The listening address, either an IP address or a Unix domain socket. The default value is `"0.0.0.0"`, which means accepting connections on all network interfaces.
Unix domain socket can also be specified by providing the absolute path in the form of `"/dev/shm/domain.socket"`. The `@` symbol can be added at the beginning to represent [abstract](https://www.man7.org/linux/man-pages/man7/unix.7.html), and `@@` represents padded abstract.
When Unix domain socket is specified, `port` and `allocate` will be ignored. The protocol currently supports VLESS, VMess, and Trojan. The transport methods available are TCP, WebSocket, HTTP/2, and gRPC.
When specifying a Unix domain socket, you can add a comma and an access permission indicator after the socket, such as `"/dev/shm/domain.socket,0666"`, to specify the access permission of the socket. This can be used to solve the socket access permission issue that occurs by default.
- Environment variable: starts with `"env:"`, followed by the name of an environment variable, such as `"env:PORT"`. Xray will parse this environment variable as a string.
- String: can be a numeric string, such as `"1234"`, or a range of port numbers, such as `"5-10"` which represents ports 5 through 10, a total of 6 ports. You can use commas to separate multiple ranges, such as `11,13,15-17`, which represents ports 11, 13, and 15 through 17, a total of 5 ports.
When only one port is specified, Xray listens for inbound connections on that port. When a range of ports is specified, it depends on the `allocate` setting.
1. If a device wants to access `abc.com` while connected to the internet, it will first query the IP address of `abc.com` via DNS and get `1.2.3.4`. Then the device will initiate a connection to `1.2.3.4`.
2. If sniffing is not set up, Xray will receive a connection request for `1.2.3.4`, which cannot be used for routing based on domain rules.
3. When `enable` in `sniffing` is set to `true`, Xray will sniff the domain name, `abc.com`, from the traffic data when processing the traffic of this connection.
4. Xray will reset `1.2.3.4` to `abc.com`. Routing can then be based on domain rules.
When `enable` in `sniffing` is set to `true`, it can also sniff out bittorrent traffic and then configure the "protocol" item in routing rules to handle bittorrent traffic, such as intercepting bittorrent traffic on the server or forwarding bittorrent traffic to a VPS on the client side.
`["fakedns+others"]` is equivalent to `["http", "tls", "quic", "fakedns"]`, and when the IP address is in the FakeIP range but no domain records are hit, `http`, `tls`, and `quic` will be used for matching. This option is only effective when `metadataOnly` is set to `false`.
When enabled, only use the connection's metadata to sniff the target address. In this case, sniffer other than `fakedns` (including `fakedns+others`) cannot be activated.
If metadata-only is disabled, the client must send data before the proxy server actually establishes the connection. This behavior is incompatible with protocols that require the server to initiate the first message, such as the SMTP protocol.
Currently, `domainsExcluded` does not support domain name matching in the routing sense. This option may change in the future and cross-version compatibility is not guaranteed.
When it is possible to ensure that **the proxied connection can obtain correct DNS resolution**, by using `routeOnly` and enabling `destOverride`, and setting the routing matching strategy `domainStrategy` to `AsIs`, it is possible to achieve domain and IP separation without DNS resolution throughout the process. The IP used when encountering an IP rule match is the original IP of the domain.
The interval for refreshing randomly allocated ports in minutes. The minimum value is `2`, and it is recommended to set to `5`. This property is only effective when `strategy` is set to `"random"`.
The number of randomly allocated ports. The minimum value is `1`, and the maximum value is one-third of the `port` range. It is recommended to set to `3`.
