|
|
@@ -77,7 +77,7 @@ function wireguard()
|
|
|
allowedIPs = (server.allowedips) or nil,
|
|
|
}
|
|
|
},
|
|
|
- kernelMode = (server.kernelmode == "1") and true or false,
|
|
|
+ noKernelTun = (server.kernelmode == "1") and true or false,
|
|
|
reserved = {server.reserved} or nil,
|
|
|
mtu = tonumber(server.mtu)
|
|
|
}
|
|
|
@@ -124,165 +124,179 @@ local Xray = {
|
|
|
-- error = "/var/ssrplus.log",
|
|
|
loglevel = "warning"
|
|
|
},
|
|
|
+
|
|
|
+ -- 初始化 inbounds 表
|
|
|
+ inbounds = {},
|
|
|
+
|
|
|
+}
|
|
|
-- 传入连接
|
|
|
- inbound = (local_port ~= "0") and {
|
|
|
- -- listening
|
|
|
- port = tonumber(local_port),
|
|
|
- protocol = "dokodemo-door",
|
|
|
- settings = {network = proto, followRedirect = true},
|
|
|
- sniffing = {
|
|
|
- enabled = true,
|
|
|
- destOverride = {"http", "tls", "quic"},
|
|
|
- domainsExcluded = {
|
|
|
- "courier.push.apple.com",
|
|
|
- "rbsxbxp-mim.vivox.com",
|
|
|
- "rbsxbxp.www.vivox.com",
|
|
|
- "rbsxbxp-ws.vivox.com",
|
|
|
- "rbspsxp.www.vivox.com",
|
|
|
- "rbspsxp-mim.vivox.com",
|
|
|
- "rbspsxp-ws.vivox.com",
|
|
|
- "rbswxp.www.vivox.com",
|
|
|
- "rbswxp-mim.vivox.com",
|
|
|
- "disp-rbspsp-5-1.vivox.com",
|
|
|
- "disp-rbsxbp-5-1.vivox.com",
|
|
|
- "proxy.rbsxbp.vivox.com",
|
|
|
- "proxy.rbspsp.vivox.com",
|
|
|
- "proxy.rbswp.vivox.com",
|
|
|
- "rbswp.vivox.com",
|
|
|
- "rbsxbp.vivox.com",
|
|
|
- "rbspsp.vivox.com",
|
|
|
- "rbspsp.www.vivox.com",
|
|
|
- "rbswp.www.vivox.com",
|
|
|
- "rbsxbp.www.vivox.com",
|
|
|
- "rbsxbxp.vivox.com",
|
|
|
- "rbspsxp.vivox.com",
|
|
|
- "rbswxp.vivox.com",
|
|
|
- "Mijia Cloud",
|
|
|
- "dlg.io.mi.com"
|
|
|
+ -- 添加 dokodemo-door 配置,如果 local_port 不为 0
|
|
|
+if local_port ~= "0" then
|
|
|
+ table.insert(Xray.inbounds, {
|
|
|
+ -- listening
|
|
|
+ port = tonumber(local_port),
|
|
|
+ protocol = "dokodemo-door",
|
|
|
+ settings = {network = proto, followRedirect = true},
|
|
|
+ sniffing = {
|
|
|
+ enabled = true,
|
|
|
+ destOverride = {"http", "tls", "quic"},
|
|
|
+ metadataOnly = false,
|
|
|
+ domainsExcluded = {
|
|
|
+ "courier.push.apple.com",
|
|
|
+ "rbsxbxp-mim.vivox.com",
|
|
|
+ "rbsxbxp.www.vivox.com",
|
|
|
+ "rbsxbxp-ws.vivox.com",
|
|
|
+ "rbspsxp.www.vivox.com",
|
|
|
+ "rbspsxp-mim.vivox.com",
|
|
|
+ "rbspsxp-ws.vivox.com",
|
|
|
+ "rbswxp.www.vivox.com",
|
|
|
+ "rbswxp-mim.vivox.com",
|
|
|
+ "disp-rbspsp-5-1.vivox.com",
|
|
|
+ "disp-rbsxbp-5-1.vivox.com",
|
|
|
+ "proxy.rbsxbp.vivox.com",
|
|
|
+ "proxy.rbspsp.vivox.com",
|
|
|
+ "proxy.rbswp.vivox.com",
|
|
|
+ "rbswp.vivox.com",
|
|
|
+ "rbsxbp.vivox.com",
|
|
|
+ "rbspsp.vivox.com",
|
|
|
+ "rbspsp.www.vivox.com",
|
|
|
+ "rbswp.www.vivox.com",
|
|
|
+ "rbsxbp.www.vivox.com",
|
|
|
+ "rbsxbxp.vivox.com",
|
|
|
+ "rbspsxp.vivox.com",
|
|
|
+ "rbswxp.vivox.com",
|
|
|
+ "Mijia Cloud",
|
|
|
+ "dlg.io.mi.com"
|
|
|
+ }
|
|
|
}
|
|
|
- }
|
|
|
- } or nil,
|
|
|
+ })
|
|
|
+end
|
|
|
+
|
|
|
-- 开启 socks 代理
|
|
|
- inboundDetour = (proto:find("tcp") and socks_port ~= "0") and {
|
|
|
- {
|
|
|
- -- socks
|
|
|
- protocol = "socks",
|
|
|
- port = tonumber(socks_port),
|
|
|
- settings = {auth = "noauth", udp = true}
|
|
|
- }
|
|
|
- } or nil,
|
|
|
+ -- 检查是否启用 socks 代理
|
|
|
+if proto:find("tcp") and socks_port ~= "0" then
|
|
|
+ table.insert(Xray.inbounds, {
|
|
|
+ -- socks
|
|
|
+ protocol = "socks",
|
|
|
+ port = tonumber(socks_port),
|
|
|
+ settings = {auth = "noauth", udp = true}
|
|
|
+ })
|
|
|
+end
|
|
|
+
|
|
|
-- 传出连接
|
|
|
- outbound = {
|
|
|
- protocol = server.v2ray_protocol,
|
|
|
- settings = outbound_settings,
|
|
|
- -- 底层传输配置
|
|
|
- streamSettings = (server.v2ray_protocol ~= "wireguard") and {
|
|
|
- network = server.transport or "tcp",
|
|
|
- security = (server.xtls == '1') and "xtls" or (server.tls == '1') and "tls" or (server.reality == '1') and "reality" or nil,
|
|
|
- tlsSettings = (server.tls == '1') and (server.tls_host or server.fingerprint) and {
|
|
|
- -- tls
|
|
|
- alpn = server.tls_alpn,
|
|
|
- fingerprint = server.fingerprint,
|
|
|
- allowInsecure = (server.insecure == "1"),
|
|
|
- serverName = server.tls_host,
|
|
|
- certificates = server.certificate and {
|
|
|
- usage = "verify",
|
|
|
- certificateFile = server.certpath
|
|
|
+ Xray.outbounds = {
|
|
|
+ {
|
|
|
+ protocol = server.v2ray_protocol,
|
|
|
+ settings = outbound_settings,
|
|
|
+ -- 底层传输配置
|
|
|
+ streamSettings = (server.v2ray_protocol ~= "wireguard") and {
|
|
|
+ network = server.transport or "tcp",
|
|
|
+ security = (server.xtls == '1') and "xtls" or (server.tls == '1') and "tls" or (server.reality == '1') and "reality" or nil,
|
|
|
+ tlsSettings = (server.tls == '1') and {
|
|
|
+ -- tls
|
|
|
+ alpn = server.tls_alpn,
|
|
|
+ fingerprint = server.fingerprint,
|
|
|
+ allowInsecure = (server.insecure == "1"),
|
|
|
+ serverName = server.tls_host,
|
|
|
+ certificates = server.certificate and {
|
|
|
+ usage = "verify",
|
|
|
+ certificateFile = server.certpath
|
|
|
+ } or nil,
|
|
|
} or nil,
|
|
|
- } or nil,
|
|
|
- xtlsSettings = (server.xtls == '1') and server.tls_host and {
|
|
|
- -- xtls
|
|
|
- allowInsecure = (server.insecure == "1") and true or nil,
|
|
|
- serverName = server.tls_host,
|
|
|
- minVersion = "1.3"
|
|
|
- } or nil,
|
|
|
- realitySettings = (server.reality == '1') and {
|
|
|
- publicKey = server.reality_publickey,
|
|
|
- shortId = server.reality_shortid,
|
|
|
- spiderX = server.reality_spiderx,
|
|
|
- fingerprint = server.fingerprint,
|
|
|
- serverName = server.tls_host
|
|
|
- } or nil,
|
|
|
- tcpSettings = (server.transport == "tcp" and server.tcp_guise == "http") and {
|
|
|
- -- tcp
|
|
|
- header = {
|
|
|
- type = server.tcp_guise,
|
|
|
- request = {
|
|
|
- -- request
|
|
|
- path = {server.http_path} or {"/"},
|
|
|
- headers = {Host = {server.http_host} or {}}
|
|
|
+ xtlsSettings = (server.xtls == '1') and server.tls_host and {
|
|
|
+ -- xtls
|
|
|
+ allowInsecure = (server.insecure == "1") and true or nil,
|
|
|
+ serverName = server.tls_host,
|
|
|
+ minVersion = "1.3"
|
|
|
+ } or nil,
|
|
|
+ realitySettings = (server.reality == '1') and {
|
|
|
+ publicKey = server.reality_publickey,
|
|
|
+ shortId = server.reality_shortid,
|
|
|
+ spiderX = server.reality_spiderx,
|
|
|
+ fingerprint = server.fingerprint,
|
|
|
+ serverName = server.tls_host
|
|
|
+ } or nil,
|
|
|
+ tcpSettings = (server.transport == "tcp" and server.tcp_guise == "http") and {
|
|
|
+ -- tcp
|
|
|
+ header = {
|
|
|
+ type = server.tcp_guise,
|
|
|
+ request = {
|
|
|
+ -- request
|
|
|
+ path = {server.http_path} or {"/"},
|
|
|
+ headers = {Host = {server.http_host} or {}}
|
|
|
+ }
|
|
|
}
|
|
|
- }
|
|
|
- } or nil,
|
|
|
- kcpSettings = (server.transport == "kcp") and {
|
|
|
- -- kcp
|
|
|
- mtu = tonumber(server.mtu),
|
|
|
- tti = tonumber(server.tti),
|
|
|
- uplinkCapacity = tonumber(server.uplink_capacity),
|
|
|
- downlinkCapacity = tonumber(server.downlink_capacity),
|
|
|
- congestion = (server.congestion == "1") and true or false,
|
|
|
- readBufferSize = tonumber(server.read_buffer_size),
|
|
|
- writeBufferSize = tonumber(server.write_buffer_size),
|
|
|
- header = {type = server.kcp_guise},
|
|
|
- seed = server.seed or nil
|
|
|
- } or nil,
|
|
|
- wsSettings = (server.transport == "ws") and (server.ws_path or server.ws_host or server.tls_host) and {
|
|
|
- -- ws
|
|
|
- headers = (server.ws_host or server.tls_host) and {
|
|
|
- -- headers
|
|
|
- Host = server.ws_host or server.tls_host
|
|
|
} or nil,
|
|
|
- path = server.ws_path,
|
|
|
- maxEarlyData = tonumber(server.ws_ed) or nil,
|
|
|
- earlyDataHeaderName = server.ws_ed_header or nil
|
|
|
- } or nil,
|
|
|
- httpupgradeSettings = (server.transport == "httpupgrade") and {
|
|
|
- -- httpupgrade
|
|
|
- host = (server.httpupgrade_host or server.tls_host) or nil,
|
|
|
- path = server.httpupgrade_path or ""
|
|
|
- } or nil,
|
|
|
- splithttpSettings = (server.transport == "splithttp") and {
|
|
|
- -- splithttp
|
|
|
- host = (server.splithttp_host or server.tls_host) or nil,
|
|
|
- path = server.splithttp_path or ""
|
|
|
- } or nil,
|
|
|
- httpSettings = (server.transport == "h2") and {
|
|
|
- -- h2
|
|
|
- path = server.h2_path or "",
|
|
|
- host = {server.h2_host} or nil,
|
|
|
- read_idle_timeout = tonumber(server.read_idle_timeout) or nil,
|
|
|
- health_check_timeout = tonumber(server.health_check_timeout) or nil
|
|
|
- } or nil,
|
|
|
- quicSettings = (server.transport == "quic") and {
|
|
|
- -- quic
|
|
|
- security = server.quic_security,
|
|
|
- key = server.quic_key,
|
|
|
- header = {type = server.quic_guise}
|
|
|
- } or nil,
|
|
|
- grpcSettings = (server.transport == "grpc") and {
|
|
|
- -- grpc
|
|
|
- serviceName = server.serviceName or "",
|
|
|
- multiMode = (server.grpc_mode == "multi") and true or false,
|
|
|
- idle_timeout = tonumber(server.idle_timeout) or nil,
|
|
|
- health_check_timeout = tonumber(server.health_check_timeout) or nil,
|
|
|
- permit_without_stream = (server.permit_without_stream == "1") and true or nil,
|
|
|
- initial_windows_size = tonumber(server.initial_windows_size) or nil
|
|
|
+ kcpSettings = (server.transport == "kcp") and {
|
|
|
+ -- kcp
|
|
|
+ mtu = tonumber(server.mtu),
|
|
|
+ tti = tonumber(server.tti),
|
|
|
+ uplinkCapacity = tonumber(server.uplink_capacity),
|
|
|
+ downlinkCapacity = tonumber(server.downlink_capacity),
|
|
|
+ congestion = (server.congestion == "1") and true or false,
|
|
|
+ readBufferSize = tonumber(server.read_buffer_size),
|
|
|
+ writeBufferSize = tonumber(server.write_buffer_size),
|
|
|
+ header = {type = server.kcp_guise},
|
|
|
+ seed = server.seed or nil
|
|
|
+ } or nil,
|
|
|
+ wsSettings = (server.transport == "ws") and (server.ws_path or server.ws_host or server.tls_host) and {
|
|
|
+ -- ws
|
|
|
+ headers = (server.ws_host or server.tls_host) and {
|
|
|
+ -- headers
|
|
|
+ Host = server.ws_host or server.tls_host
|
|
|
+ } or nil,
|
|
|
+ path = server.ws_path,
|
|
|
+ maxEarlyData = tonumber(server.ws_ed) or nil,
|
|
|
+ earlyDataHeaderName = server.ws_ed_header or nil
|
|
|
+ } or nil,
|
|
|
+ httpupgradeSettings = (server.transport == "httpupgrade") and {
|
|
|
+ -- httpupgrade
|
|
|
+ host = (server.httpupgrade_host or server.tls_host) or nil,
|
|
|
+ path = server.httpupgrade_path or ""
|
|
|
+ } or nil,
|
|
|
+ splithttpSettings = (server.transport == "splithttp") and {
|
|
|
+ -- splithttp
|
|
|
+ host = (server.splithttp_host or server.tls_host) or nil,
|
|
|
+ path = server.splithttp_path or "/"
|
|
|
+ } or nil,
|
|
|
+ httpSettings = (server.transport == "h2") and {
|
|
|
+ -- h2
|
|
|
+ path = server.h2_path or "",
|
|
|
+ host = {server.h2_host} or nil,
|
|
|
+ read_idle_timeout = tonumber(server.read_idle_timeout) or nil,
|
|
|
+ health_check_timeout = tonumber(server.health_check_timeout) or nil
|
|
|
+ } or nil,
|
|
|
+ quicSettings = (server.transport == "quic") and {
|
|
|
+ -- quic
|
|
|
+ security = server.quic_security,
|
|
|
+ key = server.quic_key,
|
|
|
+ header = {type = server.quic_guise}
|
|
|
+ } or nil,
|
|
|
+ grpcSettings = (server.transport == "grpc") and {
|
|
|
+ -- grpc
|
|
|
+ serviceName = server.serviceName or "",
|
|
|
+ multiMode = (server.grpc_mode == "multi") and true or false,
|
|
|
+ idle_timeout = tonumber(server.idle_timeout) or nil,
|
|
|
+ health_check_timeout = tonumber(server.health_check_timeout) or nil,
|
|
|
+ permit_without_stream = (server.permit_without_stream == "1") and true or nil,
|
|
|
+ initial_windows_size = tonumber(server.initial_windows_size) or nil
|
|
|
+ } or nil,
|
|
|
+ sockopt = {
|
|
|
+ tcpMptcp = (server.mptcp == "1") and true or false, -- MPTCP
|
|
|
+ tcpNoDelay = (server.mptcp == "1") and true or false, -- MPTCP
|
|
|
+ tcpcongestion = server.custom_tcpcongestion -- 连接服务器节点的 TCP 拥塞控制算法
|
|
|
+ }
|
|
|
} or nil,
|
|
|
- sockopt = {
|
|
|
- tcpMptcp = (server.mptcp == "1") and true or false, -- MPTCP
|
|
|
- tcpNoDelay = (server.mptcp == "1") and true or false, -- MPTCP
|
|
|
- tcpcongestion = server.custom_tcpcongestion -- 连接服务器节点的 TCP 拥塞控制算法
|
|
|
- }
|
|
|
- } or nil,
|
|
|
- mux = (server.v2ray_protocol ~= "wireguard") and {
|
|
|
- -- mux
|
|
|
- enabled = (server.mux == "1") and true or false, -- Mux
|
|
|
- concurrency = tonumber(server.concurrency), -- TCP 最大并发连接数
|
|
|
- xudpConcurrency = tonumber(server.xudpConcurrency), -- UDP 最大并发连接数
|
|
|
- xudpProxyUDP443 = server.xudpProxyUDP443 -- 对被代理的 UDP/443 流量处理方式
|
|
|
- } or nil
|
|
|
+ mux = (server.v2ray_protocol ~= "wireguard") and {
|
|
|
+ -- mux
|
|
|
+ enabled = (server.mux == "1") and true or false, -- Mux
|
|
|
+ concurrency = tonumber(server.concurrency), -- TCP 最大并发连接数
|
|
|
+ xudpConcurrency = tonumber(server.xudpConcurrency), -- UDP 最大并发连接数
|
|
|
+ xudpProxyUDP443 = server.xudpProxyUDP443 -- 对被代理的 UDP/443 流量处理方式
|
|
|
+ } or nil
|
|
|
+ }
|
|
|
}
|
|
|
-}
|
|
|
+
|
|
|
local cipher = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
|
|
|
local cipher13 = "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
|
|
|
local trojan = {
|
|
|
@@ -351,7 +365,7 @@ local hysteria = {
|
|
|
hopInterval = (server.port_range and (tonumber(server.hopinterval) .. "s") or nil)
|
|
|
} or nil)
|
|
|
} or nil,
|
|
|
---[[
|
|
|
+--[[
|
|
|
tcpTProxy = (proto:find("tcp") and local_port ~= "0") and {
|
|
|
listen = "0.0.0.0:" .. tonumber(local_port)
|
|
|
} or nil,
|
|
|
@@ -488,7 +502,7 @@ local tuic = {
|
|
|
},
|
|
|
["local"] = {
|
|
|
server = tonumber(socks_port) and "[::]:" .. (socks_port == "0" and local_port or tonumber(socks_port)),
|
|
|
- dual_stack = (server.tuic_dual_stack == "1") and true or nil,
|
|
|
+ dual_stack = (server.tuic_dual_stack == "1") and true or nil,
|
|
|
max_packet_size = tonumber(server.tuic_max_package_size)
|
|
|
}
|
|
|
}
|
zxlhhyccc