From 344f035c4c237b81a36ce53847beb76dc1317b4b Mon Sep 17 00:00:00 2001
From: Samuel Huang <samuelh2006@gmail.com>
Date: Fri, 17 Sep 2021 12:45:25 +1000
Subject: [PATCH] README.md

---
 README.md | 140 +++++++++++++++++++++++++++---------------------------
 run.sh    |   4 +-
 2 files changed, 72 insertions(+), 72 deletions(-)

diff --git a/README.md b/README.md
index 98591d6..d72b612 100644
--- a/README.md
+++ b/README.md
@@ -4,52 +4,15 @@ Yet another unofficial [xray](https://github.com/XTLS/Xray-core) server containe
 
 ![docker-build](https://github.com/samuelhbne/server-xray/workflows/docker-buildx-latest/badge.svg)
 
-## [Optional] How to build server-xray docker image
-
-```shell
-$ git clone https://github.com/samuelhbne/server-xray.git
-$ cd server-xray
-$ docker build -t samuelhbne/server-xray -f Dockerfile.amd64 .
-...
-```
-
-### NOTE1
-
-Please replace "amd64" with the arch match the current box accordingly. Other supported platforms:
-
-- "arm64" for arm64v8 platforms. Support AWS A1, t4g instances as well as Raspberry Pi4 with 64bits OS like [Ubuntu arm64](https://ubuntu.com/download/raspberry-pi) or [Debian](https://raspi.debian.net/tested-images/).
-- "arm" for arm32v7 platforms. Support most Raspberry-Pi releases (Pi2, Pi3, Pi4) with 32bits OS like [Ubuntu armhf](https://ubuntu.com/download/raspberry-pi), [Debian](https://raspi.debian.net/tested-images/) or [Raspberry Pi OS](https://www.raspberrypi.org/software/operating-systems/).
-
-### NOTE2
-
-- arm32v6 (Pi1 and Pi-zero) users should build the docker images from source rather than run it directly, due to the known issue from upstream Alpine image. WIP.
-- arm32v5 platforms are not supported yet.
-
 ## How to start the container
 
-```shell
-$ docker run --rm samuelhbne/server-xray
-server-xray <server-options>
-    --ltx  <VLESS-TCP-XTLS option>        [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
-    --ltt  <VLESS-TCP-TLS option>         [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
-    --lttw <VLESS-TCP-TLS-WS option>      [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
-    --ltpw <VLESS-TCP-PLAIN-WS option>    [p=443,]u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
-    --lttg <VLESS-TCP-TLS-GRPC option>    [p=443,]d=domain.com,u=id[:level[:email]],s=/svcpath
-    --ltpg <VLESS-TCP-PLAIN-GRPC option>  [p=443,]u=id[:level[:email]],s=/svcpath
-    --mtt  <VMESS-TCP-TLS option>         [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
-    --mttw <VMESS-TCP-TLS-WS option>      [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
-    --mtpw <VMESS-TCP-PLAIN-WS option>    [p=443,]u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
-    --ttt  <TROJAN-TCP-TLS option>        [p=443,]d=domain.com,u=psw[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
-    --tttw <TROJAN-TCP-TLS-WS option>     [p=443,]d=domain.com,u=psw[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
-    --ttpw <TROJAN-TCP-PLAIN-WS option>   [p=443,]u=psw[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
-    --ng-opt <nginx-options>              [p=443,]d=domain.com
-    --ng-proxy <nginx-proxy-options>      [h=127.0.0.1,]p=8443,l=location,n=ws|grpc
-    -k|--hook <hook-url>                  [Optional] DDNS update or notifing URL to be hit
-    -r|--request-domain <domain-name>     [Optional] Domain name to request for letsencrypt cert
-    -c|--cert-path <cert-path-root>       [Optional] Reading TLS certs from folder <cert-path-root>/<domain-name>/
-    -i|--stdin                            [Optional] Read config from stdin instead of auto generation
-    -d|--debug                            [Optional] Start in debug mode with verbose output
+The following command will:
 
+1. Update DDNS record of mydomain.duckdns.org pointing the current host
+2. Request a new Lesencrypt TLS cert for this domain
+3. Start VLESS-TCP-XTLS server on port 443
+
+```shell
 $ docker run --name server-xray -p 80:80 -p 443:2443 -d samuelhbne/server-xray \
 --ltx p=2443,d=mydomain.duckdns.org,u=myid,f=:8080 \
 -k https://duckdns.org/update/mydomain/c9711c65-db21-4f8c-a790-2c32c93bde8c \
@@ -57,7 +20,7 @@ $ docker run --name server-xray -p 80:80 -p 443:2443 -d samuelhbne/server-xray \
 ...
 ```
 
-### NOTE3
+### NOTE 1
 
 - Please replace the port 443 (-p 443:2443) with the port number you choose for incoming connection.
 - Port 80 export (-p 80:80) is necessary for Letsencrypt cert requesting, so don't miss it.
@@ -72,29 +35,6 @@ Try to connect the server from Xray compatible mobile app like [v2rayNG](https:/
 ### Verifying server-xray connection with proxy-xray
 
 ```shell
-$ docker run --rm samuelhbne/proxy-xray
-proxy-xray <connection-options>
-    --ltx  <VLESS-TCP-XTLS option>     id@host:port[,s=sniname.org]
-    --ltt  <VLESS-TCP-TLS option>      id@host:port[,s=sniname.org]
-    --lttw <VLESS-TCP-TLS-WS option>   id@host:port:/webpath[,s=sniname.org]
-    --lttg <VLESS-TCP-TLS-GRPC option> id@host:port:/svcpath[,s=sniname.org]
-    --mtt  <VMESS-TCP-TLS option>      id@host:port[,s=sniname.org]
-    --mttw <VMESS-TCP-TLS-WS option>   id@host:port:/webpath[,s=sniname.org]
-    --ttt  <TROJAN-TCP-TLS option>     password@host:port[,s=sniname.org]
-    --tttw <TROJAN-TCP-TLS-WS option>  password@host:port:/webpath[,s=sniname.org]
-    -d|--debug                         [Optional] Start in debug mode with verbose output
-    -i|--stdin                         [Optional] Read config from stdin instead of auto generation
-    --dns <upstream-DNS-ip>            [Optional] Designated upstream DNS server IP, 1.1.1.1 will be applied by default
-    --dns-local-cn                     [Optional] Enable China-accessible domains to be resolved in China
-    --domain-direct <domain-rule>      [Optional] Add a domain rule for direct routing, likegeosite:geosite:geolocation-cn
-    --domain-proxy  <domain-rule>      [Optional] Add a domain rule for proxy routing, like twitter.com or geosite:google-cn
-    --domain-block  <domain-rule>      [Optional] Add a domain rule for block routing, like geosite:category-ads-all
-    --ip-direct     <ip-rule>          [Optional] Add a ip-addr rule for direct routing, like 114.114.114.114/32 or geoip:cn
-    --ip-proxy      <ip-rule>          [Optional] Add a ip-addr rule for proxy routing, like 1.1.1.1/32 or geoip:netflix
-    --ip-block      <ip-rule>          [Optional] Add a ip-addr rule for block routing, like geoip:private
-    --cn-direct                        [Optional] Add routing rules to avoid domains and IPs located in China being proxied
-    --rules-path    <rules-dir-path>   [Optional] Folder path contents geoip.dat, geosite.dat and other rule files
-
 $ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray \
 --ltx myid@mydomain.duckdns.org:443
 ...
@@ -103,7 +43,7 @@ $ curl -sSx socks5h://127.0.0.1:1080 http://ifconfig.co
 12.34.56.78
 ```
 
-### NOTE4
+### NOTE 2
 
 #### How it works
 
@@ -113,6 +53,32 @@ $ curl -sSx socks5h://127.0.0.1:1080 http://ifconfig.co
 - You should get the public IP address of server-xray if all go well.
 - Please have a look over the sibling project [proxy-xray](https://github.com/samuelhbne/proxy-xray) for more details.
 
+## Full usage
+
+```shell
+$ docker run --rm samuelhbne/server-xray
+server-xray <server-options>
+    --ltx  <VLESS-TCP-XTLS option>        [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
+    --ltt  <VLESS-TCP-TLS option>         [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
+    --lttw <VLESS-TCP-TLS-WS option>      [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
+    --ltpw <VLESS-TCP-PLAIN-WS option>    [p=443,]u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
+    --lttg <VLESS-TCP-TLS-GRPC option>    [p=443,]d=domain.com,u=id[:level[:email]],s=svcname
+    --ltpg <VLESS-TCP-PLAIN-GRPC option>  [p=443,]u=id[:level[:email]],s=svcname
+    --mtt  <VMESS-TCP-TLS option>         [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
+    --mttw <VMESS-TCP-TLS-WS option>      [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
+    --mtpw <VMESS-TCP-PLAIN-WS option>    [p=443,]u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
+    --ttt  <TROJAN-TCP-TLS option>        [p=443,]d=domain.com,u=psw[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
+    --tttw <TROJAN-TCP-TLS-WS option>     [p=443,]d=domain.com,u=psw[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
+    --ttpw <TROJAN-TCP-PLAIN-WS option>   [p=443,]u=psw[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
+    --ng-opt <nginx-options>              [p=443,]d=domain.com
+    --ng-proxy <nginx-proxy-options>      [h=127.0.0.1,]p=8443,l=location,n=ws|grpc
+    -k|--hook <hook-url>                  [Optional] DDNS update or notifing URL to be hit
+    -r|--request-domain <domain-name>     [Optional] Domain name to request for letsencrypt cert
+    -c|--cert-path <cert-path-root>       [Optional] Reading TLS certs from folder <cert-path-root>/<domain-name>/
+    -i|--stdin                            [Optional] Read config from stdin instead of auto generation
+    -d|--debug                            [Optional] Start in debug mode with verbose output
+```
+
 ## How to stop and remove the running container
 
 ```shell
@@ -133,7 +99,7 @@ The following command will:
 3. Create Vless+TLS+Websocket server on port 443 with the cert of domain1
 4. Create Trojan server on port 8443 with the cert of domain2 as fallback
 
-### NOTE5
+### NOTE 3
 
 Port 80 must be exported for TLS domain ownership verification
 
@@ -274,7 +240,7 @@ $ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d sam
 ...
 ```
 
-### NOTE6
+### NOTE 4
 
 Only PLAN (NON-TLS) services (--ltpg, --ltpw, --mtpw, -ttpw) can be proxied by Nginx.
 
@@ -307,3 +273,37 @@ $ docker run --rm -p 80:80 -p 443:443 samuelhbne/server-xray \
 -r mydomain.duckdns.org --debug
 ...
 ```
+
+## [Optional] Build server-xray docker image from source
+
+### Build the docker image matches the current host architecture
+
+```shell
+$ git clone https://github.com/samuelhbne/server-xray.git
+$ cd server-xray
+$ docker build -t samuelhbne/server-xray -f Dockerfile.amd64 .
+...
+```
+
+### NOTE 5
+
+Please replace "amd64" with the arch match the current box accordingly. Other supported platforms:
+
+- "arm64" for arm64v8 platforms. Support AWS A1, t4g instances as well as Raspberry Pi4 with 64bits OS like [Ubuntu arm64](https://ubuntu.com/download/raspberry-pi) or [Debian](https://raspi.debian.net/tested-images/).
+- "arm" for arm32v7 platforms. Support most Raspberry-Pi releases (Pi2, Pi3, Pi4) with 32bits OS like [Ubuntu armhf](https://ubuntu.com/download/raspberry-pi), [Debian](https://raspi.debian.net/tested-images/) or [Raspberry Pi OS](https://www.raspberrypi.org/software/operating-systems/).
+
+### NOTE 6
+
+- arm32v6 (Pi1 and Pi-zero) users should build the docker images from source rather than run it directly, due to the known issue from upstream Alpine image. WIP.
+- arm32v5 platforms are not supported yet.
+
+### Cross-compile docker image for the platforms with different architecture
+
+Please refer the [official doc](https://docs.docker.com/engine/reference/commandline/buildx_install/) for docker-buildx installation
+
+```shell
+docker buildx build --platform=linux/arm/v7 -t samuelhbne/proxy-xray:armv7 -f Dockerfile.arm .
+docker buildx build --platform=linux/arm/v6 -t samuelhbne/proxy-xray:armv6 -f Dockerfile.arm .
+docker buildx build --platform=linux/arm64 -t samuelhbne/proxy-xray:arm64 -f Dockerfile.arm64 .
+docker buildx build --platform=linux/amd64 -t samuelhbne/proxy-xray:amd64 -f Dockerfile.amd64 .
+```
diff --git a/run.sh b/run.sh
index e06a212..c575414 100755
--- a/run.sh
+++ b/run.sh
@@ -10,8 +10,8 @@ usage() {
     echo "    --ltt  <VLESS-TCP-TLS option>         [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]"
     echo "    --lttw <VLESS-TCP-TLS-WS option>      [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath"
     echo "    --ltpw <VLESS-TCP-PLAIN-WS option>    [p=443,]u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath"
-    echo "    --lttg <VLESS-TCP-TLS-GRPC option>    [p=443,]d=domain.com,u=id[:level[:email]],s=/svcpath"
-    echo "    --ltpg <VLESS-TCP-PLAIN-GRPC option>  [p=443,]u=id[:level[:email]],s=/svcpath"
+    echo "    --lttg <VLESS-TCP-TLS-GRPC option>    [p=443,]d=domain.com,u=id[:level[:email]],s=svcname"
+    echo "    --ltpg <VLESS-TCP-PLAIN-GRPC option>  [p=443,]u=id[:level[:email]],s=svcname"
     echo "    --mtt  <VMESS-TCP-TLS option>         [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]"
     echo "    --mttw <VMESS-TCP-TLS-WS option>      [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath"
     echo "    --mtpw <VMESS-TCP-PLAIN-WS option>    [p=443,]u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath"