2gW94/server-xray
1
0
Fork 0
mirror of https://github.com/samuelhbne/server-xray.git synced 2025-12-17 04:14:40 +03:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

README.md

Browse Source
This commit is contained in:
Samuel Huang
2021-09-17 12:45:25 +10:00
parent b23d2e0d2b
commit 344f035c4c
2 changed files with 72 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
README.md
View File

@@ -4,52 +4,15 @@ Yet another unofficial [xray](https://github.com/XTLS/Xray-core) server containe
![docker-build](https://github.com/samuelhbne/server-xray/workflows/docker-buildx-latest/badge.svg)
## [Optional] How to build server-xray docker image
```shell
$ git clone https://github.com/samuelhbne/server-xray.git
$ cd server-xray
$ docker build -t samuelhbne/server-xray -f Dockerfile.amd64 .
...
```
### NOTE1
Please replace "amd64" with the arch match the current box accordingly. Other supported platforms:
- "arm64" for arm64v8 platforms. Support AWS A1, t4g instances as well as Raspberry Pi4 with 64bits OS like [Ubuntu arm64](https://ubuntu.com/download/raspberry-pi) or [Debian](https://raspi.debian.net/tested-images/).
- "arm" for arm32v7 platforms. Support most Raspberry-Pi releases (Pi2, Pi3, Pi4) with 32bits OS like [Ubuntu armhf](https://ubuntu.com/download/raspberry-pi), [Debian](https://raspi.debian.net/tested-images/) or [Raspberry Pi OS](https://www.raspberrypi.org/software/operating-systems/).
### NOTE2
- arm32v6 (Pi1 and Pi-zero) users should build the docker images from source rather than run it directly, due to the known issue from upstream Alpine image. WIP.
- arm32v5 platforms are not supported yet.
## How to start the container
```shell
$ docker run --rm samuelhbne/server-xray
server-xray <server-options>
--ltx <VLESS-TCP-XTLS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
--ltt <VLESS-TCP-TLS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
--lttw <VLESS-TCP-TLS-WS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
--ltpw <VLESS-TCP-PLAIN-WS option> [p=443,]u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
--lttg <VLESS-TCP-TLS-GRPC option> [p=443,]d=domain.com,u=id[:level[:email]],s=/svcpath
--ltpg <VLESS-TCP-PLAIN-GRPC option> [p=443,]u=id[:level[:email]],s=/svcpath
--mtt <VMESS-TCP-TLS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
--mttw <VMESS-TCP-TLS-WS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
--mtpw <VMESS-TCP-PLAIN-WS option> [p=443,]u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
--ttt <TROJAN-TCP-TLS option> [p=443,]d=domain.com,u=psw[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
--tttw <TROJAN-TCP-TLS-WS option> [p=443,]d=domain.com,u=psw[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
--ttpw <TROJAN-TCP-PLAIN-WS option> [p=443,]u=psw[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
--ng-opt <nginx-options> [p=443,]d=domain.com
--ng-proxy <nginx-proxy-options> [h=127.0.0.1,]p=8443,l=location,n=ws|grpc
-k|--hook <hook-url> [Optional] DDNS update or notifing URL to be hit
-r|--request-domain <domain-name> [Optional] Domain name to request for letsencrypt cert
-c|--cert-path <cert-path-root> [Optional] Reading TLS certs from folder <cert-path-root>/<domain-name>/
-i|--stdin [Optional] Read config from stdin instead of auto generation
-d|--debug [Optional] Start in debug mode with verbose output
The following command will:
1. Update DDNS record of mydomain.duckdns.org pointing the current host
2. Request a new Lesencrypt TLS cert for this domain
3. Start VLESS-TCP-XTLS server on port 443
```shell
$ docker run --name server-xray -p 80:80 -p 443:2443 -d samuelhbne/server-xray \
--ltx p=2443,d=mydomain.duckdns.org,u=myid,f=:8080 \
-k https://duckdns.org/update/mydomain/c9711c65-db21-4f8c-a790-2c32c93bde8c \
@@ -57,7 +20,7 @@ $ docker run --name server-xray -p 80:80 -p 443:2443 -d samuelhbne/server-xray \
...
```
### NOTE3
### NOTE 1
- Please replace the port 443 (-p 443:2443) with the port number you choose for incoming connection.
- Port 80 export (-p 80:80) is necessary for Letsencrypt cert requesting, so don't miss it.
@@ -72,29 +35,6 @@ Try to connect the server from Xray compatible mobile app like [v2rayNG](https:/
### Verifying server-xray connection with proxy-xray
```shell
$ docker run --rm samuelhbne/proxy-xray
proxy-xray <connection-options>
--ltx <VLESS-TCP-XTLS option> id@host:port[,s=sniname.org]
--ltt <VLESS-TCP-TLS option> id@host:port[,s=sniname.org]
--lttw <VLESS-TCP-TLS-WS option> id@host:port:/webpath[,s=sniname.org]
--lttg <VLESS-TCP-TLS-GRPC option> id@host:port:/svcpath[,s=sniname.org]
--mtt <VMESS-TCP-TLS option> id@host:port[,s=sniname.org]
--mttw <VMESS-TCP-TLS-WS option> id@host:port:/webpath[,s=sniname.org]
--ttt <TROJAN-TCP-TLS option> password@host:port[,s=sniname.org]
--tttw <TROJAN-TCP-TLS-WS option> password@host:port:/webpath[,s=sniname.org]
-d|--debug [Optional] Start in debug mode with verbose output
-i|--stdin [Optional] Read config from stdin instead of auto generation
--dns <upstream-DNS-ip> [Optional] Designated upstream DNS server IP, 1.1.1.1 will be applied by default
--dns-local-cn [Optional] Enable China-accessible domains to be resolved in China
--domain-direct <domain-rule> [Optional] Add a domain rule for direct routing, likegeosite:geosite:geolocation-cn
--domain-proxy <domain-rule> [Optional] Add a domain rule for proxy routing, like twitter.com or geosite:google-cn
--domain-block <domain-rule> [Optional] Add a domain rule for block routing, like geosite:category-ads-all
--ip-direct <ip-rule> [Optional] Add a ip-addr rule for direct routing, like 114.114.114.114/32 or geoip:cn
--ip-proxy <ip-rule> [Optional] Add a ip-addr rule for proxy routing, like 1.1.1.1/32 or geoip:netflix
--ip-block <ip-rule> [Optional] Add a ip-addr rule for block routing, like geoip:private
--cn-direct [Optional] Add routing rules to avoid domains and IPs located in China being proxied
--rules-path <rules-dir-path> [Optional] Folder path contents geoip.dat, geosite.dat and other rule files
$ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray \
--ltx myid@mydomain.duckdns.org:443
...
@@ -103,7 +43,7 @@ $ curl -sSx socks5h://127.0.0.1:1080 http://ifconfig.co
12.34.56.78
```
### NOTE4
### NOTE 2
#### How it works
@@ -113,6 +53,32 @@ $ curl -sSx socks5h://127.0.0.1:1080 http://ifconfig.co
- You should get the public IP address of server-xray if all go well.
- Please have a look over the sibling project [proxy-xray](https://github.com/samuelhbne/proxy-xray) for more details.
## Full usage
```shell
$ docker run --rm samuelhbne/server-xray
server-xray <server-options>
--ltx <VLESS-TCP-XTLS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
--ltt <VLESS-TCP-TLS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
--lttw <VLESS-TCP-TLS-WS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
--ltpw <VLESS-TCP-PLAIN-WS option> [p=443,]u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
--lttg <VLESS-TCP-TLS-GRPC option> [p=443,]d=domain.com,u=id[:level[:email]],s=svcname
--ltpg <VLESS-TCP-PLAIN-GRPC option> [p=443,]u=id[:level[:email]],s=svcname
--mtt <VMESS-TCP-TLS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
--mttw <VMESS-TCP-TLS-WS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
--mtpw <VMESS-TCP-PLAIN-WS option> [p=443,]u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
--ttt <TROJAN-TCP-TLS option> [p=443,]d=domain.com,u=psw[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]
--tttw <TROJAN-TCP-TLS-WS option> [p=443,]d=domain.com,u=psw[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
--ttpw <TROJAN-TCP-PLAIN-WS option> [p=443,]u=psw[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath
--ng-opt <nginx-options> [p=443,]d=domain.com
--ng-proxy <nginx-proxy-options> [h=127.0.0.1,]p=8443,l=location,n=ws|grpc
-k|--hook <hook-url> [Optional] DDNS update or notifing URL to be hit
-r|--request-domain <domain-name> [Optional] Domain name to request for letsencrypt cert
-c|--cert-path <cert-path-root> [Optional] Reading TLS certs from folder <cert-path-root>/<domain-name>/
-i|--stdin [Optional] Read config from stdin instead of auto generation
-d|--debug [Optional] Start in debug mode with verbose output
```
## How to stop and remove the running container
```shell
@@ -133,7 +99,7 @@ The following command will:
3. Create Vless+TLS+Websocket server on port 443 with the cert of domain1
4. Create Trojan server on port 8443 with the cert of domain2 as fallback
### NOTE5
### NOTE 3
Port 80 must be exported for TLS domain ownership verification
@@ -274,7 +240,7 @@ $ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d sam
...
```
### NOTE6
### NOTE 4
Only PLAN (NON-TLS) services (--ltpg, --ltpw, --mtpw, -ttpw) can be proxied by Nginx.
@@ -307,3 +273,37 @@ $ docker run --rm -p 80:80 -p 443:443 samuelhbne/server-xray \
-r mydomain.duckdns.org --debug
...
```
## [Optional] Build server-xray docker image from source
### Build the docker image matches the current host architecture
```shell
$ git clone https://github.com/samuelhbne/server-xray.git
$ cd server-xray
$ docker build -t samuelhbne/server-xray -f Dockerfile.amd64 .
...
```
### NOTE 5
Please replace "amd64" with the arch match the current box accordingly. Other supported platforms:
- "arm64" for arm64v8 platforms. Support AWS A1, t4g instances as well as Raspberry Pi4 with 64bits OS like [Ubuntu arm64](https://ubuntu.com/download/raspberry-pi) or [Debian](https://raspi.debian.net/tested-images/).
- "arm" for arm32v7 platforms. Support most Raspberry-Pi releases (Pi2, Pi3, Pi4) with 32bits OS like [Ubuntu armhf](https://ubuntu.com/download/raspberry-pi), [Debian](https://raspi.debian.net/tested-images/) or [Raspberry Pi OS](https://www.raspberrypi.org/software/operating-systems/).
### NOTE 6
- arm32v6 (Pi1 and Pi-zero) users should build the docker images from source rather than run it directly, due to the known issue from upstream Alpine image. WIP.
- arm32v5 platforms are not supported yet.
### Cross-compile docker image for the platforms with different architecture
Please refer the [official doc](https://docs.docker.com/engine/reference/commandline/buildx_install/) for docker-buildx installation
```shell
docker buildx build --platform=linux/arm/v7 -t samuelhbne/proxy-xray:armv7 -f Dockerfile.arm .
docker buildx build --platform=linux/arm/v6 -t samuelhbne/proxy-xray:armv6 -f Dockerfile.arm .
docker buildx build --platform=linux/arm64 -t samuelhbne/proxy-xray:arm64 -f Dockerfile.arm64 .
docker buildx build --platform=linux/amd64 -t samuelhbne/proxy-xray:amd64 -f Dockerfile.amd64 .
```

4
run.sh
View File

@@ -10,8 +10,8 @@ usage() {
echo " --ltt <VLESS-TCP-TLS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]"
echo " --lttw <VLESS-TCP-TLS-WS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath"
echo " --ltpw <VLESS-TCP-PLAIN-WS option> [p=443,]u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath"
echo " --lttg <VLESS-TCP-TLS-GRPC option> [p=443,]d=domain.com,u=id[:level[:email]],s=/svcpath"
echo " --ltpg <VLESS-TCP-PLAIN-GRPC option> [p=443,]u=id[:level[:email]],s=/svcpath"
echo " --lttg <VLESS-TCP-TLS-GRPC option> [p=443,]d=domain.com,u=id[:level[:email]],s=svcname"
echo " --ltpg <VLESS-TCP-PLAIN-GRPC option> [p=443,]u=id[:level[:email]],s=svcname"
echo " --mtt <VMESS-TCP-TLS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]]"
echo " --mttw <VMESS-TCP-TLS-WS option> [p=443,]d=domain.com,u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath"
echo " --mtpw <VMESS-TCP-PLAIN-WS option> [p=443,]u=id[:level[:email]][,f=[fb-host]:fb-port:[fb-path]],w=/webpath"