| caddy | ||
| sing-box | ||
| xray | ||
| docker-compose-singbox.yml | ||
| docker-compose-xray.yml | ||
| README.md | ||
This repository contains examples of setting up steal-oneself configurations using Xray and sing-box in Docker.
Both setups use a fake Confluence login page, but you can use any page you like in caddy/templates/index.html
Based on Akiyamov xray-vps-setup
Warning
Domain is required to use this setup
Prerequisites
Install git:
sudo apt install git
Install Docker:
bash <(wget -qO- https://get.docker.com)
If you're using non-root account and you want to run Docker commands without sudo, add your user to the docker group:
sudo groupadd docker
sudo usermod -aG docker $USER
Important
Log out and log back in to apply the changes
Clone the repository:
git clone https://github.com/vernette/selfsteal-examples
cd selfsteal-examples
Change $VLESS_DOMAIN to your domain name in caddy/Caddyfile. For example, testdomain.com:
sed -i 's/\$VLESS_DOMAIN/testdomain.com/g' caddy/Caddyfile
Xray
Copy compose file:
cp docker-compose-xray.yml docker-compose.yml
Generate required values
# Generate private and public keys ($PRIVATE_KEY and $PUBLIC_KEY)
docker run --rm ghcr.io/xtls/xray-core:25.6.8 x25519
# Generate UUID ($UUID)
docker run --rm ghcr.io/xtls/xray-core:25.6.8 uuid
# Generate SID ($SHORT_ID)
openssl rand -hex 8
Replace $UUID, $PRIVATE_KEY, $SHORT_ID and $VLESS_DOMAIN in xray/config.json with generated values:
"inbounds": [
{
"tag": "VLESS TCP VISION REALITY",
"protocol": "vless",
"listen": "0.0.0.0",
"port": 443,
"settings": {
"clients": [
{
"email": "user",
"id": "$UUID",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"xver": 1,
"dest": "caddy:4123",
"serverNames": ["$VLESS_DOMAIN"],
"privateKey": "$PRIVATE_KEY",
"shortIds": ["$SHORT_ID"]
}
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"],
"routeOnly": true
}
}
]
Start services:
docker compose up -d
sing-box
Copy compose file:
cp docker-compose-singbox.yml docker-compose.yml
Generate required values
# Generate private and public keys ($PRIVATE_KEY and $PUBLIC_KEY)
docker run --rm ghcr.io/sagernet/sing-box:v1.11.11 generate reality-keypair
# Generate UUID ($UUID)
docker run --rm ghcr.io/sagernet/sing-box:v1.11.11 generate uuid
# Generate SID ($SHORT_ID)
openssl rand -hex 8
Replace $UUID, $PRIVATE_KEY, $SHORT_ID and $VLESS_DOMAIN in sing-box/config.json with generated values:
"inbounds": [
{
"tag": "VLESS TCP VISION REALITY",
"type": "vless",
"listen": "0.0.0.0",
"listen_port": 443,
"users": [
{
"name": "user",
"uuid": "$UUID",
"flow": "xtls-rprx-vision"
}
],
"tls": {
"enabled": true,
"server_name": "$VLESS_DOMAIN",
"reality": {
"enabled": true,
"handshake": {
"server": "caddy",
"server_port": 4123
},
"private_key": "$PRIVATE_KEY",
"short_id": ["$SHORT_ID"]
}
}
}
]
Start services:
docker compose up -d
VLESS URL template
vless://$UUID@$VLESS_DOMAIN:443?security=reality&sni=$VLESS_DOMAIN&fp=chrome&pbk=$PUBLIC_KEY&sid=$SHORT_ID&spx=/&type=tcp&flow=xtls-rprx-vision&encryption=none#selfsteal-test