Good news! Vless xtls tutorial is ready. Click here to read.
What is v2ray?
V2ray or vmess protocol to be precise, is a sophisticated version of the famous Shadowsocks. At the core, v2ray is also based on SOCKS5 proxy. Normally, proxies lack encryption, and that’s what differentiates a VPN and a proxy. Shadowsocks is SOCKS5 proxy with an encryption, and vmess is the next gen Shadowsocks.
The previous articles were about simple v2ray with tcp protocol, and that was enough for that time. But recently my v2ray tcp servers got blocked. So I believe it is time to move to more complicated configurations of v2ray.
This method is called v2ray+websocket+tls+cdn (sometimes nginx is also added, if you prefer to add a website). As to my understanding, this method hides your VPS IP address behind an IP address from a major CDN provider like Cloudflare, and most ISPs do not block those IP addresses.
There are several scripts for this method, including a good one from 233boy. But, in this article, I am using the easiest one from sprov065 called v2-ui, which also includes an easy v2ray multi user management panel.
Update 2021:
As the developer of v2-ui, changed the v2ray panel to x-ui, which is based on xray core, this tutorial is updated accordingly. The new panel has some design and functionality changes. Most of the installation is same as before. The x-ui panel is only in Chinese right now, but you can use google translate to understand it.
Note: I will update screenshots later.
Choosing a VPS
- Before making payment ping an IP address of the VPS provider
- Prefer hourly billing VPS services
- Prefer less popular VPS services
- Check for ratings and user reviews
- Prefer KVM virtualization
- Use a VPN when using Putty or an alternative SSH programme, to prevent IP address blocking
I can suggest these VPS services:
- Vultr – hourly billing – starting from $3.5 per month – vultr.com (get a $100 bonus)
- DigitalOcean – hourly billing – starting from $5 per month – digitalocean.com (get a $100 bonus)
- RackNerd – monthly billing – starting from $2 per month (annual subscription) – racknerd.com
- Contabo – monthly billing – starting from € 3.99 per month – contabo.com
- CloudCone – hourly billing – starting from $4.2 per month – cloudcone.com
Setting up v2ray ws+tls+cdn
Good news! Vless xtls tutorial is ready. Click here to read.
Thanks to the one-command script by sprov065, you can install v2ray easily, even if you are not familiar with Linux commands.
You need to have at least Ubuntu 16, Debian 8 or CentOS 7.
This guide will be for Debian and Ubuntu.
The setup consists of two parts. First, the v2ray script installation, and the second is getting a free SSL certificate from Let’s Encrypt for TLS, and enabling CDN from Cloudflare. The second part is only needed if you wish to use tls and cdn.
Part one – install the script
1. First make updates and upgrades, and install curl
sudo apt-get update -y
sudo apt-get upgrade -y
sudo apt install curl -y
2. Run the x-ui script
bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
a) First question asks whether you agree. Press y.
确认是否继续?[y/n]:y
b)Second one asks for account username. Write whatever you want as when you log in.
请设置您的账户名:melon
c)Third one asks for account password.
请设置您的账户密码:melon123
d) The last question asks you to write a port number for your user panel.
请设置面板访问端口:12345
And that is it for the installation part.
Part two – get the SSL Certificates
You will need:
- A domain name
- A Cloudflare account
- Point your nameservers to Cloudflare
- Point your VPS IP to your domain name
To get an SSL certificate, you need a domain name (www.example.com), preferably a paid one from providers like namecheap or porkbun, and a Cloudflare account. Both Porkbun and Namecheap have free Whois Guard. When it comes to pricing, Porkbun has an upper hand, you can find domain names for under $3 per year. Please do check the renewal prices before purchasing a domain.
1. Nameservers configuration
When adding your domain name to your Cloudflare account, Cloudflare will ask you to redirect your nameservers. It will be something like this:
example1.ns.cloudflare.com
example2.ns.cloudflare.com
You need to copy those from Cloudflare to your domain name registrar (ex: namecheap.com). On Namecheap you can find it on Domain List > Manage > Nameservers. Change the DNS to Custom DNS and add Cloudflare nameservers. After a while, Cloudflare will inform you that the setup is done.,
2. Connecting your domain name to the VPS IP address
- Go to DNS Management
- Press “Add Record”
- Type your sub-domain name or domain name to “Name” (ex: write test for test.example.com or @ for example.com)
- Write your VPS IP to “IPv4 address”.
- Make sure the color of “Proxy status” is orange and says DNS Only.
Note: If you keep DNS only status after SSL configuration mentioned below, you will get v2ray+ws+tls. If you change it to Proxied, you will get v2ray+ws+tls+cdn.
3. Getting SSL Certificate
Now SSH to your VPS using Putty.
- Install certbot.
sudo apt install software-properties-common sudo add-apt-repository ppa:certbot/certbot sudo apt-get install certbot -y
2. Use certbot to get SSL Certificate. Use your own email address and domain name.
sudo certbot certonly --standalone --preferred-challenges http --agree-tos --email your-email-address -d test.example.com
3. If you get a note like “Successfully received certificate”, it means that now you have SSL certificate for your domain/sub-domain.
In the text you will find destinations of your certificate file and key file. Copy them, as you will need them on web panel. It will be something like this:
/etc/letsencrypt/live/test.example.com/fullchain.pem
/etc/letsencrypt/live/test.example.com/privkey.pem
Note:
If you face errors and cannot get the certificate, please make sure that your firewall is listening to ports 80 and 443, you have pointed your VPS IP address to the domain name and the Cloudflare CDN is off.
4. Last, the SSL certificate expires in 90 days, to make sure to renew it before expiration. Here is a manual renewal command.
certbot renew --force-renewal
Adding a user
You can go to x-ui web panel typing your IP address and the port that you chose during installation (12345 in my case) on a browser. You can login using your username and password.
http://"your-ip-address":12345
To add a user, you need to go to “accounts”, press add button and fill in the blanks according to your preferences.
- Remark – here you can write anything you want
- Protocol – vmess
- Listening IP, Port, ID (UUID) and Alter ID generated automatically. You can change them manually, as well. It is advised to use port 443.
- Transport – ws (websocket)
- Path – you can leave it the way it is or add anything you want
- Turn on TLS
- Domain – write your domain name or sub-domain name
- You can choose certificate file path and copy the file paths, or copy the certificate and key directly to certificate file content
- Copy and paste certificate and key file paths, respectively
- Press “Add”
And that is it. You can add, edit, delete users within seconds, and check bandwidth usage using x-ui web-panel.
You are not only limited to v2ray ws tls cdn with this web panel, you can configure and test various combinations of v2ray.
I would like to thank vaxilu and other developers for this easy v2ray multi-user management panel.
Bonus
BBR script
If you think your v2ray has slow speed, or have an older Linux version on your VPS, you can use bbr script by teddysun, to install google bbr.
wget -N --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && bash bbr.sh
Installing v2ray to Your Devices
v2ray apps for Android
You can use v2ray on several apps on Android, and all of them are available for free Google Play.
- v2RayNG
- NapsternetV
v2ray apps for iOS
You can use v2ray on several apps on your iPhone/iPad as well, most of the v2ray apps are paid apps, except for 91VPN.
- Shadowrocket
- Lancex
- 91VPN
- Pharos Pro
- FairVPN
v2ray clients for Windows
For your Windows PC, you can choose one of these five v2ray Windows clients.
- V2RayN
- Qv2ray
- Netch
v2ray clients for macOS
For your Mac, you can choose one of these four v2ray clients.
- V2RayX
- V2RayU
- Qv2ray
VPN services that offer v2ray
Sometimes IP blocks are so often that you may want a solution without a hassle and go for a paid option. If that is the case for you, Wannaflix and 12VPN offer v2ray, along with other VPN protocols. You can read my brief review about the VPNs on the blog post the Best Stealth VPNs.
Wanna check other VPNs? Head over to the VPN Comparison Table, and find the best VPN that fits you.
hi
im installing it thanks
how can i created subscribe group url for v2ray?
Hi,
this particular script does not have subscribe url.
Thank you very much for the tutorial.
I would like to know how I can prevent websites from thinking that I am browsing from China. My VPS is from the USA.
Screenshots:
https://ibb.co/VvFggG9
https://ibb.co/31tY8Lj
Normally, if your VPS IP is a US IP address, then the website you are visiting will think that you are browsing from the US. You can try using v2ray without CDN.
I don’t know how to solve that problem
I am not using CDN
hi
If possible, give an example for the command below
2. Use certbot to get SSL Certificate. Use your own email address and domain name.
sudo certbot certonly –standalone –preferred-challenges http –agree-tos –email your-email-address -d test.example.com
hi,
sudo certbot certonly –standalone –preferred-challenges http –agree-tos –email melon@gmail.com -d privacymelon.com
Thanks for the tutorial!!
I got this error on the main panel and the server is no longer working. Any thoughts on how to fix this?
Xray 1.4.2 (Xray, Penetrates Everything.) Custom (go1.16.2 linux/amd64)
A unified platform for anti-censorship.
2022/12/31 14:48:37 [Info] infra/conf/serial: Reading config: bin/config.json
Failed to start: main: failed to load config files: [bin/config.json] > infra/conf: Failed to build TLS config. > infra/conf: failed to parse certificate > infra/conf: both file and bytes are empty.
hi,
It looks like TLS certificate issue, you could try to re-issue TLS/SSL certificate. If that does not help you could re-install the script.
one of your user not standard config ! actualy ur last user . disable ur user to find one by one to find it !
Hi,
This command did not run for me and it gave me error:
sudo add-apt-repository ppa:certbot/certbot
But the rest of the commands were successful and I got to the ui and created a user but it does not connect. Is it because of that line failing? I used unbuntu 22.04
Please assist.
Thanks.
hi,
please try using debian.
Hi,
The script to setup UI, gets stopped at this line:
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|2606:50c0:8000::154|:443…
What can I do?
Thanks.
hi,
try installing other os, like debian if you are using ubuntu, or vice versa.
Hi,
I was able to make it work but it is very slow connection up to 5 to 10 seconds.
My ping to server is 100ms .
I tried the BBR script but it didn’t help the speed.
Is there anything we can do to fix the speed problem?
Thank you.
Hi,
you can try turning off cdn. also you should choose VPS countries that are not far from your country.
Hallo dear,
Yesterday I installed x-ui.
It works but it’s is very slow.
I don’t use any CDN.
I tested Vless, VMess
I used the latest version too.
Do u have any sedition suggestion?
Thhhhanks alot
Hello,
You can try accelerators like BBR, BBR plus.
Hi
How can i create multi-users account with same port in V2Ray panel ?
Thank you for yout answer.
Hello,
Same port multi user is not possible with this script.
Configured everything, Now, on V2RayNG on one device it returns:
Fail to detect internet connection: context deadline exceeded.
on second device:
Fail to detect internet connection: io read/write on closed pipe
Hello,
Sorry no idea what causes the issue. Maybe you can try installing on another os.
set Allowinsecure to true
Hi there,
first of all thanks a lot for your awesome tutorial!
I have encountered an error on the main panel:
2023/01/08 19:16:14 [Info] infra/conf/serial: Reading config: bin/config.json
Failed to start: main: failed to load config files: [bin/config.json] > infra/conf: unable to listen on domain address: 443
Any idea how to fix this? Any help would be greatly appreciated! 🙂
Hi,
For some reason it fails to read your config file. is your port 443 open?
you tutorial works wonderful! thank you!
I am just having an issue when i add second “user” using the same vless protocol but i only change port number to 442 and remark, although its successfully created, i cant get it to work, am i doing something wrong here?
firewall is disables, x-ui running on debian 10.
do other ports work? for example 8443?
thanks for the reply, it worked when used the suggested port. why is that some port works and some doesnt, and how to make it possible that i know which random port i can use?
Maybe some ports are not open on your server, or your ISP could also block some ports.
If you are using CF CDN, Then port 442 won’t work
Cloudflare CDN only works with
443
2053
2083
2087
2096
8443
Or you can just turn off CDN and use port 442. I am using it without CDN and it never get block
But do you live in China or Iran? Because those countries utilise GFW, which blocks anything suspicious. Port 442 is not used for HTTPS and hence suspicious.
Hi,
I lived in Turkmenistan for a while, they had similar maybe even worse GFW. Yes 443 is better choice, but even 443 could be blocked.
Hi
How can i limit each user to connect with only one device?
hi,
unfortunately v2ray does not support limiting devices.
Dear Melon,
Thanks for this tutorial
How to add second user in ui? I mean I want to add more subdomains with one port , is it possible?
Like below :
Subdomain1.domain.com
Subdomain2.domain.com
and use just one port like: 2083
Hello,
Not sure if adding two subdomains is possible.
Is this tutorial work in Microsoft Azure Ubuntu vps
Yes, it should work on Ubuntu.
Hi dear,
Thank you for this tutorial.
I have question that is, how i can connect from linux (ubuntu) to v2ray server? I can’t find that way.
I install v2raya on my ubuntu but this run web page on my os and can connect from this web page to v2ray server but no internet conection is on vpn.
Thanks.
Hi,
Unfortunately, I have not tried on linux, maybe someone who knows can answer your question.
You first need to install Clash proxy on ubuntu and set http/https/socks proxy on ubuntu server. You can generate clash config from https://v2rayse.com/node-convert and tutorial of clash linux at https://zhuanlan.zhihu.com/p/608734142. If you can acces to server hardware, then you can buy a router with openwrt and install ssr, vssr service on openwrt and connect it to your server
Contact me for any question ssl@lanming.online
Hi,
How can I find the port number for x-ui web panel if I don’t remember it?
Thanks.
Hi,
You can run:
systemctl status x-ui
this will show whether your x-ui is runnung and also wil show the port.
You can exit by pressing Ctrl and C.
Hello
I did what this tutorial said. It was working well for about 3 days and suddenly it sopped working. When I disabled TLS in V2ray account, it started to work again. Now I have to use it without tls but I need it. What should I do?
Tanks!
Hi there,
You may have issues with TLS certification, please try to issue the certificates again. Alternatively, your ISP may be blocking TLS connections. Are you using CDN as well?
Hi, I installed v2ray with cdn script and BBR. Everything is fine, but the upload is very slow. how can i do?
Does it improve if you turn off cdn?
the speed may improve.
Melon your website ssl expired
Thanks a lot 🙂
Hey i installed everyhting and followed uo but It seems I can not open the xx.xx.xx.xx.xx:12345 at all using Digital Ocean VPS Droplet.
Any Idea why?
hi,
is your port 12345 open?
Hey, I followed the whole tutorial and got it to work and send my Vless config files to my friend in Mainland China to check if it works but he can not Connect.
I activated on both Cloudflare accounts the “Proxied” option as said in the tutorial after everything is done can be activated.
But once activated I can’t connect anymore even from my local machine (I am still based in Europe right now, i can only check if it works in China 1.05.23).
I wanted to know:
a) did something change recently regarding the Cloudflare Proxied
b) can the “Proxied” simply stay turned off or it needs to be activated?
c) Is there a more detailed guide to trouble shoot for example configs of SSL certificates?
hi
1) It is possible that the IP address assigned by Cloudflare is blocked.
2) It can stay off, if you do not need Cloudflare IP address over your VPS IP address.
3) There are different errors, you could google exact SSL error.
Hello, I installed a v2ray+ws+tls+cdn using this instruction and everything worked well for like 5 minutes and then it stopped. Digging around led me to finding out I get a problem whenever I use CDN. I turn on proxy in CF settings, it works for a couple minutes, and then it stops working. I turn proxy off and it works again. I tried using different ports (both supported by CF and unsupported by CF), but it seems like there’s no getting around it. Does anyone have any ideas on what to do to fix it?
Hi Melon, I am experiencing the same issue as user “MARKRICHARDSON”.
I followed the instructions exactly, and everything worked as expected up until attempting to access http://“your-ip-address”:12345 in my browser.
I tried this on multiple machines running Windows 11 or Ubuntu and the connection just times out after a few minutes.
I also removed and reinstalled x-ui with different ports but to no avail.
Please advise what I could try to troubleshoot this issue.
Thank you!
Update: I found the solution, it turns out the VPS instance I am using provided by Google Cloud Platform has firewall rules that block all incoming traffic via HTTP and HTTPS by default…
Embarrasing oversight on my part but that was the issue for me.
Thank you Melon for the tutorial!
hello sir
i got this error afetr runnin x- ui script
Failed to stop x-ui.service: Unit x-ui.service not loaded.
what’s this error?
Hello,
You can get more info about the error with x-ui status
the error says that it cannot load the x-ui service.
please try restart or reinstall x-ui.
Hello my friend i want to creat standalone certificate on centos but it always giving me an erro like below
] Xxx.xxx.xxx:Verify error:5.61.36.181: Fetching http://dl4.voidcorp.top/.well-known/acme-challenge/_H0NwO0peWAohhfxpnv3edfvdKHFryBUyFuMEG8UN9s: Timeout during connect (likely firewall problem)
[Fri May 12 02:50:53 MSK 2023] Please add ‘–debug’ or ‘–log’ to check more details.
[Fri May 12 02:50:53 MSK 2023] See:
Can you tell me how to fix it? Port 80 and 443 are open and nothing is listening to them
Hi, please try debian.
Hi,
The cloudflare CDN works but is not always that stable. Is it possible to use cloudflare and aws-cloudfront together to make it more stable? I am not quite familiar with these tech, could you give me some advice?
Hi,
I guess you could use cloudfront instead of cloudflare, but it costs like $0,10 per GB.
dude, cdn doesn’t work until you turn on the cloud on cloudflare
yes, if cloud is off cdn is also off.
Hello there,
Thank you for the informative tutorial. I have a few questions regarding the setup.
Let’s consider that I have a domain, app.sample.com, and I want to configure it with an SNI (Server Name Indication) bug, such as netflix.com or zoom.com. ISPs (Internet Service Providers) offer unlimited packages specifically for these services.
I need to set this up with a CDN in a way that avoids blocking by the ISP. Could you please guide me on how to configure both the client and server configurations?
I have tried some methods, but they haven’t worked for me. I provided the client address as app.sample.com and used Netflix.com as the SNI bug, but it didn’t work. However, it does work when I provide the server IP address instead. I would like to know how to implement this setup using the domain itself.
Hi,
Interesting info. Unfortunately I have not tried anything like this. Hope someone who knows better can help.
greetings, thanks for the tutorial, but I’m confused why the panel is in Chinese while in the screenshot above the panel is in English.
hi there,
screenshots are from the old version of panel.