xray纪实

14小时前 12

科学上网

之前使用xray的官方教程对照着写的配置，最近想试试新的协议vless-tcp-xtls-vision-reality，这么长的名字一定很厉害吧，我要体验一下（之前尝试使用caddy反向代理vless没有成功，可能是我的姿势不对）。

之前的配置

{
  "log": {
    "loglevel": "warning",
    "access": "/log/access.log",
    "error": "/log/error.log"
  },
  "dns": {
    "servers": [
      "https+local://1.1.1.1/dns-query",
      "localhost"
    ]
  },
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      {
        "type": "field",
        "ip": [
          "geoip:private"
        ],
        "outboundTag": "block"
      },
      {
        "type": "field",
        "ip": [
          "geoip:cn"
        ],
        "outboundTag": "block"
      },
      {
        "type": "field",
        "domain": [
          "geosite:category-ads-all"
        ],
        "outboundTag": "block"
      }
    ]
  },
  "inbounds": [
    {
      "port": 8443,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "", # uuid
            "flow": "xtls-rprx-vision",
            "level": 0,
            "email": "vpsadmin@yourdomain.com"
          }
        ],
        "decryption": "none",
        "fallbacks": [
          {
            "dest": "" # 流量回落的地址
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
          "alpn": "http/1.1",
          "certificates": [
            {
              "certificateFile": "", # 证书文件
              "keyFile": "" # 私钥文件
            }
          ]
        }
      }
    }
  ],
  "outbounds": [
    {
      "tag": "direct",
      "protocol": "freedom"
    },
    {
      "tag": "block",
      "protocol": "blackhole"
    }
  ]
}

当前的配置文件

{
    "log": {
        "loglevel": "debug"
    },
    "inbounds": [
        {
            "port": 443, 
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "", // run `xray uuid` to generate
                        "flow": "xtls-rprx-vision"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "tcp",
                "security": "reality",
                "realitySettings": {
                    "dest": "", // A website that support TLS1.3 and h2. You can also use `1.1.1.1:443` as dest
                    "serverNames": [
                        ""    // A server name in the cert of dest site. If you use `1.1.1.1:443` as dest, then you can leave `serverNames` empty, it is a possible ways to bypass Iran's internet speed restrictions.
                    ],
                    "privateKey": "", // run `xray x25519` to generate. Public and private keys need to be corresponding.
                    "shortIds": [// Required, list of shortIds available to clients, can be used to distinguish different clients
                        "", // If this item exists, client shortId can be empty
                        "0123456789abcdef" // 0 to f, length is a multiple of 2, maximum length is 16
                    ]
                }
            },
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls",
                    "quic"
                ],
                "routeOnly": true
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom",
            "tag": "direct"
        }
    ]
}

需要自定义字段的解释

id 使用xray uuid 命令生成的uuid，在客户端与服务端应该保持一致。
使用xray x25519 命令生成密钥对，私钥放在服务器，公钥在客户端使用。
dest 回落的ip➕端口。
serverNames 能解析成dest中ip的域名。
shortIds 只是一个区分客户端的配置，客户端与服务器上必须对应。

完结撒花🎉

感觉vison+reality非常的不错，暂时就用这一套组合了，体验非常好👍。