Squashed commit of the following:

commit 33d01a8946
Author: Samuel Huang <samuelh2006@gmail.com>
Date:   Fri Oct 4 22:53:45 2024 +1000

    Trivy compliant

commit 5d6f0a07d9
Author: Samuel Huang <samuelh2006@gmail.com>
Date:   Fri Oct 4 22:48:43 2024 +1000

    Updated Iran proxy rules example

commit 5de264f09d
Author: Samuel Huang <samuelh2006@gmail.com>
Date:   Fri Oct 4 21:57:13 2024 +1000

    Ignore Action flow updates

.github/workflows/docker-buildx-dev.yml

@@ -7,6 +7,7 @@ on:
       - dev
     paths-ignore:
       - '**/*.md'
+      - '.github/**'
 
 jobs:
   multi-arch-dev:

.github/workflows/docker-buildx-latest.yml

@@ -7,6 +7,7 @@ on:
       - master
     paths-ignore:
       - '**/*.md'
+      - '.github/**'
 
 jobs:
   multi-arch-latest:

.github/workflows/trivy-scan.yml

@@ -0,0 +1,32 @@
+name: Trivy-scanning
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - dev
+
+jobs:
+  Trivy-Scan:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+      -
+        name: Run Trivy fs vulnerability scanner in fs mode
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          #severity: 'CRITICAL'
+      -
+        name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'

Dockerfile

@@ -10,39 +10,40 @@ RUN git clone https://github.com/XTLS/Xray-core.git . && \
     git checkout ${XRAY_VER} && \
     go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main
 
-RUN cd /tmp; \
-    curl -sSLO https://fukuchi.org/works/qrencode/qrencode-${QREC_VER}.tar.gz && \
-    tar xvf qrencode-${QREC_VER}.tar.gz && \
-    cd qrencode-${QREC_VER} && \
-    ./configure --without-png && \
-    make install
+RUN curl -sSLO  https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
+RUN curl -sSLO  https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
 
-RUN cd /usr/local; tar zcvf /tmp/qrencode.tar.gz bin lib share
+RUN curl -sSLO  https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/apple.china.conf
+RUN curl -sSLO https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/google.china.conf
+RUN curl -sSLO https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf
+RUN curl -sSLO https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf
 
-RUN cd /tmp; curl -sSLO  https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
-RUN cd /tmp; curl -sSLO  https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
+WORKDIR /tmp
+RUN curl -sSLO https://fukuchi.org/works/qrencode/qrencode-${QREC_VER}.tar.gz && \
+    tar xvf qrencode-${QREC_VER}.tar.gz
+WORKDIR /tmp/qrencode-${QREC_VER}
+RUN ./configure --without-png && make install
 
-RUN cd /tmp; curl -sSLO  https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/apple.china.conf
-RUN cd /tmp; curl -sSLO https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/google.china.conf
-RUN cd /tmp; curl -sSLO https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf
-RUN cd /tmp; curl -sSLO https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf
+WORKDIR /usr/local
+RUN tar zcvf /tmp/qrencode.tar.gz bin lib share
 
 
 FROM alpine:3.20
 
-COPY --from=builder /go/src/XTLS/Xray-core/xray /usr/local/bin/
-COPY --from=builder /tmp/geosite.dat /usr/local/bin/
-COPY --from=builder /tmp/geoip.dat /usr/local/bin/
+COPY --from=builder /go/src/XTLS/Xray-core/xray         /usr/local/bin/
+COPY --from=builder /go/src/XTLS/Xray-core/geosite.dat  /usr/local/bin/
+COPY --from=builder /go/src/XTLS/Xray-core/geoip.dat    /usr/local/bin/
 
 RUN mkdir -p /etc/dnsmasq.disable
 
-COPY --from=builder /tmp/apple.china.conf /etc/dnsmasq.disable/
-COPY --from=builder /tmp/google.china.conf /etc/dnsmasq.disable/
-COPY --from=builder /tmp/bogus-nxdomain.china.conf /etc/dnsmasq.disable/
-COPY --from=builder /tmp/accelerated-domains.china.conf /etc/dnsmasq.disable/
+COPY --from=builder /go/src/XTLS/Xray-core/apple.china.conf                 /etc/dnsmasq.disable/
+COPY --from=builder /go/src/XTLS/Xray-core/google.china.conf                /etc/dnsmasq.disable/
+COPY --from=builder /go/src/XTLS/Xray-core/bogus-nxdomain.china.conf        /etc/dnsmasq.disable/
+COPY --from=builder /go/src/XTLS/Xray-core/accelerated-domains.china.conf   /etc/dnsmasq.disable/
 
 COPY --from=builder /tmp/qrencode.tar.gz /tmp/
-RUN cd /usr/local && tar xvf /tmp/qrencode.tar.gz
+WORKDIR /usr/local
+RUN tar xvf /tmp/qrencode.tar.gz
 RUN rm /tmp/qrencode.tar.gz
 
 RUN apk --no-cache add bash openssl curl jq moreutils \
@@ -50,29 +51,29 @@ RUN apk --no-cache add bash openssl curl jq moreutils \
 
 RUN sed -i "s/^socks4.*/socks5\t127.0.0.1 1080/g" /etc/proxychains/proxychains.conf
 
-ADD proxy-lgp.sh    /proxy-lgp.sh
-ADD proxy-lgr.sh    /proxy-lgr.sh
-ADD proxy-lgt.sh    /proxy-lgt.sh
+COPY proxy-lgp.sh   /proxy-lgp.sh
+COPY proxy-lgr.sh   /proxy-lgr.sh
+COPY proxy-lgt.sh   /proxy-lgt.sh
 
-ADD proxy-lsp.sh    /proxy-lsp.sh
-ADD proxy-lst.sh    /proxy-lst.sh
+COPY proxy-lsp.sh   /proxy-lsp.sh
+COPY proxy-lst.sh   /proxy-lst.sh
 
-ADD proxy-ltr.sh    /proxy-ltr.sh
-ADD proxy-ltt.sh    /proxy-ltt.sh
+COPY proxy-ltr.sh   /proxy-ltr.sh
+COPY proxy-ltt.sh   /proxy-ltt.sh
 
-ADD proxy-lwp.sh    /proxy-lwp.sh
-ADD proxy-lwt.sh    /proxy-lwt.sh
+COPY proxy-lwp.sh   /proxy-lwp.sh
+COPY proxy-lwt.sh   /proxy-lwt.sh
 
-ADD proxy-mtt.sh    /proxy-mtt.sh
-ADD proxy-mwp.sh    /proxy-mwp.sh
-ADD proxy-mwt.sh    /proxy-mwt.sh
+COPY proxy-mtt.sh   /proxy-mtt.sh
+COPY proxy-mwp.sh   /proxy-mwp.sh
+COPY proxy-mwt.sh   /proxy-mwt.sh
 
-ADD proxy-ttt.sh    /proxy-ttt.sh
-ADD proxy-twp.sh    /proxy-twp.sh
-ADD proxy-twt.sh    /proxy-twt.sh
+COPY proxy-ttt.sh   /proxy-ttt.sh
+COPY proxy-twp.sh   /proxy-twp.sh
+COPY proxy-twt.sh   /proxy-twt.sh
 
-ADD qrcode.sh       /qrcode
-ADD run.sh          /run.sh
+COPY qrcode.sh      /qrcode
+COPY run.sh         /run.sh
 
 RUN chmod 755 /*.sh
 RUN chmod 755 /qrcode

README.md

@@ -159,17 +159,17 @@ $ docker run --name proxy-xray --rm -it -p 1080:1080 samuelhbne/proxy-xray \
 
 ### 4. Connect to TCP-Trojan-TLS server
 
-The following instruction connect to Xray server port 443 in TCP-Trojan-TLS mode with given password; Update geosite and geoip rule dat files; All sites and IPs located in Iran will be connected directly.
+The following instruction connect to Xray server port 443 in TCP-Trojan-TLS mode with given password; Update geosite and geoip rule dat files; All sites and IPs located in Iran will be connected directly. All Iran-related domains that are blocked inside of iran will be proxied.
 
 ```shell
 $ mkdir -p /tmp/rules
 $ cd /tmp/rules
 $ wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
 $ wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
-$ wget -c -t3 -T30 https://github.com/SamadiPour/iran-hosted-domains/releases/download/202108210015/iran.dat
+$ wget -c -t3 -T30 https://github.com/SamadiPour/iran-hosted-domains/releases/download/202409300035/iran.dat
 $ docker run --name proxy-xray --rm -it -p 1080:1080 -v /tmp/rules:/opt/rules samuelhbne/proxy-xray \
 --ttt trojan_pass@mydomain.duckdns.org:8443 \
---rules-path /opt/rules --domain-direct ext:iran.dat:ir --ip-direct geoip:ir
+--rules-path /opt/rules --domain-direct ext:iran.dat:ir --ip-direct geoip:ir --domain-proxy ext:iran.dat:proxy
 ```
 
 ### 5. Start proxy-xray container in debug mode for for connection issue diagnosis