diff --git a/reality/Dockerfile b/reality/Dockerfile index d4bd478..75b68e7 100644 --- a/reality/Dockerfile +++ b/reality/Dockerfile @@ -26,6 +26,7 @@ ENV SHORTIDS="" ENV NETWORK="" ENV INTERNAL_PORT="" ENV HOSTMODE_PORT="" +ENV ENABLE_RATE_LIMIT="" ENV TZ=Asia/Shanghai WORKDIR / @@ -37,10 +38,13 @@ COPY --from=builder /app/xray / RUN apk add --no-cache tzdata ca-certificates jq curl libqrencode-tools && \ mkdir -p /var/log/xray && \ + mkdir -p /app && \ wget -O /geosite.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat && \ wget -O /geoip.dat https://github.com/v2fly/geoip/releases/latest/download/geoip.dat && \ chmod +x /entrypoint.sh +# 创建一个挂载点,用于持久化配置文件 +VOLUME ["/app"] ENTRYPOINT ["./entrypoint.sh"] EXPOSE 443 diff --git a/reality/README.MD b/reality/README.MD index 814852c..04891ea 100644 --- a/reality/README.MD +++ b/reality/README.MD @@ -21,6 +21,28 @@ EXTERNAL_PORT=2333 && docker run -d --name xray_reality --restart=always --log-o ``` curl -fsSL get.docker.com -o get-docker.sh && sh get-docker.sh ``` + +### docker-compose.yml文件: +``` +version: '3.8' + +services: + xray-reality: + image: xray-reality:latest + container_name: xray-reality + ports: + - "443:443" + volumes: + - ./xray-app:/app + environment: + - UUID=your-uuid-here + - DEST=www.apple.com:443 + - SERVERNAMES=www.apple.com images.apple.com + - ENABLE_RATE_LIMIT=true + restart: unless-stopped + network_mode: bridge +``` + ### 端口映射模式 如果你已经安装 docker,可以直接使用下面的命令,运行后会自动下载镜像并启动容器, EXTERNAL_PORT 为你想要使用的端口,如下所示,你将使用443端口 @@ -91,6 +113,22 @@ docker rm -f xray_reality * SERVERNAMES:服务器名称列表。默认值为 www.apple.com images.apple.com。 * PRIVATEKEY:私钥。若未设置,脚本将自动生成一个新的私钥和对应的公钥。 * NETWORK:网络类型。默认值为 tcp。 +* `ENABLE_RATE_LIMIT=true` 时,系统会自动应用以下限速配置: + +```json +{ + "limitFallbackUpload": { + "afterBytes": 4194304, // 前 4MB 不限速 + "burstBytesPerSec": 94208, // 最大突发:92 KB/s + "bytesPerSec": 20480 // 持续限速:20 KB/s + }, + "limitFallbackDownload": { + "afterBytes": 4194304, // 前 4MB 不限速 + "burstBytesPerSec": 94208, // 最大突发:92 KB/s + "bytesPerSec": 20480 // 持续限速:20 KB/s + } +} +``` ## 常量 * flow:xtls-rprx-vision diff --git a/reality/entrypoint.sh b/reality/entrypoint.sh old mode 100644 new mode 100755 index 2d1eed3..ebe0809 --- a/reality/entrypoint.sh +++ b/reality/entrypoint.sh @@ -1,5 +1,8 @@ #!/bin/sh -if [ -f /config_info.txt ]; then +# 创建 app 目录用于持久化 +mkdir -p /app + +if [ -f /app/config_info.txt ]; then echo "config.json exist" else IPV6=$(curl -6 -sSL --connect-timeout 3 --retry 2 ip.sb || echo "null") @@ -44,49 +47,74 @@ else NETWORK="tcp" fi + if [ -z "$ENABLE_RATE_LIMIT" ]; then + echo "ENABLE_RATE_LIMIT is not set, default value false" + ENABLE_RATE_LIMIT="false" + fi + + # 复制配置文件到 app 目录 + cp /config.json /app/config.json + # change config - jq ".inbounds[1].settings.clients[0].id=\"$UUID\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json - jq ".inbounds[1].streamSettings.realitySettings.dest=\"$DEST\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json + jq ".inbounds[1].settings.clients[0].id=\"$UUID\"" /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + jq ".inbounds[1].streamSettings.realitySettings.dest=\"$DEST\"" /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json SERVERNAMES_JSON_ARRAY="$(echo "[$(echo $SERVERNAMES | awk '{for(i=1;i<=NF;i++) printf "\"%s\",", $i}' | sed 's/,$//')]")" - jq --argjson serverNames "$SERVERNAMES_JSON_ARRAY" '.inbounds[1].streamSettings.realitySettings.serverNames = $serverNames' /config.json >/config.json_tmp && mv /config.json_tmp /config.json - jq --argjson serverNames "$SERVERNAMES_JSON_ARRAY" '.routing.rules[0].domain = $serverNames' /config.json >/config.json_tmp && mv /config.json_tmp /config.json - - jq ".inbounds[1].streamSettings.realitySettings.privateKey=\"$PRIVATEKEY\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json - jq ".inbounds[1].streamSettings.network=\"$NETWORK\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json + jq --argjson serverNames "$SERVERNAMES_JSON_ARRAY" '.inbounds[1].streamSettings.realitySettings.serverNames = $serverNames' /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + jq --argjson serverNames "$SERVERNAMES_JSON_ARRAY" '.routing.rules[0].domain = $serverNames' /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + + jq ".inbounds[1].streamSettings.realitySettings.privateKey=\"$PRIVATEKEY\"" /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + jq ".inbounds[1].streamSettings.network=\"$NETWORK\"" /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + + # 添加防盗流量限速配置 + if [ "$ENABLE_RATE_LIMIT" = "true" ]; then + echo "Enabling rate limit configuration for reality fallback" + jq '.inbounds[1].streamSettings.realitySettings.limitFallbackUpload = { + "afterBytes": 4194304, + "burstBytesPerSec": 94208, + "bytesPerSec": 20480 + }' /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + + jq '.inbounds[1].streamSettings.realitySettings.limitFallbackDownload = { + "afterBytes": 4194304, + "burstBytesPerSec": 94208, + "bytesPerSec": 20480 + }' /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + fi FIRST_SERVERNAME=$(echo $SERVERNAMES | awk '{print $1}') # config info with green color - echo -e "\033[32m" >/config_info.txt - echo "IPV6: $IPV6" >>/config_info.txt - echo "IPV4: $IPV4" >>/config_info.txt - echo "UUID: $UUID" >>/config_info.txt - echo "DEST: $DEST" >>/config_info.txt - echo "PORT: $EXTERNAL_PORT" >>/config_info.txt - echo "SERVERNAMES: $SERVERNAMES (任选其一)" >>/config_info.txt - echo "PRIVATEKEY: $PRIVATEKEY" >>/config_info.txt - echo "PUBLICKEY/PASSWORD: $PUBLICKEY" >>/config_info.txt - echo "NETWORK: $NETWORK" >>/config_info.txt + echo -e "\033[32m" >/app/config_info.txt + echo "IPV6: $IPV6" >>/app/config_info.txt + echo "IPV4: $IPV4" >>/app/config_info.txt + echo "UUID: $UUID" >>/app/config_info.txt + echo "DEST: $DEST" >>/app/config_info.txt + echo "PORT: $EXTERNAL_PORT" >>/app/config_info.txt + echo "SERVERNAMES: $SERVERNAMES (任选其一)" >>/app/config_info.txt + echo "PRIVATEKEY: $PRIVATEKEY" >>/app/config_info.txt + echo "PUBLICKEY/PASSWORD: $PUBLICKEY" >>/app/config_info.txt + echo "NETWORK: $NETWORK" >>/app/config_info.txt + echo "RATE_LIMIT_ENABLED: $ENABLE_RATE_LIMIT" >>/app/config_info.txt if [ "$IPV4" != "null" ]; then SUB_IPV4="vless://$UUID@$IPV4:$EXTERNAL_PORT?encryption=none&security=reality&type=$NETWORK&sni=$FIRST_SERVERNAME&fp=chrome&pbk=$PUBLICKEY&flow=xtls-rprx-vision#${IPV4}-wulabing_docker_vless_reality_vision" - echo "IPV4 订阅连接: $SUB_IPV4" >>/config_info.txt - echo -e "IPV4 订阅二维码:\n$(echo "$SUB_IPV4" | qrencode -o - -t UTF8)" >>/config_info.txt + echo "IPV4 订阅连接: $SUB_IPV4" >>/app/config_info.txt + echo -e "IPV4 订阅二维码:\n$(echo "$SUB_IPV4" | qrencode -o - -t UTF8)" >>/app/config_info.txt fi if [ "$IPV6" != "null" ];then SUB_IPV6="vless://$UUID@$IPV6:$EXTERNAL_PORT?encryption=none&security=reality&type=$NETWORK&sni=$FIRST_SERVERNAME&fp=chrome&pbk=$PUBLICKEY&flow=xtls-rprx-vision#${IPV6}-wulabing_docker_vless_reality_vision" - echo "IPV6 订阅连接: $SUB_IPV6" >>/config_info.txt - echo -e "IPV6 订阅二维码:\n$(echo "$SUB_IPV6" | qrencode -o - -t UTF8)" >>/config_info.txt + echo "IPV6 订阅连接: $SUB_IPV6" >>/app/config_info.txt + echo -e "IPV6 订阅二维码:\n$(echo "$SUB_IPV6" | qrencode -o - -t UTF8)" >>/app/config_info.txt fi - echo -e "\033[0m" >>/config_info.txt + echo -e "\033[0m" >>/app/config_info.txt fi # show config info -cat /config_info.txt +cat /app/config_info.txt # run xray -exec /xray -config /config.json +exec /xray -config /app/config.json diff --git a/xhttp_reality/Dockerfile b/xhttp_reality/Dockerfile index ec39cbe..0f82e55 100644 --- a/xhttp_reality/Dockerfile +++ b/xhttp_reality/Dockerfile @@ -26,6 +26,7 @@ ENV NETWORK="" ENV XHTTP_PATH="" ENV INTERNAL_PORT="" ENV HOSTMODE_PORT="" +ENV ENABLE_RATE_LIMIT="" ENV TZ=Asia/Shanghai WORKDIR / @@ -37,10 +38,13 @@ COPY --from=builder /app/xray / RUN apk add --no-cache tzdata ca-certificates jq curl libqrencode-tools && \ mkdir -p /var/log/xray && \ + mkdir -p /app && \ wget -O /geosite.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat && \ wget -O /geoip.dat https://github.com/v2fly/geoip/releases/latest/download/geoip.dat && \ chmod +x /entrypoint.sh +# 创建一个挂载点,用于持久化配置文件 +VOLUME ["/app"] ENTRYPOINT ["./entrypoint.sh"] EXPOSE 443 diff --git a/xhttp_reality/entrypoint.sh b/xhttp_reality/entrypoint.sh index 4957cdb..9da9058 100644 --- a/xhttp_reality/entrypoint.sh +++ b/xhttp_reality/entrypoint.sh @@ -1,5 +1,8 @@ #!/bin/sh -if [ -f /config_info.txt ]; then +# 创建 app 目录用于持久化 +mkdir -p /app + +if [ -f /app/config_info.txt ]; then echo "config.json exist" else IPV6=$(curl -6 -sSL --connect-timeout 3 --retry 2 ip.sb || echo "null") @@ -51,52 +54,77 @@ else NETWORK="xhttp" fi + if [ -z "$ENABLE_RATE_LIMIT" ]; then + echo "ENABLE_RATE_LIMIT is not set, default value false" + ENABLE_RATE_LIMIT="false" + fi + + # 复制配置文件到 app 目录 + cp /config.json /app/config.json + # change config - jq ".inbounds[1].settings.clients[0].id=\"$UUID\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json - jq ".inbounds[1].streamSettings.realitySettings.dest=\"$DEST\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json - jq ".inbounds[1].streamSettings.xhttpSettings.path=\"$XHTTP_PATH\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json + jq ".inbounds[1].settings.clients[0].id=\"$UUID\"" /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + jq ".inbounds[1].streamSettings.realitySettings.dest=\"$DEST\"" /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + jq ".inbounds[1].streamSettings.xhttpSettings.path=\"$XHTTP_PATH\"" /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json SERVERNAMES_JSON_ARRAY="$(echo "[$(echo $SERVERNAMES | awk '{for(i=1;i<=NF;i++) printf "\"%s\",", $i}' | sed 's/,$//')]")" - jq --argjson serverNames "$SERVERNAMES_JSON_ARRAY" '.inbounds[1].streamSettings.realitySettings.serverNames = $serverNames' /config.json >/config.json_tmp && mv /config.json_tmp /config.json - # jq --argjson serverNames "$SERVERNAMES_JSON_ARRAY" '.routing.rules[0].domain = $serverNames' /config.json >/config.json_tmp && mv /config.json_tmp /config.json - - jq ".inbounds[1].streamSettings.realitySettings.privateKey=\"$PRIVATEKEY\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json - jq ".inbounds[1].streamSettings.network=\"$NETWORK\"" /config.json >/config.json_tmp && mv /config.json_tmp /config.json + jq --argjson serverNames "$SERVERNAMES_JSON_ARRAY" '.inbounds[1].streamSettings.realitySettings.serverNames = $serverNames' /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + # jq --argjson serverNames "$SERVERNAMES_JSON_ARRAY" '.routing.rules[0].domain = $serverNames' /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + + jq ".inbounds[1].streamSettings.realitySettings.privateKey=\"$PRIVATEKEY\"" /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + jq ".inbounds[1].streamSettings.network=\"$NETWORK\"" /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + + # 添加防盗流量限速配置 + if [ "$ENABLE_RATE_LIMIT" = "true" ]; then + echo "Enabling rate limit configuration for reality fallback" + jq '.inbounds[1].streamSettings.realitySettings.limitFallbackUpload = { + "afterBytes": 4194304, + "burstBytesPerSec": 94208, + "bytesPerSec": 20480 + }' /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + + jq '.inbounds[1].streamSettings.realitySettings.limitFallbackDownload = { + "afterBytes": 4194304, + "burstBytesPerSec": 94208, + "bytesPerSec": 20480 + }' /app/config.json >/app/config.json_tmp && mv /app/config.json_tmp /app/config.json + fi FIRST_SERVERNAME=$(echo $SERVERNAMES | awk '{print $1}') # config info with green color - echo -e "\033[32m" >/config_info.txt - echo "IPV6: $IPV6" >>/config_info.txt - echo "IPV4: $IPV4" >>/config_info.txt - echo "UUID: $UUID" >>/config_info.txt - echo "DEST: $DEST" >>/config_info.txt - echo "PORT: $EXTERNAL_PORT" >>/config_info.txt - echo "SERVERNAMES: $SERVERNAMES (任选其一)" >>/config_info.txt - echo "PRIVATEKEY: $PRIVATEKEY" >>/config_info.txt - echo "PUBLICKEY/PASSWORD: $PUBLICKEY" >>/config_info.txt - echo "NETWORK: $NETWORK" >>/config_info.txt - echo "XHTTP_PATH: $XHTTP_PATH" >>/config_info.txt + echo -e "\033[32m" >/app/config_info.txt + echo "IPV6: $IPV6" >>/app/config_info.txt + echo "IPV4: $IPV4" >>/app/config_info.txt + echo "UUID: $UUID" >>/app/config_info.txt + echo "DEST: $DEST" >>/app/config_info.txt + echo "PORT: $EXTERNAL_PORT" >>/app/config_info.txt + echo "SERVERNAMES: $SERVERNAMES (任选其一)" >>/app/config_info.txt + echo "PRIVATEKEY: $PRIVATEKEY" >>/app/config_info.txt + echo "PUBLICKEY/PASSWORD: $PUBLICKEY" >>/app/config_info.txt + echo "NETWORK: $NETWORK" >>/app/config_info.txt + echo "XHTTP_PATH: $XHTTP_PATH" >>/app/config_info.txt + echo "RATE_LIMIT_ENABLED: $ENABLE_RATE_LIMIT" >>/app/config_info.txt if [ "$IPV4" != "null" ]; then SUB_IPV4="vless://$UUID@$IPV4:$EXTERNAL_PORT?encryption=none&security=reality&type=$NETWORK&sni=$FIRST_SERVERNAME&fp=chrome&pbk=$PUBLICKEY&path=$XHTTP_PATH&mode=auto#${IPV4}-wulabing_docker_xhttp_reality" - echo "IPV4 订阅连接: $SUB_IPV4" >>/config_info.txt - echo -e "IPV4 订阅二维码:\n$(echo "$SUB_IPV4" | qrencode -o - -t UTF8)" >>/config_info.txt + echo "IPV4 订阅连接: $SUB_IPV4" >>/app/config_info.txt + echo -e "IPV4 订阅二维码:\n$(echo "$SUB_IPV4" | qrencode -o - -t UTF8)" >>/app/config_info.txt fi if [ "$IPV6" != "null" ];then SUB_IPV6="vless://$UUID@$IPV6:$EXTERNAL_PORT?encryption=none&security=reality&type=$NETWORK&sni=$FIRST_SERVERNAME&fp=chrome&pbk=$PUBLICKEY&path=$XHTTP_PATH&mode=auto#${IPV6}-wulabing_docker_xhttp_reality" - echo "IPV6 订阅连接: $SUB_IPV6" >>/config_info.txt - echo -e "IPV6 订阅二维码:\n$(echo "$SUB_IPV6" | qrencode -o - -t UTF8)" >>/config_info.txt + echo "IPV6 订阅连接: $SUB_IPV6" >>/app/config_info.txt + echo -e "IPV6 订阅二维码:\n$(echo "$SUB_IPV6" | qrencode -o - -t UTF8)" >>/app/config_info.txt fi - echo -e "\033[0m" >>/config_info.txt + echo -e "\033[0m" >>/app/config_info.txt fi # show config info -cat /config_info.txt +cat /app/config_info.txt # run xray -exec /xray -config /config.json +exec /xray -config /app/config.json