利用Xray实现Vless、Trojan和Vmess协议共存 作者: Hogwarts 发布于: 2021-03-14 更新于: 2023-02-05 分类: 红杏出墙 前文有v2ray、ss和trojan-go共存,需要各软件分别安装,稍微复杂一些;优点就是各协议为原生协议。本文是利用Xray的超集功能实现XTLS-Xray、Trojan和Vmess。其实可以很简单,就是用官方的一键脚本安装Xray后,修改其配置文件,Xray监听443端口、Trojan监听444端口、V2ray监听445端口就可以了。但这不算是理想配置,毕竟使用443端口可以相对的更好伪装。 <!--more--> 说起分流,实现的方法很多,比如利用Nginx的stream功能、前置Haproxy分流、TLS分流器或443端口复用功能(听说的不知对否)等等。涉及到前置软件分流必然会影响到XTLS的工作效率,如果希望达到更好的效果可以用xray监听443端口,然后分流回落给trojan,再路径分流回落给v2ray。个人建议还是用TCP模式,如果自定义cf玩的好的话也可WS模式。 # 一、搭建前的准备工作 ## 1.1 申请域名(略) ## 1.2 申请证书 https://winamp.top/archives/93.html ## 1.3 官方脚本安装Xray bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install # 二、安装Caddy - 本来安装的是Caddy V1.0.5,过程太复杂了。Caddy的安装不是重点,能用即可。 - 安装Caddy的作用是接受未知流量的探测的回落。 - 推荐Caddy V2 wget https://github.com/caddyserver/caddy/releases/download/v2.3.0/caddy_2.3.0_linux_amd64.deb #下载caddy2,目前是最新稳定版 dpkg -i caddy_2.3.0_linux_amd64.deb #安装 systemctl caddy status #查看运行状态 vim /etc/caddy/Caddyfile #修改caddyfile 将caddy监听的端口改为80。 在caddy指定的路径下最好放个静态的网页(非必须)。 systemctl restart caddy systemctl status caddy #三、方式一 ## 3.1 参考Xray官方的分流建议 ### 3.1.1 理论 https://xtls.github.io/documents/level-1/fallbacks-lv1/ ### 3.1.2 配置 https://github.com/XTLS/Xray-examples/tree/main/VLESS-TCP-XTLS-WHATEVER ### 3.1.3 问题 目前本人发现的问题是vmesstcp分流时,Path在V2rayN中不知道在哪里输入,只得下载client端导入自定义的json。 #四、方式二 ##4.1 安装TLS分流器 bash <(curl -L -s https://raw.githubusercontent.com/liberal-boy/tls-shunt-proxy/master/dist/install.sh) ##4.2 修改配置文件 systemctl stop tls-shunt-proxy.service rm /etc/tls-shunt-proxy/config.yaml vim /etc/tls-shunt-proxy/config.yaml #输入以下内容 listen: 0.0.0.0:443 inboundbuffersize: 4 outboundbuffersize: 32 vhosts: - name: 域名A tlsoffloading: false default: handler: proxyPass args: 127.0.0.1:端口A - name: 域名B tlsoffloading: false default: handler: proxyPass args: 127.0.0.1: 端口B - name: 域名C tlsoffloading: false default: handler: proxyPass args: 127.0.0.1: 端口C #yaml很娇气,注意格式。 ##4.3 试运行 /usr/local/bin/tls-shunt-proxy -config /etc/tls-shunt-proxy/config.yaml 按 ctcl+c 中止 systemctl restart tls-shunt-proxy.service systemctl status tls-shunt-proxy.service ##4.4 修改xray配置文件 systemctl stop xray rm /usr/local/etc/xray/config.json vim /usr/local/etc/xray/config.json #输入以下内容 { "inbounds": [ { "port": 端口A, #修改 "listen":"127.0.0.1", "protocol": "vless", "tag":"VLESSTCP", "settings": { "clients": [ { "id": "UUID", #修改 "add": "", "flow":"xtls-rprx-vision", "email": "Xray@XTLS.com" } ], "decryption": "none", "fallbacks": [ {"dest":80,"xver":0} ] }, "streamSettings": { "network": "tcp", "security": "tls", "minVersion": "1.2", "tlsSettings": { "alpn": [ "http/1.1", "h2" ], "cipherSuites":"TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "preferServerCipherSuites": true, "certificates": [ { "certificateFile": "A域名的证书地址", #修改 "keyFile": " A域名的密钥地址", #修改 "ocspStapling":86400 } ] } } }, { "listen": "127.0.0.1", "port": 端口B, #修改 "protocol": "trojan", "settings": { "clients": [ { "password": "Trojan的密码", #修改 "level": 0, "email": "trojan@XTLS.com", "flow":"xtls-rprx-vision" #此种模式未测试,如不能正常运行,可改为一般模式。 } ], "decryption": "none", "fallbacks": [ { "dest": 80, "xver": 0 } ] }, "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "serverName": "B域名", #修改 "alpn": [ "h2", "http/1.1" ], "cipherSuites":"TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "preferServerCipherSuites": true, "certificates": [ { "certificateFile": " B域名的证书地址", #修改 "keyFile": " B域名的密钥地址", #修改 "ocspStapling": 86400 } ] } } }, { "protocol": "vmess", "listen": "127.0.0.1", "port": 端口C, #修改 "settings": { "clients": [ { "id": "UUID", #修改 "level": 1, "alterId": 64 } ] }, "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "certificates": [ { "certificateFile": "C域名的证书地址", #修改 "keyFile": " C域名的密钥地址" #修改 } ] } } } ], "outbounds":[ { "protocol":"freedom", "settings":{}, "tag":"direct" }, { "protocol":"blackhole", "settings":{}, "tag":"adblock" } ], "routing":{ "domainStrategy":"IPOnDemand", "rules":[ { "domain":[ "googleadsserving.com" ], "type":"field", "outboundTag":"adblock" }, { "type":"field", "outboundTag":"direct", "domain":["geosite:cn"] }, { "type": "field", "outboundTag": "block", "protocol": [ "bittorrent" ] } ] } } ##4.5 试运行 /usr/local/bin/xray run -config /usr/local/etc/xray/config.json 按 ctcl+c 中止 systemctl restart xray systemctl status xray #五、结语 鉴于水平有限,不能提高一个层次,希望高水平的大佬给予理论建议。 标签: xray, v2ray, trojan
评论已关闭