Click to expand contents
what you need for this setup is really simple
- Up and running Linux VPS outside your country
- A domain name
1. for CDN configuration you need to create an account in any free CDN website like Cloudflare AWS or any other CDN you like ( for Iranian ArvanCloud or Derak also works very well and is recommended.)
for this tutorial, we will use Cloudflare.
- Create an account in Cloudflare. this step is really simple. go to your dashboard.
- click on
Add a siteand enter your domain name.
- On the next page select the free plan
- On the next page, you should config your DNS Record.
- click on
Add Record - Type: A
- Name: @
- Ip Address: Add your VPS IP address here
- Proxy: MAKE SURE PROXY IS ON this is very important if you don't turn on this option your IP will be visible.
- You can add a CNAME Or another A record for www.
- Cloudflare will give you 2 Nameservers that you need to update in your domain panel.
After Updating your DNS settings go to your SSL/TLS Menu and Select overview.
- put SSL/TLS encryption mode on Full (strict)
- Turn on SSL/TLS Recommender
That's it. we are done with Cloudflare. :)
this is a simple step and it depends on how you got your domain. you should update your domain's Name server in your domain panel with your CDN Name servers. Make sure they get updated and working fine. then continue to the next steps.
you can use any DnsLookup tools like mxtoolbox.com This site should find your A record like the below image. It can take some time. it can take some time.
we need a webserver for our website and an SSL certificate.
CentOS :
Install the EPEL repository:
sudo yum install epel-releaseUpdate the repository and Install NGINX:
sudo yum update
sudo yum install nginxDebina/ubuntu :
Update the repository and Install NGINX:
sudo apt-get update
sudo apt-get install nginxyou should be done. now we need a website.
This is where things get tricky but don't worry it is quite easy.
NOTE:replace ALL your_domain with your actual domain.
Create the directory for your_domain as follows, using the -p flag to create any necessary parent directories:
sudo mkdir -p /var/www/your_domain/htmlNext, assign ownership of the directory with the $USER environment variable:
sudo chown -R $USER:$USER /var/www/your_domain/htmlNext, create a sample index.html page using nano or your favorite editor:
sudo nano /var/www/your_domain/html/index.htmlInside, add the following sample HTML or anything you like:
<html>
<head>
<title>Welcome to your_domain!</title>
</head>
<body>
<h1>Success! The your_domain server block is working!</h1>
</body>
</html>Save and close the file by pressing Ctrl+X to exit, then when prompted to save, Y and then Enter.
I prefer to use a real website template and modify it to look like a real website. but it is your choice.
In order for Nginx to serve this content, itโs necessary to create a server block with the correct directives.
sudo vim /etc/nginx/nginx.confchange your config like the code below but updated for our new directory and domain name:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
server_name sample.com www.sample.com;
root /var/www/html; #/usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location /Replace_with_YOUR_RANDOM_STRING {
proxy_redirect off;
proxy_pass http://0.0.0.0:11111; # REPLACE WITH YOUR VMESS/VLESS port
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
MAKE SURE ALL your_domain HAS BEEN CHANGED WITH YOUR ACTUAL DOMAIN. server_name is your domain section
Save and close the file when you are finished. Next, test to make sure that there are no syntax errors in any of your Nginx files:
sudo nginx -tIf there arenโt any problems, restart Nginx to enable your changes:
sudo systemctl restart nginxyou need a valid SSL certificate for your website. make sure your firewall allows communication on ports 80 and 443.
we will use certbot and Let's Encrypt for our free SSL certificate.
The first step to using Letโs Encrypt to obtain an SSL certificate is to install the Certbot software on your server.
Install Certbot and its Nginx plugin with apt:
sudo apt install certbot python3-certbot-nginxCertbot provides a variety of ways to obtain SSL certificates through plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the config whenever necessary. To use this plugin, type the following:
sudo certbot --nginx -d your_domain -d www.your_domainThis runs certbot with the --nginx plugin, using -d to specify the domain names weโd like the certificate to be valid for.
if certbot asked you the following question select number 2.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
if certbot has been able to get your certificate you should see the following message
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/your_domain/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/your_domain/privkey.pem
Your cert will expire on 2020-08-18. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-leyour certificates are in the following directories you need them. so keep them safe and remember the path.
/etc/letsencrypt/live/your_domain/fullchain.pem
/etc/letsencrypt/live/your_domain/privkey.pemwe are almost there.
Now it is getting exciting. connect to your VPS via SSH. Get your server up to date:
ubuntu:
sudo apt update && sudo apt upgrade -yRedHat centOS:
sudo yum update && sudo yum upgrade Download V2ray (x-UI panel) and install it.
wget https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh
chmod +x install.sh
sudo ./install.shWaiting for installation. unfortunately, this script is in Chinese and all English versions are outdated. so bear with me.
after you saw complete enter y
then enter your username for the x-ui login
and then your password for X-ui panel (don't use this password set any strong password of at least 12 characters including symbols numbers capital letters :D )
now you need to set your panel port. the default port is 54321. you can keep that and press enter.
you should see a menu like this:
that means your X-ui installation is complete. you can check your x-ui service with sudo x-ui status command and start it with sudo x-ui start.
Now go to http://yourdomain.xyz:54321 you should see the x-ui login panel.
log in with your username and password that you have set during installation. you should see a dashboard like this.
use google chrome or Microsoft edge to translate it into english.
in inbound menu click on + icon
- select Vmess
- set extra ID to 64
- set transmition on
ws - set path to a random string at least 8 character
- leave everything else as default.
just make sure to save the ID somewhere.
and that's done.
you made it. this is the golden part.
we will change the nginx config to redirect our calls to the ws path to Vmess this way so every normal request will load our website unless we call the magic ws path.
open your nginx config file.
sudo vim /etc/nginx/nginx.confadd a location like this in your nginx file.
location /djfgGw84$ {
proxy_redirect off;
proxy_pass http://0.0.0.0:32426;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}in the above file replace djfgGw84 with your eandom path from vmess-ws part. and in http://0.0.0.0:32426 replace 32426 with your vmess port.
reload your nginx service.
sudo systemctl restart nginxand you are done. congratulations.
for windos client you can use v2rayN
this is the link for their latest release
https://github.com/2dust/v2rayN/releases/download/6.10/v2rayN-With-Core.zip
when you have download it add a vmess server and fill the info like the image
-
replace
your_domainwith your actual domain -
replace UUID with the ID in the this section
-
your port should be 443
-
Alter ID : 64
-
Transport: Ws
-
Path: to your Random ws path
-
set tls
and your Client is done.
you can use same config on your Android or IOS
for android you can use ShadowRocket and for IOS you can use Shadowlink
This part is optional but it has a big impact on your speed especially if you have too many users.
you can use this link for BBR configuration.