2gW94/server-xray
1
0
Fork 0
mirror of https://github.com/samuelhbne/server-xray.git synced 2025-12-17 04:14:40 +03:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Set publicKey optional

Browse Source
This commit is contained in:
Samuel Huang
2024-09-12 16:15:41 +10:00
parent 0f83efa5b5
commit 27ba6f7652
4 changed files with 93 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
README.md
View File

@@ -61,31 +61,36 @@ $ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com
```shell ```shell
$ docker run --rm samuelhbne/server-xray $ docker run --rm samuelhbne/server-xray
server-xray <server-options> server-xray <server-options>
--lx <VLESS-XTLS option> [p=443,]d=domain.com,u=id[:level[:email]] --lgp <VLESS-GRPC-PLN option> p=11443,u=id1,u=id2...,s=svcname
--ls <VLESS-TLS option> [p=443,]d=domain.com,u=id[:level[:email]] --lgr <VLESS-GRPC-RLTY option> p=12443,u=id1,u=id2...,s=svcname,d=dest.com,pub=xx,prv=yy[,shortId=ab]
--ms <VMESS-TLS option> [p=443,]d=domain.com,u=id[:level[:email]] --lgt <VLESS-GRPC-TLS option> p=13443,u=id1,u=id2...,s=svcname,d=domain.com
--ts <TROJAN-TLS option> [p=443,]d=domain.com,u=psw[:level[:email]] --lsp <VLESS-SPLT-PLN option> p=14443,u=id1,u=id2...,w=/webpath
--lsg <VLESS-TLS-GRPC option> [p=443,]d=domain.com,u=id[:level[:email]],s=svcname --lst <VLESS-SPLT-TLS option> p=16443,u=id1,u=id2...,w=/webpath,d=domain.com
--lss <VLESS-TLS-SPLT option> [p=443,]d=domain.com,u=id[:level[:email]],w=/webpath --ltr <VLESS-TCP-RLTY option> p=17443,u=id1,u=id2...,d=dest.com,pub=xx,prv=yy[,shortId=ab],[xtls]
--lsw <VLESS-TLS-WS option> [p=443,]d=domain.com,u=id[:level[:email]],w=/wspath --ltrx <VLESS-TCP-RLTY-XTLS option> p=17443,u=id1,u=id2...,d=dest.com,pub=xx,prv=yy[,shortId=ab]
--msw <VMESS-TLS-WS option> [p=443,]d=domain.com,u=id[:level[:email]],w=/wspath --ltt <VLESS-TCP-TLS option> p=18443,u=id1,u=id2...,d=domain.com,[xtls]
--tsw <TROJAN-TLS-WS option> [p=443,]d=domain.com,u=psw[:level[:email]],w=/wspath --lttx <VLESS-TCP-TLS-XTLS option> p=18443,u=id1,u=id2...,d=domain.com
--lpg <VLESS-PLN-GRPC option> [p=443,]u=id[:level[:email]],s=svcname --lwp <VLESS-WS-PLN option> p=19443,u=id1,u=id2...,w=/wskpath
--lps <VLESS-PLN-SPLT option> [p=443,]u=id[:level[:email]],w=/webpath --lwt <VLESS-WS-TLS option> p=22443,u=id1,u=id2...,w=/wskpath,d=domain.com
--lpw <VLESS-PLN-WS option> [p=443,]u=id[:level[:email]],w=/wspath --mtt <VMESS-TCP-TLS option> p=23443,u=id1,u=id2...,d=domain.com
--mpw <VMESS-PLN-WS option> [p=443,]u=id[:level[:email]],w=/wspath --mwp <VMESS-WS-PLN option> p=24443,u=id1,u=id2...,w=/wskpath
--tpw <TROJAN-PLN-WS option> [p=443,]u=psw[:level[:email]],w=/wspath --mwt <VMESS-WS-TLS option> p=25443,u=id1,u=id2...,w=/wskpath,d=domain.com
--ng-opt <nginx-options> [p=443,]d=domain0.com[,d=domain1.com][...] --ttt <TROJAN-TCP-TLS option> p=26443,u=pw1,u=pw2...,d=domain.com
--ng-proxy <nginx-proxy-options> [d=domain0.com,][d=domain1.com,]p=port-backend,l=location,n=ws|grpc|splt --twp <TROJAN-WS-PLN option> p=27443,u=pw1,u=pw2...,w=/wskpath
--domain-block <domain-rule> Add a domain rule for routing block, like geosite:category-ads-all --twt <TROJAN-WS-TLS option> p=28443,u=pw1,u=pw2...,w=/wskpath,d=domain.com
--ng-server <nginx-server-options> p=8443,d=domain0.com,d=domain1.com...
--ng-proxy <nginx-proxy-options> d=domain0.com,d=domain1.com,p=port-backend,l=location,n=ws|grpc|splt
--st-port <stream-port-number> 443
--st-map <stream-map-options> sni=domain.com,ups=127.0.0.1:8443
--domain-block <domain-rule> Add a domain rule for routing-server block, like geosite:category-ads-all
--ip-block <ip-rule> Add a ip-addr rule for routing block, like geoip:private --ip-block <ip-rule> Add a ip-addr rule for routing block, like geoip:private
--cn-block Add routing rules to avoid domains and IPs located in China being proxied --cn-block Add routing rules to avoid domains and IPs located in China being proxied
-u|--user <global-user-options> u=id0[:level[:email]][,u=id1][...] -u|--user <global-user-options> u=id0,u=id1...
-k|--hook <hook-url> DDNS update or notifing URL to be hit -k|--hook <hook-url> DDNS update or notifing URL to be hit
-r|--request-domain <domain-name> Domain name to request for letsencrypt cert -r|--request-domain <domain-name> Domain name to request for letsencrypt cert
-c|--cert-home <cert-home-dir> Reading TLS certs from folder <cert-home-dir>/<domain-name>/ -c|--cert-home <cert-home-dir> Reading TLS certs from folder <cert-home-dir>/<domain-name>/
-i|--stdin Read config from STDIN instead of auto generation -i|--stdin Read config from STDIN instead of auto generation
-j|--json '{"log":{"loglevel":"info"}' Json snippet to merge into the config -j|--json Json snippet to merge into the config. Say '{log:{loglevel:info}'
-d|--debug Start in debug mode with verbose output -d|--debug Start in debug mode with verbose output
``` ```
@@ -106,8 +111,8 @@ The following command will:
1. Update domain1 and domain2 with the current IP address server-xray running 1. Update domain1 and domain2 with the current IP address server-xray running
2. Request TLS certs from Letsencrypt for domain1 and domain2 2. Request TLS certs from Letsencrypt for domain1 and domain2
3. Create Vless+TLS+Websocket server on port 443 with the cert of domain1 3. Create Vless-TCP-TLS-XTLS server on port 443 with the cert of domain1
4. Create Trojan server on port 8443 with the cert of domain2 as fallback 4. Create Trojan-TCP-TLS server on port 8443 with the cert of domain2 as fallback
### NOTE 3 ### NOTE 3
@@ -115,8 +120,8 @@ Port 80 must be exported for TLS domain ownership verification
```shell ```shell
$ docker run --name server-xray -p 80:80 -p 443:443 -p 8443:8443 -d samuelhbne/server-xray \ $ docker run --name server-xray -p 80:80 -p 443:443 -p 8443:8443 -d samuelhbne/server-xray \
--lx p=443,d=domain1.duckdns.org,u=myid,f=:8443 \ --ltrx p=443,d=domain1.duckdns.org,u=myid,f=:8443 \
--ts p=8443,d=domain2.duckdns.org,u=trojan_pass \ --ttt p=8443,d=domain2.duckdns.org,u=trojan_pass \
-k https://duckdns.org/update/domain1/c9711c65-db21-4f8c-a790-2c32c93bde8c \ -k https://duckdns.org/update/domain1/c9711c65-db21-4f8c-a790-2c32c93bde8c \
-k https://duckdns.org/update/domain2/c9711c65-db21-4f8c-a790-2c32c93bde8c \ -k https://duckdns.org/update/domain2/c9711c65-db21-4f8c-a790-2c32c93bde8c \
-r domain1.duckdns.org \ -r domain1.duckdns.org \
@@ -124,10 +129,10 @@ $ docker run --name server-xray -p 80:80 -p 443:443 -p 8443:8443 -d samuelhbne/s
... ...
``` ```
#### XTLS connection verifying instructions #### Vless-TCP-TLS-XTLS connection verifying instructions
```shell ```shell
$ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --ltx \ $ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --ltrx \
myid@mydomain.duckdns.org:443 myid@mydomain.duckdns.org:443
$ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com $ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com
@@ -140,10 +145,10 @@ Xray-URL: vless://myid@domain1.duckdns.org:443?security=xtls&type=tcp&flow=xtls-
... ...
``` ```
#### Trojan connection verifying instructions #### Trojan-TCP-TLS connection verifying instructions
```shell ```shell
$ docker run --name proxy-xray -p 2080:1080 -d samuelhbne/proxy-xray --ts \ $ docker run --name proxy-xray -p 2080:1080 -d samuelhbne/proxy-xray --ttt \
trojan_pass@domain2.duckdns.org:8443 trojan_pass@domain2.duckdns.org:8443
$ curl -sSx socks5h://127.0.0.1:2080 https://checkip.amazonaws.com $ curl -sSx socks5h://127.0.0.1:2080 https://checkip.amazonaws.com
@@ -156,7 +161,7 @@ Xray-URL: trojan://trojan_pass@domain2.duckdns.org:8443#domain2.duckdns.org:8443
... ...
``` ```
### 2. Running a Vless+TLS+Websocket server with existing TLS cert ### 2. Running a Vless-Websocket-TLS server with existing TLS cert
The following command will: The following command will:
@@ -168,15 +173,14 @@ The following command will:
```shell ```shell
$ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d samuelhbne/server-xray \ $ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d samuelhbne/server-xray \
--lsw d=mydomain.duckdns.org,u=myid,w=/websocket,f=microsoft.com:80 \ --lwt d=mydomain.duckdns.org,u=myid,w=/websocket,f=microsoft.com:80 -c /opt/cert
-c /opt/cert
... ...
``` ```
#### Websocket connection verifying instructions #### Vless-Websocket-TLS connection verifying instructions
```shell ```shell
$ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --lsw \ $ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --lwt \
myid@mydomain.duckdns.org:443:/websocket myid@mydomain.duckdns.org:443:/websocket
$ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com $ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com
@@ -189,30 +193,30 @@ Xray-URL: vless://myid@mydomain.duckdns.org:443?security=tls&type=ws&path=%2Fweb
... ...
``` ```
### 3. Running a Vless+TCP+PLAN+gRPC server + Nginx TLS front, with existing TLS cert ### 3. Running a Vless-gRPC-PLAIN server and Nginx TLS front, with existing TLS cert
The following command will: The following command will:
1. Assume to read TLS cert from /home/ubuntu/cert/mydomain.duckdns.org/fullchain.cer 1. Assume to read TLS cert from /home/ubuntu/cert/mydomain.duckdns.org/fullchain.cer
2. Assume to read private key from /home/ubuntu/cert/mydomain.duckdns.org/mydomain.duckdns.org.key 2. Assume to read private key from /home/ubuntu/cert/mydomain.duckdns.org/mydomain.duckdns.org.key
3. Assume mydomain.duckdns.org has been resolved to the current server 3. Assume mydomain.duckdns.org has been resolved to the current server
4. Run Xray in Vless+TCP+PLAN+gRPC mode on port 65443 4. Run Xray in Vless+TCP+PLAIN+gRPC mode on port 65443
5. Run nginx on port 443 as a TLS front to protect gRPC backend from detection, with the given cert 5. Run nginx on port 443 as a TLS front to protect gRPC backend from detection, with the given cert
6. Only port 443 will be available for access from internet 6. Only port 443 will be available for access from internet
```shell ```shell
$ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d samuelhbne/server-xray \ $ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d samuelhbne/server-xray \
-c /opt/cert --ng-opt port=443,domain=mydomain.duckdns.org \ -c /opt/cert --ng-server port=443,domain=mydomain.duckdns.org \
--lpg port=65443,user=myid,service=gsvc \ --lgp port=65443,user=myid,service=gsvc \
--ng-proxy port=65443,location=/gsvc,network=grpc --ng-proxy port=65443,location=/gsvc,network=grpc
... ...
``` ```
#### gRPC connection verifying instructions #### Vless-gRPC-TLS connection verifying instructions
```shell ```shell
$ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --lsg \ $ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --lgt \
myid@mydomain.duckdns.org:443:gsvc myid@mydomain.duckdns.org:443:gsvc
$ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com $ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com
@@ -232,19 +236,19 @@ The following command will:
1. Assume to read TLS cert from /home/ubuntu/cert/domain*.duckdns.org/fullchain.cer 1. Assume to read TLS cert from /home/ubuntu/cert/domain*.duckdns.org/fullchain.cer
2. Assume to read private key from /home/ubuntu/cert/domain*.duckdns.org/domain*.duckdns.org.key 2. Assume to read private key from /home/ubuntu/cert/domain*.duckdns.org/domain*.duckdns.org.key
3. Assume domain0.duckdns.org and domain1.duckdns.org has been resolved to the current server 3. Assume domain0.duckdns.org and domain1.duckdns.org has been resolved to the current server
4. Run Vless+TCP+PLAN+gRPC service on port 55443, location /svc0, serve all domains 4. Run Vless-gRPC-PLAIN service on port 55443, location /svc0, serve all domains
5. Run Vless+TCP+PLAN+WebSocket service on port 53443, location /ws1, serve all domains 5. Run Vless-WebSocket-PLAIN service on port 53443, location /ws1, serve all domains
6. Run Trojan+TCP+PLAN+WebSocket service on port 51443, location /ws2, serve only domain1.duckdns.org 6. Run Trojan-WebSocket-PLAIN service on port 51443, location /ws2, serve only domain1.duckdns.org
7. Run nginx on port 443 as a TLS front with the given certs for 2 domains, proxy 3 services with 3 locations 7. Run nginx on port 443 as a TLS front with the given certs for 2 domains, proxy 3 services with 3 locations
8. Only port 443 will be available for access from internet 8. Only port 443 will be available for access from internet
```shell ```shell
$ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d samuelhbne/server-xray \ $ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d samuelhbne/server-xray \
-c /opt/cert \ -c /opt/cert \
--ng-opt p=443,d=domain0.duckdns.org,d=domain1.duckdns.org \ --lgp p=55443,u=myid0,s=svc0 \
--lpg p=55443,u=myid0,s=svc0 \ --lwp p=53443,u=myid1,w=/ws1 \
--lpw p=53443,u=myid1,w=/ws1 \ --twp p=51443,u=myid2,w=/ws2 \
--tpw p=51443,u=myid2,w=/ws2 \ --ng-server p=443,d=domain0.duckdns.org,d=domain1.duckdns.org \
--ng-proxy p=55443,l=/svc0,n=grpc \ --ng-proxy p=55443,l=/svc0,n=grpc \
--ng-proxy p=53443,l=/ws1,n=ws \ --ng-proxy p=53443,l=/ws1,n=ws \
--ng-proxy d=domain1.duckdns.org,p=51443,l=/ws2,n=ws --ng-proxy d=domain1.duckdns.org,p=51443,l=/ws2,n=ws
@@ -253,14 +257,17 @@ $ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d sam
### NOTE 4 ### NOTE 4
Only PLAN (NON-TLS) services (--lpg, --lpw, --mpw, -tpw) can be proxied by Nginx. Only PLAIN (NON-TLS) services (--lgp, --lwp, --mwp, -twp) can be proxied by Nginx.
NEVER EVER expose any plain services on internet directly. They are designed to be proxied by Nginx TLS front
hence all different transport portocols can be accessed with diffent web-path while only port 443 exposed via Nginx.
#### Multiple service connection verifying instructions #### Multiple service connection verifying instructions
```shell ```shell
$ docker run --name proxy-gsvc -p 1080:1080 -d samuelhbne/proxy-xray --lsg myid0@domain0.duckdns.org:443:/gsvc $ docker run --name proxy-gsvc -p 1080:1080 -d samuelhbne/proxy-xray --lgt myid0@domain0.duckdns.org:443:/gsvc
$ docker run --name proxy-vless -p 2080:1080 -d samuelhbne/proxy-xray --lsw myid1@domain1.duckdns.org:443:/ws1 $ docker run --name proxy-vless -p 2080:1080 -d samuelhbne/proxy-xray --lwt myid1@domain1.duckdns.org:443:/ws1
$ docker run --name proxy-trojan -p 3080:1080 -d samuelhbne/proxy-xray --tsw myid2@domain0.duckdns.org:443:/ws2 $ docker run --name proxy-trojan -p 3080:1080 -d samuelhbne/proxy-xray --twt myid2@domain0.duckdns.org:443:/ws2
$ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com $ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com
12.34.56.78 12.34.56.78
@@ -280,7 +287,7 @@ The following instruction start server-trojan in debug mode. Output Xray config
```shell ```shell
$ docker run --rm -p 80:80 -p 443:443 samuelhbne/server-xray \ $ docker run --rm -p 80:80 -p 443:443 samuelhbne/server-xray \
-k https://duckdns.org/update/mydomain/c9711c65-db21-4f8c-a790-2c32c93bde8c \ -k https://duckdns.org/update/mydomain/c9711c65-db21-4f8c-a790-2c32c93bde8c \
--msw d=mydomain.duckdns.org,u=myid,w=/websocket,f=microsoft.com:80 \ --mwt d=mydomain.duckdns.org,u=myid,w=/websocket,f=microsoft.com:80 \
-r mydomain.duckdns.org --debug -r mydomain.duckdns.org --debug
... ...
``` ```

5
run.sh
View File

@@ -13,9 +13,9 @@ usage() {
echo " --lsp <VLESS-SPLT-PLN option> p=14443,u=id1,u=id2...,w=/webpath" echo " --lsp <VLESS-SPLT-PLN option> p=14443,u=id1,u=id2...,w=/webpath"
echo " --lst <VLESS-SPLT-TLS option> p=16443,u=id1,u=id2...,w=/webpath,d=domain.com" echo " --lst <VLESS-SPLT-TLS option> p=16443,u=id1,u=id2...,w=/webpath,d=domain.com"
echo " --ltr <VLESS-TCP-RLTY option> p=17443,u=id1,u=id2...,d=dest.com,pub=xx,prv=yy[,shortId=ab],[xtls]" echo " --ltr <VLESS-TCP-RLTY option> p=17443,u=id1,u=id2...,d=dest.com,pub=xx,prv=yy[,shortId=ab],[xtls]"
echo " --ltrx <VLESS-TCP-RLTY option> p=17443,u=id1,u=id2...,d=dest.com,pub=xx,prv=yy[,shortId=ab]" echo " --ltrx <VLESS-TCP-RLTY-XTLS option> p=17443,u=id1,u=id2...,d=dest.com,pub=xx,prv=yy[,shortId=ab]"
echo " --ltt <VLESS-TCP-TLS option> p=18443,u=id1,u=id2...,d=domain.com,[xtls]" echo " --ltt <VLESS-TCP-TLS option> p=18443,u=id1,u=id2...,d=domain.com,[xtls]"
echo " --lttx <VLESS-TCP-TLS option> p=18443,u=id1,u=id2...,d=domain.com" echo " --lttx <VLESS-TCP-TLS-XTLS option> p=18443,u=id1,u=id2...,d=domain.com"
echo " --lwp <VLESS-WS-PLN option> p=19443,u=id1,u=id2...,w=/wskpath" echo " --lwp <VLESS-WS-PLN option> p=19443,u=id1,u=id2...,w=/wskpath"
echo " --lwt <VLESS-WS-TLS option> p=22443,u=id1,u=id2...,w=/wskpath,d=domain.com" echo " --lwt <VLESS-WS-TLS option> p=22443,u=id1,u=id2...,w=/wskpath,d=domain.com"
echo " --mtt <VMESS-TCP-TLS option> p=23443,u=id1,u=id2...,d=domain.com" echo " --mtt <VMESS-TCP-TLS option> p=23443,u=id1,u=id2...,d=domain.com"
@@ -186,6 +186,7 @@ fi
if [ -z "${SVCMD}" ]; then if [ -z "${SVCMD}" ]; then
echo "No Xray service creation found. Quit." echo "No Xray service creation found. Quit."
usage;
exit 1 exit 1
fi fi

4
server-lgr.sh
View File

@@ -85,8 +85,8 @@ if [ -z "${xconf}" ]; then
exit 1 exit 1
fi fi
if [ -z "${prvkey}" ] || [ -z "${pubkey}" ] ; then if [ -z "${prvkey}" ]; then
echo "Warning: PublicKey / PrivateKey undefined, Generated new..." echo "Warning: PrivateKey undefined, Generated new..."
kv=(`/usr/local/bin/xray x25519|cut -d ' ' -f3|tr ' '`) kv=(`/usr/local/bin/xray x25519|cut -d ' ' -f3|tr ' '`)
prvkey="${kv[0]}" prvkey="${kv[0]}"
pubkey="${kv[1]}" pubkey="${kv[1]}"

4
server-ltr.sh
View File

@@ -76,8 +76,8 @@ if [ -z "${xconf}" ]; then
exit 1 exit 1
fi fi
if [ -z "${prvkey}" ] || [ -z "${pubkey}" ] ; then if [ -z "${prvkey}" ]; then
echo "Warning: PublicKey / PrivateKey undefined, Generated new..." echo "Warning: PrivateKey undefined, Generated new..."
kv=(`/usr/local/bin/xray x25519|cut -d ' ' -f3|tr ' '`) kv=(`/usr/local/bin/xray x25519|cut -d ' ' -f3|tr ' '`)
prvkey="${kv[0]}" prvkey="${kv[0]}"
pubkey="${kv[1]}" pubkey="${kv[1]}"