本配置TLS 由 REALITY 取代,可消除服务端 TLS 指纹特征,仍有前向保密性等,且证书链攻击无效,安全性超越常规 TLS。可指向别人的网站,无需自己买域名、配置 TLS 服务端,更方便,实现向中间人呈现指定 SNI 的全程真实 TLS,可解决 SNI 名单阻断问题。
#安装并将 Xray-core 升级到预发布版本
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --version 1.8.0
#修改Xray配置信息(/usr/local/etc/xray/config.json)
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443, //监听端口
"protocol": "vless",
"settings": {
"clients": [
{
"id": "uuid", //执行xray uuid生成
"flow": "xtls-rprx-vision" //启用XTLS Vision
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": false, // 选填,若为 true,输出调试信息
"dest": "www.microsoft.com:443", //转发给自己设定的目标网站
"xver": 0, //选填,默认关闭PROXY protocol发送
"serverNames": [ // 必填,客户端可用的 serverName 列表,暂不支持 * 通配符
"www.microsoft.com" //修改为目标网站的域名
],
"privateKey": "ILdQxyQYfeI2ZE0NXTDtbUjsdYAYk6EmPVoDSJMsz2A", //修改为执行xray x25519后生成的私钥。
"minClientVer": "1.8.0", //客户端 Xray 最低版本
"shortIds": [
"a3f9df45ae15d6c2" //若有此项,客户端shortId可为空。若不为空,可0到f(0123456789abcdef),长度为2的倍数,长度上限为16。执行:openssl rand -hex 8
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"routing": {
"rules": [
{
"type": "field",
"protocol": [
"bittorrent"
],
"outboundTag": "blocked",
"ip": [
"geoip:cn",
"geoip:private"
]
}
]
},
"outbounds": [
{
"protocol": "freedom",
"settings": {}
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": {}
}
]
}
#目标网站最低标准:国外网站,支持 TLSv1.3 与 H2,域名非跳转。目标网站是否符合标准检查网站:https://www.ssllabs.com/ssltest/
#win版本客户端下载地址:https://github.com/2dust/v2rayN/releases
#安卓客户端下载地址:https://github.com/2dust/v2rayNG/releases
#Xray-core下载地址:https://github.com/XTLS/Xray-core/releases