Forked from v2ray-examples
xtls / xray-examples Goto Github PK
View Code? Open in Web Editor NEWSome examples of uses for Xray-core.
Home Page: https://t.me/projectXray
xray-examples's Introduction
xray-examples's People
Contributors
Stargazers
Watchers
Forkers
dumpmemory lalalaalu kobayashiming rosebe opemaspen fadang123 schnappi-02 deeyi2000 happy42779 y1024 sunming11678 fjh1997 ardentwheel amibaworld beginnerhonkai adfrog tiger888198 chinchunchang tphz syouko noschool-design 3kwes frank997 whu-inf danerlt signingup majia1984 yhucao tianditong st-youth lifansama zroorz bbwx2 followheart007 runningshadowlee caissonfiv iamgit66 hdfskycat liuyun1234 be90nia s-mocking hasan-w huadi016 housq zs765123 onlycharacter hvvy ethandavisg erdiaojin piper55 chao2142 vincent-xiaoyao kannon-74 needforgit ardayan ai2hub capxax dream10201 yd2005 henrywithu cty123 primal-fear-1996 digital-xxx shell-script sjjjmax 42isdfsdfsdf honeybee888 darkless456 jackguoo jamespan2012 jsylin xpzouying next-autumn wsvg14 sitsh xu747 konglls mannydo kengziji wxgj2001 jiasongji panpanzheng-bnu 2306758816 alanginger marvinnick dxb22abad lstions nbnb5421 mike59881051 jerry-zheng-bilibili ferridual github-aaaisan cysk003 alexanderchen1989 sherry0319 yxlwfds godblessamerica geqiaoyu zhushaofeng0909 pertancexray-examples's Issues
xray 的shadowsocks 2022 配置无法启动
密码用openssl rand -base64 6 生成的
{
"inbounds": [
{
"port": 1234,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "5aGC0zLq",
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
错误提示
● xray.service - Xray Service
Loaded: loaded (/etc/systemd/system/xray.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/xray.service.d
└─10-donot_touch_single_conf.conf
Active: failed (Result: exit-code) since Fri 2022-07-15 08:40:27 CST; 2s ago
Docs: https://github.com/xtls
Process: 18471 ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json (code=exited, status=23)
Main PID: 18471 (code=exited, status=23)
Jul 15 08:40:27 singapo systemd[1]: Started Xray Service.
Jul 15 08:40:27 singapo xray[18471]: Xray 1.5.8 (Xray, Penetrates Everything.) Custom (go1.18.3 linux/amd64)
Jul 15 08:40:27 singapo xray[18471]: A unified platform for anti-censorship.
Jul 15 08:40:27 singapo xray[18471]: Failed to start: main: failed to create server > proxy/shadowsocks_2022: create service > bad key
Jul 15 08:40:27 singapo systemd[1]: xray.service: Main process exited, code=exited, status=23/n/a
Jul 15 08:40:27 singapo systemd[1]: xray.service: Unit entered failed state.
Jul 15 08:40:27 singapo systemd[1]: xray.service: Failed with result 'exit-code'.
VLESS-TCP客户端配置有一处小错误
dns服务能否做成监听模式,而非xray自用?
内部网络因为某些原因需要一个能分流的dns,而xray的dns服务正好有这个功能,但是只是用来内部使用,希望能将dns服务新增Listen和port两个参数,将该服务open出来,让客户端能请求访问。多谢!
厉害
但是我不会用呀
使用Caddy是xray否需要配置证书?Caddy会自动申请证书并自动更新的
RT
对于bittorrent的配置是放在rule前面还是后面好
在家里配的透明代理,由于经常做bt下载,所以关心bittorrent协议的配置。
看例子里好像都没有,又看说明中说rule是从上到下匹配的,那么是不是把相关配置放在第一位对性能最好?
何时可以有openWRT的xlts?
求个gRPC的example
文档有点简单,看不太东。比方客户端是不是要设mux?还是默认就有mux的?
有没有apache前置分流到xray的配置。
debain 安装trojan 服务器失败
大佬按您的配置 在服务器安装trojan 更改配置文件后 xray 无法启动
failed to load config files: [/usr/local/etc/xray/config.json] > infra/conf: Failed to build TLS config. > infr
在安装xray 的时候 有个提示 操作系统 版本过低 跟这个有关系么
这个 issue 区是 Xray 配置交流区
因为根据 之前 的经验,最终也会变成交流区。
linux下的使用xray+vless+ws+tls用cloudflare加速配置文件怎么写?
操作系统是archlinux,用仓库里的vless+ws+tls客户端json文件设置成ip地址,就根本无法访问了。只能设置成cloudflare的cdn主机名,或者是一般的主机名。到底config.json应该怎么写,找了好久都搜不到,跪求大神指点,谢谢。
两种 mKCPSeed 都出现这个错误。
Failed to start: main: failed to load config files: [/xray/xray.json] > infra/conf: failed to parse to outbound detour config. > json: cannot unmarshal string into Go struct field VMessOutboundTarget.vnext.port of type uint16
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 1080,
"listen": "0.0.0.0",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "{{ xxx.xxx.xxx.xxx }}",
"port": "{{ 13001 }}",
"users": [
{
"id": "{{ 59D53E6D-66B4-4999-A1EB-87F12528450E }}",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "kcp",
"kcpSettings": {
"seed": "{{ now }}"
}
}
}
]
}
该如何解决? thanks
请问我是按照VLESS+XTLS+VISION的模板配置的,也把里面的信息换成了自己的,但重启服务后xray直接登不上了,这是怎么回事啊
// REFERENCE:
// https://github.com/XTLS/Xray-examples
// https://xtls.github.io/config/
// 常用的 config 文件,不论服务器端还是客户端,都有 5 个部分。外加小小白解读:
// ┌─ 1log 日志设置 - 日志写什么,写哪里(出错时有据可查)
// ├─ 2_dns DNS-设置 - DNS 怎么查(防 DNS 污染、防偷窥、避免国内外站匹配到国外服务>
// ├─ 3_routing 分流设置 - 流量怎么分类处理(是否过滤广告、是否国内外分流)
// ├─ 4_inbounds 入站设置 - 什么流量可以流入 Xray
// └─ 5_outbounds 出站设置 - 流出 Xray 的流量往哪里去
{
// 1_日志设置
"log": {
"loglevel": "warning", // 内容从少到多: "none", "error", "warning", "info", "d>
"access": "/home/e1itevps/xray_log/access.log", // 访问记录
"error": "/home/e1itevps/xray_log/error.log" // 错误记录
},
// 2_DNS 设置
"dns": {
"servers": [
"https+local://1.1.1.1/dns-query", // 首选 1.1.1.1 的 DoH 查询,牺牲速度但可>
"localhost"
]
},
// 3分流设置
"routing": {
"domainStrategy": "AsIs",
"rules": [
// 3.1 防止服务器本地流转问题:如内网被攻击或滥用、错误的本地回环等
{
"type": "field",
"ip": [
"geoip:private" // 分流条件:geoip 文件内,名为"private"的规则(本地)
],
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
},
// 3.2 屏蔽广告
{
"type": "field",
"domain": [
"geosite:category-ads-all" // 分流条件:geosite 文件内,名为"category-ads-all"的规则(各种广告域名)
],
"outboundTag": "block" // 分流策略:交给出站"block"处理(黑洞屏蔽)
}
]
},
// 4入站设置
// 4.1 这里只写了一个最简单的 vless+xtls 的入站,因为这是 Xray 最强大的模式。如有其他需要,请根据模版自行添加。
"inbounds": [
{
"port": 208,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "我的id", // 填写你的 UUID
"flow": "xtls-rprx-vision",
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 2037 // 默认回落到防探测的代理
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"allowInsecure": false, // 正常使用应确保关闭
"minVersion": "1.2", // TLS 最低版本设置
"alpn": ["http/1.1"],
"certificates": [
{
"certificateFile": "/home/e1itevps/xray_cert/xray.crt",
"keyFile": "/home/e1itevps/xray_cert/xray.key"
}
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
// 5出站设置
"outbounds": [
// 5.1 第一个出站是默认规则,freedom 就是对外直连(vps 已经是外网,所以直连)
{
"tag": "direct",
"protocol": "freedom"
},
// 5.2 屏蔽规则,blackhole 协议就是把流量导入到黑洞里(屏蔽)
{
"tag": "block",
"protocol": "blackhole"
}
]
}
Trojan-gRPC-Caddy2 提示 failed to find an available destination
server log
Xray 1.6.0 (Xray, Penetrates Everything.) Custom (go1.19.1 linux/amd64)
A unified platform for anti-censorship.
2022/10/08 22:54:11 [Info] infra/conf/serial: Reading config: /usr/local/etc/xray/config.json
2022/10/08 22:54:12 [Warning] core: Xray 1.6.0 started
client log
Xray 1.6.0 (Xray, Penetrates Everything.) Custom (go1.19.1 darwin/arm64)
A unified platform for anti-censorship.
2022/10/08 22:54:13 [Info] infra/conf/serial: Reading config: /opt/homebrew/etc/xray/config.json
2022/10/08 22:54:13 [Warning] core: Xray 1.6.0 started
2022/10/08 22:54:18 tcp:127.0.0.1:64224 accepted tcp:alive.github.com:443 [Trojan_grpc_in -> Trojan_grpc_out]
2022/10/08 22:54:21 [Warning] [4095847556] app/proxyman/outbound: failed to process outbound traffic > proxy/trojan: failed to find an available destination > common/retry: [transport/internet/grpc: failed to dial gRPC > transport/internet/grpc: Cannot dial gRPC > rpc error: code = Unavailable desc = connection closed before server preface received] > common/retry: all retry attempts failed
2022/10/08 22:54:23 tcp:127.0.0.1:64263 accepted tcp:www.google.com:443 [Trojan_grpc_in -> Trojan_grpc_out]
2022/10/08 22:54:25 [Warning] [3760251225] app/proxyman/outbound: failed to process outbound traffic > proxy/trojan: failed to find an available destination > common/retry: [transport/internet/grpc: failed to dial gRPC > transport/internet/grpc: Cannot dial gRPC > rpc error: code = Unavailable desc = connection closed before server preface received] > common/retry: all retry attempts failed
Caddyfile
{
order reverse_proxy before route
admin off
log {
output file /var/log/caddy/access.log
level ERROR
}
}
domain.com {
tls {
protocols tls1.3
ciphers TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
curves x25519 secp521r1 secp384r1 secp256r1
alpn http/1.1 h2
}
@websocket {
header Connection *Upgrade*
header Upgrade websocket
path /JupIOuLQu
}
reverse_proxy @websocket localhost:6668
@grpc {
protocol grpc
path /ZhrDqzeQv/*
}
reverse_proxy @grpc localhost:6667
@host {
host domain.com
}
route @host {
encode gzip
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
file_server {
root /usr/share/caddy
}
}
}
server.json
{
"log": {
"loglevel": "warning"
},
"dns": {
"hosts": { "dns.google": "8.8.8.8" },
"servers": [
"https://1.1.1.1/dns-query",
"https://dns.google/dns-query",
"1.1.1.1",
"8.8.8.8"
]
},
"inbounds": [
{
"tag": "Trojan_grpc",
"listen": "127.0.0.1",
"port": 6667,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "password"
}
]
},
"streamSettings": {
"network": "grpc",
"grpcSettings": { "serviceName": "ZhrDqzeQv" }
},
"sniffing": {
"enabled": true,
"destOverride": [ "http", "tls" ]
}
}
],
"outbounds": [
{
"tag": "freedom_out",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
}
},
{
"tag": "Blackhole_out",
"protocol": "blackhole"
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "Blackhole_out"
},
{
"type": "field",
"protocol": ["bittorrent"],
"outboundTag": "Blackhole_out"
}
]
}
}client.json
{
"log":{
"loglevel": "warning"
},
"inbounds": [
{
"tag": "Trojan_grpc_in",
"listen": "127.0.0.1",
"port": 1086,
"protocol": "socks"
}
],
"outbounds": [
{
"tag": "Trojan_grpc_out",
"protocol": "trojan",
"settings": {
"servers": [
{
"address": "domain.com",
"port": 443,
"password": "password"
}
]
},
"streamSettings": {
"network": "grpc",
"security": "tls",
"grpcSettings": { "serviceName": "ZhrDqzeQv" }
}
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"inboundTag": "Trojan_grpc_in",
"outboundTag": "Trojan_grpc_out"
}
]
}
}Shadowsocks 2022多用户客户端配置密码貌似有误
Failed to start: main: failed to create server > proxy/shadowsocks_2022: create method > invalid argument
请问一下回落机制能把ssh和网页分开吗?
就是想通过xray的回落机制把ssh协议和https协议分开,分到不同的端口上去,这样自己搭的gitlab就可以复用一个端口了。看了例子,感觉不是太会,没弄明白那个path是什么意思,像ssh这种协议也没有path这个说法。
回落到其它服务的socket端口(回落&路由均有问题),请指教,谢谢
我的需求:
Xray监听443,根据SNI(域名)和path来将请求回落到一个其它服务监听的的sockes协议的6800端口,如果回落不行,使用路由也可以.
我的问题:
1.首先直接使用VLESS的回落,发现行不通,不知道是不是VLESS+XTLS不能转到socks端口?
2.使用路由来分流也遇到了问题,思路是VLESS的443端口先根据SNI和path将流量回落到vless+ws或者vmess+ws,然后在入栈中设置入栈tag,然后添加一个socks协议的出栈,然后使用路由将入栈和出栈关联起来,但是发现也不行,
问题表现为:路由规则无效,流量永远都从服务端的outbounds中的第一个出栈协议流出,如果第一个是freedom,那么不管客户端的SNI和path设置的什么,都会走freedom,如果服务端的第一个出栈协议是socks(6800),那么不管客户端SNI和path是什么,都会流出到6800端口.
即下面这段配置,outbounds里面哪个在前面,就永远走哪个,后面出栈永远走不到,不知道什么原因?
"outbounds": [
{
"tag": "direct-out",
"protocol": "freedom"
},
// 添加一个Socket出栈
{
"tag": "outbound-socks",
"protocol": "socks",
"settings": {
"servers": [
{
"address": "127.0.0.1",
"port": 6800
}
]
}
}
],
Q1:不知道是不是我的配置有问题(后面会附上完整服务端配置)?
Q1:能不能不使用路由规则,让VLESS回落直接根据SNI和path将流量流出到socks端口?
服务端xray-core版本:1.3.0
客户端:windows+v2rayN最新版
服务端完整配置:
关于grpc 服务端配置 Xray-VLESS-gRPC.socket 疑问
这两种方式有什么区别??
以前github仓里的是
服务端配置
"port": 2002,
"listen": "127.0.0.1",
nginx 对应配置
grpc_pass grpc://127.0.0.1:2002;
现在github 仓里只有listen,无port
"listen": "/dev/shm/Xray-VLESS-gRPC.socket,0666",
nginx 对应配置
grpc_pass unix:/dev/shm/Xray-VLESS-gRPC.socket;
SS22中转方案无法和多用户共存
假设落地机已配置完毕情况下,中转机配置如下,中转+多用户方案
服务端:
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"port": 443,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "n/+qYmhkfhHEkA97wGFo6g==",
"clients": [
{
"address": "103.xxx.xx.xxx", //落地机中转配置
"port": 8443,
"password": "WiHePWePm19g5q1YgndC5A==",
"email": "[email protected]"
},
{
"password": "QNtU0NRpw2qadOQzKTM0MQ==", //多用户
"email": "my user"
}
],
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
此时只能获取到中转机IP,无法获取到落地机IP
只能使用这个折中方案才能兼容落地机IP和中转机IP皆可通过ss22连接
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"port": 443,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "n/+qYmhkfhHEkA97wGFo6g==",
"clients": [
{
"address": "103.xxx.xx.xxx", //落地机配置
"port": 8443,
"password": "WiHePWePm19g5q1YgndC5A==",
"email": "[email protected]"
}
],
"network": "tcp,udp"
}
},
{
"port": 8443,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "QNtU0NRpw2qadOQzKTM0MQ==", //中转机配置
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
应该中转配置就是变种的多用户类型呀,是不是哪里不太对😂
Vless tcp fallback to vmess tcp 无法连接
https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XTLS-WHATEVER/config_server.json
按照上面这个教程
Vless tcp fallback to vmess tcp and vmess ws
vmess ws 是可以正常工作的, 但vmess 的 tcp 里面带path /vmesstcp 就无法连接
用脚本 bash <(curl -Lso- https://git.io/oneclick) 安装选13 就可以安装 vless fallback to vmess tcp 可以重现问题
印象中以前是可以的,不知道哪个版本后就不行了
无法连接
配置文件
{
"port": 443,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": ""
}
]
},
"streamSettings": {
"network": "quic",
"quicSettings": {},
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "fullchain.crt", // 使用真实证书
"keyFile": "private.key"
}
]
}
}
}
报错显示022/08/30 00:18:52 127.0.0.1:57512 accepted //91.108.56.113:443 [http -> proxy]
2022/08/30 00:18:52 127.0.0.1:57511 accepted //mtalk.google.com:5228 [http -> proxy]
2022/08/30 00:18:52 127.0.0.1:57513 accepted http://91.108.56.113:80/api [http -> proxy]
2022/08/30 00:18:53 127.0.0.1:57517 accepted //91.108.56.113:443 [http -> proxy]
2022/08/30 00:18:53 127.0.0.1:57518 accepted http://91.108.56.113:80/api [http -> proxy]
2022/08/30 00:18:55 127.0.0.1:57520 accepted //91.108.56.113:443 [http -> proxy]
2022/08/30 00:18:55 127.0.0.1:57521 accepted http://91.108.56.113:80/api [http -> proxy]
2022/08/30 00:18:56 127.0.0.1:57522 accepted //alive.github.com:443 [http -> proxy]
2022/08/30 00:18:59 127.0.0.1:57524 accepted //91.108.56.113:443 [http -> proxy]
2022/08/30 00:18:59 127.0.0.1:57525 accepted http://91.108.56.113:80/api [http -> proxy]
2022/08/30 00:19:01 127.0.0.1:57527 accepted //alive.github.com:443 [http -> proxy]
2022/08/30 00:19:07 127.0.0.1:57531 accepted //91.108.56.113:443 [http -> proxy]
2022/08/30 00:19:07 127.0.0.1:57532 accepted http://91.108.56.113:80/api [http -> proxy]
2022/08/30 00:19:08 127.0.0.1:57533 accepted //alive.github.com:443 [http -> proxy]
咨询WebSocket 0-RTT问题
如果ws要通过CDN的话,设置CDN pass这个header给origin
Sec-WebSocket-Protocol
是不是就过CDN也可以有0-RTT?
VMSS+TCP, there is "alterId" lacked inside users settings
same as title
QUIC支持回落么?
"user" directive is not allowed here in /etc/nginx/conf.d/default.conf:1
配置文件路径为
/etc/nginx/conf.d/default.conf
配置文件内容为
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$proxy_protocol_addr:$proxy_protocol_port';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
#listen 80 default_server;
#listen [::]:80 default_server;
listen [::]:80 default ipv6only=off;
return 301 https://$http_host$request_uri;
}
server {
listen unix:/dev/shm/default.sock proxy_protocol;
listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
# 把example.com换成你的域名
server_name xx.example.com;
root /usr/share/nginx/html;
set_real_ip_from 127.0.0.1;
include /etc/nginx/default.d/*.conf;
# 开启 HSTS ,混 sslab 的 A+
add_header Strict-Transport-Security "max-age=63072000" always;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
重启nginx报错
root@VM-o4SvqT80FlA1:~# systemctl status nginx.service
● nginx.service - nginx - high performance web server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/nginx.service.d
└─override.conf
Active: failed (Result: exit-code) since Wed 2022-08-17 04:04:09 UTC; 7s ago
Docs: https://nginx.org/en/docs/
Process: 14244 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
CPU: 4ms
Aug 17 04:04:09 VM-o4SvqT80FlA1 systemd[1]: Starting nginx - high performance web server...
Aug 17 04:04:09 VM-o4SvqT80FlA1 nginx[14244]: nginx: [emerg] "user" directive is not allowed here in /etc/nginx/conf.d/default.conf:1
Aug 17 04:04:09 VM-o4SvqT80FlA1 systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Aug 17 04:04:09 VM-o4SvqT80FlA1 systemd[1]: nginx.service: Failed with result 'exit-code'.
Aug 17 04:04:09 VM-o4SvqT80FlA1 systemd[1]: Failed to start nginx - high performance web serve
配置文件路径
请问TFO是这样配置的吗?
"streamSettings": {
"network": "tcp",
"security": "xtls",
"tcpFastOpen": true,
……
能否支持内网穿透的配置examples?
另外想问问,内网穿透的时候,内网服务器和公网服务器直接的通信是否可以修改协议呢?我公网服务器在国外,最近发现流量受到干扰。
使用VLESS-TCP-XTLS-WHATEVER模板 日志提示:rejected proxy/trojan: not trojan protocol
大佬好,我在用大佬的配置中遇到了点小问题请教下。
客户端和服务端都是最新的1.4.5,按照VLESS-TCP-XTLS-WHATEVER中的配置,服务端日志会有大量的:rejected proxy/trojan: not trojan protocol提示,请问是哪里配置不对吗?
xray 服务端的设置如下,按照VLESS-TCP-XTLS-WHATEVER中的配置,仅修改uuid和回落端口80改8001
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "我的UUID", // 填写你的 UUID
"flow": "xtls-rprx-direct",
"level": 0,
"email": "[email protected]"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 1310, // 默认回落到 Xray 的 Trojan 协议
"xver": 1
},
{
"path": "/websocket", // 必须换成自定义的 PATH
"dest": 1234,
"xver": 1
},
{
"path": "/vmesstcp", // 必须换成自定义的 PATH
"dest": 2345,
"xver": 1
},
{
"path": "/vmessws", // 必须换成自定义的 PATH
"dest": 3456,
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "fullchain.cer", // 换成你的证书,绝对路径
"keyFile": "domain.key" // 换成你的私钥,绝对路径
}
]
}
}
},
{
"port": 1310,
"listen": "127.0.0.1",
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "wahah", // 填写你的密码
"level": 0,
"email": "[email protected]"
}
],
"fallbacks": [
{
"dest": 8001// 或者回落到其它也防探测的代理
}
]
},
"streamSettings": {
"network": "tcp",
"security": "none",
"tcpSettings": {
"acceptProxyProtocol": true
}
}
},
{
"port": 1234,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "我的UUID", // 填写你的 UUID
"level": 0,
"email": "[email protected]"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行
"path": "/websocket" // 必须换成自定义的 PATH,需要和分流的一致
}
}
},
{
"port": 2345,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "我的UUID", // 填写你的 UUID
"level": 0,
"email": "[email protected]"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "none",
"tcpSettings": {
"acceptProxyProtocol": true,
"header": {
"type": "http",
"request": {
"path": [
"/vmesstcp" // 必须换成自定义的 PATH,需要和分流的一致
]
}
}
}
}
},
{
"port": 3456,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "我的UUID", // 填写你的 UUID
"level": 0,
"email": "[email protected]"
}
]
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行
"path": "/vmessws" // 必须换成自定义的 PATH,需要和分流的一致
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
nginx.conf配置如下,8888端口是docker搭建的nextcloud网盘
server {
listen 80;
server_name domain.com;
return 301 https://$host$request_uri;
}
server {
server_name domain.com www.domain.com;
listen 8001;
client_max_body_size 10G;
location / {
proxy_redirect off;
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $http_host;
}
location = /.htaccess {
return 404;
}
location = /.well-known/carddav {
return 301 https://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 https://$host/remote.php/dav;
}
}
客户端按照vless_tcp_xtls.json这个配置。能正常上网,服务器上的网盘所有功能也正常使用,服务端部分日志如下
Xray 1.4.5 (Xray, Penetrates Everything.) Custom (go1.17.1 linux/amd64)
A unified platform for anti-censorship.
2021/11/10 20:12:33 [Info] infra/conf/serial: Reading config: config-sample.json
2021/11/10 20:12:33 [Warning] transport/internet/tcp: accepting PROXY protocol
2021/11/10 20:12:33 [Warning] transport/internet/websocket: accepting PROXY protocol
2021/11/10 20:12:33 [Warning] transport/internet/tcp: accepting PROXY protocol
2021/11/10 20:12:33 [Warning] transport/internet/websocket: accepting PROXY protocol
2021/11/10 20:12:33 [Warning] core: Xray 1.4.5 started
2021/11/10 20:13:01 IP地址:58217 accepted tcp:github.com:443 email: [email protected]
2021/11/10 20:13:02 IP地址:58241 accepted tcp:avatars.githubusercontent.com:443 email: [email protected]
2021/11/10 20:13:08 IP地址:58347 rejected proxy/trojan: not trojan protocol
2021/11/10 20:13:17 IP地址:58516 rejected proxy/trojan: not trojan protocol
2021/11/10 20:13:18 IP地址:60864 rejected proxy/trojan: not trojan protocol
2021/11/10 20:13:18 IP地址:56871 rejected proxy/trojan: not trojan protocol
2021/11/10 20:14:18 IP地址:59664 rejected proxy/trojan: not trojan protocol
2021/11/10 20:15:21 IP地址:60837 rejected proxy/trojan: not trojan protocol
2021/11/10 20:16:23 IP地址:61857 rejected proxy/trojan: not trojan protocol
2021/11/10 20:17:12 IP地址:61868 accepted tcp:github.com:443 email: [email protected]
2021/11/10 20:17:13 IP地址:61870 accepted tcp:github.githubassets.com:443 email: [email protected]
2021/11/10 20:17:13 IP地址:61872 accepted tcp:avatars.githubusercontent.com:443 email: [email protected]
2021/11/10 20:17:15 IP地址:61876 accepted tcp:api.github.com:443 email: [email protected]
2021/11/10 20:17:25 IP地址:61880 rejected proxy/trojan: not trojan protocol
2021/11/10 20:18:11 IP地址:65409 accepted tcp:raw.githubusercontent.com:443 email: [email protected]
2021/11/10 20:18:27 IP地址:65411 rejected proxy/trojan: not trojan protocol
2021/11/10 20:19:29 IP地址:65419 rejected proxy/trojan: not trojan protocol
2021/11/10 20:20:28 IP地址:65431 rejected proxy/trojan: not trojan protocol
2021/11/10 20:20:31 IP地址:65433 rejected proxy/trojan: not trojan protocol
2021/11/10 20:21:25 IP地址:64519 accepted tcp:www.google.com:443 email: [email protected]
2021/11/10 20:21:27 IP地址:64522 accepted tcp:apis.google.com:443 email: [email protected]
2021/11/10 20:21:28 IP地址:64524 accepted tcp:adservice.google.com:443 email: [email protected]
2021/11/10 20:21:33 IP地址:53517 rejected proxy/trojan: not trojan protocol
Shadowsocks-2022 不支持ipv6
vps同时有ipv4/ipv6,同样监听port 443(xray),ipv4与ipv6进站都没问题。 但ss2020监听 port 8080,只能ipv4进站,ipv6沒有反应。
确定ss2020使用的tcp/udp port是正常的,其他軟件ipv4/ipv6都可正常使用。
netstat也显示tcp6/udp6 都监听 :::8080。
{
"port": 8080,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "PASSWORD",
"network": "tcp,udp"
}
}
找到原因,是安卓客户端的问题。使用pc端测试就正常了。
shadowsocks2022+nginx 有配置模板?
shadowsocks2022+nginx 有配置模板?
win服务端的证书放哪怎么填地址
{
"certificateFile": "/path/to/certificate.crt",
"keyFile": "/path/to/key.key"
win服务端的证书放哪怎么填地址
有没有支持 http2 的 xlts 配置
目前是 VLESS + XLTS 回落 Nginx:80, 性能十分强劲, 期望能让 fallback 支持 http2
更新1.2.3后VLESS-TCP-XTLS-WHATEVER配置似乎无法用了= =
更新1.2.3后VLESS-TCP-XTLS-WHATEVER配置似乎无法用了= = 求教..
xray 回落到 typecho博客以后无法进入后台。
xxxx.xyz/admin/index.php 登陆后台以后,前端可以正常显示。
输入完账号密码点登陆,像是按了F5一样。没有任何反映。
不经过XRAY回落。直接访问则没有问题。
一台VPS多个IP,VLESS+TCP+XTLS怎么配置多入口和多出口?下面这个配置一直无法重启,怎么排查?
{
"inbounds": [
{
"port": 443,
"listen": "104.168.134.33",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "4sfr7wyh-xd01-5lsr-l7s2-47hji8uxy9fw",
"flow": "xtls-rprx-direct",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "xxx.chyblog.cn",
"alpn": [
"http/1.1",
"h2"
],
"certificates": [
{
"certificateFile": "/usr/local/etc/xray/xxx.chyblog.cn.pem",
"keyFile": "/usr/local/etc/xray/xxx.chyblog.cn.key"
}
]
}
},
"tag": "10416813433-in"
},
{
"port": 443,
"listen": "104.168.143.206",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "c8zxteq0-nsoj-gji5-ma5f-fjgr1esuyovb",
"flow": "xtls-rprx-direct",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "xxx.chyblog.cn",
"alpn": [
"http/1.1",
"h2"
],
"certificates": [
{
"certificateFile": "/usr/local/etc/xray/xxx.chyblog.cn.pem",
"keyFile": "/usr/local/etc/xray/xxx.chyblog.cn.key"
}
]
}
},
"tag": "104168143206-in"
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": "10416813433-in",
"outboundTag": "10416813433-out"
},
{
"type": "field",
"inboundTag": "104168143206-in",
"outboundTag": "104168143206-out"
}
]
},
"outbounds": [
{
"sendThrough": "104.168.134.33",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
},
"tag": "10416813433-out"
},
{
"sendThrough": "104.168.143.206",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
},
"tag": "104168143206-out"
}
]
}systemctl错误如下:
# systemctl status xray
● xray.service - Xray Service
Loaded: loaded (/etc/systemd/system/xray.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2021-12-21 17:16:33 CST; 2min 23s ago
Docs: https://github.com/xtls
https://hijk.art
Process: 152806 ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json (code=exited, status=23)
Main PID: 152806 (code=exited, status=23)
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com systemd[1]: Started Xray Service.
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com xray[152806]: Xray 1.5.0 (Xray, Penetrates Everything.) Custom (go1.17.2 linux/amd64)
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com xray[152806]: A unified platform for anti-censorship.
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com xray[152806]: 2021/12/21 17:16:33 [Info] infra/conf/serial: Reading config: /usr/local/etc/xray/con>
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com xray[152806]: Failed to start: main: failed to load config files: [/usr/local/etc/xray/config.json]>
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com systemd[1]: xray.service: Main process exited, code=exited, status=23/n/a
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com systemd[1]: xray.service: Failed with result 'exit-code'.
日志文件的记录如下:
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com systemd[1]: Started Xray Service.
-- Subject: A start job for unit xray.service has finished successfully
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A start job for unit xray.service has finished successfully.
--
-- The job identifier is 3607.
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com xray[152806]: Xray 1.5.0 (Xray, Penetrates Everything.) Custom (go1.17.2 linux/amd64)
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com xray[152806]: A unified platform for anti-censorship.
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com xray[152806]: 2021/12/21 17:16:33 [Info] infra/conf/serial: Reading config: /usr/local/etc/xray/config.json
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com xray[152806]: Failed to start: main: failed to load config files: [/usr/local/etc/xray/config.json] > encoding/hex: invalid byte: U+006E 'n'
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com systemd[1]: xray.service: Main process exited, code=exited, status=23/n/a
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- An ExecStart= process belonging to unit xray.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 23.
Dec 21 17:16:33 hwsrv-917454.hostwindsdns.com systemd[1]: xray.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The unit xray.service has entered the 'failed' state with result 'exit-code'.
我只看到[/usr/local/etc/xray/config.json] > encoding/hex: invalid byte: U+006E 'n',请问一下,这种错误要怎么排查?
vless-tcp-http这种模式没有吗
需要一个不带加密,只需要混淆伪装的模式模板
希望能出一个vision搭配回落到nginx
希望能出一个vision搭配回落到nginx的模板,xray的配置模板和nginx的配置模板
vless+xtls网站浏览不稳定有时能打开有时就报连接超时
根据小小白白的指引一步步配置,完成后确实速度比v2ray快,可是访问网站上午能正常打开,下午就报连接超时页面载入出错。油管倒是每次都能打开,可视频大部分都不能正常播放,只有很少能正常播放的,求解惑!配置如下:
服务器端:
{
"log": {
"loglevel": "warning",
"access": "/xx/xx/xx/access.log",
"error": "/xx/xx/xx/error.log"
},
"dns": {
"servers": [
"https+local://1.1.1.1/dns-query",
"localhost"
]
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "block"
},
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "uuid",
"flow": "xtls-rprx-direct",
"level": 0,
"email": "[email protected]"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 8080
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"allowInsecure": false,
"minVersion": "1.2",
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "/xx/xx/xray.crt",
"keyFile": "/xx/xx/xray.key"
}
]
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom"
},
{
"tag": "block",
"protocol": "blackhole"
}
]
}
客户端:
{
"log": {
"access": "/xx/xx/access.log",
"error": "/xx/xx/error.log",
"loglevel": "warning"
},
"dns": {
"servers": [
{
"address": "1.1.1.1",
"domains": [
"geosite:geolocation-!cn"
]
},
{
"address": "223.5.5.5",
"domains": [
"geosite:cn"
],
"expectIPs": [
"geoip:cn"
]
},
{
"address": "114.114.114.114",
"domains": [
"geosite:cn"
]
},
"localhost"
]
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"domain": [
"geosite:cn"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:private"
],
"outboundTag": "direct"
},
{
"type": "field",
"domain": [
"geosite:geolocation-!cn"
],
"outboundTag": "proxy"
}
]
},
"inbounds": [
{
"tag": "socks-in",
"protocol": "socks",
"listen": "127.0.0.1",
"port": 1080,
"settings": {
"udp": true
}
},
{
"tag": "http-in",
"protocol": "http",
"listen": "127.0.0.1",
"port": 1081
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "www.mydomain.com",
"port": 443,
"users": [
{
"id": "uuid",
"flow": "xtls-rprx-splice",
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "www.mydomain.com",
"allowInsecure": false
}
}
},
{
"tag": "direct",
"protocol": "freedom"
},
{
"tag": "block",
"protocol": "blackhole"
}
]
}
客户端日志
2021/03/07 22:16:21 tcp:127.0.0.1:51956 rejected proxy/socks: failed to read request > read tcp 127.0.0.1:1080->127.0.0.1:51956: read: connection reset by peer
2021/03/07 22:16:21 tcp:127.0.0.1:51962 accepted tcp:42.49.13.10:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:51958 accepted tcp:42.49.13.10:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:51960 accepted tcp:42.49.13.10:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:51970 accepted tcp:42.49.13.6:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:51976 accepted tcp:42.49.13.6:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:51974 accepted tcp:42.49.13.7:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:51990 accepted tcp:42.49.13.6:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:51986 accepted tcp:42.49.13.6:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:51984 accepted tcp:42.49.13.7:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:51988 accepted tcp:42.49.13.6:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:51982 accepted tcp:42.49.13.7:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:51992 accepted tcp:42.49.13.6:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52008 rejected proxy/socks: insufficient header > EOF
2021/03/07 22:16:21 tcp:127.0.0.1:52020 accepted tcp:42.49.13.7:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52010 accepted tcp:42.49.13.5:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52012 accepted tcp:42.49.13.7:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52014 accepted tcp:42.49.13.7:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52016 accepted tcp:42.49.13.7:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52024 accepted tcp:42.49.13.5:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52018 accepted tcp:42.49.13.7:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52022 accepted tcp:42.49.13.5:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52046 rejected proxy/socks: failed to read request > read tcp 127.0.0.1:1080->127.0.0.1:52046: read: connection reset by peer
2021/03/07 22:16:21 tcp:127.0.0.1:52044 accepted tcp:104.26.6.142:443 [socks-in >> proxy]
2021/03/07 22:16:21 tcp:127.0.0.1:52048 accepted tcp:39.96.132.69:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52056 accepted tcp:58.20.147.88:80 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52054 accepted tcp:58.20.147.88:80 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52062 accepted tcp:58.20.147.88:80 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52066 accepted tcp:39.107.11.172:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52070 accepted tcp:110.52.196.231:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52074 accepted tcp:42.49.13.5:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52078 accepted tcp:111.206.209.249:443 [socks-in -> direct]
2021/03/07 22:16:21 tcp:127.0.0.1:52082 rejected proxy/socks: failed to read request > EOF
用例子里的shadowsocks 2022中转配置,只能连接到中转机
按照服务器与客户端的配置,能连接上,但通过测试IP,发现还是中转机的IP,而不是落地机的IP
中转机配置:
{
"port": 1234,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=",
"clients": [
{
"address": "11.22.33.44", ---落地机IP
"port": 5678,
"password": "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy=",
"email": "[email protected]"
}
],
"network": "tcp,udp"
}
}
落地机配置 :
{
"port": 5678,
"protocol": "shadowsocks",
"settings": {
"method": "2022-blake3-aes-128-gcm",
"password": "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy=",
"network": "tcp,udp"
}
}
客户端配置:
{
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "中转机IP",
"port": 1234,
"method": "2022-blake3-aes-128-gcm",
"password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=:yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy="
}
]
}
}
Add a tag
VLESS-TCP-XTLS回落Trojan錯誤
Hi各位,
我在嘗試按 VLESS-TCP-XTLS-WHATEVER 給出的例子配置VLESS-TCP-XTLS回落Trojan,當以VLESS-TCP-XTLS方式連接443時連接正常,但當以Trojan方式連接443時,xray服務器會報告"rejected proxy/trojan: not a valid user"。請教可能是什麼問題呢?
非常感謝
服務器 xray-1.3.0
客戶端 igniter-0.10.2-beta
xray完整運行響應如下:
$ cat config.yaml |yq -j|sudo ./xray
Xray 1.3.0 (Xray, Penetrates Everything.) Custom (go1.16 linux/arm64)
A unified platform for anti-censorship.
2021/02/27 00:49:24 Using config from STDIN
2021/02/27 00:49:24 [Info] infra/conf/serial: Reading config: stdin:
2021/02/27 00:49:24 [Debug] app/log: Logger started
2021/02/27 00:49:24 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:443
2021/02/27 00:49:24 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:1310
2021/02/27 00:49:24 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:443
2021/02/27 00:49:24 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:1310
2021/02/27 00:49:24 [Warning] transport/internet/tcp: accepting PROXY protocol
2021/02/27 00:49:24 [Warning] core: Xray 1.3.0 started
2021/02/27 00:49:29 [Info] [2692849173] proxy/vless/inbound: firstLen = 203
2021/02/27 00:49:29 [Info] [2692849173] proxy/vless/inbound: fallback starts > proxy/vless/encoding: invalid request version
2021/02/27 00:49:29 [Info] [2692849173] proxy/vless/inbound: realName = mydomain.org
2021/02/27 00:49:29 [Info] [2692849173] proxy/vless/inbound: realAlpn = http/1.1
2021/02/27 00:49:29 101.113.65.207:52196 rejected proxy/trojan: not a valid user
2021/02/27 00:49:29 [Info] [1262208027] proxy/trojan: firstLen = 203
2021/02/27 00:49:29 [Info] [1262208027] app/proxyman/inbound: connection ends > proxy/trojan: invalid protocol or invalid userxray服務端完整配置如下
log:
loglevel: debug
inbounds:
- port: 443
protocol: vless
settings:
clients:
- id: 'ef126d4d-f814-4c5d-b97b-7d4f65d9d2fb'
flow: xtls-rprx-direct
level: 0
email: [email protected]
decryption: none
fallbacks:
- dest: 1310
xver: 1
streamSettings:
network: tcp
security: xtls
xtlsSettings:
alpn:
- http/1.1
certificates:
- certificateFile: /home/ubuntu/fullchain.cer
keyFile: /home/ubuntu/www.key
- port: 1310
listen: 127.0.0.1
protocol: trojan
settings:
clients:
- password: 'PASSWORD'
email: [email protected]
streamSettings:
network: tcp
security: none
tcpSettings:
acceptProxyProtocol: true
outbounds:
- protocol: freedom98:地址已在使用中
在重启nginx时显示
Aug 15 11:08:19 VM-o4SvqT80FlA1 nginx[19610]: nginx: [emerg] bind() to unix:/dev/shm/default.sock failed (98: Address already in use)
Aug 15 11:08:19 VM-o4SvqT80FlA1 nginx[19610]: nginx: [emerg] bind() to unix:/dev/shm/h2c.sock failed (98: Address already in use)
Aug 15 11:08:20 VM-o4SvqT80FlA1 nginx[19610]: nginx: [emerg] bind() to unix:/dev/shm/default.sock failed (98: Address already in use)
Aug 15 11:08:20 VM-o4SvqT80FlA1 nginx[19610]: nginx: [emerg] bind() to unix:/dev/shm/h2c.sock failed (98: Address already in use)
Aug 15 11:08:20 VM-o4SvqT80FlA1 nginx[19610]: nginx: [emerg] bind() to unix:/dev/shm/default.sock failed (98: Address already in use)
Aug 15 11:08:20 VM-o4SvqT80FlA1 nginx[19610]: nginx: [emerg] bind() to unix:/dev/shm/h2c.sock failed (98: Address already in use)
Aug 15 11:08:21 VM-o4SvqT80FlA1 nginx[19610]: nginx: [emerg] still could not bind()
Aug 15 11:08:21 VM-o4SvqT80FlA1 systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Aug 15 11:08:21 VM-o4SvqT80FlA1 systemd[1]: nginx.service: Failed with result 'exit-code'.
Aug 15 11:08:21 VM-o4SvqT80FlA1 systemd[1]: Failed to start nginx - high performance web server.
我不知道如何解决它
能否更新一个vless xtls 和trojan xtls共存的配置
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
这是我的配置文件
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$proxy_protocol_addr:$proxy_protocol_port';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
#listen 80 default_server;
#listen [::]:80 default_server;
listen [::]:80 default ipv6only=off;
return 301 https://$http_host$request_uri;
}
server {
listen unix:/dev/shm/default.sock proxy_protocol;
listen unix:/dev/shm/h2c.sock http2 proxy_protocol;
# 把example.com换成你的域名
server_name xx.example.com;
root /usr/share/nginx/html;
set_real_ip_from 127.0.0.1;
include /etc/nginx/default.d/*.conf;
# 开启 HSTS ,混 sslab 的 A+
add_header Strict-Transport-Security "max-age=63072000" always;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
报错为
root@VM-o4SvqT80FlA1:~# systemctl status nginx.service
● nginx.service - nginx - high performance web server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/nginx.service.d
└─override.conf
Active: failed (Result: exit-code) since Tue 2022-08-16 13:03:46 UTC; 8s ago
Docs: https://nginx.org/en/docs/
Process: 14303 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
CPU: 8ms
Aug 16 13:03:44 VM-o4SvqT80FlA1 systemd[1]: Starting nginx - high performance web server...
Aug 16 13:03:44 VM-o4SvqT80FlA1 nginx[14303]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Aug 16 13:03:44 VM-o4SvqT80FlA1 nginx[14303]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Aug 16 13:03:45 VM-o4SvqT80FlA1 nginx[14303]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Aug 16 13:03:45 VM-o4SvqT80FlA1 nginx[14303]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Aug 16 13:03:46 VM-o4SvqT80FlA1 nginx[14303]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Aug 16 13:03:46 VM-o4SvqT80FlA1 nginx[14303]: nginx: [emerg] still could not bind()
Aug 16 13:03:46 VM-o4SvqT80FlA1 systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Aug 16 13:03:46 VM-o4SvqT80FlA1 systemd[1]: nginx.service: Failed with result 'exit-code'.
Aug 16 13:03:46 VM-o4SvqT80FlA1 systemd[1]: Failed to start nginx - high performance web server.
root@VM-o4SvqT80FlA1:~#
请教关于route模块的工作逻辑
假设outbaounds第一条是proxy出口,那么默认路径就是这个了;如果route中只有关于域名的规则,由于所有的通讯最终都是要通过TCP/IP层发送数据的,由于没有找到关于IP的规则,那么是不是所有流量都会走到Proxy路径上去呢?比如说配置了geosite:geolocation-!cn走proxy这一条rule;那么当客户端访问baidu.com的时候,虽然可能先通过proxy去做了DNS解析,但是拿到解析返回的IP后真正建立TCP的链接的时候由于没有基于该IP的rule,是否会自动走到proxy上去?
Xray是工作在TCP/IP协议的哪一层呢,如果是代理模式貌似还可以理解为工作在应用层,但是透明代理模式由于是通过修改iptables实现的端口转发,那么好像应该在更低层吧,如果在底层如果不控制IP的route是不是就无法有效分流了
如何在Shadowsocks-2022的json里配置DNS服务器
as tittle,
如何在Shadowsocks-2022的json里配置指定DNS服务器.
我用ss的nameserver配置,貌似不行.
求赐教
VLESS over TCP with TLS + 回落 & 分流 to WebSocket(进阶配置) 方案多用户配置问题
请问这种方案如何配置多用户?我根据模板配置了一下没成功。
我创建了两个用户,"email“:a和"email“:b。
"email“:a id为 40d3d26c-bf99-40c8-938d-8189d6e0ad5d
"email“:b id为 40d3d26c-bf99-40c8-938d-8189d6e0ad5e
这是我尝试的第一种配置
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "40d3d26c-bf99-40c8-938d-8189d6e0ad5d",
"level": 0,
"email": "a"
},
{
"email": "b",
"id": "40d3d26c-bf99-40c8-938d-8189d6e0ad5e",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 80
},
{
"path": "/z000",
"dest": 1234,
"xver": 1
},
{
"path": "/z001",
"dest": 1235,
"xver": 1
}
]
},
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "/home/cert.pem",
"keyFile": "/home/key.pem"
}
]
}
}
},
{
"port": 1234,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "40d3d26c-bf99-40c8-938d-8189d6e0ad5d",
"level": 0,
"email": "a"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/z000"
}
}
},
{
"port": 1235,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "40d3d26c-bf99-40c8-938d-8189d6e0ad5e",
"level": 0,
"email": "b"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/z001"
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
这是我尝试的第二种配置
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "40d3d26c-bf99-40c8-938d-8189d6e0ad5d",
"level": 0,
"email": "a"
},
{
"email": "b",
"id": "40d3d26c-bf99-40c8-938d-8189d6e0ad5e",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 80
},
{
"path": "/z000",
"dest": 1234,
"xver": 1
}
]
},
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "/home/cert.pem",
"keyFile": "/home/key.pem"
}
]
}
}
},
{
"port": 1234,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "40d3d26c-bf99-40c8-938d-8189d6e0ad5d",
"level": 0,
"email": "a"
},
{
"email": "b",
"id": "40d3d26c-bf99-40c8-938d-8189d6e0ad5e",
"level": 0
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/z000"
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
我是瞎搞的,不知道怎么弄才能成功,请大佬点拨,谢谢。
ignore and close
ignore and close
按VLESS-TCP-TLS-WS 样例配置,如启用CDN ,是否端口只能443?
按VLESS-TCP-TLS-WS 样例配置,如启用CDN ,是否端口只能443?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.