How To Setup v2ray Websocket(WS)+TLS+CDN on a VPS (updated x-ui)

v2ray

Good news! Vless xtls tutorial is ready. Click here to read. 

 

What is v2ray?

V2ray or vmess protocol to be precise, is a sophisticated version of the famous Shadowsocks. At the core, v2ray is also based on SOCKS5 proxy. Normally, proxies lack encryption, and that’s what differentiates a VPN and a proxy. Shadowsocks is SOCKS5 proxy with an encryption, and vmess is the next gen Shadowsocks. 

The previous articles were about simple v2ray with tcp protocol, and that was enough for that time. But recently my v2ray tcp servers got blocked. So I believe it is time to move to more complicated configurations of v2ray. 

This method is called v2ray+websocket+tls+cdn (sometimes nginx is also added, if you  prefer to add a website). As to my understanding, this method hides your VPS IP address behind an IP address from a major CDN provider like Cloudflare, and most ISPs do not block those IP addresses.

There are several scripts for this method, including a good one from 233boy. But, in this article, I am using the easiest one from sprov065 called v2-ui, which also includes an easy v2ray multi user management panel.

Update 2021:

As the developer of v2-ui, changed the v2ray panel to x-ui, which is based on xray core, this tutorial is updated accordingly. The new panel has some design and functionality changes. Most of the installation is same as before. The x-ui panel is only in Chinese right now, but you can use google translate to understand it.

Note: I will update screenshots later.

 

Choosing a VPS

You should:
  • Before making payment ping an IP address of the VPS provider
  • Prefer hourly billing VPS services
  • Prefer less popular VPS services
  • Check for ratings and user reviews
  • Prefer KVM virtualization
  • Use a VPN when using Putty or an alternative SSH programme, to prevent IP address blocking

I can suggest these VPS services:

  1. Vultr – hourly billing – starting from $3.5 per month – vultr.com (get a $100 bonus)
  2. DigitalOcean – hourly billing – starting from $5 per month – digitalocean.com (get a $100 bonus)
  3. RackNerd – monthly billing – starting from $2 per month (annual subscription) – racknerd.com
  4. Contabo – monthly billing – starting from € 3.99 per month  – contabo.com
  5. CloudCone – hourly billing – starting from $4.2 per month – cloudcone.com
 

Setting up v2ray ws+tls+cdn 

Good news! Vless xtls tutorial is ready. Click here to read. 

Thanks to the one-command script by sprov065, you can install v2ray easily, even if you are not familiar with Linux commands. 

You need to have at least Ubuntu 16, Debian 8 or CentOS 7. 

This guide will be for Debian and Ubuntu.

The setup consists of two parts. First, the v2ray script installation, and the second is getting a free SSL certificate from Let’s Encrypt for TLS, and enabling CDN from Cloudflare. The second part is only needed if you wish to use tls and cdn.

Part one – install the script

1. First make updates and upgrades, and install curl

sudo apt-get update -y 
sudo apt-get upgrade -y
sudo apt install curl -y

2. Run the x-ui script

bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)

a) First question asks whether you agree. Press y.

   确认是否继续?[y/n]:y

b)Second one asks for account username. Write whatever you want as when you log in.

   请设置您的账户名:melon

c)Third one asks for account password. 

   请设置您的账户密码:melon123 

d) The last question asks you to write a port number for your user panel.

    请设置面板访问端口:12345

And that is it for the installation part.

x-ui installed 

Part two – get the SSL Certificates

You will need:

  • A domain name
  • A Cloudflare account
  • Point your nameservers to Cloudflare
  • Point your VPS IP to your domain name

To get an SSL certificate, you need a domain name (www.example.com), preferably a paid one from providers like namecheap or porkbun, and a Cloudflare account. Both Porkbun and Namecheap have free Whois Guard. When it comes to pricing, Porkbun has an upper hand, you can find domain names for under $3 per year. Please do check the renewal prices before purchasing a domain.

 1. Nameservers configuration

When adding your domain name to your Cloudflare account, Cloudflare will ask you to redirect your nameservers. It will be something like this:

example1.ns.cloudflare.com
example2.ns.cloudflare.com

You need to copy those from Cloudflare to your domain name registrar (ex: namecheap.com). On Namecheap you can find it on Domain List > Manage > Nameservers. Change the DNS to Custom DNS and add Cloudflare nameservers. After a while, Cloudflare will inform you that the setup is done.,

cloudflare_account_setup
cloudflare_account_setup2
namecheap_DNS
2. Connecting your domain name to the VPS IP address
On Cloudflare,
  1. Go to DNS Management
  2. Press “Add Record”
  3. Type your sub-domain name or domain name to “Name”  (ex: write test for test.example.com or @ for example.com)
  4. Write your VPS IP to “IPv4 address”.
  5. Make sure the color of “Proxy status” is orange and says DNS Only.

Note: If you keep DNS only status after SSL configuration mentioned below, you will get v2ray+ws+tls. If you change it to Proxied, you will get v2ray+ws+tls+cdn.

And lastly change SSL/TLS mode to Full or Full (strict).
cloudflare_DNS_only
cloudflare_SSL
3. Getting SSL Certificate

Now SSH to your VPS using Putty. 

  1. Install certbot.
sudo apt install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get install certbot -y

 2. Use certbot to get SSL Certificate. Use your own email address and domain name.

sudo certbot certonly --standalone --preferred-challenges http --agree-tos --email your-email-address -d test.example.com 

3. If you get a note like “Successfully received certificate”, it means that now you have SSL certificate for your  domain/sub-domain.

In the text you will find destinations of your certificate file and key file. Copy them, as you will need  them on web panel. It will be something like this:

/etc/letsencrypt/live/test.example.com/fullchain.pem
/etc/letsencrypt/live/test.example.com/privkey.pem

Note:

If you face errors and cannot get the certificate, please make sure that your firewall is listening to ports 80 and 443, you have pointed your VPS IP address to the domain name and the Cloudflare CDN is off.

4. Last, the SSL certificate expires in 90 days, to make sure to renew it before expiration. Here is a manual renewal command.

certbot renew --force-renewal
LetsEncrypt_SSL Managing  v2ray

Adding a user

You can go to x-ui web panel typing your IP address and the port that you chose during installation (12345 in my case) on a browser. You can login using your username and password.

http://"your-ip-address":12345

To add a user, you need to go to “accounts”, press add button and fill in the blanks according to  your preferences.

  • Remark – here you can write anything you want
  • Protocol – vmess
  • Listening IP, Port, ID (UUID) and Alter ID generated automatically. You can change them manually, as well. It is advised to use port 443. 
  • Transport – ws (websocket)
  • Path – you can leave it the way it is or add anything you want
  • Turn on TLS
  • Domain – write your domain name or sub-domain name
  • You can choose certificate file path and copy the file paths, or copy the certificate and key directly to certificate file content
  • Copy and paste certificate and key file paths, respectively
  • Press “Add”

And that is it. You can add, edit, delete users within seconds, and check bandwidth usage using x-ui web-panel. 

You are not only limited to v2ray ws tls cdn with this web panel, you can configure and test various combinations of v2ray.

I would like to thank vaxilu and other developers for this easy v2ray multi-user management panel.  

webpanel_1
webpanel_2
 

Bonus

BBR script

If you think your v2ray has slow speed, or have an older Linux version on your VPS, you can use bbr script by teddysun, to install google bbr.

wget -N --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && bash bbr.sh
 

Installing v2ray to Your Devices

v2ray apps for Android

You can use v2ray on several apps on Android, and all of them are available for free Google Play.

  • v2RayNG
  • NapsternetV
 

v2ray apps for iOS

You can use v2ray on several apps on your iPhone/iPad as well, most of the v2ray apps are paid apps, except for 91VPN.

  • Shadowrocket
  • Lancex
  • 91VPN
  • Pharos Pro
  • FairVPN

v2ray clients for Windows

For your Windows PC, you can choose one of these five v2ray Windows clients.

  • V2RayN
  • Qv2ray
  • Netch

v2ray clients for macOS

For your Mac, you can choose one of these four v2ray clients.  

  • V2RayX
  • V2RayU
  • Qv2ray
 

VPN services that offer v2ray

Sometimes IP blocks are so often that you may want a solution without a hassle and go for a paid option. If that is the case for you, Wannaflix and 12VPN offer v2ray, along with other VPN protocols. You can read my brief review about the VPNs on the blog post the Best Stealth VPNs.

Wanna check other VPNs? Head over to the VPN Comparison Table, and find the best VPN that fits you.

69 thoughts on “How To Setup v2ray Websocket(WS)+TLS+CDN on a VPS (updated x-ui)”

    1. Normally, if your VPS IP is a US IP address, then the website you are visiting will think that you are browsing from the US. You can try using v2ray without CDN.

  1. hi
    If possible, give an example for the command below
    2. Use certbot to get SSL Certificate. Use your own email address and domain name.

    sudo certbot certonly –standalone –preferred-challenges http –agree-tos –email your-email-address -d test.example.com

  2. Thanks for the tutorial!!

    I got this error on the main panel and the server is no longer working. Any thoughts on how to fix this?

    Xray 1.4.2 (Xray, Penetrates Everything.) Custom (go1.16.2 linux/amd64)

    A unified platform for anti-censorship.

    2022/12/31 14:48:37 [Info] infra/conf/serial: Reading config: bin/config.json

    Failed to start: main: failed to load config files: [bin/config.json] > infra/conf: Failed to build TLS config. > infra/conf: failed to parse certificate > infra/conf: both file and bytes are empty.

    1. hi,

      It looks like TLS certificate issue, you could try to re-issue TLS/SSL certificate. If that does not help you could re-install the script.

    2. one of your user not standard config ! actualy ur last user . disable ur user to find one by one to find it !

  3. Hi,
    This command did not run for me and it gave me error:

    sudo add-apt-repository ppa:certbot/certbot

    But the rest of the commands were successful and I got to the ui and created a user but it does not connect. Is it because of that line failing? I used unbuntu 22.04
    Please assist.
    Thanks.

  4. Hi,
    The script to setup UI, gets stopped at this line:

    Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|2606:50c0:8000::154|:443…

    What can I do?
    Thanks.

  5. Hi,
    I was able to make it work but it is very slow connection up to 5 to 10 seconds.
    My ping to server is 100ms .
    I tried the BBR script but it didn’t help the speed.

    Is there anything we can do to fix the speed problem?

    Thank you.

  6. Hallo dear,
    Yesterday I installed x-ui.
    It works but it’s is very slow.
    I don’t use any CDN.
    I tested Vless, VMess
    I used the latest version too.
    Do u have any sedition suggestion?
    Thhhhanks alot

  7. Hi
    How can i create multi-users account with same port in V2Ray panel ?
    Thank you for yout answer.

  8. Configured everything, Now, on V2RayNG on one device it returns:
    Fail to detect internet connection: context deadline exceeded.
    on second device:
    Fail to detect internet connection: io read/write on closed pipe

  9. Hi there,
    first of all thanks a lot for your awesome tutorial!

    I have encountered an error on the main panel:
    2023/01/08 19:16:14 [Info] infra/conf/serial: Reading config: bin/config.json
    Failed to start: main: failed to load config files: [bin/config.json] > infra/conf: unable to listen on domain address: 443

    Any idea how to fix this? Any help would be greatly appreciated! 🙂

  10. you tutorial works wonderful! thank you!

    I am just having an issue when i add second “user” using the same vless protocol but i only change port number to 442 and remark, although its successfully created, i cant get it to work, am i doing something wrong here?
    firewall is disables, x-ui running on debian 10.

      1. thanks for the reply, it worked when used the suggested port. why is that some port works and some doesnt, and how to make it possible that i know which random port i can use?

    1. If you are using CF CDN, Then port 442 won’t work
      Cloudflare CDN only works with
      443
      2053
      2083
      2087
      2096
      8443
      Or you can just turn off CDN and use port 442. I am using it without CDN and it never get block

      1. But do you live in China or Iran? Because those countries utilise GFW, which blocks anything suspicious. Port 442 is not used for HTTPS and hence suspicious.

        1. Hi,
          I lived in Turkmenistan for a while, they had similar maybe even worse GFW. Yes 443 is better choice, but even 443 could be blocked.

  11. Dear Melon,
    Thanks for this tutorial

    How to add second user in ui? I mean I want to add more subdomains with one port , is it possible?

    Like below :
    Subdomain1.domain.com
    Subdomain2.domain.com
    and use just one port like: 2083

  12. Hi dear,
    Thank you for this tutorial.
    I have question that is, how i can connect from linux (ubuntu) to v2ray server? I can’t find that way.
    I install v2raya on my ubuntu but this run web page on my os and can connect from this web page to v2ray server but no internet conection is on vpn.

    Thanks.

    1. Hi,
      You can run:
      systemctl status x-ui
      this will show whether your x-ui is runnung and also wil show the port.
      You can exit by pressing Ctrl and C.

  13. Hello
    I did what this tutorial said. It was working well for about 3 days and suddenly it sopped working. When I disabled TLS in V2ray account, it started to work again. Now I have to use it without tls but I need it. What should I do?
    Tanks!

    1. Hi there,
      You may have issues with TLS certification, please try to issue the certificates again. Alternatively, your ISP may be blocking TLS connections. Are you using CDN as well?

  14. Hi, I installed v2ray with cdn script and BBR. Everything is fine, but the upload is very slow. how can i do?

  15. markrichardson

    Hey i installed everyhting and followed uo but It seems I can not open the xx.xx.xx.xx.xx:12345 at all using Digital Ocean VPS Droplet.

    Any Idea why?

  16. eugenebanks

    Hey, I followed the whole tutorial and got it to work and send my Vless config files to my friend in Mainland China to check if it works but he can not Connect.

    I activated on both Cloudflare accounts the “Proxied” option as said in the tutorial after everything is done can be activated.

    But once activated I can’t connect anymore even from my local machine (I am still based in Europe right now, i can only check if it works in China 1.05.23).

    I wanted to know:

    a) did something change recently regarding the Cloudflare Proxied
    b) can the “Proxied” simply stay turned off or it needs to be activated?
    c) Is there a more detailed guide to trouble shoot for example configs of SSL certificates?

    1. hi
      1) It is possible that the IP address assigned by Cloudflare is blocked.
      2) It can stay off, if you do not need Cloudflare IP address over your VPS IP address.
      3) There are different errors, you could google exact SSL error.

  17. Hello, I installed a v2ray+ws+tls+cdn using this instruction and everything worked well for like 5 minutes and then it stopped. Digging around led me to finding out I get a problem whenever I use CDN. I turn on proxy in CF settings, it works for a couple minutes, and then it stops working. I turn proxy off and it works again. I tried using different ports (both supported by CF and unsupported by CF), but it seems like there’s no getting around it. Does anyone have any ideas on what to do to fix it?

  18. LimePenguin

    Hi Melon, I am experiencing the same issue as user “MARKRICHARDSON”.
    I followed the instructions exactly, and everything worked as expected up until attempting to access http://“your-ip-address”:12345 in my browser.
    I tried this on multiple machines running Windows 11 or Ubuntu and the connection just times out after a few minutes.
    I also removed and reinstalled x-ui with different ports but to no avail.
    Please advise what I could try to troubleshoot this issue.
    Thank you!

  19. LimePenguin

    Update: I found the solution, it turns out the VPS instance I am using provided by Google Cloud Platform has firewall rules that block all incoming traffic via HTTP and HTTPS by default…
    Embarrasing oversight on my part but that was the issue for me.
    Thank you Melon for the tutorial!

  20. hello sir
    i got this error afetr runnin x- ui script
    Failed to stop x-ui.service: Unit x-ui.service not loaded.

    what’s this error?

    1. Hello,
      You can get more info about the error with x-ui status
      the error says that it cannot load the x-ui service.
      please try restart or reinstall x-ui.

  21. Sammy nikpoor

    Hello my friend i want to creat standalone certificate on centos but it always giving me an erro like below
    ] Xxx.xxx.xxx:Verify error:5.61.36.181: Fetching http://dl4.voidcorp.top/.well-known/acme-challenge/_H0NwO0peWAohhfxpnv3edfvdKHFryBUyFuMEG8UN9s: Timeout during connect (likely firewall problem)
    [Fri May 12 02:50:53 MSK 2023] Please add ‘–debug’ or ‘–log’ to check more details.
    [Fri May 12 02:50:53 MSK 2023] See:
    Can you tell me how to fix it? Port 80 and 443 are open and nothing is listening to them

  22. Hi,
    The cloudflare CDN works but is not always that stable. Is it possible to use cloudflare and aws-cloudfront together to make it more stable? I am not quite familiar with these tech, could you give me some advice?

  23. Hello there,

    Thank you for the informative tutorial. I have a few questions regarding the setup.

    Let’s consider that I have a domain, app.sample.com, and I want to configure it with an SNI (Server Name Indication) bug, such as netflix.com or zoom.com. ISPs (Internet Service Providers) offer unlimited packages specifically for these services.

    I need to set this up with a CDN in a way that avoids blocking by the ISP. Could you please guide me on how to configure both the client and server configurations?

    I have tried some methods, but they haven’t worked for me. I provided the client address as app.sample.com and used Netflix.com as the SNI bug, but it didn’t work. However, it does work when I provide the server IP address instead. I would like to know how to implement this setup using the domain itself.

  24. greetings, thanks for the tutorial, but I’m confused why the panel is in Chinese while in the screenshot above the panel is in English.

Leave a Comment

Your email address will not be published. Required fields are marked *