diff --git a/Dockerfile b/Dockerfile index cd092dc..1360274 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,12 +9,17 @@ RUN git clone https://github.com/XTLS/Xray-core.git . && \ git checkout ${XRAYVER} && \ go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main +RUN cd /tmp; wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat +RUN cd /tmp; wget -c -t3 -T30 https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat + FROM nginx:stable-alpine3.20 ARG ACMEVER='2.9.0' COPY --from=builder /go/src/XTLS/Xray-core/xray /usr/local/bin/ +COPY --from=builder /tmp/geosite.dat /usr/local/bin/ +COPY --from=builder /tmp/geoip.dat /usr/local/bin/ RUN apk add --no-cache bash openssl curl socat jq moreutils libcap-setcap RUN cd /root; curl -sSL "https://github.com/acmesh-official/acme.sh/archive/refs/tags/${ACMEVER}.tar.gz"|tar zxvf - diff --git a/run.sh b/run.sh index c6336cc..66860b6 100755 --- a/run.sh +++ b/run.sh @@ -25,15 +25,20 @@ usage() { echo " --tpw [p=443,]u=psw[:level[:email]],w=/wspath" echo " --ng-opt [p=443,]d=domain0.com[,d=domain1.com][...]" echo " --ng-proxy [d=domain0.com,][d=domain1.com,][...][h=127.0.0.1,]p=port-backend,l=location,n=ws|grpc|splt" - echo " -u|--user u=id0[:level[:email]][,u=id1][...]" - echo " -k|--hook DDNS update or notifing URL to be hit" + echo " --domain-block Add a domain rule for routing block, like geosite:category-ads-all" + echo " --ip-block Add a ip-addr rule for routing block, like geoip:private" + echo " --cn-block Add routing rules to avoid domains and IPs located in China being proxied" + echo " -u|--user u=id0[:level[:email]][,u=id1][...]" + echo " -k|--hook DDNS update or notifing URL to be hit" echo " -r|--request-domain Domain name to request for letsencrypt cert" echo " -c|--cert-home Reading TLS certs from folder //" echo " -i|--stdin Read config from STDIN instead of auto generation" echo " -d|--debug Start in debug mode with verbose output" } -TEMP=`getopt -o u:k:r:c:di --long user:,hook:,request-domain:,cert-home:,lx:,ls:,ms:,ts:,lsg:,lss:,lsw:,msw:,tsw:,lpg:,lps:,lpw:,mpw:,tpw:,ng-opt:,ng-proxy:,stdin,debug -n "$0" -- $@` +Jrules='{"rules":[]}' + +TEMP=`getopt -o u:k:r:c:di --long user:,hook:,request-domain:,cert-home:,ip-block:,domain-block:,cn-block,lx:,ls:,ms:,ts:,lsg:,lss:,lsw:,msw:,tsw:,lpg:,lps:,lpw:,mpw:,tpw:,ng-opt:,ng-proxy:,stdin,debug -n "$0" -- $@` if [ $? != 0 ] ; then usage; exit 1 ; fi eval set -- "$TEMP" @@ -68,6 +73,25 @@ while true ; do SVCMD+=("${DIR}server-${SVC}.sh $2") shift 2 ;; + --domain-block) + Jrules=`echo "${Jrules}" | jq --arg blkdomain "$2" \ + '.rules += [{"type":"field", "outboundTag":"block", "domain":[$blkdomain]}]'` + shift 2 + ;; + --ip-block) + Jrules=`echo "${Jrules}" | jq --arg blkip "$2" \ + '.rules += [{"type":"field", "outboundTag":"block", "ip":[$blkip]}]'` + shift 2 + ;; + --cn-block) + Jrules=`echo "${Jrules}" | jq --arg igndomain "geosite:geolocation-cn" \ + '.rules += [{"type":"field", "outboundTag":"block", "domain":[$igndomain]}]'` + Jrules=`echo "${Jrules}" | jq --arg igndomain "geosite:cn" \ + '.rules += [{"type":"field", "outboundTag":"block", "domain":[$igndomain]}]'` + Jrules=`echo "${Jrules}" | jq --arg ignip "geoip:cn" \ + '.rules += [{"type":"field", "outboundTag":"block", "ip":[$ignip]}]'` + shift 1 + ;; --ng-opt) NGOPT+=("$2") shift 2 @@ -128,6 +152,11 @@ do xopt="$xopt,$uopt" done +# Add routing config +Jrouting='{"routing": {"domainStrategy":"AsIs"}}' +Jrouting=`echo "${Jrouting}" |jq --argjson jrules "${Jrules}" '.routing += $jrules'` +cat $XCONF| jq --argjson jrouting "${Jrouting}" '. += $jrouting' | sponge $XCONF + if [ -n "${SVCMD}" ]; then for svcmd in "${SVCMD[@]}" do