XrayR后端对接

• XrayR后端对接
  • 1.前言
  • 更新系统
  • 安装Docker-compose
  • Docker-compose 安装XrayR (推荐)
  • Docker run 安装XrayR
  • 更新XrayR
  • 常见报错
    • 1.x509证书报错

1.前言

项目地址：https://github.com/Netflixxp/XrayR
目前XrayR原作者已跑路，该项目已无人维护，可考虑更换类似的后端，如：crossfw
项目地址：https://github.com/crossfw/Air-Universe

更新系统

apt-get update && apt-get install wget curl git vim -y

安装Docker-compose

curl -fsSL https://get.docker.com | bash -s docker
curl -L "https://github.com/docker/compose/releases/download/1.26.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

Docker-compose 安装XrayR (推荐)

1. git clone https://github.com/Netflixxp/XrayR-release
2. cd XrayR-release
3. 编辑配置文件：config.yml，详见：配置文件说明
4. 启动docker：docker-compose up -d

添加v2ray节点，传输协议选ws，编辑配置：
{
  "path":"/f7d89asd09f7df6g7fdjhjkhj5k"
}

Docker run 安装XrayR

请注意指定config.yml目录。

docker pull crackair/xrayr:latest && docker run --restart=always --name xrayr -d -v ${PATH_TO_CONFIG}/config.yml:/etc/XrayR/config.yml --network=host crackair/xrayr:latest

更新XrayR

docker-compose仅需两条简单通用的命令即可实现更新、删除容器并重启。更新软件后config.yml不会被更新覆盖。
注意在 docker-compose.yml 所在的目录下执行：

docker-compose pull
docker-compose up -d

常见报错

1.x509证书报错

使用宝塔面板，nginx 申请 Let's Encrypt SSL证书，在启动docker-compose时，可能会报错：

可以看到报错x509，证书验证错误，这个问题产生的原因是v2board部署的那台机器，nginx 申请 Let's Encrypt SSL证书的中间证书缺失，可以使用检测网站查看到：

缺失中间证书R3

检测地址：https://www.myssl.cn/tools/check-server-cert.html

Nginx相关配置:

server {
listen 443 ssl http2 default_server;
server_name zzzmh.cn;
ssl_certificate /root/ssl/fullchain.pem;
ssl_certificate_key /root/ssl/privkey.pem;
ssl_trusted_certificate /root/ssl/chain.pem;
...
}

关键问题是在 fullchain.pem
根据调查 Nginx 不像是 Apache 有专门的参数配置中间证书 Nginx 需要全部配置在 fullchain.pem 中
顾正确的格式是分为三段
分别代表 服务器层 中间层 root层

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

而实际上一般 Let's Encrypt 生成的证书 fullchain.pem 默认都是两段

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

解决方案：

其实具体缺失中间证书是不是一个问题，有什么后果，都尚未可知。只是抱着能解决就解决的心态去调查解决的。

#首先先找到 Let's Encrypt 生成的fullchain.pem
[root@server ~]# find / -name fullchain.pem
/www/server/panel/vhost/cert/dosg1.cnbbq.xyz/fullchain.pem
/www/server/panel/vhost/ssl/dosg1.cnbbq.xyz/fullchain.pem
/www/server/panel/vhost/letsencrypt/dosg1.cnbbq.xyz/fullchain.pem

#依次查看三个fullchain.pem，发现只有letsencrypt目录下的fullchain.pem是完整的三段证书，其余两个fullchain.pem都只有一段。
[root@server ~]# cd /www/server/panel/vhost/letsencrypt/dosg1.cnbbq.xyz
[root@server dosg1.cnbbq.xyz]# ls
cert.csr  Description.txt  fullchain.pem  fullchain.pfx  privkey.pem  root_cert.csr
[root@server dosg1.cnbbq.xyz]# vim fullchain.pem 
[root@server dosg1.cnbbq.xyz]# cd /www/server/panel/vhost/ssl/dosg1.cnbbq.xyz
[root@server dosg1.cnbbq.xyz]# ls
fullchain.pem  info.json  privkey.pem
[root@server dosg1.cnbbq.xyz]# vim fullchain.pem 
[root@server dosg1.cnbbq.xyz]# pwd
/www/server/panel/vhost/ssl/dosg1.cnbbq.xyz
[root@server dosg1.cnbbq.xyz]# cd /www/server/panel/vhost/cert/
[root@server cert]# ls
dosg1.cnbbq.xyz
[root@server cert]# cd dosg1.cnbbq.xyz/
[root@server dosg1.cnbbq.xyz]# ls
fullchain.pem  privkey.pem
[root@server dosg1.cnbbq.xyz]# vim fullchain.pem 
[root@server dosg1.cnbbq.xyz]# ls
fullchain.pem  privkey.pem

#将两个不完整的证书备份，命名为fullchain.pem.bak，防止以后会用到。
#然后将letsencrypt目录下的完整的fullchain.pem复制到cert 和ssl目录中去，替换掉原有的不完整的fullchain.pem。
[root@server dosg1.cnbbq.xyz]# mv fullchain.pem fullchain.pem.bak
[root@server dosg1.cnbbq.xyz]# cp /www/server/panel/vhost/letsencrypt/dosg1.cnbbq.xyz/fullchain.pem ./fullchain.pem
[root@server dosg1.cnbbq.xyz]# pwd
/www/server/panel/vhost/cert/dosg1.cnbbq.xyz
[root@server dosg1.cnbbq.xyz]# cd /www/server/panel/vhost/ssl/dosg1.cnbbq.xyz
[root@server dosg1.cnbbq.xyz]# ls
fullchain.pem  info.json  privkey.pem
[root@server dosg1.cnbbq.xyz]# mv fullchain.pem fullchain.pem.bak
[root@server dosg1.cnbbq.xyz]# cp /www/server/panel/vhost/letsencrypt/dosg1.cnbbq.xyz/fullchain.pem ./fullchain.pem

#最后重启nginx服务器。
[root@server dosg1.cnbbq.xyz]# nginx -t
nginx: the configuration file /www/server/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /www/server/nginx/conf/nginx.conf test is successful
[root@server dosg1.cnbbq.xyz]# nginx -s reload

参考文档1：https://its201.com/article/owenzhang24/122234171
参考文档2：https://juejin.cn/post/6844903750109249544

• PanelType: "V2board" # Panel type: SSpanel, V2board, PMpanel, , Proxypanel
  ApiConfig:
  ApiHost: "https://dosg1.cnbbq.xyz"
  ApiKey: "sHhPGCmgYWct48eaUKny"
  NodeID: 2
  NodeType: Shadowsocks # Node type: V2ray, Shadowsocks, Trojan, Shadowsocks-Plugin
  Timeout: 30 # Timeout for the api request
  EnableVless: false # Enable Vless for V2ray Type
  EnableXTLS: false # Enable XTLS for V2ray and Trojan
  SpeedLimit: 0 # Mbps, Local settings will replace remote settings, 0 means disable
  DeviceLimit: 0 # Local settings will replace remote settings, 0 means disable
  RuleListPath: # /etc/XrayR/rulelist Path to local rulelist file
  ControllerConfig:
  ListenIP: 0.0.0.0 # IP address you want to listen
  SendIP: 0.0.0.0 # IP address you want to send pacakage
  UpdatePeriodic: 60 # Time to update the nodeinfo, how many sec.
  EnableDNS: false # Use custom DNS config, Please ensure that you set the dns.json well
  DNSType: AsIs # AsIs, UseIP, UseIPv4, UseIPv6, DNS strategy
  EnableProxyProtocol: false # Only works for WebSocket and TCP
  EnableFallback: false # Only support for Trojan and Vless
  FallBackConfigs: # Support multiple fallbacks
  -
  SNI: # TLS SNI(Server Name Indication), Empty for any
  Path: # HTTP PATH, Empty for any
  Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/fallback/ for details.
  ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
  CertConfig:
  CertMode: dns # Option about how to get certificate: none, file, http, dns. Choose "none" will forcedly disable the tls config.
  CertDomain: "virus.cnbbq.xyz" # Domain to cert
  CertFile: /etc/XrayR/cert/node1.test.com.cert # Provided if the CertMode is file
  KeyFile: /etc/XrayR/cert/node1.test.com.key
  Provider: cloudflare # DNS cert provider, Get the full support list here: https://go-acme.github.io/lego/dns/
  Email: test@me.com
  DNSEnv: # DNS ENV option used by DNS provider
  CLOUDFLARE_EMAIL: kuyufeng2020@gmail.com
  CLOUDFLARE_API_KEY: 70d3f3d6ec8f359e5481e2d81074a2d1ebc0f