feat(xray-any-https)

Author: TwoOnefour

README.md

@@ -7,6 +7,8 @@
 
 不推荐使用xhttp，若喜欢玩cdn，可以自行研究
 
+若配置有问题的话可以提issue，若有什么不明白的也可以提issue，我很乐意回答
+
 ## 一键部署xray服务器(reality)
 ### 使用
 > bash <(curl -Ls https://raw.githubusercontent.com/TwoOnefour/xray_configuration/refs/heads/main/setup.sh)
@@ -16,14 +18,19 @@
 此脚本会生成订阅配置，源代码可以访问这个url看或者直接看仓库内的setup.sh
 
 ### 内容
-#### vless-vision-reality
+建议配合[官方文档阅读](xray.github.io)
+
+#### [vless-vision-reality](https://github.com/TwoOnefour/xray_configuration/tree/main/vless-vision-reality)
 我目前正在稳定使用的代理配置，已支持抗量子配置(mldsa), 预链接配置（仅客户端需要配置）
 
-#### xray_with_frp
+#### [xray-any-https（进阶配置阅读推荐）](https://github.com/TwoOnefour/xray_configuration/tree/main/xray-any-https)
+xray一个端口复用很多种逻辑的配置
+
+#### [xray_with_frp](https://github.com/TwoOnefour/xray_configuration/tree/main/xray_with_frp)
 我的frp通过路径，配合xray可以实现加密frp反代流量
 
-#### xray_reverse_proxy
-xray的反向代理，和frp一样的功能
+#### [xray_reverse_proxy](https://github.com/TwoOnefour/xray_configuration/tree/main/xray_reverse_proxy)
+xray的反向代理，和frp一样的功能, 其中还有 vless encrytion 的示例配置
 
 ## 碎碎念
 可以不看
@@ -35,99 +42,3 @@ xray的反向代理，和frp一样的功能
 3. 不要直连ssh
 4. 不要使用明文http面板
 5. 如果你会的话，你可以在443开一个按sni分流的rule，`tunnel`入栈，回落到其他逻辑比如自己的nginx，作为伪装站
-
-**实例**
-
-`server-config.json`服务端配置
-
-```server-config.json
-{
-    "inbounds": [
-        {
-            "tag": "dokodemo-in",
-            "port": 443,
-            "protocol": "dokodemo-door",
-            "settings": {
-                "followRedirect": false,
-                "network": "tcp"
-            },
-            "sniffing": {
-                "enabled": true,
-                "destOverride": [
-                    "tls"
-                ],
-                "routeOnly": true
-            }
-        },
-        {
-            "listen": "127.0.0.1",
-            "port": 4431,
-            "protocol": "vless",
-            "settings": {
-                "clients": [
-                    {
-                        "id": "xxxxx",
-                        "flow": "xtls-rprx-vision"
-                    }
-                ],
-                "decryption": "none"
-            },
-            "streamSettings": {
-                "network": "tcp",
-                "security": "reality",
-                "realitySettings": {
-                    "dest": "speed.cloudflare.com:443",
-                    "serverNames": [
-                        "speed.cloudflare.com"
-                    ],
-                    "privateKey": "xxxx",
-                    "shortIds": [
-                        "xxx"
-                    ]
-                }
-            },
-            "sniffing": {
-                "routeOnly": true,
-                "enabled": true,
-                "destOverride": [
-                    "http",
-                    "tls",
-                    "quic"
-                ]
-            },
-            "tag": "vless-in"
-        }
-    ],
-    "outbounds": [
-        { "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4v6" }, "tag": "direct" },
-        { "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4", "redirect": "127.0.0.1:4431" }, "tag": "to-vless" },
-        { "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4", "redirect": "127.0.0.1:4432" }, "tag": "to-alist" }, // alist反代
-        { "protocol": "blackhole", "tag": "block" }
-    ],
-    "routing": {
-        "rules": [
-            { "inboundTag": ["dokodemo-in"], "domain": ["speed.cloudflare.com"], "outboundTag": "to-vless" },
-            { "inboundTag": ["dokodemo-in"], "domain": ["alist.example.com"], "outboundTag": "to-alist" }, 
-            { "inboundTag": ["dokodemo-in"], "outboundTag": "block" }
-        ]
-    }
-}
-```
-
-**nginx配置示例**
-```/etc/nginx/conf.d/alist.conf
-server {
-    listen 127.0.0.1:4432 ssl;
-    ssl_certificate "/etc/nginx/example/fullchain.cer";
-    ssl_certificate_key "/etc/nginx/example/cerkey.key";
-    ssl_protocols TLSv1.3 TLSv1.2;
-    server_name alist.example.com;
-
-  location / {
-    proxy_pass http://127.0.0.1:20010;
-  }
-}
-```
-
-### dokodemo-door入站的好处？
-你可以开一个sniffing，根据sni分流你想要的节点/网站，一个端口可以复用

xray-any-https/nginx.conf

@@ -0,0 +1,23 @@
+server {
+    listen 127.0.0.1:4432 ssl;
+    ssl_certificate "/etc/nginx/example/fullchain.cer";
+    ssl_certificate_key "/etc/nginx/example/cerkey.key";
+    ssl_protocols TLSv1.3 TLSv1.2;
+    server_name alist.example.com;
+
+  location / {
+    proxy_pass http://127.0.0.1:20010;
+  }
+}
+
+server {
+    listen 127.0.0.1:4432 ssl;
+    ssl_certificate "/etc/nginx/example/fullchain.cer";
+    ssl_certificate_key "/etc/nginx/example/cerkey.key";
+    ssl_protocols TLSv1.3 TLSv1.2;
+    server_name emby.example.com;
+
+      location / {
+        proxy_pass http://127.0.0.1:20011;
+      }
+}

xray-any-https/readme.md

@@ -0,0 +1 @@
+rule+sniffing用的好的话，你可以玩出花来，比如一个端口多个网站，兼顾代理，建站，切换家宽等等

xray-any-https/server.json

@@ -0,0 +1,113 @@
+{
+  "inbounds": [
+    {
+      "tag": "dokodemo-in",
+      "port": 443,
+      "protocol": "dokodemo-door",
+      "settings": {
+        "followRedirect": false,
+        "network": "tcp"
+      },
+      "sniffing": {
+        "enabled": true,
+        "destOverride": [
+          "tls"
+        ],
+        "routeOnly": true
+      }
+    },
+    {
+      "listen": "127.0.0.1",
+      "port": 4433,
+      "protocol": "vless",
+      "settings": {
+        "clients": [
+          {
+            "id": "xxxxx",
+            "flow": "xtls-rprx-vision"
+          }
+        ],
+        "decryption": "none"
+      },
+      "streamSettings": {
+        "network": "tcp",
+        "security": "reality",
+        "realitySettings": {
+          "dest": "speedtest.net:443",
+          "serverNames": [
+            "speedtest.net"
+          ],
+          "privateKey": "xxxx",
+          "shortIds": [
+            "xxx"
+          ]
+        }
+      },
+      "sniffing": {
+        "routeOnly": true,
+        "enabled": true,
+        "destOverride": [
+          "http",
+          "tls",
+          "quic"
+        ]
+      },
+      "tag": "vless-in-2"
+    },
+    {
+      "listen": "127.0.0.1",
+      "port": 4431,
+      "protocol": "vless",
+      "settings": {
+        "clients": [
+          {
+            "id": "xxxxx",
+            "flow": "xtls-rprx-vision"
+          }
+        ],
+        "decryption": "none"
+      },
+      "streamSettings": {
+        "network": "tcp",
+        "security": "reality",
+        "realitySettings": {
+          "dest": "speed.cloudflare.com:443",
+          "serverNames": [
+            "speed.cloudflare.com"
+          ],
+          "privateKey": "xxxx",
+          "shortIds": [
+            "xxx"
+          ]
+        }
+      },
+      "sniffing": {
+        "routeOnly": true,
+        "enabled": true,
+        "destOverride": [
+          "http",
+          "tls",
+          "quic"
+        ]
+      },
+      "tag": "vless-in"
+    }
+  ],
+  "outbounds": [
+    { "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4v6" }, "tag": "direct" },
+    { "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4", "redirect": "127.0.0.1:4431" }, "tag": "to-vless" }, // 根据sni分流的第一个入口
+    { "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4", "redirect": "127.0.0.1:4433" }, "tag": "to-vless-2" }, // 根据sni分流的第二个入口
+    { "protocol": "freedom", "settings": { "domainStrategy": "UseIPv6" }, "tag": "to-homeboardbone" }, // 根据sni分流的第二个出口，简化了出站逻辑为使用ipv6，你可以换成你想要的协议出栈
+    { "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4", "redirect": "127.0.0.1:4432" }, "tag": "to-nginx" }, // nginx反代
+    { "protocol": "blackhole", "tag": "block" }
+  ],
+  "routing": {
+    "rules": [
+      { "inboundTag": ["dokodemo-in"], "domain": ["speed.cloudflare.com"], "outboundTag": "to-vless" }, // 根据sni分流的第一个入口
+      { "inboundTag": ["dokodemo-in"], "domain": ["speedtest.net"], "outboundTag": "to-vless-2" }, // 根据sni分流的第二个入口
+      { "inboundTag": ["vless-in-2"], "outboundTag": "to-homeboardbone" }, // 你可以写根据sni分流的第二个出口，比如分流到家宽，直接切换sni到上面对应的域名即可
+      { "inboundTag": ["dokodemo-in"], "domain": ["alist.example.com", "emby.example.com"], "outboundTag": "to-alist" }, // nginx反代
+      { "inboundTag": ["dokodemo-in"], "outboundTag": "block" }
+    ]
+  }
+}