适合直连场景
Reality
通常搭配:VLESS/Reality/RAW/flow
即隧道层VLESS,外层安全层Reality,内层传输层原生RAW,内层加密层Encryption(这里是none)。
*Reality外层安全就已经足够可靠,可以不加enc
Vision Flow
- Reeality+raw传输 (必须)搭配Flow
- Vless encryption+raw传输(必须)搭配flow
Reality上可避免TLS in TLS问题;vless enc可实现在内核中对拷数据
Reality Dest
Reality所“借用”的目标网站,应当满足要求TLS1.3,x25519MLKEM768
某视频网站CDN,游戏下载服务CDN等等
通过 xray tls ping <domain> 来检查目标域名是否符合要求
案例
准备几个必要的参数
- uuid:通过
xray uuid生成 - private key:运行
xray x25519取private key - public key:(客户端)密码,同上取password
- 16位16进制的short-id
以下搭配为 VLESS-Reality-RAW-Vision,需要关注的地方在//注释位置
{
"log": {
"loglevel": "none"
},
"inbounds": [
{
"port": 443, //端口号
"protocol": "vless",
"settings": {
"clients": [
{
"id": "uuid",//运行xray uuid生成
"flow": "xtls-rprx-vision" //flow必填
}
],
"decryption": "none"
},
"streamSettings": {
"network": "raw",
"security": "reality",
"realitySettings": {
"target": "example.com:443", //目标网站
"serverNames": [
"example.com" //符合证书的server name,通过xray tls ping <domain>确定
],
"privateKey": "", //运行xray x25519
"shortIds": [
"", //16位16进制数(0-f)
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
],
"routeOnly": true
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
}
]
}
放在 /usr/local/etc/xray/config.json,随后重启xray systemctl restart xray