From c9d232c11d84e0ee72e38f2c9f0a663eb41fe7b0 Mon Sep 17 00:00:00 2001 From: vchikalkin Date: Tue, 17 Mar 2026 16:19:30 +0300 Subject: [PATCH] add xray configuration files and update existing scripts --- opt/etc/xkeen/ip_exclude.lst | 4 + opt/etc/xkeen/port_exclude.lst | 4 + opt/etc/xkeen/port_proxying.lst | 6 + opt/etc/xray/configs/01_log.json | 8 + opt/etc/xray/configs/02_dns.json | 3 + opt/etc/xray/configs/03_inbounds.json | 35 +++ opt/etc/xray/configs/04_outbounds.json | 357 +++++++++++++++++++++++ opt/etc/xray/configs/05_routing.json | 256 ++++++++++++++++ opt/etc/xray/configs/06_policy.json | 10 + opt/etc/xray/configs/07_observatory.json | 18 ++ scripts/update-files.sh | 10 + 11 files changed, 711 insertions(+) create mode 100644 opt/etc/xkeen/ip_exclude.lst create mode 100644 opt/etc/xkeen/port_exclude.lst create mode 100644 opt/etc/xkeen/port_proxying.lst create mode 100644 opt/etc/xray/configs/01_log.json create mode 100644 opt/etc/xray/configs/02_dns.json create mode 100644 opt/etc/xray/configs/03_inbounds.json create mode 100644 opt/etc/xray/configs/04_outbounds.json create mode 100644 opt/etc/xray/configs/05_routing.json create mode 100644 opt/etc/xray/configs/06_policy.json create mode 100644 opt/etc/xray/configs/07_observatory.json diff --git a/opt/etc/xkeen/ip_exclude.lst b/opt/etc/xkeen/ip_exclude.lst new file mode 100644 index 0000000..a9452ea --- /dev/null +++ b/opt/etc/xkeen/ip_exclude.lst @@ -0,0 +1,4 @@ +#192.168.0.0/16 +#2001:db8::/32 + +# Добавьте необходимые IP и подсети без комментария # для исключения их из проксирования diff --git a/opt/etc/xkeen/port_exclude.lst b/opt/etc/xkeen/port_exclude.lst new file mode 100644 index 0000000..7911e90 --- /dev/null +++ b/opt/etc/xkeen/port_exclude.lst @@ -0,0 +1,4 @@ +# + +# Одновременно использовать порты проксирования и исключать порты нельзя +# Приоритет у портов проксирования diff --git a/opt/etc/xkeen/port_proxying.lst b/opt/etc/xkeen/port_proxying.lst new file mode 100644 index 0000000..3b515c6 --- /dev/null +++ b/opt/etc/xkeen/port_proxying.lst @@ -0,0 +1,6 @@ +80 +443 +596:599 +1400 +#3478:3497 +5222 \ No newline at end of file diff --git a/opt/etc/xray/configs/01_log.json b/opt/etc/xray/configs/01_log.json new file mode 100644 index 0000000..eff2142 --- /dev/null +++ b/opt/etc/xray/configs/01_log.json @@ -0,0 +1,8 @@ +{ + "log": + { + "access": "/opt/var/log/xray/access.log", + "error": "/opt/var/log/xray/error.log", + "loglevel": "none" + } +} \ No newline at end of file diff --git a/opt/etc/xray/configs/02_dns.json b/opt/etc/xray/configs/02_dns.json new file mode 100644 index 0000000..1b6e716 --- /dev/null +++ b/opt/etc/xray/configs/02_dns.json @@ -0,0 +1,3 @@ +{ +// Пример настройки - https://jameszero.net/3398.htm +} \ No newline at end of file diff --git a/opt/etc/xray/configs/03_inbounds.json b/opt/etc/xray/configs/03_inbounds.json new file mode 100644 index 0000000..3faec21 --- /dev/null +++ b/opt/etc/xray/configs/03_inbounds.json @@ -0,0 +1,35 @@ +{ + "inbounds": [ + { + "port": 1181, + "protocol": "dokodemo-door", + "settings": { + "network": "tcp", + "followRedirect": true + }, + "sniffing": { + "enabled": true, + "routeOnly": true, + "destOverride": ["http", "tls"] + }, + "tag": "redirect" + }, + { + "port": 1181, + "protocol": "dokodemo-door", + "settings": { + "network": "udp", + "followRedirect": true + }, + "streamSettings": { + "sockopt": { "tproxy": "tproxy" } + }, + "sniffing": { + "enabled": true, + "routeOnly": true, + "destOverride": ["http", "tls", "quic"] + }, + "tag": "tproxy" + } + ] +} diff --git a/opt/etc/xray/configs/04_outbounds.json b/opt/etc/xray/configs/04_outbounds.json new file mode 100644 index 0000000..18ef7c0 --- /dev/null +++ b/opt/etc/xray/configs/04_outbounds.json @@ -0,0 +1,357 @@ +{ + "outbounds": [ + // RU + { + "mux": { + "concurrency": -1, + "enabled": false, + "xudpConcurrency": 8, + "xudpProxyUDP443": "" + }, + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "moscow-ru-1.bulba.pro", + "port": 8443, + "users": [ + { + "encryption": "none", + "flow": "xtls-rprx-vision", + "id": "6b1cd532-491a-44b2-a5e6-68c12169c6c3", + "level": 8, + "security": "auto" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "realitySettings": { + "allowInsecure": false, + "fingerprint": "", + "publicKey": "9dtFCbZUred67gLvzEqX0hJLUyGLqthFbC52d_p0bmo", + "serverName": "moscow-ru-1.bulba.pro", + "shortId": "", + "show": false, + "spiderX": "/" + }, + "security": "reality", + "tcpSettings": { + "header": { + "type": "none" + } + } + }, + "tag": "vless-mow-1" + }, + // UNI + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "moscow.cdn-video.world", + "port": 443, + "users": [ + { + "encryption": "none", + "flow": "xtls-rprx-vision", + "id": "6b1cd532-491a-44b2-a5e6-68c12169c6c3" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "realitySettings": { + "fingerprint": "chrome", + "publicKey": "fJnm6-PhJGSwHaAdJOzXkYOfCPPCWSlaZrtfm1XsqhA", + "serverName": "moscow.cdn-video.world", + "show": false, + "spiderX": "/" + }, + "security": "reality", + "tcpSettings": {} + }, + "tag": "vless-ru-de" + }, + // EU + { + "mux": { + "concurrency": -1, + "enabled": false, + "xudpConcurrency": 8, + "xudpProxyUDP443": "" + }, + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "amsterdam-nl-1.bulba.pro", + "port": 8443, + "users": [ + { + "encryption": "none", + "flow": "xtls-rprx-vision", + "id": "6b1cd532-491a-44b2-a5e6-68c12169c6c3", + "level": 8, + "security": "auto" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "realitySettings": { + "allowInsecure": false, + "fingerprint": "", + "publicKey": "RkjV_1__FGUXN_VA61Gp5R5dgfjk0K5jCbcy92raBUM", + "serverName": "amsterdam-nl-1.bulba.pro", + "shortId": "", + "show": false, + "spiderX": "/" + }, + "security": "reality", + "tcpSettings": { + "header": { + "type": "none" + } + } + }, + "tag": "vless-ams" + }, + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "zurich-ch-1.bulba.pro", + "port": 8443, + "users": [ + { + "encryption": "none", + "flow": "xtls-rprx-vision", + "id": "6b1cd532-491a-44b2-a5e6-68c12169c6c3" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "realitySettings": { + "publicKey": "RkjV_1__FGUXN_VA61Gp5R5dgfjk0K5jCbcy92raBUM", + "serverName": "zurich-ch-1.bulba.pro", + "show": false + }, + "security": "reality", + "tcpSettings": {} + }, + "tag": "vless-zu" + }, + { + "mux": { + "concurrency": -1, + "enabled": false, + "xudpConcurrency": 8, + "xudpProxyUDP443": "" + }, + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "helsinki-fi-1.bulba.pro", + "port": 8443, + "users": [ + { + "encryption": "none", + "flow": "xtls-rprx-vision", + "id": "6b1cd532-491a-44b2-a5e6-68c12169c6c3", + "level": 8, + "security": "auto" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "realitySettings": { + "allowInsecure": false, + "fingerprint": "", + "publicKey": "RkjV_1__FGUXN_VA61Gp5R5dgfjk0K5jCbcy92raBUM", + "serverName": "helsinki-fi-1.bulba.pro", + "shortId": "", + "show": false, + "spiderX": "/" + }, + "security": "reality", + "tcpSettings": { + "header": { + "type": "none" + } + } + }, + "tag": "vless-he" + }, + { + "mux": { + "concurrency": -1, + "enabled": false, + "xudpConcurrency": 8, + "xudpProxyUDP443": "" + }, + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "frankfurt-de-1.bulba.pro", + "port": 8443, + "users": [ + { + "encryption": "none", + "flow": "xtls-rprx-vision", + "id": "6b1cd532-491a-44b2-a5e6-68c12169c6c3", + "level": 8, + "security": "auto" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "realitySettings": { + "allowInsecure": false, + "fingerprint": "", + "publicKey": "RkjV_1__FGUXN_VA61Gp5R5dgfjk0K5jCbcy92raBUM", + "serverName": "frankfurt-de-1.bulba.pro", + "shortId": "", + "show": false, + "spiderX": "/" + }, + "security": "reality", + "tcpSettings": { + "header": { + "type": "none" + } + } + }, + "tag": "vless-de" + }, + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "vekshe-se-1.bulba.pro", + "port": 8443, + "users": [ + { + "encryption": "none", + "flow": "xtls-rprx-vision", + "id": "6b1cd532-491a-44b2-a5e6-68c12169c6c3" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "realitySettings": { + "publicKey": "RkjV_1__FGUXN_VA61Gp5R5dgfjk0K5jCbcy92raBUM", + "serverName": "vekshe-se-1.bulba.pro", + "show": false + }, + "security": "reality", + "tcpSettings": {} + }, + "tag": "vless-se" + }, + // US + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "toronto-ca-1.bulba.pro", + "port": 8443, + "users": [ + { + "encryption": "none", + "flow": "xtls-rprx-vision", + "id": "6b1cd532-491a-44b2-a5e6-68c12169c6c3" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "realitySettings": { + "publicKey": "RkjV_1__FGUXN_VA61Gp5R5dgfjk0K5jCbcy92raBUM", + "serverName": "toronto-ca-1.bulba.pro", + "show": false + }, + "security": "reality", + "tcpSettings": {} + }, + "tag": "vless-ca" + }, + { + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "california-us-1.bulba.pro", + "port": 8443, + "users": [ + { + "encryption": "none", + "flow": "xtls-rprx-vision", + "id": "6b1cd532-491a-44b2-a5e6-68c12169c6c3" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "realitySettings": { + "publicKey": "RkjV_1__FGUXN_VA61Gp5R5dgfjk0K5jCbcy92raBUM", + "serverName": "california-us-1.bulba.pro", + "show": false + }, + "security": "reality", + "tcpSettings": {} + }, + "tag": "vless-us" + }, + { + "protocol": "freedom", + "streamSettings": { + "sockopt": { + "interface": "nwg0" + } + }, + "tag": "awg" + }, + { + "tag": "direct", + "protocol": "freedom" + }, + { + "tag": "block", + "protocol": "blackhole", + "settings": { + "response": { + "type": "http" + } + } + } + ] +} diff --git a/opt/etc/xray/configs/05_routing.json b/opt/etc/xray/configs/05_routing.json new file mode 100644 index 0000000..995bea0 --- /dev/null +++ b/opt/etc/xray/configs/05_routing.json @@ -0,0 +1,256 @@ +{ + "routing": { + "domainStrategy": "AsIs", + "balancers": [ + { + "tag": "balancer-eu", + "selector": [ + "vless-ams", + "vless-de", + "vless-zu", + "vless-se" + // "vless-he" + ], + "strategy": { + "type": "leastPing" + }, + "fallbackTag": "direct" + }, + { + "tag": "balancer-ru", + "selector": ["vless-mow-1"], + "strategy": { + "type": "leastPing" + }, + "fallbackTag": "direct" + }, + { + "tag": "balancer-uni", + "selector": ["vless-ru-de"], + "strategy": { + "type": "leastPing" + }, + "fallbackTag": "direct" + }, + { + "tag": "balancer-us", + "selector": ["vless-ca", "vless-us"], + "strategy": { + "type": "leastPing" + }, + "fallbackTag": "direct" + } + ], + "rules": [ + // ------------------------------- + // Domains BLOCKED + // ------------------------------- + { + "type": "field", + "domain": [ + // "ext:geosite_v2fly.dat:category-ads-all", + // "ext:adlist.dat:hagezi-pro", + "kaspersky" + ], + "outboundTag": "block" + }, + // ------------------------------- + // DIRECT + // ------------------------------- + // { + // "type": "field", + // // "inboundTag": ["redirect"], + // "ip": ["ext:geoip_v2fly.dat:private"], + // "outboundTag": "direct" + // }, + // { + // "type": "field", + // // "inboundTag": ["redirect", "tproxy"], + // "protocol": ["bittorrent"], + // "outboundTag": "direct" + // }, + // // ------------------------------- + // // RU Domains DIRECT + // // ------------------------------- + // { + // "type": "field", + // // "inboundTag": ["redirect"], + // "domain": [ + // "ext:geosite_v2fly.dat:category-ru", + // "ext:geosite_v2fly.dat:category-gov-ru", + // "ext:geosite_v2fly.dat:category-bank-ru", + // "ext:geosite_v2fly.dat:category-retail-ru", + // "ext:geosite_v2fly.dat:category-ecommerce-ru", + // "ext:geosite_v2fly.dat:category-entertainment-ru", + // "ext:geosite_v2fly.dat:category-travel-ru", + // "ext:geosite_v2fly.dat:yandex", + // "ext:geosite_v2fly.dat:mailru-group", + // "ext:geosite_v2fly.dat:vk" + // ], + // "outboundTag": "direct" + // }, + // // ------------------------------- + // // RU IP DIRECT + // // ------------------------------- + // { + // "type": "field", + // // "inboundTag": ["redirect"], + // "ip": ["ext:zkeenip.dat:ru"], + // "outboundTag": "direct" + // }, + // ------------------------------- + // Domains DIRECT + // ------------------------------- + { + "type": "field", + "domain": [ + // // NFQWS + // "ext:geosite_zkeen.dat:youtube", + // // + // "ext:geosite_v2fly.dat:category-doh", + // "ext:geosite_v2fly.dat:connectivity-check", + // "ext:geosite_v2fly.dat:category-ip-geo-detect", + // "ext:geosite_v2fly.dat:steam", + // "ext:geosite_v2fly.dat:category-game-platforms-download", + // "ext:geosite_v2fly.dat:category-games", + // // "ext:geosite_v2fly.dat:category-companies", // Breaks AI, Meta, etc. + // "ext:geosite_v2fly.dat:xiaomi", + // "ext:geosite_v2fly.dat:samsung", + // "ext:geosite_v2fly.dat:apple", + // "ext:geosite_v2fly.dat:microsoft", + // "ext:geosite_v2fly.dat:spotify", + // "ext:geosite_v2fly.dat:alibaba", + "ext:geosite_v2fly.dat:tiktok" + // "keenetic", + // "craze" + ], + "outboundTag": "direct" + }, + // // ------------------------------- + // // IP DIRECT + // // ------------------------------- + // { + // "type": "field", + // // "inboundTag": ["redirect"], + // "ip": [ + // // NFQWS + // "ext:zkeenip.dat:youtube" + // ], + // "outboundTag": "direct" + // }, + // ------------------------------- + // Domains Sora PROXY + // ------------------------------- + { + "type": "field", + "domain": ["domain:sora.chatgpt.com"], + "balancerTag": "balancer-us" + }, + // ------------------------------- + // Other Domains PROXY + // ------------------------------- + { + "type": "field", + // "inboundTag": ["redirect"], + "domain": [ + "ext:geosite_v2fly.dat:category-ai-!cn", + "ext:geosite_v2fly.dat:google-gemini", + "ext:geosite_v2fly.dat:openai", + "ext:geosite_zkeen.dat:other", + "ext:geosite_v2fly.dat:category-proxy-tunnels", + "ext:geosite_v2fly.dat:tmdb", + "domain:seerr.dev", + "domain:radarr.video", + "domain:sonarr.tv" + ], + "balancerTag": "balancer-eu" + }, + // ------------------------------- + // Domains PROXY + // ------------------------------- + { + "type": "field", + // "inboundTag": ["redirect"], + "domain": [ + "ext:geosite_zkeen.dat:domains", + "ext:geosite_v2fly.dat:meta", + // "ext:geosite_v2fly.dat:soundcloud", + // "ext:geosite_v2fly.dat:medium", + // "ext:geosite_v2fly.dat:cloudflare", + // "ext:geosite_v2fly.dat:speedtest", + "ext:geosite_v2fly.dat:xda", + // "ext:geosite_v2fly.dat:roblox", + // "4pda.to", + "amnezia", + "ext:geosite_v2fly.dat:rutracker", + "rutor", + "nnmclub" + ], + "balancerTag": "balancer-eu" + }, + // ------------------------------- + // IP PROXY + // ------------------------------- + { + "type": "field", + "ip": ["ext:zkeenip.dat:meta"], + "balancerTag": "balancer-eu" + }, + // ------------------------------- + // Domains Messengers PROXY + // ------------------------------- + { + "type": "field", + // "inboundTag": ["redirect"], + "domain": [ + "ext:geosite_v2fly.dat:telegram", + "2ip.io" + // , "ext:geosite_v2fly.dat:discord" + ], + "balancerTag": "balancer-eu" + }, + // ------------------------------- + // IP Messengers PROXY + // ------------------------------- + { + "type": "field", + // "inboundTag": ["redirect"], + "ip": [ + "ext:zkeenip.dat:telegram" + // , "ext:zkeenip.dat:discord" + ], + "balancerTag": "balancer-eu" + }, + // // ------------------------------- + // // IP Datacenters PROXY + // // ------------------------------- + // { + // "type": "field", + // "ip": [ + // // "ext:zkeenip.dat:akamai", + // "ext:zkeenip.dat:amazon", + // // "ext:zkeenip.dat:cdn77", + // // "ext:zkeenip.dat:contabo", + // "ext:zkeenip.dat:cloudflare", + // "ext:zkeenip.dat:digitalocean", + // // "ext:zkeenip.dat:fastly", + // // "ext:zkeenip.dat:gcore", + // "ext:zkeenip.dat:hetzner" + // // "ext:zkeenip.dat:meta", + // // "ext:zkeenip.dat:oracle", + // // "ext:zkeenip.dat:ovh", + // // "ext:zkeenip.dat:scaleway", + // // "ext:zkeenip.dat:vultr" + // ], + // "balancerTag": "balancer-eu" + // }, + // -- All other direct + { + "type": "field", + // "inboundTag": ["redirect"], + "network": "tcp,udp", + "outboundTag": "direct" + } + ] + } +} diff --git a/opt/etc/xray/configs/06_policy.json b/opt/etc/xray/configs/06_policy.json new file mode 100644 index 0000000..afc101f --- /dev/null +++ b/opt/etc/xray/configs/06_policy.json @@ -0,0 +1,10 @@ +{ + "policy": { + "levels": { + "0": { + "uplinkOnly": 0, + "downlinkOnly": 0 + } + } + } +} diff --git a/opt/etc/xray/configs/07_observatory.json b/opt/etc/xray/configs/07_observatory.json new file mode 100644 index 0000000..c027560 --- /dev/null +++ b/opt/etc/xray/configs/07_observatory.json @@ -0,0 +1,18 @@ +{ + "observatory": { + "subjectSelector": [ + "vless-ams", + "vless-de", + "vless-zu", + "vless-he", + "vless-se", + "vless-ca", + "vless-us", + "vless-mow-1", + "vless-ru-de" + ], + "probeURL": "http://www.gstatic.com/generate_204", + "probeInterval": "100s", + "enableConcurrency": true + } +} \ No newline at end of file diff --git a/scripts/update-files.sh b/scripts/update-files.sh index e1d62ef..a185cb4 100644 --- a/scripts/update-files.sh +++ b/scripts/update-files.sh @@ -8,6 +8,16 @@ FILES=" https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/nfqws/user.list|/opt/etc/nfqws/user.list https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/nfqws/ipset.list|/opt/etc/nfqws/ipset.list https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/nfqws/nfqws.conf|/opt/etc/nfqws/nfqws.conf +https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/xkeen/ip_exclude.lst|/opt/etc/xkeen/ip_exclude.lst +https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/xkeen/port_exclude.lst|/opt/etc/xkeen/port_exclude.lst +https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/xkeen/port_proxying.lst|/opt/etc/xkeen/port_proxying.lst +https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/xray/configs/01_log.json|/opt/etc/xray/configs/01_log.json +https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/xray/configs/02_dns.json|/opt/etc/xray/configs/02_dns.json +https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/xray/configs/03_inbounds.json|/opt/etc/xray/configs/03_inbounds.json +https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/xray/configs/04_outbounds.json|/opt/etc/xray/configs/04_outbounds.json +https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/xray/configs/05_routing.json|/opt/etc/xray/configs/05_routing.json +https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/xray/configs/06_policy.json|/opt/etc/xray/configs/06_policy.json +https://gitea.vchikalkin.dev/admin/keenetic-configs/raw/branch/master/opt/etc/xray/configs/07_observatory.json|/opt/etc/xray/configs/07_observatory.json " RESTART_CMD="/opt/etc/init.d/rc.unslung restart"