diff --git a/ex.sh b/ex.sh index 47581e1..098fce2 100755 --- a/ex.sh +++ b/ex.sh @@ -135,6 +135,7 @@ and have only ports 80 (http) and 443 (https) open (5) www.yahoo.com (6) your variant" read number + default_fake_site="www.youtube.com" if [ ! -v $number ] then if [ $number -eq 2 ] @@ -155,34 +156,28 @@ and have only ports 80 (http) and 443 (https) open read fake_site if [ -v $fake_site ] then - fake_site="www.youtube.com" + fake_site=$default_fake_site fi else - fake_site="www.youtube.com" + fake_site=$default_fake_site fi else - fake_site="www.youtube.com" + fake_site=$default_fake_site fi + server_names="[ \"$fake_site\" ]" echo -e "${green}mimic ${fake_site}${normal}" email="love@xray.com" - clients=" [ - { - \"id\": \"${id}\", - \"email\": \"${email}\", - \"flow\": \"xtls-rprx-vision\" - } - ]" - serverRealitySettings=" { - \"show\": false, - \"dest\": \"${fake_site}:443\", - \"xver\": 0, - \"serverNames\": [ \"${fake_site}\" ], - \"privateKey\": \"${private_key}\", - \"shortIds\": [ \"${short_id}\" ] - }" # make server config - jsonc2json template_config_server.jsonc | jq ".inbounds[].settings.clients=${clients} | .inbounds[].streamSettings.realitySettings=${serverRealitySettings}" > config_server.json - # then make the user (not root) an owner of a file + jsonc2json template_config_server.jsonc \ + | jq ".inbounds[].settings.clients[0].id=\"${id}\" + | .inbounds[].settings.clients[0].email=\"${email}\" + | .inbounds[0].streamSettings.realitySettings.dest=\"${fake_site}:443\" + | .inbounds[1].streamSettings.realitySettings.dest=\"${fake_site}:80\" + | .inbounds[].streamSettings.realitySettings.serverNames=${server_names} + | .inbounds[].streamSettings.realitySettings.privateKey=\"${private_key}\" + | .inbounds[].streamSettings.realitySettings.shortIds=[ \"${short_id}\" ]" \ + > config_server.json + # then make the user (not root) the owner of the file [[ $SUDO_USER ]] && chown "$SUDO_USER:$SUDO_USER" config_server.json vnext=" [ { diff --git a/template_config_server.jsonc b/template_config_server.jsonc index 8a0ca64..caef793 100644 --- a/template_config_server.jsonc +++ b/template_config_server.jsonc @@ -30,6 +30,7 @@ }, // server-side inbound configuration "inbounds": [ + // main inbound, clients connect to it { "listen": "0.0.0.0", "port": 443, @@ -63,7 +64,68 @@ // with failed authentication VLESS will forward traffic to this address "dest": "www.youtube.com:443", "xver": 0, - // required; list of server names which client can provide to the server during the handshake + // required; list of server names which client can provide to the server during the handshake. + // (The internet provider sees "serverName" of client config in the client-server traffic, then a censor + // can use this for active probing. Thus, this names should be in accordance with "dest" above.) + "serverNames": [ + "www.youtube.com" + ], + // required; generate with `xray x25519`; use paired publicKey in client configs + "privateKey": "private_key", + "shortIds": [ + // required, list of shortIds available to clients, can be used to distinguish different clients + "short_id" + ] + } + }, + // used to make transparent proxies, see https://xtls.github.io/en/config/inbound.html#sniffingobject + "sniffing": { + "enabled": true, + "destOverride": [ + "http", + "tls", + "quic" + ] + } + }, + // extra inbound; its main purpose is to get fallback to "dest" at port 80. Many regular websites + // have open ports 80 (http) and 443 (https). + { + "listen": "0.0.0.0", + "port": 80, + "protocol": "vless", + // VLESS settings + "settings": { + "clients": [ + { + // can be generated with `xray uuid` + "id": "client_id", + // some email; appears in logs + "email": "client_email", + // Optional; if specified, clients must enable XTLS. + // XTLS is Xray's original technology, which doesn't encrypt TLS traffic (which is already encrypted), + // providing outstanding performance and no fingerprints of double-encrypted TLS. + // XTLS has the same security as TLS. + // https://xtls.github.io/en/config/transport.html#streamsettingsobject + "flow": "xtls-rprx-vision" + } + ], + "decryption": "none" + }, + // settings of transport protocol, https://xtls.github.io/en/config/transport.html#streamsettingsobject + "streamSettings": { + "network": "tcp", + "security": "reality", + // REALITY fallback options; see also https://xtls.github.io/en/config/features/fallback.html + "realitySettings": { + // optional; if true, outputs debug information + "show": false, + // with failed authentication VLESS will forward traffic to this address + "dest": "www.youtube.com:80", + "xver": 0, + // required; list of server names which client can provide to the server during the handshake. + // (The internet provider sees "serverName" of client config in the client-server traffic, then a censor + // can use this for active probing. Thus, this names should be in accordance with "dest" above.) "serverNames": [ "www.youtube.com" ],