In the last several days, many people have had trouble connecting to and using virtual private networks. That concern various of popular VPN software solutions due to their lack of protect from active probing and more various attack forward to detect VPN server. In that instruction we consider new way to build and uncover new technology developed by China specialists. The XRAY — it's technology for building protect and safe channel in certain degree when transferring commonly or sensitive data through the open and trusted network. The features that solutions in combination of making encrypted and obfuscated connection with hide VPN server from illegitimate person. How to do this?
- Root rights;
- Domain name;
- Several knowledge about work OS ;
- Internet connection.
First of all, we need to update system packages for properly work and actualize system path and index:
apt update && apt upgrade -y
We will install Web-UI panel for more clearly and intuitive management our server and run it by docker container. Let's make sure you have docker and git in your distributes by typing command:
docker && git
But if you see message after entering command docker: command not found, then you need install packages, in the most of distributes you will have repository with docker packages. We will install main package for containerization and docker orchestration:
apt install docker.io docker-compose git
After we make sure that our system was prepared to work, we need to download and install web-panel with server XRAY for management and more flexible usage. Highlights! The such solution allows to use various of combinations of protocols for more securely transfer traffic like VLESS+Websockets, XTLS-Reality and more. Let's consider one of them!
VLESS (VMess over TLS) is a protocol developed by the V2Ray team to ensure secure and encrypted data transfer between the client and the server. VLESS is an advanced version of VMess (V2Ray's Message Protocol), and it works on top of TLS (Transport Layer Security) to provide data encryption and authentication.
WebSockets is a protocol, as described earlier, that allows you to establish a permanent two-way connection between the client and the server via a web browser or other applications. This protocol can be used to transfer various data, including VLESS.
The combination of VLESS and WebSockets means using the VLESS protocol over a WebSockets connection. This can be useful in various scenarios, such as bypassing network restrictions, improving security and anonymity, and providing access to Internet services.
Advantages of VLESS + WebSockets:
- Encryption and Security: Using the VLESS protocol via WebSockets provides data encryption and protection against eavesdropping or interference;
- Traffic masking: This allows you to mask traffic as normal web traffic, which can help bypass blocking or filtering;
- Flexibility: The combination of VLESS and WebSockets provides flexibility in choosing the protocol for your needs;
- Circumventing restrictions: In some networks where standard protocols are blocked or restricted, using VLESS + WebSockets can help to access Internet resources.
Let's install the same configuration, type commands below:
git clone https://github.com/MHSanaei/3x-ui.git
git checkout v1.4.6
That sequence of commands allow to download and go to the folder with Docker configuration file, that we need to start by one command:
docker-compose up -d
And that's all about installation process, how you can highlight, that quite simple step! We are pulling needed container and start process.
If you have domain name private or free you need to make record for your service, like that:
Saving changes, may take a minute or some hours that depends by your DNS — provider. Let's make sure that our record are update, by the command below:
apt install dnsutils && dig balancer.vdushu.space
Alright, we can see our domain was found and we can continue our setup server. Go to the http://yourdomainname:2053/panel/, but change yourdomainname for your real domain name of server, in our case that balancer.vdushu.space. And we will on the web panel for managing server:
You may notice that we connect to the server via HTTP non-secure protocol and setting up our server, we can fix that, consider further. Now we can get access by the default credentials Login:Password — admin:admin. Now we can see the status panel:
In the main page panel has indicator of CPU time, Memory, Hard disk and Swap for our VPN system. Let's make some changes for secure of our server, go to the Panel Settings at the menu in the left:
Change standart port connection to yours and switch the root directory, highlight name have to start and end with / sign! Save changes and go to the security tab above:
Changes default credentials by type your new login name and password, then press to button Confirm, that restart panel and will require to enter new data. Then go to the tab subscription and turn on subscription for client of server:
Also change standart port for listening and directory name, that need to prevent detect by automatic instruments and avoid usual pattern in the server. Subscription in our VPN—machine needed for automatic update configuration and deliver that to clients. Save changes and restart panel:
Go to the tab at the left menu Inbounds and add new Inbond, by clicking button:
And you will see pop-up window, fill all needed field like that:
- Annotation (Note) — Feel free to enter any content; this is merely a name that humans can understand;
- Communication Protocol opt for shadowsocks;
- Listening Address can be left blank to enable the server to listen across all IP addresses, or you can specify a specific address if desired;
- Port Number — the system will randomly select one;
- Subsequently, we set up the user (during initial inbound configuration, one user is established, additional users can be appended subsequently if needed): The Email field doesn't necessarily require an actual email; any text (user identifier) works — the system generates a set of random characters. If you intend to generate distinct user profiles (e.g., allocating accounts to friends, tracking individual usage, and potentially revoking access), it's advisable to input something meaningful and coherent here;
- Access — currently, you can input the same username (I will elaborate on access tiers later).
Following this, the protocol configurations resurface:
- Encoding — opt for something that commences with 2022; the default choice is generally suitable;
- The passcode (key) will be auto-generated by the system with the appropriate length for the chosen encoding technique;
- Select Generate, and the setup for Shadowsocks concludes, rendering it ready for utilization.
Press button to save configuration and now we have set up inbound on our server, which we can use in different ways. For mobile devices you can download IOS and Android version, also there is client for Windows OS. Just scan QR code and you are have access to your secret server!
In this installation guide, we have explored the process of setting up a secure and obfuscated VPN server using the XRAY technology, developed by specialists from China. This technology allows for the creation of a protected and safe channel to transfer data through open and trusted networks, effectively safeguarding sensitive information. By combining encrypted and obfuscated connections, the VPN server becomes hidden from unauthorized individuals, enhancing security.