### Example: Start Xray Client with Max Open Files Limit Source: https://xtls.github.io/ru/document/level-2/iptables_gid.html An example command to start the Xray client with the maximum open files limit set and running in the background. ```bash ulimit -SHn 1000000 sudo -u xray_tproxy xray -c /etc/xray/config.json & ``` -------------------------------- ### Install Dependencies and Run Docs Locally Source: https://xtls.github.io/ru/document/document.html Install project dependencies using pnpm and start the local development server for previewing documentation. ```bash pnpm install pnpm run docs:dev ``` -------------------------------- ### Download Xray Installation Script Source: https://xtls.github.io/ru/document/level-0/ch07-xray-server.html Use wget to download the official Xray installation script from GitHub. This is the first step in installing Xray on your server. ```shell wget https://github.com/XTLS/Xray-install/raw/main/install-release.sh ``` -------------------------------- ### Install Nginx Source: https://xtls.github.io/ru/document/level-1/fallbacks-with-sni.html Installs Nginx from the official repository. Ensure you have curl, gnupg2, ca-certificates, and lsb-release installed. ```bash sudo apt install curl gnupg2 ca-certificates lsb-release echo "deb [arch=amd64] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \ | sudo tee /etc/apt/sources.list.d/nginx.list curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add - sudo apt update sudo apt install nginx ``` -------------------------------- ### Process Matching Examples Source: https://xtls.github.io/ru/config/routing.html Examples for matching network connections based on the process name or path. Supports Windows and Linux. ```json ["curl"] ``` ```json ["C:/Windows/System32/curl.exe"] ``` ```json ["C:/Windows/System32/"] ``` -------------------------------- ### Download and Install acme.sh Source: https://xtls.github.io/ru/document/level-0/ch06-certificates.html Use wget to download the acme.sh installation script and pipe it to sh for execution. This command installs the acme.sh utility for certificate management. ```shell wget -O - https://get.acme.sh | sh ``` -------------------------------- ### Install wgcf-cli Source: https://xtls.github.io/ru/document/level-2/warp.html This command downloads and executes a script to install the `wgcf-cli` tool, which is used for managing WireGuard configurations. ```bash bash -c "$(curl -L wgcf-cli.vercel.app)" ``` -------------------------------- ### TLS Settings Example Source: https://xtls.github.io/ru/config/transports/tls.html Example configuration for TLS settings within an outbound stream. ```json { // пример для outbound, аналогично применимо к inbound "outbounds": [ { // ... "streamSettings": { "security": "tls", "tlsSettings": { "serverName": "xray.com", "verifyPeerCertByName": "", "rejectUnknownSni": false, "allowInsecure": false, "alpn": ["h2", "http/1.1"], "minVersion": "1.2", "maxVersion": "1.3", "cipherSuites": "Укажите нужные наборы шифров, разделяя их двоеточием", "certificates": [], "disableSystemRoot": false, "enableSessionResumption": false, "fingerprint": "", "pinnedPeerCertSha256": "", "curvePreferences": [""], "masterKeyLog": "", "echServerKeys": "", "echConfigList": "", "echSockopt": {} } } } ] } ``` -------------------------------- ### Execute Xray Installation Script Source: https://xtls.github.io/ru/document/level-0/ch07-xray-server.html Run the downloaded installation script using sudo bash to install Xray. This command executes the script with administrative privileges. ```shell sudo bash install-release.sh ``` -------------------------------- ### VMess Outbound Configuration Example Source: https://xtls.github.io/ru/config/outbounds/vmess.html Example of VMess settings within an outbound configuration object. ```json { "outbounds": [ { // ... "protocol": "vmess", "settings": { "id": "5783a3e7-e373-51cd-8642-c83782b807c5", "security": "auto", "level": 0, "experiments": "" } } ] } ``` -------------------------------- ### InboundObject Example Source: https://xtls.github.io/ru/config/inbound.html A basic example of an InboundObject configuration within the 'inbounds' array. ```json { "inbounds": [ { "listen": "127.0.0.1", "port": 1080, "protocol": "название протокола", "settings": {}, "streamSettings": {}, "tag": "тег", "sniffing": { "enabled": true, "destOverride": ["http", "tls"] } } ] } ``` -------------------------------- ### Install Sudo Package Source: https://xtls.github.io/ru/document/level-0/ch04-security.html Install the `sudo` package to allow regular users to execute commands with superuser privileges. This command first updates the package list and then installs `sudo`. ```shell apt update && apt install sudo ``` -------------------------------- ### Install Nginx Source: https://xtls.github.io/ru/document/level-0/ch05-webpage.html Installs the Nginx web server on Debian-based systems. This is a prerequisite for hosting your website. ```shell sudo apt update && sudo apt install nginx ``` -------------------------------- ### Install additional dependencies for OpenWRT Source: https://xtls.github.io/ru/document/level-2/iptables_gid.html Installs essential libraries for running Xray on OpenWRT. These dependencies might be required for Xray to function correctly. ```bash opkg install libopenssl ca-certificates ``` -------------------------------- ### Configure Automatic WireGuard Startup Source: https://xtls.github.io/ru/document/level-2/redirect.html These commands configure the system to automatically start the WireGuard tunnel 'wg0' on boot and then start it immediately. ```bash systemctl enable wg-quick@wg0 systemctl start wg-quick@wg0 ``` -------------------------------- ### mKCP Outbound Configuration Example Source: https://xtls.github.io/ru/config/transports/mkcp.html This JSON snippet shows an example of how to configure mKCP settings for an outbound connection in Xray. Ensure firewall configurations are correct on the host. ```json { // outbound example; also applies to inbound "outbounds": [ { // ... "streamSettings": { "network": "mkcp", "kcpSettings": { "mtu": 1350, "tti": 20, "uplinkCapacity": 5, "downlinkCapacity": 20, "congestion": false, "readBufferSize": 1, "writeBufferSize": 1 } } } ] } ``` -------------------------------- ### Start Xray Service Source: https://xtls.github.io/ru/document/level-0/ch07-xray-server.html Use this command to start the Xray service. Ensure you have the necessary permissions to write to log files and read certificate files. ```shell sudo systemctl start xray ``` -------------------------------- ### Install openresolv Package Source: https://xtls.github.io/ru/document/level-2/redirect.html This command installs the openresolv package, which is required if you are using the DNS field in the WireGuard interface configuration. ```bash apt install openresolv ``` -------------------------------- ### VMess Inbound Configuration Example Source: https://xtls.github.io/ru/config/inbounds/vmess.html Example of a VMess inbound configuration object, specifying users and default settings. ```json { "inbounds": [ { // ... "protocol": "vmess", "settings": { "users": [ { "id": "5783a3e7-e373-51cd-8642-c83782b807c5", "level": 0, "email": "love@xray.com" } ], "default": { "level": 0 } } } ] } ``` -------------------------------- ### SockoptObject Example Source: https://xtls.github.io/ru/config/transports/sockopt.html An example of SockoptObject configuration within an outbound stream settings. This structure is applicable to inbound settings as well. ```json { // example for outbound, similarly applicable to inbound "outbounds": [ { // ... "streamSettings": { "sockopt": { "mark": 0, "tcpMaxSeg": 1440, "tcpFastOpen": false, "tproxy": "off", "domainStrategy": "AsIs", "happyEyeballs": {}, "dialerProxy": "", "acceptProxyProtocol": false, "trustedXForwardedFor": [], "tcpKeepAliveInterval": 0, "tcpKeepAliveIdle": 300, "tcpUserTimeout": 10000, "tcpcongestion": "bbr", "interface": "wg0", "V6Only": false, "tcpWindowClamp": 600, "tcpMptcp": false, "addressPortStrategy": "", "customSockopt": [] } } } ] } ``` -------------------------------- ### SniffingObject Configuration Example Source: https://xtls.github.io/ru/config/inbound.html This is a basic example of the SniffingObject configuration, enabling traffic sniffing and setting destination overrides. ```json { "enabled": true, "destOverride": ["http", "tls", "fakedns"], "metadataOnly": false, "domainsExcluded": [], "ipsExcluded": [], "routeOnly": false } ``` -------------------------------- ### DNS Configuration Example for Wireguard Source: https://xtls.github.io/ru/config/outbounds/wireguard.html Example of DNS settings that can be used in conjunction with Wireguard outbound. It shows how to configure DNS servers and query strategies. ```json { "dns": { "servers": [ "https://1.1.1.1/dns-query", { "address": "https://1.1.1.1/dns-query", "domains": ["geosite:openai"], "skipFallback": true, "queryStrategy": "UseIPv6" // Запрос только AAAA-записей } ], "queryStrategy": "UseIP" // Запрос A и AAAA одновременно. Если не указано, используется значение по умолчанию UseIP. } } ``` -------------------------------- ### Freedom Outbound Configuration Example Source: https://xtls.github.io/ru/config/outbounds/freedom.html Example configuration for the freedom outbound protocol, demonstrating various settings like domain strategy, redirection, fragmentation, and noise. ```json { "outbounds": [ { // ... "protocol": "freedom", "settings": { "domainStrategy": "AsIs", "redirect": "127.0.0.1:3366", "userLevel": 0, "fragment": { "packets": "tlshello", "length": "100-200", "interval": "10-20" // единица измерения: мс }, "noises": [ { "type": "base64", "packet": "7nQBAAABAAAAAAAABnQtcmluZwZtc2VkZ2UDbmV0AAABAAE=", "delay": "10-16" } ], "proxyProtocol": 0, "finalRules": [ { "action": "block", "network": "tcp", "port": "22,25,465,587" }, { "action": "block", "ip": ["geoip:cn"] } ] } } ] } ``` -------------------------------- ### Start WireGuard Tunnel Source: https://xtls.github.io/ru/document/level-2/redirect.html This command starts the WireGuard tunnel interface named 'wg0'. Ensure WireGuard is installed and configured before running this command. ```bash wg-quick up wg0 ``` -------------------------------- ### Create Website Directory and Index File Source: https://xtls.github.io/ru/document/level-0/ch05-webpage.html Creates a directory for the website and opens an index.html file in the nano editor. Ensure the path matches your username if not 'vpsadmin'. ```shell mkdir -p ~/www/webpage/ && nano ~/www/webpage/index.html ``` -------------------------------- ### Xray configuration for transparent proxying Source: https://xtls.github.io/ru/document/level-2/iptables_gid.html Example Xray configuration using 'dokodemo-door' inbound with TPROXY enabled. This setup listens on port 12345 and follows redirects, suitable for transparent proxying. ```json { "inbounds": [ { "port": 12345, "protocol": "dokodemo-door", "settings": { "allowedNetwork": "tcp,udp", "followRedirect": true }, "streamSettings": { "sockopt": { "tproxy": "tproxy" } } } ], "outbounds": [ { // Конфигурация вашего сервера } ] } ``` -------------------------------- ### Example Configuration File 1 Source: https://xtls.github.io/ru/config/features/multiple.html This is the first configuration file, defining log level, an inbound SOCKS server, and a direct outbound. ```json { "log": { "loglevel": "warning" }, "inbounds": [ { "tag": "socks", "protocol": "socks", "listen": "0.0.0.0", "port": 8888 } ], "outbounds": [ { "tag": "direct", "protocol": "freedom" } ] } ``` -------------------------------- ### VLESS Reverse Proxy Configuration Source: https://xtls.github.io/ru/config/outbounds/vless.html Example configuration for a VLESS reverse proxy inbound. This setup allows for preserving the real source IP address and registering a tunnel for the reverse proxy server. ```json { "reverse": { "tag": "r-inbound", "sniffing": {} } } ``` -------------------------------- ### Run xray-core on Linux/macOS Source: https://xtls.github.io/ru/document/level-0/ch08-xray-clients.html Execute this command on Linux or macOS to run xray-core, providing the paths to the binary and its configuration file. The paths shown are examples and may need adjustment based on your system setup. ```shell /usr/local/bin/xray -c /usr/local/etc/xray/config.json ``` -------------------------------- ### Example Configuration File 3 (with tail) Source: https://xtls.github.io/ru/config/features/multiple.html This configuration file adds a new outbound. Because its filename contains 'tail', it will be appended to the outbounds list. ```json { "outbounds": [ { "tag": "direct2", "protocol": "freedom" } ] } ``` -------------------------------- ### Running Xray with Browser Dialer Source: https://xtls.github.io/ru/config/features/browser_dialer.html To enable the Browser Dialer, Xray needs to be started with a specific environment variable pointing to the local address and port it will listen on. This example shows how to set the environment variable and run the Xray core. ```bash set XRAY_BROWSER_DIALER=127.0.0.1:8080 ./xray -c config.json ``` -------------------------------- ### Install SSL Certificate Source: https://xtls.github.io/ru/document/level-0/ch06-certificates.html Use this command to install the obtained certificate, key, and fullchain files to their designated locations. Ensure the paths provided are correct for your system and specify the --ecc flag if using an ECC certificate. ```shell vpsadmin@vps-server:~$ acme.sh --installcert -d поддомен.ваш_домен.com --cert-file /путь/к/папке/cert.crt --key-file /путь/к/папке/cert.key --fullchain-file /путь/к/папке/fullchain.crt --ecc [Mon 14 Feb 2022 03:00:25 PM CST] Installing cert to: /etc/xray/cert/cert.crt [Mon 14 Feb 2022 03:00:25 PM CST] Installing key to: /etc/xray/cert/cert.key [Mon 14 Feb 2022 03:00:25 PM CST] Installing full chain to: /etc/xray/cert/fullchain.crt ``` -------------------------------- ### Install Linux Software Updates Source: https://xtls.github.io/ru/document/level-0/ch03-ssh.html Use `apt upgrade` to install the updates for all installed packages on your system. You will be prompted to confirm the installation by entering 'y'. ```shell apt upgrade ``` -------------------------------- ### Example Configuration File 2 Source: https://xtls.github.io/ru/config/features/multiple.html This second configuration file overrides the log level and modifies the inbound SOCKS port and adds a blackhole outbound. ```json { "log": { "loglevel": "debug" }, "inbounds": [ { "tag": "socks", "protocol": "socks", "listen": "127.0.0.1", "port": 1080 } ], "outbounds": [ { "tag": "block", "protocol": "blackhole" } ] } ``` -------------------------------- ### xray-core Client Configuration Example Source: https://xtls.github.io/ru/document/level-0/ch08-xray-clients.html This is a typical configuration file for xray-core, serving as both a server and client configuration. It includes settings for logging, DNS, routing, inbound, and outbound connections. Ensure you replace placeholders like 'uuid', 'address', and 'serverName' with your specific details. ```json { // 1_Настройки логирования // В этом примере я закомментировал настройки файлов логов, потому что в Windows, macOS и Linux используются разные пути. Укажите свои пути. "log": { // "access": "/home/local/xray_log/access.log", // Файл для записи логов доступа // "error": "/home/local/xray_log/error.log", // Файл для записи логов ошибок "loglevel": "warning" // Уровень детализации логов: "none", "error", "warning", "info", "debug" (от меньшего к большему) }, // 2_Настройки DNS "dns": { "servers": [ // 2.1 Запросы к зарубежным доменам отправляем на зарубежный DNS-сервер { "address": "1.1.1.1", "domains": ["geosite:geolocation-!cn"] }, // 2.2 Запросы к китайским доменам отправляем на китайский DNS-сервер и ожидаем получить китайский IP-адрес. Если адрес не китайский, используем следующий DNS-сервер { "address": "223.5.5.5", "domains": ["geosite:cn"], "expectIPs": ["geoip:cn"] }, // 2.3 Резервный китайский DNS-сервер { "address": "114.114.114.114", "domains": ["geosite:cn"] }, // 2.4 Если все предыдущие DNS-серверы не ответили, используем локальный DNS-сервер "localhost" ] }, // 3_Настройки маршрутизации // Маршрутизация позволяет перенаправлять трафик, соответствующий определённым условиям, на определённое исходящее подключение (см. раздел 5). "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ // 3.1 Блокировка рекламных доменов { "domain": ["geosite:category-ads-all"], "outboundTag": "block" }, // 3.2 Прямое подключение к китайским доменам { "domain": ["geosite:cn"], "outboundTag": "direct" }, // 3.3 Проксирование трафика на зарубежные домены { "domain": ["geosite:geolocation-!cn"], "outboundTag": "proxy" }, // 3.4 Трафик, который идёт на DNS-сервер 223.5.5.5, отправляем напрямую { "ip": ["223.5.5.5"], "outboundTag": "direct" }, // 3.5 Прямое подключение к китайским IP-адресам { ``` -------------------------------- ### Add a New User Source: https://xtls.github.io/ru/document/level-0/ch04-security.html Use the `adduser` command to create a new user account on your system. Follow the on-screen prompts to set a password and user details. It is recommended to use a username other than 'vpsadmin' for better security. ```shell adduser vpsadmin ``` -------------------------------- ### Basic Configuration File Structure Source: https://xtls.github.io/ru/config This is a template for creating a configuration file. It includes sections for documentation basis, the configuration itself, key explanations, and unconfirmed items. ```jsonc { // Напиши конфигурацию здесь } ``` -------------------------------- ### HAProxy Installation Source: https://xtls.github.io/ru/document/level-2/nginx_or_haproxy_tls_tunnel.html Commands for installing HAProxy on Arch Linux (pacman) or Debian/Ubuntu (apt). ```bash pacman -Su haproxy apt install haproxy ``` -------------------------------- ### Xray-core Configuration Example Source: https://xtls.github.io/ru/document/level-2/redirect.html This JSON configuration sets up API services, inbound listeners, and outbound routing rules for Xray-core. It includes options for handling traffic via different methods like fwmark, sendThrough, or sockopt.interface, and a blackhole for blocked protocols. ```json { "api": { "services": ["HandlerService", "LoggerService", "StatsService"], "tag": "api" }, "inbounds": [ { "listen": "127.0.0.1", "port": 12345, // "protocol": "dokodemo-door", "settings": { "rewriteAddress": "127.0.0.1" }, "tag": "api" } ], "outbounds": [ { "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4" } // Измените на UseIPv4 или UseIPv6 по вашему выбору }, // <--Выберите один из вариантов--> Вариант 1: fwmark { "protocol": "freedom", "tag": "wg0", "streamSettings": { "sockopt": { "mark": 255 // } }, "settings": { "domainStrategy": "UseIPv6" } }, // Трафик с меткой fwmark, равной , будет направлен через UseIPv6/UseIPv4. // <--Выберите один из вариантов--> Вариант 2: sendThrough { "tag": "wg0", "protocol": "freedom", "sendThrough": "your wg0 v4 address", // Измените на UseIPv4 или UseIPv6 по вашему выбору "settings": { "domainStrategy": "UseIPv4" } // Измените на UseIPv4 или UseIPv6 по вашему выбору }, // <--Выберите один из вариантов--> Вариант 3: sockopt.interface { "tag": "wg0", "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4" }, "streamSettings": { "sockopt": { "interface": "wg0" } } }, // <--Выберите один из вариантов--> Конец { "protocol": "blackhole", "settings": {}, "tag": "blocked" } ], "policy": { "system": { "statsInboundDownlink": true, "statsInboundUplink": true } }, "routing": { "rules": [ { "inboundTag": ["api"], "outboundTag": "api" }, { "outboundTag": "wg0", "inboundTag": [ "" // Укажите тег входящего подключения, определенный ранее в разделе inbound. // Здесь используется тег api, сгенерированный автоматически. Вы также можете добавить доменные имена и т.д. ] }, { "outboundTag": "blocked", "protocol": ["bittorrent"] } ] }, "stats": {} } ``` -------------------------------- ### Install Caddy with Proxy Protocol Module Source: https://xtls.github.io/ru/document/level-1/fallbacks-with-sni.html Downloads and installs a custom Caddy binary compiled with the Proxy Protocol module. This ensures Caddy can correctly handle real IP addresses from proxy services. ```bash sudo curl -o /usr/bin/caddy "https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fmastercactapus%2Fcaddy2-proxyprotocol&idempotency=79074247675458" sudo chmod +x /usr/bin/caddy ``` -------------------------------- ### Trojan Inbound Configuration Example Source: https://xtls.github.io/ru/config/inbounds/trojan.html Example of an InboundConfigurationObject for the Trojan protocol, specifying users and fallback destinations. ```json { "inbounds": [ { // ... "protocol": "trojan", "settings": { "users": [ { "password": "password", "email": "love@xray.com", "level": 0 } ], "fallbacks": [ { "dest": 80 } ] } } ] } ``` -------------------------------- ### Clone Xray Repository and Download Dependencies Source: https://xtls.github.io/ru/development/intro/compile.html Clone the Xray-core repository and download its Go module dependencies. This is the initial step before building the binary. ```bash git clone https://github.com/XTLS/Xray-core.git cd Xray-core && go mod download ``` -------------------------------- ### Hysteria Outbound Configuration Example Source: https://xtls.github.io/ru/config/outbounds/hysteria.html Example of an `OutboundConfigurationObject` for Hysteria. It specifies the protocol and connection details like address and port. ```json { "outbounds": [ { // ... "protocol": "hysteria", "settings": { "version": 2, "address": "192.168.108.1", "port": 3128 } } ] } ``` -------------------------------- ### HTTP Request Attribute Matching Examples Source: https://xtls.github.io/ru/config/routing.html Examples of matching HTTP request attributes like method, path, and content type. ```json { ":method": "GET" } ``` ```json { ":path": "/test" } ``` ```json { "accept": "text/html" } ``` -------------------------------- ### Socks Inbound Configuration Example Source: https://xtls.github.io/ru/config/inbounds/socks.html Example of a Socks inbound configuration object. This shows settings for authentication, user credentials, UDP support, IP address, and user level. ```json { "inbounds": [ { // ... "protocol": "socks", "settings": { "auth": "noauth", "users": [ { "user": "my-username", "pass": "my-password" } ], "udp": false, "ip": "127.0.0.1", "userLevel": 0 } } ] } ```