Skip to content

Commit

Permalink
Update to v0.5.3
Browse files Browse the repository at this point in the history
  • Loading branch information
@crackair
crackair committed Jun 8, 2021
1 parent bfa2165 commit d31c5a2
Show file tree
Hide file tree
Showing 4 changed files with 112 additions and 12 deletions.
1 change: 1 addition & 0 deletions SUMMARY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,6 @@
* [自定义DNS说明](functions/dns.md)
* [审计功能说明](functions/rule.md)
* [自动申请证书说明](functions/cert.md)
* [Fallback 功能说明](functions/fallback.md)


58 changes: 47 additions & 11 deletions config/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,18 @@ Nodes:
EnableXTLS: false # Enable XTLS for V2ray and Trojan, Prefer remote configuration
ControllerConfig:
ListenIP: 0.0.0.0 # IP address you want to listen
SendIP: 0.0.0.0 # IP address you want to send pacakage
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
EnableDNS: false # Enable custom DNS config, Please ensure that you set the dns.json well
EnableDNS: false # Use custom DNS config, Please ensure that you set the dns.json well
DNSType: AsIs # AsIs, UseIP, UseIPv4, UseIPv6, DNS strategy
EnableProxyProtocol: false # Only works for WebSocket and TCP
EnableFallback: false # Only support for Trojan and Vless
FallBackConfigs: # Support multiple fallbacks
-
SNI: # TLS SNI(Server Name Indication), Empty for any
Path: # HTTP PATH, Empty for any
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
CertConfig:
CertMode: dns # Option about how to get certificate: none, file, http, dns. Choose "none" will forcedly disable the tls config.
CertDomain: "node1.test.com" # Domain to cert
Expand Down Expand Up @@ -118,8 +128,18 @@ Nodes:
RuleListPath: # ./rulelist Path to local rulelist file
ControllerConfig:
ListenIP: 0.0.0.0 # IP address you want to listen
SendIP: 0.0.0.0 # IP address you want to send pacakage
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
EnableDNS: false # Enable custom DNS config, Please ensure that you set the dns.json well
EnableDNS: false # Use custom DNS config, Please ensure that you set the dns.json well
DNSType: AsIs # AsIs, UseIP, UseIPv4, UseIPv6, DNS strategy
EnableProxyProtocol: false # Only works for WebSocket and TCP
EnableFallback: false # Only support for Trojan and Vless
FallBackConfigs: # Support multiple fallbacks
-
SNI: # TLS SNI(Server Name Indication), Empty for any
Path: # HTTP PATH, Empty for any
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
CertConfig:
CertMode: dns # Option about how to get certificate: none, file, http, dns. Choose "none" will forcedly disable the tls config.
CertDomain: "node1.test.com" # Domain to cert
Expand Down Expand Up @@ -195,19 +215,35 @@ ApiConfig:
#### 后端相关配置
``` yaml
ControllerConfig:
ListenIP: 0.0.0.0 # IP address you want to listen
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
EnableDNS: false # Enable custom DNS config, Please ensure that you set the dns.json well
ListenIP: 0.0.0.0 # IP address you want to listen
SendIP: 0.0.0.0 # IP address you want to send pacakage
UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
EnableDNS: false # Use custom DNS config, Please ensure that you set the dns.json well
DNSType: AsIs # AsIs, UseIP, UseIPv4, UseIPv6, DNS strategy
EnableProxyProtocol: false # Only works for WebSocket and TCP
EnableFallback: false # Only support for Trojan and Vless
FallBackConfigs: # Support multiple fallbacks
-
SNI: # TLS SNI(Server Name Indication), Empty for any
Path: # HTTP PATH, Empty for any
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
```
| 参数 | 选项 | 说明 |
| ---------------- | -------------- | ---------------------------------------------------------- |
| `ListenIP` | 无 | 选择监听的IP地址,`0.0.0.0`会同时监听v6和v4 |
| `UpdatePeriodic` | 无 | 从前端更新节点、用户信息和上报用户使用信息的间隔,默认60秒 |
| `EnableDNS` | `true`,`false` | 是否为当前节点启用自定义DNS,默认使用系统DNS |
| 参数 | 选项 | 说明 |
| --------------------- | ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
| `ListenIP` | 无 | 选择监听的IP地址,`0.0.0.0`会同时监听v6和v4 |
| `SendIP` | 无 | 用于发送数据的 IP 地址 |
| `UpdatePeriodic` | 无 | 从前端更新节点、用户信息和上报用户使用信息的间隔,默认60秒 |
| `EnableDNS` | `true`,`false` | 是否为当前节点启用自定义DNS,默认使用系统DNS |
| `DNSType` | `AsIs`,`UseIP`,`UseIPv4`,`UseIPv6` | DNS解析类型,`AsIs`:使用系统DNS,`UseIP`,`UseIPv4`,`UseIPv6`为使用自定义DNS,请确保`EnableDNS`为`true`,且正确配置了`DnsConfigPath` |
| `EnableProxyProtocol` | `true`,`false` | 是否为当前节点启用ProxyProtocol获取中转IP,只对TCP和WS有效 |
| `EnableFallback` | `true`,`false` | 是否为当前节点启用Fallback,只对Vless和Trojan协议有效 |
| `FallBackConfigs` | list | Fallback 相关配置,请查看 [Fallback功能说明](../functions/fallback.md) |


#### 证书申请相关配置

XrayR 支持多种自动申请证书配置。申请到的证书将会放在XrayR软件运行目录的`.lego`文件夹下。
XrayR 支持多种自动申请证书配置。申请到的证书将会放在**配置文件(config.yml)目录的`cert`文件夹下**

``` yaml
CertConfig:
Expand Down
2 changes: 1 addition & 1 deletion functions/cert.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# 自动申请证书说明

XrayR 支持多种自动申请证书配置。申请到的证书将会放在XrayR软件运行目录的`.lego`文件夹下。
XrayR 支持多种自动申请证书配置。申请到的证书将会放在**配置文件(config.yml)目录的`cert`文件夹下**

以下是自动申请证书的相关配置文件说明。

Expand Down
63 changes: 63 additions & 0 deletions functions/fallback.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# Fallback 功能说明


> fallback 为 Xray 提供了高强度的防主动探测性, 并且具有独创的首包回落机制.
>
> fallback 也可以将不同类型的流量根据 path 进行分流, 从而实现一个端口, 多种服务共享.
>
> 目前您可以在使用 VLESS 或者 trojan 协议时, 通过配置 fallbacks 来使用回落这一特性, 并且创造出非常丰富的组合玩法.
>
> ---https://xtls.github.io/config/fallback/
## 启用Fallback功能
设置`EnableFallback``true`,并配置`FallBackConfigs`
``` yaml
ControllerConfig:
EnableFallback: true # Only support for Trojan and Vless
FallBackConfigs: # Support multiple fallbacks
-
SNI: # TLS SNI(Server Name Indication), Empty for any
Path: # HTTP PATH, Empty for any
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
```
## 配置Fallback
XrayR遵循Xray设计思路,支持一个节点多个Fallback设置,因此`FallBackConfigs`为一个数组,每个一个子元素示例如下:
``` yaml
-
SNI: # TLS SNI(Server Name Indication), Empty for any
Path: # HTTP PATH, Empty for any
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
```
### SNI: string
尝试匹配 TLS SNI(Server Name Indication),空为任意,默认为 ""

### Path: string
尝试匹配首包 HTTP PATH,空为任意,默认为空,非空则必须以 "/" 开头,不支持 h2c。

智能:有需要时,VLESS 才会尝试看一眼 PATH(不超过 55 个字节;最快算法,并不完整解析 HTTP),若成功,输出 info realPath = 到日志。
用途:分流其它 inbound 的 WebSocket 流量或 HTTP 伪装流量,没有多余处理、纯粹转发流量,实测比 Nginx 反代更强。

注意:fallbacks 所在入站本身必须是 TCP+TLS,这是分流至其它 WS 入站用的,被分流的入站则无需配置 TLS。

### Dest: string|number
决定 TLS 解密后 TCP 流量的去向,目前支持两类地址:(该项必填,否则无法启动)

1. TCP,格式为 "addr:port",其中 addr 支持 IPv4、域名、IPv6,若填写域名,也将直接发起 TCP 连接(而不走内置的 DNS)。
2. Unix domain socket,格式为绝对路径,形如 "/dev/shm/domain.socket",可在开头加 "@" 代表 abstract,"@@" 则代表带 padding 的 abstract。
若只填 port,数字或字符串均可,形如 80、"80",通常指向一个明文 http 服务(addr 会被补为 "127.0.0.1")。

### ProxyProtocolVer: number
发送 PROXY protocol,专用于传递请求的真实来源 IP 和端口,填版本 1 或 2,默认为 0,即不发送。若有需要建议填 1。

目前填 1 或 2,功能完全相同,只是结构不同,且前者可打印,后者为二进制。Xray 的 TCP 和 WS 入站均已支持接收 PROXY protocol。

> TIP
>
> 若你正在 配置 Nginx 接收 PROXY protocol,除了设置 proxy_protocol 外,还需设置 set_real_ip_from,否则可能会出问题。

## 参考
[Xray Fallback](https://xtls.github.io/config/fallback/)

0 comments on commit d31c5a2

Please sign in to comment.