diff --git a/Dockerfile b/Dockerfile index ffb9f59..4275d62 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,29 +1,29 @@ FROM golang:1.23-alpine3.20 AS builder -ARG XRAY_VER='v1.8.23' +ARG XRAY_VER='v1.8.24' ARG QREC_VER='4.1.1' -RUN apk add --no-cache bash git build-base wget +RUN apk add --no-cache bash git build-base curl -RUN cd /tmp; wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat -RUN cd /tmp; wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat +WORKDIR /go/src/XTLS/Xray-core +RUN git clone https://github.com/XTLS/Xray-core.git . && \ + git checkout ${XRAY_VER} && \ + go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main -RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/apple.china.conf -RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/google.china.conf -RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf -RUN cd /tmp; wget -c -t3 -T30 https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf - -RUN cd /tmp; wget -c -t3 -T30 https://fukuchi.org/works/qrencode/qrencode-${QREC_VER}.tar.gz && \ +RUN cd /tmp; curl -O https://fukuchi.org/works/qrencode/qrencode-${QREC_VER}.tar.gz && \ tar xvf qrencode-${QREC_VER}.tar.gz && \ cd qrencode-${QREC_VER} && \ ./configure --without-png && \ make && \ cp -a qrencode /tmp/ -WORKDIR /go/src/XTLS/Xray-core -RUN git clone https://github.com/XTLS/Xray-core.git . && \ - git checkout ${XRAY_VER} && \ - go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main +RUN cd /tmp; curl -O https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat +RUN cd /tmp; curl -O https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat + +RUN cd /tmp; curl -O https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/apple.china.conf +RUN cd /tmp; curl -O https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/google.china.conf +RUN cd /tmp; curl -O https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf +RUN cd /tmp; curl -O https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf FROM alpine:3.20 diff --git a/README.md b/README.md index 9b84427..f242054 100644 --- a/README.md +++ b/README.md @@ -77,33 +77,36 @@ Xray-URL: vless://myid@mydomain.duckdns.org:443?security=xtls&type=tcp&flow=xtls ```shell $ docker run --rm samuelhbne/proxy-xray proxy-xray - --lx id@host:port[,s=sniname.org] - --ls id@host:port[,s=sniname.org] - --ms id@host:port[,s=sniname.org] - --ts password@host:port[,s=sniname.org] - --lsg id@host:port:svcname[,s=sniname.org] - --lss id@host:port:/webpath[,s=sniname.org] - --lsw id@host:port:/wspath[,s=sniname.org] - --msw id@host:port:/wspath[,s=sniname.org] - --tsw password@host:port:/wspath[,s=sniname.org] - --lpg id@host:port:svcname - --lps id@host:port:/webpath - --lpw id@host:port:/wspath - --mpw id@host:port:/wspath - --tpw password@host:port:/wspath - -d|--debug Start in debug mode with verbose output - -i|--stdin Read config from stdin instead of auto generation - -j|--json '{"log":{"loglevel":"info"}' Json snippet to merge into the config - --dns Designated upstream DNS server IP, 1.1.1.1 will be applied by default - --dns-local-cn Enable China-accessible domains to be resolved in China - --domain-direct Add a domain rule for direct routing, likegeosite:geosite:geolocation-cn - --domain-proxy Add a domain rule for proxy routing, like twitter.com or geosite:google-cn - --domain-block Add a domain rule for block routing, like geosite:category-ads-all - --ip-direct Add a ip-addr rule for direct routing, like 114.114.114.114/32 or geoip:cn - --ip-proxy Add a ip-addr rule for proxy routing, like 1.1.1.1/32 or geoip:netflix - --ip-block Add a ip-addr rule for block routing, like geoip:private - --cn-direct Add routing rules to avoid domains and IPs located in China being proxied - --rules-path Folder path contents geoip.dat, geosite.dat and other rule files + --lgp id@host:port:svcname + --lgr id@host:port:svcname,d=dest.com,pub=xxxx[,shortId=abcd] + --lgt id@host:port:svcname[,s=sni.com] + --lsp id@host:port:/webpath + --lst id@host:port:/webpath[,s=sni.com] + --ltr id@host:port,d=dest.com,pub=xxxx[,shortId=abcd][,xtls] + --ltrx id@host:port,d=dest.com,pub=xxxx[,shortId=abcd] + --ltt id@host:port[,s=sni.com][,xtls] + --lttx id@host:port[,s=sni.com] + --lwp id@host:port:/wspath + --lwt id@host:port:/wspath[,s=sni.com] + --mtt id@host:port[,s=sni.com] + --mwp id@host:port:/wspath + --mwt id@host:port:/wspath[,s=sni.com] + --ttt password@host:port[,s=sni.com] + --twp password@host:port:/wspath + --twt password@host:port:/wspath[,s=sni.com] + -d|--debug Start in debug mode with verbose output + -i|--stdin Read config from stdin instead of auto generation + -j|--json Json snippet to merge into the config. Say '{log:{loglevel:info}' + --dns Designated upstream DNS server IP, 1.1.1.1 will be applied by default + --dns-local-cn Enable China-accessible domains to be resolved in China + --domain-direct Add a domain rule for direct routing, likegeosite:geosite:geolocation-cn + --domain-proxy Add a domain rule for proxy routing, like twitter.com or geosite:google-cn + --domain-block Add a domain rule for block routing, like geosite:category-ads-all + --ip-direct Add a ip-addr rule for direct routing, like 114.114.114.114/32 or geoip:cn + --ip-proxy Add a ip-addr rule for proxy routing, like 1.1.1.1/32 or geoip:netflix + --ip-block Add a ip-addr rule for block routing, like geoip:private + --cn-direct Add routing rules to avoid domains and IPs located in China being proxied + --rules-path Folder path contents geoip.dat, geosite.dat and other rule files ``` ## How to stop and remove the running container @@ -117,37 +120,37 @@ $ docker rm proxy-xray ## More complex examples -### 1. Connect to Vless+TCP+XTLS server +### 1. Connect to Vless-TCP-TLS-XTLS server The following instruction connect to mydomain.duckdns.org port 443 in Vless+TCP+XTLS mode. Connection made via IP address to avoid DNS contamination. TLS servername provided via parameter. All destination sites and IP located in China will not been proxied. ```shell $ docker run --name proxy-xray -p 1080:1080 -p 1080:1080/udp -d samuelhbne/proxy-xray \ ---lx myid@12.34.56.78:443,serverName=mydomain.duckdns.org --cn-direct +--lttx myid@12.34.56.78:443,serverName=mydomain.duckdns.org --cn-direct ``` -### 2. Connect to Vless+TCP+TLS+Websocket server +### 2. Connect to Vless-Websocket-TLS server The following instruction connect to Xray server port 443 in Vless+TCP+TLS+Websocket mode with given id. All apple-cn sites will be proxied. All sites located in China will not be proxied. ```shell $ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray \ ---lsw myid@mydomain.duckdns.org:443:/websocket \ +--lwt myid@mydomain.duckdns.org:443:/websocket \ --domain-proxy geosite:apple-cn --domain-direct geosite:geolocation-cn ``` -### 3. Connect to Vless+TCP+TLS+gRPC server +### 3. Connect to Vless-gRPC-TLS server -The following instruction connect to Xray server port 443 in Vless+TCP+TLS+gRPC mode with given password. All sites not located in China will be proxied. You need to escape '!' character in --domain-proxy parameter to be accepted by shell. +The following instruction connect to Xray server port 443 in Vless-gRPC-TLS mode with given password. All sites not located in China will be proxied. You need to escape '!' character in --domain-proxy parameter to be accepted by shell. ```shell $ docker run --name proxy-xray -p 1080:1080 samuelhbne/proxy-xray \ ---lsg myid@mydomain.duckdns.org:443:gsvc --domain-proxy geosite:geolocation-\!cn +--lgt myid@mydomain.duckdns.org:443:gsvc --domain-proxy geosite:geolocation-\!cn ``` -### 4. Connect to TCP+TLS+Trojan server +### 4. Connect to TCP-Trojan-TLS server -The following instruction connect to Xray server port 443 in TCP+TLS+Trojan mode with given password; Update geosite and geoip rule dat files; All sites and IPs located in Iran will be connected directly. +The following instruction connect to Xray server port 443 in TCP-Trojan-TLS mode with given password; Update geosite and geoip rule dat files; All sites and IPs located in Iran will be connected directly. ```shell $ mkdir -p /tmp/rules @@ -156,7 +159,7 @@ $ wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/releases/late $ wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat $ wget -c -t3 -T30 https://github.com/SamadiPour/iran-hosted-domains/releases/download/202108210015/iran.dat $ docker run --name proxy-xray -p 1080:1080 -v /tmp/rules:/opt/rules -d samuelhbne/proxy-xray \ ---ts trojan_pass@mydomain.duckdns.org:8443 \ +--ttt trojan_pass@mydomain.duckdns.org:8443 \ --rules-path /opt/rules --domain-direct ext:iran.dat:ir --ip-direct geoip:ir ``` @@ -166,7 +169,7 @@ The following instruction start proxy-xray in debug mode. Output Xray config fil ```shell $ docker run --rm -p 1080:1080 samuelhbne/proxy-xray \ ---msw myid@mydomain.duckdns.org:443:/websocket --debug +--mwt myid@mydomain.duckdns.org:443:/websocket --debug ``` ### NOTE 4 diff --git a/proxy-lgr.sh b/proxy-lgr.sh index 1368f5a..efdbde3 100755 --- a/proxy-lgr.sh +++ b/proxy-lgr.sh @@ -67,6 +67,12 @@ if [ -z "${port}" ]; then port=443 fi +if [ -z "${publicKey}" ]; then + >&2 echo "Error: publicKey undefined." + usage + exit 1 +fi + if ! [ "${port}" -eq "${port}" ] 2>/dev/null; then >&2 echo "Port number must be numeric"; exit 1; fi # User settings diff --git a/proxy-ltr.sh b/proxy-ltr.sh index 63815b5..0e11925 100755 --- a/proxy-ltr.sh +++ b/proxy-ltr.sh @@ -66,6 +66,12 @@ if [ -z "${port}" ]; then port=443 fi +if [ -z "${publicKey}" ]; then + >&2 echo "Error: publicKey undefined." + usage + exit 1 +fi + if ! [ "${port}" -eq "${port}" ] 2>/dev/null; then >&2 echo "Port number must be numeric"; exit 1; fi # User settings diff --git a/run.sh b/run.sh index 4ef6ebb..5b56f8b 100755 --- a/run.sh +++ b/run.sh @@ -6,41 +6,43 @@ XCONF=/tmp/proxy-xray.json usage() { echo "proxy-xray " - echo " --lgp id@host:port:svcname" - echo " --lgr id@host:port:svcname,d=dest.com,pub=xxxx[,shortId=abcd]" - echo " --lgt id@host:port:svcname[,s=sni.com]" - echo " --lsp id@host:port:/webpath" - echo " --lst id@host:port:/webpath[,s=sni.com]" - echo " --ltr id@host:port,d=dest.com,pub=xxxx[,shortId=abcd][,xtls]" - echo " --ltt id@host:port[,s=sni.com][,xtls]" - echo " --lwp id@host:port:/wspath" - echo " --lwt id@host:port:/wspath[,s=sni.com]" - echo " --mtt id@host:port[,s=sni.com]" - echo " --mwp id@host:port:/wspath" - echo " --mwt id@host:port:/wspath[,s=sni.com]" - echo " --ttt password@host:port[,s=sni.com]" - echo " --twp password@host:port:/wspath" - echo " --twt password@host:port:/wspath[,s=sni.com]" - echo " -d|--debug Start in debug mode with verbose output" - echo " -i|--stdin Read config from stdin instead of auto generation" - echo " -j|--json '{"log":{"loglevel":"info"}' Json snippet to merge into the config" - echo " --dns Designated upstream DNS server IP, 1.1.1.1 will be applied by default" -# echo " --dns-local Enable designated domain conf file. Like apple.china.conf" - echo " --dns-local-cn Enable China-accessible domains to be resolved in China" - echo " --domain-direct Add a domain rule for direct routing, likegeosite:geosite:geolocation-cn" - echo " --domain-proxy Add a domain rule for proxy routing, like twitter.com or geosite:google-cn" - echo " --domain-block Add a domain rule for block routing, like geosite:category-ads-all" - echo " --ip-direct Add a ip-addr rule for direct routing, like 114.114.114.114/32 or geoip:cn" - echo " --ip-proxy Add a ip-addr rule for proxy routing, like 1.1.1.1/32 or geoip:netflix" - echo " --ip-block Add a ip-addr rule for block routing, like geoip:private" - echo " --cn-direct Add routing rules to avoid domains and IPs located in China being proxied" - echo " --rules-path Folder path contents geoip.dat, geosite.dat and other rule files" + echo " --lgp id@host:port:svcname" + echo " --lgr id@host:port:svcname,d=dest.com,pub=xxxx[,shortId=abcd]" + echo " --lgt id@host:port:svcname[,s=sni.com]" + echo " --lsp id@host:port:/webpath" + echo " --lst id@host:port:/webpath[,s=sni.com]" + echo " --ltr id@host:port,d=dest.com,pub=xxxx[,shortId=abcd][,xtls]" + echo " --ltrx id@host:port,d=dest.com,pub=xxxx[,shortId=abcd]" + echo " --ltt id@host:port[,s=sni.com][,xtls]" + echo " --lttx id@host:port[,s=sni.com]" + echo " --lwp id@host:port:/wspath" + echo " --lwt id@host:port:/wspath[,s=sni.com]" + echo " --mtt id@host:port[,s=sni.com]" + echo " --mwp id@host:port:/wspath" + echo " --mwt id@host:port:/wspath[,s=sni.com]" + echo " --ttt password@host:port[,s=sni.com]" + echo " --twp password@host:port:/wspath" + echo " --twt password@host:port:/wspath[,s=sni.com]" + echo " -d|--debug Start in debug mode with verbose output" + echo " -i|--stdin Read config from stdin instead of auto generation" + echo " -j|--json Json snippet to merge into the config. Say '{"log":{"loglevel":"info"}'" + echo " --dns Designated upstream DNS server IP, 1.1.1.1 will be applied by default" +# echo " --dns-local Enable designated domain conf file. Like apple.china.conf" + echo " --dns-local-cn Enable China-accessible domains to be resolved in China" + echo " --domain-direct Add a domain rule for direct routing, likegeosite:geosite:geolocation-cn" + echo " --domain-proxy Add a domain rule for proxy routing, like twitter.com or geosite:google-cn" + echo " --domain-block Add a domain rule for block routing, like geosite:category-ads-all" + echo " --ip-direct Add a ip-addr rule for direct routing, like 114.114.114.114/32 or geoip:cn" + echo " --ip-proxy Add a ip-addr rule for proxy routing, like 1.1.1.1/32 or geoip:netflix" + echo " --ip-block Add a ip-addr rule for block routing, like geoip:private" + echo " --cn-direct Add routing rules to avoid domains and IPs located in China being proxied" + echo " --rules-path Folder path contents geoip.dat, geosite.dat and other rule files" } Jrules='{"rules":[]}' -TEMP=`getopt -o j:di --long lgp:,lgr:,lgt:,lsp:,lst:,ltr:,ltt:,lwp:,lwt:,mtt:,mwp:,mwt:,ttt:,twp:,twt:,stdin,debug,dns:,dns-local:,dns-local-cn,domain-direct:,domain-proxy:,domain-block:,ip-direct:,ip-proxy:,ip-block:,cn-direct,rules-path:json: -n "$0" -- $@` +TEMP=`getopt -o j:di --long lgp:,lgr:,lgt:,lsp:,lst:,ltr:,ltrx:,ltt:,lttx:,lwp:,lwt:,mtt:,mwp:,mwt:,ttt:,twp:,twt:,stdin,debug,dns:,dns-local:,dns-local-cn,domain-direct:,domain-proxy:,domain-block:,ip-direct:,ip-proxy:,ip-block:,cn-direct,rules-path:json: -n "$0" -- $@` if [ $? != 0 ] ; then usage; exit 1 ; fi eval set -- "$TEMP" while true ; do @@ -56,6 +58,18 @@ while true ; do fi shift 2 ;; + # Alias options + --ltrx|--lttx) + subcmd=`echo $1|tr -d '\-\-'|tr -d x` + $DIR/proxy-${subcmd}.sh $2,xtls >$XCONF + if [ $? != 0 ]; then + echo "${subcmd} Config failed: $DIR/proxy-${subcmd}.sh $2" + exit 2 + else + XRAYCFG=1 + fi + shift 2 + ;; --dns) DNS=$2 shift 2