Config: Outbound proxy config no need to be nested #5124

KobeArthurScofield · 2025-09-10T13:01:12Z

对 eda8be6 依葫芦画瓢的产物

现在在不影响原有配置方式的基础上，允许出站配置 outbounds 的 settings 如同 VLESS 配置一样直接写，而无需在 JSON 中写大量括号嵌套/在 YAML 中写大量列表标记，对绝大多数仅需一个出口的情况下够用：

{
    "outbounds": [
        {
            "protocol": "http",
            "settings": {
                "address": "127.0.0.1",
                "port": 8080,
                "user": "user-a",
                "pass": "user-pass",
                "email": "abc@dev",
                "level": 2
            }
        },
        {
            "protocol": "shadowsocks",
            "settings": {
                "email": "abc@dev",
                "address": "127.0.0.1",
                "port": 2222,
                "method": "aes-128-gcm",
                "password": "testing",
                "uot": true,
                "UoTVersion": 2,
                "level": 9
            }
        },
        {
            "protocol": "socks",
            "settings": {
                "address": "127.0.0.1",
                "port": 5560,
                "user": "tester",
                "pass": "tester2",
                "level": 1,
                "email": "abc@dev"
            }
        },
        {
            "protocol": "trojan",
            "settings": {
                "address": "127.0.0.1",
                "port": 4458,
                "password": "fgwnbjkn",
                "email": "abc@dev",
                "level": 1
            }
        },
        {
            "protocol": "vless",
            "settings": {
                "address": "127.0.0.1",
                "port": 5546,
                "id": "725d5f9c-2662-4a10-a9cd-24c3db758db1",
                "encryption": "none",
                "flow": "xtls-rprx-vision",
                "level": 8,
                "email": "abc@dev"
            }
        },
        {
            "protocol": "vmess",
            "settings": {
                "address": "127.0.0.1",
                "port": 5522,
                "id": "725d5f9c-2662-4a10-a9cd-24c3db758db1",
                "security": "zero",
                "level": 8,
                "email": "abc@dev",
                "experiments": "NoTerminationSignal"
            }
        }
    ]
}

改动惠及 HTTP、Shadowsocks、SOCKS、Trojan、VMess 配置。其中如果需要对 HTTP 出站配置 headers，此项应该按原来的方式写，即：

{
    "outbounds": [
        {
            "protocol": "http",
            "settings": {
                "address": "127.0.0.1",
                "port": 8080,
                "user": "user-a",
                "pass": "user-pass",
                "email": "abc@dev",
                "level": 2,
                "headers": {
                    "HeaderA": "valuea",
                    "HeaderB": "valueb"
                }
            }
        }
    ]
}

其它 Freedom、DNS、Loopback、WireGuard 出站无需变动，Blackhole 待定（其实 Blackhole 不改问题好像不大，有可能是设计预留的问题）

⚠️ 注意：此项改动如同在 VLESS 配置的改动一样，不能混合格式填写，即：

同一个 outbound 配置中两种配置填写方式不能混用，无法作为相互补充
如果使用了新的单层方式填写配置，则原来的嵌套配置会被彻底忽略

RPRX · 2025-09-10T13:25:05Z

RPRX · 2025-09-10T13:38:35Z

~~其实我都想把 address/port、udp true 什么的改到外面，出入站对齐就舒服了，还有其它一些想改的~~

~~算了，要大改的话不如一步到位，第一步先这样吧，以后怎么样以后再说~~

KobeArthurScofield · 2025-09-10T13:39:01Z

~~想想也是谁家好人写配置要套这么多个括号~~

RPRX · 2025-09-10T13:45:50Z

~~一个数组需要加两对括号，一开始我看 #5101 内网端的配置示例下面不同括号相间成灾人都麻了，去掉了四对括号舒服多了~~

KobeArthurScofield · 2025-09-10T18:05:31Z

~~address/port 改到外面倒是不错，但是目前实现可能很麻烦，不想办法将参数压进去就是外面动不了里面，里面看不到外面。~~

算了，address/port 目前这样逻辑上问题暂时不是很大，尤其是考虑到下面各个协议的字段名字不一样，还有 freedom/direct 这样地址端口写一起的、blackhole/block 和 loopback 这样根本不需要地址的、wireguard 的字段干脆就是个数组的

RPRX · 2025-09-11T13:04:34Z

结构体里的顺序统一为按原先的顺序，现在看起来乱乱的

KobeArthurScofield · 2025-09-11T13:34:16Z

okay

RPRX · 2025-09-11T14:30:56Z

有空像 VLESS 出站一样限制它们有且只能有一个元素，并删掉代码中的 server picker 什么的吗

在全随机数没被 GFW 拉黑前它们是有用的，但现在这个属于过时设计了，因为过墙需要传输层，传输层又不一定一样

所以应当把任何随机/选择策略放到最外面，比如 balancer 那里

KobeArthurScofield · 2025-09-11T14:41:12Z

最近看看吧

考虑到可能会有一些祖传配置的问题，如果赶上了发下一版的话写下会 break 老旧配置需要检查比较好，赶不上就先写个 breaking 预告
感觉应该是动态端口出来之前的设计，没记错这么写配置的选择策略是 round-robin 来着，同一个服务器开数个端口或者一些奇奇怪怪的多线路到同一个出口端点用法才勉强有点意义，毕竟出口端点不一样的话完全意义不大

~~去年清了远古配置结果一发正式版一群人炸了一个接一个来问~~

wwcd

outbound为socks5，且无用户名和密码时，异常

wwcd · 2025-09-12T17:56:55Z

infra/conf/socks.go

+			{
+				Address: v.Address,
+				Port:    v.Port,
+				Users:   []json.RawMessage{{}},


这个地址会导致没有用户名和密码的代码，默认给加了空的用户名和密码，从而导致异常

KobeArthurScofield · 2025-09-13T02:11:05Z

outbound为socks5，且无用户名和密码时，异常

坏消息：确有此事
好消息：不影响旧写法
不急着发版的话和下一个 pr 打包修了

KobeArthurScofield · 2025-09-13T03:08:58Z

刚刚发现了个很离谱的问题，特指 HTTP 和 SOCKS

outbound 在不设置用户名和密码的情况下不会应用 level 设置的策略
因为在出站里面除了 Freedom 和 DNS 以外其它的 level 都和内部的 users 绑定

但是在 inbound 里面 level （写作 userLevel）是所有账户共用的
而且 outbound 可以每个用户设置 email 作为统计索引，但是 inbound 没这功能，因为没有地方设置

不知道是不是设计时的架构限制，但是在配置上听起来就离谱而且没对齐
给人一种迁移没迁移完人就没了的感觉，啊应该就是没迁移完，去年清旧配置的时候这两个的入站超时改成了仅由 policy + userLevel 控制，当时就说是不是没迁移完结果还真的是

~~Freedom 和 dokodemo-door 这两个不算，它们两个配置对齐上没什么大问题~~

KobeArthurScofield · 2025-09-13T19:32:32Z

有空像 VLESS 出站一样限制它们有且只能有一个元素，并删掉代码中的 server picker 什么的吗

在全随机数没被 GFW 拉黑前它们是有用的，但现在这个属于过时设计了，因为过墙需要传输层，传输层又不一定一样

所以应当把任何随机/选择策略放到最外面，比如 balancer 那里

进展比较顺利，用起来暂时没有发现什么问题， ~~tests 没有不通过项目~~ 并没有，奇怪地卡住了。
不过清理得比较干净的话， proxy/vmess/outbound/command.go 也会被清掉，如果确定没有问题再开 pull request

#5124 (comment) Fixes #5124 (review)

Revert "v25.10.15" This reverts commit b69a376. Revert "VLESS Reverse Proxy: Transfer real Source & Local (IP & port), enabled by default" This reverts commit 12f4a01. Revert "XHTTP client: Change default `maxConcurrency` to 1 for speed testing" This reverts commit 9cc7907. Revert "Router: Use built-in-dns only once for all rules (in "IPOnDemand"/"IPIfNonMatch" mode) (XTLS#5210)" This reverts commit 21a9658. Revert "README.md: Add PasarGuard to Web Panels (XTLS#5224)" This reverts commit 7f436f5. Revert "Update github.com/xtls/reality to 20251014195629" This reverts commit dcfde8d. Revert "Bump golang.org/x/net from 0.44.0 to 0.46.0 (XTLS#5215)" This reverts commit 898db92. Revert "Bump google.golang.org/grpc from 1.75.1 to 1.76.0 (XTLS#5212)" This reverts commit 8dd0e38. Revert "transport/internet/reality/reality.go: Safely get negotiated CurveID in VerifyPeerCertificate()" This reverts commit 40f0a54. Revert "Bump github.com/refraction-networking/utls from 1.8.0 to 1.8.1 (XTLS#5229)" This reverts commit 1762d6c. Revert "Fix shadowsocks2022 memory leak (XTLS#5166)" This reverts commit 1952488. Revert "fix: darwin arm64 always has AESGCMHardwareSupport (XTLS#5176)" This reverts commit 4a825c0. Revert "Bump github.com/quic-go/quic-go from 0.54.1 to 0.55.0 (XTLS#5208)" This reverts commit 514c9e5. Revert "feat(config): add unix socket HTTP config loader support (XTLS#5200)" This reverts commit 2f366ae. Revert "Fix vless reverse panic in vision (XTLS#5189)" This reverts commit c0c88f3. Revert "Bump github.com/quic-go/quic-go from 0.54.0 to 0.54.1 (XTLS#5180)" This reverts commit d0344bc. Revert "Bump google.golang.org/protobuf from 1.36.9 to 1.36.10 (XTLS#5203)" This reverts commit a6ebb30. Revert "Outbound: One endpoint and at most one user only (XTLS#5144)" This reverts commit fe57507. Revert "Config: Outbound proxy config no need to be nested (XTLS#5124)" This reverts commit 83c5370. Revert "Bump google.golang.org/grpc from 1.75.0 to 1.75.1 (XTLS#5129)" This reverts commit 1a48453. Revert "app/dispatcher/default.go: Close link when routedDispatch() failed (XTLS#5131)" This reverts commit 3167e5c. Revert "app/dispatcher/default.go: Add comment on run-time rejecting non-existent outbound tag" This reverts commit 5148c57.

KobeArthurScofield added 2 commits September 10, 2025 19:31

Flatten all Outbound config

aec040a

Fix missing

b796647

RPRX force-pushed the main branch from 8a1d4b0 to 5148c57 Compare September 10, 2025 17:30

Unifying the order of outbound settings

57b5fd2

RPRX changed the title ~~Config: Outbound proxy config no need to be nested when there is one endpoint~~ Config: Outbound proxy config no need to be nested Sep 11, 2025

RPRX merged commit 83c5370 into XTLS:main Sep 11, 2025
38 of 39 checks passed

KobeArthurScofield deleted the outbound-flattening branch September 12, 2025 06:35

wwcd reviewed Sep 12, 2025

View reviewed changes

KobeArthurScofield added a commit to KobeArthurScofield/Xray-core that referenced this pull request Sep 13, 2025

Fix XTLS#5124 (review)

8add78c

KobeArthurScofield mentioned this pull request Sep 14, 2025

Outbound: One endpoint and at most one user only #5144

Merged

MK0ltra mentioned this pull request Sep 15, 2025

Bug report outbound on xray core v25.9.11 alireza0/x-ui#1595

Closed

RPRX pushed a commit that referenced this pull request Sep 15, 2025

Outbound: One endpoint and at most one user only (#5144)

fe57507

#5124 (comment) Fixes #5124 (review)

rosebe mentioned this pull request Sep 18, 2025

Outbound: One endpoint and at most one user only (#5144) rosebe/Xray-core#171

Merged

BrewTestBot mentioned this pull request Oct 15, 2025

xray 25.10.15 Homebrew/homebrew-core#249697

Merged

1 task

Config: Outbound proxy config no need to be nested #5124

Config: Outbound proxy config no need to be nested #5124

Uh oh!

Conversation

KobeArthurScofield commented Sep 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

RPRX commented Sep 10, 2025

Uh oh!

RPRX commented Sep 10, 2025

Uh oh!

KobeArthurScofield commented Sep 10, 2025

Uh oh!

RPRX commented Sep 10, 2025

Uh oh!

KobeArthurScofield commented Sep 10, 2025

Uh oh!

RPRX commented Sep 11, 2025

Uh oh!

KobeArthurScofield commented Sep 11, 2025

Uh oh!

Uh oh!

RPRX commented Sep 11, 2025

Uh oh!

KobeArthurScofield commented Sep 11, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

wwcd left a comment

Choose a reason for hiding this comment

Uh oh!

wwcd Sep 12, 2025

Choose a reason for hiding this comment

Uh oh!

KobeArthurScofield commented Sep 13, 2025

Uh oh!

KobeArthurScofield commented Sep 13, 2025

Uh oh!

KobeArthurScofield commented Sep 13, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

KobeArthurScofield commented Sep 10, 2025 •

edited

Loading

KobeArthurScofield commented Sep 11, 2025 •

edited

Loading

KobeArthurScofield commented Sep 13, 2025 •

edited

Loading