Paimon

Paimon

👀谢谢关注喵
HomeArchivesNTF

Xray Installation Process

368
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This is a set of commands to install and configure Nginx, Xray, and optimize the system. It includes installing Nginx, creating a webpage directory, modifying the nginx.conf file, creating a cron job for certificate renewal, configuring Xray, modifying template files, starting Xray, enabling BBR, enabling HTTP to HTTPS redirection, and restarting Xray.

Install Nginx

sudo apt update && sudo apt install -y nginx 
mkdir -p /home/xray/webpage/ && cd /home/xray/webpage/
apt install unzip && wget -O web.zip --no-check-certificate https://html5up.net/phantom/download && unzip web.zip && rm web.zip

Modify nginx.conf#

# Remove default port 80 occupation
sed -i '/\/etc\/nginx\/sites-enabled\//d' /etc/nginx/nginx.conf

# Copy all start
cat>/etc/nginx/conf.d/xray.conf<<EOF
server {
	listen 80;
	server_name yourdomain;
	root /home/xray/webpage/;
	index index.html;
}
EOF
# end

# Replace your domain
sed -i 's/yourdomain/your domain/' /etc/nginx/conf.d/xray.conf

systemctl reload nginx

# Access http://yourdomain, if it displays correctly, it is successful

Apply for a certificate

wget -O -  https://get.acme.sh | sh && cd ~ && . .bashrc
acme.sh --upgrade --auto-upgrade
acme.sh --issue --server letsencrypt --test -d your domain -w /home/xray/webpage --keylength ec-256
# If this step fails, there are several common reasons:
# 1. Port 80 is not open or nginx is not started properly. acme requires that the domain name be accessible via "http://your domain"
# 2. The failure count exceeds 5 times and is banned. acme allows a maximum of 5 applications for a domain name in one day. If it exceeds 5 times, you need to wait until the next day.
acme.sh --set-default-ca --server letsencrypt
acme.sh --issue -d your domain -w /home/xray/webpage --keylength ec-256 --force

Install Xray

Script installation#

wget https://github.com/XTLS/Xray-install/raw/main/install-release.sh && bash install-release.sh && rm install-release.sh

Manual installation (optional)#

Skip this step if you choose script installation

# Unzip to the xray folder under the root directory
wget https://github.com/XTLS/Xray-core/releases/download/v1.5.10/Xray-linux-64.zip -O xray.zip && unzip xray.zip -d /root/xray/ && rm xray.zip

# Create systemd deployment start
cat>/etc/systemd/system/xray.service<<EOF
[Unit]
Description=Xray Service
Documentation=https://github.com/xtls
After=network.target nss-lookup.target
[Service]
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/root/xray/xray run -config /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23
LimitNPROC=10000
LimitNOFILE=1000000
[Install]
WantedBy=multi-user.target
EOF
# end

Configure TLS certificate for Xray

mkdir -p /home/xray/xray_cert && acme.sh --install-cert -d your domain --ecc --fullchain-file /home/xray/xray_cert/xray.crt --key-file /home/xray/xray_cert/xray.key && chmod +r /home/xray/xray_cert/xray.key

Automatic renewal of expiring certificates

# Create and write
cat>/home/xray/xray_cert/xray-cert-renew.sh<<EOF
#!/bin/bash

/root/.acme.sh/acme.sh --install-cert -d yourdomain --ecc --fullchain-file /home/xray/xray_cert/xray.crt --key-file /home/xray/xray_cert/xray.key
echo "Xray Certificates Renewed"

chmod +r /home/xray/xray_cert/xray.key
echo "Read Permission Granted for Private Key"

sudo systemctl restart xray
echo "Xray Restarted"
EOF

# Replace your domain
sed -i 's/yourdomain/your domain/'  /home/xray/xray_cert/xray-cert-renew.sh

Create a cron job

chmod +x /home/xray/xray_cert/xray-cert-renew.sh

( crontab -l | grep -v "0 1 1 * *   bash /home/xray/xray_cert/xray-cert-renew.sh"; echo "0 1 1 * *   bash /home/xray/xray_cert/xray-cert-renew.sh" ) | crontab -

Configure Xray

xray uuid

# Custom log (optional) start
# Default log location /var/log/xray
mkdir /home/xray/xray_log && touch /home/xray/xray_log/access.log && touch /home/xray/xray_log/error.log && chmod a+w /home/xray/xray_log/*.log
# end

Modify the template file

Configuration file template library

wget https://raw.githubusercontent.com/XTLS/Xray-examples/main/Trojan-TCP-XTLS/config_server.json -O /usr/local/etc/xray/config.json

sed -i 's/\/path\/to\/cert/\/home\/xray\/xray_cert\/xray.crt/' /usr/local/etc/xray/config.json

sed -i 's/\/path\/to\/key/\/home\/xray\/xray_cert\/xray.key/' /usr/local/etc/xray/config.json

Start Xray

systemctl start xray && systemctl enable xray

Optimization

Enable BBR#

Go back to the first chapter and execute the one-click installation command, select to enable BBR

Enable HTTP to automatically redirect to HTTPS#


sed -i '/\/home\/xray\/webpage\//d' /etc/nginx/conf.d/xray.conf
sed -i '/index/d' /etc/nginx/conf.d/xray.conf

# Add to the end of the port 80 rule, you can delete both root and index lines at the same time
sed -i '3a \\treturn 301 https://$http_host$request_uri;' /etc/nginx/conf.d/xray.conf

# Add new server
cat>>/etc/nginx/conf.d/xray.conf<<EOF
server {
   listen 127.0.0.1:8080;
   root /home/xray/webpage/;
   index index.html;
   add_header Strict-Transport-Security "max-age=63072000" always;
}
EOF
#end

systemctl restart nginx

# Change the fallback port of xray to 8080 "dest": 80 -> change to "dest": 8080
sed -i '19,24d' /usr/local/etc/xray/config.json

sudo sed -i 's/\"dest\".*/"dest": 8080/g' /usr/local/etc/xray/config.json


systemctl restart xray
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.