{"id":22744125,"url":"https://github.com/mehradi-github/ref-xtls","last_synced_at":"2025-03-30T04:43:27.212Z","repository":{"id":168183860,"uuid":"643808623","full_name":"mehradi-github/ref-xtls","owner":"mehradi-github","description":"XTLS protocol, providing a set of network tools such as Xray-core and REALITY.","archived":false,"fork":false,"pushed_at":"2024-09-23T17:31:40.000Z","size":73,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-02-05T07:12:04.681Z","etag":null,"topics":["reality","sing-box","xray","xray-core","xtls"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mehradi-github.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-05-22T07:47:52.000Z","updated_at":"2024-09-23T17:31:44.000Z","dependencies_parsed_at":"2024-03-08T11:29:09.757Z","dependency_job_id":"955b1323-6c73-4aac-8d2b-57b1180bae1b","html_url":"https://github.com/mehradi-github/ref-xtls","commit_stats":null,"previous_names":["mehradi-github/ref-xtls"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mehradi-github%2Fref-xtls","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mehradi-github%2Fref-xtls/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mehradi-github%2Fref-xtls/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mehradi-github%2Fref-xtls/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mehradi-github","download_url":"https://codeload.github.com/mehradi-github/ref-xtls/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246277351,"owners_count":20751548,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["reality","sing-box","xray","xray-core","xtls"],"created_at":"2024-12-11T01:39:54.740Z","updated_at":"2025-03-30T04:43:27.191Z","avatar_url":"https://github.com/mehradi-github.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Installing XTLS on Linux\nXTLS protocol, providing a set of network tools such as Xray-core and REALITY.\n\n- [Installing XTLS on Linux](#installing-xtls-on-linux)\n - [Installing on server](#installing-on-server)\n - [Protect your server with iptables](#protect-your-server-with-iptables)\n - [Setting kernel for performance and raise ulimits](#setting-kernel-for-performance-and-raise-ulimits)\n - [Install Xray](#install-xray)\n - [Determining camouflage website](#determining-camouflage-website)\n - [Adding Xray server's config](#adding-xray-servers-config)\n - [Enabling and starting the Xray service](#enabling-and-starting-the-xray-service)\n - [Multi-file configuration](#multi-file-configuration)\n - [Installing on client](#installing-on-client)\n - [Adding xray-core](#adding-xray-core)\n - [Editing Xray's config](#editing-xrays-config)\n - [Installing Go](#installing-go)\n - [Running xray](#running-xray)\n - [Setting proxy](#setting-proxy)\n## Installing on server\n### Protect your server with iptables\n```sh\n# replacing \u003cHOME-IP-ADDRESS\u003e\niptables -A INPUT -i lo -j ACCEPT\niptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\niptables -A INPUT -p icmp -j ACCEPT\niptables -A INPUT -p tcp --dport 22 -s \u003cHOME-IP-ADDRESS\u003e -j ACCEPT\niptables -A INPUT -p tcp --dport 22 -j DROP\niptables -A INPUT -p tcp --dport 80 -j ACCEPT\niptables -A INPUT -p tcp --dport 443 -j ACCEPT\niptables -P INPUT DROP\n\nip6tables -A INPUT -i lo -j ACCEPT\nip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\nip6tables -A INPUT -p ipv6-icmp -j ACCEPT\nip6tables -P INPUT DROP\n\n# Make the iptables rules permanent\nsudo apt install iptables-persistent\n```\n### Setting kernel for performance and raise [ulimits](https://phoenixnap.com/kb/ulimit-linux-command)\n```sh\n# performance\nsudo cat \u003c\u003cEOF \u003e /etc/sysctl.d/xray-sysctl.conf\nnet.ipv4.tcp_keepalive_time = 90\nnet.ipv4.ip_local_port_range = 1024 65535\nnet.ipv4.tcp_fastopen = 3\nnet.core.default_qdisc=fq\nnet.ipv4.tcp_congestion_control=bbr\nfs.file-max = 65535000\nEOF\n# ulimits\nsudo cat \u003c\u003cEOF \u003e /etc/security/limits.d/xray-limit.conf\n* soft nproc 655350\n* hard nproc 655350\n* soft nofile 655350\n* hard nofile 655350\nroot soft nproc 655350\nroot hard nproc 655350\nroot soft nofile 655350\nroot hard nofile 655350\nEOF\n\nsudo sysctl --system\n```\n\n### Install Xray\n\n```sh\nsudo apt update \u0026\u0026 Sudo apt upgrade\n\n# bash -c \"$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)\" @ install -u root --version 1.8.1\n\ncurl -fsSLO https://github.com/XTLS/Xray-install/raw/main/install-release.sh\nsudo chmod u+x ./install-release.sh\n\n# Showing Help\nsudo ./install-release.sh help\n\n# Install Xray version 1.8.1 to run as root\nsudo ./install-release.sh install -u root --version 1.8.1\n\n## Removing Xray\nsudo ./install-release.sh remove --purge \n\n# Generate parameters\n# UUID\nxray uuid -i Secret\n# Private and Public keys\nxray x25519\n# short ID\nopenssl rand -hex 8\n\n\n```\n### Determining camouflage website\n- Be a foreign website\n- Support TLSv1.3 and H2\n- Have a URL that is not redirected elsewhere (though the apex domain name may be redirected to www)\n- Bonus points if it has a similar IP to your server\n \n### Adding Xray server's config\nYou can see some [Xray-examples](https://github.com/XTLS/Xray-examples) of server config.json for Xray-core.\n\nDownload [config.json](https://github.com/mehradi-github/ref-xtls/blob/main/configs/config_server.json) and edit params like as below:\n\n```json\n{\n //...\n \"inbounds\": [\n {\n \"listen\": \"0.0.0.0\", // \"0.0.0.0\" Indicates listening to both IPv4 and IPv6\n \"port\": 443, // The port on which the server listens\n \"protocol\": \"vless\",\n \"settings\": {\n \"clients\": [\n {\n \"id\": \"EDIT-UUID\", // Your generated UUID here.\n \"flow\": \"xtls-rprx-vision\"\n }\n ],\n \"decryption\": \"none\"\n },\n \"streamSettings\": {\n \"network\": \"tcp\",\n \"security\": \"reality\",\n \"realitySettings\": {\n \"show\": false,\n \"dest\": \"EDIT-DEST\", // ex: www.microsoft.com:443\n \"xver\": 0,\n \"serverNames\": [\n \"EDIT-SERVERNAME\" //ex: www.microsoft.com\n ],\n \"privateKey\": \"EDIT-PRIVATEKEY\", // Private key you generated earlier.\n \"minClientVer\": \"\",\n \"maxClientVer\": \"\",\n \"maxTimeDiff\": 0,\n \"shortIds\": [\n \"EDIT-SHORTID\" // Short ID\n ]\n }\n },\n \"sniffing\": {\n \"enabled\": true,\n \"destOverride\": [\n \"http\",\n \"tls\"\n ]\n }\n }\n ],\n \n //...\n} \n```\nafter that save in **/usr/local/etc/xray/config.json**\n\n\n### Enabling and starting the Xray service\n```sh\nsudo systemctl daemon-reload \u0026\u0026 sudo systemctl enable xray\nsudo systemctl start xray \u0026\u0026 sudo systemctl status xray\n# show logs\njournalctl -u xray | less\n\n\n```\n### Multi-file configuration\n```sh\nmkdir -p /usr/local/etc/xray/confs\nmv /usr/local/etc/xray/config.json /usr/local/etc/xray/confs/config.json \n\nsudo vi /etc/systemd/system/xray.service\n# changing below line\n# ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json\nExecStart=/usr/local/bin/xray run -confdir /usr/local/etc/xray/confs\n\nsudo rm -r /etc/systemd/system/xray.service.d\n\nsudo systemctl daemon-reload \u0026\u0026 sudo systemctl restart xray\nsudo systemctl status xray\n\nsystemd-delta\n```\n\n\n## Installing on client\n\n### Adding xray-core\n```sh\ncurl -fsSLO https://github.com/XTLS/Xray-core/releases/download/v1.8.1/Xray-linux-64.zip\nsudo unzip ./Xray-linux-64.zip -d /usr/local/bin/xray\nsudo cd /usr/local/bin/xray\ncurl -fsSLo config.json https://raw.githubusercontent.com/mehradi-github/ref-xtls/main/configs/client-config.json\n```\n### Editing Xray's config\n\n Edit the params of [config.json](https://github.com/mehradi-github/ref-xtls/blob/main/configs/client-config.json) like as below:\n\n```json\n{\n//...\n\"outbounds\": [\n {\n \"protocol\": \"vless\",\n \"settings\": {\n \"vnext\": [\n {\n \"address\": \"EDIT-ADDRESS\", // IP server or DNS\n \"port\": 443,\n \"users\": [\n {\n \"id\": \"EDIT-UUID\", // Your generated UUID here.\n \"flow\": \"xtls-rprx-vision\",\n \"encryption\": \"none\"\n }\n ]\n }\n ]\n },\n \"streamSettings\": {\n \"network\": \"tcp\",\n \"security\": \"reality\",\n \"realitySettings\": {\n \"show\": false,\n \"fingerprint\": \"chrome\",\n \"serverName\": \"EDIT-SERVERNAME\", //ex: www.microsoft.com\n \"publicKey\": \"EDIT-PUPLICKEY\", // Public key you generated earlier.\n \"shortId\": \"EDIT-SHORTID\", // Short ID\n \"spiderX\": \"/\"\n }\n },\n \"tag\": \"proxy\"\n },\n {\n \"protocol\": \"freedom\",\n \"tag\": \"direct\"\n },\n {\n \"protocol\": \"blackhole\",\n \"tag\": \"block\"\n }\n ]\n\n//...\n}\n```\n### Installing Go\nYou can see more details for [installing go](https://github.com/mehradi-github/ref-devops-flow#installing-go). \n```sh\ngo version\n```\n### Running xray\n```sh\nsudo cd /usr/local/bin/xray\nsudo chmod +x ./xray\n\n# Changing USERNAME\nsudo cat \u003c\u003cEOF \u003e /etc/systemd/system/xray.service\n[Unit]\nDescription=XTLS Xray-Core a VMESS/VLESS Client\nAfter=network.target nss-lookup.target\n[Service]\nUser=USERNAME\nGroup=USERNAME\nCapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE\nAmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE\nNoNewPrivileges=true\nExecStart=/usr/local/bin/xray/xray run -config /usr/local/bin/xray/config.json\nRestart=on-failure\nRestartPreventExitStatus=23\nStandardOutput=journal\nLimitNPROC=100000\nLimitNOFILE=1000000\n[Install]\nWantedBy=multi-user.target\nEOF\n\nsudo systemctl daemon-reload \u0026\u0026 sudo systemctl enable xray\nsudo systemctl start xray \nsudo systemctl status xray\n\n# ./xray run -c ./config.json\n```\n### Setting proxy\n```sh\nexport no_proxy=localhost,127.0.0.0/8,::1\nexport ftp_proxy=http://127.0.0.1:8889/\nexport https_proxy=http://127.0.0.1:8889/\nexport NO_PROXY=localhost,127.0.0.0/8,::1\nexport FTP_PROXY=http://127.0.0.1:8889/\nexport HTTPS_PROXY=http://127.0.0.1:8889/\nexport HTTP_PROXY=http://127.0.0.1:8889/\nexport http_proxy=http://127.0.0.1:8889/\nexport ALL_PROXY=socks5://127.0.0.1:1089/\nexport all_proxy=socks5://127.0.0.1:1089/\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmehradi-github%2Fref-xtls","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmehradi-github%2Fref-xtls","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmehradi-github%2Fref-xtls/lists"}