Reality dest parameter and logging function.

[hawshemi]

Let's say I have Reality setup on my server:

            "streamSettings": {
                "network": "tcp",
                "security": "reality",
                "realitySettings": {
                    "dest": "WEBSITE.COM:8080", 
                    "serverNames": [ 
                        "WEBSITE.COM"

And it's working fine.
As far as I know, the dest is a forwarder to the domain address. when I enter my VPS IP address with port 8080 manually in the browser, if shows the WEBSITE.COM:8080.
My question is : Is there a way to log this access? because I tested with:

    "log": {
        "loglevel": "debug",
        "access": "/var/log/xray/access.log",
        "error": "/var/log/xray/error.log",
        "dnsLog": true
    },

But nothing is logged with this kind of access. this is helpful especially to find out if the server is actively probed or not.

[chika0801]

The correct test method is: you modify the hosts file of the system, the content is the IP of the VPS The URL you fill in the DEST parameter (such as WEBSITE.COM)

Restart your browser and visit WEBSITE.COM (the domain name is resolved to the IP of your VPS because of the modification of the hosts file). At this time the browser shows the content of WEBSITE.COM website.

According to some REALITY principle replies, this request REALITY external performance is forwarded to the real WEBSITE.COM website.

Xray's log I was under the impression does not record this request (the IP of the source) from the visitor.

[hawshemi]

I didn't understand fully. can you explain it more? can I log the IP address of the visitor to my VPS IP address which is forwarding to dest ?

[chika0801]

Do you mean Dest where you fill in the IP address. If that's what you mean by asking, it's possible. Let's say your dest URL is WEBSITE.COM, assuming it has an IP of 1.2.3.4.

You can fill in 1.2.3.4:443 in DEST, and then make sure the server name parameter is WEBSITE.COM.

[hawshemi]

No, I don't mean that.
Let's say my VPS IP address is x.x.x.x and the config port and dest port is 8080. so when I enter x.x.x.x:8080 into the browser, it will show WEBSITE.COM:8080.
This is correct. all I want it to log the foreign IP address that was requested x.x.x.x:8080.

[us254]

Reality server and Xray's log do not inherently record the IP of the visitor in this specific scenario. This is likely because the request is being forwarded and may not be seen as originating from the visitor's IP address.

[hawshemi]

How about using nginx alongside reality server?

reality dest -> nginx -> domain

[chika0801]

https://github.com/chika0801/Xray-examples/tree/main/VLESS-XTLS-uTLS-REALITY/steal_oneself

reality dest -> nginx

This is a form of "stealing from yourself", it is REALITY forwarded to the local port, and nginx listens on this one port. ssl certificates are loaded by nginx.

nginx -> domain

I didn't understand your intent in this paragraph.

[hawshemi]

If there is no way to record logs with reality between the visitor and the dest, can I do it with nginx?
I have the mentioned steal yourself server with my own domain. now I want to record logs for my domain if someone visited my domain and what IP is that...

[us254]

it appears that the Nginx server is already set up to record logs for your domain, including the IP address of the visitor.

https://github.com/chika0801/Xray-examples/blob/main/VLESS-XTLS-uTLS-REALITY/steal_oneself/config_server.json

log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log main;