diff --git a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr index d62f5ab37c5..2d0132b25d5 100755 --- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr +++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr @@ -422,7 +422,7 @@ start_udp() { ;; v2ray) gen_config_file $UDP_RELAY_SERVER $type 2 $tmp_udp_port - ln_start_bin $(first_type xray v2ray) v2ray run -config $udp_config_file + ln_start_bin $(first_type xray v2ray) v2ray run -c $udp_config_file echolog "UDP TPROXY Relay:$($(first_type "xray" "v2ray") version | head -1) Started!" ;; trojan) #client @@ -531,7 +531,7 @@ start_shunt() { v2ray) local tmp_port=${tmp_local_port:-$tmp_shunt_local_port} gen_config_file $SHUNT_SERVER $type 3 $tmp_shunt_port $tmp_port - ln_start_bin $(first_type xray v2ray) v2ray run -config $shunt_config_file + ln_start_bin $(first_type xray v2ray) v2ray run -c $shunt_config_file shunt_dns_command echolog "shunt:$($(first_type xray v2ray) version | head -1) Started!" ;; @@ -651,7 +651,7 @@ start_local() { v2ray) if [ "$_local" == "2" ]; then gen_config_file $LOCAL_SERVER $type 4 0 $local_port - ln_start_bin $(first_type xray v2ray) v2ray run -config $local_config_file + ln_start_bin $(first_type xray v2ray) v2ray run -c $local_config_file fi echolog "Global_Socks5:$($(first_type "xray" "v2ray") version | head -1) Started!" ;; @@ -746,7 +746,7 @@ Start_Run() { ;; v2ray) gen_config_file $GLOBAL_SERVER $type 1 $tcp_port $socks_port - ln_start_bin $(first_type xray v2ray) v2ray run -config $tcp_config_file + ln_start_bin $(first_type xray v2ray) v2ray run -c $tcp_config_file echolog "Main node:$($(first_type xray v2ray) version | head -1) Started!" ;; trojan) diff --git a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua index 8102cd3859d..5822260dad9 100755 --- a/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua +++ b/luci-app-ssr-plus/root/usr/share/shadowsocksr/gen_config.lua @@ -77,7 +77,7 @@ function wireguard() allowedIPs = (server.allowedips) or nil, } }, - kernelMode = (server.kernelmode == "1") and true or false, + noKernelTun = (server.kernelmode == "1") and true or false, reserved = {server.reserved} or nil, mtu = tonumber(server.mtu) } @@ -124,165 +124,179 @@ local Xray = { -- error = "/var/ssrplus.log", loglevel = "warning" }, + + -- 初始化 inbounds 表 + inbounds = {}, + +} -- 传入连接 - inbound = (local_port ~= "0") and { - -- listening - port = tonumber(local_port), - protocol = "dokodemo-door", - settings = {network = proto, followRedirect = true}, - sniffing = { - enabled = true, - destOverride = {"http", "tls", "quic"}, - domainsExcluded = { - "courier.push.apple.com", - "rbsxbxp-mim.vivox.com", - "rbsxbxp.www.vivox.com", - "rbsxbxp-ws.vivox.com", - "rbspsxp.www.vivox.com", - "rbspsxp-mim.vivox.com", - "rbspsxp-ws.vivox.com", - "rbswxp.www.vivox.com", - "rbswxp-mim.vivox.com", - "disp-rbspsp-5-1.vivox.com", - "disp-rbsxbp-5-1.vivox.com", - "proxy.rbsxbp.vivox.com", - "proxy.rbspsp.vivox.com", - "proxy.rbswp.vivox.com", - "rbswp.vivox.com", - "rbsxbp.vivox.com", - "rbspsp.vivox.com", - "rbspsp.www.vivox.com", - "rbswp.www.vivox.com", - "rbsxbp.www.vivox.com", - "rbsxbxp.vivox.com", - "rbspsxp.vivox.com", - "rbswxp.vivox.com", - "Mijia Cloud", - "dlg.io.mi.com" + -- 添加 dokodemo-door 配置,如果 local_port 不为 0 +if local_port ~= "0" then + table.insert(Xray.inbounds, { + -- listening + port = tonumber(local_port), + protocol = "dokodemo-door", + settings = {network = proto, followRedirect = true}, + sniffing = { + enabled = true, + destOverride = {"http", "tls", "quic"}, + metadataOnly = false, + domainsExcluded = { + "courier.push.apple.com", + "rbsxbxp-mim.vivox.com", + "rbsxbxp.www.vivox.com", + "rbsxbxp-ws.vivox.com", + "rbspsxp.www.vivox.com", + "rbspsxp-mim.vivox.com", + "rbspsxp-ws.vivox.com", + "rbswxp.www.vivox.com", + "rbswxp-mim.vivox.com", + "disp-rbspsp-5-1.vivox.com", + "disp-rbsxbp-5-1.vivox.com", + "proxy.rbsxbp.vivox.com", + "proxy.rbspsp.vivox.com", + "proxy.rbswp.vivox.com", + "rbswp.vivox.com", + "rbsxbp.vivox.com", + "rbspsp.vivox.com", + "rbspsp.www.vivox.com", + "rbswp.www.vivox.com", + "rbsxbp.www.vivox.com", + "rbsxbxp.vivox.com", + "rbspsxp.vivox.com", + "rbswxp.vivox.com", + "Mijia Cloud", + "dlg.io.mi.com" + } } - } - } or nil, + }) +end + -- 开启 socks 代理 - inboundDetour = (proto:find("tcp") and socks_port ~= "0") and { - { - -- socks - protocol = "socks", - port = tonumber(socks_port), - settings = {auth = "noauth", udp = true} - } - } or nil, + -- 检查是否启用 socks 代理 +if proto:find("tcp") and socks_port ~= "0" then + table.insert(Xray.inbounds, { + -- socks + protocol = "socks", + port = tonumber(socks_port), + settings = {auth = "noauth", udp = true} + }) +end + -- 传出连接 - outbound = { - protocol = server.v2ray_protocol, - settings = outbound_settings, - -- 底层传输配置 - streamSettings = (server.v2ray_protocol ~= "wireguard") and { - network = server.transport or "tcp", - security = (server.xtls == '1') and "xtls" or (server.tls == '1') and "tls" or (server.reality == '1') and "reality" or nil, - tlsSettings = (server.tls == '1') and (server.tls_host or server.fingerprint) and { - -- tls - alpn = server.tls_alpn, - fingerprint = server.fingerprint, - allowInsecure = (server.insecure == "1"), - serverName = server.tls_host, - certificates = server.certificate and { - usage = "verify", - certificateFile = server.certpath + Xray.outbounds = { + { + protocol = server.v2ray_protocol, + settings = outbound_settings, + -- 底层传输配置 + streamSettings = (server.v2ray_protocol ~= "wireguard") and { + network = server.transport or "tcp", + security = (server.xtls == '1') and "xtls" or (server.tls == '1') and "tls" or (server.reality == '1') and "reality" or nil, + tlsSettings = (server.tls == '1') and { + -- tls + alpn = server.tls_alpn, + fingerprint = server.fingerprint, + allowInsecure = (server.insecure == "1"), + serverName = server.tls_host, + certificates = server.certificate and { + usage = "verify", + certificateFile = server.certpath + } or nil, } or nil, - } or nil, - xtlsSettings = (server.xtls == '1') and server.tls_host and { - -- xtls - allowInsecure = (server.insecure == "1") and true or nil, - serverName = server.tls_host, - minVersion = "1.3" - } or nil, - realitySettings = (server.reality == '1') and { - publicKey = server.reality_publickey, - shortId = server.reality_shortid, - spiderX = server.reality_spiderx, - fingerprint = server.fingerprint, - serverName = server.tls_host - } or nil, - tcpSettings = (server.transport == "tcp" and server.tcp_guise == "http") and { - -- tcp - header = { - type = server.tcp_guise, - request = { - -- request - path = {server.http_path} or {"/"}, - headers = {Host = {server.http_host} or {}} + xtlsSettings = (server.xtls == '1') and server.tls_host and { + -- xtls + allowInsecure = (server.insecure == "1") and true or nil, + serverName = server.tls_host, + minVersion = "1.3" + } or nil, + realitySettings = (server.reality == '1') and { + publicKey = server.reality_publickey, + shortId = server.reality_shortid, + spiderX = server.reality_spiderx, + fingerprint = server.fingerprint, + serverName = server.tls_host + } or nil, + tcpSettings = (server.transport == "tcp" and server.tcp_guise == "http") and { + -- tcp + header = { + type = server.tcp_guise, + request = { + -- request + path = {server.http_path} or {"/"}, + headers = {Host = {server.http_host} or {}} + } } - } - } or nil, - kcpSettings = (server.transport == "kcp") and { - -- kcp - mtu = tonumber(server.mtu), - tti = tonumber(server.tti), - uplinkCapacity = tonumber(server.uplink_capacity), - downlinkCapacity = tonumber(server.downlink_capacity), - congestion = (server.congestion == "1") and true or false, - readBufferSize = tonumber(server.read_buffer_size), - writeBufferSize = tonumber(server.write_buffer_size), - header = {type = server.kcp_guise}, - seed = server.seed or nil - } or nil, - wsSettings = (server.transport == "ws") and (server.ws_path or server.ws_host or server.tls_host) and { - -- ws - headers = (server.ws_host or server.tls_host) and { - -- headers - Host = server.ws_host or server.tls_host } or nil, - path = server.ws_path, - maxEarlyData = tonumber(server.ws_ed) or nil, - earlyDataHeaderName = server.ws_ed_header or nil - } or nil, - httpupgradeSettings = (server.transport == "httpupgrade") and { - -- httpupgrade - host = (server.httpupgrade_host or server.tls_host) or nil, - path = server.httpupgrade_path or "" - } or nil, - splithttpSettings = (server.transport == "splithttp") and { - -- splithttp - host = (server.splithttp_host or server.tls_host) or nil, - path = server.splithttp_path or "" - } or nil, - httpSettings = (server.transport == "h2") and { - -- h2 - path = server.h2_path or "", - host = {server.h2_host} or nil, - read_idle_timeout = tonumber(server.read_idle_timeout) or nil, - health_check_timeout = tonumber(server.health_check_timeout) or nil - } or nil, - quicSettings = (server.transport == "quic") and { - -- quic - security = server.quic_security, - key = server.quic_key, - header = {type = server.quic_guise} - } or nil, - grpcSettings = (server.transport == "grpc") and { - -- grpc - serviceName = server.serviceName or "", - multiMode = (server.grpc_mode == "multi") and true or false, - idle_timeout = tonumber(server.idle_timeout) or nil, - health_check_timeout = tonumber(server.health_check_timeout) or nil, - permit_without_stream = (server.permit_without_stream == "1") and true or nil, - initial_windows_size = tonumber(server.initial_windows_size) or nil + kcpSettings = (server.transport == "kcp") and { + -- kcp + mtu = tonumber(server.mtu), + tti = tonumber(server.tti), + uplinkCapacity = tonumber(server.uplink_capacity), + downlinkCapacity = tonumber(server.downlink_capacity), + congestion = (server.congestion == "1") and true or false, + readBufferSize = tonumber(server.read_buffer_size), + writeBufferSize = tonumber(server.write_buffer_size), + header = {type = server.kcp_guise}, + seed = server.seed or nil + } or nil, + wsSettings = (server.transport == "ws") and (server.ws_path or server.ws_host or server.tls_host) and { + -- ws + headers = (server.ws_host or server.tls_host) and { + -- headers + Host = server.ws_host or server.tls_host + } or nil, + path = server.ws_path, + maxEarlyData = tonumber(server.ws_ed) or nil, + earlyDataHeaderName = server.ws_ed_header or nil + } or nil, + httpupgradeSettings = (server.transport == "httpupgrade") and { + -- httpupgrade + host = (server.httpupgrade_host or server.tls_host) or nil, + path = server.httpupgrade_path or "" + } or nil, + splithttpSettings = (server.transport == "splithttp") and { + -- splithttp + host = (server.splithttp_host or server.tls_host) or nil, + path = server.splithttp_path or "/" + } or nil, + httpSettings = (server.transport == "h2") and { + -- h2 + path = server.h2_path or "", + host = {server.h2_host} or nil, + read_idle_timeout = tonumber(server.read_idle_timeout) or nil, + health_check_timeout = tonumber(server.health_check_timeout) or nil + } or nil, + quicSettings = (server.transport == "quic") and { + -- quic + security = server.quic_security, + key = server.quic_key, + header = {type = server.quic_guise} + } or nil, + grpcSettings = (server.transport == "grpc") and { + -- grpc + serviceName = server.serviceName or "", + multiMode = (server.grpc_mode == "multi") and true or false, + idle_timeout = tonumber(server.idle_timeout) or nil, + health_check_timeout = tonumber(server.health_check_timeout) or nil, + permit_without_stream = (server.permit_without_stream == "1") and true or nil, + initial_windows_size = tonumber(server.initial_windows_size) or nil + } or nil, + sockopt = { + tcpMptcp = (server.mptcp == "1") and true or false, -- MPTCP + tcpNoDelay = (server.mptcp == "1") and true or false, -- MPTCP + tcpcongestion = server.custom_tcpcongestion -- 连接服务器节点的 TCP 拥塞控制算法 + } } or nil, - sockopt = { - tcpMptcp = (server.mptcp == "1") and true or false, -- MPTCP - tcpNoDelay = (server.mptcp == "1") and true or false, -- MPTCP - tcpcongestion = server.custom_tcpcongestion -- 连接服务器节点的 TCP 拥塞控制算法 - } - } or nil, - mux = (server.v2ray_protocol ~= "wireguard") and { - -- mux - enabled = (server.mux == "1") and true or false, -- Mux - concurrency = tonumber(server.concurrency), -- TCP 最大并发连接数 - xudpConcurrency = tonumber(server.xudpConcurrency), -- UDP 最大并发连接数 - xudpProxyUDP443 = server.xudpProxyUDP443 -- 对被代理的 UDP/443 流量处理方式 - } or nil + mux = (server.v2ray_protocol ~= "wireguard") and { + -- mux + enabled = (server.mux == "1") and true or false, -- Mux + concurrency = tonumber(server.concurrency), -- TCP 最大并发连接数 + xudpConcurrency = tonumber(server.xudpConcurrency), -- UDP 最大并发连接数 + xudpProxyUDP443 = server.xudpProxyUDP443 -- 对被代理的 UDP/443 流量处理方式 + } or nil + } } -} + local cipher = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA" local cipher13 = "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384" local trojan = { @@ -351,7 +365,7 @@ local hysteria = { hopInterval = (server.port_range and (tonumber(server.hopinterval) .. "s") or nil) } or nil) } or nil, ---[[ +--[[ tcpTProxy = (proto:find("tcp") and local_port ~= "0") and { listen = "0.0.0.0:" .. tonumber(local_port) } or nil, @@ -488,7 +502,7 @@ local tuic = { }, ["local"] = { server = tonumber(socks_port) and "[::]:" .. (socks_port == "0" and local_port or tonumber(socks_port)), - dual_stack = (server.tuic_dual_stack == "1") and true or nil, + dual_stack = (server.tuic_dual_stack == "1") and true or nil, max_packet_size = tonumber(server.tuic_max_package_size) } }