静看光阴荏苒
不管不顾不问不说也不念

配置Xray+REALITY+NginxSNI分流

reality是最近新出的一个协议,目前还没有正式发布,不过现在可以通过编译开发版本的xray来体验。

安装需要用到的软件包:

apt -y update
apt -y install curl git build-essential libssl-dev libevent-dev zlib1g-dev gcc-mingw-w64 nginx

安装golang:

curl -L https://go.dev/dl/go1.20.1.linux-amd64.tar.gz -o go1.20.1.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz
echo 'export PATH=$PATH:/usr/local/go/bin' > /etc/profile.d/golang.sh
source /etc/profile.d/golang.sh

克隆xray的源码:

git clone https://github.com/XTLS/Xray-core.git
cd Xray-core

编译linux平台的二进制文件:

go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main

编译windows平台的二进制文件:

env GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc \
go build -o xray.exe -trimpath -ldflags "-s -w -buildid=" ./main

复制编译好的文件:

cp xray /usr/local/bin/

新建sing-box需要用到的目录:

mkdir -p /usr/local/etc/xray

新建systemd服务:

systemctl edit --full --force xray.service

写入如下配置:

[Unit]
Description=xray-core service
Documentation=https://github.com/XTLS/Xray-core
After=network.target nss-lookup.target

[Service]
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ExecStart=/usr/local/bin/xray run -c /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

新建xray的配置文件:

nano /usr/local/etc/xray/config.json

写入如下配置:

{
  "log": {
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 52001,
      "protocol": "vless",
      "settings": {
      "clients": [
        {
          "id": "1bd974eb-3206-48dd-9c6c-42246e356492",
          "flow": "xtls-rprx-vision"
        }
      ],
      "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "tcpSettings": {
          "acceptProxyProtocol": true
        },
        "security": "reality",
        "realitySettings": {
          "show": false,
          "dest": "www.cloudflare.com:443",
          "xver": 0,
          "serverNames": [
            "www.cloudflare.com"
          ],
          "privateKey": "GFZ26GRlhDVIdwtv81JwmV-3F7Qqyhl-dsH_IzXIEpE",
          "shortIds": [
            ""
          ]
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom"
    }
  ]
}

注意事项:

1、uuid执行如下命令生成:

xray uuid

2、privateKey执行如下命令生成:

xray x25519

回显类似于:

Private key: GFZ26GRlhDVIdwtv81JwmV-3F7Qqyhl-dsH_IzXIEpE
Public key: 9lb8zUnMkgy-khsg0cwQxKv83u8Pr0JOkv8G0HxxYRk

3、我配置里面用的网站是cloudflare,你也可以换成别的,但是目标网站有一个最低标准:国外网站,支持TLSv1.3与HTTP2。

4、尽量找与你VPS服务器延迟低的网站,因为需要和目标站TLS握手,如果目标站与你VPS服务器的延迟太高,会影响速度。

启动xray并设置开机自启:

systemctl enable --now xray

确保服务正常运行,注意这里的版本号还是显示的1.7.5,这个可以忽略掉,因为源码里面的版本号还没来得及改:

接下来编辑nginx的主配置文件:

nano /etc/nginx/nginx.conf

写入如下配置,用于sni分流,注意这里启用了proxy_protocol:

stream {
        map $ssl_preread_server_name $backend {
                www.cloudflare.com reality;
        }
        upstream reality {
                server 127.0.0.1:52001;
        }
        server {
                listen 443      reuseport;
                listen [::]:443 reuseport;
                proxy_pass      $backend;
                ssl_preread     on;
                proxy_protocol  on;
        }
}

重载nginx使配置生效:

systemctl reload nginx

至此,服务端的配置就全部完成了。

将之前编译好的windows平台的文件下载到你的电脑上,然后将下面的客户端配置保存为config.json文件:

{
  "inbounds": [
    {
      "port": 30080,
      "protocol": "socks",
      "settings": {
        "auth": "noauth",
        "udp": true
      }
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "1.2.3.4", // 你的VPS服务器IP
            "port": 443,
            "users": [
              {
                "id": "1bd974eb-3206-48dd-9c6c-42246e356492",
                "flow": "xtls-rprx-vision",
                "encryption": "none"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "reality",
        "realitySettings": {
          "show": false,
          "fingerprint": "chrome",
          "serverName": "www.cloudflare.com",
          "publicKey": "9lb8zUnMkgy-khsg0cwQxKv83u8Pr0JOkv8G0HxxYRk",
          "shortId": "",
          "spiderX": ""
        }
      }
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {}
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {}
    }
  ],
  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [
      {
        "type": "field",
        "outboundTag": "block",
        "domain": ["geosite:category-ads-all"]
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "domain": ["geosite:cn"]
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "ip": [
          "geoip:cn",
          "geoip:private"
        ]
      }
    ]
  }
}

启动客户端:

./xray run -c config.json

也可以看看:https://github.com/XTLS/REALITY

赞(12)
未经允许不得转载:荒岛 » 配置Xray+REALITY+NginxSNI分流
分享到: 更多 (0)

评论 8

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
  1. #1

    大佬,能不能寫一篇Xray tcp xtls-vision reality如何多服務443的教程啊,並且加回落(客戶端不打ip)。「偷」別人證書總覺得⋯

    Singsing1年前 (2023-03-21) Chrome 111.0.5563.72 Chrome 111.0.5563.72 iPhone iOS 16.3 iPhone iOS 16.3回复
  2. #2

    试了一下,速度还行,但是发现了一个问题:reality过不了vmess透明代理,总是显示非法连接,之前的tls和xtls好像都没问题。

    lalalala1年前 (2023-03-28) Google Chrome 110.0.0.0 Google Chrome 110.0.0.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
  3. #3

    加了 listen [::]:443 reuseport; 这个后特别慢,
    V2RAYN里的地址填了域名,且配置了IPV6在域名上.
    右键测速,比只留第一行监听IPV4要慢许多

    chan1年前 (2023-04-02) Google Chrome 111.0.0.0 Google Chrome 111.0.0.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
  4. #4

    大佬 Windows 客户端报错 信息如下 该如何解决

    Xray 1.8.1 (Xray, Penetrates Everything.) Custom (go1.20.1 windows/amd64)
    A unified platform for anti-censorship.
    2023/04/24 13:40:23 [Info] infra/conf/serial: Reading config: config.json
    Failed to start: main: failed to load config files: [config.json] > infra/conf: invalid field rule > infra/conf: failed to parse domain rule: geosite:category-ads-all > infra/conf: failed to load geosite: CATEGORY-ADS-ALL > infra/conf: failed to load file: geosite.dat > infra/conf: failed to open file: geosite.dat > open D:\xray\racknerd\geosite.dat: The system cannot find the file specified.

    x-er1年前 (2023-04-24) Google Chrome 102.0.0.0 Google Chrome 102.0.0.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
    • 自己解决了 多谢大佬的教程~

      x-er1年前 (2023-04-25) Google Chrome 102.0.0.0 Google Chrome 102.0.0.0 Windows 10 x64 Edition Windows 10 x64 Edition回复
      • 如何解决的,能借鉴一下吗,栓q

        TTyan8个月前 (10-25) Microsoft Edge 118.0.2088.61 Microsoft Edge 118.0.2088.61 Windows 10 x64 Edition Windows 10 x64 Edition回复

分享创造快乐

广告合作资源投稿