Youtube视频
一键安装脚本
安装指定版本
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --version 1.8.6安装最新稳定版
# 通过root用户安装,会覆盖已有安装文件
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root卸载
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove --purge服务端配置文件(带注释)
{
// 日志模块
"log": {
"loglevel": "info",
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log"
},
// api模块
"api": {
"tag": "api",
// HandlerService 用于出入站代理的新增和删除。添加入站代理用户的新增和删除
// LoggerService 支持对内置logger的重启,可以配置logrotate进行日志文件的操作
// StatsService 数据统计服务,可以获取用户的流量数据以及全局的流量数据
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
// 流量统计模块,开启后只需要在policy中启动对应的统计项,用户需要设置email
"stats": {},
// 本地策略模块
"policy": {
// 开启用户级别为0的用户的流量上下行统计
"levels": {
"0": {
"statsUserUplink": true,
"statsUserDownlink": true
}
},
// 开启xray进入站代理的上下行流量统计
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true,
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
// dns模块
"dns": {
"servers": [
// 自定义dns服务器,可以解锁流媒体,不需要请删除
{
"address": "1.2.3.4",
"port": 5353,
// 包含的域名优先使用该dns服务器查询
"domains": [
"domain:netflix.com"
]
},
"https+local://cloudflare-dns.com/dns-query",
"1.1.1.1",
"1.0.0.1",
"8.8.8.8",
"8.8.4.4",
"localhost"
]
},
// 入站模块
"inbounds": [
// 定义名称为“api”的入站代理
{
"listen": "127.0.0.1",
"port": 10086,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api",
"sniffing": null
},
// 定义vless入站分流代理
{
"tag": "vless-tcp-xtls",
"listen": "0.0.0.0",
// 监听443端口,TLS的入口点
"port": 443,
// 协议使用vless才会做后续的回落处理
"protocol": "vless",
"settings": {
// 用户配置
"clients": [
{
"id": "123456",
"email": "123456@qq.com",
// 指定分流模式,后面“,none”代表兼容普通的tls代理,不需要可删掉
"flow": "xtls-rprx-vision",
"level": 0
}
],
// 填none ,不能留空
"decryption": "none",
// 回落分流配置,目前 XTLS 仅支持 TCP、mKCP、DomainSocket 这三种传输方式
"fallbacks": [
// 回落到web服务的http/1.1伪装服务
{
"dest": "172.17.0.2:80",
"alpn": "http/1.1",
"xver": 1
},
// 回落到web服务的http2伪装服务
{
"dest": "172.17.0.2:81",
"alpn": "h2",
"xver": 1
}
]
},
// 底层传输方式设置
"streamSettings": {
"network": "tcp",
// XTLS Vision 分流模式, 必须是 "tls"
"security": "tls",
"tlsSettings": {
"certificates": [
{
// ocspStapling更新间隔,支持证书热更新,提升https性能
"ocspStapling": 3600,
// 换成自己的证书,绝对路径
"certificateFile": "/data/cert/latata.me/latata.me.cer",
"keyFile": "/data/cert/latata.me/latata.me.key"
}
],
// 可接受最低的的SSL/TLS版本
"minVersion": "1.2",
// 支持的密码套件
"cipherSuites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
// 如果fallback有h2回落,需要在这添加h2。以下是默认值
"alpn": [
"http/1.1",
"h2"
]
}
},
// 启用流量探测
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
// 出站模块
"outbounds": [
// 定义自由出站
{
"protocol": "freedom",
"tag": "direct"
},
// 定义黑洞出站,禁止访问
{
"protocol": "blackhole",
"tag": "blocked"
}
],
// 路由模块
"routing": {
// 域名解析策略,默认是AsIs,也就是只使用域名进行路由选择
// IPIfNonMatch 表示域名没有匹配的时候,解析域名为IP再次匹配(一般我会使用该域名解析策略)
// IPOnDemand 如果匹配到基于IP的规则,将域名解析为IP进行匹配,最精确,但是很慢
"domainStrategy": "IPIfNonMatch",
// 路由规则,从上到下判断。当没有匹配任何规则,流量默认从第一个outbound发出
"rules": [
// 这个是流量进站出站都经过api服务,用来统计流量
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
// 自定义域名路由到"blocked",用于禁止某些网站的访问
{
"domain": [
"domain:iqiyi.com",
"domain:video.qq.com",
"domain:youku.com"
],
"type": "field",
"outboundTag": "blocked"
},
// 匹配到私有ip以及中国ip则路由到名称为"blocked"的outbound
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:private"
],
"outboundTag": "blocked"
},
// 将bt协议的流量路由到"blocked" outbound
{
"protocol": [
"bittorrent"
],
"type": "field",
"outboundTag": "blocked"
}
]
}
}服务端配置文件
{
"log": {
"loglevel": "info",
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log"
},
"api": {
"tag": "api",
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
"stats": {},
"policy": {
"levels": {
"0": {
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true,
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
"dns": {
"servers": [
"https+local://cloudflare-dns.com/dns-query",
"1.1.1.1",
"1.0.0.1",
"8.8.8.8",
"8.8.4.4",
"localhost"
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10086,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api",
"sniffing": null
},
{
"tag": "vless-tcp-xtls",
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "填自己的UUID",
"email": "填自己的邮箱",
"flow": "xtls-rprx-vision",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"dest": "填自己回落到http的web服务地址",
"alpn": "http/1.1",
"xver": 1
},
{
"dest": "填自己回落到http2的web服务地址",
"alpn": "h2",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"ocspStapling": 3600,
"certificateFile": "填自己的证书文件绝对路径",
"keyFile": "填自己的密钥文件的绝对路径"
}
],
"minVersion": "1.2",
"cipherSuites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "blocked"
}
],
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
{
"domain": [
"domain:iqiyi.com",
"domain:video.qq.com",
"domain:youku.com"
],
"type": "field",
"outboundTag": "blocked"
},
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:private"
],
"outboundTag": "blocked"
},
{
"protocol": [
"bittorrent"
],
"type": "field",
"outboundTag": "blocked"
}
]
}
}nginx伪装配置
# 只是简单的案例,实现http和http2的回落。根据自己实际情况修改
server {
listen 80 proxy_protocol;
listen 81 http2 proxy_protocol;
server_name xtls.latata.me;
set_real_ip_from 172.17.0.0/16;
real_ip_header proxy_protocol;
location / {
proxy_pass https://github.com;
proxy_ssl_server_name on;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}客户端配置
{
"log": {
"loglevel": "info"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"domain": [
"domain:my-proxy.com"
],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": [
"domain:my-direct.com"
],
"outboundTag": "direct"
},
{
"type": "field",
"domain": [
"geosite:cn",
"geosite:private"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:private"
],
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 1080,
"protocol": "http",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"listen": "127.0.0.1",
"port": 1081,
"protocol": "socks",
"settings": {
"udp": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "填自己的域名",
"port": 443,
"users": [
{
"id": "填自己的uuid",
"encryption": "none",
"flow": "xtls-rprx-vision"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"allowInsecure": false,
"fingerprint": "random"
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
}
]
}流量统计API使用
# 获取用户的下行流量
xray api stats --server=127.0.0.1:10086 --name "user>>>123456@qq.com>>>traffic>>>downlink"
# 获取用户的上行流量
xray api stats --server=127.0.0.1:10086 --name "user>>>123456@qq.com>>>traffic>>>uplink"
# 查看并重置
xray api stats --server=127.0.0.1:10086 --name "user>>>123456@qq.com>>>traffic>>>uplink" --reset
# 获取指定inbound|outbound流量
xray api stats --server=127.0.0.1:10086 --name "inbound>>>vless-tcp-xtls>>>traffic>>>uplink"
xray api stats --server=127.0.0.1:10086 --name "inbound>>>vless-tcp-xtls>>>traffic>>>downlink"