在前文中我们介绍了XUI面板搭建基础教程,但实际使用过程中会用到更多样化的配置,比如给节点配置DNS流媒体解锁、根据不同情况分流至相应的服务出口、多IP出口地址,XUI面板采用的Xray核心框架,也就对应支持xray的自定义功能,本文对其详细配置进行说明。
1、进入到xui面板设置中,找到“xray 相关设置”,在这里是xray配置模板,修改其中的部分参数就能达到所需要的各种效果;
2、Xray配置主要有入站(inbounds)、出站(outbounds)、路由(routing)三大项,其中入站通过xui面板API获取,出站则表示流量怎么流出,路由则是把入口跟出口串联起来;
DNS分流
1、常用情况下会用到DNS来分流解锁一些流媒体网站,进行域名分流在 inbounds 段新增代码开启流量识别功能,如下;
"inbounds": [
{
"listen": "127.0.0.1",
"port": 62789,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "api"
}
] 2、在 outbounds 段内的首项配置中添加 "domainStrategy": "UseIP" 以使用内置的DNS功能,如下;
"outbounds": [
{
"protocol": "freedom",
"settings": {"domainStrategy": "UseIP"}
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
]3、在配置文件末尾最后的括号内添加要走DNS解锁的分流网站域名规则等;
"dns": {
"servers": [
"8.8.8.8",
{
"address": "x.x.x.x", //DNS提供的解锁IP
"port": 53,
"domains": ["geosite:netflix"] //要解锁的网站或geo文件名
}
]
}4、完全版配置如下,可直接复制粘贴替换掉配置模板内容,注意修改DNS信息;
{
"api": {
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 62789,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "api"
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {"domainStrategy": "UseIP"}
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"policy": {
"system": {
"statsInboundDownlink": true,
"statsInboundUplink": true
}
},
"routing": {
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
{
"ip": [
"geoip:private"
],
"outboundTag": "blocked",
"type": "field"
},
{
"outboundTag": "blocked",
"protocol": [
"bittorrent"
],
"type": "field"
}
]
},
"stats": {},
"dns": {
"servers": [
"8.8.8.8",
{
"address": "x.x.x.x",
"port": 53,
"domains": ["geosite:netflix","geosite:disney"]
}
]
}
}出口分流配置
设置不同的出站方式,然后通过路由串联tag或匹配规则的形式可以达到不同入站节点走不同出口、又或是分流不同域名流量,其中XUI面板生成的默认入站TAG格式为: inbound-端口号 ,对应入站列表内的每条节点;
示例1 :多个节点对应不同出口IP地址
{
"api": {
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 62789,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
}
],
"outbounds": [
{
"tag": "ip1",
"sendThrough": "1.1.1.1",
"protocol": "freedom",
"settings": {}
},
{
"tag": "ip2",
"sendThrough": "1.1.1.2",
"protocol": "freedom",
"settings": {}
},
{
"tag": "ip3",
"sendThrough": "1.1.1.3",
"protocol": "freedom",
"settings": {}
},
{
"protocol": "freedom",
"settings": {}
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"policy": {
"system": {
"statsInboundDownlink": true,
"statsInboundUplink": true
}
},
"routing": {
"rules": [
{
"inboundTag": [
"inbound-12881"
],
"outboundTag": "ip1",
"type": "field"
},
{
"inboundTag": [
"inbound-12882"
],
"outboundTag": "ip2",
"type": "field"
},
{
"inboundTag": [
"inbound-12883"
],
"outboundTag": "ip3",
"type": "field"
},
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
{
"ip": [
"geoip:private"
],
"outboundTag": "blocked",
"type": "field"
},
{
"outboundTag": "blocked",
"protocol": [
"bittorrent"
],
"type": "field"
}
]
},
"stats": {}
}说明:在XUI入站列表中添加3个节点,端口分别是12881、12882、12883,配置模板中的出站项添加3段对应服务器上已绑定的多个IP地址(1.1.1.1、1.1.1.2、1.1.1.3)、自定义TAG是ip1/ip2/ip3,路由项通过入站TAG串联至自定义的出站TAG即可;
示例2 :socks5代理做出口
{
"api": {
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 62789,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
}
],
"outbounds": [
{
"tag": "sk-hk",
"protocol": "socks",
"settings": {
"servers": [
{
"address": "12.35.26.88",
"ota": false,
"port": 1568,
"users": [
{
"user": "usertest",
"pass": "passwdtest"
}
]
}
]
}
},
{
"protocol": "freedom",
"settings": {}
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"policy": {
"system": {
"statsInboundDownlink": true,
"statsInboundUplink": true
}
},
"routing": {
"rules": [
{
"inboundTag": [
"inbound-12668"
],
"outboundTag": "sk-hk",
"type": "field"
},
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
{
"ip": [
"geoip:private"
],
"outboundTag": "blocked",
"type": "field"
},
{
"outboundTag": "blocked",
"protocol": [
"bittorrent"
],
"type": "field"
}
]
},
"stats": {}
}说明:出站项新增一段socks代理配置,address处填socks的IP地址、port填端口、user内分别填用户和密码、无用户密码则把“[”括号内留空,再通过路由指定12668入站节点走这个socks代理出站;
示例3 :自定义出口域名分流
{
"api": {
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 62789,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "api"
}
],
"outbounds": [
{
"tag": "sk-hk",
"protocol": "socks",
"settings": {
"servers": [
{
"address": "12.35.26.88",
"ota": false,
"port": 1568,
"users": [
{
"user": "usertest",
"pass": "passwdtest"
}
]
}
]
}
},
{
"protocol": "freedom",
"settings": {}
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"policy": {
"system": {
"statsInboundDownlink": true,
"statsInboundUplink": true
}
},
"routing": {
"rules": [
{
"type": "field",
"outboundTag": "sk-hk",
"domain": ["geosite:netflix","openai.com"]
},
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
{
"ip": [
"geoip:private"
],
"outboundTag": "blocked",
"type": "field"
},
{
"outboundTag": "blocked",
"protocol": [
"bittorrent"
],
"type": "field"
}
]
},
"stats": {}
}说明:跟示例2一样的配置,但是在路由处则不是单独针对某个节点应用,而是匹配路由规则进行分流至socks代理出口,比如其中的Netflix GEO文件名和openai域名,当通过域名匹配时需在入站项开启流量嗅探功能,同时匹配规则需写全、以上仅为示例;比如openai网站使用的域名和接口有openai.com、cdn.auth0.com、azureedge.net等十几条域名规则。