reality能否使用xhttp作传输协议?
#4256
-
目的上行 xhttp+Reality | 下行 xhttp+TLS+CDN 问题验证上行链路可用性,发现使用"network": "xhttp",客户端连接提示:
降级成"network": "tcp",正常连接 原因
配置服务端配置{
// 1\_日志设置
"log": {
"loglevel": "debug", // 内容从少到多: "none", "error", "warning", "info", "debug"
"access": "/var/log/xray/access.log", // 访问记录
"error": "/var/log/xray/error.log" // 错误记录
},
// 2_DNS 设置
"dns": {
"servers": [
"https+local://1.1.1.1/dns-query", // 首选 1.1.1.1 的 DoH 查询,牺牲速度但可防止 ISP 偷窥
"localhost"
]
},
// 3*分流设置
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
// 3.1 防止服务器本地流转问题:如内网被攻击或滥用、错误的本地回环等
{
"type": "field",
"ip": [
"geoip:private" // 分流条件:geoip 文件内,名为"private"的规则(本地)
],
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
},
{
// 3.2 防止服务器直连国内
"type": "field",
"ip": ["geoip:cn"],
"outboundTag": "block"
},
// 3.3 屏蔽广告
{
"type": "field",
"domain": [
"geosite:category-ads-all" // 分流条件:geosite 文件内,名为"category-ads-all"的规则(各种广告域名)
],
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
}
]
},
// 4*入站设置
// 4.1 这里只写了一个最简单的 vless+xtls 的入站,因为这是 Xray 最强大的模式。如有其他需要,请根据模版自行添加。
"inbounds": [
{
// 4.1 使用 REALITY 的入站
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", // 已脱敏 UUID
"flow": "xtls-rprx-vision",
"level": 0,
"email": "[email protected]" // 已脱敏 Email
}
],
"decryption": "none",
"fallbacks": [
{
// 回落到tls
"path": "/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", // 已脱敏路径
"dest": 8443,
"xver": 1
},
{
// 默认回落到防探测的代理(例如一个 HTTP 服务器)
"dest": 8000
}
]
},
"streamSettings": {
"network": "xhttp",
"security": "reality",
"realitySettings": {
"show": true,
"target": 8443,
"xver": 0,
"serverNames": [
"example.com" // 已脱敏域名
],
"privateKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", // 已脱敏私钥
"shortIds": [
"",
"xxxxxxxxxxxxxxx"
]
}
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls", "quic"],
"metadataOnly": false
}
},
{
"port": 8443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", // 已脱敏 UUID
// "flow": "xtls-rprx-vision", // 使用h2,不能搭配流控
"level": 0,
"email": "[email protected]" // 已脱敏 Email
}
],
"decryption": "none",
"fallbacks": [
{
// 默认回落到防探测的代理(例如一个 HTTP 服务器)
"dest": 8000
}
]
},
"streamSettings": {
"network": "xhttp",
"xhttpSettings": {
"path": "/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" // 已脱敏路径
},
"security": "tls",
"tlsSettings": {
"alpn": ["h2", "h3"],
"certificates": [
{
"certificateFile": "/path/to/certfile.pem", // 已脱敏路径
"keyFile": "/path/to/keyfile.key" // 已脱敏路径
}
]
}
}
}
],
// 5*出站设置
"outbounds": [
// 5.1 第一个出站是默认规则,freedom 就是对外直连(vps 已经是外网,所以直连)
{
"tag": "direct",
"protocol": "freedom"
},
// 5.2 屏蔽规则,blackhole 协议就是把流量导入到黑洞里(屏蔽)
{
"tag": "block",
"protocol": "blackhole"
}
]
}客户端,v2rayNG导出的完整版{
"dns": {
"hosts": {
"geosite:category-ads-all": "127.0.0.1",
"domain:googleapis.cn": "googleapis.com",
"dns.example.com": [ // 已脱敏域名
"223.5.5.5",
"223.6.6.6",
"2400:3200::1",
"2400:3200:baba::1"
],
"one.one.one.one": [
"1.1.1.1",
"1.0.0.1",
"2606:4700:4700::1111",
"2606:4700:4700::1001"
],
"example.pub": [ // 已脱敏域名
"1.12.12.12",
"120.53.53.53"
],
"dns.google": [
"8.8.8.8",
"8.8.4.4",
"2001:4860:4860::8888",
"2001:4860:4860::8844"
],
"dns.quad9.net": [
"9.9.9.9",
"149.112.112.112",
"2620:fe::fe",
"2620:fe::9"
],
"common.dot.dns.example.net": [ // 已脱敏域名
"77.88.8.8",
"77.88.8.1",
"2a02:6b8::feed:0ff",
"2a02:6b8:0:1::feed:0ff"
]
},
"servers": [
"1.1.1.1",
{
"address": "1.1.1.1",
"domains": [
"domain:googleapis.cn",
"domain:gstatic.com"
]
},
{
"address": "223.5.5.5",
"domains": [
"domain:example.com", // 已脱敏域名
"domain:doh.example", // 已脱敏域名
"domain:dot.example", // 已脱敏域名
"domain:360.cn",
"domain:onedns.net",
"geosite:cn"
],
"expectIPs": [
"geoip:cn"
],
"skipFallback": true
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10770,
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 8
},
"sniffing": {
"destOverride": [
"http",
"tls"
],
"enabled": true,
"routeOnly": false
},
"tag": "socks"
},
{
"listen": "127.0.0.1",
"port": 10853,
"protocol": "dokodemo-door",
"settings": {
"address": "1.1.1.1",
"network": "tcp,udp",
"port": 53
},
"tag": "dns-in"
}
],
"log": {
"loglevel": "debug"
},
"outbounds": [
{
"mux": {
"concurrency": -1,
"enabled": false,
"xudpConcurrency": 8,
"xudpProxyUDP443": ""
},
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "www.example.com", // 已脱敏域名
"port": 443,
"users": [
{
"encryption": "none",
"flow": "xtls-rprx-vision",
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", // 已脱敏 UUID
"level": 8
}
]
}
]
},
"streamSettings": {
"network": "xhttp",
"realitySettings": {
"allowInsecure": false,
"fingerprint": "chrome",
"publicKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", // 已脱敏公钥
"show": false
},
"security": "reality",
"xhttpSettings": {
"host": "",
"mode": "auto",
"path": ""
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
},
"tag": "block"
},
{
"protocol": "dns",
"tag": "dns-out"
}
],
"policy": {
"levels": {
"8": {
"connIdle": 300,
"downlinkOnly": 1,
"handshake": 4,
"uplinkOnly": 1
}
},
"system": {
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
"remarks": "上行Realty-下行CDN",
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"inboundTag": [
"dns-in"
],
"outboundTag": "dns-out",
"type": "field"
},
{
"ip": [
"1.1.1.1"
],
"outboundTag": "proxy",
"port": "53",
"type": "field"
},
{
"ip": [
"223.5.5.5"
],
"outboundTag": "direct",
"port": "53",
"type": "field"
},
{
"domain": [
"domain:googleapis.cn",
"domain:gstatic.com"
],
"outboundTag": "proxy",
"type": "field"
},
{
"network": "udp",
"outboundTag": "block",
"port": "443",
"type": "field"
},
{
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block",
"type": "field"
},
{
"ip": [
"geoip:private"
],
"outboundTag": "direct",
"type": "field"
},
{
"domain": [
"geosite:private"
],
"outboundTag": "direct",
"type": "field"
},
{
"ip": [
"223.5.5.5",
"223.6.6.6",
"2400:3200::1",
"2400:3200:baba::1",
"119.29.29.29",
"1.12.12.12",
"120.53.53.53",
"2402:4e00::",
"2402:4e00:1::",
"180.76.76.76",
"2400:da00::6666",
"114.114.114.114",
"114.114.115.115",
"114.114.114.119",
"114.114.115.119",
"114.114.114.110",
"114.114.115.110",
"180.184.1.1",
"180.184.2.2",
"101.226.4.6",
"218.30.118.6",
"123.125.81.6",
"140.207.198.6",
"1.2.4.8",
"210.2.4.8",
"52.80.66.66",
"117.50.22.22",
"2400:7fc0:849e:200::4",
"2404:c2c0:85d8:901::4",
"117.50.10.10",
"52.80.52.52",
"2400:7fc0:849e:200::8",
"2404:c2c0:85d8:901::8",
"117.50.60.30",
"52.80.60.30"
],
"outboundTag": "direct",
"type": "field"
},
{
"domain": [
"domain:example.com", // 已脱敏域名
"domain:doh.example", // 已脱敏域名
"domain:dot.example", // 已脱敏域名
"domain:360.cn",
"domain:onedns.net"
],
"outboundTag": "direct",
"type": "field"
},
{
"ip": [
"geoip:cn"
],
"outboundTag": "direct",
"type": "field"
},
{
"domain": [
"geosite:cn"
],
"outboundTag": "direct",
"type": "field"
},
{
"outboundTag": "proxy",
"port": "0-65535",
"type": "field"
}
]
},
"stats": {}
} |
Beta Was this translation helpful? Give feedback.
Answered by
ZqinKing
Jan 6, 2025
Replies: 1 comment 1 reply
-
|
你需要关闭flow,那不是xhttp的。 |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
哥们,去掉"flow": "xtls-rprx-vision",确实可以了,感谢 |
Beta Was this translation helpful? Give feedback.
Answer selected by
hss-oss
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
你需要关闭flow,那不是xhttp的。