====== Установка xray-gateway на Ubuntu ======

Инструкция по установке прозрачного прокси xray для маршрутизации трафика с MikroTik через VLESS + Reality.

===== Схема работы =====

<code>
MikroTik → Linux (xray-gateway) → VPS (3X-UI) → Интернет
</code>

^ Компонент ^ IP ^ Роль ^
| MikroTik | 192.168.0.1 | Маршрутизатор |
| Linux (xray) | 192.168.0.131 | Прозрачный прокси |
| VPS (3X-UI) | 185.238.168.59 | Выходной сервер |

===== Требования =====

  * Ubuntu 22.04 / 24.04
  * Root-доступ
  * Сетевой интерфейс **eth0**

===== Шаг 1: Установка Docker =====

<code bash>
apt update
apt install -y ca-certificates curl gnupg

install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg

echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null

apt update
apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

systemctl enable docker
systemctl start docker
</code>

Проверка:

<code bash>
docker --version
</code>

===== Шаг 2: Создание каталога и конфигов =====

<code bash>
mkdir -p /opt/xray-gateway
cd /opt/xray-gateway
</code>

==== config.json ====

<code bash>
nano /opt/xray-gateway/config.json
</code>

Содержимое:

<code json>
{
  "log": {
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "tag": "socks",
      "port": 10808,
      "listen": "0.0.0.0",
      "protocol": "socks",
      "settings": {
        "auth": "noauth",
        "udp": true
      }
    },
    {
      "tag": "transparent",
      "port": 12345,
      "listen": "0.0.0.0",
      "protocol": "dokodemo-door",
      "settings": {
        "network": "tcp,udp",
        "followRedirect": true
      },
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"]
      }
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "185.238.168.59",
            "port": 443,
            "users": [
              {
                "id": "eac6da3c-e718-4661-80d5-d96838618122",
                "encryption": "none"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "reality",
        "realitySettings": {
          "fingerprint": "chrome",
          "serverName": "google.com",
          "publicKey": "Ks7lJ4awVwB_yxTXNadU0CWUdIP3Jie28tJv60omWFk",
          "shortId": "0f432ce5",
          "spiderX": "/"
        }
      }
    },
    {
      "tag": "direct",
      "protocol": "freedom"
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "direct"
      }
    ]
  }
}
</code>

==== docker-compose.yml ====

<code bash>
nano /opt/xray-gateway/docker-compose.yml
</code>

Содержимое:

<code yaml>
services:
  xray:
    image: ghcr.io/xtls/xray-core:latest
    container_name: xray-gateway
    restart: unless-stopped
    command: ["run", "-c", "/etc/xray/config.json"]
    network_mode: host
    volumes:
      - ./config.json:/etc/xray/config.json:ro
</code>

===== Шаг 3: Настройка IP forwarding =====

<code bash>
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
</code>

===== Шаг 4: Настройка iptables =====

Добавляем правила для разрешённых IP-адресов:

<code bash>
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 151.252.108.239 -j REDIRECT --to-ports 12345
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 85.175.4.197 -j REDIRECT --to-ports 12345
</code>

Сохраняем правила:

<code bash>
DEBIAN_FRONTEND=noninteractive apt install -y iptables-persistent
netfilter-persistent save
</code>

===== Шаг 5: Запуск контейнера =====

<code bash>
cd /opt/xray-gateway
docker compose up -d
</code>

===== Проверка =====

Логи контейнера:

<code bash>
docker compose -f /opt/xray-gateway/docker-compose.yml logs -f
</code>

Тест подключения:

<code bash>
curl -x socks5://127.0.0.1:10808 https://ifconfig.me
</code>

Должен вернуть **185.238.168.59** (IP VPS сервера).

===== Настройка MikroTik =====

Добавляем маршрут в таблицу **to_vpn**:

<code>
/ip route add dst-address=0.0.0.0/0 gateway=192.168.0.131 routing-table=to_vpn distance=1
</code>

Проверка:

<code>
/ip route print where routing-table=to_vpn
</code>

===== Управление =====

^ Команда ^ Описание ^
| ''docker compose up -d'' | Запуск |
| ''docker compose down'' | Остановка |
| ''docker compose restart'' | Перезапуск |
| ''docker compose logs -f'' | Просмотр логов |

===== Добавление нового IP =====

<code bash>
iptables -t nat -A PREROUTING -i eth0 -p tcp -s НОВЫЙ_IP -j REDIRECT --to-ports 12345
netfilter-persistent save
</code>

===== Удаление IP =====

<code bash>
iptables -t nat -D PREROUTING -i eth0 -p tcp -s УДАЛЯЕМЫЙ_IP -j REDIRECT --to-ports 12345
netfilter-persistent save
</code>

===== Просмотр правил iptables =====

<code bash>
iptables -t nat -L PREROUTING -n --line-numbers
</code>

===== Структура каталога =====

<code>
/opt/xray-gateway/
├── config.json
└── docker-compose.yml
</code>