Add REALITY/SPLITHTTP status support, fix QR code support

Dockerfile

@@ -10,12 +10,14 @@ RUN git clone https://github.com/XTLS/Xray-core.git . && \
     git checkout ${XRAY_VER} && \
     go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main
 
-RUN cd /tmp; curl -sSLO https://fukuchi.org/works/qrencode/qrencode-${QREC_VER}.tar.gz && \
+RUN cd /tmp; \
+    curl -sSLO https://fukuchi.org/works/qrencode/qrencode-${QREC_VER}.tar.gz && \
     tar xvf qrencode-${QREC_VER}.tar.gz && \
     cd qrencode-${QREC_VER} && \
     ./configure --without-png && \
-    make && \
+    make install
-    cp -a qrencode /tmp/
+
+RUN cd /usr/local; tar zcvf /tmp/qrencode.tar.gz bin lib share
 
 RUN cd /tmp; curl -sSLO  https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
 RUN cd /tmp; curl -sSLO  https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
@@ -39,7 +41,9 @@ COPY --from=builder /tmp/google.china.conf /etc/dnsmasq.disable/
 COPY --from=builder /tmp/bogus-nxdomain.china.conf /etc/dnsmasq.disable/
 COPY --from=builder /tmp/accelerated-domains.china.conf /etc/dnsmasq.disable/
 
-COPY --from=builder /tmp/qrencode /usr/local/bin/
+COPY --from=builder /tmp/qrencode.tar.gz /tmp/
+RUN cd /usr/local && tar xvf /tmp/qrencode.tar.gz
+RUN rm /tmp/qrencode.tar.gz
 
 RUN apk --no-cache add bash openssl curl jq moreutils \
     whois dnsmasq ca-certificates proxychains-ng
@@ -67,9 +71,10 @@ ADD proxy-ttt.sh    /proxy-ttt.sh
 ADD proxy-twp.sh    /proxy-twp.sh
 ADD proxy-twt.sh    /proxy-twt.sh
 
-ADD status.sh       /status.sh
+ADD status.sh       /status
 ADD run.sh          /run.sh
 
 RUN chmod 755 /*.sh
+RUN chmod 755 /status
 
 ENTRYPOINT ["/run.sh"]

README.md

@@ -7,32 +7,27 @@ Please have a look over the sibling project [server-xray](https://github.com/sam
 ![docker-build](https://github.com/samuelhbne/proxy-xray/workflows/docker-buildx-latest/badge.svg)
 ![docker-build](https://github.com/samuelhbne/proxy-xray/workflows/docker-buildx-dev/badge.svg)
 
-## How to start proxy-xray container
+## Quick start
 
-The following command will:
+The following command will create a VLESS-TCP-TLS-XTLS client connecting to mydomain.com  port 443 with given uid. Expose Socks-proxy port 1080 as a local service.
-
-1. Export SOCKS, HTTP and DNS service ports of proxy-xray
-2. Start proxy-xray on VLESS-TCP-XTLS mode connect to mydomain.duckdns.org port 443 with user-id "myid"
-3. All destination sites and IP in China will not been proxied.
-4. Enable China-accessible domains to be resolved in China
 
 ```shell
-$ docker run --name proxy-xray -p 1080:1080 -p 1080:1080/udp -p 8123:8123 -p 65353:53/udp \
+$ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --lttx myid@mydomain.com:443
--d samuelhbne/proxy-xray --lttx myid@mydomain.duckdns.org:443 --cn-direct --dns-local-cn
 ...
 ```
 
-### NOTE 1
+The following command will create a VLESS-TCP-REALITY-XTLS client connecting to mydomain.com port 443 with given uid, applying yahoo.com as fake destnation, exposing Socks-proxy port 1080, http-proxy port 8123, DNS port 53 as local services. Websites and IP located in China will not been proxied. China-accessible domains will be resolved locally hence to accelerate the local access.
 
-- Please replace "mydomain.duckdns.org" with the Xray server domain you want to connect
+```shell
-- (optional) Please replace 1080 (-p 1080:1080, -p 1080:1080/udp) with the port number you set for SOCKS5 proxy TCP listerning.
+$ docker run --name proxy-xray -p 1080:1080 -p 1080:1080/udp -p 8123:8123 -p 53:53/udp \
-- (optional) Please replace 8123 (-p 8123:8123) with the port number you set for HTTP proxy TCP listerning.
+-d samuelhbne/proxy-xray --cn-direct --dns-local-cn \
-- (optional) Please replace 65353 (-p 65353:53/udp) with the port number you set for DNS UDP listerning.
+--ltrx myid@mydomain.com:443,d=yahoo.com,pub=qAaJnTE_zYWNuXuIdlpIfSt5beveuV4PyBaP76WE7jU
-- Please replace "myid" with the id string or standard UUID (like "MyMobile or "b77af52c-2a93-4b3e-8538-f9f91114ba00") you set for Xray server access.
+...
+```
 
-### NOTE 2
+** NOTE **
 
-Name query for sites outside China like twitter.com will be always forwarded to designated DNS like 1.1.1.1 to avoid the contaminated result. Name query for sites inside China like apple.com.cn will be forwarded to local DNS servers in China to avoid cross region slow access when "--dns-local-cn" options applied. Otherwise dnsmasq will act as a forward only cache server.
+Name query for sites outside China like twitter.com will be always forwarded to designated DNS (1.1.1.1 by default) to avoid the contaminated results. Name query for sites inside China like apple.com.cn will be forwarded to local DNS servers in China to avoid cross region slow access when "--dns-local-cn" options applied. Otherwise all queries will be forwarded to designated DNS server.
 
 ## How to verify if proxy tunnel is working properly
 
@@ -55,7 +50,7 @@ $ docker exec proxy-xray proxychains whois 104.244.42.193|grep OrgId
 OrgId:          TWITT
 ```
 
-### NOTE 3
+** NOTE **
 
 - curl should return the Xray server address given above if SOCKS5/HTTP proxy works properly.
 - dig should return resolved IP recorders of twitter.com if DNS server works properly.
@@ -65,7 +60,7 @@ OrgId:          TWITT
 ## How to get the XRay QR code for mobile connection
 
 ```shell
-$ docker exec -t proxy-xray /status.sh
+$ docker exec -t proxy-xray /status
 VPS-Server: mydomain.duckdns.org
 Xray-URL: vless://myid@mydomain.duckdns.org:443?security=xtls&type=tcp&flow=xtls-rprx-direct#mydomain.duckdns.org:443
 ```
@@ -109,7 +104,7 @@ proxy-xray <connection-options>
     --rules-path    <rules-dir-path>      Folder path contents geoip.dat, geosite.dat and other rule files
 ```
 
-## How to stop and remove the running container
+## How to stop and remove the running xray-proxy container
 
 ```shell
 $ docker stop proxy-xray

status.sh

@@ -23,16 +23,24 @@ case "${PROTOCOL}" in
         XHOST=`cat $XCONF | jq -r '.outbounds[0].settings.vnext[0].address'`
         XPORT=`cat $XCONF | jq -r '.outbounds[0].settings.vnext[0].port'`
         WPATH=`cat $XCONF | jq -r '.outbounds[0].streamSettings.wsSettings.path'`
+        SPATH=`cat $XCONF | jq -r '.outbounds[0].streamSettings.splithttpSettings.path'`
         SVCNAME=`cat $XCONF | jq -r '.outbounds[0].streamSettings.grpcSettings.serviceName'`
         UUID=`cat $XCONF | jq -r '.outbounds[0].settings.vnext[0].users[0].id'`
         XENCRYPT=`cat $XCONF | jq -r '.outbounds[0].settings.vnext[0].users[0].encryption'`
         XSEC=`cat $XCONF | jq -r '.outbounds[0].streamSettings.security'`
+        RPBK=`cat $XCONF | jq -r '.outbounds[0].streamSettings.realitySettings.publicKey'`
+        RSNI=`cat $XCONF | jq -r '.outbounds[0].streamSettings.realitySettings.serverName'`
+        RSID=`cat $XCONF | jq -r '.outbounds[0].streamSettings.realitySettings.shortId'`
         XNETWORK=`cat $XCONF | jq -r '.outbounds[0].streamSettings.network'`
         XFLOW=`cat $XCONF | jq -r '.outbounds[0].settings.vnext[0].users[0].flow'`
         XURL="${PROTOCOL}://${UUID}@${XHOST}:${XPORT}?security=${XSEC}&type=${XNETWORK}"
         if [ "${XFLOW}" != "null" ]; then XURL="${XURL}&flow=${XFLOW}"; fi
         if [ "${WPATH}" != "null" ]; then XURL="${XURL}&path=$(urlencode ${WPATH})"; fi
+        if [ "${SPATH}" != "null" ]; then XURL="${XURL}&path=$(urlencode ${SPATH})"; fi
         if [ "${SVCNAME}" != "null" ]; then XURL="${XURL}&serviceName=${SVCNAME}&mode=gun"; fi
+        if [ "${RPBK}" != "null" ]; then XURL="${XURL}&pbk=${RPBK}"; fi
+        if [ "${RSNI}" != "null" ]; then XURL="${XURL}&sni=${RSNI}"; fi
+        if [ "${RSID}" != "null" ]; then XURL="${XURL}&sid=${RSID}"; fi
         XURL="${XURL}#${XHOST}:${XPORT}"
         ;;
     vmess)