github
/
Xray-docs-next
mirror of https://github.com/XTLS/Xray-docs-next
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix json format 

close https://github.com/XTLS/Xray-docs-next/pull/83
Thanks: @Johnshall
pull/86/head
hmol233 2021-07-16 00:29:22 +08:00
parent 2756718446
commit f6cca08099
No known key found for this signature in database
GPG Key ID: D617A9DAB0C992D5
6 changed files with 581 additions and 596 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
docs/document/level-0/ch07-xray-server.md
View File

@ -201,7 +201,7 @@
4. 将下面的文件全部复制进去,并将之前生成的`UUID`填入第 61 行 `"id": "",` 之中。(填好之后的样子是 `"id": "uuiduuid-uuid-uuid-uuid-uuiduuiduuid"`
),本文的这个配置文件中增加了我的各种啰嗦注解,以方便你理解每一个配置模块的功能是什么。
```json5
```json
// REFERENCE:
// https://github.com/XTLS/Xray-examples
// https://xtls.github.io/config/
@ -213,92 +213,92 @@
// └─ 5_outbounds 出站设置 - 流出 Xray 的流量往哪里去
{
// 1\_日志设置
log: {
loglevel: "warning", // 内容从少到多: "none", "error", "warning", "info", "debug"
access: "/home/vpsadmin/xray_log/access.log", // 访问记录
error: "/home/vpsadmin/xray_log/error.log", // 错误记录
"log": {
"loglevel": "warning", // 内容从少到多: "none", "error", "warning", "info", "debug"
"access": "/home/vpsadmin/xray_log/access.log", // 访问记录
"error": "/home/vpsadmin/xray_log/error.log" // 错误记录
},
// 2_DNS 设置
dns: {
servers: [
"dns": {
"servers": [
"https+local://1.1.1.1/dns-query", // 首选 1.1.1.1 的 DoH 查询,牺牲速度但可防止 ISP 偷窥
"localhost",
],
"localhost"
]
},
// 3*分流设置
routing: {
domainStrategy: "AsIs",
rules: [
"routing": {
"domainStrategy": "AsIs",
"rules": [
// 3.1 防止服务器本地流转问题:如内网被攻击或滥用、错误的本地回环等
{
type: "field",
ip: [
"geoip:private", // 分流条件geoip 文件内,名为"private"的规则(本地)
"type": "field",
"ip": [
"geoip:private" // 分流条件geoip 文件内,名为"private"的规则(本地)
],
outboundTag: "block", // 分流策略:交给出站"block"处理(黑洞屏蔽)
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
},
// 3.2 屏蔽广告
{
type: "field",
domain: [
"geosite:category-ads-all", // 分流条件geosite 文件内,名为"category-ads-all"的规则(各种广告域名)
"type": "field",
"domain": [
"geosite:category-ads-all" // 分流条件geosite 文件内,名为"category-ads-all"的规则(各种广告域名)
],
outboundTag: "block", // 分流策略:交给出站"block"处理(黑洞屏蔽)
},
],
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
}
]
},
// 4*入站设置
// 4.1 这里只写了一个最简单的 vless+xtls 的入站,因为这是 Xray 最强大的模式。如有其他需要,请根据模版自行添加。
inbounds: [
"inbounds": [
{
port: 443,
protocol: "vless",
settings: {
clients: [
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
id: "", // 填写你的 UUID
flow: "xtls-rprx-direct",
level: 0,
email: "vpsadmin@yourdomain.com",
},
"id": "", // 填写你的 UUID
"flow": "xtls-rprx-direct",
"level": 0,
"email": "vpsadmin@yourdomain.com"
}
],
decryption: "none",
fallbacks: [
"decryption": "none",
"fallbacks": [
{
dest: 80, // 默认回落到防探测的代理
},
],
"dest": 80 // 默认回落到防探测的代理
}
]
},
streamSettings: {
network: "tcp",
security: "xtls",
xtlsSettings: {
allowInsecure: false, // 正常使用应确保关闭
minVersion: "1.2", // TLS 最低版本设置
alpn: ["http/1.1"],
certificates: [
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"allowInsecure": false, // 正常使用应确保关闭
"minVersion": "1.2", // TLS 最低版本设置
"alpn": ["http/1.1"],
"certificates": [
{
certificateFile: "/home/vpsadmin/xray_cert/xray.crt",
keyFile: "/home/vpsadmin/xray_cert/xray.key",
},
],
},
},
},
"certificateFile": "/home/vpsadmin/xray_cert/xray.crt",
"keyFile": "/home/vpsadmin/xray_cert/xray.key"
}
]
}
}
}
],
// 5*出站设置
outbounds: [
"outbounds": [
// 5.1 第一个出站是默认规则freedom 就是对外直连vps 已经是外网,所以直连)
{
tag: "direct",
protocol: "freedom",
"tag": "direct",
"protocol": "freedom"
},
// 5.2 屏蔽规则blackhole 协议就是把流量导入到黑洞里(屏蔽)
{
tag: "block",
protocol: "blackhole",
},
],
"tag": "block",
"protocol": "blackhole"
}
]
}
```

148
docs/document/level-0/ch08-xray-clients.md
View File

@ -99,7 +99,7 @@
- 请将 `serverName` 替换成你的真实域名
- 各个配置模块的说明我都已经(很啰嗦的)放在对应的配置点上了
```json5
```json
// REFERENCE:
// https://github.com/XTLS/Xray-examples
// https://xtls.github.io/config/
@ -114,135 +114,135 @@
{
// 1_日志设置
// 注意本例中我默认注释掉了日志文件因为windows, macOS, Linux 需要写不同的路径,请自行配置
log: {
"log": {
// "access": "/home/local/xray_log/access.log", // 访问记录
// "error": "/home/local/xray_log/error.log", // 错误记录
loglevel: "warning", // 内容从少到多: "none", "error", "warning", "info", "debug"
"loglevel": "warning" // 内容从少到多: "none", "error", "warning", "info", "debug"
},
// 2_DNS设置
dns: {
servers: [
"dns": {
"servers": [
// 2.1 国外域名使用国外DNS查询
{
address: "1.1.1.1",
domains: ["geosite:geolocation-!cn"],
"address": "1.1.1.1",
"domains": ["geosite:geolocation-!cn"]
},
// 2.2 国内域名使用国内DNS查询并期待返回国内的IP若不是国内IP则舍弃用下一个查询
{
address: "223.5.5.5",
domains: ["geosite:cn"],
expectIPs: ["geoip:cn"],
"address": "223.5.5.5",
"domains": ["geosite:cn"],
"expectIPs": ["geoip:cn"]
},
// 2.3 作为2.2的备份,对国内网站进行二次查询
{
address: "114.114.114.114",
domains: ["geosite:cn"],
"address": "114.114.114.114",
"domains": ["geosite:cn"]
},
// 2.4 最后的备份上面全部失败时用本机DNS查询
"localhost",
],
"localhost"
]
},
// 3_分流设置
// 所谓分流,就是将符合否个条件的流量,用指定`tag`的出站协议去处理对应配置的5.x内容
routing: {
domainStrategy: "AsIs",
rules: [
"routing": {
"domainStrategy": "AsIs",
"rules": [
// 3.1 广告域名屏蔽
{
type: "field",
domain: ["geosite:category-ads-all"],
outboundTag: "block",
"type": "field",
"domain": ["geosite:category-ads-all"],
"outboundTag": "block"
},
// 3.2 国内域名直连
{
type: "field",
domain: ["geosite:cn"],
outboundTag: "direct",
"type": "field",
"domain": ["geosite:cn"],
"outboundTag": "direct"
},
// 3.3 国内IP直连
{
type: "field",
ip: ["geoip:cn", "geoip:private"],
outboundTag: "direct",
"type": "field",
"ip": ["geoip:cn", "geoip:private"],
"outboundTag": "direct"
},
// 3.4 国外域名代理
{
type: "field",
domain: ["geosite:geolocation-!cn"],
outboundTag: "proxy",
},
"type": "field",
"domain": ["geosite:geolocation-!cn"],
"outboundTag": "proxy"
}
// 3.5 默认规则
// 在Xray中任何不符合上述路由规则的流量都会默认使用【第一个outbound5.1】的设置所以一定要把转发VPS的outbound放第一个
],
]
},
// 4_入站设置
inbounds: [
"inbounds": [
// 4.1 一般都默认使用socks5协议作本地转发
{
tag: "socks-in",
protocol: "socks",
listen: "127.0.0.1", // 这个是通过socks5协议做本地转发的地址
port: 10800, // 这个是通过socks5协议做本地转发的端口
settings: {
udp: true,
},
"tag": "socks-in",
"protocol": "socks",
"listen": "127.0.0.1", // 这个是通过socks5协议做本地转发的地址
"port": 10800, // 这个是通过socks5协议做本地转发的端口
"settings": {
"udp": true
}
},
// 4.2 有少数APP不兼容socks协议需要用http协议做转发则可以用下面的端口
{
tag: "http-in",
protocol: "http",
listen: "127.0.0.1", // 这个是通过http协议做本地转发的地址
port: 10801, // 这个是通过http协议做本地转发的端口
},
"tag": "http-in",
"protocol": "http",
"listen": "127.0.0.1", // 这个是通过http协议做本地转发的地址
"port": 10801 // 这个是通过http协议做本地转发的端口
}
],
// 5_出站设置
outbounds: [
"outbounds": [
// 5.1 默认转发VPS
// 一定放在第一个在routing 3.5 里面已经说明了,这等于是默认规则,所有不符合任何规则的流量都走这个
{
tag: "proxy",
protocol: "vless",
settings: {
vnext: [
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
address: "a-name.yourdomain.com", // 替换成你的真实域名
port: 443,
users: [
"address": "a-name.yourdomain.com", // 替换成你的真实域名
"port": 443,
"users": [
{
id: "uuiduuid-uuid-uuid-uuid-uuiduuiduuid", // 和服务器端的一致
flow: "xtls-rprx-direct", // Windows, macOS 同学保持这个不变
"id": "uuiduuid-uuid-uuid-uuid-uuiduuiduuid", // 和服务器端的一致
"flow": "xtls-rprx-direct", // Windows, macOS 同学保持这个不变
// "flow": "xtls-rprx-splice", // Linux和安卓同学请改成Splice性能更强
encryption: "none",
level: 0,
},
],
},
],
},
streamSettings: {
network: "tcp",
security: "xtls",
xtlsSettings: {
serverName: "a-name.yourdomain.com", // 替换成你的真实域名
allowInsecure: false, // 禁止不安全证书
},
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "a-name.yourdomain.com", // 替换成你的真实域名
"allowInsecure": false // 禁止不安全证书
}
}
},
// 5.2 用`freedom`协议直连出站即当routing中指定'direct'流出时,调用这个协议做处理
{
tag: "direct",
protocol: "freedom",
"tag": "direct",
"protocol": "freedom"
},
// 5.3 用`blackhole`协议屏蔽流量即当routing中指定'block'时,调用这个协议做处理
{
tag: "block",
protocol: "blackhole",
},
],
"tag": "block",
"protocol": "blackhole"
}
]
}
```

286
docs/document/level-1/fallbacks-lv1.md
View File

@ -6,27 +6,29 @@
如果你用了《小小白白话文》中的[Xray 配置](../level-0/ch07-xray-server.md#_7-4-配置xray),并完成了[HTTP 自动跳转 HTTPS 优化](../level-0/ch07-xray-server.md#_7-8-服务器优化之二-开启http自动跳转https),那么你已经有了基于 `VLESS` 协议的简易回落:
```json5
"inbounds": [
```json
{
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
...
],
"decryption": "none",
"fallbacks": [
{
"dest": 8080 // 默认回落到防探测的代理
}
]
},
"streamSettings": {
...
}
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
// ... ...
],
"decryption": "none",
"fallbacks": [
{
"dest": 8080 // 默认回落到防探测的代理
}
]
},
"streamSettings": {
// ... ...
}
}
]
]
}
```
这一段配置用人话要怎么解释呢?
@ -133,55 +135,55 @@
### 5.1 首先,我将服务器端配置的 443 监听段摘抄如下:
```json5
```json
{
port: 443,
protocol: "vless",
settings: {
clients: [
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
id: "", // 填写你的 UUID
flow: "xtls-rprx-direct",
level: 0,
email: "love@example.com",
},
"id": "", // 填写你的 UUID
"flow": "xtls-rprx-direct",
"level": 0,
"email": "love@example.com"
}
],
decryption: "none",
fallbacks: [
"decryption": "none",
"fallbacks": [
{
dest: 1310, // 默认回落到 Xray 的 Trojan 协议
xver: 1,
"dest": 1310, // 默认回落到 Xray 的 Trojan 协议
"xver": 1
},
{
path: "/websocket", // 必须换成自定义的 PATH
dest: 1234,
xver: 1,
"path": "/websocket", // 必须换成自定义的 PATH
"dest": 1234,
"xver": 1
},
{
path: "/vmesstcp", // 必须换成自定义的 PATH
dest: 2345,
xver: 1,
"path": "/vmesstcp", // 必须换成自定义的 PATH
"dest": 2345,
"xver": 1
},
{
path: "/vmessws", // 必须换成自定义的 PATH
dest: 3456,
xver: 1,
},
],
"path": "/vmessws", // 必须换成自定义的 PATH
"dest": 3456,
"xver": 1
}
]
},
streamSettings: {
network: "tcp",
security: "xtls",
xtlsSettings: {
alpn: ["http/1.1"],
certificates: [
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": ["http/1.1"],
"certificates": [
{
certificateFile: "/path/to/fullchain.crt", // 换成你的证书,绝对路径
keyFile: "/path/to/private.key", // 换成你的私钥,绝对路径
},
],
},
},
"certificateFile": "/path/to/fullchain.crt", // 换成你的证书,绝对路径
"keyFile": "/path/to/private.key" // 换成你的私钥,绝对路径
}
]
}
}
}
```
@ -228,32 +230,32 @@
1. 后续处理回落至 `1310` 端口的流量,按照下面的配置验证、处理:
```json5
```json
{
port: 1310,
listen: "127.0.0.1",
protocol: "trojan",
settings: {
clients: [
"port": 1310,
"listen": "127.0.0.1",
"protocol": "trojan",
"settings": {
"clients": [
{
password: "", // 填写你的密码
level: 0,
email: "love@example.com",
},
"password": "", // 填写你的密码
"level": 0,
"email": "love@example.com"
}
],
fallbacks: [
"fallbacks": [
{
dest: 80, // 或者回落到其它也防探测的代理
},
],
},
streamSettings: {
network: "tcp",
security: "none",
tcpSettings: {
acceptProxyProtocol: true,
},
"dest": 80 // 或者回落到其它也防探测的代理
}
]
},
"streamSettings": {
"network": "tcp",
"security": "none",
"tcpSettings": {
"acceptProxyProtocol": true
}
}
}
```
@ -264,94 +266,94 @@
2. 后续处理回落至 `1234` 端口的流量,仔细看!它其实是 `vless+ws`
```json5
```json
{
port: 1234,
listen: "127.0.0.1",
protocol: "vless",
settings: {
clients: [
"port": 1234,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
id: "", // 填写你的 UUID
level: 0,
email: "love@example.com",
},
"id": "", // 填写你的 UUID
"level": 0,
"email": "love@example.com"
}
],
decryption: "none",
},
streamSettings: {
network: "ws",
security: "none",
wsSettings: {
acceptProxyProtocol: true, // 提醒:若你用 Nginx/Caddy 等反代 WS需要删掉这行
path: "/websocket", // 必须换成自定义的 PATH需要和分流的一致
},
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS需要删掉这行
"path": "/websocket" // 必须换成自定义的 PATH需要和分流的一致
}
}
}
```
3. 后续处理回落至 `2345` 端口的流量,仔细看!它其实是 `vmess直连`
```json5
```json
{
port: 2345,
listen: "127.0.0.1",
protocol: "vmess",
settings: {
clients: [
"port": 2345,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
id: "", // 填写你的 UUID
level: 0,
email: "love@example.com",
},
],
},
streamSettings: {
network: "tcp",
security: "none",
tcpSettings: {
acceptProxyProtocol: true,
header: {
type: "http",
request: {
path: [
"/vmesstcp", // 必须换成自定义的 PATH需要和分流的一致
],
},
},
},
"id": "", // 填写你的 UUID
"level": 0,
"email": "love@example.com"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "none",
"tcpSettings": {
"acceptProxyProtocol": true,
"header": {
"type": "http",
"request": {
"path": [
"/vmesstcp" // 必须换成自定义的 PATH需要和分流的一致
]
}
}
}
}
}
```
4. 后续处理回落至 `3456` 端口的流量,再仔细看!它其实是是 `vmess+ws(+cdn)`
::: warning 说明
你没看错,这就是 v2fly 曾经的推荐组合之一,并可完整支持 `CDN`。现已加入完美回落套餐哦!
你没看错,这就是 v2fly 曾经推荐组合之一,并可完整支持 `CDN`。现已加入完美回落套餐哦!
:::
```json5
```json
{
port: 3456,
listen: "127.0.0.1",
protocol: "vmess",
settings: {
clients: [
"port": 3456,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
id: "", // 填写你的 UUID
level: 0,
email: "love@example.com",
},
],
},
streamSettings: {
network: "ws",
security: "none",
wsSettings: {
acceptProxyProtocol: true, // 提醒:若你用 Nginx/Caddy 等反代 WS需要删掉这行
path: "/vmessws", // 必须换成自定义的 PATH需要和分流的一致
},
"id": "", // 填写你的 UUID
"level": 0,
"email": "love@example.com"
}
]
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS需要删掉这行
"path": "/vmessws" // 必须换成自定义的 PATH需要和分流的一致
}
}
}
```

152
docs/document/level-1/fallbacks-with-sni.md
View File

@ -74,91 +74,91 @@ acme.sh --install-cert -d example.com --fullchain-file /etc/ssl/xray/cert.pem --
## Xray 配置
```json5
```json
{
log: {
loglevel: "warning",
"log": {
"loglevel": "warning"
},
inbounds: [
"inbounds": [
{
port: 443,
protocol: "vless",
settings: {
clients: [
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
id: "UUID",
flow: "xtls-rprx-direct",
},
"id": "UUID",
"flow": "xtls-rprx-direct"
}
],
decryption: "none",
fallbacks: [
"decryption": "none",
"fallbacks": [
{
name: "example.com",
path: "/vmessws",
dest: 5000,
xver: 1,
"name": "example.com",
"path": "/vmessws",
"dest": 5000,
"xver": 1
},
{
dest: 5001,
xver: 1,
"dest": 5001,
"xver": 1
},
{
alpn: "h2",
dest: 5002,
xver: 1,
"alpn": "h2",
"dest": 5002,
"xver": 1
},
{
name: "blog.example.com",
dest: 5003,
xver: 1,
"name": "blog.example.com",
"dest": 5003,
"xver": 1
},
{
name: "blog.example.com",
alpn: "h2",
dest: 5004,
xver: 1,
},
],
"name": "blog.example.com",
"alpn": "h2",
"dest": 5004,
"xver": 1
}
]
},
streamSettings: {
network: "tcp",
security: "xtls",
xtlsSettings: {
alpn: ["h2", "http/1.1"],
certificates: [
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": ["h2", "http/1.1"],
"certificates": [
{
certificateFile: "/etc/ssl/xray/cert.pem",
keyFile: "/etc/ssl/xray/privkey.key",
},
],
},
},
"certificateFile": "/etc/ssl/xray/cert.pem",
"keyFile": "/etc/ssl/xray/privkey.key"
}
]
}
}
},
{
listen: "127.0.0.1",
port: 5000,
protocol: "vmess",
settings: {
clients: [
"listen": "127.0.0.1",
"port": 5000,
"protocol": "vmess",
"settings": {
"clients": [
{
id: "UUID",
},
],
"id": "UUID"
}
]
},
streamSettings: {
network: "ws",
wsSettings: {
acceptProxyProtocol: true,
path: "/vmessws",
},
},
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/vmessws"
}
}
}
],
outbounds: [
"outbounds": [
{
protocol: "freedom",
},
],
"protocol": "freedom"
}
]
}
```
@ -192,24 +192,26 @@ acme.sh --install-cert -d example.com --fullchain-file /etc/ssl/xray/cert.pem --
如果使用 Caddy 就大可不必如此繁杂了,因为它**可以**在同一端口上同时监听 HTTP/1.1 和 h2c配置改动如下
```json5
"fallbacks": [
```json
{
"fallbacks": [
{
"name": "example.com",
"path": "/vmessws",
"dest": 5000,
"xver": 1
"name": "example.com",
"path": "/vmessws",
"dest": 5000,
"xver": 1
},
{
"dest": 5001,
"xver": 1
"dest": 5001,
"xver": 1
},
{
"name": "blog.example.com",
"dest": 5002,
"xver": 1
"name": "blog.example.com",
"dest": 5002,
"xver": 1
}
]
]
}
```
## Nginx 配置

176
docs/document/level-1/routing-lv1-part1.md
View File

@ -51,18 +51,20 @@
下面的入站配置示例,用大白话说就是:数据按照 `socks` 协议,通过 `10808` 端口,从本机 `127.0.0.1` 流入`Xray`。同时,`Xray` 将这个入站用 `[tag]` 命名为 `inbound-10808`
```json5
"inbounds": [
```json
{
"inbounds": [
{
"tag": "inbound-10808",
"protocol": "socks",
"listen": "127.0.0.1",
"port": 10808,
"settings": {
"udp": true
}
"tag": "inbound-10808",
"protocol": "socks",
"listen": "127.0.0.1",
"port": 10808,
"settings": {
"udp": true
}
}
]
]
}
```
**2.2 出站**
@ -73,36 +75,38 @@
下面的出站配置示例,用大白话说就是:数据按照 `VLESS` 协议,以 `tcp + xtls (direct)` 的方式、及其他相关设置,把流量发送给对应的 VPS。同时`Xray` 将这个出站用 `[tag]` 命名为 `proxy-out-vless`
```json5
"outbounds": [
```json
{
"outbounds": [
{
"tag": "proxy-out-vless",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "a-name.yourdomain.com",
"port": 443,
"users": [
{
"id": "uuiduuid-uuid-uuid-uuid-uuiduuiduuid",
"flow": "xtls-rprx-direct",
"encryption": "none",
"level": 0
}
]
}
"tag": "proxy-out-vless",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "a-name.yourdomain.com",
"port": 443,
"users": [
{
"id": "uuiduuid-uuid-uuid-uuid-uuiduuiduuid",
"flow": "xtls-rprx-direct",
"encryption": "none",
"level": 0
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "a-name.yourdomain.com"
}
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "a-name.yourdomain.com"
}
}
}
]
]
}
```
### 2.3 路由
@ -113,18 +117,18 @@
下面的路由配置示例,用大白话说就是:把所有通过 `[tag]="inbound-10808"` 入站流入 `Xray` 的流量,`100%` 全部流转导入 `[tag]="proxy-out-vless"` 的出站,没有任何分流或其他操作。
```json5
"routing": {
```json
{
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"inboundTag": [
"inbound-10808"
],
"outboundTag": "proxy-out-vless"
}
{
"type": "field",
"inboundTag": ["inbound-10808"],
"outboundTag": "proxy-out-vless"
}
]
}
}
```
@ -201,21 +205,23 @@
在上例的基础上,我们已经有了 `[proxy]` 的出站 `"proxy-out-vless"`,所以它保持不变。显而易见,我们需要加入两个新的出站方式:`[block]` 和 `[direct]`,如下:
```json5
"outbounds": [
```json
{
"outbounds": [
{
"tag": "proxy-out-vless",
......
"tag": "proxy-out-vless"
// ... ...
},
{
"tag": "block",
"protocol": "blackhole"
"tag": "block",
"protocol": "blackhole"
},
{
"tag": "direct-out",
"protocol": "freedom"
"tag": "direct-out",
"protocol": "freedom"
}
]
]
}
```
上面的配置用大白话翻译如下:
@ -228,32 +234,28 @@
接下来就是见证奇迹的时刻了,我们可以用【路由】的配置把这些连接起来!
```json5
"routing": {
```json
{
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"domain": [
"geosite:cn"
],
"outboundTag": "direct-out"
},
{
"type": "field",
"domain": [
"geosite:geolocation-!cn"
],
"outboundTag": "proxy-out-vless"
}
{
"type": "field",
"domain": ["geosite:category-ads-all"],
"outboundTag": "block"
},
{
"type": "field",
"domain": ["geosite:cn"],
"outboundTag": "direct-out"
},
{
"type": "field",
"domain": ["geosite:geolocation-!cn"],
"outboundTag": "proxy-out-vless"
}
]
}
}
```
@ -362,21 +364,23 @@
是不是,非常地简单?
```json5
"outbounds": [
```json
{
"outbounds": [
{
"tag": "direct-out",
"protocol": "freedom"
"tag": "direct-out",
"protocol": "freedom"
},
{
"tag": "proxy-out-vless",
......
"tag": "proxy-out-vless"
// ... ...
},
{
"tag": "block",
"protocol": "blackhole"
"tag": "block",
"protocol": "blackhole"
}
]
]
}
```
此时,路由规则其实变成了:

297
docs/document/level-1/routing-lv1-part2.md
View File

@ -50,35 +50,31 @@
上述配置如下:
```json5
"routing": {
```json
{
"routing": {
"domainStrategy": "AsIs",
"rules": [
// 指定子域名直连
{
"type": "field",
"domain": [
"full:direct.yourdomain.com"
],
"outboundTag": "direct-out"
},
// 指定子域名转发VPS
{
"type": "field",
"domain": [
"full:proxy.yourdomain.com"
],
"outboundTag": "proxy-out-vless"
},
// 指定泛域名转发VPS
{
"type": "field",
"domain": [
"yourdomain.com"
],
"outboundTag": "proxy-out-vless"
}
// 指定子域名直连
{
"type": "field",
"domain": ["full:direct.yourdomain.com"],
"outboundTag": "direct-out"
},
// 指定子域名转发VPS
{
"type": "field",
"domain": ["full:proxy.yourdomain.com"],
"outboundTag": "proxy-out-vless"
},
// 指定泛域名转发VPS
{
"type": "field",
"domain": ["yourdomain.com"],
"outboundTag": "proxy-out-vless"
}
]
}
}
```
@ -92,27 +88,25 @@
上述配置如下:
```json5
"routing": {
```json
{
"routing": {
"domainStrategy": "AsIs",
"rules": [
// 本机内部地址、局域网地址直连
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "direct-out"
},
// 国内IP集直连
{
"type": "field",
"ip": [
"geoip:cn"
],
"outboundTag": "direct-out"
}
// 本机内部地址、局域网地址直连
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "direct-out"
},
// 国内IP集直连
{
"type": "field",
"ip": ["geoip:cn"],
"outboundTag": "direct-out"
}
]
}
}
```
@ -125,27 +119,25 @@
上述配置如下:
```json5
"routing": {
```json
{
"routing": {
"domainStrategy": "AsIs",
"rules": [
// 指定IP地址直连
{
"type": "field",
"ip": [
"223.5.5.5"
],
"outboundTag": "direct-out"
},
// 指定IP地址转发VPS
{
"type": "field",
"ip": [
"1.1.1.1"
],
"outboundTag": "proxy-out-vless"
}
// 指定IP地址直连
{
"type": "field",
"ip": ["223.5.5.5"],
"outboundTag": "direct-out"
},
// 指定IP地址转发VPS
{
"type": "field",
"ip": ["1.1.1.1"],
"outboundTag": "proxy-out-vless"
}
]
}
}
```
@ -157,19 +149,19 @@
你需要打开入站代理中的 `sniffing` 才能使用此种方式分流。
:::
```json5
"routing": {
```json
{
"routing": {
"domainStrategy": "AsIs",
"rules": [
// 指定 BT 协议直连
{
"type": "field",
"protocol": [
"bittorrent"
],
"outboundTag": "direct-out"
}
// 指定 BT 协议直连
{
"type": "field",
"protocol": ["bittorrent"],
"outboundTag": "direct-out"
}
]
}
}
```
@ -205,69 +197,58 @@
`[1-block] --> [2-direct] --> [3-proxy] --> [4-first-outbound]`
:::
```json5
"routing": {
```json
{
"routing": {
"domainStrategy": "AsIs",
"rules": [
// [1-block 广告流量屏蔽]
// 1.1 广告域名集屏蔽
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
// [2-direct 国内流量直连]
// 2.1 国内域名集、指定子域名直连
{
"type": "field",
"domain": [
"geosite:cn",
"full:direct.yourdomain.com"
],
"outboundTag": "direct-out"
},
// 2.2 本机内部地址+局域网、国内IP、指定IP直连
{
"type": "field",
"ip": [
"geoip:private",
"geoip:cn",
"223.5.5.5"
],
"outboundTag": "direct-out"
},
// 2.3 BT协议流量直连
{
"type": "field",
"protocol": [
"bittorrent"
],
"outboundTag": "direct-out"
},
// [3-proxy 国外流量转发VPS]
// 3.1 国外域名集、指定子域名、指定泛域名转发VPS
{
"type": "field",
"domain": [
"geosite:geolocation-!cn",
"full:proxy.yourdomain.com",
"yourdomain.com"
],
"outboundTag": "proxy-out-vless"
},
// 3.2 指定IP转发VPS
{
"type": "field",
"ip": [
"1.1.1.1"
],
"outboundTag": "proxy-out-vless"
}
// [4-default-routing 第一条出站]
// 没有匹配到任何规则的流量,默认使用第一条出站处理
// [1-block 广告流量屏蔽]
// 1.1 广告域名集屏蔽
{
"type": "field",
"domain": ["geosite:category-ads-all"],
"outboundTag": "block"
},
// [2-direct 国内流量直连]
// 2.1 国内域名集、指定子域名直连
{
"type": "field",
"domain": ["geosite:cn", "full:direct.yourdomain.com"],
"outboundTag": "direct-out"
},
// 2.2 本机内部地址+局域网、国内IP、指定IP直连
{
"type": "field",
"ip": ["geoip:private", "geoip:cn", "223.5.5.5"],
"outboundTag": "direct-out"
},
// 2.3 BT协议流量直连
{
"type": "field",
"protocol": ["bittorrent"],
"outboundTag": "direct-out"
},
// [3-proxy 国外流量转发VPS]
// 3.1 国外域名集、指定子域名、指定泛域名转发VPS
{
"type": "field",
"domain": [
"geosite:geolocation-!cn",
"full:proxy.yourdomain.com",
"yourdomain.com"
],
"outboundTag": "proxy-out-vless"
},
// 3.2 指定IP转发VPS
{
"type": "field",
"ip": ["1.1.1.1"],
"outboundTag": "proxy-out-vless"
}
// [4-default-routing 第一条出站]
// 没有匹配到任何规则的流量,默认使用第一条出站处理
]
}
}
```
@ -325,21 +306,19 @@
为了实现上面的目标,他写出了以下路由规则:
```json5
"routing": {
```json
{
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"223.5.5.5"
],
"domain": [
"full:direct.yourdomain.com"
],
"outboundTag": "direct-out"
}
{
"type": "field",
"ip": ["223.5.5.5"],
"domain": ["full:direct.yourdomain.com"],
"outboundTag": "direct-out"
}
]
}
}
```
@ -357,25 +336,23 @@
正确示范,自然就是将不同的匹配依据独立出来:
```json5
"routing": {
```json
{
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"223.5.5.5"
],
"outboundTag": "direct-out"
},
{
"type": "field",
"domain": [
"full:direct.yourdomain.com"
],
"outboundTag": "direct-out"
}
{
"type": "field",
"ip": ["223.5.5.5"],
"outboundTag": "direct-out"
},
{
"type": "field",
"domain": ["full:direct.yourdomain.com"],
"outboundTag": "direct-out"
}
]
}
}
```