Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
103 changes: 103 additions & 0 deletions docs/config/inbound/listeners/vless.en.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
# VLESS

```{.yaml linenums="1"}
listeners:
- name: vless-in-1
type: vless
port: 10817 # supports ports format, e.g., 200,302 or 200,204,401-429,501-503
listen: 0.0.0.0
# routing-mark: 0 # set routing-mark for listening socket (Linux only)
# rule: sub-rule-name1 # uses rules by default; if sub-rule is not found, uses rules directly
# proxy: proxy # if not empty, directly hands over inbound traffic to the specified proxy (if proxy is not empty, the proxy name here must be valid, otherwise an error will occur)
users:
- username: 1
uuid: 9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68
flow: xtls-rprx-vision
# ws-path: "/" # if not empty, enables websocket transport layer
# grpc-service-name: "GunService" # if not empty, enables grpc transport layer
# xhttp-config: # If the field is not empty, enable the xhttp transport layer.
# path: "/"
# host: ""
# mode: auto # Available: "stream-one", "stream-up" or "packet-up"
# no-sse-header: false
# x-padding-bytes: "100-1000"
# x-padding-obfs-mode: false
# x-padding-key: x_padding
# x-padding-header: Referer
# x-padding-placement: queryInHeader # Available: queryInHeader, cookie, header, query
# x-padding-method: repeat-x # Available: repeat-x, tokenish
# uplink-http-method: POST # Available: POST, PUT, PATCH, DELETE
# session-placement: path # Available: path, query, cookie, header
# session-key: ""
# session-table: "" # Available: "", "uuid", "ALPHABET", "Alphabet", "BASE36", "Base62", "HEX", "alphabet", "base36", "hex", "number"
# session-length: "16-32" # the initial value cannot be 0, and the total ID space must be greater than 2.1 billion; takes effect only if session-table is not empty or uuid
# seq-placement: path # Available: path, query, cookie, header
# seq-key: ""
# uplink-data-placement: body # Available: body, cookie, header
# uplink-data-key: ""
# uplink-chunk-size: 0 # only applicable when uplink-data-placement is not body
# sc-max-buffered-posts: 30
# sc-stream-up-server-secs: "20-80"
# sc-max-each-post-bytes: 1000000
# -------------------------
# Configuration of server-side vless encryption:
# (native mode / public key XOR only / fully random. 1-RTT generates a random ticket valid for 300-600 seconds each time for 0-RTT reuse / only 1-RTT is allowed)
# Filling in "600s" will randomly take between 50% and 100%, which is equivalent to filling in "300-600s"
# / means selecting only one option, followed by base64 - at least one, infinite chain, use `mihomo generate vless-x25519` and `mihomo generate vless-mlkem768` to generate, remove parentheses when replacing values
#
# Padding is an optional parameter, taking effect only on 1-RTT to eliminate handshake length characteristics, default value on both sides is "100-111-1111.75-0-111.50-0-3333":
# After 1-RTT client/server hello, a random padding of 111 to 1111 bytes is added with 100% probability
# With 75% probability, a random delay of 0 to 111 milliseconds is applied ("probability-from-to")
# Again with 50% probability, a random padding of 0 to 3333 bytes is sent (if 0, Write() is not called)
# Server and client can set different padding parameters, infinite chain in the order of len, gap, the first padding requires 100% probability, minimum 35 bytes
# -------------------------
# decryption: "mlkem768x25519plus.native/xorpub/random.600s(300-600s)/0s.(padding len).(padding gap).(X25519 PrivateKey).(ML-KEM-768 Seed)..."
# if the following two options are filled, enables tls (must be filled together)
# certificate: ./server.crt # certificate in PEM format, or the path to the certificate
# private-key: ./server.key # corresponding private key in PEM format, or the path to the private key
# the following two options are for mTLS configuration. If client-auth-type is set to "verify-if-given" or "require-and-verify", client-auth-cert must not be empty
# client-auth-type: "" # available values: "", "request", "require-any", "verify-if-given", "require-and-verify"
# client-auth-cert: string # certificate in PEM format, or the path to the certificate
# if filled, enables ECH (can be generated by `mihomo generate ech-keypair <plaintext-domain>`)
# ech-key: |
# -----BEGIN ECH KEYS-----
# ACATwY30o/RKgD6hgeQxwrSiApLaCgU+HKh7B6SUrAHaDwBD/g0APwAAIAAgHjzK
# madSJjYQIf9o1N5GXjkW4DEEeb17qMxHdwMdNnwADAABAAEAAQACAAEAAwAIdGVz
# dC5jb20AAA==
# -----END ECH KEYS-----
# if reality-config is filled, enables reality (note: cannot be filled simultaneously with certificate and private-key)
reality-config:
dest: test.com:443
private-key: jNXHt1yRo0vDuchQlIP6Z0ZvjT3KtzVI-T4E7RoLJS0 # can be generated by `mihomo generate reality-keypair` command
short-id:
- 0123456789abcdef
server-names:
- test.com
# the following two limits are optional, used to rate-limit fallback connections that fail verification, bytesPerSec defaults to 0 which means disabled
# fallback rate limiting is a fingerprint feature and is not recommended; if you are a panel/one-click script developer, make sure to randomize these parameters
limit-fallback-upload:
after-bytes: 0 # starts rate limiting after transmitting specified bytes
bytes-per-sec: 0 # baseline speed (bytes/second)
burst-bytes-per-sec: 0 # burst speed (bytes/second), takes effect when greater than bytesPerSec
limit-fallback-download:
after-bytes: 0 # starts rate limiting after transmitting specified bytes
bytes-per-sec: 0 # baseline speed (bytes/second)
burst-bytes-per-sec: 0 # burst speed (bytes/second), takes effect when greater than bytesPerSec
# shadow-tls:
# enable: true
# version: 3 # supports v1/v2/v3
# # password: shadow-tls-password # v2 configuration item
# users: # v3 configuration item
# - name: shadow-tls-user
# password: shadow-tls-password
# handshake:
# dest: [www.example.com:443](https://www.example.com:443)
# # proxy: ""
### NOTE: For vless listener, if "allow-insecure" is not true, at least one of "certificate and private-key" or "shadow-tls" or "jls-config" or "reality-config" or "decryption" must be filled in ###
# allow-insecure: false # whether to allow disabling TLS encryption (NOTE: only used when upstreamed by nginx, caddy, etc.)
# mux-option:
# padding: true
# brutal:
# enabled: true
# up: 1000 # default Mbps
# down: 1000
12 changes: 11 additions & 1 deletion docs/config/inbound/listeners/vless.md
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,17 @@ listeners:
after-bytes: 0 # 传输指定字节后开始限速
bytes-per-sec: 0 # 基准速率(字节/秒)
burst-bytes-per-sec: 0 # 突发速率(字节/秒),大于 bytesPerSec 时生效
### 注意,对于vless listener, 如果 "allow-insecure" 不为 true, 至少需要填写 “certificate和private-key” 或 “reality-config” 或 “decryption” 的其中一项 ###
# shadow-tls:
# enable: true
# version: 3 # 支持 v1/v2/v3
# # password: shadow-tls-password # v2 配置项
# users: # v3 配置项
# - name: shadow-tls-user
# password: shadow-tls-password
# handshake:
# dest: www.example.com:443
# # proxy: ""
### 注意,对于vless listener, 如果 "allow-insecure" 不为 true, 至少需要填写 “certificate和private-key” 或 “shadow-tls” 或 “jls-config” 或 “reality-config” 或 “decryption” 的其中一项 ###
# allow-insecure: false # 是否允许不开启tls加密(注意:仅用于有 nginx, caddy 前置的情况)
# mux-option:
# padding: true
Expand Down
12 changes: 11 additions & 1 deletion docs/config/inbound/listeners/vless.ru.md
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,17 @@ listeners:
after-bytes: 0 # начать ограничение скорости после передачи указанного количества байт
bytes-per-sec: 0 # базовая скорость (байт/сек)
burst-bytes-per-sec: 0 # пиковая скорость (байт/сек), действует когда больше bytesPerSec
### Обратите внимание, что для слушателей Vless, если параметр "allow-insecure" не равен true, необходимо заполнить хотя бы одно из следующих полей: "certificate and private-key", "reality-config" или "decryption". ###
# shadow-tls:
# enable: true
# version: 3 # поддерживает v1/v2/v3
# # password: shadow-tls-password # параметр конфигурации v2
# users: # параметр конфигурации v3
# - name: shadow-tls-user
# password: shadow-tls-password
# handshake:
# dest: www.example.com:443
# # proxy: ""
### ВНИМАНИЕ: Для слушателя vless, если "allow-insecure" не равен true, необходимо заполнить как минимум одну из опций: «certificate и private-key» или «shadow-tls» или «jls-config» или «reality-config» или «decryption» ###
# allow-insecure: false # Разрешить ли отключение шифрования TLS (Примечание: только в случаях, когда nginx или caddy установлены предварительно)
# mux-option:
# padding: true
Expand Down