### Download Xray Installation Script Source: https://xtls.github.io/document/level-0/ch07-xray-server.html Use wget to download the official Xray installation script to your server. This is the first step in the installation process. ```shell wget https://github.com/XTLS/Xray-install/raw/main/install-release.sh ``` -------------------------------- ### Execute Xray Installation Script Source: https://xtls.github.io/document/level-0/ch07-xray-server.html Run the downloaded installation script using sudo bash to install Xray. This command executes the script with administrative privileges. ```shell sudo bash install-release.sh ``` -------------------------------- ### DnsObject Configuration Example Source: https://xtls.github.io/config/dns.html This is a comprehensive example of the DnsObject configuration, showing how to set up hosts, multiple DNS servers with different protocols and domain-specific rules, client IP, and query strategies. ```json { "dns": { "hosts": { "baidu.com": "127.0.0.1", "dns.google": ["8.8.8.8", "8.8.4.4"] }, "servers": [ "8.8.8.8", "8.8.8.8:53", "tcp://8.8.8.8:53", "tcp+local://8.8.8.8:53", "https://8.8.8.8/dns-query", "https://1.1.1.1/dns-query", "h2c://dns.google/dns-query", "https+local://dns.google/dns-query", "quic+local://dns.adguard.com", { "address": "1.2.3.4", "port": 5353, "domains": ["domain:xray.com"], "expectedIPs": ["geoip:cn"], "skipFallback": false, "clientIP": "1.2.3.4" }, { "address": "https://8.8.8.8/dns-query", "domains": ["geosite:netflix"], "skipFallback": true, "queryStrategy": "UseIPv4" }, { "address": "https://1.1.1.1/dns-query", "domains": ["geosite:openai"], "skipFallback": true, "queryStrategy": "UseIPv6" }, "localhost" ], "clientIp": "1.2.3.4", "queryStrategy": "UseIP", "disableCache": false, "serveStale": false, "serveExpiredTTL": 0, "disableFallback": false, "disableFallbackIfMatch": false, "enableParallelQuery": false, "useSystemHosts": false, "tag": "dns_inbound" } } ``` -------------------------------- ### Install acme.sh Source: https://xtls.github.io/document/level-0/ch06-certificates.html Downloads and executes the acme.sh installation script. ```shell wget -O - https://get.acme.sh | sh ``` -------------------------------- ### Install Nginx on Debian Source: https://xtls.github.io/document/level-0/ch05-webpage.html Installs the Nginx web server on a Debian-based system. This is a prerequisite for serving web pages. ```shell sudo apt update && sudo apt install nginx ``` -------------------------------- ### Upgrade Installed Linux Packages with apt Source: https://xtls.github.io/document/level-0/ch03-ssh.html Execute 'apt upgrade' to install the updates fetched by 'apt update'. Confirm the installation by entering 'y' when prompted. ```shell apt upgrade ``` -------------------------------- ### DNS Server Configuration with Query Strategy Source: https://xtls.github.io/config/dns.html This example demonstrates configuring DNS servers with specific domain-based query strategies, overriding the global setting for certain domains. It shows how to query A records for Netflix and AAAA records for OpenAI. ```json { "dns": { "servers": [ "https://1.1.1.1/dns-query", { "address": "https://8.8.8.8/dns-query", "domains": ["geosite:netflix"], "skipFallback": true, "queryStrategy": "UseIPv4" }, { "address": "https://1.1.1.1/dns-query", "domains": ["geosite:openai"], "skipFallback": true, "queryStrategy": "UseIPv6" } ], "queryStrategy": "UseIP" } } ``` -------------------------------- ### Update Package List and Install Sudo Source: https://xtls.github.io/document/level-0/ch04-security.html Update your system's package list and then install the 'sudo' package. Sudo allows permitted users to run commands as the superuser or another user. ```shell apt update && apt install sudo ``` -------------------------------- ### Start Xray Service Source: https://xtls.github.io/document/level-0/ch07-xray-server.html This command starts the Xray service using systemd. ```shell sudo systemctl start xray ``` -------------------------------- ### xray-core Client Configuration Example Source: https://xtls.github.io/document/level-0/ch08-xray-clients.html This JSON configuration file sets up xray-core as a client. It includes settings for logging, DNS resolution, traffic routing (including ad blocking and geo-based splitting), inbound connections (SOCKS5 and HTTP), and outbound connections (VLESS proxy, direct connection, and blackhole). Remember to replace placeholders like UUID and domain names with your actual values. ```json { "log": { "loglevel": "warning" }, "dns": { "servers": [ { "address": "1.1.1.1", "domains": ["geosite:geolocation-!cn"] }, { "address": "223.5.5.5", "domains": ["geosite:cn"], "expectIPs": ["geoip:cn"] }, { "address": "114.114.114.114", "domains": ["geosite:cn"] }, "localhost" ] }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "domain": ["geosite:category-ads-all"], "outboundTag": "block" }, { "domain": ["geosite:cn"], "outboundTag": "direct" }, { "domain": ["geosite:geolocation-!cn"], "outboundTag": "proxy" }, { "ip": ["223.5.5.5"], "outboundTag": "direct" }, { "ip": ["geoip:cn", "geoip:private"], "outboundTag": "direct" } ] }, "inbounds": [ { "tag": "socks-in", "protocol": "socks", "listen": "127.0.0.1", "port": 10800, "settings": { "udp": true } }, { "tag": "http-in", "protocol": "http", "listen": "127.0.0.1", "port": 10801 } ], "outbounds": [ { "tag": "proxy", "protocol": "vless", "settings": { "address": "a-name.yourdomain.com", "port": 443, "id": "uuiduuid-uuid-uuid-uuid-uuiduuiduuid", "flow": "xtls-rprx-vision", "encryption": "none", "level": 0 }, "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "serverName": "a-name.yourdomain.com", "allowInsecure": false, "fingerprint": "chrome" } } }, { "tag": "direct", "protocol": "freedom" }, { "tag": "block", "protocol": "blackhole" } ] } ``` -------------------------------- ### Install TLS Certificate for Xray Source: https://xtls.github.io/document/level-0/ch07-xray-server.html Use acme.sh to install the obtained TLS certificate for Xray. This command copies the full chain certificate and the private key to the specified locations. ```shell acme.sh --install-cert -d 二级域名.你的域名.com --ecc \ --fullchain-file ~/xray_cert/xray.crt \ --key-file ~/xray_cert/xray.key ``` -------------------------------- ### VLESS Reverse Proxy Configuration Example Source: https://xtls.github.io/config/inbounds/vless.html Configuration for VLESS reverse proxy, specifying a tag for the outbound proxy. ```json { "reverse": { "tag": "r-outbound" } } ``` -------------------------------- ### VLESS Inbound Configuration Example Source: https://xtls.github.io/config/inbounds/vless.html Basic inbound configuration for the VLESS protocol, specifying users, decryption, and fallbacks. ```json { "inbounds": [ { // ... "protocol": "vless", "settings": { "users": [ { "id": "5783a3e7-e373-51cd-8642-c83782b807c5", "level": 0, "email": "love@xray.com", "flow": "xtls-rprx-vision", "reverse": {} } ], "decryption": "none", "fallbacks": [ { "dest": 80 } ] } } ] } ``` -------------------------------- ### Advanced Traffic Splitting with Loopback Source: https://xtls.github.io/config/outbounds/loopback.html Demonstrates how to use the loopback protocol for advanced traffic splitting. This example shows how to route TCP and UDP traffic to separate outbound handlers after initial routing by specifying the `inboundTag` in the routing rules. ```json { "outbounds": [ { "protocol": "loopback", "tag": "need-to-split", "settings": { "inboundTag": "traffic-input" // 该 tag 在下方用于 RuleObject 的 inboundTag } }, { "tag": "tcp-output" // protocol, settings, streamSettings 之类的设置 }, { "tag": "udp-output" // protocol, settings, streamSettings 之类的设置 } ], "routing": { "rules": [ { "inboundTag": ["traffic-input"], // loopback 设定的 tag "network": "tcp", "outboundTag": "tcp-output" }, { "inboundTag": ["traffic-input"], // loopback 设定的 tag "network": "udp", "outboundTag": "udp-output" } ] } } ``` -------------------------------- ### Enable Xray Service Auto-start Source: https://xtls.github.io/document/level-0/ch07-xray-server.html Ensures the Xray service automatically starts when the system reboots. ```shell sudo systemctl enable xray ``` -------------------------------- ### Freedom Outbound Configuration Example Source: https://xtls.github.io/config/outbounds/freedom.html This JSON snippet demonstrates the configuration for the Freedom outbound protocol, including domain strategy, redirection, fragment, noises, and final rules. ```json { "outbounds": [ { // ... "protocol": "freedom", "settings": { "domainStrategy": "AsIs", "redirect": "127.0.0.1:3366", "userLevel": 0, "fragment": { "packets": "tlshello", "length": "100-200", "interval": "10-20" // 单位ms }, "noises": [ { "type": "base64", "packet": "7nQBAAABAAAAAAAABnQtcmluZwZtc2VkZ2UDbmV0AAABAAE=", "delay": "10-16" } ], "proxyProtocol": 0, "finalRules": [ { "action": "block", "network": "tcp", "port": "22,25,465,587" }, { "action": "block", "ip": ["geoip:cn"] } ] } } ] } ``` -------------------------------- ### Remove Xray Installation Script Source: https://xtls.github.io/document/level-0/ch07-xray-server.html After successful installation, remove the installation script to clean up your server. Using the full path is a recommended safety practice. ```shell rm ~/install-release.sh ``` -------------------------------- ### Update Linux Software Information with apt Source: https://xtls.github.io/document/level-0/ch03-ssh.html Use 'apt update' to fetch the latest package information from repositories. This command queries available updates but does not install them. ```shell apt update ``` -------------------------------- ### VLESS User Object Example Source: https://xtls.github.io/config/inbounds/vless.html Defines a user for VLESS authentication, including ID, level, email, flow, and reverse proxy settings. ```json { "id": "5783a3e7-e373-51cd-8642-c83782b807c5", "level": 0, "email": "love@xray.com", "flow": "xtls-rprx-vision", "reverse": {} } ``` -------------------------------- ### Start Xray with Browser Dialer Source: https://xtls.github.io/config/features/browser_dialer.html Commands to enable the browser dialer feature via environment variables on different operating systems. ```bash set XRAY_BROWSER_DIALER=127.0.0.1:8080 ``` ```bash XRAY_BROWSER_DIALER=127.0.0.1:8080 ./xray -c config.json ``` -------------------------------- ### Grant Sudo Privileges to New User Source: https://xtls.github.io/document/level-0/ch04-security.html Edit the sudoers file to grant the new user administrative privileges. This example configures the user to run commands without needing to re-enter their password. ```shell visudo ``` -------------------------------- ### Create Website Directory and Index File Source: https://xtls.github.io/document/level-0/ch05-webpage.html Creates a directory structure for the website and initializes an index.html file. This command ensures the necessary file path exists for Nginx to serve content. ```shell mkdir -p ~/www/webpage/ && nano ~/www/webpage/index.html ``` -------------------------------- ### 查看合并后的配置 Source: https://xtls.github.io/config/features/multiple.html 使用 `-dump` 选项查看 Xray 合并后的配置。注意,`-dump` 选项输出的配置格式可能因 core 内部使用 protobuf 而有所不同。 ```shell xray run -confdir=./confs -dump ``` -------------------------------- ### Disable Xray Service Auto-start Source: https://xtls.github.io/document/level-0/ch07-xray-server.html Prevents the Xray service from automatically starting when the system reboots. ```shell sudo systemctl disable xray ``` -------------------------------- ### Refresh Shell Environment Source: https://xtls.github.io/document/level-0/ch06-certificates.html Updates the current shell session to recognize the newly installed acme.sh command. ```shell . .bashrc ``` -------------------------------- ### Create Xray Configuration File Source: https://xtls.github.io/document/level-0/ch07-xray-server.html Opens the Xray configuration file in the nano editor for editing. You will paste the JSON configuration into this file. ```shell sudo nano /usr/local/etc/xray/config.json ``` -------------------------------- ### Debug Test Certificate Application Source: https://xtls.github.io/document/level-0/ch06-certificates.html If the test certificate application fails, add the `--debug` flag to the command to get more detailed output for troubleshooting. This helps in identifying the exact cause of the error. ```shell acme.sh --issue --server letsencrypt_test -d 二级域名.你的域名.com -w /home/vpsadmin/www/webpage --keylength ec-256 --debug ``` -------------------------------- ### Add New User Source: https://xtls.github.io/document/level-0/ch04-security.html Create a new user account on the Linux system. It's recommended to use a non-root user for daily operations to minimize security risks. ```shell adduser vpsadmin ``` -------------------------------- ### Set Go Proxy for Unreachable Networks Source: https://xtls.github.io/development/intro/compile.html Configure the Go proxy to download dependencies when facing network issues accessing Google services. ```bash go env -w GOPROXY=https://goproxy.io,direct ``` -------------------------------- ### Build Xray Binary for macOS/Linux Source: https://xtls.github.io/development/intro/compile.html Compile the Xray binary for macOS and Linux systems. This command disables CGO and optimizes the build. ```bash CGO_ENABLED=0 go build -o xray -trimpath -buildvcs=false -ldflags "-s -w -buildid=" ./main ``` -------------------------------- ### Build Xray Binary for Windows Source: https://xtls.github.io/development/intro/compile.html Compile the Xray binary for Windows using Powershell. This command disables CGO and optimizes the build. ```powershell $env:CGO_ENABLED=0 go build -o xray.exe -trimpath -buildvcs=false -ldflags "-s -w -buildid=" ./main ``` -------------------------------- ### Run xray-core on Windows Source: https://xtls.github.io/document/level-0/ch08-xray-clients.html Use this command on Windows to run xray-core and specify the configuration file path. ```shell C:\Xray-windows-64\xray.exe -c C:\Xray-windows-64\config.json ``` -------------------------------- ### Clone Xray Source Code Source: https://xtls.github.io/development/intro/compile.html Clone the Xray-core repository and download its dependencies. This is the first step before compiling. ```bash git clone https://github.com/XTLS/Xray-core.git cd Xray-core && go mod download ``` -------------------------------- ### Create Directory for Xray Certificates Source: https://xtls.github.io/document/level-0/ch07-xray-server.html Create a dedicated directory for Xray certificates. This helps in organizing certificate files and managing permissions, especially when running as a non-root user. ```shell mkdir ~/xray_cert ``` -------------------------------- ### Successful Test Certificate Application Output Source: https://xtls.github.io/document/level-0/ch06-certificates.html This is the expected output when a test certificate application is successful. It shows the process from account key creation to certificate download, using the staging environment. ```log [Wed 30 Dec 2022 04:25:12 AM EST] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory [Wed 30 Dec 2022 04:25:13 AM EST] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory [Wed 30 Dec 2022 04:25:13 AM EST] Create account key ok. [Wed 30 Dec 2022 04:25:13 AM EST] Registering account: https://acme-staging-v02.api.letsencrypt.org/directory [Wed 30 Dec 2022 04:25:13 AM EST] Registered [Wed 30 Dec 2022 04:25:13 AM EST] ACCOUNT_THUMBPRINT='CU6qmPKuRqhyTAIrF4swosR375194z_1ddUlWef8xDc' [Wed 30 Dec 2022 04:25:13 AM EST] Creating domain key [Wed 30 Dec 2022 04:25:13 AM EST] The domain key is here: /home/vpsadmin/.acme.sh/二级域名.你的域名.com_ecc/二级域名.你的域名.com.key [Wed 30 Dec 2022 04:25:13 AM EST] Single domain='二级域名.你的域名.com' [Wed 30 Dec 2022 04:25:13 AM EST] Getting domain auth token for each domain [Wed 30 Dec 2022 04:25:14 AM EST] Getting webroot for domain='二级域名.你的域名.com' [Wed 30 Dec 2022 04:25:14 AM EST] Verifying: 二级域名.你的域名.com [Wed 30 Dec 2022 04:25:23 AM EST] Pending [Wed 30 Dec 2022 04:25:25 AM EST] Success [Wed 30 Dec 2022 04:25:25 AM EST] Verify finished, start to sign. [Wed 30 Dec 2022 04:25:25 AM EST] Lets finalize the order. [Wed 30 Dec 2022 04:25:25 AM EST] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/490205995/7730242871' [Wed 30 Dec 2022 04:25:25 AM EST] Downloading cert. [Wed 30 Dec 2022 04:25:25 AM EST] Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/xujss5xt8i38waubafz2xujss5xt8i38waubz2' [Wed 30 Dec 2022 15:21:52 AM EST] Cert success. --BEGIN CERTIFICAT-- sxlYqPvWreKgD5b8JyOQX0Yg2MLoRUoDyqVkd31PthIiwzdckoh5eD3JU7ysYBtN cTFK4LGOfjqi8Ks87EVJdK9IaSAu7ZC6h5to0eqpJ5PLhaM3e6yJBbHmYA8w1Smp wAb3tdoHZ9ttUIm9CrSzvDBt6BBT6GqYdDamMyCYBLooMyDEM4CUFsOzCRrEqqvC 2mTTEmhvpojo5rhdTSJxibozyNWTGwoTj0v9pTUeQcGqLIzqi4DowjBHD5guwRid SjAFnm6JT2xUQgWFm58A1gv1OhbH1TRPUUmtE1nFEN7YiSjI4xgxqAXT3CLD2EUb wXlUrO6c75zSsQP4bRMzgOjJUqHtSb6IEqELzt4M7KzL5iCOruCChCo2DZxUwvVX tOoaAyQJzCbTqE6aUqwiKi3gVyoxvDP9mI5JdRYzsDL6GVud7EHPnYeMl9ubLZAK 0vg84mbMP3f6mYM4KRa1cqiyOIcQPT4AzGFYVv4sm049bZQg7sd0Bz9CaFvE7yDA 1y17XlgCDnsjxl66bqI1vkENN9XT5xeFHONqc18b5fZEKSIvdX7iWPFWp1PyMPpG 0pMCP1EymZNFxIMJLgbWqExwLWfPc5Ib3PjBaIqhXPnw6sT2MQSxXwDupq1UJVhV 7E3hQRVlwI4CXi6WLHJMNvNRyyK87gCrLH1bKYsPeRVaz77poWBq49zwBCts6hPY IeF4ltGXyANNIOPEi8vy138fRU4LYh81d8FjOtFfJZogMjwhfNvapqxPMsioPlmX TnZu0n7setrVNUEfTMHWqPpDgk5MPrWLA4LapqaDfEX4pwnQJLMwMi6s94z165c0 iMRSKA1yU5zqv8aNsDfPoY4OkSPWs4MaXgRRSLBsUfZ15DwQXPk76kegHIyxWvwF tYw9HKR5QCMK66fa0z4aJoFVFLK0IIOGEZOanRFUCnkLUDd3QZ3YU8lEcrj7Uxos haiRNICyC6UfsCJ94a8vcNyMosPv3xBLMp19WXgiFYqEFQkntkv1FLRI35fjeJmg 0fmD9VG9bkzGPHihJgQLRlCHasGf6XrdfkSsODAyCUHUHJ0RzqF4YEZMcxDxzuQ2 YO7bFwj7S3mUdVPZ6MPasjxdyBjJgEBMch2uy4AhmudXfEBQBye8W6ZI4ztZjLVV FmP4SIuaNUmMe20TjR8b9NVC96AhxOanWT3mRROsdokpKQGTJvl27EHH8KuAbUOc G6KtPy4wslNZNXWcBy9n63RcWak12r7kAIFn38tZxmlw2WUKoRSMAH64GcDTjRQd Am65hBHzvGrj93wEuVNIebvNIsJOlng3HFjpIxVqKGMCIfWIKGDE3YzK3p4LbGZ6 NZFQWYJLNVf2M9CCJfbEImPYgvctrxl39H6KVYPCw1SAdaj9NneUqmREOQkKoEB0 x6PmNirbMscHhQPSC0JQaqUgaQFgba1ALmzRYAnYhNb0twkTxWbY7DBkAarxqMIp yiLKcBFc5H7dgJCImo7us7aJeftC44uWkPIjw9AKH= --END CERTIFICAT-- [Wed 30 Dec 2022 15:21:52 AM EST] Your cert is in /home/vpsadmin/.acme.sh/二级域名.你的域名.com_ecc/二级域名.你的域名.com.cer [Wed 30 Dec 2022 15:21:52 AM EST] Your cert key is in /home/vpsadmin/.acme.sh/二级域名.你的域名.com_ecc/二级域名.你的域名.com.key [Wed 30 Dec 2022 15:21:52 AM EST] The intermediate CA cert is in /home/vpsadmin/.acme.sh/二级域名.你的域名.com_ecc/ca.cer [Wed 30 Dec 2022 15:21:52 AM EST] And the full chain certs is there: /home/vpsadmin/.acme.sh/二级域名.你的域名.com_ecc/fullchain.cer ``` -------------------------------- ### Run xray-core on Linux/macOS Source: https://xtls.github.io/document/level-0/ch08-xray-clients.html Use this command on Linux or macOS to run xray-core and specify the configuration file path. ```shell /usr/local/bin/xray -c /usr/local/etc/xray/config.json ``` -------------------------------- ### Reproducible Build for MIPS/MIPSLE Architectures Source: https://xtls.github.io/development/intro/compile.html Perform a reproducible build specifically for MIPS and MIPSLE architectures, including a short commit ID. ```bash CGO_ENABLED=0 go build -o xray -trimpath -buildvcs=false -gcflags="-l=4" -ldflags="-X github.com/xtls/xray-core/core.build= -s -w -buildid=" -v ./main ``` -------------------------------- ### 使用 confdir 启动 Xray Source: https://xtls.github.io/config/features/multiple.html 使用 `-confdir` 参数指定包含多个配置文件的目录来启动 Xray。启动信息会提示配置文件的读入顺序。 ```shell $ xray run -confdir /etc/xray/confs ``` -------------------------------- ### Create Xray Log Files Source: https://xtls.github.io/document/level-0/ch07-xray-server.html Creates the access and error log files for Xray. ```shell touch ~/xray_log/access.log && touch ~/xray_log/error.log ``` -------------------------------- ### Test ECC Certificate Application Source: https://xtls.github.io/document/level-0/ch06-certificates.html Use this command to test applying an ECC certificate. Replace '二级域名.你的域名.com' with your actual domain. This command uses the Let's Encrypt test server to avoid hitting rate limits. ```shell acme.sh --issue --server letsencrypt_test -d 二级域名.你的域名.com -w /home/vpsadmin/www/webpage --keylength ec-256 ``` -------------------------------- ### 申请正式证书 Source: https://xtls.github.io/document/level-0/ch06-certificates.html 使用 --force 参数强制申请正式证书,适用于在现有证书到期前手动更新。 ```shell acme.sh --issue -d 二级域名.你的域名.com -w /home/vpsadmin/www/webpage --keylength ec-256 --force ``` -------------------------------- ### Configure StatsObject Source: https://xtls.github.io/config/stats.html Enable traffic statistics by including the stats object in the Xray configuration file. ```json { "stats": {} } ``` -------------------------------- ### SystemPolicyObject Details Source: https://xtls.github.io/config/policy.html Configuration for system-level policies in Xray. ```APIDOC ## SystemPolicyObject Details ### Description Defines system-level policy settings for Xray. ### Configuration Structure ```json { "statsInboundUplink": false, "statsInboundDownlink": false, "statsOutboundUplink": false, "statsOutboundDownlink": false } ``` ### Parameters #### statsInboundUplink (boolean) - Optional (Default: false) Enables uplink traffic statistics for all inbound proxies. #### statsInboundDownlink (boolean) - Optional (Default: false) Enables downlink traffic statistics for all inbound proxies. #### statsOutboundUplink (boolean) - Optional (Default: false) Enables uplink traffic statistics for all outbound proxies. #### statsOutboundDownlink (boolean) - Optional (Default: false) Enables downlink traffic statistics for all outbound proxies. ``` -------------------------------- ### Cross-Compile Xray for Linux on Windows Source: https://xtls.github.io/development/intro/compile.html Cross-compile the Xray binary for a Linux amd64 target from a Windows Powershell environment. Ensure to set GOOS and GOARCH environment variables. ```powershell $env:CGO_ENABLED=0 $env:GOOS="linux" $env:GOARCH="amd64" go build -o xray -trimpath -buildvcs=false -ldflags "-s -w -buildid=" ./main ``` -------------------------------- ### 配置默认 CA 服务器 Source: https://xtls.github.io/document/level-0/ch06-certificates.html 将 acme.sh 的默认 CA 服务器设置为 Let's Encrypt 正式环境。 ```shell acme.sh --set-default-ca --server letsencrypt ``` -------------------------------- ### Configure SSH Key-Based Authentication Source: https://xtls.github.io/document/level-0/ch04-security.html Set up SSH to use RSA key pairs for authentication instead of passwords. This involves generating keys, uploading the public key to the server, and configuring the SSH daemon to accept key authentication. ```shell chmod 600 ~/.ssh/authorized_keys ``` ```shell sudo nano /etc/ssh/sshd_config ``` ```shell sudo systemctl restart ssh ``` -------------------------------- ### Set Write Permissions for Log Files Source: https://xtls.github.io/document/level-0/ch07-xray-server.html Grants write permissions to all users for Xray log files, which is necessary as Xray runs as the 'nobody' user by default. ```shell chmod a+w ~/xray_log/*.log ``` -------------------------------- ### Create Xray Log Directory Source: https://xtls.github.io/document/level-0/ch07-xray-server.html This command creates a directory to store Xray's log files. ```shell mkdir ~/xray_log ``` -------------------------------- ### PolicyObject Configuration Source: https://xtls.github.io/config/policy.html Defines the overall policy settings, including user levels and system-level statistics. ```json { "policy": { "levels": { "0": { "handshake": 4, "connIdle": 300, "uplinkOnly": 2, "downlinkOnly": 5, "statsUserUplink": false, "statsUserDownlink": false, "statsUserOnline": false, "bufferSize": 4 } }, "system": { "statsInboundUplink": false, "statsInboundDownlink": false, "statsOutboundUplink": false, "statsOutboundDownlink": false } } } ```