Răsfoiți Sursa

Add Serverless-for-Iran (#213)

Co-authored-by: RPRX <[email protected]>
patterniha 7 luni în urmă
părinte
comite
0815c1d30a

+ 24 - 0
Serverless-for-Iran/README.md

@@ -0,0 +1,24 @@
+# Access almost all websites & services directly, for every person in Iran
+
+**Configs here can not contain "bypassing sanctions" contents (inappropriate on US GitHub)**
+
+**Please join the official Xray Iranian group https://t.me/projectXhttp to get the whole working configs**
+
+# Serverless for Iran
+
+bypass censorship using fragment and noise.
+
+it doesn't change the IP, so it is not suitable for anonymity and websites that have sanctioned Iran.
+
+# Serverless with MitM-Domain-Fronting for Iran (Xray-core v25.2.21+)
+
+same as "serverless for Iran" but using h2c(doh domain fronting) for dns and MitM for these services that support domain fronting:
+* youtube
+* x
+* reddit
+* meta (facebook, instagram, ...)
+
+(This list will be updated)
+
+you need a self-signed-certificate: you can create with "./xray tls cert -ca -file=mycert" command.
+also, the certificate must be imported into "Trusted-Root-Certification-Authorities" of system/browser.

+ 175 - 0
Serverless-for-Iran/serverless_for_Iran.jsonc

@@ -0,0 +1,175 @@
+// Configs here can not contain "bypassing sanctions" contents (inappropriate on US GitHub)
+// Please join the official Xray Iranian group https://t.me/projectXhttp to get the whole working configs
+
+// Serverless for Iran v1
+// Xray-core v25.2.21+
+
+
+{
+  "log": {
+    "loglevel": "warning", "dnsLog": false, "access": "none"
+  },
+
+  "dns":{
+    "hosts": {
+      "geosite:category-ads-all": ["10.10.34.36", "2001:4188:2:600:10:10:34:36"],
+      "dns.cloudflare.com": "cloudflare.com"
+    },
+    "servers": [
+      "https://dns.cloudflare.com/dns-query",
+      {"address": "localhost", "domains": ["geosite:private", "geosite:category-ir", "full:cloudflare.com"]}
+    ],
+    "tag": "dns-query",
+    "disableFallback": true
+  },
+  
+  "inbounds": [
+    {
+      "tag": "dns-in",
+      "port": 10853,
+      "protocol": "dokodemo-door",
+      "settings": {
+        "address": "1.1.1.1",
+        "port": 53,
+        "network": "tcp,udp"        
+      }      
+    },
+    {
+      "tag": "socks-in",
+      "port": 10808,
+      "protocol": "socks",
+      "sniffing": {
+        "enabled": true,
+        "destOverride": ["http", "tls", "quic"],
+        "routeOnly": false
+      },
+      "settings": {"udp": true}
+    }   
+  ],
+
+  "outbounds": [    
+    {
+      "tag": "block",
+      "protocol": "blackhole"      
+    },
+    {
+      "tag": "direct",
+      "protocol": "freedom",      
+      "settings": {"domainStrategy": "ForceIP"}
+    },    
+    {
+      "tag": "dns-out",
+      "protocol": "dns",      
+      "settings": {"nonIPQuery": "skip", "network": "tcp", "address": "1.1.1.1", "port": 53},
+      "streamSettings": {
+        "sockopt": {
+          "dialerProxy": "chain1-fragment"
+        }
+      }
+    },
+    {
+      "tag": "super-fragment",
+      "protocol": "freedom",
+      "settings": {
+        "fragment": {
+          "packets": "tlshello",
+          "length": "6",
+          "interval": "0"
+        }
+      },
+      "streamSettings": {
+        "sockopt": {
+          "dialerProxy": "chain1-fragment"
+        }
+      }            
+    },
+    {
+      "tag": "chain1-fragment",
+      "protocol": "freedom",
+      "settings": {
+        "fragment": {
+          "packets": "1-3",
+          "length": "517",
+          "interval": "1"
+        }
+      },
+      "streamSettings": {
+        "sockopt": {
+          "dialerProxy": "chain2-fragment"
+        }
+      }            
+    },                          
+    {
+      "tag": "chain2-fragment",
+      "protocol": "freedom",
+      "settings": {
+        "domainStrategy": "ForceIP",
+        "fragment": {
+          "packets": "1-1",
+          "length": "1",
+          "interval": "2"
+        }
+      },
+      "streamSettings": {
+        "sockopt": {
+          "tcpNoDelay": true
+        }
+      }
+    },
+    {
+      "tag": "udp-noises",
+      "protocol": "freedom",
+      "settings": {
+        "domainStrategy": "ForceIP",
+        "noises": [
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "10"}
+        ]
+      }            
+    }          
+  ],
+
+  "routing": {
+    "domainStrategy": "IPOnDemand",
+    "rules": [                  
+      {"outboundTag": "dns-out",
+       "inboundTag": ["dns-in"]
+      },
+      {"outboundTag": "dns-out",
+       "inboundTag": ["socks-in"], "port": 53
+      },
+      {"outboundTag": "chain1-fragment",  // or "super-fragment"
+       "inboundTag": ["dns-query"]
+      },
+      {"outboundTag": "block",
+       "domain": ["geosite:category-ads-all"]
+      },
+      {"outboundTag": "block",
+       "ip": ["10.10.34.0/24", "2001:4188:2:600:10:10:34:36", "2001:4188:2:600:10:10:34:35"]
+      },           
+      {"outboundTag": "direct",
+       "domain": ["geosite:private", "geosite:category-ir"]
+      },      
+      {"outboundTag": "direct",
+       "ip": ["geoip:private", "geoip:ir"]
+      },                                                         	                                                        
+      {"outboundTag": "udp-noises",
+       "network": "udp"
+      },
+      {"outboundTag": "chain1-fragment",  // or "super-fragment"
+       "network": "tcp"
+      }
+    ]
+  }
+}

+ 326 - 0
Serverless-for-Iran/serverless_with_mitm_for_Iran.jsonc

@@ -0,0 +1,326 @@
+// Configs here can not contain "bypassing sanctions" contents (inappropriate on US GitHub)
+// Please join the official Xray Iranian group https://t.me/projectXhttp to get the whole working configs
+
+// Serverless with MitM-Domain-Fronting for Iran v1
+// Xray-core v25.2.21+
+
+// Requires a self-signed-certificate: you can create it using "./xray tls cert -ca -file=mycert" command
+// also, the certificate must be imported into "Trusted-Root-Certification-Authorities" of system/browser
+
+
+{
+  "log": {
+    "loglevel": "warning", "dnsLog": false, "access": "none"
+  },
+
+  "dns":{
+    "hosts": {
+      "geosite:category-ads-all": ["10.10.34.36", "2001:4188:2:600:10:10:34:36"]
+    },
+    "servers": [
+      "h2c://1.1.1.1/dns-query",
+      {"address": "localhost", "domains": ["geosite:private", "geosite:category-ir"]}
+    ],
+    "tag": "dns-query",
+    "disableFallback": true
+  },
+  
+  "inbounds": [
+    {
+      "tag": "dns-in",
+      "port": 10853,
+      "protocol": "dokodemo-door",
+      "settings": {
+        "address": "1.1.1.1",
+        "port": 53,
+        "network": "tcp,udp"        
+      }      
+    },
+    {
+      "tag": "socks-in",
+      "port": 10808,
+      "protocol": "socks",
+      "sniffing": {
+        "enabled": true,
+        "destOverride": ["http", "tls", "quic"],
+        "routeOnly": false
+      },
+      "settings": {"udp": true}
+    },
+    {
+      "port": 4431,
+      "tag": "tls-decrypt-h11",
+      "protocol": "dokodemo-door",
+      "settings": {
+        "network": "tcp",
+        "port": 443,
+        "followRedirect": true
+      },
+      "streamSettings": {
+        "security": "tls",
+        "tlsSettings": {
+          "alpn": ["http/1.1"],
+          "certificates": [
+            {
+              "usage": "issue",
+              "certificateFile": "mycert.crt",  // certificate path
+              "keyFile": "mycert.key"  // private-key path
+            }
+          ]
+        }
+      }
+    },
+    {
+      "port": 4432,
+      "tag": "tls-decrypt-h211",
+      "protocol": "dokodemo-door",
+      "settings": {
+        "network": "tcp",
+        "port": 443,
+        "followRedirect": true
+      },
+      "streamSettings": {
+        "security": "tls",
+        "tlsSettings": {
+          "alpn": ["h2","http/1.1"],
+          "certificates": [
+            {
+              "usage": "issue",
+              "certificateFile": "mycert.crt",  // certificate path
+              "keyFile": "mycert.key"  // private-key path
+            }
+          ]
+        }
+      }
+    }
+  ],
+
+  "outbounds": [    
+    {
+      "tag": "block",
+      "protocol": "blackhole"      
+    },
+    {
+      "tag": "direct",
+      "protocol": "freedom",      
+      "settings": {"domainStrategy": "ForceIP"}
+    },
+    {
+      "tag": "redirect-out-h11",
+      "protocol": "freedom",
+      "settings": {
+        "redirect": "127.0.0.1:4431"
+      }
+    },
+    {
+      "tag": "redirect-out-h211",
+      "protocol": "freedom",
+      "settings": {
+        "redirect": "127.0.0.1:4432"
+      }
+    },
+    {
+      "tag": "tls-repack-dns",
+      "protocol": "freedom",      
+      "settings": {"domainStrategy": "ForceIP"},
+      "streamSettings": {      
+        "security": "tls",
+        "tlsSettings": {
+          "serverName": "www.bing.com",
+          "verifyPeerCertInNames": ["fromMitM", "www.bing.com"],
+          "alpn": ["fromMitM"],
+          "fingerprint": "chrome"
+        }
+      }              
+    },
+    {
+      "tag": "tls-repack-google",
+      "protocol": "freedom",      
+      "settings": {"domainStrategy": "ForceIP"},
+      "streamSettings": {      
+        "security": "tls",
+        "tlsSettings": {
+          "serverName": "www.google.com",
+          "verifyPeerCertInNames": ["fromMitM", "www.google.com", "dns.google", "www.googlevideo.com", "www.youtube.com"],
+          "alpn": ["fromMitM"],
+          "fingerprint": "chrome"
+        }
+      }              
+    },
+    {
+      "tag": "tls-repack-meta",
+      "protocol": "freedom",      
+      "settings": {"domainStrategy": "ForceIP"},
+      "streamSettings": {      
+        "security": "tls",
+        "tlsSettings": {
+          "serverName": "www.whatsapp.com",
+          "verifyPeerCertInNames": ["fromMitM", "www.whatsapp.com", "www.facebook.com", "www.ar.meta.com", "www.fb.com", "www.whatsapp.net", "www.atlassolutions.com", "www.secure.facebook.com", "www.extern.facebook.com", "www.internet.org", "www.oculus.com", "www.wit.ai", "www.facebook-dns.com", "www.instagram.com", "www.meta.com", "www.external-disputes.meta.com", "www.fbe2e.com", "www.cloud.x2p.facebook.net", "www.secure.latest.facebook.com"],
+          "alpn": ["fromMitM"],
+          "fingerprint": "chrome"
+        }
+      }              
+    },
+    {
+      "tag": "tls-repack-fastly",
+      "protocol": "freedom",      
+      "settings": {"domainStrategy": "ForceIP"},
+      "streamSettings": {      
+        "security": "tls",
+        "tlsSettings": {
+          "serverName": "www.fastly.com",
+          "verifyPeerCertInNames": ["fromMitM", "www.fastly.com", "www.reddit.com", "x.com"],
+          "alpn": ["fromMitM"],
+          "fingerprint": "chrome"
+        }
+      }              
+    },    
+    {
+      "tag": "dns-out",
+      "protocol": "dns",      
+      "settings": {"nonIPQuery": "skip", "network": "tcp", "address": "1.1.1.1", "port": 53},
+      "streamSettings": {
+        "sockopt": {
+          "dialerProxy": "chain1-fragment"
+        }
+      }
+    },
+    {
+      "tag": "super-fragment",
+      "protocol": "freedom",
+      "settings": {
+        "fragment": {
+          "packets": "tlshello",
+          "length": "6",
+          "interval": "0"
+        }
+      },
+      "streamSettings": {
+        "sockopt": {
+          "dialerProxy": "chain1-fragment"
+        }
+      }            
+    },
+    {
+      "tag": "chain1-fragment",
+      "protocol": "freedom",
+      "settings": {
+        "fragment": {
+          "packets": "1-3",
+          "length": "517",
+          "interval": "1"
+        }
+      },
+      "streamSettings": {
+        "sockopt": {
+          "dialerProxy": "chain2-fragment"
+        }
+      }            
+    },                          
+    {
+      "tag": "chain2-fragment",
+      "protocol": "freedom",
+      "settings": {
+        "domainStrategy": "ForceIP",
+        "fragment": {
+          "packets": "1-1",
+          "length": "1",
+          "interval": "2"
+        }
+      },
+      "streamSettings": {
+        "sockopt": {
+          "tcpNoDelay": true
+        }
+      }
+    },
+    {
+      "tag": "udp-noises",
+      "protocol": "freedom",
+      "settings": {
+        "domainStrategy": "ForceIP",
+        "noises": [
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "1"},
+          {"type": "rand", "packet": "257-507", "delay": "1"}, {"type": "rand", "packet": "257-507", "delay": "10"}
+        ]
+      }            
+    }          
+  ],
+
+  "routing": {
+    "domainStrategy": "IPOnDemand",
+    "rules": [                  
+      {"outboundTag": "dns-out",
+       "inboundTag": ["dns-in"]
+      },
+      {"outboundTag": "dns-out",
+       "inboundTag": ["socks-in"], "port": 53
+      },
+      {"outboundTag": "tls-repack-dns",
+       "inboundTag": ["dns-query"]
+      },
+      {"outboundTag": "block",
+       "domain": ["geosite:category-ads-all"]
+      },
+      {"outboundTag": "block",
+       "ip": ["10.10.34.0/24", "2001:4188:2:600:10:10:34:36", "2001:4188:2:600:10:10:34:35"]
+      },           
+      {"outboundTag": "direct",
+       "domain": ["geosite:private", "geosite:category-ir"]
+      },      
+      {"outboundTag": "direct",
+       "ip": ["geoip:private", "geoip:ir"]
+      },
+      {"outboundTag": "chain1-fragment",  // or "super-fragment"
+       "inboundTag": ["socks-in"],
+       "network": "tcp",
+       "ip": ["geoip:cloudflare", "geoip:cloudfront"]
+      },
+      {
+        "outboundTag": "redirect-out-h11",
+        "inboundTag": ["socks-in"],
+        "network": "tcp",
+        "protocol": ["tls"],
+        "port": 443,
+        "domain": ["domain:googlevideo.com"]
+      },
+      {
+        "outboundTag": "redirect-out-h211",
+        "inboundTag": ["socks-in"],
+        "network": "tcp",
+        "protocol": ["tls"],
+        "port": 443,
+        "domain": ["geosite:youtube", "geosite:x", "geosite:reddit", "geosite:meta"]       
+      },
+      {"outboundTag": "tls-repack-google",
+       "domain": ["geosite:youtube", "domain:googlevideo.com"],
+       "inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
+      },
+      {"outboundTag": "tls-repack-meta",
+       "domain": ["geosite:meta"],
+       "inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
+      },
+      {"outboundTag": "tls-repack-fastly",
+       "domain": ["geosite:x", "geosite:reddit"],
+       "inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
+      },                                                         	                                                        
+      {"outboundTag": "udp-noises",
+       "network": "udp"
+      },
+      {"outboundTag": "chain1-fragment",  // or "super-fragment"
+       "network": "tcp"
+      }
+    ]
+  }
+}