[分享] xhttp 五合一出站配置方案 (Xray + Caddy + Mihomo) #2669
Replies: 7 comments 19 replies
-
|
谢谢大佬,可以抄抄配置了 |
Beta Was this translation helpful? Give feedback.
-
|
非常感谢答复!以前对reality这一块理解不透彻,现在终于有点悟了。 |
Beta Was this translation helpful? Give feedback.
-
|
再请教大佬,想加一个VLESS-Vision-TLS来共享443端口,有可能吗?怎么处理? |
Beta Was this translation helpful? Give feedback.
-
|
很简单,Xray服务端新增一个Vision用户即可,Caddy不用动 short-id也可以新增一个,嫌麻烦的话,不加也行 最后客户端复制出站1的配置,将其中的uuid(和shortid)改成新的就行 "clients": [
{
"id": "UUID_01", // 对应客户端出站 1]
"level": 0,
"email": "vision-user",
"flow": "xtls-rprx-vision"
},
{
"id": "UUID_02", // 对应客户端出站 2/3/4/5
"level": 0,
"email": "xhttp-user"
},
{
"id": "UUID_06", // 就在这新加一个uuid
"level": 0, // 这个好像是给路由规则用的,在这里基本没有用
"email": "vision-user2222222名称随意",
"flow": "xtls-rprx-vision"
}
]
---
"realitySettings": {
"show": false,
"target": "/run/xray/tls_gate.sock",
// 处理“CDN 转发”或“普通 HTTPS”请求 (对应客户端出站 3/4/5 的 CDN 部分)
// 任何 Reality 不识别的流量都丢给 Caddy 处理
"xver": 0,
"serverNames": [
"reality.example.com",
"cdn.example.com"
],
"privateKey": "YOUR_REALITY_PRIVATE_KEY",
"shortIds": ["YOUR_SHORT_ID", "ID_2"] // 在这加一个新的short-id
}理论上可以无限增加, |
Beta Was this translation helpful? Give feedback.
-
|
不是加一个reality用户,是加一个reality上一代协议,xtls-vless-tcp |
Beta Was this translation helpful? Give feedback.
-
抱歉,看错了 我大概理了一下思路,不过我这边暂时没法验证了, 你的思路是吧Reality作为入口,能识别的(Vision、xhttp)直接在Xray里处理,识别不了的就fallback给Caddy,然后再由Caddy去做分流或者伪装站,相当于是Caddy也参与了一部分代理链路,我理解应该没错? 如果是为了在443上同时挂Reality+Vision和xtls-vless-tcp,我觉得可以换个想法,把分流尽量收回到Xray 还是用Reality做入口,但把TLS也直接交给Xray处理,也就是在Xray里再加一个TLS inbound,让fallback优先进这个inbound,只有那些既不是Reality、也不是代理协议的普通https,再交给Caddy去做伪装站 这样的话就是Xray统一处理所有协议,Caddy只负责伪装站,链路会少一跳 不过我这边没实测,你可以自己按这个方向试一下 |
Beta Was this translation helpful? Give feedback.
-
|
CF 配置缓存 bypass 规则这一步,我之前试过不设置这个也可以使用xhttp节点 |
Beta Was this translation helpful? Give feedback.
-
|
我还是建议配置缓存绕过,最少也要把 你可以看下日志,xhttp会向CDN持续注入海量无规律的字节流
|
Beta Was this translation helpful? Give feedback.
-
|
原来如此,明白了 |
Beta Was this translation helpful? Give feedback.
-
|
上下行分离的url怎么写? |
Beta Was this translation helpful? Give feedback.
-
|
请问使用mihomo当客户端,那xray的xmux相关的配置是不是就无效了,是否可以使用mihomo的smux替代呢 |
Beta Was this translation helpful? Give feedback.
-
|
不要使用全局smux字段,它是在传输层之上又包裹了一层多路复用协议,xhttp流量特征会变得很奇怪,容易被CDN或防火墙识别为非标准流量 今天(2026.04.08)mihomo 发新版本了,可以直接在 |
Beta Was this translation helpful? Give feedback.
-
看到了,这下齐活了。 |
Beta Was this translation helpful? Give feedback.
-
|
谢谢楼主分享,看见xmux这一块的数值和默认值不太一样,是楼主试出来的最优解吗? # max-concurrency: "16-32"
# max-connections: "0"
# c-max-reuse-times: "0"
# h-max-request-times: "600-900"
# h-max-reusable-secs: "1800-3000" |
Beta Was this translation helpful? Give feedback.
-
# max-connections: "16-32"
# max-concurrency: "0"
# cMaxReuseTimes: 64-128感谢提醒,以上三个字段是我误导了,已改正正文 正确的应为: # max-concurrency: "16-32"
# max-connections: "0"
# cMaxReuseTimes: "0"其中前两个字段我跟随了mihomo错误的文档,作者现也已更正 (via f5183da) 这两个字段的内核代码实现是没错的,只是示例文档写反了 然后是 经过对比,我发现R佬的文档最后一次更新恰好将这个值从
|
Beta Was this translation helpful? Give feedback.
-
字段 |
Beta Was this translation helpful? Give feedback.
-
很好奇是如何在github上快速搜索,某一个文件是否有最新的commit的,感觉你跟踪的好快 |
Beta Was this translation helpful? Give feedback.
-
只需要定时监听Alpha分支下的示例文档 docs/config.yaml 即可 Windows本地和VPS远端都可以 Windows点击查看详情在本地Windows,用任务计划程序 + vbs + pwsh7脚本拉取并推送桌面通知 为了方便查看变更,还需要先创建git本地仓库,以便使用git diff 相应脚本如下 1. 启动脚本(run-sync.vbs) 在Windows的任务计划程序,启动程序填 Set shell = CreateObject("WScript.Shell")
'指向 sync-official-docs.ps1 脚本
psScript = "C:\path\to\your\repo\scripts\sync-official-docs.ps1"
pwsh = """C:\Program Files\PowerShell\7\pwsh.exe"""
cmd = pwsh & " -ExecutionPolicy Bypass -WindowStyle Hidden -File """ & psScript & """"
shell.Run cmd, 0, False2. 执行脚本(sync-official-docs.ps1) 需要安装通知依赖库 param (
[string]$LogPath = "$PSScriptRoot/logs/sync-mihomo-docs.log"
)
# 这里需要替换为你自己的本地图标路径,用于区分不同状态的桌面通知
$IconUpdated = "$PSScriptRoot/icons/icon_success.png"
$IconCurrent = "$PSScriptRoot/icons/icon_current.png"
$IconFailed = "$PSScriptRoot/icons/icon_failed.png"
function Write-Log {
param([string]$Message)
$ts = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
"$ts $Message" | Add-Content $LogPath -Encoding UTF8
}
$null = New-Item -ItemType Directory -Path (Split-Path $LogPath) -Force
Import-Module BurntToast -ErrorAction SilentlyContinue
$RepoRoot = Resolve-Path "$PSScriptRoot"
$TargetFile = "$RepoRoot/offical_example_config.yaml"
$TempFile = "$TargetFile.tmp"
try {
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/MetaCubeX/mihomo/Alpha/docs/config.yaml" -OutFile $TempFile -TimeoutSec 30
$NeedUpdate = $true
$summary = ""
if (Test-Path $TargetFile) {
$oldHash = (Get-FileHash $TargetFile -Algorithm SHA256).Hash
$newHash = (Get-FileHash $TempFile -Algorithm SHA256).Hash
if ($oldHash -eq $newHash) {
$NeedUpdate = $false
Remove-Item $TempFile -Force
New-BurntToastNotification -Text "Mihomo Docs Current", "No change" -AppLogo $IconCurrent -Silent
} else {
$oldContent = @(Get-Content $TargetFile)
$newContent = @(Get-Content $TempFile)
$diffResult = Compare-Object $oldContent $newContent
$added = @($diffResult | Where-Object { $_.SideIndicator -eq "=>" }).Count
$removed = @($diffResult | Where-Object { $_.SideIndicator -eq "<=" }).Count
if ($added -eq 0 -and $removed -eq 0) { $summary = "No change" }
elseif ($added -eq 0) { $summary = "Removed $removed lines" }
elseif ($removed -eq 0) { $summary = "Added $added lines" }
else { $summary = "Added $added, removed $removed" }
}
} else {
$summary = "Initial download"
}
if ($NeedUpdate) {
Move-Item -Force $TempFile $TargetFile
Set-Location $RepoRoot
& git add "offical_example_config.yaml"
if (& git status --porcelain "offical_example_config.yaml") {
& git commit -m "chore(config): sync official example config from mihomo/Alpha"
}
New-BurntToastNotification -Text "Mihomo Docs Synced", $summary -AppLogo $IconUpdated -Silent
}
} catch {
if (Test-Path $TempFile) { Remove-Item $TempFile -Force }
$msg = ($_.Exception.Message -split '\r?\n')[0]
if (-not $msg) { $msg = "Unknown error" }
New-BurntToastNotification -Text "Mihomo Docs Sync Failed", $msg -AppLogo $IconFailed -Silent
exit 1
}VPS另一个办法就是在VPS上用更简单的 corn定时 + bash脚本 + TG推送 点击查看详情同样也需要先创建git本地仓库,以便使用git diff corn 定时任务示例 #!/bin/bash
BOT_TOKEN="YOUR_TG_BOT_TOKEN"
CHAT_ID="YOUR_TG_CHAT_ID"
REPO_ROOT="$(cd "$(dirname "$0")" && pwd)"
TARGET_FILE="$REPO_ROOT/offical_example_config.yaml"
TEMP_FILE="${TARGET_FILE}.tmp"
LOG_PATH="$REPO_ROOT/logs/sync-mihomo-docs.log"
DOWNLOAD_URL="https://raw.githubusercontent.com/MetaCubeX/mihomo/Alpha/docs/config.yaml"
mkdir -p "$(dirname "$LOG_PATH")"
log() {
local ts=$(date +"%Y-%m-%d %H:%M:%S")
echo "[$ts] $1" >> "$LOG_PATH"
}
send_tg_msg() {
local title="$1"
local content="$2"
local json_payload=$(jq -n \
--arg cid "$CHAT_ID" \
--arg text "<b>$title</b>"$'\n\n'"$content" \
'{chat_id: $cid, text: $text, parse_mode: "HTML"}')
curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \
-H "Content-Type: application/json" \
-d "$json_payload" > /dev/null
}
if ! curl -sL --max-time 30 "$DOWNLOAD_URL" -o "$TEMP_FILE"; then
send_tg_msg "Mihomo Docs Sync Failed" "Download error"
exit 1
fi
NEED_UPDATE=true
if [ -f "$TARGET_FILE" ]; then
OLD_HASH=$(sha256sum "$TARGET_FILE" | awk '{print $1}')
NEW_HASH=$(sha256sum "$TEMP_FILE" | awk '{print $1}')
if [ "$OLD_HASH" == "$NEW_HASH" ]; then
NEED_UPDATE=false
rm -f "$TEMP_FILE"
fi
fi
if [ "$NEED_UPDATE" = true ]; then
mv -f "$TEMP_FILE" "$TARGET_FILE"
cd "$REPO_ROOT" || exit 1
git add "$TARGET_FILE"
DIFF_STAT=$(git diff --cached --stat | tail -n 1 | xargs)
DIFF_FULL=$(git diff --cached)
if [ ${#DIFF_FULL} -gt 3500 ]; then
DIFF_SNIPPET="${DIFF_FULL:0:3500}"$'\n\n... truncated'
else
DIFF_SNIPPET="$DIFF_FULL"
fi
if git status --porcelain | grep -q "$(basename "$TARGET_FILE")"; then
git commit -m "chore(config): sync official example config from mihomo/Alpha"
TG_BODY="<b>Summary:</b>"$'\n'"$DIFF_STAT"$'\n\n'"<b>Diff:</b>"$'\n'"<pre><code>$DIFF_SNIPPET</code></pre>"
send_tg_msg "Mihomo Docs Synced" "$TG_BODY"
fi
fi |
Beta Was this translation helpful? Give feedback.
-
|
懂了,感谢分享!!! |
Beta Was this translation helpful? Give feedback.
-
|
正好mihomo更新xhttp了,来看看怎么写配置❤️ |
Beta Was this translation helpful? Give feedback.
-
|
XTLS/BBS#25 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
前置说明
本文方案的灵感主要来源于 Benjamin1919 大佬的 xhttp 五合一配置教程 XTLS/Xray-core#4118
该教程基于
Xray 服务端 + Nginx + Xray 客户端构建近期 mihomo 内核也正式支持了 xhttp 传输方式。我将原方案的 Nginx 替换为了配置更轻量的 Caddy,并将客户端侧平移到了 mihomo,最终为
Xray 服务端 + Caddy + mihomo 客户端的新组合(其中客户端节点配置感谢 珊瑚哈希 提供的示例)xhttp 五合一指的是在同一台 VPS 的 443 端口实现了五个出站节点:
点击查看 适用场景
XTLS(Vision) + Reality 直连
xhttp + Reality 直连
上行 xhttp + TLS + CDN | 下行 xhttp + Reality(上下行不同 SNI)
xhttp + TLS 过 CDN
上行 xhttp + Reality | 下行 xhttp + TLS + CDN(上下行不同 SNI)
Tip
v1.19.22v1.19.23Important
必要条件:
点击查看 前置必要设置
Cloudflare 设置
域名托管到CF、添加域名解析A记录:
cdn.example.com:对应 VPS IPv4,(开小黄云,过 CDN)reality.example.com:对应 VPS IPv4,(关小黄云,直连,用于 Reality 握手)面板左侧列表 -> SSL/TLS -> 加密设置为
完全(严格)面板左侧列表 -> 网络 -> 设置 gRPC 开启
缓存规则设置
在 CF 配置缓存 bypass 规则
面板左侧列表 -> 缓存 -> Cache Rules -> 创建缓存 -> Cache Rules:
名称随意
如果传入请求匹配…选择自定义筛选表达式往下滑,点击右侧蓝色的
编辑表达式输入以下内容(记得替换为你自己的域名和路径):
缓存资格设置为绕过缓存完成 点击
部署即可为域名申请 TLS/SSL
关于证书,可以使用
go-acme/lego工具,或者直接用cf给的源服务器证书此处仅简单说明cf的创建过程
点击左侧的
SSL/TLS–源服务器,点击创建证书按钮选项默认即可,之后就可见两个长代码块了(先不要关闭该页面)
在VPS:
创建
/etc/caddy/certs/cf.crt,并粘贴证书代码创建
/etc/caddy/certs/cf.key,并粘贴私钥代码/usr/local/etc/xray/config.json/etc/caddy/Caddyfile用户组设置
启动 Xray 和 Caddy 前需统一运行用户为
caddy,否则会出现 socket 权限问题:执行
sudo systemctl edit xray输入
保存即可
启动 Xray 和 Caddy 后,理想状态为
1. Xray 服务端配置
点击查看 Xray 服务端配置
{ "log": { "loglevel": "info" // 调试完成后可改为 "warning" }, "inbounds": [ { "listen": "0.0.0.0", // 如果需要 IPv6,改为监听 "::" "port": 443, "protocol": "vless", "settings": { "clients": [ { "id": "UUID_01", // 对应客户端出站 1 "level": 0, "email": "vision-user", "flow": "xtls-rprx-vision" }, { "id": "UUID_02", // 对应客户端出站 2/3/4/5 "level": 0, "email": "xhttp-user" } ], "decryption": "none", "fallbacks": [ { "dest": "/run/xray/xhttp_in.sock", // 处理“直连”的 XHTTP 请求 (对应客户端出站 2/3/5 的直连部分) // 当 Reality 识别出 VLESS 协议但没有 flow 时,直接丢给内部 XHTTP Socket "xver": 0 } ] }, "streamSettings": { "network": "raw", "security": "reality", "realitySettings": { "show": false, "target": "/run/xray/tls_gate.sock", // 处理“CDN 转发”或“普通 HTTPS”请求 (对应客户端出站 3/4/5 的 CDN 部分) // 任何 Reality 不识别的流量都丢给 Caddy 处理 "xver": 0, "serverNames": [ "reality.example.com", "cdn.example.com" ], "privateKey": "YOUR_REALITY_PRIVATE_KEY", "shortIds": ["YOUR_SHORT_ID"] }, "sockopt": { "tcpFastOpen": true, "tcpcongestion": "bbr", "tcpMptcp": true, "tcpNoDelay": true } }, "tag": "REALITY_INBOUND" }, { "listen": "/run/xray/xhttp_in.sock,0666", "protocol": "vless", "settings": { "clients": [ { "id": "UUID_02", "level": 0, "email": "xhttp-user" } ], "decryption": "none" }, "streamSettings": { "network": "xhttp", "xhttpSettings": { "host": "", "path": "/your-xhttp-path", "mode": "auto", "extra": { "noSSEHeader": true, "scMaxEachPostBytes": 1000000, "xPaddingBytes": "100-1000" } } }, "tag": "XHTTP_INBOUND" } ], "outbounds": [ { "protocol": "freedom", "tag": "direct", "settings": {} }, { "protocol": "blackhole", "tag": "blocked", "settings": {} } ], "routing": { "domainStrategy": "AsIs", "rules": [ { "type": "field", "ip": ["geoip:private"], "outboundTag": "blocked" } ] } }2. Caddy 反代配置
点击查看 Caddy 反代配置
3. Mihomo 客户端配置
Tip
reuse-settings(XMUX),写入该字段会被内核自动忽略reuse-settings以降低握手开销reuse-settingsCaution
reuse-settings即可,不要叠加全局 smux 字段HTTP/2 -> VLESS -> Smux -> Data点击查看 Mihomo 客户端配置
ALPN 设置说明:
mihomo v1.19.23 仅支持 h2,预计下坂本支持 http/1.1 和 h3,不支持多协议动态回退/切换,写法如下:
Beta Was this translation helpful? Give feedback.
All reactions