├── .github └── workflows │ └── build.yml ├── README.md ├── acme.md ├── certbot.md └── compile_Xray-core.md /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: build 2 | 3 | env: 4 | ENV_LINUX: CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOAMD64=v2 5 | ENV_WINDOWS: CGO_ENABLED=0 GOOS=windows GOARCH=amd64 GOAMD64=v3 6 | 7 | on: 8 | workflow_dispatch: 9 | 10 | jobs: 11 | build: 12 | runs-on: ubuntu-latest 13 | 14 | steps: 15 | - name: Setup Go 16 | uses: actions/setup-go@v4 17 | with: 18 | go-version: '1.21.3' 19 | cache: false 20 | 21 | - name: Initialize Go module 22 | run: go mod init github.com/XTLS/Xray-core 23 | 24 | - name: git clone 25 | run: | 26 | git clone --depth 1 https://github.com/XTLS/Xray-core.git 27 | 28 | - name: go build 29 | run: | 30 | cd Xray-core 31 | sed -i '/build/ s/Custom/'$(git rev-parse --short HEAD)'/' ./core/core.go 32 | go mod download 33 | go env -w ${{ env.ENV_LINUX }} 34 | go build -v -o xray -trimpath -ldflags "-s -w -buildid=" ./main 35 | go env -w ${{ env.ENV_WINDOWS }} 36 | go build -v -o xray.exe -trimpath -ldflags "-s -w -buildid=" ./main 37 | 38 | - name: Upload files 39 | uses: actions/upload-artifact@v3 40 | with: 41 | name: xray 42 | path: | 43 | Xray-core/xray 44 | Xray-core/xray.exe 45 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # [XTLS Vision](https://github.com/XTLS/Xray-core/discussions/1295) 安装指南 2 | 3 | ## 服务端 4 | 5 | ### **已有SSL证书** 6 | 7 | - 将证书文件改名为 **fullchain.cer**,将私钥文件改名为 **private.key**,将它们上传到 **/etc/ssl/private** 目录,执行下面的命令 8 | 9 | ``` 10 | chown -R nobody:nogroup /etc/ssl/private 11 | ``` 12 | 13 | - [使用证书时权限不足](https://github.com/v2fly/fhs-install-v2ray/wiki/Insufficient-permissions-when-using-certificates-zh-Hans-CN) 14 | 15 | ### **使用[acme](https://github.com/acmesh-official/acme.sh)申请SSL证书** 16 | 17 | - [点击查看详细步骤](acme.md) 18 | 19 | - 如果使用acme申请失败,请尝试使用[cerbot](certbot.md) 20 | 21 | - 备份已申请的SSL证书:进入 **/etc/ssl/private** 目录,下载证书文件 **fullchain.cer** 和私钥文件 **private.key** 22 | 23 | - SSL证书有效期是90天,acme每60天自动更新一次 24 | 25 | ### 具体步骤 26 | 27 | 1. 安装[Xray](https://github.com/XTLS/Xray-install) 28 | 29 | - Debian / Ubuntu 30 | 31 | ``` 32 | bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --beta 33 | ``` 34 | 35 | - 卸载Xray 36 | 37 | ``` 38 | bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove --purge 39 | ``` 40 | 41 | 2. 安装[Nginx](http://nginx.org/en/linux_packages.html) 42 | 43 | - Debian 10/11/12 44 | 45 | ``` 46 | apt install -y gnupg2 ca-certificates lsb-release debian-archive-keyring && curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /usr/share/keyrings/nginx-archive-keyring.gpg && echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" > /etc/apt/sources.list.d/nginx.list && echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" > /etc/apt/preferences.d/99nginx && apt update -y && apt install -y nginx && mkdir -p /etc/systemd/system/nginx.service.d && echo -e "[Service]\nExecStartPost=/bin/sleep 0.1" > /etc/systemd/system/nginx.service.d/override.conf && systemctl daemon-reload 47 | ``` 48 | 49 | - Ubuntu 18.04/20.04/22.04 50 | 51 | ``` 52 | apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring && curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /usr/share/keyrings/nginx-archive-keyring.gpg && echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" > /etc/apt/sources.list.d/nginx.list && echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" > /etc/apt/preferences.d/99nginx && apt update -y && apt install -y nginx && mkdir -p /etc/systemd/system/nginx.service.d && echo -e "[Service]\nExecStartPost=/bin/sleep 0.1" > /etc/systemd/system/nginx.service.d/override.conf && systemctl daemon-reload 53 | ``` 54 | 55 | - 卸载Nginx 56 | 57 | ``` 58 | systemctl stop nginx && apt purge -y nginx && rm -r /etc/systemd/system/nginx.service.d/ 59 | ``` 60 | 61 | 3. 下载[配置](https://github.com/chika0801/Xray-examples/blob/main/VLESS-Vision-TLS/config_server.json) 62 | 63 | ``` 64 | curl -Lo /usr/local/etc/xray/config.json https://raw.githubusercontent.com/chika0801/Xray-examples/main/VLESS-Vision-TLS/config_server.json && curl -Lo /etc/nginx/nginx.conf https://raw.githubusercontent.com/chika0801/Xray-examples/main/VLESS-Vision-TLS/nginx.conf 65 | ``` 66 | 67 | 4. 启动程序 68 | 69 | ``` 70 | systemctl restart xray && systemctl restart nginx && sleep 0.2 && systemctl status xray && systemctl status nginx 71 | ``` 72 | 73 | | 项目 | | 74 | | :--- | :--- | 75 | | 程序 | **/usr/local/bin/xray** | 76 | | 配置 | **/usr/local/etc/xray/config.json** | 77 | | geoip | **/usr/local/share/xray/geoip.dat** | 78 | | geosite | **/usr/local/share/xray/geosite.dat** | 79 | | 重启 | `systemctl restart xray` | 80 | | 状态 | `systemctl status xray` | 81 | | 查看日志 | `journalctl -u xray -o cat -e` | 82 | | 实时日志 | `journalctl -u xray -o cat -f` | 83 | 84 | ## [**客户端配置示例**](https://github.com/chika0801/Xray-examples/tree/main/VLESS-Vision-TLS) 85 | -------------------------------------------------------------------------------- /acme.md: -------------------------------------------------------------------------------- 1 | **你需要先购买一个域名,将主域名(或添加一个子域名),指向你VPS的IP。等待约2-5分钟,让DNS解析生效。可以通过ping你设置的域名,查看返回的IP是否正确** 2 | 3 | **将 chika.example.com 替换成你设置的域名** 4 | 5 | **使用 standalone 模式申请/更新证书时会监听 80 端口,如果 80 端口被占用会导致失败** 6 | 7 | - 安装acme 8 | 9 | ``` 10 | apt install -y socat 11 | ``` 12 | 13 | ``` 14 | curl https://get.acme.sh | sh 15 | ``` 16 | 17 | ``` 18 | source ~/.bashrc 19 | ``` 20 | 21 | - 设置acme自动更新 22 | 23 | ``` 24 | acme.sh --upgrade --auto-upgrade 25 | ``` 26 | 27 | - 将默认 CA 更改为 Let's Encrypt 28 | 29 | ``` 30 | acme.sh --set-default-ca --server letsencrypt 31 | ``` 32 | 33 | - 使用 standalone 模式为 chika.example.com 申请 ECC 证书 34 | 35 | ``` 36 | acme.sh --issue -d chika.example.com --standalone --keylength ec-256 37 | ``` 38 | 39 | - 将 chika.example.com 的证书安装到 /etc/ssl/private 目录 40 | 41 | ``` 42 | acme.sh --install-cert -d chika.example.com --ecc \ 43 | ``` 44 | 45 | ``` 46 | --fullchain-file /etc/ssl/private/fullchain.cer \ 47 | ``` 48 | 49 | ``` 50 | --key-file /etc/ssl/private/private.key 51 | ``` 52 | 53 | - 设置证书权限,配合Xray服务端配置文件 54 | 55 | ``` 56 | chown -R nobody:nogroup /etc/ssl/private 57 | ``` 58 | 59 | - 强制更新证书 60 | 61 | ``` 62 | acme.sh --renew -d chika.example.com --force --ecc 63 | ``` 64 | -------------------------------------------------------------------------------- /certbot.md: -------------------------------------------------------------------------------- 1 | **你需要先购买一个域名,将主域名(或添加一个子域名),指向你VPS的IP。等待约2-5分钟,让DNS解析生效。可以通过ping你设置的域名,查看返回的IP是否正确** 2 | 3 | **将 chika.example.com 替换成你设置的域名** 4 | 5 | **使用 standalone 模式申请/更新证书时会监听 80 端口,如果 80 端口被占用会导致失败** 6 | 7 | - 安装certbot 8 | 9 | ``` 10 | apt install -y snapd 11 | ``` 12 | 13 | ``` 14 | snap install core 15 | snap install --classic certbot 16 | ln -s /snap/bin/certbot /usr/bin/certbot 17 | ``` 18 | 19 | - 使用 standalone 模式为 chika.example.com 申请 RSA 证书 20 | 21 | ``` 22 | certbot certonly --standalone --register-unsafely-without-email -d chika.example.com 23 | ``` 24 | 25 | - 将 chika.example.com 的证书安装到 /etc/ssl/private 目录 26 | 27 | ``` 28 | cp /etc/letsencrypt/archive/*/fullchain*.pem /etc/ssl/private/fullchain.cer 29 | cp /etc/letsencrypt/archive/*/privkey*.pem /etc/ssl/private/private.key 30 | ``` 31 | 32 | - 设置证书权限,配合Xray服务端配置文件 33 | 34 | ``` 35 | chown -R nobody:nogroup /etc/ssl/private 36 | chmod -R 0644 /etc/ssl/private/* 37 | ``` 38 | 39 | - 每个月的1日0点0分自动检查/更新证书 40 | 41 | ``` 42 | printf "0 0 1 * * /root/update_certbot.sh\n" > update && crontab update && rm update 43 | ``` 44 | 45 | ``` 46 | cat > /root/update_certbot.sh << EOF 47 | #!/usr/bin/env bash 48 | certbot renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" 49 | cp /etc/letsencrypt/archive/*/fullchain*.pem /etc/ssl/private/fullchain.cer 50 | cp /etc/letsencrypt/archive/*/privkey*.pem /etc/ssl/private/private.key 51 | EOF 52 | ``` 53 | 54 | ``` 55 | chmod +x update_certbot.sh 56 | ``` 57 | 58 | - 测试更新证书 59 | 60 | ``` 61 | certbot renew --dry-run --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" 62 | ``` 63 | -------------------------------------------------------------------------------- /compile_Xray-core.md: -------------------------------------------------------------------------------- 1 | 准备环境 2 | 3 | ``` 4 | curl -sLo go.tar.gz https://go.dev/dl/$(curl -sL https://golang.org/VERSION?m=text|head -1).linux-amd64.tar.gz 5 | rm -rf /usr/local/go 6 | tar -C /usr/local/ -xzf go.tar.gz 7 | rm go.tar.gz 8 | echo -e "export PATH=$PATH:/usr/local/go/bin" > /etc/profile.d/go.sh 9 | source /etc/profile.d/go.sh 10 | go version 11 | ``` 12 | 13 | ``` 14 | apt install -y git 15 | ``` 16 | 17 | 下载代码 18 | 19 | ``` 20 | git clone https://github.com/XTLS/Xray-core.git 21 | ``` 22 | 23 | 更新代码 24 | 25 | ``` 26 | cd Xray-core 27 | git pull 28 | cd .. 29 | ``` 30 | 31 | 编译命令 32 | 33 | **linux-amd64** 34 | 35 | ``` 36 | cd Xray-core 37 | go mod download 38 | go env -w CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOAMD64=v2 39 | go build -v -o xray -trimpath -ldflags "-s -w -buildid=" ./main 40 | cd .. 41 | ``` 42 | 43 | **windows-amd64** 44 | 45 | ``` 46 | cd Xray-core 47 | go mod download 48 | go env -w CGO_ENABLED=0 GOOS=windows GOARCH=amd64 GOAMD64=v3 49 | go build -v -o xray.exe -trimpath -ldflags "-s -w -buildid=" ./main 50 | cd .. 51 | ``` 52 | 53 | [About GOAMD64](https://github.com/golang/go/wiki/MinimumRequirements#amd64) 54 | 55 | 复制文件 56 | 57 | **linux-amd64** 58 | 59 | ``` 60 | cp -f Xray-core/xray /usr/local/bin/ 61 | chmod +x /usr/local/bin/xray 62 | ``` 63 | 64 | **windows-amd64** 65 | 66 | ``` 67 | cp -f Xray-core/xray.exe . 68 | ``` 69 | --------------------------------------------------------------------------------