2gW94/proxy-xray
1
0
Fork 0
mirror of https://github.com/samuelhbne/proxy-xray.git synced 2025-12-17 12:44:38 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Domain/ip block rule support

Browse Source
This commit is contained in:
Samuel Huang
2021-08-28 02:15:36 +10:00
parent 0dfd5e5bee
commit b1d98d47bc
2 changed files with 73 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
README.md
View File

@@ -1,6 +1,6 @@
# proxy-xray # proxy-xray
Xray client container with SOCKS5/HTTP/DNS proxy and QR code support. Running on x86 and arm/arm64 (Raspberry Pi). [Xray](https://github.com/XTLS/Xray-core) client container with SOCKS5/HTTP/DNS proxy and QR code support. Running on x86 and arm/arm64 (Raspberry Pi).
![docker-build](https://github.com/samuelhbne/proxy-xray/workflows/docker-buildx-latest/badge.svg) ![docker-build](https://github.com/samuelhbne/proxy-xray/workflows/docker-buildx-latest/badge.svg)
@@ -15,15 +15,30 @@ $ docker build -t samuelhbne/proxy-xray:amd64 -f Dockerfile.amd64 .
### NOTE1 ### NOTE1
- Please replace Dockerfile.amd64 with the Dockerfile.ARCH match your server accordingly. For example: Dockerfile.arm for 32bit Raspbian, Dockerfile.arm64 for 64bit Ubuntu on Raspberry Pi. Please replace "amd64" with the arch match the current box accordingly. Other supported platforms:
- "arm64" for arm64v8 platforms, Raspberry Pi with Ubuntu-arm64 running, AWS A1, t4g instances etc.
- "arm" for arm32v7 platforms, most Raspberry-Pi releases (except Pi1 and Pi-zero) with Raspbian running.
### NOTE2
- arm32v6 (Pi1 and Pi-zero) users should build the docker images from source rather than run it directly, due to the known issue from upstream Alpine image. WIP.
- arm32v5 platforms are not supported yet.
## How to start proxy-xray container ## How to start proxy-xray container
```shell ```shell
$ docker run --rm samuelhbne/proxy-xray:amd64 $ docker run --rm samuelhbne/proxy-xray
proxy-xray --<ltx|ltt|lttw|mtt|mttw|ttt|tttw|ssa|sst|stdin> [connect options] [-i|--stdin] [-d|--debug] proxy-xray <connection-options>
-i|--stdin [Optional] Read config from stdin instead of auto generation -i|--stdin [Optional] Read config from stdin instead of auto generation
-d|--debug [Optional] Start in debug mode with verbose output -d|--debug [Optional] Start in debug mode with verbose output
--ignore-china [Optional] Add routing rules to avoid domain and ip located in China being proxied
--ignore-domain <domain-rule> [Optional] Add a non-proxy routing rule for domain, like sina.cn or geosite:geosite:geolocation-cn
--ignore-ip <ip-rule> [Optional] Add a non-proxy routing rule for ip, like 1.1.1.1/32 or geoip:cn
--proxy-domain <domain-rule> [Optional] Add a proxy routing rule for domain, like twitter.com or geosite:google-cn
--proxy-ip <ip-rule> [Optional] Add a proxy routing rule for ip, like geoip:netflix
--block-domain <domain-rule> [Optional] Add a block routing rule for domain, like geosite:category-ads-all
--block-ip <ip-rule> [Optional] Add a block routing rule for ip, like geoip:private
--ltx <VLESS-TCP-XTLS option> id@host:port --ltx <VLESS-TCP-XTLS option> id@host:port
--ltt <VLESS-TCP-TLS option> id@host:port --ltt <VLESS-TCP-TLS option> id@host:port
--lttw <VLESS-TCP-TLS-WS option> id@host:port:/webpath --lttw <VLESS-TCP-TLS-WS option> id@host:port:/webpath
@@ -33,12 +48,12 @@ proxy-xray --<ltx|ltt|lttw|mtt|mttw|ttt|tttw|ssa|sst|stdin> [connect options] [-
--ttt <TROJAN-TCP-TLS option> password@host:port --ttt <TROJAN-TCP-TLS option> password@host:port
--tttw <TROJAN-TCP-TLS-WS option> password@host:port:/webpath --tttw <TROJAN-TCP-TLS-WS option> password@host:port:/webpath
$ docker run --name proxy-xray -p 1080:2080 -p 65353:53/udp -p 8123:8223 -d samuelhbne/proxy-xray \ $ docker run --name proxy-xray -p 1080:2080 -p 8123:8223 -p 65353:53/udp -d samuelhbne/proxy-xray \
--ltx myid@mydomain.duckdns.org:443 --ltx myid@mydomain.duckdns.org:443 --ignore-china
... ...
``` ```
### NOTE2 ### NOTE3
- Please replace "mydomain.duckdns.org" with the Xray server domain you want to connect - Please replace "mydomain.duckdns.org" with the Xray server domain you want to connect
- Please replace 1080 (-p 1080:2080) with the port number you set for SOCKS5 proxy TCP listerning. - Please replace 1080 (-p 1080:2080) with the port number you set for SOCKS5 proxy TCP listerning.
@@ -49,10 +64,10 @@ $ docker run --name proxy-xray -p 1080:2080 -p 65353:53/udp -p 8123:8223 -d samu
## How to verify if proxy tunnel is working properly ## How to verify if proxy tunnel is working properly
```shell ```shell
$ curl -sSx socks5h://127.0.0.1:1080 http://ifconfig.co $ curl -sSx socks5h://127.0.0.1:1080 https://ifconfig.co
12.34.56.78 12.34.56.78
$ curl -sSx http://127.0.0.1:8123 http://ifconfig.co $ curl -sSx http://127.0.0.1:8123 https://checkip.amazonaws.com/
12.34.56.78 12.34.56.78
$ dig +short @127.0.0.1 -p 65353 twitter.com $ dig +short @127.0.0.1 -p 65353 twitter.com
@@ -67,7 +82,7 @@ $ docker exec proxy-xray proxychains whois 104.244.42.193|grep OrgId
OrgId: TWITT OrgId: TWITT
``` ```
### NOTE3 ### NOTE4
- curl should return the VPN server address given above if SOCKS5/HTTP proxy works properly. - curl should return the VPN server address given above if SOCKS5/HTTP proxy works properly.
- dig should return resolved IP recorders of twitter.com if DNS server works properly. - dig should return resolved IP recorders of twitter.com if DNS server works properly.
@@ -98,20 +113,21 @@ $ docker rm proxy-xray
### 1. Connect to Vless+TCP+XTLS server ### 1. Connect to Vless+TCP+XTLS server
The following instruction connect to Xray server port 443 in Vless+TCP+XTLS mode with given id. The following instruction connect to Xray server port 443 in Vless+TCP+XTLS mode with given id. All sites and IP from China will not been proxied.
```shell ```shell
$ docker run --name proxy-xray -p 1080:1080 -p 1080:1080/udp -d samuelhbne/proxy-xray --ltx \ $ docker run --name proxy-xray -p 1080:1080 -p 1080:1080/udp -d samuelhbne/proxy-xray --ltx \
myid@mydomain.duckdns.org:443 myid@mydomain.duckdns.org:443 --ignore-china
``` ```
### 2. Connect to Vless+TCP+TLS+Websocket server ### 2. Connect to Vless+TCP+TLS+Websocket server
The following instruction connect to Xray server port 443 in Vless+TCP+TLS+Websocket mode with given id. The following instruction connect to Xray server port 443 in Vless+TCP+TLS+Websocket mode with given id. All apple-cn sites will been proxied. All sites located in China will not be proxied.
```shell ```shell
$ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --lttw \ $ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --lttw \
myid@mydomain.duckdns.org:443:/websocket myid@mydomain.duckdns.org:443:/websocket \
--proxy-domain geosite:apple-vn --ignore-domain geosite:geolocation-cn
``` ```
### 3. Connect to Vless+TCP+TLS+gRPC server ### 3. Connect to Vless+TCP+TLS+gRPC server
@@ -134,9 +150,17 @@ trojan_pass@mydomain.duckdns.org:8443
### 5. Start proxy-xray container in debug mode for for connection issue diagnosis ### 5. Start proxy-xray container in debug mode for for connection issue diagnosis
The following instruction start proxy-xray in debug mode. Output Xray config file and the log to console for connection diagnosis. dnscrypt-proxy will be disabled to avoid flooding the log output. The following instruction start proxy-xray in debug mode. Output Xray config file generated and the Xray log to console for connection diagnosis.
```shell ```shell
$ docker run --rm -p 1080:1080 samuelhbne/proxy-xray \ $ docker run --rm -p 1080:1080 samuelhbne/proxy-xray \
--mttw myid@mydomain.duckdns.org:443:/websocket --debug --mttw myid@mydomain.duckdns.org:443:/websocket --debug
``` ```
## Credits
Thanks to [RPRX](https://github.com/RPRX) for the [Xray](https://github.com/XTLS/Xray-core) project.
Thanks to [Loyalsoldier](https://github.com/Loyalsoldier) for the [v2ray-rules-dat](https://github.com/Loyalsoldier/v2ray-rules-dat) project.
Thanks to [felixonmars](https://github.com/felixonmars) for the [dnsmasq-china-list](https://github.com/felixonmars/dnsmasq-china-list) project.

56
run.sh
View File

@@ -5,14 +5,16 @@ DIR="$(cd $DIR; pwd)"
XCONF=/tmp/proxy-xray.json XCONF=/tmp/proxy-xray.json
usage() { usage() {
echo "proxy-xray --<ltx|ltt|lttw|mtt|mttw|ttt|tttw|ssa|sst|stdin> [connect options] [-i|--stdin] [-d|--debug]" echo "proxy-xray <connection-options>"
echo " -i|--stdin [Optional] Read config from stdin instead of auto generation" echo " -i|--stdin [Optional] Read config from stdin instead of auto generation"
echo " -d|--debug [Optional] Start in debug mode with verbose output" echo " -d|--debug [Optional] Start in debug mode with verbose output"
echo " --ignore-china [Optional] Add rules to avoid domain and ip located in China being proxied" echo " --ignore-china [Optional] Add routing rules to avoid domain and ip located in China being proxied"
echo " --ignore-domain <domain rule> [Optional] Add a non-proxy routing rule for domain, like sina.cn or geosite:apple-cn" echo " --ignore-domain <domain-rule> [Optional] Add a non-proxy routing rule for domain, like sina.cn or geosite:geosite:geolocation-cn"
echo " --ignore-ip <ip rule> [Optional] Add a non-proxy routing rule for ip, like geoip:\!us" echo " --ignore-ip <ip-rule> [Optional] Add a non-proxy routing rule for ip, like 1.1.1.1/32 or geoip:cn"
echo " --proxy-domain <domain rule> [Optional] Add a proxy routing rule for domain, like geosite:apple-cn" echo " --proxy-domain <domain-rule> [Optional] Add a proxy routing rule for domain, like twitter.com or geosite:google-cn"
echo " --proxy-ip <ip rule> [Optional] Add a proxy routing rule for ip, like 1.1.1.1/32 or geoip:netflix" echo " --proxy-ip <ip-rule> [Optional] Add a proxy routing rule for ip, like geoip:netflix"
echo " --block-domain <domain-rule> [Optional] Add a block routing rule for domain, like geosite:category-ads-all"
echo " --block-ip <ip-rule> [Optional] Add a block routing rule for ip, like geoip:private"
echo " --ltx <VLESS-TCP-XTLS option> id@host:port" echo " --ltx <VLESS-TCP-XTLS option> id@host:port"
echo " --ltt <VLESS-TCP-TLS option> id@host:port" echo " --ltt <VLESS-TCP-TLS option> id@host:port"
echo " --lttw <VLESS-TCP-TLS-WS option> id@host:port:/webpath" echo " --lttw <VLESS-TCP-TLS-WS option> id@host:port:/webpath"
@@ -28,7 +30,7 @@ usage() {
Jrules='{"rules":[]}' Jrules='{"rules":[]}'
TEMP=`getopt -o di --long ltx:,ltt:,lttw:,lttg:,mtt:,mttw:,ttt:,tttw:,ssa:,sst:,ignore-domain:,ignore-ip:,ignore-china,proxy-domain:,proxy-ip:,stdin,debug -n "$0" -- $@` TEMP=`getopt -o di --long ltx:,ltt:,lttw:,lttg:,mtt:,mttw:,ttt:,tttw:,ssa:,sst:,ignore-domain:,ignore-ip:,ignore-china,proxy-domain:,proxy-ip:,block-domain:,block-ip:,stdin,debug -n "$0" -- $@`
if [ $? != 0 ] ; then usage; exit 1 ; fi if [ $? != 0 ] ; then usage; exit 1 ; fi
eval set -- "$TEMP" eval set -- "$TEMP"
@@ -46,33 +48,43 @@ while true ; do
shift 2 shift 2
;; ;;
--ignore-domain) --ignore-domain)
Jrules=`echo "${Jrules}" | jq --arg igdomain "$2" \ Jrules=`echo "${Jrules}" | jq --arg igndomain "$2" \
'.rules += [{"type":"field", "outboundTag":"direct", "domain":[$igdomain]}]'` '.rules += [{"type":"field", "outboundTag":"direct", "domain":[$igndomain]}]'`
shift 2 shift 2
;; ;;
--ignore-ip) --ignore-ip)
Jrules=`echo "${Jrules}" | jq --arg igip "$2" \ Jrules=`echo "${Jrules}" | jq --arg ignip "$2" \
'.rules += [{"type":"field", "outboundTag":"direct", "ip":[$igip]}]'` '.rules += [{"type":"field", "outboundTag":"direct", "ip":[$ignip]}]'`
shift 2 shift 2
;; ;;
--ignore-china) --ignore-china)
Jrules=`echo "${Jrules}" | jq --arg igdomain "geosite:apple-cn" \ Jrules=`echo "${Jrules}" | jq --arg igndomain "geosite:apple-cn" \
'.rules += [{"type":"field", "outboundTag":"direct", "domain":[$igdomain]}]'` '.rules += [{"type":"field", "outboundTag":"direct", "domain":[$igndomain]}]'`
Jrules=`echo "${Jrules}" | jq --arg igdomain "geosite:geolocation-cn" \ Jrules=`echo "${Jrules}" | jq --arg igndomain "geosite:geolocation-cn" \
'.rules += [{"type":"field", "outboundTag":"direct", "domain":[$igdomain]}]'` '.rules += [{"type":"field", "outboundTag":"direct", "domain":[$igndomain]}]'`
Jrules=`echo "${Jrules}" | jq --arg igip "geoip:cn" \ Jrules=`echo "${Jrules}" | jq --arg ignip "geoip:cn" \
'.rules += [{"type":"field", "outboundTag":"direct", "ip":[$igip]}]'` '.rules += [{"type":"field", "outboundTag":"direct", "ip":[$ignip]}]'`
IGCHINA=1 IGCHINA=1
shift 1 shift 1
;; ;;
--proxy-domain) --proxy-domain)
Jrules=`echo "${Jrules}" | jq --arg pxdomain "$2" \ Jrules=`echo "${Jrules}" | jq --arg pxydomain "$2" \
'.rules += [{"type":"field", "outboundTag":"proxy", "domain":[$pxdomain]}]'` '.rules += [{"type":"field", "outboundTag":"proxy", "domain":[$pxydomain]}]'`
shift 2 shift 2
;; ;;
--proxy-ip) --proxy-ip)
Jrules=`echo "${Jrules}" | jq --arg pxip "$2" \ Jrules=`echo "${Jrules}" | jq --arg pxyip "$2" \
'.rules += [{"type":"field", "outboundTag":"proxy", "ip":[$pxip]}]'` '.rules += [{"type":"field", "outboundTag":"proxy", "ip":[$pxyip]}]'`
shift 2
;;
--block-domain)
Jrules=`echo "${Jrules}" | jq --arg blkdomain "$2" \
'.rules += [{"type":"field", "outboundTag":"block", "domain":[$blkdomain]}]'`
shift 2
;;
--block-ip)
Jrules=`echo "${Jrules}" | jq --arg blkip "$2" \
'.rules += [{"type":"field", "outboundTag":"block", "ip":[$blkip]}]'`
shift 2 shift 2
;; ;;
-i|--stdin) -i|--stdin)
@@ -120,5 +132,5 @@ if [ "${DEBUG}" = "1" ]; then
cat $XCONF cat $XCONF
fi fi
#exec /usr/local/bin/xray -c $XCONF exec /usr/local/bin/xray -c $XCONF