fi
echo -e "${green}mimic ${fake_site}${normal}" echo -e "${green}mimic ${fake_site}${normal}"
email="love@xray.com" email="love@xray.com"
@@ -158,7 +169,7 @@ or is in the same country. Better if it is popular.
{ {
\"id\": \"${id}\", \"id\": \"${id}\",
\"email\": \"${email}\", \"email\": \"${email}\",
\"flow\": \"\" \"flow\": \"xtls-rprx-vision\"
} }
]" ]"
serverRealitySettings=" { serverRealitySettings=" {
@@ -170,35 +181,32 @@ or is in the same country. Better if it is popular.
\"shortIds\": [ \"${short_id}\" ] \"shortIds\": [ \"${short_id}\" ]
}" }"
# make server config # make server config
cat template_config_server.json | jq ".inbounds[].settings.clients=${clients} | .inbounds[].streamSettings.realitySettings=${serverRealitySettings}" > config_server.json jsonc2json template_config_server.jsonc | jq ".inbounds[].settings.clients=${clients} | .inbounds[].streamSettings.realitySettings=${serverRealitySettings}" > config_server.json
# then make the user (not root) an owner of a file # then make the user (not root) an owner of a file
[[ $SUDO_USER ]] && chown "$SUDO_USER:$SUDO_USER" config_server.json [[ $SUDO_USER ]] && chown "$SUDO_USER:$SUDO_USER" config_server.json
vnext=" [ vnext=" [
{ {
\"address\": \"${address}\", \"address\": \"${address}\",
\"port\": 50051, \"port\": 443,
\"users\": [ \"users\": [
{ {
\"id\": \"${id}\", \"id\": \"${id}\",
\"alterId\": 0,
\"email\": \"${email}\", \"email\": \"${email}\",
\"security\": \"auto\",
\"encryption\": \"none\", \"encryption\": \"none\",
\"flow\": \"\" \"flow\": \"xtls-rprx-vision\"
} }
] ]
} }
]" ]"
clientRealitySettings=" { clientRealitySettings=" {
\"serverName\": \"${fake_site}\",
\"fingerprint\": \"chrome\", \"fingerprint\": \"chrome\",
\"serverName\": \"${fake_site}\",
\"show\": false, \"show\": false,
\"publicKey\": \"${public_key}\", \"publicKey\": \"${public_key}\",
\"shortId\": \"${short_id}\", \"shortId\": \"${short_id}\",
\"spiderX\": \"\"
}" }"
# make main client config # make main client config
cat template_config_client.json | jq ".outbounds |= map(if .settings.vnext then .settings.vnext=${vnext} else . end) | .outbounds |= map(if .streamSettings.realitySettings then .streamSettings.realitySettings=${clientRealitySettings} else . end)" > config_client.json jsonc2json template_config_client.jsonc | jq ".outbounds |= map(if .settings.vnext then .settings.vnext=${vnext} else . end) | .outbounds |= map(if .streamSettings.realitySettings then .streamSettings.realitySettings=${clientRealitySettings} else . end)" > config_client.json
# then make the user (not root) an owner of a file # then make the user (not root) an owner of a file
[[ $SUDO_USER ]] && chown "$SUDO_USER:$SUDO_USER" config_client.json [[ $SUDO_USER ]] && chown "$SUDO_USER:$SUDO_USER" config_client.json
fi fi
@@ -277,7 +285,7 @@ containing only digits 0-9 and letters a-f, for instance
{ {
\"id\": \"${id}\", \"id\": \"${id}\",
\"email\": \"${username}@example.com\", \"email\": \"${username}@example.com\",
\"flow\": \"\" \"flow\": \"xtls-rprx-vision\"
} }
" "
cp config_server.json config_server.json.backup cp config_server.json config_server.json.backup

65
template_config_client.json → template_config_client.jsonc
View File

@@ -1,3 +1,5 @@
// This config is based on
// https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-Vision-REALITY/REALITY.ENG.md
{ {
"log": { "log": {
"access": "none", "access": "none",
@@ -5,24 +7,25 @@
"loglevel": "warning", "loglevel": "warning",
"dnsLog": false "dnsLog": false
}, },
// client-side inbound configuration
"inbounds": [ "inbounds": [
{ {
"tag": "socks", "tag": "socks",
"port": 800, "port": 800,
"listen": "127.0.0.1", "listen": "127.0.0.1",
"protocol": "socks", "protocol": "socks",
// used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject
"sniffing": { "sniffing": {
"enabled": true, "enabled": true,
"destOverride": [ "destOverride": [
"http", "http",
"tls" "tls"
], ]
"routeOnly": false
}, },
// settings of inbound `protocol` (see above)
"settings": { "settings": {
"auth": "noauth", "auth": "noauth",
"udp": true, "udp": true
"allowTransparent": false
} }
}, },
{ {
@@ -30,6 +33,7 @@
"port": 801, "port": 801,
"listen": "127.0.0.1", "listen": "127.0.0.1",
"protocol": "http", "protocol": "http",
// used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject
"sniffing": { "sniffing": {
"enabled": true, "enabled": true,
"destOverride": [ "destOverride": [
@@ -38,75 +42,66 @@
], ],
"routeOnly": false "routeOnly": false
}, },
// settings of inbound `protocol` (see above)
"settings": { "settings": {
"auth": "noauth", "auth": "noauth",
"udp": true, "udp": true
"allowTransparent": false
} }
} }
], ],
// client-side outbound configuration
"outbounds": [ "outbounds": [
{ {
"tag": "proxy", "tag": "proxy",
"protocol": "vless", "protocol": "vless",
// VLESS settings
"settings": { "settings": {
"vnext": [ "vnext": [
{ {
// IPv4 or IPv6 address of your xray server, or its domain name
"address": "server_address", "address": "server_address",
"port": 50051, "port": 443,
"users": [ "users": [
{ {
// should match server side
"id": "client_id", "id": "client_id",
"alterId": 0,
"email": "client_email", "email": "client_email",
"security": "auto",
"encryption": "none", "encryption": "none",
"flow": "" "flow": "xtls-rprx-vision"
} }
] ]
} }
] ]
}, },
// settings of transport protocol, https://xtls.github.io/en/config/transport.html#streamsettingsobject
"streamSettings": { "streamSettings": {
"network": "grpc", "network": "tcp",
// transport layer encription, xtls + fallback
"security": "reality", "security": "reality",
"realitySettings": { "realitySettings": {
"serverName": "www.yahoo.com", // tls client hello fingerprint; here client appears as chrome to websites
"fingerprint": "chrome", "fingerprint": "chrome",
// fake server name which client is attempting to connect in the TLS handshake
"serverName": "www.youtube.com",
// optional; if true, outputs debug information
"show": false, "show": false,
// paired with privateKey from server config
"publicKey": "public_key", "publicKey": "public_key",
"shortId": "short_id", // user short id
"spiderX": "" "shortId": "short_id"
},
"grpcSettings": {
"serviceName": "",
"multiMode": false,
"idle_timeout": 60,
"health_check_timeout": 20,
"permit_without_stream": false,
"initial_windows_size": 0
} }
},
"mux": {
"enabled": false,
"concurrency": -1
} }
}, },
{ {
// this outbound is to guide traffic to local sites not through the server
// but directly from the client; `tag` is just a label of oubound
"tag": "direct", "tag": "direct",
"protocol": "freedom", "protocol": "freedom",
"settings": {} "settings": {}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
} }
], ],
// Forward each inbound connections to corresponding `outboundTag`. If no rules match,
// the traffic is sent out by the first outbound in `outbounds` section.
"routing": { "routing": {
"domainStrategy": "AsIs", "domainStrategy": "AsIs",
"rules": [ "rules": [

88
template_config_server.json
View File

@@ -1,88 +0,0 @@
{
"log": {
"access": "none",
"error": "",
"loglevel": "warning",
"dnsLog": false
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"port": "80",
"network": "udp",
"outboundTag": "block"
},
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 50051,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "client_id",
"email": "client_email",
"flow": ""
}
],
"decryption": "none"
},
"streamSettings": {
"network": "grpc",
"security": "reality",
"realitySettings": {
"show": false,
"dest": "www.yahoo.com:443",
"xver": 0,
"serverNames": [
"www.yahoo.com"
],
"privateKey": "private_key",
"shortIds": [
"short_id"
]
},
"grpcSettings": {
"serviceName": ""
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
],
"policy": {
"levels": {
"0": {
"handshake": 2,
"connIdle": 120
}
}
}
}

100
template_config_server.jsonc Normal file
View File

@@ -0,0 +1,100 @@
// This config is based on
// https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-Vision-REALITY/REALITY.ENG.md
{
"log": {
"access": "none",
"error": "",
"loglevel": "warning",
"dnsLog": false
},
// Forward each inbound connections to corresponding `outboundTag`. If no rules match,
// the traffic is sent out by the first outbound in `outbounds` section.
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"port": "80",
"network": "udp",
"outboundTag": "block"
},
{
"type": "field",
"ip": [
// localhost connections
"geoip:private"
],
"outboundTag": "block"
}
]
},
// server-side inbound configuration
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
// VLESS settings
"settings": {
"clients": [
{
// can be generated with `xray uuid`
"id": "client_id",
// some email; appears in logs
"email": "client_email",
// Optional; if specified, clients must enable XTLS.
// XTLS is Xray's original technology, which doesn't encrypt TLS traffic (which is already encrypted),
// providing outstanding performance and no fingerprints of double-encrypted TLS.
// XTLS has the same security as TLS.
// https://xtls.github.io/en/config/transport.html#streamsettingsobject
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
// settings of transport protocol, https://xtls.github.io/en/config/transport.html#streamsettingsobject
"streamSettings": {
"network": "tcp",
"security": "reality",
// REALITY fallback options; see also https://xtls.github.io/en/config/features/fallback.html
"realitySettings": {
// optional; if true, outputs debug information
"show": false,
// with failed authentication VLESS will forward traffic to this address
"dest": "www.youtube.com:443",
"xver": 0,
// required; list of server names which client can provide to the server during the handshake
"serverNames": [
"www.youtube.com"
],
// required; generate with `xray x25519`; use paired publicKey in client configs
"privateKey": "private_key",
"shortIds": [
// required, list of shortIds available to clients, can be used to distinguish different clients
"short_id"
]
}
},
// used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
// server-side outbound configuration
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}