标签归档:xray

xray 链式分流

很多时候,会有一种这样的需求:不希望在本地客户端(如:openrt  Passwall)上进行分流,甚至有的客户端根本不支持分流(如 iPhone 小火箭、Android v2rayNG、Windows v2rayN),那么如何能做到Netflix、Disney Plus透过新加坡节点观看,ChatGPT、动画疯、纬来体育透过中华电信节点来看,其余流量均走香港节点呢?

这时候 xray 链式分流便能解决这一切,本地网络只需要访问香港节点,便可解决这一切。

上海移动&芜湖移动 -> 搬瓦工香港HK85

芜湖电信 ->国内深圳移动VPS NAT鸡->搬瓦工香港HK85

{
    "log": {
        "loglevel": "warning",
        "access": "/var/log/xray/access.log",
        "error": "/var/log/xray/error.log"
    },
    "inbounds": [
        {
            "tag": "vless-in",
            "listen": "0.0.0.0",
            "port": 30553,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "ece2e663-95dc-4aef-9ba8-ca7472eac03b",
                        "flow": "xtls-rprx-vision"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "tcp",
                "security": "reality",
                "realitySettings": {
                    "dest": "www.microsoft.com:443",
                    "serverNames": [
                        "www.microsoft.com",
                        "microsoft.com"
                    ],
                    "privateKey": "eCAH67oe1dJ6jm8SKw5EfZIndktAphzXW5tXLQ7KRnv",
                    "shortIds": [
                        "6ba65179e30d4fc3"
                    ]
                }
            },
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls",
                    "quic"
                ]
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom",
            "tag": "direct"
        },
        {
            "protocol": "shadowsocks",
            "tag": "server_HKBGP",
            "settings": {
                "servers": [
                    {
                        "address": "35.90.122.113",
                        "port": 9527,
                        "method": "aes-256-gcm",
                        "password": "jd1+0}nfVM*@]Y?t"
                    },
                    {
                        "address": "2400:8a20:170::12f",
                        "port": 9527,
                        "method": "aes-256-gcm",
                        "password": "jd1+0}nfVM*@]Y?t"
                    }
                ]
            }
        },
        {
            "protocol": "shadowsocks",
            "tag": "server_SG",
            "settings": {
                "servers": [
                    {
                        "address": "49.150.61.51",
                        "port": 9527,
                        "method": "aes-256-gcm",
                        "password": "jd1+0}nfVM*@]Y?t"
                    },
                    {
                        "address": "2603:c024:450f:3066:c938:9bea:1049:6608",
                        "port": 9527,
                        "method": "aes-256-gcm",
                        "password": "jd1+0}nfVM*@]Y?t"
                    }
                ]
            }
        },
        {
            "protocol": "blackhole",
            "tag": "block"
        }
    ],
    "routing": {
        "rules": [
            {
                "type": "field",
                "domain": [
                    "chatgpt.com",
                    "openai.com",
                    "netflix.com",
                    "netflix.net",
                    "nflximg.com",
                    "nflximg.net",
                    "nflxvideo.net",
                    "nflxext.com",
                    "nflxso.net",
                    "fast.com",
                    "netflix.ca",
                    "nflxsearch.net",
                    "netflixdnstest1.com",
                    "netflixdnstest2.com",
                    "netflixdnstest3.com",
                    "netflixdnstest4.com",
                    "netflixdnstest5.com",
                    "netflixdnstest6.com",
                    "netflixdnstest7.com",
                    "netflixdnstest8.com",
                    "netflixdnstest9.com",
                    "netflixdnstest10.com",
                    "netflixinvestor.com",
                    "netflixtechblog.com",
                    "netflix.com.au",
                    "netflix.com.edgesuite.net",
                    "netflixinvestor.com",
                    "netflixstudios.com",
                    "disney.api.edge.bamgrid.com",
                    "disney-plus.net",
                    "disneyplus.com",
                    "dssott.com",
                    "dssott.com.akamaized.net",
                    "disneynow.com",
                    "disneystreaming.com",
                    "cdn.registerdisney.go.com",
                    "omtrdc.net",
                    "disney.asia",
                    "20thcenturystudios.com.au",
                    "20thcenturystudios.jp",
                    "abc-studios.com",
                    "abc.com",
                    "adobedtm.com",
                    "adventuresbydisney.com",
                    "babble.com",
                    "babyzone.com",
                    "bam.nr-data.net",
                    "beautyandthebeastmusical.co.uk",
                    "conviva.com",
                    "dilcdn.com",
                    "bamgrid.com",
                    "braze.com",
                    "go.com",
                    "d9.flashtalking.com",
                    "disney.com",
                    "disneyjunior.com",
                    "disney-plus.net",
                    "disneyplus.com",
                    "cws.conviva.com",
                    "execute-api.us-east-1.amazonaws.com",
                    "go-mpulse.net",
                    "disneynow.com",
                    "disney-portal.my.onetrust.com",
                    "disneyplus.bn5x.net",
                    "adobedtm.com",
                    "optimizely.com",
                    "disneystreaming.com",
                    "go-disneyworldgo.com",
                    "thestationbymaker.com",
                    "thisispolaris.com",
                    "watchdisneyfe.com",
                    "watchespn.com"
                ],
                "outboundTag": "server_SG"
            },
            {
                "type": "field",
                "inboundTag": ["vless-in"],
                "outboundTag": "server_HKBGP"
            }
        ]
    }
}

 

编译安装Xray

依赖环境

go安装包官网

# 下载适用于 amd CPU x64 的源码包
curl -LO https://go.dev/dl/go1.22.6.linux-amd64.tar.gz

# 下载适用于 arm CPU x64 的源码包 (比如甲骨文云 arm 大盘鸡)
curl -LO https://go.dev/dl/go1.22.6.linux-arm64.tar.gz

# 解压(这里以 arm64 为例)
tar -zxvf go1.22.6.linux-arm64.tar.gz -C /usr/local/

# 将 go 二进制文件加入系统环境变量
echo "export PATH=$PATH:/usr/local/go/bin;" >> /etc/profile

# 刷新环境变量文件
source /etc/profile

编译安装

git clone https://github.com/XTLS/Xray-core.git
cd Xray-core && go mod download
# Linux & MacOS
CGO_ENABLED=0 go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main
# Windows (Powershell)
$env:CGO_ENABLED=0
go build -o xray.exe -trimpath -ldflags "-s -w -buildid=" ./main

将编译好的 xray 可执行二进制文件复制到 /usr/local/bin 中

mv xray /usr/local/bin

配置文件 config.json

# 创建文件夹
mkdir -p /etc/xray

# 生成配置文件
cat > /etc/xray/config.json << EOF
{
    "log": {
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "listen": "0.0.0.0",
            "port": 30553,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "e3e2e563-95ec-4aef-9ba8-cb7472eac03a",
                        "flow": "xtls-rprx-vision"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "tcp",
                "security": "reality",
                "realitySettings": {
                    "dest": "www.mxxx.com:443", 
                    "serverNames": [
                        "www.mxxx.com",
                        "mxxx.com"
                    ],
                    "privateKey": "eCAH67oe1dJ6jm8SKw522341IndktAphzXW5tXLQ7KR64",
                    "shortIds": [
                        "2ba45w79e30d4f64"
                    ]
                }
            },
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls",
                    "quic"
                ]
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom",
            "tag": "direct"
        },
        {
            "protocol": "blackhole",
            "tag": "block"
        }
    ]
}
EOF

systemd 启动文件

cat > /etc/systemd/system/xray.service << EOF
[Unit]
Description=Xray Service
Documentation=https://github.com/xtls
After=network.target nss-lookup.target

[Service]
User=root
#User=nobody
#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/xray run -config /etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23

[Install]
WantedBy=multi-user.target
EOF

将 xray.service 加入开机自启

systemctl daemon-reload
systemctl enable xray.service

更多说明

更多配置说明及各平台客户端配置请参考官方demo

Xray 教程

什么是 Xray ?

简单粗暴来说,Xray 是用来魔法上网的。

它与大名鼎鼎的 V2ray 有什么区别呢?

介绍个故事。一个 Debian 包维护者发现 XTLS库 的 LICENSE 不是 BSD 许可,提了一个 issue 希望作者 @rprx 能修改方便打包,详见点击 这里。由这个 issue 引发了广泛讨论,rprx 认为目前许可不是问题,也有不少人认为协议是立场的体现,各执一词。

最终 V2ray (V2fly 社区) 维护者经过投票确认 XTLS 不符合 V2ray 的 MIT 协议,并在 V2ray-core 4.33.0版本移除了XTLS。rprx 和其拥护者行动起来,很快就创建了 Project X项目Xray子项目(Xray 取名来自 XTLS和 V2ray 的结合),并发布了 Xray-core 的多个版本,这便是 Xray 的大致由来。

为什么使用 Xray ?

Xray 项目创建以来,V2ray 没再发布新版本,反而 Xray 热火朝天,不断出新版和新功能。

Xray + XTLS 组合号称是黑科技,在性能不佳的小鸡身上,有着明显的速度提升。【我也是听说的,没测过】

喜欢折腾。

安装 Xray 服务

实验环境如下

操作系统CentOS 7.9
服务器位置Dallas, Texas, U.S
公网 IP192.227.193.111

通过 官方脚本 安装,首次安装,需要安装 Xray-core 和 geodata。打开 Xshell,使用 root 用户登陆服务器,执行以下命令。

# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root

配置文件

官方脚本安装的配置文件(路径:/usr/local/etc/xray/config.json)内容为空,可参考 Xray-examples 中提供的模板编辑配置文件。例如使用 VLESS+TCP+XTLS 的配置文件为:

{
  "inbounds": [{
    "port": 443,
    "protocol": "vless",
    "settings": {
      "clients": [
        {
          "id": "28b01209-da52-48e1-ba69-23b6b156046e",
          "flow": "xtls-rprx-direct",
          "level": 0
        }
      ],
      "decryption": "none",
      "fallbacks": [
          {
              "alpn": "http/1.1",
              "dest": 80
          },
          {
              "alpn": "h2",
              "dest": 81
          }
      ]
    },
    "streamSettings": {
        "network": "tcp",
        "security": "xtls",
        "xtlsSettings": {
            "serverName": "xray.domain.com",
            "alpn": ["http/1.1", "h2"],
            "certificates": [
                {
                    "certificateFile": "/usr/local/etc/xray/xray.domain.com.pem",
                    "keyFile": "/usr/local/etc/xray/xray.domain.com.key"
                }
            ]
        }
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }]
}

上述配置文件中,certificateFile 和 keyFile 涉及到 https 域名证书注册问题,点击 这里 参考教程。

守护进程脚本

vim /etc/systemd/system/xray.service

[Unit]
Description=Xray Service
Documentation=https://github.com/xtls
After=network.target nss-lookup.target

[Service]
User=root
#User=nobody
#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23

[Install]
WantedBy=multi-user.target

重载 Xray 服务并将其加入开机自启

systemctl daemon-reload && systemctl enable xray

启动 Xray 服务

systemctl start xray

客户端配置

服务端配置好后,接下来是配置客户端。目前有如下客户端支持Xray:

v2rayN – 适用于 Windows 平台

请从它的 GitHub 仓库 Release 页面open in new window 获取最新版

请根据该客户端的说明进行设置

v2rayNG – 适用于 Android 平台

请从它的 GitHub 仓库 Release 页面open in new window 获取最新版

请根据该客户端的说明进行设置

Shadowrocket – 适用于 iOS, 基于苹果 M 芯片的 macOS

你需要注册一个【非中国区】的 iCloud 账户

你需要通过 App Store 搜索并购买

请根据该客户端的说明进行设置

V2RayXS – 基于 V2RayX 开发的一款使用 xray-core 的 macOS 客户端

请从它的 GitHub 仓库 Release 页面open in new window 获取最新版

支持一键导入 VMessAEAD / VLESS 分享链接标准提案open in new window 为标准的分享链接

请根据该客户端的说明进行设置