Skip to content

Instantly share code, notes, and snippets.

@bodrovis
Last active May 22, 2026 16:55
Show Gist options
  • Select an option

  • Save bodrovis/4c65951e81e9139585aa2b351eb8203c to your computer and use it in GitHub Desktop.

Select an option

Save bodrovis/4c65951e81e9139585aa2b351eb8203c to your computer and use it in GitHub Desktop.
Xray VLESS + XHTTP + TLS Relay, WARP: 2-Server Setup
СЕРВЕР А
Всё ставим
sudo apt update
sudo apt install -y curl nano jq
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
Всё генерируем с помощью
xray uuid - ИД
xray x25519 - ключи
xray vlessenc - для шифрования
openssl rand -hex 8 - short id
В итоге потребуется:
CLIENT_UUID
A_REALITY_PRIVATE_KEY
A_REALITY_PUBLIC_KEY
A_REALITY_SHORT_ID
CLIENT_TO_A_DECRYPTION
CLIENT_TO_A_ENCRYPTION
A_TO_B_UUID
A_TO_B_DECRYPTION
A_TO_B_ENCRYPTION
Конфиг xray, сервер А
vim /usr/local/etc/xray/config.json
Пример
{
"log": {
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log",
"loglevel": "warning"
},
"dns": {
"servers": [
"1.1.1.1",
"8.8.8.8"
],
"queryStrategy": "UseIPv4"
},
"inbounds": [
{
"tag": "client-xhttp-reality-in",
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "CLIENT_UUID",
"email": "main-client",
"flow": "xtls-rprx-vision"
}
],
"decryption": "CLIENT_TO_A_DECRYPTION"
},
"streamSettings": {
"network": "xhttp",
"security": "reality",
"xhttpSettings": {
"path": "/assets",
"mode": "stream-one"
},
"realitySettings": {
"show": false,
"dest": "www.microsoft.com:443",
"xver": 0,
"serverNames": [
"www.microsoft.com"
],
"privateKey": "A_REALITY_PRIVATE_KEY",
"shortIds": [
"A_REALITY_SHORT_ID"
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
},
{
"tag": "local-test-socks",
"listen": "127.0.0.1",
"port": 10808,
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"tag": "relay-b",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "api.catandmouseteam.xyz",
"port": 443,
"users": [
{
"id": "A_TO_B_UUID",
"encryption": "A_TO_B_ENCRYPTION",
"flow": "xtls-rprx-vision",
"packetEncoding": "xudp"
}
]
}
]
},
"streamSettings": {
"network": "xhttp",
"security": "tls",
"tlsSettings": {
"serverName": "api.catandmouseteam.xyz",
"alpn": [
"h2",
"http/1.1"
],
"fingerprint": "chrome"
},
"xhttpSettings": {
"path": "/assets",
"mode": "stream-one"
},
"sockopt": {
"domainStrategy": "UseIPv4"
}
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
}
},
{
"tag": "block",
"protocol": "blackhole"
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"client-xhttp-reality-in",
"local-test-socks"
],
"outboundTag": "relay-b"
}
]
}
}
Запуск
sudo /usr/local/bin/xray run -test -config /usr/local/etc/xray/config.json
sudo systemctl enable --now xray
sudo systemctl restart xray
СЕРВЕР Б, ставим xray
sudo apt update
sudo apt install -y curl jq debian-keyring debian-archive-keyring apt-transport-https ca-certificates gnupg
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
Сервер Б, ставим caddy
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \
| sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \
| sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg
sudo chmod o+r /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install -y caddy
Получаем данные WARP
bash -c "$(curl -L warp-reg.vercel.app)"
Нужно:
private_key -> WARP_SECRET_KEY
public_key -> WARP_PUBLIC_KEY
reserved_dec -> WARP_RESERVED
endpoint.v4 -> WARP_ENDPOINT
v4 -> WARP_ADDRESS
vim /usr/local/etc/xray/config.json
Пример конфига
{
"log": {
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log",
"loglevel": "warning"
},
"dns": {
"servers": [
"1.1.1.1",
"8.8.8.8"
],
"queryStrategy": "UseIPv4"
},
"inbounds": [
{
"tag": "vless-xhttp-from-a",
"listen": "127.0.0.1",
"port": 10085,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "A_TO_B_UUID",
"email": "server-a",
"flow": "xtls-rprx-vision"
}
],
"decryption": "A_TO_B_DECRYPTION"
},
"streamSettings": {
"network": "xhttp",
"security": "none",
"xhttpSettings": {
"path": "/assets",
"mode": "stream-one"
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"tag": "warp",
"protocol": "wireguard",
"settings": {
"secretKey": "WARP_SECRET_KEY",
"address": [
"WARP_ADDRESS/32"
],
"peers": [
{
"publicKey": "WARP_PUBLIC_KEY",
"allowedIPs": [
"0.0.0.0/0"
],
"endpoint": "WARP_ENDPOINT:2408",
"keepAlive": 25
}
],
"reserved": [
0,
0,
0
],
"mtu": 1280,
"domainStrategy": "ForceIPv4",
"noKernelTun": true
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
}
},
{
"tag": "block",
"protocol": "blackhole"
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"vless-xhttp-from-a"
],
"outboundTag": "warp"
}
]
}
}
Запускаем
sudo /usr/local/bin/xray run -test -config /usr/local/etc/xray/config.json
sudo systemctl enable --now xray
sudo systemctl restart xray
Конфиг caddy, сервер Б
vim /etc/caddy/Caddyfile
Пример
api.catandmouseteam.xyz {
encode gzip zstd
handle /assets* {
reverse_proxy 127.0.0.1:10085 {
flush_interval -1
transport http {
versions h2c 1.1
}
}
}
handle /healthz {
header Content-Type application/json
respond `{"status":"ok","service":"api-gateway"}` 200
}
handle {
root * /usr/share/caddy/api
file_server
}
}
Можно сделать страницу-заглушку типа
sudo mkdir -p /usr/share/caddy/api
sudo tee /usr/share/caddy/api/index.html >/dev/null <<'HTML'
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex, nofollow">
<title>System API Gateway</title>
<style>
body {
margin: 0;
min-height: 100vh;
display: grid;
place-items: center;
background: #07111f;
color: #e5eefb;
font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
}
main {
width: min(760px, calc(100% - 32px));
border: 1px solid rgba(148, 163, 184, .25);
border-radius: 24px;
padding: 48px;
background: rgba(15, 23, 42, .82);
box-shadow: 0 24px 80px rgba(0,0,0,.35);
}
.badge {
color: #8ea4bf;
margin-bottom: 24px;
}
h1 {
margin: 0 0 16px;
font-size: clamp(36px, 8vw, 72px);
line-height: .95;
letter-spacing: -0.06em;
}
p {
color: #8ea4bf;
font-size: 18px;
line-height: 1.7;
max-width: 58ch;
}
</style>
</head>
<body>
<main>
<div class="badge">operational · private infrastructure</div>
<h1>System API Gateway</h1>
<p>
This endpoint is reserved for internal services, automation tasks, and controlled API traffic.
Public browsing and API discovery are not available from this host.
</p>
</main>
</body>
</html>
HTML
Запускаем caddy:
sudo caddy validate --config /etc/caddy/Caddyfile
sudo systemctl enable --now caddy
sudo systemctl restart caddy
Проверка на сервере Б
curl -I https://api.catandmouseteam.xyz/
curl https://api.catandmouseteam.xyz/healthz
sudo ss -lntup | grep -E ':80|:443|:10085'
Проверка на сервере А
curl -vk --connect-timeout 8 https://api.catandmouseteam.xyz/
curl -v --max-time 30 -x socks5h://127.0.0.1:10808 https://cloudflare.com/cdn-cgi/trace
ССЫЛКА ДЛЯ КЛИЕНТА
vless://CLIENT_UUID@A_IP:443?encryption=CLIENT_TO_A_ENCRYPTION&flow=xtls-rprx-vision&security=reality&sni=www.microsoft.com&fp=chrome&pbk=A_REALITY_PUBLIC_KEY&sid=A_REALITY_SHORT_ID&type=xhttp&path=%2Fassets&mode=stream-one#A-B-WARP
Всё. Видео тут: https://www.youtube.com/watch?v=YdV-09GmezA
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment