My xray configuration files.
xray is a proxy software primarily used to bypass firewalls and restrictions. Learn more about it here.
It is the next generation of v2ray, which has been increasingly stagnant in development.
- A domain
- A server
- Cloudflare
You need to setup the following subdomains:
vl
(vless) (disable Cloudflare CDN, aka the yellow toggle next to your subdomain)ws
(websocket) (enable Cloudflare CDN, aka the yellow toggle next to your subdomain)tsc
(tailscale) (If you do not wish to setup Tailscale, ignore this subdomain)
Do note that you have to disable Cloudflare CDN for vl
(vless). Cloudflare cannot proxy tcp
traffic.
Cloudflare CDN for ws
(websocket) is optional.
This guide assumes you are using Ubuntu 22.10.
Install acme.sh
, nginx
, and Tailscale. Relevant guides can be found online.
Tailscale is optional.
Run all of the following commands as the user root
unless specified otherwise.
Create folders certs
and logs
under /home/xray
.
mkdir certs logs
Under /var/www/html
prepare an index.html
to use as decoy. It can be any static page of your choice.
echo "Testing webpage" > /var/www/html/index.html
Add an xray.conf
under /etc/nginx/conf.d
. If you would not like to setup tailscale, remove tsc.example.com
from your config. Replace example.com
with your own domain.
server {
listen 80;
listen [::]:80;
server_name ws.example.com vl.example.com tsc.example.com;
return 301 https://$http_host$request_uri;
}
server {
listen 9005;
listen [::]:9005;
server_name ws.example.com vl.example.com tsc.example.com;
root /var/www/html;
index index.html;
add_header Strict-Transport-Security "max-age=63072000" always;
}
Set CF_Token
environment variable.
export CF_Token="my_cf_token"
Get certificates.
/home/xray/.acme.sh/acme.sh --issue -d '*.example.com' --keylength ec-256 --force --dns dns_cf --ocsp-must-staple
/home/xray/.acme.sh/acme.sh --install-cert -d *.example.com --ecc --cert-file /home/xray/certs/xray.crt --fullchain-file /home/xray/certs/fullchain.crt --key-file /home/xray/certs/xray.key
Put xray-cert-renew.sh
in /home/xray/certs.
#!/bin/bash
/home/xray/.acme.sh/acme.sh --install-cert -d *.example.com --ecc --cert-file /home/xray/certs/xray.crt --fullchain-file /home/xray/certs/fullchain.crt --key-file /home/xray/certs/xray.key
echo "Xray Certificates Renewed"
chmod +r /home/xray/certs/xray.key
echo "Read Permission Granted for Private Key"
sudo systemctl restart xray
echo "Xray Restarted"
Put server-config.json
as config.json
under /usr/local/etc/xray
. Modify fields accordingly.
Switch to user xray
.
su xray
Edit crontab.
crontab -e
Then paste in the following line which will refresh your SSL certificates every month:
0 1 1 * * bash /home/xray/certs/xray-cert-renew.sh
Now, the final step is to start nginx
and xray
.
sudo systemctl start nginx && sudo systemctl start xray
Use vless-over-tls.jsonc
or websockets-over-cloudflare-cdn.jsonc
depending on your choice and save them as config.json
. Modify the fields accordingly.
Then, run xray
.
xray run
Finally, change your system proxy to socks5://localhost:10800
.