Pages

Thursday, 23 November 2023

利用REALITY(下一代的Xray-core)翻墙


THE NEXT FUTURE

Server side implementation of REALITY protocol, a fork of package tls in latest Go. For client side, please follow https://github.com/XTLS/Xray-core/blob/main/transport/internet/reality/reality.go.

TODO List: TODO

VLESS-XTLS-uTLS-REALITY example for Xray-core

中文 | English

{
    "inbounds": [ // 服务端入站配置
        {
            "listen": "0.0.0.0",
            "port": 443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "", // 必填,执行 ./xray uuid 生成,或 1-30 字节的字符串
                        "flow": "xtls-rprx-vision" // 选填,若有,客户端必须启用 XTLS
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "tcp",
                "security": "reality",
                "realitySettings": {
                    "show": false, // 选填,若为 true,输出调试信息
                    "dest": "example.com:443", // 必填,格式同 VLESS fallbacks 的 dest
                    "xver": 0, // 选填,格式同 VLESS fallbacks 的 xver
                    "serverNames": [ // 必填,客户端可用的 serverName 列表,暂不支持 * 通配符
                        "example.com",
                        "www.example.com"
                    ],
                    "privateKey": "", // 必填,执行 ./xray x25519 生成
                    "minClientVer": "", // 选填,客户端 Xray 最低版本,格式为 x.y.z
                    "maxClientVer": "", // 选填,客户端 Xray 最高版本,格式为 x.y.z
                    "maxTimeDiff": 0, // 选填,允许的最大时间差,单位为毫秒
                    "shortIds": [ // 必填,客户端可用的 shortId 列表,可用于区分不同的客户端
                        "", // 若有此项,客户端 shortId 可为空
                        "0123456789abcdef" // 0 到 f,长度为 2 的倍数,长度上限为 16
                    ]
                }
            }
        }
    ]
}

若用 REALITY 取代 TLS,可消除服务端 TLS 指纹特征,仍有前向保密性等,且证书链攻击无效,安全性超越常规 TLS
可以指向别人的网站,无需自己买域名、配置 TLS 服务端,更方便,实现向中间人呈现指定 SNI 的全程真实 TLS

通常代理用途,目标网站最低标准:国外网站,支持 TLSv1.3 与 H2,域名非跳转用(主域名可能被用于跳转到 www)
加分项:IP 相近(更像,且延迟低),Server Hello 后的握手消息一起加密(如 dl.google.com),有 OCSP Stapling
配置加分项:禁回国流量,TCP/80、UDP/443 也转发(REALITY 对外表现即为端口转发,目标 IP 冷门或许更好)

REALITY 也可以搭配 XTLS 以外的代理协议使用,但不建议这样做,因为它们存在明显且已被针对的 TLS in TLS 特征
REALITY 的下一个主要目标是“预先构建模式”,即提前采集目标网站特征,XTLS 的下一个主要目标是 0-RTT

{
    "outbounds": [ // 客户端出站配置
        {
            "protocol": "vless",
            "settings": {
                "vnext": [
                    {
                        "address": "", // 服务端的域名或 IP
                        "port": 443,
                        "users": [
                            {
                                "id": "", // 与服务端一致
                                "flow": "xtls-rprx-vision", // 与服务端一致
                                "encryption": "none"
                            }
                        ]
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "reality",
                "realitySettings": {
                    "show": false, // 选填,若为 true,输出调试信息
                    "fingerprint": "chrome", // 必填,使用 uTLS 库模拟客户端 TLS 指纹
                    "serverName": "", // 服务端 serverNames 之一
                    "publicKey": "", // 服务端私钥对应的公钥
                    "shortId": "", // 服务端 shortIds 之一
                    "spiderX": "" // 爬虫初始路径与参数,建议每个客户端不同
                }
            }
        }
    ]
}

REALITY 客户端应当收到由“临时认证密钥”签发的“临时可信证书”,但以下三种情况会收到目标网站的真证书:

  1. REALITY 服务端拒绝了客户端的 Client Hello,流量被导入目标网站
  2. 客户端的 Client Hello 被中间人重定向至目标网站
  3. 中间人攻击,可能是目标网站帮忙,也可能是证书链攻击

REALITY 客户端可以完美区分临时可信证书、真证书、无效证书,并决定下一步动作:

  1. 收到临时可信证书时,连接可用,一切如常
  2. 收到真证书时,进入爬虫模式
  3. 收到无效证书时,TLS alert,断开连接

from https://github.com/XTLS/REALITY 

-------

搭建Xray的Reality协议

若用 REALITY 取代 TLS,可消除服务端 TLS 指纹特征,仍有前向保密性等,且证书链攻击无效,安全性超越常规 TLS,
可以指向别人的网站,无需自己买域名、配置 TLS 服务端,更方便,实现向中间人呈现指定 SNI 的全程真实 TLS。

安装Xray:

bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --beta

生成uuid

cd /usr/local/bin/

./xray uuid

生成公钥私钥

./xray x25519

配置Xray:

配置文件示例如下(可以复制到电脑文本文件里修改)

{
    "inbounds": [ // 服务端入站配置
        {
            "listen": "0.0.0.0",
            "port": 443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "刚才生产的uuid", //必填,执行 ./xray uuid 生成,或 1-30 字节的字符串
                        "flow": "xtls-rprx-vision" // 选填,若有,客户端必须启用 XTLS
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "tcp",
                "security": "reality",
                "realitySettings": {
                    "show": false, // 选填,若为 true,输出调试信息
                    "dest": "www.amazon.com:443", // 必填,格式同 VLESS fallbacks 的 dest
                    "xver": 0, // 选填,格式同 VLESS fallbacks 的 xver
                    "serverNames": [ // 必填,客户端可用的 serverName 列表,暂不支持 * 通配符
                        "amazon.com",
                        "www.amazon.com"
                    ],
                    "privateKey": "刚才生成的私钥Private key", // 必填,执行 ./xray x25519 生成,
                    "minClientVer": "", // 选填,客户端 Xray 最低版本,格式为 x.y.z
                    "maxClientVer": "", // 选填,客户端 Xray 最高版本,格式为 x.y.z
                    "maxTimeDiff": 0, // 选填,允许的最大时间差
                    "shortIds": [ // 必填,客户端可用的 shortId 列表,可用于区分不同的客户端
                        "", // 若有此项,客户端 shortId 可为空,openssl rand -hex 8生成
                        "0123456789abcdef" // 0 到 f,长度为 2 的倍数,长度上限为 16
                    ]
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom",
            "tag": "direct"
        },
        {
            "protocol": "blackhole",
            "tag": "blocked"
        }
    ]    
}

设置配置文件

nano /usr/local/etc/xray/config.json

把刚才的配置文件黏贴进去,Ctrl X 退出,按y确认。

配置完成后,运行下列命令执行

systemctl restart xray 

 

客户端配置

微软安卓客户端可以用v2rayN,v2rayNG,苹果客户端可以用ShadowrocketFoXray


 通常代理用途,目标网站最低标准:国外网站,支持 TLSv1.3 与 H2,域名非跳转用(主域名可能被用于跳转到 www)
加分项:IP 相近(更像,且延迟低),Server Hello 后的握手消息一起加密(如 dl.google.com),有 OCSP Stapling
配置加分项:禁回国流量,TCP/80、UDP/443 也转发(REALITY 对外表现即为端口转发,目标 IP 冷门或许更好).

------------------------

The script supports multiple users and custom ports; supports the construction of vless+vision+reality and vless+h2/grpc+reality

The script supports CentOS 8+, Debian 10+, Ubuntu 20+ operating systems.

All codes are from official documentation;The script is completely open source,you can use it with confidence!

Script installation

Debian && Ubuntu

apt update && apt -y install curl

CentOS

yum update && yum -y install curl

Install

bash <(curl -L https://raw.githubusercontent.com/TinrLin/Reality--build-tutorial/main/Install.sh)

Manual installation

Install the sing-box program

  • Debian && Ubuntu
  • AMD
apt -y update && apt -y install wget && wget -c "https://github.com/SagerNet/sing-box/releases/download/v1.3.0/sing-box-1.3.0-linux-amd64.tar.gz" -O - | tar -xz -C /usr/local/bin --strip-components=1 && chmod +x /usr/local/bin/sing-box
  • ARM
apt -y update && apt -y install wget && wget -c "https://github.com/SagerNet/sing-box/releases/download/v1.3.0/sing-box-1.3.0-linux-arm64.tar.gz" -O - | tar -xz -C /usr/local/bin --strip-components=1 && chmod +x /usr/local/bin/sing-box
  • CentOS
  • AMD
yum update && yum -y install wget && wget -c "https://github.com/SagerNet/sing-box/releases/download/v1.3.0/sing-box-1.3.0-linux-amd64.tar.gz" -O - | tar -xz -C /usr/local/bin --strip-components=1 && chmod +x /usr/local/bin/sing-box
  • ARM
yum update && yum -y install wget && wget -c "https://github.com/SagerNet/sing-box/releases/download/v1.3.0/sing-box-1.3.0-linux-arm64.tar.gz" -O - | tar -xz -C /usr/local/bin --strip-components=1 && chmod +x /usr/local/bin/sing-box

Configure the systemd service of sing-box

wget -P /etc/systemd/system https://raw.githubusercontent.com/TinrLin/Reality--build-tutorial/main/sing-box.service

Download and modify the sing-box configuration file

  • Vless+vision+Reality
mkdir -p /usr/local/etc/sing-box/ && wget -O /usr/local/etc/sing-box/config.json https://raw.githubusercontent.com/TinrLin/Reality--build-tutorial/main/vless_vision_reality_config.json
  • Vless+h2+Reality
mkdir -p /usr/local/etc/sing-box/ && wget -O /usr/local/etc/sing-box/config.json https://raw.githubusercontent.com/TinrLin/Reality--build-tutorial/main/vless_h2_reality_config.json
  • Vless+gRPC+Reality
mkdir -p /usr/local/etc/sing-box/ && wget -O /usr/local/etc/sing-box/config.json https://raw.githubusercontent.com/TinrLin/Reality--build-tutorial/main/vless_grpc_reality_config.json

Start and run sing-box

systemctl daemon-reload && systemctl enable --now sing-box && systemctl status sing-box

 from https://github.com/dasunpamod/Reality--build-tutorial

----------------------------------------------------------------------------

基于 Sing-box 内核的 VLESS Reality 协议脚本.

sbox-reality

基于 Sing-box 内核的 VLESS Reality 协议脚本

wget -N --no-check-certificate https://raw.githubusercontent.com/Misaka-blog/sbox-reality/main/reality.sh && bash reality.sh

鸣谢

from https://github.com/Misaka-blog/sbox-reality 

----------------------------------------------------------

 Reality 小白一键安装脚本.

Reality 小白一键安装脚本(目前仅提供meta客户端使用的配置文件)

English‘s Readme

如何使用脚本

  • 系统仅支持: Ubuntu
  • 登录vps
  • 输入以下指令,并按照指令提示操作即可
    sudo curl -o installReality.sh https://raw.githubusercontent.com/BoxXt/installReality/main/installReality.sh && sh ./installReality.sh
    
  • 最终得到 Meta 的客户端配置文件,选用支持 Clash.meta 的客户端导入使用即可
  • 脚本内已自动开启BBR加速

调试

#启动
systemctl start sing-box
#停止
systemctl stop sing-box
#强制停止
systemctl kill sing-box
#重启
systemctl restart sing-box
#实时日志
journalctl -u sing-box --output cat -f

客户端

能力有限目前暂时支持输出clash.meta客户端配置给到meta客户端使用,可使用客户端列表(待测试补充):

----------------------------------------------------------------------------

Install sing-box/xray and configure vless / tuic / hysteria2 / shadowtls for reality or tls (letsencrypt) over different transport protocols (tcp, http, grpc and websocket) with user management capability in CLI, TUI and Telegram bot by a single command in docker compose!

reality-ezpz

Install and configure vless with reality or TLS on your linux server by executing a single command!

TUIC and hysteria2 on sing-box is also supported!

This script:

  • Installs docker with compose plugin in your server
  • Generates docker-compose.yml and sing-box/xray configuration for vless protocol for reality and tls
  • Generates docker-compose.yml and sing-box configuration for TUIC protocol with tls
  • Generates docker-compose.yml and sing-box configuration for hysteria2 protocol with tls
  • Create Cloudflare warp account and configure warp as outbound
  • Generates client configuration string and QRcode
  • Gets and renews valid certificate from Letsencrypt for TLS encryption
  • Fine-tunes kernel tunables
  • Is designed by taking security considerations into account to make the server undetectable
  • Provides a Telegram bot to manage users from Telegram

Features:

  • Generates client configuration string
  • Generates client configuration QRcode
  • You can choose between xray or sing-box core
  • You can choose between reality or TLS security protocol
  • You can use a Text-based user interface (TUI)
  • You can create multiple user accounts
  • You can regenerate configuration and keys
  • You can change SNI domain
  • You can change transport protocol (tcp, http, grpc, ws)
  • You can change tunneling protocol (vless, TUIC, hysteria2, shadowtls)
  • You can get valid TLS certificate with Letsencrypt
  • You can block malware and adult contents
  • Merges your custom advanced configuration
  • Use Cloudflare WARP to hide your outbound traffic
  • Supports Cloudflare warp+
  • Install with a single command
  • Telegram bot for user management
  • Create backup from users and configuration
  • Restore users and configuration from backup

Supported OS:

  • Ubuntu 22.04
  • Ubuntu 20.04
  • Ubuntu 18.04
  • Debian 11
  • Debian 10
  • CentOS Stream 9
  • CentOS Stream 8
  • CentOS 7
  • Fedora 37

Quick Start

You can start using this script with default configuration by copy and paste the line below in terminal.

This command will configure sing-box with reality security protocol over tcp transport protocol on port 443 for www.google.com SNI domain by default:

bash <(curl -sL https://bit.ly/realityez)

or (if the above command dosen't work):

bash <(curl -sL https://raw.githubusercontent.com/aleskxyz/reality-ezpz/master/reality-ezpz.sh)

After a while you will get configuration string and QR code: image

You can run TUI with -m or --menu option:

bash <(curl -sL https://bit.ly/realityez) -m

And then you will see management menu in your terminal: image

You can also enable Telegram bot with --enable-tgbot option and manage users from with your Telegram bot (More Info)

Help message of the script:


Usage: reality-ezpz.sh [-t|--transport=tcp|http|grpc|ws|tuic|hysteria2|shadowtls] [-d|--domain=<domain>] [--server=<server>]
  [--regenerate] [--default] [-r|--restart] [--enable-safenet=true|false] [--port=<port>] [-c|--core=xray|sing-box]
  [--enable-warp=true|false] [--warp-license=<license>] [--security=reality|letsencrypt|selfsigned] [-m|--menu]
  [--show-server-config] [--add-user=<username>] [--lists-users] [--show-user=<username>] [--delete-user=<username>]
  [--backup] [--restore=<url|file>] [--backup-password=<password>] [-u|--uninstall]

  -t, --transport <tcp|http|grpc|ws|tuic|hysteria2|shadowtls> Transport protocol (tcp, http, grpc, ws, tuic, hysteria2, shadowtls default: tcp)
  -d, --domain <domain>     Domain to use as SNI (default: www.google.com)
      --server <server>     IP address or domain name of server (Must be a valid domain if using letsencrypt security)
      --regenerate          Regenerate public and private keys
      --default             Restore default configuration
  -r  --restart             Restart services
  -u, --uninstall           Uninstall reality
      --enable-safenet <true|false> Enable or disable safenet (blocking malware and adult content)
      --port <port>         Server port (default: 443)
      --enable-warp <true|false> Enable or disable Cloudflare warp
      --warp-license <warp-license> Add Cloudflare warp+ license
  -c  --core <sing-box|xray> Select core (xray, sing-box, default: sing-box)
      --security <reality|letsencrypt|selfsigned> Select type of TLS encryption (reality, letsencrypt, selfsigned, default: reality)
  -m  --menu                Show menu
      --enable-tgbot <true|false> Enable Telegram bot for user management
      --tgbot-token <token> Token of Telegram bot
      --tgbot-admins <telegram-username> Usernames of telegram bot admins (Comma separated list of usernames without leading '@')
      --show-server-config  Print server configuration
      --add-user <username> Add new user
      --list-users          List all users
      --show-user <username> Shows the config and QR code of the user
      --delete-user <username> Delete the user
      --backup              Backup users and configuration and upload it to temp.sh
      --restore <url|file>  Restore backup from URL or file
      --backup-password <password> Create/Restore password protected backup file
  -h, --help                Display this help message

Clients

Security Options

This script can configure the service with 3 types of security options:

  • reality
  • letsencrypt
  • selfsigned

By default reality is configured but you can change the security protocol with --security option.

The letsencrypt option will use Letsencrypt to get a valid certificate for you server. So you have to assign a valid domain or subdomain to your server with --server <domain> option.

The selfsigned option is same as letsencrypt but the certificates are self-signed and you don't need to assign a domain or subdomain to your server.

Compatibility and recommendation

CDN compatibility table:

CloudflareArvanCloud
reality
selfsigned✔️✔️
letsencrypt✔️✔️
tcp
http✔️
grpc✔️✔️
ws✔️✔️
tuic
hysteria2
shadowtls
  • You need to enable grpc or websocket in Cloudflare if you want to use the corresponding transport protocols.
  • You have to configure CDN provider to use HTTPS for connecting to your server.
  • The ws transport protocol is not compatible with reality security option.
  • The tuic tunneling protocol is not compatible with reality security option.
  • The tuic tunneling protocol is only compatible with sing-box core option.
  • The hysteria2 tunneling protocol is not compatible with reality security option.
  • The hysteria2 tunneling protocol is only compatible with sing-box core option.
  • The shadowtls tunneling protocol is only compatible with sing-box core option.
  • Avoid using tcp transport protocol with letsencrypt or selfsigned security options.
  • Avoid using selfsigned security option. Get a domain and use letsencrypt option.
  • Do not change the port to something other than 443.
  • The sing-box core has better performance.
  • Using NekoBox for Android is recommended.

User Management

You can add, view and delete multiple user account with this script easily!

Add User

You can add additional user by using --add-user option:

bash <(curl -sL https://bit.ly/realityez) --add-user user1

This command will create test1 as a new user.

Notice: Username can only contains A-Z, a-z and 0-9

List Users

You can view a list of all users by using --list-users option:

bash <(curl -sL https://bit.ly/realityez) --list-users

Show User Configuration

You can get config string and QR code of the user for importing by using --show-user option:

bash <(curl -sL https://bit.ly/realityez) --show-user user1

This command will print config string and QR code of user1

Delete User

You can delete a user by using --delete-user option:

bash <(curl -sL https://bit.ly/realityez) --delete-user user1

This command will delete user1

Advanced Configuration

You can change script defaults by using different arguments.

Your configuration will be saved and restored in each execution. So You can run the script multiple time with out any problem.

Change SNI domain

Reality protocol will use the public certificate of SNI domain.

Default SNI domain is www.google.com.

You can change it by using --domain or -d options:

bash <(curl -sL https://bit.ly/realityez) -d yahoo.com

Change transport protocol

Default transport protocol is tcp.

You can change it by using --transport or -t options:

bash <(curl -sL https://bit.ly/realityez) -t http

Valid options are tcp,httpgrpcwstuichysteria2 and shadowtls.

ws is not compatible with reality protocol. You have to use letsencrypt or selfsigned with it.

tuic is not compatible with reality protocol. You have to use letsencrypt or selfsigned with it.

tuic is compatible with sing-box core only.

hysteria2 is not compatible with reality protocol. You have to use letsencrypt or selfsigned with it.

hysteria2 is compatible with sing-box core only.

shadowtls is compatible with sing-box core only.

ShadowTLS

ShadowTLS is a TLS disguise proxy that can use someone else's trusted certificate. It is similar to "Reality," but in transport, it uses Shadowsocks. So you need to assign a working SNI to it.

When you enable ShadowTLS, you will configure two proxies: ShadowTLS and Shadowsocks.

You need to configure your client to use both proxies in chain mode.

First, ShadowTLS will establish a secure connection with the server, then Shadowsocks will use the connection created by ShadowTLS.

Block malware and adult contents

You can block malware and adult contents by using --enable-safenet option:

bash <(curl -sL https://bit.ly/realityez) --enable-safenet true

You can disable this feature with --enable-safenet false option.

Get runnig configuration

You can get the running configuration with --show-server-config option:

bash <(curl -sL https://bit.ly/realityez) --show-server-config

Regenerate configuration keys

You can regenerate keys by using --regenerate option:

bash <(curl -sL https://bit.ly/realityez) --regenerate

All other configuration will be same as before.

Restart services

You can restart the service by using -r or --restart options:

bash <(curl -sL https://bit.ly/realityez) -r

Restore default configuration

You can restore default configuration by using --default option.

bash <(curl -sL https://bit.ly/realityez) --default

User account will not change with this option.

Uninstall

You can delete configuration and services by using --uninstall or -u options:

bash <(curl -sL https://bit.ly/realityez) -u

Change port

Notice: Do not change default port. This may block your IP!

Default port is 443.

In case of using letsencrypt security option, port 80 has to be available for Letsencrypt challenge.

You can change it by using --port option:

bash <(curl -sL https://bit.ly/realityez) --port 8443

Change engine core

Default engine core is sing-box but you can also switch to xray by using --core or -c options:

bash <(curl -sL https://bit.ly/realityez) -c xray

Valid options are xray and sing-box.

Create backup

You can create a backup from users and configuration and upload it to https://temp.sh/ by using --backup option.

The --backup-password option allows you to protect the backup zip file with the specified password. (Optional)

bash <(curl -sL https://bit.ly/realityez) --backup --backup-password "P@ssw0rd"

This command will give you a URL to download you backup file. The URL is only valid for 3 days.

Restore backup

You can restore a previously created backup file with --restore option.

You need to give the path or URL of the backup file to restore.

The --backup-password option allows you to restore the password protected backup zip file.

bash <(curl -sL https://bit.ly/realityez) --restore /path/to/backup.zip --backup-password "P@ssw0rd"

or

bash <(curl -sL https://bit.ly/realityez) --restore "https://www.example.com/backup.zip" --backup-password "P@ssw0rd"

You can migrate users and configuration from one server to another by:

  1. Create backup in the old server and copy the URL of backup file
  2. Restore the URL of backup file in the new server

Text-based user interface (TUI)

You can also use the TUI for changing the configuration of the service.

To access to TUI you can use -m or --menu options:

bash <(curl -sL https://bit.ly/realityez) -m

Telegram Bot

You can manage users with Telegram Bot.

You should get a Telegram bot token from @BotFather Telegram account.

Then you can enable Telegram bot by using this command as an example:

bash <(curl -sL https://bit.ly/realityez) --enable-tgbot true --tgbot-token <telegram-bot-token> --tgbot-admins=<your-telegram-username>

In the command above you have to provide a comma separated list of Telegram usernames (without leading '@') which are authorized to use Telegram bot.

You can disable Telegram bot with this command:

bash <(curl -sL https://bit.ly/realityez) --enable-tgbot false

Cloudflare WARP

This script uses official Cloudflare WARP client for connecting to Cloudflare network and send all outbound traffic to Cloudflare server. So your servers address will be masked by Cloudflare IPs. This gives you a better web surffing experience due to less captcha challenges and also resolves some websites limitations on your servers IP.

You can enable Cloudflare WARP by using --enable-warp true option. This script will create and register a free WAPR account and use it.

bash <(curl -sL https://bit.ly/realityez) --enable-warp true

Free account has traffic limitation and lower performance in comparison with WARP+ account which needs license.

You can either buy an WARP+ Unlimited license or get a free WARP+ license from this telegram bot: https://t.me/generatewarpplusbot

After getting a license from that telegram bot, you can use the license for your server with --warp-license option:

bash <(curl -sL https://bit.ly/realityez) --warp-license aaaaaaaa-bbbbbbbb-cccccccc

You can use each warp+ license on 4 devices only.

You can disable Cloudflare WARP with --enable-warp false:

bash <(curl -sL https://bit.ly/realityez) --enable-warp false

Example

You can combine different options together.

We want to setup a server with these configurations:

  • grpc transport protocol
  • www.wikipedia.org as SNI domain
  • Block adult contents
  • Enable Cloudflare WARP
  • Set Cloudflare WARP+ license

So we need to execute this command:

bash <(curl -sL https://bit.ly/realityez) --transport=grpc --domain=www.wikipedia.com --enable-safenet=true --enable-warp=true --warp-license=26z9i0ld-WG0wy324-rA703nZ2

Custom Configuration

Use this feature only if you know exactly what you are doing!

You can override the configuration generated by the script and add your own custom configuration to it.

Write your custom configuration in one of these files based on the engine that you are using:

/opt/reality-ezpz/sing-box.patch

or

/opt/reality-ezpz/xray.patch

And run script to apply your changes.

For example if you want to increase the debug level of sing-box engine, you can create /opt/reality-ezpz/sing-box.patch with this content:

{
  "log": {
    "level": "debug",
    "timestamp": true
  }
}


 from https://github.com/aleskxyz/reality-ezpz

 

No comments:

Post a Comment