Apq
/
Xray-examples
peilaus alkaen https://github.com/XTLS/Xray-examples.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347
							// Configs here can not contain "bypassing sanctions" contents (inappropriate on US GitHub)
// Please join the official Xray Iranian group https://t.me/projectXhttp to get the whole working configs

// Serverless with MitM-Domain-Fronting for Iran v4
// Xray-core v25.2.21+

// Requires a self-signed-certificate: You can create it using "./xray tls cert -ca -file=mycert" command.
// Also, the certificate must be imported into "Trusted-Root-Certification-Authorities" of system/browser.


{
  "log": {
    "loglevel": "warning", "dnsLog": false, "access": "none"
  },

  "dns":{
    "hosts": {
      "geosite:category-ads-all": ["10.10.34.36", "2001:4188:2:600:10:10:34:36"]
    },
    "servers": [
      "h2c://1.1.1.1/dns-query",
      {"address": "localhost", "domains": ["geosite:private", "geosite:category-ir"]}
    ],
    "tag": "dns-query",
    "disableFallback": true
  },
  
  "inbounds": [
    {
      "tag": "dns-in",
      "port": 10853,
      "protocol": "dokodemo-door",
      "settings": {
        "address": "1.1.1.1",
        "port": 53,
        "network": "tcp,udp"        
      }      
    },
    {
      "tag": "socks-in",
      "port": 10808,
      "protocol": "socks",
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"],
        "routeOnly": false
      },
      "settings": {"udp": true}
    },
    {
      "port": 4431,
      "tag": "tls-decrypt-h11",
      "protocol": "dokodemo-door",
      "settings": {
        "network": "tcp",
        "port": 443,
        "followRedirect": true
      },
      "streamSettings": {
        "security": "tls",
        "tlsSettings": {
          "alpn": ["http/1.1"],
          "certificates": [
            {
              "usage": "issue",
              "certificateFile": "mycert.crt",  // certificate path
              "keyFile": "mycert.key"  // private-key path
            }
          ]
        }
      }
    },
    {
      "port": 4432,
      "tag": "tls-decrypt-h211",
      "protocol": "dokodemo-door",
      "settings": {
        "network": "tcp",
        "port": 443,
        "followRedirect": true
      },
      "streamSettings": {
        "security": "tls",
        "tlsSettings": {
          "alpn": ["h2","http/1.1"],
          "certificates": [
            {
              "usage": "issue",
              "certificateFile": "mycert.crt",  // certificate path
              "keyFile": "mycert.key"  // private-key path
            }
          ]
        }
      }
    }
  ],

  "outbounds": [    
    {
      "tag": "block",
      "protocol": "blackhole"      
    },
    {
      "tag": "direct",
      "protocol": "freedom",      
      "settings": {"domainStrategy": "ForceIP"}
    },
    {
      "tag": "redirect-out-h11",
      "protocol": "freedom",
      "settings": {
        "redirect": "[::1]:4431"
      }
    },
    {
      "tag": "redirect-out-h211",
      "protocol": "freedom",
      "settings": {
        "redirect": "[::1]:4432"
      }
    },
    {
      "tag": "tls-repack-dns",
      "protocol": "freedom",      
      "settings": {"domainStrategy": "ForceIP"},
      "streamSettings": {      
        "security": "tls",
        "tlsSettings": {
          "serverName": "www.microsoft.com",
          "verifyPeerCertInNames": ["fromMitM", "www.microsoft.com"],
          "alpn": ["fromMitM"],
          "fingerprint": "chrome"
        }
      }              
    },
    {
      "tag": "tls-repack-google",
      "protocol": "freedom",      
      "settings": {"domainStrategy": "ForceIP"},
      "streamSettings": {      
        "security": "tls",
        "tlsSettings": {
          "serverName": "www.google.com",
          "verifyPeerCertInNames": ["fromMitM", "www.google.com", "dns.google", "www.googlevideo.com", "www.youtube.com"],
          "alpn": ["fromMitM"],
          "fingerprint": "chrome"
        }
      }              
    },
    {
      "tag": "tls-repack-meta",
      "protocol": "freedom",      
      "settings": {"domainStrategy": "ForceIP"},
      "streamSettings": {      
        "security": "tls",
        "tlsSettings": {
          "serverName": "www.whatsapp.com",
          "verifyPeerCertInNames": ["fromMitM", "www.whatsapp.com", "www.facebook.com", "www.ar.meta.com", "www.fb.com", "www.whatsapp.net", "www.atlassolutions.com", "www.secure.facebook.com", "www.extern.facebook.com", "www.internet.org", "www.oculus.com", "www.wit.ai", "www.facebook-dns.com", "www.instagram.com", "www.meta.com", "www.external-disputes.meta.com", "www.fbe2e.com", "www.cloud.x2p.facebook.net", "www.secure.latest.facebook.com"],
          "alpn": ["fromMitM"],
          "fingerprint": "chrome"
        }
      }              
    },
    {
      "tag": "tls-repack-fastly",
      "protocol": "freedom",      
      "settings": {"domainStrategy": "ForceIP"},
      "streamSettings": {      
        "security": "tls",
        "tlsSettings": {
          "serverName": "www.fastly.com",
          "verifyPeerCertInNames": ["fromMitM", "www.fastly.com", "www.reddit.com", "x.com"],
          "alpn": ["fromMitM"],
          "fingerprint": "chrome"
        }
      }              
    },    
    {
      "tag": "dns-out",
      "protocol": "dns",      
      "settings": {"nonIPQuery": "skip", "network": "tcp", "address": "1.1.1.1", "port": 53},
      "streamSettings": {
        "sockopt": {
          "dialerProxy": "chain1-fragment"
        }
      }
    },
    {
      "tag": "super-fragment",
      "protocol": "freedom",
      "settings": {
        "fragment": {
          "packets": "tlshello",
          "length": "6",
          "interval": "0"
        }
      },
      "streamSettings": {
        "sockopt": {
          "dialerProxy": "chain1-fragment"
        }
      }            
    },
    {
      "tag": "chain1-fragment",
      "protocol": "freedom",
      "settings": {
        "fragment": {
          "packets": "1-3",
          "length": "517",
          "interval": "1"
        }
      },
      "streamSettings": {
        "sockopt": {
          "dialerProxy": "chain2-fragment"
        }
      }            
    },                          
    {
      "tag": "chain2-fragment",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "ForceIP",
        "fragment": {
          "packets": "1-1",
          "length": "1",
          "interval": "2"
        }
      }
    },
    {
      "tag": "udp-noisesv4",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "ForceIPv4",
        "noises": [
          {"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
          {"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
          {"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
          {"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
          {"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
          {"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
          {"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
          {"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
          {"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
          {"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
          {"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"},
          {"type": "rand", "packet": "1250", "delay": "10"}, {"type": "rand", "packet": "1250", "delay": "10"}
        ]
      }            
    },
    {
      "tag": "udp-noisesv6",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "ForceIPv6",
        "noises": [
          {"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
          {"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
          {"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
          {"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
          {"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
          {"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
          {"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
          {"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
          {"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
          {"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
          {"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"},
          {"type": "rand", "packet": "1230", "delay": "10"}, {"type": "rand", "packet": "1230", "delay": "10"}
        ]
      }            
    }          
  ],

  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [                  
      {"outboundTag": "dns-out",
       "inboundTag": ["dns-in"]
      },
      {"outboundTag": "dns-out",
       "inboundTag": ["socks-in"], "port": 53
      },
      {"outboundTag": "tls-repack-dns",
       "inboundTag": ["dns-query"]
      },
      {"outboundTag": "block",
       "domain": ["geosite:category-ads-all"]
      },
      {"outboundTag": "block",
       "ip": ["10.10.34.0/24", "2001:4188:2:600:10:10:34:36", "2001:4188:2:600:10:10:34:35", "2001:4188:2:600:10:10:34:34"]
      },           
      {"outboundTag": "direct",
       "domain": ["geosite:private", "geosite:category-ir"]
      },      
      {"outboundTag": "direct",
       "ip": ["geoip:private", "geoip:ir"]
      },
      {"outboundTag": "chain1-fragment",  // or "super-fragment"
       "inboundTag": ["socks-in"],
       "network": "tcp",
       "ip": ["geoip:cloudflare", "geoip:cloudfront"]
      },
      {
        "outboundTag": "redirect-out-h11",
        "inboundTag": ["socks-in"],
        "network": "tcp",
        "protocol": ["tls"],
        "port": 443,
        "domain": ["domain:googlevideo.com"]
      },
      {
        "outboundTag": "redirect-out-h211",
        "inboundTag": ["socks-in"],
        "network": "tcp",
        "protocol": ["tls"],
        "port": 443,
        "domain": ["geosite:youtube", "geosite:x", "geosite:reddit", "geosite:meta"]       
      },
      {"outboundTag": "tls-repack-google",
       "domain": ["geosite:youtube", "domain:googlevideo.com"],
       "inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
      },
      {"outboundTag": "tls-repack-meta",
       "domain": ["geosite:meta"],
       "inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
      },
      {"outboundTag": "tls-repack-fastly",
       "domain": ["geosite:x", "geosite:reddit"],
       "inboundTag": ["tls-decrypt-h11", "tls-decrypt-h211"]
      },                                                         	                                                        
      {"outboundTag": "udp-noisesv4",
       "network": "udp", "ip": ["0.0.0.0/0"], "port": 443
      },
      {"outboundTag": "udp-noisesv6",
       "network": "udp", "ip": ["::/0"], "port": 443
      },
      {"outboundTag": "direct",
       "network": "udp"
      },
      {"outboundTag": "chain1-fragment",  // or "super-fragment"
       "network": "tcp"
      }
    ]
  }
}