mirror of
https://github.com/XrayR-project/XrayR-doc.git
synced 2025-08-19 07:41:48 +00:00
Add files via upload
This commit is contained in:
78
README.md
Normal file
78
README.md
Normal file
@@ -0,0 +1,78 @@
|
||||
---
|
||||
description: A Xray backend framework that can easily support many panels.
|
||||
---
|
||||
|
||||
# 关于XrayR
|
||||
|
||||
## XrayR
|
||||
|
||||
A Xray backend framework that can easily support many panels.
|
||||
|
||||
一个基于Xray的后端框架,支持V2ay,Trojan,Shadowsocks协议,极易扩展,支持多面板对接。
|
||||
|
||||
项目地址: [https://github.com/XrayR-project](https://github.com/XrayR-project)
|
||||
|
||||
## 项目目录
|
||||
|
||||
* [XrayR](https://github.com/XrayR-project/XrayR):XrayR源码以及软件发布。
|
||||
* [XrayR-release](https://github.com/XrayR-project/XrayR-release):XrayR一键安装脚本以及Docker。
|
||||
* [XrayR-doc](https://github.com/XrayR-project/XrayR-doc):XrayR文档源码。
|
||||
|
||||
## 特点
|
||||
|
||||
* 永久开源且免费。
|
||||
* 支持V2ray,Trojan, Shadowsocks多种协议。
|
||||
* 支持Vless和XTLS等新特性。
|
||||
* 支持单实例对接多面板、多节点,无需重复启动。
|
||||
* 支持限制在线IP
|
||||
* 支持节点端口级别、用户级别限速。
|
||||
* 配置简单明了。
|
||||
* 修改配置自动重启实例。
|
||||
* 方便编译和升级,可以快速更新核心版本, 支持Xray-core新特性。
|
||||
|
||||
## 功能介绍
|
||||
|
||||
| 功能 | v2ray | trojan | shadowsocks |
|
||||
| :-------------- | :---- | :----- | :---------- |
|
||||
| 获取节点信息 | √ | √ | √ |
|
||||
| 获取用户信息 | √ | √ | √ |
|
||||
| 用户流量统计 | √ | √ | √ |
|
||||
| 服务器信息上报 | √ | √ | √ |
|
||||
| 自动申请tls证书 | √ | √ | √ |
|
||||
| 自动续签tls证书 | √ | √ | √ |
|
||||
| 在线人数统计 | √ | √ | √ |
|
||||
| 在线用户限制 | √ | √ | √ |
|
||||
| 审计规则 | √ | √ | √ |
|
||||
| 节点端口限速 | √ | √ | √ |
|
||||
| 按照用户限速 | √ | √ | √ |
|
||||
| 自定义DNS | √ | √ | √ |
|
||||
|
||||
## 支持前端
|
||||
|
||||
| 前端 | v2ray | trojan | shadowsocks |
|
||||
| :----------------------------------------------------- | :---- | :----- | :------------------------------- |
|
||||
| sspanel-uim | √ | √ | √ \(单端口多用户和V2ray-Plugin\) |
|
||||
| v2board | √ | √ | √ |
|
||||
| [PMPanel](https://github.com/ByteInternetHK/PMPanel) | √ | √ | √ |
|
||||
| [ProxyPanel](https://github.com/ProxyPanel/ProxyPanel) | √ | √ | √ |
|
||||
|
||||
## V2ray支持协议
|
||||
|
||||
| 协议 | 支持情况 |
|
||||
| :-------- | :---------------------------------------------------------------------------------- |
|
||||
| VMess | tcp, tcp+http, tcp+tls, ws, ws+tls, h2c, h2+tls, grpc, grpc+tls |
|
||||
| VMessAEAD | tcp, tcp+http, tcp+tls, ws, ws+tls, h2c, h2+tls, grpc, grpc+tls |
|
||||
| VLess | tcp, tcp+http, tcp+tls/xtls, ws, ws+tls/xtls, h2c, h2+tls/xtls, grpc, grpc+tls/xtls |
|
||||
|
||||
## Trojan支持协议
|
||||
|
||||
| 协议 | 支持情况 |
|
||||
| :----- | :------- |
|
||||
| Trojan | √ |
|
||||
|
||||
## Shadowsocks支持协议
|
||||
|
||||
| 协议 | 支持情况 | 加密方法 |
|
||||
| :-------------- | :------- | :----------------------------------------------- |
|
||||
| ShadowsocksAEAD | √ | aes-128-gcm, aes-256-gcm, chacha20-ietf-poly1305 |
|
||||
|
54
SUMMARY.md
Normal file
54
SUMMARY.md
Normal file
@@ -0,0 +1,54 @@
|
||||
# Table of contents
|
||||
|
||||
* [关于XrayR](README.md)
|
||||
|
||||
## XrayR下载和安装
|
||||
|
||||
* [下载和安装](xrayr-xia-zai-he-an-zhuang/install/README.md)
|
||||
* [使用一键脚本安装](xrayr-xia-zai-he-an-zhuang/install/one-click.md)
|
||||
* [使用docker安装](xrayr-xia-zai-he-an-zhuang/install/docker.md)
|
||||
* [手动安装](xrayr-xia-zai-he-an-zhuang/install/manual.md)
|
||||
|
||||
## XrayR配置文件说明
|
||||
|
||||
* [配置文件说明](xrayr-pei-zhi-wen-jian-shuo-ming/config.md)
|
||||
|
||||
## 对接SSpanel
|
||||
|
||||
* [基本对接配置](dui-jie-sspanel/sspanel/README.md)
|
||||
* [对接新版SSPanel Custom Config](dui-jie-sspanel/sspanel/sspanel_custom_config.md)
|
||||
* [对接V2ray](dui-jie-sspanel/sspanel/v2ray.md)
|
||||
* [对接Trojan](dui-jie-sspanel/sspanel/trojan.md)
|
||||
* [对接Shadowsocks](dui-jie-sspanel/sspanel/shadowsocks.md)
|
||||
* [对接Shadowsocks - V2Ray-Plugin](dui-jie-sspanel/sspanel/dui-jie-shadowsocks-v2rayplugin.md)
|
||||
|
||||
## 对接V2board
|
||||
|
||||
* [基本对接配置](dui-jie-v2board/v2board.md)
|
||||
|
||||
## 对接PMPanel
|
||||
|
||||
* [基本对接配置](dui-jie-pmpanel/ji-ben-dui-jie-pei-zhi.md)
|
||||
|
||||
## 对接ProxyPanel
|
||||
|
||||
* [基本对接配置](dui-jie-proxypanel/ji-ben-dui-jie-pei-zhi.md)
|
||||
|
||||
## 功能说明
|
||||
|
||||
* [限速功能说明](gong-neng-shuo-ming/speedlimit.md)
|
||||
* [设备连接限制功能说明](gong-neng-shuo-ming/devicelimit.md)
|
||||
* [自定义DNS说明](gong-neng-shuo-ming/dns.md)
|
||||
* [自定义路由功能说明](gong-neng-shuo-ming/zi-ding-yi-lu-you-gong-neng-shuo-ming.md)
|
||||
* [自定义入口功能说明](gong-neng-shuo-ming/zi-ding-yi-ru-kou-gong-neng-shuo-ming.md)
|
||||
* [自定义出口功能说明](gong-neng-shuo-ming/zi-ding-yi-chu-kou-gong-neng-shuo-ming.md)
|
||||
* [审计功能说明](gong-neng-shuo-ming/rule.md)
|
||||
* [自动申请证书说明](gong-neng-shuo-ming/cert.md)
|
||||
* [Fallback 功能说明](gong-neng-shuo-ming/fallback.md)
|
||||
|
||||
## 杂项
|
||||
|
||||
* [内存优化相关](za-xiang/memopt.md)
|
||||
* [为什么要引入Shadowsocks - V2Ray-Plugin](za-xiang/wei-shen-me-yao-yin-ru-shadowsocks-v2rayplugin.md)
|
||||
* [Nginx+Trojan暂时滴神!](za-xiang/nginx+trojan-zan-shi-di-shen.md)
|
||||
|
7
dui-jie-pmpanel/ji-ben-dui-jie-pei-zhi.md
Normal file
7
dui-jie-pmpanel/ji-ben-dui-jie-pei-zhi.md
Normal file
@@ -0,0 +1,7 @@
|
||||
# 基本对接配置
|
||||
|
||||
1. 在`config.yml`中配置`PanelType: "PMpanel"`。
|
||||
2. PMpanel的详细配置请查看:[PMpanel](https://github.com/ByteInternetHK/PMPanel)
|
||||
|
||||
|
||||
|
8
dui-jie-proxypanel/ji-ben-dui-jie-pei-zhi.md
Normal file
8
dui-jie-proxypanel/ji-ben-dui-jie-pei-zhi.md
Normal file
@@ -0,0 +1,8 @@
|
||||
# 基本对接配置
|
||||
|
||||
|
||||
|
||||
1. 在`config.yml`中配置`PanelType: "Proxypanel"`。
|
||||
2. 暂不支持Proxypanel的Shadowsocks\(R\)功能。
|
||||
3. 目前只支持Proxypanel审计规则中的reject功能,不支持白名单模式。
|
||||
|
8
dui-jie-sspanel/sspanel/README.md
Normal file
8
dui-jie-sspanel/sspanel/README.md
Normal file
@@ -0,0 +1,8 @@
|
||||
# 基本对接配置
|
||||
|
||||
1. 在`config.yml`中配置`PanelType: "SSpanel"`。
|
||||
|
||||
配置文件详见:[配置文件说明](../../xrayr-pei-zhi-wen-jian-shuo-ming/config.md)
|
||||
|
||||
1. 对于sspanel >= 2021.11的版本中自动启用Custom_config的配置方法,请查看[SSPanel Custom Config](sspanel_custom_config.md),正确配置结点信息。关于订阅相关信息,请查看SSPanel相关文档:https://wiki.sspanel.org/#/universal-subscription。
|
||||
2. 如果不想使用custom config,请在`ApiConfig`中将`DisableCustomConfig`设为`true`。同时参照[shadowsocks](shadowsocks.md),[v2ray](v2ray.md)和[trojan](trojan.md)的配置方法,在sspanel地址栏中配置结点信息。
|
120
dui-jie-sspanel/sspanel/dui-jie-shadowsocks-v2rayplugin.md
Normal file
120
dui-jie-sspanel/sspanel/dui-jie-shadowsocks-v2rayplugin.md
Normal file
@@ -0,0 +1,120 @@
|
||||
# 对接Shadowsocks - V2Ray-Plugin
|
||||
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th style="text-align:left">协议</th>
|
||||
<th style="text-align:left">加密方法</th>
|
||||
<th style="text-align:left">混淆方法</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="text-align:left">Shadowsocks - V2Ray-Plugin</td>
|
||||
<td style="text-align:left">aes-128-gcm, aes-256-gcm, chacha20-ietf-poly1305</td>
|
||||
<td style="text-align:left">
|
||||
<p>simple_obfs_http,simple_obfs_tls,</p>
|
||||
<p>ws,ws+tls</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
## SSpanel-uim 节点地址格式
|
||||
|
||||
```text
|
||||
IP;监听端口;;(ws或obfs);(tls或不填);path=/xxx|host=xxxx.com|server=xxx.com|outside_port=xxx
|
||||
```
|
||||
|
||||
注意监听端口后面有两个分号
|
||||
|
||||
## SSpanel-uim 代码修改
|
||||
|
||||
SSpanel-uim关于Shadowsocks - V2Ray-Plugin的代码存在部分问题,需要加以修改才能正确下发订阅。
|
||||
|
||||
此方法写于 [SSPanel-Uim@822d3c](https://github.com/Anankke/SSPanel-Uim/commit/822d3cbcb3ad8f7e11874a96f05d73e5b016c164),不保证后续仍然生效。
|
||||
|
||||
### 修改方法
|
||||
|
||||
打开src\Models\Node.php文件,找到第420行,将其注释。
|
||||
|
||||
修改前:
|
||||
|
||||
```text
|
||||
$return_array['path'] = ($return_array['path'] . '?redirect=' . $user->getMuMd5());
|
||||
```
|
||||
|
||||
修改后:
|
||||
|
||||
```text
|
||||
// $return_array['path'] = ($return_array['path'] . '?redirect=' . $user->getMuMd5());
|
||||
```
|
||||
|
||||
## SSpanel-uim 订阅
|
||||
|
||||
SSpanel-uim建议安卓,WIN和Mac使用Clash,IOS使用Shadowrocket获取含有Shadowsocks - V2Ray-Plugin的订阅。
|
||||
|
||||
## ws + tls \(Nginx\) 示例(**推荐**)
|
||||
|
||||
交由Caddy或者Nginx处理TLS 节点配置和 ws+tls一致,在后端配置`CertMode: none`
|
||||
|
||||
同时设置outside\_port为Nginx监听端口,转发到12345为XrayR监听端口。可以在后端配置`ListenIP: 127.0.0.1`监听本地端口。
|
||||
|
||||
```text
|
||||
ip;12345;;ws;tls;path=/xxx|server=域名|host=CDN域名|outside_port=443
|
||||
```
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;12345;;ws;tls;path=/ss|server=hk.domain.com|host=hk.domain.com|outside_port=443
|
||||
```
|
||||
|
||||
## ws+tls示例
|
||||
|
||||
```text
|
||||
ip;12345;;ws;tls;path=/xxx|host=xxxx.com|server=xxx.com
|
||||
```
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;12345;;ws;tls;path=/ss|host=hk.domain.com|server=hk.domain.com
|
||||
```
|
||||
|
||||
## ws示例
|
||||
|
||||
```text
|
||||
ip;12345;;ws;;path=/xxx|host=xxxx.com|server=xxx.com
|
||||
```
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;12345;;ws;;path=/ss|host=hk.domain.com|server=hk.domain.com
|
||||
```
|
||||
|
||||
## simple\_obfs\_http示例
|
||||
|
||||
```text
|
||||
ip;12345;;obfs;http;server=xxx.com
|
||||
```
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;12345;;obfs;http;server=hk.domain.com
|
||||
```
|
||||
|
||||
## simple\_obfs\_tls示例
|
||||
|
||||
```text
|
||||
ip;12345;;obfs;tls;server=xxx.com
|
||||
```
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;12345;;obfs;tls;server=hk.domain.com
|
||||
```
|
||||
|
||||
## 中转端口
|
||||
|
||||
在任一配置组合后增加`|outside_port=xxx`,此项为用户连接端口。
|
||||
|
||||
XrayR没有`inside_port=xx`配置选项,如需监听本地端口,请在配置文件中设置监听ip为`127.0.0.1`。
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;12345;;ws;tls;path=/ss|server=hk.domain.com|host=hk.domain.com|outside_port=8888
|
||||
```
|
||||
|
22
dui-jie-sspanel/sspanel/shadowsocks.md
Normal file
22
dui-jie-sspanel/sspanel/shadowsocks.md
Normal file
@@ -0,0 +1,22 @@
|
||||
# 对接Shadowsocks
|
||||
|
||||
| 协议 | 支持情况 | 加密方法 |
|
||||
| :--- | :--- | :--- |
|
||||
| ShadowsocksAEAD | √ | aes-128-gcm, aes-256-gcm, chacha20-ietf-poly1305 |
|
||||
|
||||
## SSpanel-uim 节点地址格式
|
||||
|
||||
* 请注意,节点类型请选择:`Shadowsocks`
|
||||
* 单端口多用户承载用户加密方式请选择:`aes-128-gcm`, `aes-256-gcm`, `chacha20-ietf-poly1305`三者之一。
|
||||
* XrayR目前只支持一个单端口多用户承载用户,有多个承载用户时只使用第一个。
|
||||
|
||||
```text
|
||||
域名或IP;port=监听端口#连接端口;server=xx
|
||||
```
|
||||
|
||||
## Shadowsocks 示例
|
||||
|
||||
```text
|
||||
示例:gz.aaa.com;port=80#1234;server=gz.aaa.com
|
||||
```
|
||||
|
206
dui-jie-sspanel/sspanel/sspanel_custom_config.md
Normal file
206
dui-jie-sspanel/sspanel/sspanel_custom_config.md
Normal file
@@ -0,0 +1,206 @@
|
||||
# 对接新版SSPanel Custom Config
|
||||
|
||||
对于sspanel >= 2021.11的版本中自动启用Custom_config的配置方法,请查看以下配置,正确配置结点信息。关于订阅相关信息,请查看SSPanel相关文档:https://wiki.sspanel.org/#/universal-subscription。
|
||||
如果不想使用custom config,请在`ApiConfig`中将`DisableCustomConfig`设为`true`。
|
||||
|
||||
# Shadowsocks
|
||||
```json
|
||||
{
|
||||
"offset_port_user": "12345", //前端/订阅中下发的端口
|
||||
"offset_port_node": "12345", //节点服务器下发的端口
|
||||
"server_user": "hk.domain.com", //前端/订阅中下发的服务器地址
|
||||
"mu_encryption": "chacha20-ietf-poly1305", // `aes-128-gcm`, `aes-256-gcm`, `chacha20-ietf-poly1305`三者之一
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
# V2ray
|
||||
|
||||
alterId设为0,则自动启用VMessAEAD。
|
||||
|
||||
{% hint style="info" %} 注意:VMESS AEAD 将在 2022 年 1 月 1 日强制启用 请注意更新服务端配置,设置alterId = 0 {% endhint %}
|
||||
|
||||
## tcp示例
|
||||
|
||||
``` json
|
||||
{
|
||||
"offset_port_node": 12345,
|
||||
"server_sub": "hk.domain.com",
|
||||
"alter_id": 0,
|
||||
"network": "tcp",
|
||||
"security": "none",
|
||||
}
|
||||
```
|
||||
|
||||
## tcp+http示例
|
||||
|
||||
```json
|
||||
{
|
||||
"offset_port_node": 12345,
|
||||
"server_sub": "hk.domain.com",
|
||||
"alter_id": 0,
|
||||
"network": "tcp",
|
||||
"security": "none",
|
||||
"header": {
|
||||
"type": "http",
|
||||
"request": {
|
||||
"path": ["/"],
|
||||
"headers": {
|
||||
"Host": ["www.baidu.com"]
|
||||
}
|
||||
},
|
||||
"response": {}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## tcp+tls示例
|
||||
|
||||
```json
|
||||
{
|
||||
"offset_port_node": 443,
|
||||
"server_sub": "hk.domain.com",
|
||||
"host": "hk.domain.com",
|
||||
"alter_id": 0,
|
||||
"network": "tcp",
|
||||
"security": "tls",
|
||||
}
|
||||
```
|
||||
|
||||
## ws示例
|
||||
|
||||
```json
|
||||
{
|
||||
"offset_port_node": 80,
|
||||
"server_sub": "hk.domain.com",
|
||||
"host": "hk.domain.com",
|
||||
"alter_id": 0,
|
||||
"network": "ws",
|
||||
"security": "none",
|
||||
"path": "/v2ray"
|
||||
}
|
||||
```
|
||||
|
||||
## ws+tls示例
|
||||
|
||||
```json
|
||||
{
|
||||
"offset_port_node": 443,
|
||||
"server_sub": "hk.domain.com",
|
||||
"host": "hk.domain.com",
|
||||
"alter_id": 0,
|
||||
"network": "ws",
|
||||
"security": "tls",
|
||||
"path": "/v2ray"
|
||||
}
|
||||
```
|
||||
|
||||
## grpc+tls示例
|
||||
|
||||
```json
|
||||
{
|
||||
"offset_port_node": 443,
|
||||
"server_sub": "hk.domain.com",
|
||||
"host": "hk.domain.com",
|
||||
"alter_id": 0,
|
||||
"network": "grpc",
|
||||
"security": "tls",
|
||||
"servicename": "some_name"
|
||||
}
|
||||
```
|
||||
|
||||
## 中转端口示例
|
||||
在任一配置中设置`offset_port_user`为用户连接端口
|
||||
|
||||
``` json
|
||||
{
|
||||
"offset_port_user": 8888,
|
||||
"offset_port_node": 12345,
|
||||
"server_sub": "hk.domain.com",
|
||||
"alter_id": 0,
|
||||
"network": "tcp",
|
||||
"security": "none",
|
||||
}
|
||||
```
|
||||
|
||||
此时用户连接端口为8888,结点监听端口为12345
|
||||
|
||||
## 启用vless
|
||||
在任一配置中设置`enable_vless: 1`为用户连接端口
|
||||
|
||||
``` json
|
||||
{
|
||||
"offset_port_node": 443,
|
||||
"server_sub": "hk.domain.com",
|
||||
"host": "hk.domain.com",
|
||||
"alter_id": 0,
|
||||
"network": "tcp",
|
||||
"security": "tls",
|
||||
"enable_vless": 1
|
||||
}
|
||||
```
|
||||
请开启vless同时务必使用tls或者xtls。
|
||||
|
||||
## 启用xtls
|
||||
在任一配置中设置`security: xtls`。
|
||||
|
||||
``` json
|
||||
{
|
||||
"offset_port_node": 443,
|
||||
"server_sub": "hk.domain.com",
|
||||
"host": "hk.domain.com",
|
||||
"alter_id": 0,
|
||||
"network": "tcp",
|
||||
"security": "xtls",
|
||||
"enable_vless": 1
|
||||
}
|
||||
```
|
||||
|
||||
# Trojan
|
||||
|
||||
## tcp示例
|
||||
|
||||
``` json
|
||||
{
|
||||
"offset_port_node": 443,
|
||||
"server_sub": "hk.domain.com",
|
||||
"host": "hk.domain.com"
|
||||
}
|
||||
```
|
||||
|
||||
## grpc示例
|
||||
|
||||
``` json
|
||||
{
|
||||
"offset_port_node": 443,
|
||||
"server_sub": "hk.domain.com",
|
||||
"host": "hk.domain.com",
|
||||
"grpc": 1,
|
||||
"servicename": "some_name"
|
||||
}
|
||||
```
|
||||
|
||||
## 中转示例
|
||||
在任一配置中设置`offset_port_user`为用户连接端口
|
||||
``` json
|
||||
{
|
||||
"offset_port_user": 443,
|
||||
"offset_port_node": 12345,
|
||||
"server_sub": "hk.domain.com",
|
||||
"host": "hk.domain.com"
|
||||
}
|
||||
```
|
||||
此时用户连接443,结点监听12345
|
||||
|
||||
## 启用xtls
|
||||
|
||||
在任一配置中设置`enable_xtls: 1`。
|
||||
|
||||
``` json
|
||||
{
|
||||
"offset_port_node": 443,
|
||||
"server_sub": "hk.domain.com",
|
||||
"host": "hk.domain.com",
|
||||
"enable_xtls": 1
|
||||
}
|
||||
```
|
46
dui-jie-sspanel/sspanel/trojan.md
Normal file
46
dui-jie-sspanel/sspanel/trojan.md
Normal file
@@ -0,0 +1,46 @@
|
||||
# 对接Trojan
|
||||
|
||||
| 协议 | 支持情况 | 支持协议 |
|
||||
| :--- | :--- | :--- |
|
||||
| Trojan | √ | tcp, grpc |
|
||||
|
||||
## SSpanel-uim 节点地址格式
|
||||
|
||||
```text
|
||||
域名或IP;port=用户连接端口#监听端口|host=xx
|
||||
```
|
||||
|
||||
## tcp示例
|
||||
|
||||
```text
|
||||
示例:gz.aaa.com;port=443|host=gz.aaa.com
|
||||
```
|
||||
|
||||
## grpc示例
|
||||
|
||||
使用trojan+grpc请升级sspanel至[Anankke/SSPanel-Uim@8f68b63](https://github.com/Anankke/SSPanel-Uim/commit/8f68b6360baf9f6624e1158e3cae81d93d1db107)
|
||||
|
||||
```text
|
||||
示例:gz.aaa.com;port=443|host=gz.aaa.com|grpc=1|servicename=mygrpc
|
||||
```
|
||||
|
||||
## 中转示例
|
||||
|
||||
用户连接443,XrayR监听12345
|
||||
|
||||
```text
|
||||
示例:gz.aaa.com;port=443#12345|host=hk.aaa.com
|
||||
```
|
||||
|
||||
## 启用xtls **\(此项为实验性功能\)**
|
||||
|
||||
sspanel升级到此版本[Anankke/SSPanel-Uim@8f68b63](https://github.com/Anankke/SSPanel-Uim/commit/8f68b6360baf9f6624e1158e3cae81d93d1db107)后支持xtls订阅下发
|
||||
|
||||
将任意协议配置中添加`enable_xtls=true`,如果xtls有流控flow,则在最后增加: `flow=flow-vlaue`
|
||||
|
||||
```text
|
||||
示例:gz.aaa.com;port=443|host=gz.aaa.com|enable_xtls=true|flow=xtls-rprx-direct
|
||||
```
|
||||
|
||||
同时在本地设置文件将`EnableXTLS`设为true。 配置文件详见:[配置文件说明](https://github.com/XrayR-project/XrayR-doc/tree/af55d4cc45735ca8d00491aa97f8cbbd97c8faf4/sspanel/config/README.md)
|
||||
|
136
dui-jie-sspanel/sspanel/v2ray.md
Normal file
136
dui-jie-sspanel/sspanel/v2ray.md
Normal file
@@ -0,0 +1,136 @@
|
||||
# 对接V2ray
|
||||
|
||||
| 协议 | 支持情况 |
|
||||
| :--- | :--- |
|
||||
| VMess | tcp, tcp+http, tcp+tls, ws, ws+tls, h2c, h2+tls, grpc, grpc+tls |
|
||||
| VMessAEAD | tcp, tcp+http, tcp+tls, ws, ws+tls, h2c, h2+tls, grpc, grpc+tls |
|
||||
| VLess | tcp, tcp+http, tcp+tls/xtls, ws, ws+tls/xtls, h2c, h2+tls/xtls, grpc, grpc+tls/xtls |
|
||||
|
||||
## SSpanel-uim 节点地址格式
|
||||
|
||||
```text
|
||||
IP;监听端口;alterId;(tcp或ws);(tls或不填);path=/xxx|host=xxxx.com|server=xxx.com|outside_port=xxx
|
||||
```
|
||||
|
||||
alterId设为0,则自动启用VMessAEAD。
|
||||
|
||||
{% hint style="info" %} 注意:VMESS AEAD 将在 2022 年 1 月 1 日强制启用 请注意更新服务端配置,设置alterId = 0 {% endhint %}
|
||||
|
||||
## tcp示例
|
||||
|
||||
```text
|
||||
ip;12345;0;tcp;;server=域名
|
||||
```
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;12345;0;tcp;;server=hk.domain.com
|
||||
```
|
||||
|
||||
## tcp+http示例
|
||||
|
||||
注意sspanel并不支持此类订阅下发,此选项只供开启后端http混淆。
|
||||
|
||||
```text
|
||||
ip;12345;0;tcp;;server=域名;headertype=http
|
||||
```
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;12345;0;tcp;;server=hk.domain.com;headertype=http
|
||||
```
|
||||
|
||||
## tcp + tls 示例
|
||||
|
||||
```text
|
||||
ip;12345;0;tcp;tls;server=域名|host=域名
|
||||
```
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;12345;0;tcp;tls;server=hk.domain.com|host=hk.domain.com
|
||||
```
|
||||
|
||||
## ws示例
|
||||
|
||||
```text
|
||||
ip;80;0;ws;;path=/xxx|server=域名|host=CDN域名
|
||||
```
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;80;0;ws;;path=/v2ray|server=hk.domain.com|host=hk.domain.com
|
||||
```
|
||||
|
||||
## ws + tls 示例
|
||||
|
||||
```text
|
||||
ip;443;0;ws;tls;path=/xxx|server=域名|host=CDN域名
|
||||
```
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;443;0;ws;tls;path=/v2ray|server=hk.domain.com|host=hk.domain.com
|
||||
```
|
||||
|
||||
## ws + tls \(Caddy/Nginx\) 示例
|
||||
|
||||
交由Caddy或者Nginx处理TLS 节点配置和 ws+tls一致,在后端配置`CertMode: none`
|
||||
|
||||
同时设置outside\_port为Caddy/Nginx监听端口,转发到12345为XrayR监听端口。可以在后端配置`ListenIP: 127.0.0.1`监听本地端口。
|
||||
|
||||
```text
|
||||
ip;12345;0;tls;ws;path=/xxx|server=域名|host=CDN域名|outside_port=443
|
||||
```
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;12345;0;ws;tls;path=/v2ray|server=hk.domain.com|host=hk.domain.com示例:1.3.5.7;12345;2;ws;tls;path=/v2ray|server=hk.domain.com|host=hk.domain.com
|
||||
```
|
||||
|
||||
## grpc+tls示例
|
||||
|
||||
使用grpc建议升级sspanel至[Anankke/SSPanel-Uim@8f68b63](https://github.com/Anankke/SSPanel-Uim/commit/8f68b6360baf9f6624e1158e3cae81d93d1db107)
|
||||
|
||||
```text
|
||||
ip;12345;0;grpc;tls;host=域名|server=域名|servicename=任意字符串
|
||||
```
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;12345;0;grpc;tls;host=hk.domain.com|server=hk.domain.com|servicename=mygrpc
|
||||
```
|
||||
|
||||
## 中转端口
|
||||
|
||||
在任一配置组\|合后增加`|outside_port=xxx`,此项为用户连接端口。
|
||||
|
||||
XrayR没有`inside_port=xx`配置选项,如需监听本地端口,请在配置文件中设置监听ip为`127.0.0.1`。
|
||||
|
||||
```text
|
||||
示例:1.3.5.7;80;0;ws;;path=/v2ray|server=hk.domain.com|host=hk.domain.com|outside_port=12345
|
||||
```
|
||||
|
||||
## 启用Vless
|
||||
|
||||
此项为实验性功能,请确保您使用的面板已经支持下发vless订阅,否则请手动配置客户端。
|
||||
|
||||
sspanel升级到此版本[Anankke/SSPanel-Uim@8f68b63](https://github.com/Anankke/SSPanel-Uim/commit/8f68b6360baf9f6624e1158e3cae81d93d1db107)后支持vless订阅下发
|
||||
|
||||
在任意协议配置后增加`enable_vless=true`
|
||||
|
||||
```text
|
||||
示例:hk.domain.com;12345;0;tcp;(tls或xtls);server=hk.domain.com|enable_vless=true
|
||||
```
|
||||
|
||||
同时在本地设置文件将`EnableVless`设为true。 配置文件详见:[配置文件说明](../../xrayr-pei-zhi-wen-jian-shuo-ming/config.md#mian-ban-dui-jie-pei-zhi)
|
||||
|
||||
请开启vless同时务必使用tls或者xtls。
|
||||
|
||||
## 启用xtls
|
||||
|
||||
此项为实验性功能,请确保您使用的面板已经支持下发带有xtls的订阅,否则请手动配置客户端。
|
||||
|
||||
sspanel升级到此版本[Anankke/SSPanel-Uim@8f68b63](https://github.com/Anankke/SSPanel-Uim/commit/8f68b6360baf9f6624e1158e3cae81d93d1db107)后支持xtls订阅下发
|
||||
|
||||
将任意协议配置中的`tls`替换成`xtls`,如果xtls有流控flow,则在最后增加: `|flow=flow-vlaue`
|
||||
|
||||
```text
|
||||
示例:hk.domain.com;443;0;tcp;xtls;server=hk.domain.com|host=hk.domain.com|enable_vless=true|flow=xtls-rprx-direct
|
||||
```
|
||||
|
||||
同时在本地设置文件将`EnableXTLS`设为true。 配置文件详见:[配置文件说明](../../xrayr-pei-zhi-wen-jian-shuo-ming/config.md#mian-ban-dui-jie-pei-zhi)
|
||||
|
49
dui-jie-v2board/v2board.md
Normal file
49
dui-jie-v2board/v2board.md
Normal file
@@ -0,0 +1,49 @@
|
||||
# 基本对接配置
|
||||
|
||||
1. 在`config.yml`中配置`PanelType: "V2board"`。
|
||||
2. V2board只有V2ray节点类型支持面板配置审计规则,其他协议请使用XrayR[本地审计功能](../gong-neng-shuo-ming/rule.md)。
|
||||
3. 启用vless和xtls,请在配置文件中手动启动,V2board不支持在线配置,同时V2board不支持vless和xtls下发,请手动修改客户端配置,或者自行寻找其他解决方案。
|
||||
|
||||
配置文件详见:[配置文件说明](../xrayr-pei-zhi-wen-jian-shuo-ming/config.md)
|
||||
|
||||
### 对接vmess+ws
|
||||
v2board需要在传输协议配置中增加以下内容,配置ws的路径:
|
||||
```
|
||||
{
|
||||
"path": "/name",
|
||||
}
|
||||
```
|
||||
其中`"name"`换成任意字符串,可用于nginx等反代分流。
|
||||
|
||||
### 对接vmess+grpc
|
||||
|
||||
为了成功支持clash连接,在对接vmess+grpc时,v2board需要在传输协议配置中增加如下内容:
|
||||
|
||||
```text
|
||||
{
|
||||
"serviceName": "name",
|
||||
}
|
||||
```
|
||||
|
||||
其中`"name"`换成任意字符串,可用于nginx等反代分流。
|
||||
|
||||
### 对接vmess+tcp+http
|
||||
|
||||
{% hint style="info" %}
|
||||
原生V2board不支持tcp+http订阅下发,请自行寻找解决方法,或手动配置客户端文件。
|
||||
{% endhint %}
|
||||
|
||||
在对接vmess+tcp+http时,v2board需要在传输协议配置中增加如下内容:
|
||||
|
||||
```text
|
||||
{
|
||||
"header": {
|
||||
"type": "http",
|
||||
"request": {},
|
||||
"response": {}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
其中`request`和`response`中的内容请自行参照[Xray-core文档](https://xtls.github.io/config/transports/tcp.html#httpheaderobject)设置。
|
||||
|
28
gong-neng-shuo-ming/cert.md
Normal file
28
gong-neng-shuo-ming/cert.md
Normal file
@@ -0,0 +1,28 @@
|
||||
# 自动申请证书说明
|
||||
|
||||
XrayR 支持多种自动申请证书配置。申请到的证书将会放在**配置文件\(config.yml\)目录的`cert`文件夹下**。
|
||||
|
||||
以下是自动申请证书的相关配置文件说明。
|
||||
|
||||
```yaml
|
||||
CertConfig:
|
||||
CertMode: dns # Option about how to get certificate: none, file, http, dns. Choose "none" will forcedly disable the tls config.
|
||||
CertDomain: "node2.test.com" # Domain to cert
|
||||
CertFile: /etc/XrayR/cert/node2.test.com.cert # Provided if the CertMode is file
|
||||
KeyFile: /etc/XrayR/cert/node2.test.com.key
|
||||
Provider: alidns # DNS cert provider, Get the full support list here: https://go-acme.github.io/lego/dns/
|
||||
Email: test@me.com
|
||||
DNSEnv: # DNS ENV option used by DNS provider
|
||||
ALICLOUD_ACCESS_KEY: aaa
|
||||
ALICLOUD_SECRET_KEY: bbb
|
||||
```
|
||||
|
||||
| 参数 | 选项 | 说明 |
|
||||
| :--- | :--- | :--- |
|
||||
| `CertMode` | `none`,`file`,`http`,`dns` | 获取证书的方式。`file`:手动提供,并制定路径。`http`:通过http申请,需要80端口。`dns`:使用dns模式申请,需要制定相关dns服务商配置。`none`:强制关闭tls设置,交由nginx或者caddy处理。 |
|
||||
| `CertDomain` | 无 | 申请证书域名 |
|
||||
| `CertFile` | 无 | 手动指定的证书路径 |
|
||||
| `KeyFile` | 无 | 手动指定的私钥路径 |
|
||||
| `Provider` | 无 | dns提供商,所有支持的dns提供商请在此获取:[https://go-acme.github.io/lego/dns/](https://go-acme.github.io/lego/dns/) |
|
||||
| `DNSEnv` | 无 | 采用DNS申请证书需要的环境变量,请参考上文链接内,自己的dns提供商所需要的参数,填写于此。请注意一行一个,填写时需符合yaml文件格式。 |
|
||||
|
14
gong-neng-shuo-ming/devicelimit.md
Normal file
14
gong-neng-shuo-ming/devicelimit.md
Normal file
@@ -0,0 +1,14 @@
|
||||
# 设备连接限制功能说明
|
||||
|
||||
由于大量面板不再支持远程设备限制指定,现增加本地设备限制参数。
|
||||
|
||||
如需启用,可在配置文件中将`DeviceLimit`设为非0值,注意此设置会覆盖远程获取的用户设备限制数目。
|
||||
|
||||
配置文件详见:[配置文件说明](../xrayr-pei-zhi-wen-jian-shuo-ming/config.md#mian-ban-dui-jie-pei-zhi)
|
||||
|
||||
## 全局设备限制
|
||||
|
||||
当XrayR版本>=v0.7.1,SSpanel版本>=[2021.9](https://github.com/Anankke/SSPanel-Uim/releases/tag/2021.9),XrayR将会针对SSpanel启用全局设备限制功能。此时,不同后端结点将会全局限制独立IP连接数量,而非各后端本地限制。
|
||||
|
||||
当设备限制为1时,不同结点之间的切换会受到限制,建议至少设置设备数为2。并且由于SSPanel面板限制,IP连接信息可能需要至少2分钟才能传递到全部的后端结点,因此在2分钟内的同时连接将不能被限制。
|
||||
|
41
gong-neng-shuo-ming/dns.md
Normal file
41
gong-neng-shuo-ming/dns.md
Normal file
@@ -0,0 +1,41 @@
|
||||
# 自定义DNS说明
|
||||
|
||||
XrayR支持为不同节点设置不同的DNS策略,具体方法如下:
|
||||
|
||||
1. 编写dns.json文件,此配置与Xray DNS配置完全相同,请查看:[https://xtls.github.io/config/dns.html](https://xtls.github.io/config/dns.html) 获取帮助。
|
||||
2. 在`config.yml`中配置`DnsConfigPath`为dns.json的路径。
|
||||
3. 在所需要启用自定义DNS的节点中,将`EnableDNS`设为true。如设为false或者不填则是使用本机DNS。
|
||||
4. 如果要启用geoip相关配置,请确保`geoip.dat`和`geosite.dat`处于和`config.yml`同一目录。
|
||||
|
||||
## DNS解锁样例配置
|
||||
|
||||
```javascript
|
||||
{
|
||||
"servers": [
|
||||
"8.8.8.8",
|
||||
{
|
||||
"address": "1.1.2.2", // 购买的 DNS 解锁提供的 IP
|
||||
"port": 53,
|
||||
"domains": [
|
||||
"geosite:netflix"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
## 设置IPV6优先
|
||||
|
||||
1. 请先确保主机有ipv6地址,如无,请考虑使用[warp](https://github.com/P3TERX/warp.sh)获取ipv6。
|
||||
2. 在所需要设置IPV6优先的节点中,将`EnableDNS`设为true。
|
||||
3. 在所需要设置IPV6优先的节点中,将`SendIP`设为`"::"`。
|
||||
4. 在所需要设置IPV6优先的节点中,将`DNSType`设为`UseIP`。
|
||||
|
||||
至此,XrayR将会优先使用目标网站的ipv6地址进行访问,不会影响默认ipv4站点的访问。~~可以用于解锁Netflix等需求~~
|
||||
|
||||
## 设置IPV4优先
|
||||
|
||||
1. 在所需要设置IPV4优先的节点中,将`EnableDNS`设为true。
|
||||
2. 在所需要设置IPV4优先的节点中,将`SendIP`设为`"0.0.0.0"`。
|
||||
3. 在所需要设置IPV4优先的节点中,将`DNSType`设为`UseIP`。
|
||||
|
120
gong-neng-shuo-ming/fallback.md
Normal file
120
gong-neng-shuo-ming/fallback.md
Normal file
@@ -0,0 +1,120 @@
|
||||
# Fallback 功能说明
|
||||
|
||||
> fallback 为 Xray 提供了高强度的防主动探测性, 并且具有独创的首包回落机制.
|
||||
>
|
||||
> fallback 也可以将不同类型的流量根据 path 进行分流, 从而实现一个端口, 多种服务共享.
|
||||
>
|
||||
> 目前您可以在使用 VLESS 或者 trojan 协议时, 通过配置 fallbacks 来使用回落这一特性, 并且创造出非常丰富的组合玩法.
|
||||
>
|
||||
> ---[https://xtls.github.io/config/features/fallback.html](https://xtls.github.io/config/features/fallback.html)
|
||||
|
||||
## 启用Fallback功能
|
||||
|
||||
设置`EnableFallback`为`true`,并配置`FallBackConfigs`
|
||||
|
||||
```yaml
|
||||
ControllerConfig:
|
||||
EnableFallback: true # Only support for Trojan and Vless
|
||||
FallBackConfigs: # Support multiple fallbacks
|
||||
-
|
||||
SNI: # TLS SNI(Server Name Indication), Empty for any
|
||||
Alpn: # Alpn, Empty for any
|
||||
Path: # HTTP PATH, Empty for any
|
||||
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
|
||||
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
|
||||
```
|
||||
|
||||
## 配置Fallback
|
||||
|
||||
XrayR遵循Xray设计思路,支持一个节点多个Fallback设置,因此`FallBackConfigs`为一个数组,每个子元素示例如下:
|
||||
|
||||
```yaml
|
||||
-
|
||||
SNI: # TLS SNI(Server Name Indication), Empty for any
|
||||
Alpn: # Alpn, Empty for any
|
||||
Path: # HTTP PATH, Empty for any
|
||||
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
|
||||
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
|
||||
```
|
||||
|
||||
### SNI: string
|
||||
|
||||
尝试匹配 TLS SNI\(Server Name Indication\),空为任意,默认为 ""
|
||||
|
||||
### Alpn: string
|
||||
尝试匹配 TLS ALPN 协商结果,空为任意,默认为 ""
|
||||
|
||||
有需要时,VLESS 才会尝试读取 TLS ALPN 协商结果,若成功,输出 info `realAlpn =` 到日志。
|
||||
用途:解决了 Nginx 的 h2c 服务不能同时兼容 http/1.1 的问题,Nginx 需要写两行 listen,分别用于 1.1 和 h2c。
|
||||
注意:fallbacks alpn 存在 `"h2"` 时,[Inbound TLS](../transport.md#tlsobject) 需设置 `"alpn":["h2","http/1.1"]`,以支持 h2 访问。
|
||||
|
||||
{% hint style="info" %}
|
||||
Fallback 内设置的 `alpn` 是匹配实际协商出的 ALPN,而 Inbound TLS 设置的 `alpn` 是握手时可选的 ALPN 列表,两者含义不同。
|
||||
{% endhint %}
|
||||
|
||||
### Path: string
|
||||
|
||||
尝试匹配首包 HTTP PATH,空为任意,默认为空,非空则必须以 "/" 开头,不支持 h2c。
|
||||
|
||||
智能:有需要时,VLESS 才会尝试看一眼 PATH(不超过 55 个字节;最快算法,并不完整解析 HTTP),若成功,输出 info realPath = 到日志。 用途:分流其它 inbound 的 WebSocket 流量或 HTTP 伪装流量,没有多余处理、纯粹转发流量,实测比 Nginx 反代更强。
|
||||
|
||||
注意:fallbacks 所在入站本身必须是 TCP+TLS,这是分流至其它 WS 入站用的,被分流的入站则无需配置 TLS。
|
||||
|
||||
### Dest: string\|number
|
||||
|
||||
决定 TLS 解密后 TCP 流量的去向,目前支持两类地址:(该项必填,否则无法启动)
|
||||
|
||||
1. TCP,格式为 "addr:port",其中 addr 支持 IPv4、域名、IPv6,若填写域名,也将直接发起 TCP 连接(而不走内置的 DNS)。
|
||||
2. Unix domain socket,格式为绝对路径,形如 "/dev/shm/domain.socket",可在开头加 "@" 代表 abstract,"@@" 则代表带 padding 的 abstract。
|
||||
|
||||
若只填 port,数字或字符串均可,形如 80、"80",通常指向一个明文 http 服务(addr 会被补为 "127.0.0.1")。
|
||||
|
||||
### ProxyProtocolVer: number
|
||||
|
||||
发送 PROXY protocol,专用于传递请求的真实来源 IP 和端口,填版本 1 或 2,默认为 0,即不发送。若有需要建议填 1。
|
||||
|
||||
目前填 1 或 2,功能完全相同,只是结构不同,且前者可打印,后者为二进制。Xray 的 TCP 和 WS 入站均已支持接收 PROXY protocol。
|
||||
|
||||
> TIP
|
||||
>
|
||||
> 若你正在 配置 Nginx 接收 PROXY protocol,除了设置 proxy\_protocol 外,还需设置 set\_real\_ip\_from,否则可能会出问题。
|
||||
|
||||
## Fallback 示例
|
||||
|
||||
XrayR设置
|
||||
|
||||
```text
|
||||
EnableFallback: true
|
||||
FallBackConfigs: # Support multiple fallbacks
|
||||
-
|
||||
SNI:
|
||||
Alpn:
|
||||
Path:
|
||||
Dest: 8080
|
||||
ProxyProtocolVer: 0
|
||||
```
|
||||
|
||||
Nginx设置
|
||||
|
||||
```text
|
||||
server {
|
||||
listen 8080 http2;
|
||||
root /var/www/public; # 改成你自己的路径
|
||||
index index.php index.html;
|
||||
server_name www.test.com; # 改成你自己的域名
|
||||
|
||||
location / {
|
||||
try_files $uri /index.php$is_args$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
include snippets/fastcgi-php.conf;
|
||||
fastcgi_pass 127.0.0.1:9000; # unix:/run/php/php-fpm.sock;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## 参考
|
||||
|
||||
[Xray Fallback](https://xtls.github.io/config/features/fallback.html)
|
||||
|
23
gong-neng-shuo-ming/rule.md
Normal file
23
gong-neng-shuo-ming/rule.md
Normal file
@@ -0,0 +1,23 @@
|
||||
# 审计功能说明
|
||||
|
||||
1. 请在前端审计规则处填写任意正则表达式,如 `baidu.com`将屏蔽所有baidu的域名,`(.+\.|^)(360|so)\.(cn|com)`将屏蔽360相关网站。
|
||||
2. 支持输入ip地址屏蔽ip,如`127.0.0.1`。
|
||||
3. BT协议屏蔽请查看:[自定义路由功能说明](zi-ding-yi-lu-you-gong-neng-shuo-ming.md)
|
||||
|
||||
## 本地审计规则设置
|
||||
|
||||
针对不支持远程设置审计规则的面板:如V2board,可以在本地配置文件`RuleListPath`设置本地规则文件路径。规则文件不需要定义文件类型,每条**正则规则**一行,默认本地规则ID标号为-1。
|
||||
|
||||
配置文件详见:[配置文件说明](../xrayr-pei-zhi-wen-jian-shuo-ming/config.md#mian-ban-dui-jie-pei-zhi)
|
||||
|
||||
**本地规则文件示例**
|
||||
|
||||
请保证每行只是一个单纯的正则规则,不要包含任何其无关他字符串。
|
||||
|
||||
```text
|
||||
(.+\.|^)(360|so)\.(cn|com)
|
||||
baidu.com
|
||||
google.com
|
||||
127.0.0.1
|
||||
```
|
||||
|
16
gong-neng-shuo-ming/speedlimit.md
Normal file
16
gong-neng-shuo-ming/speedlimit.md
Normal file
@@ -0,0 +1,16 @@
|
||||
# 限速功能说明
|
||||
|
||||
1. 节点限速:请在SSpanel的节点限速处填写,单位Mbps。
|
||||
2. 用户限速:请在SSpanel的用户设置处填写,单位Mbps。
|
||||
3. 限速值设为0,则为不限速。
|
||||
|
||||
## 本地节点限速设置
|
||||
|
||||
针对不支持远程设置限速的面板:如V2board,可以在本地配置文件`SpeedLimit`设置限速。注意此设置会覆盖远程获取的节点级别限速。
|
||||
|
||||
{% hint style="info" %}
|
||||
节点限速:所有连接到该节点的用户限速值都会采用`SpeedLimit`中的设置值**(不是端口限速)**
|
||||
{% endhint %}
|
||||
|
||||
配置文件详见:[配置文件说明](../xrayr-pei-zhi-wen-jian-shuo-ming/config.md#mian-ban-dui-jie-pei-zhi)
|
||||
|
@@ -0,0 +1,29 @@
|
||||
# 自定义出口功能说明
|
||||
|
||||
XrayR完整支持全部的Xray-core所提供的自定义出口功能,具体启用方式如下:
|
||||
|
||||
1. 编写 custom\_outbound.json文件,此配置与Xray 出口配置完全相同,请查看:[https://xtls.github.io/config/outbound.html](https://xtls.github.io/config/outbound.html)获取帮助。
|
||||
2. 在`config.yml`中配置`OutboundConfigPath`为custom\_outbound.json的路径。
|
||||
|
||||
### 自定义出口功能示例
|
||||
|
||||
```text
|
||||
[
|
||||
{
|
||||
"tag": "IPv4_out",
|
||||
"protocol": "freedom"
|
||||
},
|
||||
{
|
||||
"tag": "IPv6_out",
|
||||
"protocol": "freedom",
|
||||
"settings": {
|
||||
"domainStrategy": "UseIPv6"
|
||||
}
|
||||
},
|
||||
{
|
||||
"protocol": "blackhole",
|
||||
"tag": "block"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
43
gong-neng-shuo-ming/zi-ding-yi-lu-you-gong-neng-shuo-ming.md
Normal file
43
gong-neng-shuo-ming/zi-ding-yi-lu-you-gong-neng-shuo-ming.md
Normal file
@@ -0,0 +1,43 @@
|
||||
# 自定义路由功能说明
|
||||
|
||||
XrayR完整支持全部的Xray-core所提供的自定义路由功能,具体启用方式如下:
|
||||
|
||||
1. 编写 route.json文件,此配置与Xray 路由配置完全相同,请查看:[https://xtls.github.io/config/routing.html](https://xtls.github.io/config/routing.html)获取帮助。
|
||||
2. 在`config.yml`中配置`RouteConfigPath`为route.json的路径。
|
||||
3. 如果要启用geoip相关配置,请确保`geoip.dat`和`geosite.dat`处于和`config.yml`同一目录。
|
||||
|
||||
{% hint style="info" %}
|
||||
远程获取的节点自动生成的inboundTag/outboundTag遵循:`NodeType_ListenIP_Port`的形式。如:`V2ray_0.0.0.0_80`。入/出站tag相同。
|
||||
{% endhint %}
|
||||
|
||||
### 自定义路由功能示例
|
||||
|
||||
```text
|
||||
{
|
||||
"domainStrategy": "IPOnDemand",
|
||||
"rules": [
|
||||
{
|
||||
"type": "field",
|
||||
"outboundTag": "block",
|
||||
"ip": [
|
||||
"geoip:private"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "field",
|
||||
"outboundTag": "block",
|
||||
"protocol": [
|
||||
"bittorrent"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type": "field",
|
||||
"outboundTag": "IPv6_out",
|
||||
"domain": [
|
||||
"geosite:netflix"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
31
gong-neng-shuo-ming/zi-ding-yi-ru-kou-gong-neng-shuo-ming.md
Normal file
31
gong-neng-shuo-ming/zi-ding-yi-ru-kou-gong-neng-shuo-ming.md
Normal file
@@ -0,0 +1,31 @@
|
||||
# 自定义入口功能说明
|
||||
|
||||
XrayR完整支持全部的Xray-core所提供的自定义入口功能,具体启用方式如下:
|
||||
|
||||
1. 编写 custom\_inbound.json文件,此配置与Xray 出口配置完全相同,请查看:[https://xtls.github.io/config/inbound.html](https://xtls.github.io/config/inbound.html)获取帮助。
|
||||
2. 在`config.yml`中配置`InboundConfigPath`为custom\_inbound.json的路径。
|
||||
|
||||
### 自定义入口功能示例
|
||||
|
||||
```text
|
||||
[
|
||||
{
|
||||
"listen": "0.0.0.0",
|
||||
"port": 1234,
|
||||
"protocol": "socks",
|
||||
"settings": {
|
||||
"auth": "noauth",
|
||||
"accounts": [
|
||||
{
|
||||
"user": "my-username",
|
||||
"pass": "my-password"
|
||||
}
|
||||
],
|
||||
"udp": false,
|
||||
"ip": "127.0.0.1",
|
||||
"userLevel": 0
|
||||
}
|
||||
}
|
||||
]
|
||||
```
|
||||
|
381
xrayr-pei-zhi-wen-jian-shuo-ming/config.md
Normal file
381
xrayr-pei-zhi-wen-jian-shuo-ming/config.md
Normal file
@@ -0,0 +1,381 @@
|
||||
# 配置文件说明
|
||||
|
||||
## 配置文件格式
|
||||
|
||||
1. 主配置文件采用`yaml`格式,命名为`xxx.yml`。
|
||||
2. 默认XrayR会使用软件运行目录下的`config.yml`作为配置文件。
|
||||
|
||||
配置文件基本格式,Nodes下可以同时添加多个面板,多个节点配置信息,只需添加相同格式的Nodes item即可。
|
||||
|
||||
```yaml
|
||||
Log:
|
||||
Level: none # Log level: none, error, warning, info, debug
|
||||
AccessPath: # /etc/XrayR/access.Log
|
||||
ErrorPath: # /etc/XrayR/error.log
|
||||
DnsConfigPath: # /etc/XrayR/dns.json # Path to dns config, check https://xtls.github.io/config/dns.html for help
|
||||
RouteConfigPath: # /etc/XrayR/route.json # Path to route config, check https://xtls.github.io/config/routing.html for help
|
||||
InboundConfigPath: # /etc/XrayR/custom_inbound.json # Path to custom inbound config, check https://xtls.github.io/config/inbound.html for help
|
||||
OutboundConfigPath: # /etc/XrayR/custom_outbound.json # Path to custom outbound config, check https://xtls.github.io/config/outbound.html for help
|
||||
ConnetionConfig:
|
||||
Handshake: 4 # Handshake time limit, Second
|
||||
ConnIdle: 10 # Connection idle time limit, Second
|
||||
UplinkOnly: 2 # Time limit when the connection downstream is closed, Second
|
||||
DownlinkOnly: 4 # Time limit when the connection is closed after the uplink is closed, Second
|
||||
BufferSize: 64 # The internal cache size of each connection, kB
|
||||
Nodes:
|
||||
-
|
||||
PanelType: "SSpanel" # Panel type: SSpanel, V2board, PMpanel, Proxypanel
|
||||
ApiConfig:
|
||||
ApiHost: "http://127.0.0.1:667"
|
||||
ApiKey: "123"
|
||||
NodeID: 41
|
||||
NodeType: V2ray # Node type: V2ray, Trojan, Shadowsocks, Shadowsocks-Plugin
|
||||
Timeout: 30 # Timeout for the api request
|
||||
EnableVless: false # Enable Vless for V2ray Type
|
||||
EnableXTLS: false # Enable XTLS for V2ray and Trojan
|
||||
SpeedLimit: 0 # Mbps, Local settings will replace remote settings, 0 means disable
|
||||
DeviceLimit: 0 # Local settings will replace remote settings, 0 means disable
|
||||
RuleListPath: # /etc/XrayR/rulelist Path to local rulelist file
|
||||
ControllerConfig:
|
||||
ListenIP: 0.0.0.0 # IP address you want to listen
|
||||
SendIP: 0.0.0.0 # IP address you want to send pacakage
|
||||
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
|
||||
EnableDNS: false # Use custom DNS config, Please ensure that you set the dns.json well
|
||||
DNSType: AsIs # AsIs, UseIP, UseIPv4, UseIPv6, DNS strategy
|
||||
DisableUploadTraffic: false # Disable Upload Traffic to the panel
|
||||
DisableGetRule: false # Disable Get Rule from the panel
|
||||
DisableIVCheck: false # Disable the anti-reply protection for Shadowsocks
|
||||
DisableSniffing: false # Disable domain sniffing
|
||||
EnableProxyProtocol: false # Only works for WebSocket and TCP
|
||||
EnableFallback: false # Only support for Trojan and Vless
|
||||
FallBackConfigs: # Support multiple fallbacks
|
||||
-
|
||||
SNI: # TLS SNI(Server Name Indication), Empty for any
|
||||
Alpn: # Alpn, Empty for any
|
||||
Path: # HTTP PATH, Empty for any
|
||||
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
|
||||
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
|
||||
CertConfig:
|
||||
CertMode: dns # Option about how to get certificate: none, file, http, dns. Choose "none" will forcedly disable the tls config.
|
||||
RejectUnknownSni: false # Reject unknown SNI
|
||||
CertDomain: "node1.test.com" # Domain to cert
|
||||
CertFile: /etc/XrayR/cert/node1.test.com.cert # Provided if the CertMode is file
|
||||
KeyFile: /etc/XrayR/cert/node1.test.com.key
|
||||
Provider: alidns # DNS cert provider, Get the full support list here: https://go-acme.github.io/lego/dns/
|
||||
Email: test@me.com
|
||||
DNSEnv: # DNS ENV option used by DNS provider
|
||||
ALICLOUD_ACCESS_KEY: aaa
|
||||
ALICLOUD_SECRET_KEY: bbb
|
||||
-
|
||||
PanelType: "V2board" # Panel type: SSpanel, V2board
|
||||
ApiConfig:
|
||||
ApiHost: "http://V2board.com"
|
||||
ApiKey: "123"
|
||||
NodeID: 42
|
||||
NodeType: Trojan # Node type: V2ray, Shadowsocks, Trojan
|
||||
Timeout: 30 # Timeout for the api request
|
||||
EnableVless: false # Enable Vless for V2ray Type, Prefer remote configuration
|
||||
EnableXTLS: false # Enable XTLS for V2ray and Trojan, Prefer remote configuration
|
||||
ControllerConfig:
|
||||
ListenIP: 0.0.0.0 # IP address you want to listen
|
||||
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
|
||||
EnableDNS: false # Enable custom DNS config, Please ensure that you set the dns.json well
|
||||
CertConfig:
|
||||
CertMode: dns # Option about how to get certificate: none, file, http, dns. Choose "none" will forcedly disable the tls config.
|
||||
CertDomain: "node2.test.com" # Domain to cert
|
||||
CertFile: /etc/XrayR/cert/node2.test.com.cert # Provided if the CertMode is file
|
||||
KeyFile: /etc/XrayR/cert/node2.test.com.key
|
||||
Provider: alidns # DNS cert provider, Get the full support list here: https://go-acme.github.io/lego/dns/
|
||||
Email: test@me.com
|
||||
DNSEnv: # DNS ENV option used by DNS provider
|
||||
ALICLOUD_ACCESS_KEY: aaa
|
||||
ALICLOUD_SECRET_KEY: bbb
|
||||
```
|
||||
|
||||
## 配置文件设置说明
|
||||
|
||||
### 基础配置
|
||||
|
||||
基础配置是对所有节点生效的配置。
|
||||
|
||||
```yaml
|
||||
Log:
|
||||
Level: debug # Log level: none, error, warning, info, debug
|
||||
AccessPath: # /etc/XrayR/access.Log
|
||||
ErrorPath: # /etc/XrayR/error.log
|
||||
DnsConfigPath: # /etc/XrayR/dns.json # Path to dns config, check https://xtls.github.io/config/dns.html for help
|
||||
RouteConfigPath: # /etc/XrayR/route.json # Path to route config, check https://xtls.github.io/config/routing.html for help
|
||||
InboundConfigPath: # /etc/XrayR/custom_inbound.json # Path to custom inbound config, check https://xtls.github.io/config/inbound.html for help
|
||||
OutboundConfigPath: # /etc/XrayR/custom_outbound.json # Path to custom outbound config, check https://xtls.github.io/config/outbound.html for help
|
||||
ConnetionConfig:
|
||||
Handshake: 4 # Handshake time limit, Second
|
||||
ConnIdle: 10 # Connection idle time limit, Second
|
||||
UplinkOnly: 2 # Time limit when the connection downstream is closed, Second
|
||||
DownlinkOnly: 4 # Time limit when the connection is closed after the uplink is closed, Second
|
||||
BufferSize: 64 # The internal cache size of each connection, kB
|
||||
```
|
||||
|
||||
#### 日志配置
|
||||
|
||||
日志配置用于控制XrayR-core的日志级别,access.log和error.log需要设置日志级别大于warning才会被记录。
|
||||
|
||||
```yaml
|
||||
Log:
|
||||
Level: debug # Log level: none, error, warning, info, debug
|
||||
AccessPath: # /etc/XrayR/access.Log
|
||||
ErrorPath: # /etc/XrayR/error.log
|
||||
```
|
||||
|
||||
| 参数 | 选项 | 说明 |
|
||||
| ------------ | --------------------------------------- | ---------------------------- |
|
||||
| `Level` | `none`,`error`,`warning`,`info`,`debug` | 日志显示级别,`none`为不显示 |
|
||||
| `AccessPath` | 无 | Access日志的保存路径 |
|
||||
| `ErrorPath` | 无 | Error日志的保存路径 |
|
||||
|
||||
#### 自定义DNS配置
|
||||
|
||||
指定自定义DNS配置文件的路径
|
||||
|
||||
```yaml
|
||||
DnsConfigPath: # /etc/XrayR/dns.json Path to dns config
|
||||
```
|
||||
|
||||
| 参数 | 选项 | 说明 |
|
||||
| --------------- | ---- | ----------------------- |
|
||||
| `DnsConfigPath` | 无 | 自定义DNS配置文件的路径 |
|
||||
#### 自定义路由配置
|
||||
|
||||
指定路由配置文件文件路径
|
||||
|
||||
```yaml
|
||||
RouteConfigPath: # /etc/XrayR/route.json # Path to route config, check https://xtls.github.io/config/base/route/ for help
|
||||
```
|
||||
|
||||
| 参数 | 选项 | 说明 |
|
||||
| ----------------- | ---- | ------------------------ |
|
||||
| `RouteConfigPath` | 无 | 自定义路由配置文件的路径 |
|
||||
|
||||
#### 自定义入口设置
|
||||
|
||||
```yaml
|
||||
InboundConfigPath: # /etc/XrayR/custom_inbound.json # Path to custom inbound config, check https://xtls.github.io/config/inbound.html for help
|
||||
```
|
||||
|
||||
| 参数 | 选项 | 说明 |
|
||||
| ------------------- | ---- | ------------------------ |
|
||||
| `InboundConfigPath` | 无 | 自定义入口配置文件的路径 |
|
||||
#### 自定义出口配置
|
||||
|
||||
指定出口配置文件文件路径
|
||||
|
||||
```yaml
|
||||
OutboundConfigPath: # /etc/XrayR/custom_outbound.json # Path to custom outbound config, check https://xtls.github.io/config/base/outbound/ for help
|
||||
```
|
||||
|
||||
| 参数 | 选项 | 说明 |
|
||||
| -------------------- | ---- | ------------------------ |
|
||||
| `OutboundConfigPath` | 无 | 自定义出口配置文件的路径 |
|
||||
|
||||
#### 连接控制
|
||||
|
||||
自定义连接释放的相关配置,可以一定程度优化内存占用
|
||||
|
||||
```yaml
|
||||
ConnetionConfig:
|
||||
Handshake: 4 # Handshake time limit, Second
|
||||
ConnIdle: 10 # Connection idle time limit, Second
|
||||
UplinkOnly: 2 # Time limit when the connection downstream is closed, Second
|
||||
DownlinkOnly: 4 # Time limit when the connection is closed after the uplink is closed, Second
|
||||
BufferSize: 64 # The internal cache size of each connection, kB
|
||||
```
|
||||
|
||||
| 参数 | 选项 | 说明 |
|
||||
| -------------- | ---- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `Handshake` | 无 | 连接建立时的握手时间限制。单位为秒。默认值为 4。在入站代理处理一个新连接时,在握手阶段如果使用的时间超过这个时间,则中断该连接。 |
|
||||
| `ConnIdle` | 无 | 连接空闲的时间限制。单位为秒。默认值为 10。如果在 `ConnIdle` 时间内,没有任何数据被传输(包括上行和下行数据),则中断该连接。**减少该值有可能可以优化内存占用,但是会导致用户连接延时变高**。 |
|
||||
| `UplinkOnly` | 无 | 当连接下行线路关闭后的时间限制。单位为秒。默认值为 2。当服务器(如远端网站)关闭下行连接时,出站代理会在等待`UplinkOnly`时间后中断连接。 |
|
||||
| `DownlinkOnly` | 无 | 当连接上行线路关闭后的时间限制。单位为秒。默认值为 4。当服务器(如远端网站)关闭上行连接时,出站代理会在等待`DownlinkOnly`时间后中断连接。 |
|
||||
| `BufferSize` | 无 | 每个连接的内部缓存大小。单位为 kB。当值为 0 时,内部缓存被禁用。**减少该值有可能可以优化内存占用,但有可能导致CPU占用上升** |
|
||||
|
||||
提示: 1. 减少`ConnIdle`有可能可以优化高连接数量时的内存占用,但是会导致用户连接延时变高。 2. 在 HTTP 浏览的场景中,可以将 `UplinkOnly` 和 `DownlinkOnly` 设为 0,以提高连接关闭的效率,减少内存占用。 3. 减少`BufferSize`可以优化内存占用,但是可能会导致CPU占用上升。
|
||||
|
||||
### 节点配置
|
||||
|
||||
每个节点是一个独立的配置,互相不会影响,XrayR支持单实例多节点启动,同时对接多个节点。
|
||||
|
||||
```yaml
|
||||
Nodes:
|
||||
-
|
||||
PanelType: "SSpanel" # Panel type: SSpanel, V2board, PMpanel
|
||||
ApiConfig:
|
||||
ApiHost: "http://127.0.0.1:667"
|
||||
ApiKey: "123"
|
||||
NodeID: 41
|
||||
NodeType: V2ray # Node type: V2ray, Trojan, Shadowsocks, Shadowsocks-Plugin
|
||||
Timeout: 30 # Timeout for the api request, Default is 5 sec
|
||||
EnableVless: false # Enable Vless for V2ray Type
|
||||
EnableXTLS: false # Enable XTLS for V2ray and Trojan
|
||||
SpeedLimit: 0 # Mbps, Local settings will replace remote settings, 0 means disable
|
||||
DeviceLimit: 0 # Local settings will replace remote settings, 0 means disable
|
||||
RuleListPath: # /etc/XrayR/rulelist Path to local rulelist file
|
||||
ControllerConfig:
|
||||
ListenIP: 0.0.0.0 # IP address you want to listen
|
||||
SendIP: 0.0.0.0 # IP address you want to send pacakage
|
||||
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
|
||||
EnableDNS: false # Use custom DNS config, Please ensure that you set the dns.json well
|
||||
DNSType: AsIs # AsIs, UseIP, UseIPv4, UseIPv6, DNS strategy
|
||||
DisableUploadTraffic: false # Disable Upload Traffic to the panel
|
||||
DisableGetRule: false # Disable Get Rule from the panel
|
||||
EnableProxyProtocol: false # Only works for WebSocket and TCP
|
||||
EnableFallback: false # Only support for Trojan and Vless
|
||||
FallBackConfigs: # Support multiple fallbacks
|
||||
-
|
||||
SNI: # TLS SNI(Server Name Indication), Empty for any
|
||||
Path: # HTTP PATH, Empty for any
|
||||
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
|
||||
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
|
||||
CertConfig:
|
||||
CertMode: dns # Option about how to get certificate: none, file, http, dns. Choose "none" will forcedly disable the tls config.
|
||||
CertDomain: "node1.test.com" # Domain to cert
|
||||
CertFile: /etc/XrayR/cert/node1.test.com.cert # Provided if the CertMode is file
|
||||
KeyFile: /etc/XrayR/cert/node1.test.com.key
|
||||
Provider: alidns # DNS cert provider, Get the full support list here: https://go-acme.github.io/lego/dns/
|
||||
Email: test@me.com
|
||||
DNSEnv: # DNS ENV option used by DNS provider
|
||||
ALICLOUD_ACCESS_KEY: aaa
|
||||
ALICLOUD_SECRET_KEY: bbb
|
||||
-
|
||||
PanelType: "V2board" # Panel type: SSpanel, V2board, PMpanel
|
||||
ApiConfig:
|
||||
ApiHost: "http://V2board.com"
|
||||
ApiKey: "123"
|
||||
NodeID: 42
|
||||
NodeType: Trojan # Node type: V2ray, Shadowsocks, Trojan
|
||||
Timeout: 30 # Timeout for the api request
|
||||
EnableVless: false # Enable Vless for V2ray Type
|
||||
EnableXTLS: false # Enable XTLS for V2ray and Trojan
|
||||
SpeedLimit: 0 # Local settings will replace remote settings, 0 means disable
|
||||
DeviceLimit: 0 # Local settings will replace remote settings, 0 means disable
|
||||
RuleListPath: # /etc/XrayR/rulelist Path to local rulelist file
|
||||
ControllerConfig:
|
||||
ListenIP: 0.0.0.0 # IP address you want to listen
|
||||
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
|
||||
EnableDNS: false # Enable custom DNS config, Please ensure that you set the dns.json well
|
||||
CertConfig:
|
||||
CertMode: dns # Option about how to get certificate: none, file, http, dns. Choose "none" will forcedly disable the tls config.
|
||||
CertDomain: "node2.test.com" # Domain to cert
|
||||
CertFile: /etc/XrayR/cert/node2.test.com.cert # Provided if the CertMode is file
|
||||
KeyFile: /etc/XrayR/cert/node2.test.com.key
|
||||
Provider: alidns # DNS cert provider, Get the full support list here: https://go-acme.github.io/lego/dns/
|
||||
Email: test@me.com
|
||||
DNSEnv: # DNS ENV option used by DNS provider
|
||||
ALICLOUD_ACCESS_KEY: aaa
|
||||
ALICLOUD_SECRET_KEY: bbb
|
||||
```
|
||||
|
||||
#### 面板选择
|
||||
|
||||
```yaml
|
||||
PanelType: "V2board" # Panel type: SSpanel, V2board, PMpanel, Proxypanel
|
||||
```
|
||||
|
||||
| 参数 | 选项 | 说明 |
|
||||
| ----------- | ------------------------------------------ | ---------------- |
|
||||
| `PanelType` | `SSPanel`,`V2board`,`PMpanel`,`Proxypanel` | 对接前端面板类型 |
|
||||
|
||||
#### 面板对接配置
|
||||
|
||||
```yaml
|
||||
ApiConfig:
|
||||
ApiHost: "http://127.0.0.1:667"
|
||||
ApiKey: "123"
|
||||
NodeID: 41
|
||||
NodeType: V2ray # Node type: V2ray, Trojan, Shadowsocks, Shadowsocks-Plugin
|
||||
Timeout: 30 # Timeout for the api request, Default is 5 sec
|
||||
EnableVless: false # Enable Vless for V2ray Type
|
||||
EnableXTLS: false # Enable XTLS for V2ray and Trojan
|
||||
SpeedLimit: 0 # Local settings will replace remote settings, 0 means disable
|
||||
DeviceLimit: 0 # Local settings will replace remote settings, 0 means disable
|
||||
RuleListPath: # /etc/XrayR/rulelist Path to local rulelist file
|
||||
DisableCustomConfig: false # Disable custom config
|
||||
```
|
||||
|
||||
| 参数 | 选项 | 说明 |
|
||||
| --------------------- | ---------------------------------------------------- | ------------------------------------------------- |
|
||||
| `ApiHost` | 无 | 对接前端面板地址 |
|
||||
| `ApiKey` | 无 | 前端对接通讯秘钥 |
|
||||
| `NodeID` | 无 | 节点ID |
|
||||
| `NodeType` | `V2ray`,`Shadowsocks`, `Shadowsocks-Plugin`,`Trojan` | 节点类型 |
|
||||
| `Timeout` | 无 | 设定单次访问API超时时间,默认5秒 |
|
||||
| `EnableVless` | `true`,`false` | 是否给V2ray启用Vless协议 |
|
||||
| `EnableXTLS` | `true`,`false` | 是否使用XTLS |
|
||||
| `SpeedLimit` | float | 单位Mbps, 本地限速设置,会覆盖远程设置,0为不启用 |
|
||||
| `DeviceLimit` | int | 本地设备限制,会覆盖远程设置,0为不启用 |
|
||||
| `RuleListPath` | 无 | 本地规则设置,指定本地规则文件路径,规则文件格式 |
|
||||
| `DisableCustomConfig` | `true`,`false` | 是否启用custom_config,默认false |
|
||||
|
||||
#### 后端相关配置
|
||||
|
||||
```yaml
|
||||
ControllerConfig:
|
||||
ListenIP: 0.0.0.0 # IP address you want to listen
|
||||
SendIP: 0.0.0.0 # IP address you want to send pacakage
|
||||
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
|
||||
EnableDNS: false # Use custom DNS config, Please ensure that you set the dns.json well
|
||||
DNSType: AsIs # AsIs, UseIP, UseIPv4, UseIPv6, DNS strategy
|
||||
DisableUploadTraffic: false # Disable Upload Traffic to the panel
|
||||
DisableGetRule: false # Disable Get Rule from the panel
|
||||
DisableIVCheck: false # Disable the anti-reply protection for Shadowsocks
|
||||
DisableSniffing: false # Disable domain sniffing
|
||||
EnableProxyProtocol: false # Only works for WebSocket and TCP
|
||||
EnableFallback: false # Only support for Trojan and Vless
|
||||
FallBackConfigs: # Support multiple fallbacks
|
||||
-
|
||||
SNI: # TLS SNI(Server Name Indication), Empty for any
|
||||
Path: # HTTP PATH, Empty for any
|
||||
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
|
||||
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
|
||||
```
|
||||
|
||||
| 参数 | 选项 | 说明 |
|
||||
| ---------------------- | ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| `ListenIP` | 无 | 选择监听的IP地址,`0.0.0.0`会同时监听v6和v4 |
|
||||
| `SendIP` | 无 | 用于发送数据的 IP 地址 |
|
||||
| `UpdatePeriodic` | 无 | 从前端更新节点、用户信息和上报用户使用信息的间隔,默认60秒 |
|
||||
| `EnableDNS` | `true`,`false` | 是否为当前节点启用自定义DNS,默认使用系统DNS |
|
||||
| `DNSType` | `AsIs`,`UseIP`,`UseIPv4`,`UseIPv6` | DNS解析类型,`AsIs`:使用系统DNS,`UseIP`,`UseIPv4`,`UseIPv6`为使用自定义DNS,请确保`EnableDNS`为`true`,且正确配置了`DnsConfigPath` |
|
||||
| `DisableUploadTraffic` | `false`, `true` | 是否禁止上传节点流量,默认`false` |
|
||||
| `DisableGetRule` | `false`, `true` | 是否禁止获取远程规则,默认`false` |
|
||||
| `DisableIVCheck` | `false`, `true` | 是否关闭Shadowsocks用于防止重放攻击的布隆过滤器,默认`false` |
|
||||
| `DisableSniffing` | `false`, `true` | 是否关闭domain sniffing,默认`false` |
|
||||
| `EnableProxyProtocol` | `true`,`false` | 是否为当前节点启用ProxyProtocol获取中转IP,只对TCP和WS有效 |
|
||||
| `EnableFallback` | `true`,`false` | 是否为当前节点启用Fallback,只对Vless和Trojan协议有效 |
|
||||
| `FallBackConfigs` | list | Fallback 相关配置,请查看 [Fallback功能说明](../gong-neng-shuo-ming/fallback.md) |
|
||||
|
||||
#### 证书申请相关配置
|
||||
|
||||
XrayR 支持多种自动申请证书配置。申请到的证书将会放在**配置文件(config.yml)目录的`cert`文件夹下**。
|
||||
|
||||
```yaml
|
||||
CertConfig:
|
||||
CertMode: dns # Option about how to get certificate: none, file, http, dns. Choose "none" will forcedly disable the tls config.
|
||||
RejectUnknownSni: false # Reject unknown SNI, default false
|
||||
CertDomain: "node2.test.com" # Domain to cert
|
||||
CertFile: /etc/XrayR/cert/node2.test.com.cert # Provided if the CertMode is file
|
||||
KeyFile: /etc/XrayR/cert/node2.test.com.key
|
||||
Provider: alidns # DNS cert provider, Get the full support list here: https://go-acme.github.io/lego/dns/
|
||||
Email: test@me.com
|
||||
DNSEnv: # DNS ENV option used by DNS provider
|
||||
ALICLOUD_ACCESS_KEY: aaa
|
||||
ALICLOUD_SECRET_KEY: bbb
|
||||
```
|
||||
|
||||
| 参数 | 选项 | 说明 |
|
||||
| ------------------ | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `CertMode` | `none`,`file`,`http`,`dns` | 获取证书的方式。`file`:手动提供,并制定路径。`http`:通过http申请,需要80端口。`dns`:使用dns模式申请,需要制定相关dns服务商配置。`none`:强制关闭tls设置,交由nginx或者caddy处理。 |
|
||||
| `CertDomain` | 无 | 申请证书域名 |
|
||||
| `RejectUnknownSni` | `false`, `true` | 是否拒绝未知的SNI,默认为false |
|
||||
| `CertFile` | 无 | 手动指定的证书路径 |
|
||||
| `KeyFile` | 无 | 手动指定的私钥路径 |
|
||||
| `Provider` | 无 | dns提供商,所有支持的dns提供商请在此获取:[https://go-acme.github.io/lego/dns/](https://go-acme.github.io/lego/dns/) |
|
||||
| `DNSEnv` | 无 | 采用DNS申请证书需要的环境变量,请参考上文链接内,自己的dns提供商所需要的参数,填写于此。请注意一行一个,填写时需符合yaml文件格式。 |
|
2
xrayr-xia-zai-he-an-zhuang/install/README.md
Normal file
2
xrayr-xia-zai-he-an-zhuang/install/README.md
Normal file
@@ -0,0 +1,2 @@
|
||||
# 下载和安装
|
||||
|
70
xrayr-xia-zai-he-an-zhuang/install/docker.md
Normal file
70
xrayr-xia-zai-he-an-zhuang/install/docker.md
Normal file
@@ -0,0 +1,70 @@
|
||||
# 使用docker安装
|
||||
|
||||
## 安装 Docker
|
||||
|
||||
### Centos
|
||||
|
||||
```bash
|
||||
yum install -y yum-utils
|
||||
yum-config-manager \
|
||||
--add-repo \
|
||||
https://download.docker.com/linux/centos/docker-ce.repo
|
||||
yum install docker-ce docker-ce-cli containerd.io -y
|
||||
systemctl start docker
|
||||
systemctl enable docker
|
||||
```
|
||||
|
||||
### Debian / Ubuntu
|
||||
|
||||
```bash
|
||||
sudo apt-get update
|
||||
sudo apt-get install \
|
||||
apt-transport-https \
|
||||
ca-certificates \
|
||||
curl \
|
||||
gnupg-agent \
|
||||
software-properties-common -y
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
||||
sudo add-apt-repository \
|
||||
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
|
||||
$(lsb_release -cs) \
|
||||
stable"
|
||||
sudo apt-get install docker-ce docker-ce-cli containerd.io -y
|
||||
systemctl start docker
|
||||
systemctl enable docker
|
||||
```
|
||||
|
||||
## 安装Docker-compose
|
||||
|
||||
```bash
|
||||
curl -fsSL https://get.docker.com | bash -s docker
|
||||
curl -L "https://github.com/docker/compose/releases/download/1.26.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
||||
chmod +x /usr/local/bin/docker-compose
|
||||
```
|
||||
|
||||
## Docker-compose 安装XrayR \(推荐\)
|
||||
|
||||
1. `git clone https://github.com/XrayR-project/XrayR-release`
|
||||
2. `cd XrayR-release`
|
||||
3. 编辑配置文件:`config.yml`,详见:[配置文件说明](../../xrayr-pei-zhi-wen-jian-shuo-ming/config.md)
|
||||
4. 启动docker:`docker-compose up -d`
|
||||
|
||||
## Docker run 安装XrayR
|
||||
|
||||
请注意指定`config.yml`目录。
|
||||
|
||||
```bash
|
||||
docker pull crackair/xrayr:latest && docker run --restart=always --name xrayr -d -v ${PATH_TO_CONFIG}/config.yml:/etc/XrayR/config.yml --network=host crackair/xrayr:latest
|
||||
```
|
||||
|
||||
## 更新XrayR
|
||||
|
||||
docker-compose仅需两条简单通用的命令即可实现更新、删除容器并重启。更新软件后`config.yml`不会被更新覆盖。
|
||||
|
||||
注意在 docker-compose.yml 所在的目录下执行:
|
||||
|
||||
```bash
|
||||
docker-compose pull
|
||||
docker-compose up -d
|
||||
```
|
||||
|
22
xrayr-xia-zai-he-an-zhuang/install/manual.md
Normal file
22
xrayr-xia-zai-he-an-zhuang/install/manual.md
Normal file
@@ -0,0 +1,22 @@
|
||||
# 手动安装
|
||||
|
||||
## 下载并使用
|
||||
|
||||
1. 在此处,根据自身系统选择合适的版本:[Release](https://github.com/XrayR-project/XrayR/releases)
|
||||
2. 解压压缩包,之后运行:`./XrayR -config config.yml`
|
||||
|
||||
## 编译并使用
|
||||
|
||||
1. go 1.17.2
|
||||
2. 依次运行
|
||||
|
||||
```bash
|
||||
git clone https://github.com/XrayR-project/XrayR
|
||||
cd XrayR/main
|
||||
go mod tidy
|
||||
go build -o XrayR -ldflags "-s -w"
|
||||
./XrayR -config config.yml
|
||||
```
|
||||
|
||||
配置文件详见:[配置文件说明](../../xrayr-pei-zhi-wen-jian-shuo-ming/config.md)
|
||||
|
16
xrayr-xia-zai-he-an-zhuang/install/one-click.md
Normal file
16
xrayr-xia-zai-he-an-zhuang/install/one-click.md
Normal file
@@ -0,0 +1,16 @@
|
||||
# 使用一键脚本安装
|
||||
|
||||
## 软件安装
|
||||
|
||||
```bash
|
||||
bash <(curl -Ls https://raw.githubusercontent.com/XrayR-project/XrayR-release/master/install.sh)
|
||||
```
|
||||
|
||||
配置文件路径:`/etc/XrayR` 配置文件详见:[配置文件说明](../../xrayr-pei-zhi-wen-jian-shuo-ming/config.md)
|
||||
|
||||
## 软件更新
|
||||
|
||||
```bash
|
||||
XrayR update
|
||||
```
|
||||
|
10
za-xiang/memopt.md
Normal file
10
za-xiang/memopt.md
Normal file
@@ -0,0 +1,10 @@
|
||||
# 内存优化相关
|
||||
|
||||
## 链接控制优化
|
||||
|
||||
通过自定义`ConnetionConfig`连接释放的[相关配置](../xrayr-pei-zhi-wen-jian-shuo-ming/config.md#lian-jie-kong-zhi),可以一定程度优化内存占用
|
||||
|
||||
1. 减少`ConnIdle`有可能可以优化高连接数量时的内存占用,但是会导致用户连接延时变高。
|
||||
2. 在 HTTP 浏览的场景中,可以将 `UplinkOnly` 和 `DownlinkOnly` 设为 0,以提高连接关闭的效率,减少内存占用。
|
||||
3. 减少`BufferSize`可以优化内存占用,但是可能会导致CPU占用上升。
|
||||
|
164
za-xiang/nginx+trojan-zan-shi-di-shen.md
Normal file
164
za-xiang/nginx+trojan-zan-shi-di-shen.md
Normal file
@@ -0,0 +1,164 @@
|
||||
# Nginx+Trojan暂时滴神!
|
||||
|
||||
使用Nginx处理Trojan的TLS,Trojan进行回落。我愿称ta暂时滴神!
|
||||
|
||||
## Nginx安装
|
||||
|
||||
CentOS:
|
||||
|
||||
```text
|
||||
yum update
|
||||
yum install -y nginx
|
||||
yum install nginx-mod-stream
|
||||
```
|
||||
|
||||
Ubuntu/Debian:
|
||||
|
||||
```text
|
||||
apt update
|
||||
apt install nginx
|
||||
```
|
||||
|
||||
## Nginx配置
|
||||
|
||||
修改/etc/nginx/nginx.conf配置文件:
|
||||
|
||||
```text
|
||||
stream {
|
||||
server {
|
||||
listen 443 ssl; # 设置监听端口为443
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3; # 设置使用的SSL协议版本
|
||||
|
||||
ssl_certificate /etc/nginx/ssl/xx.com.pem; # 证书地址
|
||||
ssl_certificate_key /etc/nginx/ssl/xx.com.key; # 秘钥地址
|
||||
ssl_session_cache shared:SSL:10m; # SSL TCP会话缓存设置共享内存区域名为
|
||||
# SSL,区域大小为10MB
|
||||
ssl_session_timeout 10m; # SSL TCP会话缓存超时时间为10分钟
|
||||
proxy_protocol on; # 开启proxy_protocol获取真实ip
|
||||
proxy_pass 127.0.0.1:1234; # 后端Trojan监听端口
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
请将上方代码添加到**http**与**events**中间一行
|
||||
|
||||
**/etc/nginx/nginx.conf配置文件参考:**
|
||||
|
||||
```text
|
||||
events {
|
||||
worker_connections 768;
|
||||
# multi_accept on;
|
||||
}
|
||||
|
||||
stream {
|
||||
server {
|
||||
listen 443 ssl; # 设置监听端口为443
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3; # 设置使用的SSL协议版本
|
||||
|
||||
ssl_certificate /etc/nginx/ssl/xx.com.pem; # 证书地址
|
||||
ssl_certificate_key /etc/nginx/ssl/xx.com.key; # 秘钥地址
|
||||
ssl_session_cache shared:SSL:10m; # SSL TCP会话缓存设置共享内存区域名为
|
||||
# SSL,区域大小为10MB
|
||||
ssl_session_timeout 10m; # SSL TCP会话缓存超时时间为10分钟
|
||||
proxy_protocol on; # 开启proxy_protocol获取真实ip
|
||||
proxy_pass 127.0.0.1:1234; # 后端Trojan监听端口
|
||||
}
|
||||
}
|
||||
|
||||
http {
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
```
|
||||
|
||||
**注意事项:**
|
||||
|
||||
**1. 请配置SSL证书**
|
||||
|
||||
**2. proxy\_pass 127.0.0.1:1234 后端Trojan监听端口与您网站前端节点监听端口一致**
|
||||
|
||||
**3. listen端口可以1-65535随意修改,此处为客户端连接端口**
|
||||
|
||||
{% hint style="info" %}
|
||||
centos系统请关闭selinux,不然可能导致转发失败。
|
||||
```
|
||||
sudo setenforce 0
|
||||
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
|
||||
```
|
||||
{% endhint %}
|
||||
## XrayR Trojan配置
|
||||
|
||||
**关键配置:**
|
||||
|
||||
```text
|
||||
ListenIP: 127.0.0.1
|
||||
EnableProxyProtocol: true
|
||||
EnableFallback: true
|
||||
CertMode: none
|
||||
```
|
||||
|
||||
{% hint style="info" %}
|
||||
注意1:请务必确保CertMode为none,交由Nginx处理tls
|
||||
{% endhint %}
|
||||
|
||||
{% hint style="info" %}
|
||||
注意2:在回落时请确保回落站点是http1.1,nginx如果有一个站点是h2会导致全部站点都变成h2(巨坑)
|
||||
{% endhint %}
|
||||
|
||||
**完整样例**
|
||||
|
||||
```text
|
||||
-
|
||||
PanelType: "SSpanel" # Panel type: SSpanel, V2board, PMpanel
|
||||
ApiConfig:
|
||||
ApiHost: "https://xxx.com"
|
||||
ApiKey: "123"
|
||||
NodeID: 1
|
||||
NodeType: Trojan # Node type: V2ray, Shadowsocks, Trojan
|
||||
Timeout: 10 # Timeout for the api request
|
||||
EnableVless: false # Enable Vless for V2ray Type
|
||||
EnableXTLS: false # Enable XTLS for V2ray and Trojan
|
||||
SpeedLimit: 0 # Mbps, Local settings will replace remote settings, 0 means disable
|
||||
DeviceLimit: 0 # Local settings will replace remote settings, 0 means disable
|
||||
RuleListPath: # /etc/XrayR/rulelist Path to local rulelist file
|
||||
ControllerConfig:
|
||||
ListenIP: 127.0.0.1 # IP address you want to listen
|
||||
SendIP: 0.0.0.0 # IP address you want to send pacakage
|
||||
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
|
||||
EnableDNS: false # Use custom DNS config, Please ensure that you set the dns.json well
|
||||
DNSType: AsIs # AsIs, UseIP, UseIPv4, UseIPv6, DNS strategy
|
||||
EnableProxyProtocol: true # Only works for WebSocket and TCP
|
||||
EnableFallback: true # Only support for Trojan and Vless
|
||||
FallBackConfigs: # Support multiple fallbacks
|
||||
-
|
||||
SNI: # TLS SNI(Server Name Indication), Empty for any
|
||||
Path: # HTTP PATH, Empty for any
|
||||
Dest: fake.website.com:80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
|
||||
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
|
||||
CertConfig:
|
||||
CertMode: none # Option about how to get certificate: none, file, http, dns. Choose "none" will forcedly disable the tls config.
|
||||
CertDomain: "node1.test.com" # Domain to cert
|
||||
CertFile: /etc/XrayR/cert/node1.test.com.cert # Provided if the CertMode is file
|
||||
KeyFile: /etc/XrayR/cert/node1.test.com.key
|
||||
Provider: alidns # DNS cert provider, Get the full support list here: https://go-acme.github.io/lego/dns/
|
||||
Email: test@me.com
|
||||
DNSEnv: # DNS ENV option used by DNS provider
|
||||
ALICLOUD_ACCESS_KEY: aaa
|
||||
ALICLOUD_SECRET_KEY: bbb
|
||||
```
|
||||
|
||||
## 重启并检查 Nginx 和 XrayR
|
||||
|
||||
```text
|
||||
systemctl restart nginx
|
||||
XrayR restart
|
||||
```
|
||||
|
||||
```text
|
||||
systemctl status nginx
|
||||
XrayR status
|
||||
```
|
||||
|
20
za-xiang/wei-shen-me-yao-yin-ru-shadowsocks-v2rayplugin.md
Normal file
20
za-xiang/wei-shen-me-yao-yin-ru-shadowsocks-v2rayplugin.md
Normal file
@@ -0,0 +1,20 @@
|
||||
# 为什么要引入Shadowsocks - V2Ray-Plugin
|
||||
|
||||
## Update on 2021/07/04
|
||||
|
||||
我错怪Trojan了,通过后端禁用TLS,配合Nginx的Stream模块也可以实现,Nginx代理处理Trojan的TLS,达到隐藏TLS握手信息的效果,同时可以fallback到http1.1的站点达到比SS更高的性能水平。
|
||||
|
||||
## 原文
|
||||
|
||||
很多人觉得有Shadowsocks单端口就够了呀,为啥要引入Shadowsocks - V2Ray-Plugin呢?
|
||||
|
||||
首先针对近日来的国际互联网通讯情况,我个人分析认为,在特殊时期,会针对go的TLS握手行为进行匹配,并加以阻断。再加上现有大部分的软件(如V2ray-core,Xray-core)都是以go实现的,并采用go的库进行TLS处理。因此在特殊时期,可以对go的TLS握手行为可以进行识别,从而导致端口精准阻断。所以大部分直接采用go进行tls处理的协议,比如Trojan,在近日遭受了严重阻断。同样,使用Caddy反代进行伪装的行为也遭受了阻断。
|
||||
|
||||
虽然针对go的TLS库进行识别的行为有极大的误报率(封杀正常的Caddy反代的网站),但是在特殊时期已经被证实是可能实行的了。因我认为,需要隐藏go的TLS握手行为,从而达到更高的隐蔽性。为此,我认为采用C语言编写的NGINX是目前最好的选择。现有情况也表明:Vmess+ws+tls+nginx在目前存活性最好。
|
||||
|
||||
Vmess+ws+tls+nginx虽然已经成功隐藏了go的TLS握手信息,但是Vmess协议由于其本身设计,会产生大量的内存占用。同时其基于时间的验证设计,增加了其使用难度。~~而Trojan暂时又不支持使用其他软件进行TLS处理~~。此时Shadowsocks - V2Ray-Plugin成为了最好的选择。
|
||||
|
||||
Shadowsocks - V2Ray-Plugin,首先是基于Shadowsocks的。得益于Shadowsocks协议设计,使得Shadowsocks拥有比Vmess更快的速度和不依赖时间的验证。同时V2Ray-Plugin给予Shadowsocks进行websocket混淆和TLS加密的能力。极大增强了Shadowsocks的安全性,使得流量可以直接在公网传输,不再需要隧道。同时可以把TLS交由NGINX处理,隐藏go的相关特征,防止被阻断端口。
|
||||
|
||||
综上所述,为了隐藏特征,我强烈建议采用nginx+ws+tls+everything的做法,在目前情况下,nginx+ws+tls+ss的配置会优于nginx+ws+tls+vmess。同时为了长远考虑,我建议所有的协议实现软件采用C语言提供的TLS库进行TLS相关处理,或者参考Shadowsocks分离出插件层,方便使用第三方软件如nginx进行TLS处理。
|
||||
|
Reference in New Issue
Block a user