update

Author: Lesca

xray-tproxy/README.md

@@ -5,11 +5,15 @@
 
 ## How to use it?
 
-### 1. Setup `xray` inbound
+### 1. Setup `xray` config
+1. Setup `xray` inbound
+
+`xray` should use a paticular `tproxy` inbound to receive traffice routed from within the container.
 
 ```jsonc
 {
   "inbounds": [
+    // tproxy rule
     {
       "port": 12345,  // this port must match `XRAY_INBOUND_PORT` env variable
       "protocol": "dokodemo-door",
@@ -23,32 +27,75 @@
         }
       }
     },
-    { // this inbound is optional but normally useful
-      "tag": "socks",
-      "port": 7070,
-      "protocol": "mixed",
-      "sniffing": {
-        "enabled": true,
-        "destOverride": [
-          "http",
-          "tls"
-        ],
-        "routeOnly": false
-      },
+    // other inbounds ...
+  ]
+}
+```
+
+2. Setup `xray` outbound
+
+For the **outbound** settings, the [DNS redirection](#dns-redirection) is required in case of DNS leak.
+
+Here is an example of **DNS outbound** in xray config:
+
+```json
+{
+  "outbounds": [
+    // your outbound to remote server
+    {
+      "tag": "proxy",
+      // ...
+    },
+
+    // DNS outbound via proxy
+    {
+      "tag": "out-dns",
+      "protocol": "dns",
       "settings": {
-        "auth": "noauth",
-        "udp": true,
-        "allowTransparent": false
+        "address": "8.8.8.8"
+      },
+      "proxySettings": {
+        "tag": "proxy"
       }
+    },
+
+    {
+      "tag": "direct",
+      "protocol": "freedom"
+    },
+    {
+      "tag": "block",
+      "protocol": "blackhole"
     }
   ]
 }
 ```
 
-For the **outbound** settings, check the [DNS redirection](#dns-redirection) section.
+3. Setup `xray` routing
+
+This is routing rules is for [DNS redirection](#dns-redirection) in case of DNS leak.
+
+```jsonc
+{
+  "routing": {
+    "domainStrategy": "AsIs",
+    "rules": [
+      // DNS redirection
+      {
+        "type": "field",
+        "port": 53,
+        "outboundTag": "out-dns"
+      },
+      // other rules ...
+    ]
+  }
+}
+```
 
 ### 2. Run `xray-tproxy` with docker-compose
 
+After you've setup your config, you can run `xray-tproxy` with docker-compose.
+
 Copy and modify the following `docker-compose.yml` file:
 
 ```yaml
@@ -67,9 +114,14 @@ services:
       XRAY_INBOUND_PORT: "12345" # must match inbound port to xray
       LOCAL_DNS: "114.114.114.114"
       RESERVED_IPS: "0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4"
+    # Using config folder in this case
     volumes:
-      - ./xray:/etc/xray/config
+      - ./config:/etc/xray/config
     command: ["xray", "run", "-confdir", "/etc/xray/config"]
+    # You can also use `config.json` file:
+    # volumes:
+    #   - ./config.json:/etc/xray/config.json
+    # command: ["xray", "run", "-c", "/etc/xray/config.json"]
 
 networks:
   tproxyvlan:
@@ -84,23 +136,22 @@ networks:
           gateway: "192.168.2.1"
 ```
 
-and for the first time,then run:
+and for the first time, run:
 
 ```bash
 docker-compose up
 ```
 
-You can see the logs. If everything works well, press `Ctrl-C` to close the log. The service still runs in the background.
+You can see the logs. If everything goes well, press `Ctrl-C` to close the log. The service still runs in the background.
 
 You can also use `docker-compose logs -f` to see the logs in real time.
 
-If everything goes well, you can run command below without logs:
+If everything works, you can run command below without logs:
 
 ```bash
 docker-comopse up -d 
 ```
 
-
 ### (Optional) Run `ash` to debug
 
 You can run `docker exec -it tproxy ash` to run `ash` in the container.
@@ -133,7 +184,7 @@ All the environment variables that you can set in `docker-compose.yaml` file:
 
 > Note: Set these environment variables will override the default ones.
 
-## Important notes
+## Other topics
 
 ### DNS redirection
 
@@ -142,35 +193,3 @@ All the environment variables that you can set in `docker-compose.yaml` file:
 * In this way, set your devices' DNS server to `114.114.114.114` or `8.8.8.8` has the same result. 
 * However, don't use your LAN DNS server, e.g. `192.168.1.1`. The DNS traffic doesn't route to `xray-tproxy`, and thus is not protected. 
 
-Here is an example of **DNS outbound** in xray config:
-
-```json
-{
-  "outbounds": [
-    {
-      // your outbound to remote server
-      "tag": "proxy",
-      // ...
-    },
-    {
-      // DNS outbound via proxy
-      "tag": "out-dns",
-      "protocol": "dns",
-      "settings": {
-        "address": "8.8.8.8"
-      },
-      "proxySettings": {
-        "tag": "proxy"
-      }
-    },
-    {
-      "tag": "direct",
-      "protocol": "freedom"
-    },
-    {
-      "tag": "block",
-      "protocol": "blackhole"
-    }
-  ]
-}
-```