### Install Dependencies and Run Dev Server Source: https://xtls.github.io/en/document/document.html Install project dependencies using pnpm and start the local development server to preview the documentation. Ensure Node.js and pnpm are installed. ```bash pnpm install pnpm run docs:dev ``` -------------------------------- ### Complete Configuration Example Source: https://xtls.github.io/en/config/reverse.html An example illustrating a complete reverse proxy configuration, including bridge and portal setups. ```APIDOC ## Complete Configuration Example TIP During operation, it is recommended to enable the `bridge` first, and then enable the `portal`. ``` -------------------------------- ### Download Xray Installation Script Source: https://xtls.github.io/en/document/level-0/ch07-xray-server.html Use wget to download the Xray installation script. This is the first step in installing Xray on your server. ```shell wget https://github.com/XTLS/Xray-install/raw/main/install-release.sh ``` -------------------------------- ### Install Nginx Source: https://xtls.github.io/en/document/level-1/fallbacks-with-sni.html Installs Nginx from the official repository. Ensure you have curl, gnupg2, ca-certificates, and lsb-release installed. ```bash sudo apt install curl gnupg2 ca-certificates lsb-release echo "deb [arch=amd64] [http://nginx.org/packages/ubuntu](http://nginx.org/packages/ubuntu) `lsb_release -cs` nginx" \ | sudo tee /etc/apt/sources.list.d/nginx.list curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add - sudo apt update sudo apt install nginx ``` -------------------------------- ### Execute Xray Installation Script Source: https://xtls.github.io/en/document/level-0/ch07-xray-server.html Run the downloaded installation script using sudo bash. This command initiates the Xray installation process. ```shell sudo bash install-release.sh ``` -------------------------------- ### Example RuleObject Configuration Source: https://xtls.github.io/en/config/routing.html A comprehensive example demonstrating various attributes that can be included in a RuleObject for network routing. ```json { "domain": ["baidu.com", "qq.com", "geosite:cn"], "ip": ["0.0.0.0/8", "10.0.0.0/8", "fc00::/7", "fe80::/10", "geoip:cn"], "port": "53,443,1000-2000", "sourcePort": "53,443,1000-2000", "localPort": "53,443,1000-2000", "network": "tcp", "sourceIP": ["10.0.0.1"], "localIP": ["192.168.0.25"], "user": ["love@xray.com"], "vlessRoute": "53,443,1000-2000", "inboundTag": ["tag-vmess"], "protocol": ["http", "tls", "quic", "bittorrent"], "attrs": { ":method": "GET" }, "process": ["curl"], "outboundTag": "direct", "balancerTag": "balancer", "ruleTag": "rule name", "webhook": { "url": "https://api.example.com/alert", "deduplication": 300 } } ``` -------------------------------- ### Install openresolv Source: https://xtls.github.io/en/document/level-2/redirect.html Install the openresolv package if the DNS field is used in the WireGuard [Interface] configuration. This is a required tool for DNS handling in this setup. ```bash apt install openresolv ``` -------------------------------- ### Start WireGuard Tunnel Source: https://xtls.github.io/en/document/level-2/redirect.html Use this command to initiate the WireGuard tunnel interface. Ensure WireGuard is installed and configured. ```bash wg-quick up wg0 ``` -------------------------------- ### Local Xray Installation Source: https://xtls.github.io/en/document/level-2/tproxy_ipv4_and_ipv6.html Perform a local installation of Xray on the side router by downloading the program and using the install script. Ensure the script has executable permissions. ```bash # chmod 700 install-release.sh ``` ```bash # ./install-release.sh --local Xray-linux-64.zip ``` -------------------------------- ### Start Xray Service Source: https://xtls.github.io/en/document/level-0/ch07-xray-server.html Use this command to start the Xray service. Ensure you have the necessary permissions. ```shell sudo systemctl start xray ``` -------------------------------- ### Install iptables/nftables Source: https://xtls.github.io/en/document/level-2/tproxy_ipv4_and_ipv6.html Install the necessary packet filtering tools for transparent proxying. Use iptables for IPv4 and ip6tables for IPv6, or nftables for a unified approach. ```bash # sudo apt install iptables ip6tables ``` ```bash # sudo apt install nftables ``` -------------------------------- ### DnsObject Configuration Example Source: https://xtls.github.io/en/config/dns.html This is a comprehensive example of the DnsObject configuration, showcasing static host mappings and various DNS server configurations. ```json { "dns": { "hosts": { "baidu.com": "127.0.0.1", "dns.google": ["8.8.8.8", "8.8.4.4"] }, "servers": [ "8.8.8.8", "8.8.4.4", { "address": "1.2.3.4", "port": 5353, "domains": ["domain:xray.com"], "expectedIPs": ["geoip:cn"], "skipFallback": false, "clientIP": "1.2.3.4" }, { "address": "https://8.8.8.8/dns-query", "domains": ["geosite:netflix"], "skipFallback": true, "queryStrategy": "UseIPv4" }, { "address": "https://1.1.1.1/dns-query", "domains": ["geosite:openai"], "skipFallback": true, "queryStrategy": "UseIPv6" }, "localhost" ], "clientIp": "1.2.3.4", "queryStrategy": "UseIP", "disableCache": false, "serveStale": false, "serveExpiredTTL": 0, "disableFallback": false, "disableFallbackIfMatch": false, "enableParallelQuery": false, "useSystemHosts": false, "tag": "dns_inbound" } } ``` -------------------------------- ### Install Nginx Source: https://xtls.github.io/en/document/level-0/ch05-webpage.html Installs the Nginx web server on a Debian-based system. This is the first step in setting up a website for secure internet access. ```shell sudo apt update && sudo apt install nginx ``` -------------------------------- ### Install wgcf-cli Source: https://xtls.github.io/en/document/level-2/warp.html This command installs the `wgcf-cli` tool, which is used for managing WireGuard configurations and generating profiles. ```bash bash -c "$(curl -L wgcf-cli.vercel.app)" ``` -------------------------------- ### Enable Nginx Auto-start on Boot Source: https://xtls.github.io/en/document/level-2/nginx_or_haproxy_tls_tunnel.html Enable the Nginx service to automatically start when the system boots up using systemctl. ```bash systemctl enable nginx ``` -------------------------------- ### Install Sudo Package Source: https://xtls.github.io/en/document/level-0/ch04-security.html Install the `sudo` package to allow non-root users to execute commands with root privileges. This command first updates the package list and then installs `sudo`. ```shell apt update && apt install sudo ``` -------------------------------- ### Enable WireGuard Auto-start on Boot Source: https://xtls.github.io/en/document/level-2/redirect.html Configure WireGuard to automatically start when the system boots up using systemctl commands. ```bash systemctl enable wg-quick@wg0 systemctl start wg-quick@wg0 ``` -------------------------------- ### Enable Xray Service Source: https://xtls.github.io/en/document/level-0/ch07-xray-server.html Ensure the Xray service starts automatically when the system boots up. ```shell sudo systemctl enable xray ``` -------------------------------- ### Example Certificate Issuance Log Source: https://xtls.github.io/en/document/level-0/ch06-certificates.html This is an example log output from a successful test certificate issuance. It shows the process from account registration to certificate finalization and download. ```log [Wed 30 Dec 2022 04:25:12 AM EST] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory [Wed 30 Dec 2022 04:25:13 AM EST] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory [Wed 30 Dec 2022 04:25:13 AM EST] Create account key ok. [Wed 30 Dec 2022 04:25:13 AM EST] Registering account: https://acme-staging-v02.api.letsencrypt.org/directory [Wed 30 Dec 2022 04:25:13 AM EST] Registered [Wed 30 Dec 2022 04:25:13 AM EST] ACCOUNT_THUMBPRINT='CU6qmPKuRqhyTAIrF4swosR375194z_1ddUlWef8xDc' [Wed 30 Dec 2022 04:25:13 AM EST] Creating domain key [Wed 30 Dec 2022 04:25:13 AM EST] The domain key is here: /home/vpsadmin/.acme.sh/subdomain.yourdomain.com_ecc/subdomain.yourdomain.com.key [Wed 30 Dec 2022 04:25:13 AM EST] Single domain='subdomain.yourdomain.com' [Wed 30 Dec 2022 04:25:13 AM EST] Getting domain auth token for each domain [Wed 30 Dec 2022 04:25:14 AM EST] Getting webroot for domain='subdomain.yourdomain.com' [Wed 30 Dec 2022 04:25:14 AM EST] Verifying: subdomain.yourdomain.com [Wed 30 Dec 2022 04:25:23 AM EST] Pending [Wed 30 Dec 2022 04:25:25 AM EST] Success [Wed 30 Dec 2022 04:25:25 AM EST] Verify finished, start to sign. [Wed 30 Dec 2022 04:25:25 AM EST] Lets finalize the order. [Wed 30 Dec 2022 04:25:25 AM EST] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/490205995/7730242871' [Wed 30 Dec 2022 04:25:25 AM EST] Downloading cert. [Wed 30 Dec 2022 04:25:25 AM EST] Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/xujss5xt8i38waubafz2xujss5xt8i38waubz2' [Wed 30 Dec 2022 15:21:52 AM EST] Cert success. --BEGIN CERTIFICAT-- sxlYqPvWreKgD5b8JyOQX0Yg2MLoRUoDyqVkd31PthIiwzdckoh5eD3JU7ysYBtN cTFK4LGOfjqi8Ks87EVJdK9IaSAu7ZC6h5to0eqpJ5PLhaM3e6yJBbHmYA8w1Smp wAb3tdoHZ9ttUIm9CrSzvDBt6BBT6GqYdDamMyCYBLooMyDEM4CUFsOzCRrEqqvC ... (omitted for brevity) ... yiLKcBFc5H7dgJCImo7us7aJeftC44uWkPIjw9AKH= --END CERTIFICAT-- [Wed 30 Dec 2022 15:21:52 AM EST] Your cert is in /home/vpsadmin/.acme.sh/subdomain.yourdomain.com_ecc/subdomain.yourdomain.com.cer [Wed 30 Dec 2022 15:21:52 AM EST] Your cert key is in /home/vpsadmin/.acme.sh/subdomain.yourdomain.com_ecc/subdomain.yourdomain.com.key [Wed 30 Dec 2022 15:21:52 AM EST] The intermediate CA cert is in /home/vpsadmin/.acme.sh/subdomain.yourdomain.com_ecc/ca.cer [Wed 30 Dec 2022 15:21:52 AM EST] And the full chain certs is there: /home/vpsadmin/.acme.sh/subdomain.yourdomain.com_ecc/fullchain.cer ``` -------------------------------- ### OutboundConfigurationObject JSON Example Source: https://xtls.github.io/en/config/outbounds/freedom.html A JSON object demonstrating the structure and possible values for outbound connection configuration. ```json { "domainStrategy": "AsIs", "redirect": "127.0.0.1:3366", "userLevel": 0, "fragment": { "packets": "tlshello", "length": "100-200", "interval": "10-20" // Unit: ms }, "noises": [ { "type": "base64", "packet": "7nQBAAABAAAAAAAABnQtcmluZwZtc2VkZ2UDbmV0AAABAAE=", "delay": "10-16" } ], "proxyProtocol": 0, "ipsBlocked": [] // Set explicitly to empty to disable default private IP blocking } ``` -------------------------------- ### Relevant Configuration: Inbounds Source: https://xtls.github.io/en/config/api.html Example of how to add an `api` inbound in the `inbounds` configuration. ```APIDOC ## Relevant Configuration: Inbounds ### Description This section shows how to configure an `api` inbound within the `inbounds` array. ### Configuration Example ```json "inbounds": [ { "listen": "127.0.0.1", "port": 10085, "protocol": "dokodemo-door", "settings": { "address": "127.0.0.1" }, "tag": "api" } ] ``` ### Parameters - **listen** (string) - The IP address for the inbound to listen on. - **port** (integer) - The port number for the inbound. - **protocol** (string) - The protocol to use for the inbound (e.g., `dokodemo-door`). - **settings** (object) - Protocol-specific settings. - **address** (string) - The address to forward traffic to. ``` -------------------------------- ### Download and Extract Nginx Source Source: https://xtls.github.io/en/document/level-2/nginx_or_haproxy_tls_tunnel.html Download the Nginx source code and extract it. Ensure you have the necessary build tools installed. ```bash curl -O -L http://nginx.org/download/nginx-1.22.1.tar.gz tar -zxvf nginx-1.22.1.tar.gz cd nginx-1.22.1 ``` -------------------------------- ### Create Website Directory and Index File Source: https://xtls.github.io/en/document/level-0/ch05-webpage.html Use this command to create the necessary directory structure for your website and open the index.html file in the nano editor. Ensure you replace '~' with your actual home directory if not using the 'vpsadmin' user. ```shell mkdir -p ~/www/webpage/ && nano ~/www/webpage/index.html ``` -------------------------------- ### Run Xray Client with Max Open Files Limit Source: https://xtls.github.io/en/document/level-2/iptables_gid.html This example demonstrates running the Xray client with a configured maximum open file limit. Ensure the config file path is correct. ```bash ulimit -SHn 1000000 sudo -u xray_tproxy xray -c /etc/xray/config.json & ``` -------------------------------- ### Xray Configuration Example: Base Settings Source: https://xtls.github.io/en/config/features/multiple.html This is the first configuration file, defining basic logging, an inbound SOCKS server, and a default outbound connection. ```json { "log": { "loglevel": "warning" }, "inbounds": [ { "tag": "socks", "protocol": "socks", "listen": "0.0.0.0", "port": 8888 } ], "outbounds": [ { "tag": "direct", "protocol": "freedom" } ] } ``` -------------------------------- ### Install acme.sh Source: https://xtls.github.io/en/document/level-0/ch06-certificates.html Use this command to download and install the acme.sh certificate management tool. Ensure you have wget installed. ```shell wget -O - https://get.acme.sh | sh ``` -------------------------------- ### xray-core Client Configuration Example Source: https://xtls.github.io/en/document/level-0/ch08-xray-clients.html This JSON configuration file sets up xray-core as a client. It includes settings for logging, DNS resolution with specific rules for domestic and foreign domains, and routing rules for ad blocking, direct domestic connections, and proxying foreign traffic. Ensure 'uuid', 'address', and 'serverName' are replaced with your specific details. ```json { // 1_Log Settings // Note: In this example, I commented out the log file by default because windows, macOS, and Linux require different paths. Please configure it yourself. "log": { // "access": "/home/local/xray_log/access.log", // Access record // "error": "/home/local/xray_log/error.log", // Error record "loglevel": "warning" // Content from least to most: "none", "error", "warning", "info", "debug" }, // 2_DNS Settings "dns": { "servers": [ // 2.1 Foreign domains use foreign DNS queries { "address": "1.1.1.1", "domains": ["geosite:geolocation-!cn"] }, // 2.2 Domestic domains use domestic DNS queries, expecting a domestic IP return. If not a domestic IP, discard and use the next query. { "address": "223.5.5.5", "domains": ["geosite:cn"], "expectIPs": ["geoip:cn"] }, // 2.3 As a backup for 2.2, perform a secondary query for domestic websites { "address": "114.114.114.114", "domains": ["geosite:cn"] }, // 2.4 Final backup: if all above fail, use local machine DNS "localhost" ] }, // 3_Routing Settings // Traffic splitting means traffic meeting certain conditions is processed by the outbound protocol with a specific `tag` (corresponding to content in 5.x) "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ // 3.1 Ad domain blocking { "domain": ["geosite:category-ads-all"], "outboundTag": "block" }, // 3.2 Domestic domains direct connection { "domain": ["geosite:cn"], "outboundTag": "direct" }, // 3.3 Foreign domains proxy { "domain": ["geosite:geolocation-!cn"], "outboundTag": "proxy" }, // 3.4 Traffic for domestic DNS query "223.5.5.5" is split to go through direct outbound { "ip": ["223.5.5.5"], ``` -------------------------------- ### Xray-core Configuration Example Source: https://xtls.github.io/en/document/level-2/redirect.html This JSON configuration outlines Xray-core settings, including API services, inbound/outbound configurations, policy definitions, and routing rules. It demonstrates various methods for directing traffic, such as using fwmark, sendThrough, or sockopt.interface. ```json { "api": { "services": [ "HandlerService", "LoggerService", "StatsService" ], "tag": "api" }, "inbounds": [ { "listen": "127.0.0.1", "port": , "protocol": "dokodemo-door", "settings": { "address": "127.0.0.1" }, "tag": "api" } ], "outbounds": [ { "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4" } // Modify here, can be v4 or v6 }, // <--Please choose between different schemes--> Scheme 1: fwmark { "protocol": "freedom", "tag": "wg0", "streamSettings": { "sockopt": { "mark": // } }, "settings": { "domainStrategy": "UseIPv6" } }, // Users with fwmark set to use the specified strategy "UseIPv6" or "UseIPv4" // <--Please choose between different schemes--> Scheme 2: sendThrough { "tag": "wg0", "protocol": "freedom", "sendThrough": "your wg0 v4 address", // Modify here, can be v4 or v6 "settings": { "domainStrategy": "UseIPv4" } // Modify here, can be v4 or v6 }, // <--Please choose between different schemes--> Scheme 3: sockopt.interface { "tag": "wg0", "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4" }, "streamSettings": { "sockopt": { "interface": "wg0" } } }, // <--Please choose between different schemes--> End { "protocol": "blackhole", "settings": {}, "tag": "blocked" } ], "policy": { "system": { "statsInboundDownlink": true, "statsInboundUplink": true } }, "routing": { "rules": [ { "inboundTag": [ "api" ], "outboundTag": "api" }, { "outboundTag": "wg0", "inboundTag": [ "" // Need to specify the Tag in inbound beforehand; here it's generated by api, domains can also be added, etc. ] }, { "outboundTag": "blocked", "protocol": [ "bittorrent" ] } ] }, "stats": {} } ``` -------------------------------- ### Upgrade Installed Linux Packages Source: https://xtls.github.io/en/document/level-0/ch03-ssh.html Installs the latest versions of all installed packages on the system. It is recommended to run 'apt update' first. Confirm the upgrade by typing 'y' when prompted. ```shell apt upgrade ``` -------------------------------- ### Client Encryption Configuration Example Source: https://xtls.github.io/en/development/protocols/vless.html Use 'auto' to let the client select the best encryption for the current machine. The format includes the encryption type, a beta version indicator (0), and a password. ```plaintext auto: ss_aes-128-gcm_0_123456, ss_chacha20-ietf-poly1305_0_987654 ``` -------------------------------- ### Install acme.sh and Apply for Certificate Source: https://xtls.github.io/en/document/level-1/fallbacks-with-sni.html Installs acme.sh, sets the Cloudflare API token, applies for a wildcard certificate using DNS-01 validation, and installs the certificate for Xray. Ensure you replace 'sdfsdfsdfljlbjkljlkjsdfoiwje' with your actual Cloudflare API Token. ```bash curl https://get.acme.sh | sh # Install acme.sh ``` ```bash export CF_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" # Set API Token variable ``` ```bash acme.sh --issue -d example.com -d *.example.com --dns dns_cf # Apply for certificate using DNS-01 validation ``` ```bash mkdir /etc/ssl/xray # Create directory for certificates ``` ```bash acme.sh --install-cert -d example.com --fullchain-file /etc/ssl/xray/cert.pem --key-file /etc/ssl/xray/privkey.key --reloadcmd "chown nobody:nogroup -R /etc/ssl/xray && systemctl restart xray" # Install certificate to the specified directory and set the command to run after auto-renewal ``` -------------------------------- ### Generate ECH Server Keys Source: https://xtls.github.io/en/config/transport.html Use this command to generate ECH Server Keys for enabling Encrypted Client Hello on the server. Replace 'example.com' with your desired SNI. ```bash xray tls ech --serverName example.com ``` -------------------------------- ### Xray Traffic Statistics Output Example Source: https://xtls.github.io/en/document/level-2/traffic_stats.html This is an example of the JSON output you can expect when querying traffic statistics from the Xray API. ```json { "stat": [ { "name": "inbound>>>vmess-quic>>>traffic>>>downlink", "value": "1176" }, { "name": "user>>>love@example.com>>>traffic>>>downlink", "value": "2040" }, { "name": "inbound>>>api>>>traffic>>>uplink", "value": "14247" }, { "name": "user>>>love@example.com>>>traffic>>>uplink", "value": "2520" }, { "name": "inbound>>>api>>>traffic>>>downlink", "value": "87618" }, { "name": "outbound>>>direct>>>traffic>>>downlink", "value": "0" }, { "name": "inbound>>>vmess-quic>>>traffic>>>uplink", "value": "1691" }, { "name": "outbound>>>direct>>>traffic>>>uplink", "value": "0" } ] } ``` -------------------------------- ### Install HAProxy Source: https://xtls.github.io/en/document/level-2/nginx_or_haproxy_tls_tunnel.html This command installs HAProxy using the package manager. It is required for building HTTPS tunnels and requires OpenSSL support. ```bash pacman -Su haproxy or apt install haproxy ``` -------------------------------- ### Download and Install Caddy with Proxy Protocol Module Source: https://xtls.github.io/en/document/level-1/fallbacks-with-sni.html Downloads a custom Caddy binary with the Proxy Protocol module enabled. Ensure you have curl and sudo privileges. ```bash sudo curl -o /usr/bin/caddy "https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fmastercactapus%2Fcaddy2-proxyprotocol&idempotency=79074247675458" sudo chmod +x /usr/bin/caddy ``` -------------------------------- ### Delete Xray Installation Script Source: https://xtls.github.io/en/document/level-0/ch07-xray-server.html Remove the installation script after use with the rm command. It's good practice to clean up downloaded scripts. ```shell rm ~/install-release.sh ``` -------------------------------- ### Run Xray with Multiple Configuration Files Source: https://xtls.github.io/en/config/features/multiple.html Use the `run` command with the `-confdir` flag to specify a directory containing multiple configuration files. The startup log will show each file being read in sequence. ```shell $ xray run -confdir /etc/xray/confs ``` -------------------------------- ### Install iptables modules on OpenWrt Source: https://xtls.github.io/en/document/level-2/iptables_gid.html Installs necessary iptables modules for TProxy and extra functionalities on OpenWrt systems. Ensure these dependencies are met before proceeding. ```bash opkg install sudo iptables-mod-tproxy iptables-mod-extra ``` -------------------------------- ### Install Xray dependencies on OpenWrt Source: https://xtls.github.io/en/document/level-2/iptables_gid.html Installs essential libraries like libopenssl and ca-certificates required for Xray to run on OpenWrt. Missing these may cause Xray to fail. ```bash opkg install libopenssl ca-certificates ``` -------------------------------- ### Install TLS Certificate for Xray Source: https://xtls.github.io/en/document/level-0/ch07-xray-server.html Use acme.sh to install the TLS certificate for Xray. This command specifies the domain, certificate type, and output file paths for the certificate and key. ```shell acme.sh --install-cert -d subdomain.yourdomain.com --ecc \ --fullchain-file ~/xray_cert/xray.crt \ --key-file ~/xray_cert/xray.key ``` -------------------------------- ### Add a New User in Linux Source: https://xtls.github.io/en/document/level-0/ch04-security.html Use the `adduser` command to create a new user account on the system. Follow the prompts to set a password and user information. It is recommended to use a unique username other than the example 'vpsadmin'. ```shell adduser vpsadmin ``` -------------------------------- ### Install Certificate with acme.sh Source: https://xtls.github.io/en/document/level-0/ch06-certificates.html Installs the obtained SSL/TLS certificate to the specified locations. This command is used after successfully issuing a certificate and requires paths for the certificate, key, and full chain. ```shell vpsadmin@vps-server:~$ acme.sh --installcert -d subdomain.yourdomain.com --cert-file /path/to/installation/cert.crt --key-file /path/to/installation/cert.key --fullchain-file /path/to/installation/fullchain.crt --ecc [Mon 14 Feb 2022 03:00:25 PM CST] Installing cert to: /etc/xray/cert/cert.crt [Mon 14 Feb 2022 03:00:25 PM CST] Installing key to: /etc/xray/cert/cert.key [Mon 14 Feb 2022 03:00:25 PM CST] Installing full chain to: /etc/xray/cert/fullchain.crt ``` -------------------------------- ### Xray Basic Commands Source: https://xtls.github.io/en/document/command.html Run `xray help` to view available commands and their descriptions. This provides a general overview of Xray's capabilities. ```bash Xray is a platform for building proxies. Usage: xray [arguments] The commands are: run Run Xray with config, the default command version Show current version of Xray api Call an API in an Xray process convert Convert configs tls TLS tools uuid Generate UUIDv4 or UUIDv5 (VLESS) x25519 Generate key pair for X25519 key exchange (REALITY, VLESS Encryption) wg Generate key pair for X25519 key exchange (WireGuard) mldsa65 Generate key pair for ML-DSA-65 post-quantum signature (REALITY) mlkem768 Generate key pair for ML-KEM-768 post-quantum key exchange (VLESS Encryption) vlessenc Generate decryption/encryption json pair (VLESS Encryption) Use "xray help " for more information about a command. ``` -------------------------------- ### Socks Inbound Configuration Example Source: https://xtls.github.io/en/config/inbounds/socks.html This is a basic example of the Socks inbound configuration. Use 'noauth' for anonymous access or 'password' with 'accounts' for user authentication. UDP is disabled by default. ```json { "auth": "noauth", "accounts": [ { "user": "my-username", "pass": "my-password" } ], "udp": false, "ip": "127.0.0.1", "userLevel": 0 } ``` -------------------------------- ### Example Expvar JSON Output Source: https://xtls.github.io/en/config/metrics.html This is an example of the JSON output you can expect from the expvar endpoint, showing observatory and stats data. Standard expvar content like cmdline and memstats are omitted. ```json { "observatory": { "tcp_outbound": { "alive": true, "delay": 782, "outbound_tag": "tcp_outbound", "last_seen_time": 1648477189, "last_try_time": 1648477189 }, "udp_outbound": { "alive": true, "delay": 779, "outbound_tag": "udp_outbound", "last_seen_time": 1648477191, "last_try_time": 1648477191 } }, "stats": { "inbound": { "api": { "downlink": 0, "uplink": 0 }, "dns_server_inbound_5300": { "downlink": 14286, "uplink": 5857 }, "http_inbound": { "downlink": 74460, "uplink": 10231 }, "https_inbound": { "downlink": 0, "uplink": 0 }, "metrics": { "downlink": 6327, "uplink": 1347 }, "socks_inbound": { "downlink": 19925615, "uplink": 5512 }, "tproxy_tcp_inbound": { "downlink": 4739161, "uplink": 1568869 }, "tproxy_udp_inbound": { "downlink": 0, "uplink": 2608142 } }, "outbound": { "blackhole_outbound": { "downlink": 0, "uplink": 0 }, "direct": { "downlink": 97714548, "uplink": 3234617 }, "dns_server_outbound": { "downlink": 7116, "uplink": 2229 }, "manual_tproxy_outbound_tcp_1": { "downlink": 0, "uplink": 0 }, "manual_tproxy_outbound_udp_1": { "downlink": 0, "uplink": 0 }, "tcp_outbound": { "downlink": 23873238, "uplink": 1049595 }, "udp_outbound": { "downlink": 639282, "uplink": 74634 } }, "user": {} } } ``` -------------------------------- ### Load Balancer Configuration Example Source: https://xtls.github.io/en/config/routing.html This JSON snippet demonstrates a complete load balancer configuration within Xray's routing settings. It includes rules for directing traffic and defining load balancers with specific strategies. ```json "routing": { "rules": [ { "inboundTag": [ "in" ], "balancerTag": "round" } ], "balancers" : [ { "selector": [ "out" ], "strategy": { "type":"roundRobin" }, "tag": "round" } ] }, "inbounds": [ { // Inbound config "tag": "in" } ], "outbounds": [ { // Outbound config "tag": "out1" }, { // Outbound config "tag": "out2" } ] ``` -------------------------------- ### Install Latest Debian Kernel from Backports Source: https://xtls.github.io/en/document/level-0/ch07-xray-server.html Update package lists and install the latest official Debian kernel from the backports repository. Ensure you select the correct architecture for your VPS (e.g., amd64). ```shell sudo apt update && sudo apt -t buster-backports install linux-image-amd64 ``` -------------------------------- ### Run Go Generate for Formatting Source: https://xtls.github.io/en/development/intro/guide.html Execute this command before every push to format Golang code according to project standards. ```bash go generate core/format.go ``` -------------------------------- ### InboundObject Configuration Example Source: https://xtls.github.io/en/config/inbound.html This is a basic example of an InboundObject configuration within the 'inbounds' array. It specifies listening on localhost, port 1080, using a 'protocol_name' protocol, and enabling traffic sniffing for HTTP and TLS. ```json { "inbounds": [ { "listen": "127.0.0.1", "port": 1080, "protocol": "protocol_name", "settings": {}, "streamSettings": {}, "tag": "identifier", "sniffing": { "enabled": true, "destOverride": ["http", "tls"] } } ] } ```