github
/
Xray-docs-next
mirror of https://github.com/XTLS/Xray-docs-next
1
0
Fork 0
Code Issues Releases Wiki Activity

Update examples from deprecated flows to Vision

pull/313/head
yuhan6665 2022-12-26 12:12:42 -05:00
parent 278eabf51c
commit a12e0378b0
10 changed files with 323 additions and 301 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/document/level-0/ch07-xray-server.md
View File

@ -227,7 +227,7 @@
},
// 3*分流设置
"routing": {
"domainStrategy": "AsIs",
"domainStrategy": "IPIfNonMatch",
"rules": [
// 3.1 防止服务器本地流转问题:如内网被攻击或滥用、错误的本地回环等
{
@ -237,7 +237,14 @@
],
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
},
// 3.2 屏蔽广告
{ // 3.2 防止服务器直连国内
"type": "field",
"ip": [
"geoip:cn"
],
"outboundTag": "block"
},
// 3.3 屏蔽广告
{
"type": "field",
"domain": [
@ -257,7 +264,7 @@
"clients": [
{
"id": "", // 填写你的 UUID
"flow": "xtls-rprx-direct",
"flow": "xtls-rprx-vision",
"level": 0,
"email": "vpsadmin@yourdomain.com"
}
@ -271,11 +278,8 @@
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"allowInsecure": false, // 正常使用应确保关闭
"minVersion": "1.2", // TLS 最低版本设置
"alpn": ["http/1.1"],
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/home/vpsadmin/xray_cert/xray.crt",

10
docs/document/level-0/ch08-xray-clients.md
View File

@ -226,8 +226,7 @@
"users": [
{
"id": "uuiduuid-uuid-uuid-uuid-uuiduuiduuid", // 和服务器端的一致
"flow": "xtls-rprx-direct", // Windows, macOS 同学保持这个不变
// "flow": "xtls-rprx-splice", // Linux和安卓同学请改成Splice性能更强
"flow": "xtls-rprx-vision",
"encryption": "none",
"level": 0
}
@ -237,10 +236,11 @@
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"security": "tls",
"tlsSettings": {
"serverName": "a-name.yourdomain.com", // 替换成你的真实域名
"allowInsecure": false // 禁止不安全证书
"allowInsecure": false, // 禁止不安全证书
"fingerprint": "chrome" // 通过 uTLS 库 模拟 Chrome / Firefox / Safari 或随机生成的指纹
}
}
},

6
docs/document/level-1/fallbacks-lv1.md
View File

@ -143,7 +143,7 @@
"clients": [
{
"id": "", // 填写你的 UUID
"flow": "xtls-rprx-direct",
"flow": "xtls-rprx-vision",
"level": 0,
"email": "love@example.com"
}
@ -173,8 +173,8 @@
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"security": "tls",
"tlsSettings": {
"alpn": ["http/1.1"],
"certificates": [
{

10
docs/document/level-1/fallbacks-with-sni.md
View File

@ -87,7 +87,7 @@ acme.sh --install-cert -d example.com --fullchain-file /etc/ssl/xray/cert.pem --
"clients": [
{
"id": "UUID",
"flow": "xtls-rprx-direct"
"flow": "xtls-rprx-vision"
}
],
"decryption": "none",
@ -122,8 +122,8 @@ acme.sh --install-cert -d example.com --fullchain-file /etc/ssl/xray/cert.pem --
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"security": "tls",
"tlsSettings": {
"alpn": ["h2", "http/1.1"],
"certificates": [
{
@ -181,9 +181,9 @@ acme.sh --install-cert -d example.com --fullchain-file /etc/ssl/xray/cert.pem --
- 有关 HTTP/2
首先,`inbounds.streamSettings.xtlsSettings.alpn` 有顺序,应将 `h2` 放前,`http/1.1` 放后,在优先使用 HTTP/2 的同时保证兼容性;反过来会导致 HTTP/2 在协商时变为 HTTP/1.1,成为无效配置。
首先,`inbounds.streamSettings.tlsSettings.alpn` 有顺序,应将 `h2` 放前,`http/1.1` 放后,在优先使用 HTTP/2 的同时保证兼容性;反过来会导致 HTTP/2 在协商时变为 HTTP/1.1,成为无效配置。
在上述配置中,每条回落到 Nginx 的配置都要分成两个。这是因为 h2 是强制 TLS 加密的 HTTP/2 连接,这有益于数据在互联网中传输的安全,但在服务器内部没有必要;而 h2c 是非加密的 HTTP/2 连接适合该环境。然而Nginx 不能在同一端口上同时监听 HTTP/1.1 和 h2c为了解决这个问题需要在回落中指定 `alpn` 项(是 `fallbacks` 而不是 `xtlsSettings` 里面的),以尝试匹配 TLS ALPN 协商结果。
在上述配置中,每条回落到 Nginx 的配置都要分成两个。这是因为 h2 是强制 TLS 加密的 HTTP/2 连接,这有益于数据在互联网中传输的安全,但在服务器内部没有必要;而 h2c 是非加密的 HTTP/2 连接适合该环境。然而Nginx 不能在同一端口上同时监听 HTTP/1.1 和 h2c为了解决这个问题需要在回落中指定 `alpn` 项(是 `fallbacks` 而不是 `tlsSettings` 里面的),以尝试匹配 TLS ALPN 协商结果。
建议 `alpn` 项只按需用两种填法:[^4]

12
docs/document/level-1/routing-lv1-part1.md
View File

@ -73,7 +73,7 @@
**出站:** 就是流量如何流出 `Xray`
:::
下面的出站配置示例,用大白话说就是:数据按照 `VLESS` 协议,以 `tcp + xtls (direct)` 的方式、及其他相关设置,把流量发送给对应的 VPS。同时`Xray` 将这个出站用 `[tag]` 命名为 `proxy-out-vless`
下面的出站配置示例,用大白话说就是:数据按照 `VLESS` 协议,以 `tcp + xtls` 的方式、及其他相关设置,把流量发送给对应的 VPS。同时`Xray` 将这个出站用 `[tag]` 命名为 `proxy-out-vless`
```json
{
@ -89,7 +89,7 @@
"users": [
{
"id": "uuiduuid-uuid-uuid-uuid-uuiduuiduuid",
"flow": "xtls-rprx-direct",
"flow": "xtls-rprx-vision",
"encryption": "none",
"level": 0
}
@ -99,9 +99,11 @@
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "a-name.yourdomain.com"
"security": "tls",
"tlsSettings": {
"serverName": "a-name.yourdomain.com",
"allowInsecure": false,
"fingerprint": "chrome"
}
}
}

124
docs/en/document/level-0/ch07-xray-server.md
View File

@ -190,7 +190,7 @@
4. 将下面的文件全部复制进去,并将之前生成的`UUID`填入第 61 行 `"id": "",` 之中。(填好之后的样子是 `"id": "uuiduuid-uuid-uuid-uuid-uuiduuiduuid"`
),本文的这个配置文件中增加了我的各种啰嗦注解,以方便你理解每一个配置模块的功能是什么。
```json5
```json
// REFERENCE:
// https://github.com/XTLS/Xray-examples
// https://xtls.github.io/config/
@ -202,92 +202,96 @@
// └─ 5_outbounds 出站设置 - 流出 Xray 的流量往哪里去
{
// 1\_日志设置
log: {
loglevel: "warning", // 内容从少到多: "none", "error", "warning", "info", "debug"
access: "/home/vpsadmin/xray_log/access.log", // 访问记录
error: "/home/vpsadmin/xray_log/error.log", // 错误记录
"log": {
"loglevel": "warning", // 内容从少到多: "none", "error", "warning", "info", "debug"
"access": "/home/vpsadmin/xray_log/access.log", // 访问记录
"error": "/home/vpsadmin/xray_log/error.log" // 错误记录
},
// 2_DNS 设置
dns: {
servers: [
"dns": {
"servers": [
"https+local://1.1.1.1/dns-query", // 首选 1.1.1.1 的 DoH 查询,牺牲速度但可防止 ISP 偷窥
"localhost",
],
"localhost"
]
},
// 3*分流设置
routing: {
domainStrategy: "AsIs",
rules: [
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
// 3.1 防止服务器本地流转问题:如内网被攻击或滥用、错误的本地回环等
{
type: "field",
ip: [
"geoip:private", // 分流条件geoip 文件内,名为"private"的规则(本地)
"type": "field",
"ip": [
"geoip:private" // 分流条件geoip 文件内,名为"private"的规则(本地)
],
outboundTag: "block", // 分流策略:交给出站"block"处理(黑洞屏蔽)
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
},
// 3.2 屏蔽广告
{ // 3.2 防止服务器直连国内
"type": "field",
"ip": [
"geoip:cn"
],
"outboundTag": "block"
},
// 3.3 屏蔽广告
{
type: "field",
domain: [
"geosite:category-ads-all", // 分流条件geosite 文件内,名为"category-ads-all"的规则(各种广告域名)
"type": "field",
"domain": [
"geosite:category-ads-all" // 分流条件geosite 文件内,名为"category-ads-all"的规则(各种广告域名)
],
outboundTag: "block", // 分流策略:交给出站"block"处理(黑洞屏蔽)
},
],
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
}
]
},
// 4*入站设置
// 4.1 这里只写了一个最简单的 vless+xtls 的入站,因为这是 Xray 最强大的模式。如有其他需要,请根据模版自行添加。
inbounds: [
"inbounds": [
{
port: 443,
protocol: "vless",
settings: {
clients: [
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
id: "", // 填写你的 UUID
flow: "xtls-rprx-direct",
level: 0,
email: "vpsadmin@yourdomain.com",
},
"id": "", // 填写你的 UUID
"flow": "xtls-rprx-vision",
"level": 0,
"email": "vpsadmin@yourdomain.com"
}
],
decryption: "none",
fallbacks: [
"decryption": "none",
"fallbacks": [
{
dest: 80, // 默认回落到防探测的代理
},
],
"dest": 80 // 默认回落到防探测的代理
}
]
},
streamSettings: {
network: "tcp",
security: "xtls",
xtlsSettings: {
allowInsecure: false, // 正常使用应确保关闭
minVersion: "1.2", // TLS 最低版本设置
alpn: ["http/1.1"],
certificates: [
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
certificateFile: "/home/vpsadmin/xray_cert/xray.crt",
keyFile: "/home/vpsadmin/xray_cert/xray.key",
},
],
},
},
},
"certificateFile": "/home/vpsadmin/xray_cert/xray.crt",
"keyFile": "/home/vpsadmin/xray_cert/xray.key"
}
]
}
}
}
],
// 5*出站设置
outbounds: [
"outbounds": [
// 5.1 第一个出站是默认规则freedom 就是对外直连vps 已经是外网,所以直连)
{
tag: "direct",
protocol: "freedom",
"tag": "direct",
"protocol": "freedom"
},
// 5.2 屏蔽规则blackhole 协议就是把流量导入到黑洞里(屏蔽)
{
tag: "block",
protocol: "blackhole",
},
],
"tag": "block",
"protocol": "blackhole"
}
]
}
```

154
docs/en/document/level-0/ch08-xray-clients.md
View File

@ -99,7 +99,7 @@
- 请将 `serverName` 替换成你的真实域名
- 各个配置模块的说明我都已经(很啰嗦的)放在对应的配置点上了
```json5
```json
// REFERENCE:
// https://github.com/XTLS/Xray-examples
// https://xtls.github.io/config/
@ -114,135 +114,141 @@
{
// 1_日志设置
// 注意本例中我默认注释掉了日志文件因为windows, macOS, Linux 需要写不同的路径,请自行配置
log: {
"log": {
// "access": "/home/local/xray_log/access.log", // 访问记录
// "error": "/home/local/xray_log/error.log", // 错误记录
loglevel: "warning", // 内容从少到多: "none", "error", "warning", "info", "debug"
"loglevel": "warning" // 内容从少到多: "none", "error", "warning", "info", "debug"
},
// 2_DNS设置
dns: {
servers: [
"dns": {
"servers": [
// 2.1 国外域名使用国外DNS查询
{
address: "1.1.1.1",
domains: ["geosite:geolocation-!cn"],
"address": "1.1.1.1",
"domains": ["geosite:geolocation-!cn"]
},
// 2.2 国内域名使用国内DNS查询并期待返回国内的IP若不是国内IP则舍弃用下一个查询
{
address: "223.5.5.5",
domains: ["geosite:cn"],
expectIPs: ["geoip:cn"],
"address": "223.5.5.5",
"domains": ["geosite:cn"],
"expectIPs": ["geoip:cn"]
},
// 2.3 作为2.2的备份,对国内网站进行二次查询
{
address: "114.114.114.114",
domains: ["geosite:cn"],
"address": "114.114.114.114",
"domains": ["geosite:cn"]
},
// 2.4 最后的备份上面全部失败时用本机DNS查询
"localhost",
],
"localhost"
]
},
// 3_分流设置
// 所谓分流,就是将符合否个条件的流量,用指定`tag`的出站协议去处理对应配置的5.x内容
routing: {
domainStrategy: "AsIs",
rules: [
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
// 3.1 广告域名屏蔽
{
type: "field",
domain: ["geosite:category-ads-all"],
outboundTag: "block",
"type": "field",
"domain": ["geosite:category-ads-all"],
"outboundTag": "block"
},
// 3.2 国内域名直连
{
type: "field",
domain: ["geosite:cn"],
outboundTag: "direct",
"type": "field",
"domain": ["geosite:cn"],
"outboundTag": "direct"
},
// 3.3 国内IP直连
{
type: "field",
ip: ["geoip:cn", "geoip:private"],
outboundTag: "direct",
"type": "field",
"ip": ["geoip:cn", "geoip:private"],
"outboundTag": "direct"
},
// 3.4 国外域名代理
{
type: "field",
domain: ["geosite:geolocation-!cn"],
outboundTag: "proxy",
"type": "field",
"domain": ["geosite:geolocation-!cn"],
"outboundTag": "proxy"
},
// 3.5 默认规则
// 在Xray中任何不符合上述路由规则的流量都会默认使用【第一个outbound5.1】的设置所以一定要把转发VPS的outbound放第一个
],
// 3.6 走国内"223.5.5.5"的DNS查询流量分流走direct出站
{
"type": "field",
"ip": ["223.5.5.5"],
"outboundTag": "direct"
}
]
},
// 4_入站设置
inbounds: [
"inbounds": [
// 4.1 一般都默认使用socks5协议作本地转发
{
tag: "socks-in",
protocol: "socks",
listen: "127.0.0.1", // 这个是通过socks5协议做本地转发的地址
port: 10800, // 这个是通过socks5协议做本地转发的端口
settings: {
udp: true,
},
"tag": "socks-in",
"protocol": "socks",
"listen": "127.0.0.1", // 这个是通过socks5协议做本地转发的地址
"port": 10800, // 这个是通过socks5协议做本地转发的端口
"settings": {
"udp": true
}
},
// 4.2 有少数APP不兼容socks协议需要用http协议做转发则可以用下面的端口
{
tag: "http-in",
protocol: "http",
listen: "127.0.0.1", // 这个是通过http协议做本地转发的地址
port: 10801, // 这个是通过http协议做本地转发的端口
},
"tag": "http-in",
"protocol": "http",
"listen": "127.0.0.1", // 这个是通过http协议做本地转发的地址
"port": 10801 // 这个是通过http协议做本地转发的端口
}
],
// 5_出站设置
outbounds: [
"outbounds": [
// 5.1 默认转发VPS
// 一定放在第一个在routing 3.5 里面已经说明了,这等于是默认规则,所有不符合任何规则的流量都走这个
{
tag: "proxy",
protocol: "vless",
settings: {
vnext: [
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
address: "a-name.yourdomain.com", // 替换成你的真实域名
port: 443,
users: [
"address": "a-name.yourdomain.com", // 替换成你的真实域名
"port": 443,
"users": [
{
id: "uuiduuid-uuid-uuid-uuid-uuiduuiduuid", // 和服务器端的一致
flow: "xtls-rprx-direct", // Windows, macOS 同学保持这个不变
// "flow": "xtls-rprx-splice", // Linux和安卓同学请改成Splice性能更强
encryption: "none",
level: 0,
},
],
},
],
},
streamSettings: {
network: "tcp",
security: "xtls",
xtlsSettings: {
serverName: "a-name.yourdomain.com", // 替换成你的真实域名
allowInsecure: false, // 禁止不安全证书
},
"id": "uuiduuid-uuid-uuid-uuid-uuiduuiduuid", // 和服务器端的一致
"flow": "xtls-rprx-vision",
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "a-name.yourdomain.com", // 替换成你的真实域名
"allowInsecure": false, // 禁止不安全证书
"fingerprint": "chrome" // 通过 uTLS 库 模拟 Chrome / Firefox / Safari 或随机生成的指纹
}
}
},
// 5.2 用`freedom`协议直连出站即当routing中指定'direct'流出时,调用这个协议做处理
{
tag: "direct",
protocol: "freedom",
"tag": "direct",
"protocol": "freedom"
},
// 5.3 用`blackhole`协议屏蔽流量即当routing中指定'block'时,调用这个协议做处理
{
tag: "block",
protocol: "blackhole",
},
],
"tag": "block",
"protocol": "blackhole"
}
]
}
```

74
docs/en/document/level-1/fallbacks-lv1.md
View File

@ -133,55 +133,55 @@
### 5.1 首先,我将服务器端配置的 443 监听段摘抄如下:
```json5
```json
{
port: 443,
protocol: "vless",
settings: {
clients: [
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
id: "", // 填写你的 UUID
flow: "xtls-rprx-direct",
level: 0,
email: "love@example.com",
},
"id": "", // 填写你的 UUID
"flow": "xtls-rprx-vision",
"level": 0,
"email": "love@example.com"
}
],
decryption: "none",
fallbacks: [
"decryption": "none",
"fallbacks": [
{
dest: 1310, // 默认回落到 Xray 的 Trojan 协议
xver: 1,
"dest": 1310, // 默认回落到 Xray 的 Trojan 协议
"xver": 1
},
{
path: "/websocket", // 必须换成自定义的 PATH
dest: 1234,
xver: 1,
"path": "/websocket", // 必须换成自定义的 PATH
"dest": 1234,
"xver": 1
},
{
path: "/vmesstcp", // 必须换成自定义的 PATH
dest: 2345,
xver: 1,
"path": "/vmesstcp", // 必须换成自定义的 PATH
"dest": 2345,
"xver": 1
},
{
path: "/vmessws", // 必须换成自定义的 PATH
dest: 3456,
xver: 1,
},
],
"path": "/vmessws", // 必须换成自定义的 PATH
"dest": 3456,
"xver": 1
}
]
},
streamSettings: {
network: "tcp",
security: "xtls",
xtlsSettings: {
alpn: ["http/1.1"],
certificates: [
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"alpn": ["http/1.1"],
"certificates": [
{
certificateFile: "/path/to/fullchain.crt", // 换成你的证书,绝对路径
keyFile: "/path/to/private.key", // 换成你的私钥,绝对路径
},
],
},
},
"certificateFile": "/path/to/fullchain.crt", // 换成你的证书,绝对路径
"keyFile": "/path/to/private.key" // 换成你的私钥,绝对路径
}
]
}
}
}
```

156
docs/en/document/level-1/fallbacks-with-sni.md
View File

@ -74,91 +74,91 @@ acme.sh --install-cert -d example.com --fullchain-file /etc/ssl/xray/cert.pem --
## Xray 配置
```json5
```json
{
log: {
loglevel: "warning",
"log": {
"loglevel": "warning"
},
inbounds: [
"inbounds": [
{
port: 443,
protocol: "vless",
settings: {
clients: [
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
id: "UUID",
flow: "xtls-rprx-direct",
},
"id": "UUID",
"flow": "xtls-rprx-vision"
}
],
decryption: "none",
fallbacks: [
"decryption": "none",
"fallbacks": [
{
name: "example.com",
path: "/vmessws",
dest: 5000,
xver: 1,
"name": "example.com",
"path": "/vmessws",
"dest": 5000,
"xver": 1
},
{
dest: 5001,
xver: 1,
"dest": 5001,
"xver": 1
},
{
alpn: "h2",
dest: 5002,
xver: 1,
"alpn": "h2",
"dest": 5002,
"xver": 1
},
{
name: "blog.example.com",
dest: 5003,
xver: 1,
"name": "blog.example.com",
"dest": 5003,
"xver": 1
},
{
name: "blog.example.com",
alpn: "h2",
dest: 5004,
xver: 1,
},
],
"name": "blog.example.com",
"alpn": "h2",
"dest": 5004,
"xver": 1
}
]
},
streamSettings: {
network: "tcp",
security: "xtls",
xtlsSettings: {
alpn: ["h2", "http/1.1"],
certificates: [
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"alpn": ["h2", "http/1.1"],
"certificates": [
{
certificateFile: "/etc/ssl/xray/cert.pem",
keyFile: "/etc/ssl/xray/privkey.key",
},
],
},
},
"certificateFile": "/etc/ssl/xray/cert.pem",
"keyFile": "/etc/ssl/xray/privkey.key"
}
]
}
}
},
{
listen: "127.0.0.1",
port: 5000,
protocol: "vmess",
settings: {
clients: [
"listen": "127.0.0.1",
"port": 5000,
"protocol": "vmess",
"settings": {
"clients": [
{
id: "UUID",
},
],
"id": "UUID"
}
]
},
streamSettings: {
network: "ws",
wsSettings: {
acceptProxyProtocol: true,
path: "/vmessws",
},
},
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/vmessws"
}
}
}
],
outbounds: [
"outbounds": [
{
protocol: "freedom",
},
],
"protocol": "freedom"
}
]
}
```
@ -181,9 +181,9 @@ acme.sh --install-cert -d example.com --fullchain-file /etc/ssl/xray/cert.pem --
- 有关 HTTP/2
首先,`inbounds.streamSettings.xtlsSettings.alpn` 有顺序,应将 `h2` 放前,`http/1.1` 放后,在优先使用 HTTP/2 的同时保证兼容性;反过来会导致 HTTP/2 在协商时变为 HTTP/1.1,成为无效配置。
首先,`inbounds.streamSettings.tlsSettings.alpn` 有顺序,应将 `h2` 放前,`http/1.1` 放后,在优先使用 HTTP/2 的同时保证兼容性;反过来会导致 HTTP/2 在协商时变为 HTTP/1.1,成为无效配置。
在上述配置中,每条回落到 Nginx 的配置都要分成两个。这是因为 h2 是强制 TLS 加密的 HTTP/2 连接,这有益于数据在互联网中传输的安全,但在服务器内部没有必要;而 h2c 是非加密的 HTTP/2 连接适合该环境。然而Nginx 不能在同一端口上同时监听 HTTP/1.1 和 h2c为了解决这个问题需要在回落中指定 `alpn` 项(是 `fallbacks` 而不是 `xtlsSettings` 里面的),以尝试匹配 TLS ALPN 协商结果。
在上述配置中,每条回落到 Nginx 的配置都要分成两个。这是因为 h2 是强制 TLS 加密的 HTTP/2 连接,这有益于数据在互联网中传输的安全,但在服务器内部没有必要;而 h2c 是非加密的 HTTP/2 连接适合该环境。然而Nginx 不能在同一端口上同时监听 HTTP/1.1 和 h2c为了解决这个问题需要在回落中指定 `alpn` 项(是 `fallbacks` 而不是 `tlsSettings` 里面的),以尝试匹配 TLS ALPN 协商结果。
建议 `alpn` 项只按需用两种填法:[^4]
@ -192,24 +192,26 @@ acme.sh --install-cert -d example.com --fullchain-file /etc/ssl/xray/cert.pem --
如果使用 Caddy 就大可不必如此繁杂了,因为它**可以**在同一端口上同时监听 HTTP/1.1 和 h2c配置改动如下
```json5
"fallbacks": [
```json
{
"fallbacks": [
{
"name": "example.com",
"path": "/vmessws",
"dest": 5000,
"xver": 1
"name": "example.com",
"path": "/vmessws",
"dest": 5000,
"xver": 1
},
{
"dest": 5001,
"xver": 1
"dest": 5001,
"xver": 1
},
{
"name": "blog.example.com",
"dest": 5002,
"xver": 1
"name": "blog.example.com",
"dest": 5002,
"xver": 1
}
]
]
}
```
## Nginx 配置

58
docs/en/document/level-1/routing-lv1-part1.md
View File

@ -71,38 +71,42 @@
**出站:** 就是流量如何流出 `Xray`
:::
下面的出站配置示例,用大白话说就是:数据按照 `VLESS` 协议,以 `tcp + xtls (direct)` 的方式、及其他相关设置,把流量发送给对应的 VPS。同时`Xray` 将这个出站用 `[tag]` 命名为 `proxy-out-vless`
下面的出站配置示例,用大白话说就是:数据按照 `VLESS` 协议,以 `tcp + xtls` 的方式、及其他相关设置,把流量发送给对应的 VPS。同时`Xray` 将这个出站用 `[tag]` 命名为 `proxy-out-vless`
```json5
"outbounds": [
```json
{
"outbounds": [
{
"tag": "proxy-out-vless",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "a-name.yourdomain.com",
"port": 443,
"users": [
{
"id": "uuiduuid-uuid-uuid-uuid-uuiduuiduuid",
"flow": "xtls-rprx-direct",
"encryption": "none",
"level": 0
}
]
}
"tag": "proxy-out-vless",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "a-name.yourdomain.com",
"port": 443,
"users": [
{
"id": "uuiduuid-uuid-uuid-uuid-uuiduuiduuid",
"flow": "xtls-rprx-vision",
"encryption": "none",
"level": 0
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "a-name.yourdomain.com"
}
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "a-name.yourdomain.com",
"allowInsecure": false,
"fingerprint": "chrome"
}
}
}
]
]
}
```
### 2.3 路由