Last active
May 22, 2026 16:55
-
-
Save bodrovis/4c65951e81e9139585aa2b351eb8203c to your computer and use it in GitHub Desktop.
Xray VLESS + XHTTP + TLS Relay, WARP: 2-Server Setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| СЕРВЕР А | |
| Всё ставим | |
| sudo apt update | |
| sudo apt install -y curl nano jq | |
| bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root | |
| Всё генерируем с помощью | |
| xray uuid - ИД | |
| xray x25519 - ключи | |
| xray vlessenc - для шифрования | |
| openssl rand -hex 8 - short id | |
| В итоге потребуется: | |
| CLIENT_UUID | |
| A_REALITY_PRIVATE_KEY | |
| A_REALITY_PUBLIC_KEY | |
| A_REALITY_SHORT_ID | |
| CLIENT_TO_A_DECRYPTION | |
| CLIENT_TO_A_ENCRYPTION | |
| A_TO_B_UUID | |
| A_TO_B_DECRYPTION | |
| A_TO_B_ENCRYPTION | |
| Конфиг xray, сервер А | |
| vim /usr/local/etc/xray/config.json | |
| Пример | |
| { | |
| "log": { | |
| "access": "/var/log/xray/access.log", | |
| "error": "/var/log/xray/error.log", | |
| "loglevel": "warning" | |
| }, | |
| "dns": { | |
| "servers": [ | |
| "1.1.1.1", | |
| "8.8.8.8" | |
| ], | |
| "queryStrategy": "UseIPv4" | |
| }, | |
| "inbounds": [ | |
| { | |
| "tag": "client-xhttp-reality-in", | |
| "listen": "0.0.0.0", | |
| "port": 443, | |
| "protocol": "vless", | |
| "settings": { | |
| "clients": [ | |
| { | |
| "id": "CLIENT_UUID", | |
| "email": "main-client", | |
| "flow": "xtls-rprx-vision" | |
| } | |
| ], | |
| "decryption": "CLIENT_TO_A_DECRYPTION" | |
| }, | |
| "streamSettings": { | |
| "network": "xhttp", | |
| "security": "reality", | |
| "xhttpSettings": { | |
| "path": "/assets", | |
| "mode": "stream-one" | |
| }, | |
| "realitySettings": { | |
| "show": false, | |
| "dest": "www.microsoft.com:443", | |
| "xver": 0, | |
| "serverNames": [ | |
| "www.microsoft.com" | |
| ], | |
| "privateKey": "A_REALITY_PRIVATE_KEY", | |
| "shortIds": [ | |
| "A_REALITY_SHORT_ID" | |
| ] | |
| } | |
| }, | |
| "sniffing": { | |
| "enabled": true, | |
| "destOverride": [ | |
| "http", | |
| "tls", | |
| "quic" | |
| ] | |
| } | |
| }, | |
| { | |
| "tag": "local-test-socks", | |
| "listen": "127.0.0.1", | |
| "port": 10808, | |
| "protocol": "socks", | |
| "settings": { | |
| "udp": true | |
| } | |
| } | |
| ], | |
| "outbounds": [ | |
| { | |
| "tag": "relay-b", | |
| "protocol": "vless", | |
| "settings": { | |
| "vnext": [ | |
| { | |
| "address": "api.catandmouseteam.xyz", | |
| "port": 443, | |
| "users": [ | |
| { | |
| "id": "A_TO_B_UUID", | |
| "encryption": "A_TO_B_ENCRYPTION", | |
| "flow": "xtls-rprx-vision", | |
| "packetEncoding": "xudp" | |
| } | |
| ] | |
| } | |
| ] | |
| }, | |
| "streamSettings": { | |
| "network": "xhttp", | |
| "security": "tls", | |
| "tlsSettings": { | |
| "serverName": "api.catandmouseteam.xyz", | |
| "alpn": [ | |
| "h2", | |
| "http/1.1" | |
| ], | |
| "fingerprint": "chrome" | |
| }, | |
| "xhttpSettings": { | |
| "path": "/assets", | |
| "mode": "stream-one" | |
| }, | |
| "sockopt": { | |
| "domainStrategy": "UseIPv4" | |
| } | |
| } | |
| }, | |
| { | |
| "tag": "direct", | |
| "protocol": "freedom", | |
| "settings": { | |
| "domainStrategy": "UseIPv4" | |
| } | |
| }, | |
| { | |
| "tag": "block", | |
| "protocol": "blackhole" | |
| } | |
| ], | |
| "routing": { | |
| "rules": [ | |
| { | |
| "type": "field", | |
| "inboundTag": [ | |
| "client-xhttp-reality-in", | |
| "local-test-socks" | |
| ], | |
| "outboundTag": "relay-b" | |
| } | |
| ] | |
| } | |
| } | |
| Запуск | |
| sudo /usr/local/bin/xray run -test -config /usr/local/etc/xray/config.json | |
| sudo systemctl enable --now xray | |
| sudo systemctl restart xray | |
| СЕРВЕР Б, ставим xray | |
| sudo apt update | |
| sudo apt install -y curl jq debian-keyring debian-archive-keyring apt-transport-https ca-certificates gnupg | |
| bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root | |
| Сервер Б, ставим caddy | |
| curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \ | |
| | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg | |
| curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \ | |
| | sudo tee /etc/apt/sources.list.d/caddy-stable.list | |
| sudo chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg | |
| sudo chmod o+r /etc/apt/sources.list.d/caddy-stable.list | |
| sudo apt update | |
| sudo apt install -y caddy | |
| Получаем данные WARP | |
| bash -c "$(curl -L warp-reg.vercel.app)" | |
| Нужно: | |
| private_key -> WARP_SECRET_KEY | |
| public_key -> WARP_PUBLIC_KEY | |
| reserved_dec -> WARP_RESERVED | |
| endpoint.v4 -> WARP_ENDPOINT | |
| v4 -> WARP_ADDRESS | |
| vim /usr/local/etc/xray/config.json | |
| Пример конфига | |
| { | |
| "log": { | |
| "access": "/var/log/xray/access.log", | |
| "error": "/var/log/xray/error.log", | |
| "loglevel": "warning" | |
| }, | |
| "dns": { | |
| "servers": [ | |
| "1.1.1.1", | |
| "8.8.8.8" | |
| ], | |
| "queryStrategy": "UseIPv4" | |
| }, | |
| "inbounds": [ | |
| { | |
| "tag": "vless-xhttp-from-a", | |
| "listen": "127.0.0.1", | |
| "port": 10085, | |
| "protocol": "vless", | |
| "settings": { | |
| "clients": [ | |
| { | |
| "id": "A_TO_B_UUID", | |
| "email": "server-a", | |
| "flow": "xtls-rprx-vision" | |
| } | |
| ], | |
| "decryption": "A_TO_B_DECRYPTION" | |
| }, | |
| "streamSettings": { | |
| "network": "xhttp", | |
| "security": "none", | |
| "xhttpSettings": { | |
| "path": "/assets", | |
| "mode": "stream-one" | |
| } | |
| }, | |
| "sniffing": { | |
| "enabled": true, | |
| "destOverride": [ | |
| "http", | |
| "tls", | |
| "quic" | |
| ] | |
| } | |
| } | |
| ], | |
| "outbounds": [ | |
| { | |
| "tag": "warp", | |
| "protocol": "wireguard", | |
| "settings": { | |
| "secretKey": "WARP_SECRET_KEY", | |
| "address": [ | |
| "WARP_ADDRESS/32" | |
| ], | |
| "peers": [ | |
| { | |
| "publicKey": "WARP_PUBLIC_KEY", | |
| "allowedIPs": [ | |
| "0.0.0.0/0" | |
| ], | |
| "endpoint": "WARP_ENDPOINT:2408", | |
| "keepAlive": 25 | |
| } | |
| ], | |
| "reserved": [ | |
| 0, | |
| 0, | |
| 0 | |
| ], | |
| "mtu": 1280, | |
| "domainStrategy": "ForceIPv4", | |
| "noKernelTun": true | |
| } | |
| }, | |
| { | |
| "tag": "direct", | |
| "protocol": "freedom", | |
| "settings": { | |
| "domainStrategy": "UseIPv4" | |
| } | |
| }, | |
| { | |
| "tag": "block", | |
| "protocol": "blackhole" | |
| } | |
| ], | |
| "routing": { | |
| "rules": [ | |
| { | |
| "type": "field", | |
| "inboundTag": [ | |
| "vless-xhttp-from-a" | |
| ], | |
| "outboundTag": "warp" | |
| } | |
| ] | |
| } | |
| } | |
| Запускаем | |
| sudo /usr/local/bin/xray run -test -config /usr/local/etc/xray/config.json | |
| sudo systemctl enable --now xray | |
| sudo systemctl restart xray | |
| Конфиг caddy, сервер Б | |
| vim /etc/caddy/Caddyfile | |
| Пример | |
| api.catandmouseteam.xyz { | |
| encode gzip zstd | |
| handle /assets* { | |
| reverse_proxy 127.0.0.1:10085 { | |
| flush_interval -1 | |
| transport http { | |
| versions h2c 1.1 | |
| } | |
| } | |
| } | |
| handle /healthz { | |
| header Content-Type application/json | |
| respond `{"status":"ok","service":"api-gateway"}` 200 | |
| } | |
| handle { | |
| root * /usr/share/caddy/api | |
| file_server | |
| } | |
| } | |
| Можно сделать страницу-заглушку типа | |
| sudo mkdir -p /usr/share/caddy/api | |
| sudo tee /usr/share/caddy/api/index.html >/dev/null <<'HTML' | |
| <!doctype html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="utf-8"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1"> | |
| <meta name="robots" content="noindex, nofollow"> | |
| <title>System API Gateway</title> | |
| <style> | |
| body { | |
| margin: 0; | |
| min-height: 100vh; | |
| display: grid; | |
| place-items: center; | |
| background: #07111f; | |
| color: #e5eefb; | |
| font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif; | |
| } | |
| main { | |
| width: min(760px, calc(100% - 32px)); | |
| border: 1px solid rgba(148, 163, 184, .25); | |
| border-radius: 24px; | |
| padding: 48px; | |
| background: rgba(15, 23, 42, .82); | |
| box-shadow: 0 24px 80px rgba(0,0,0,.35); | |
| } | |
| .badge { | |
| color: #8ea4bf; | |
| margin-bottom: 24px; | |
| } | |
| h1 { | |
| margin: 0 0 16px; | |
| font-size: clamp(36px, 8vw, 72px); | |
| line-height: .95; | |
| letter-spacing: -0.06em; | |
| } | |
| p { | |
| color: #8ea4bf; | |
| font-size: 18px; | |
| line-height: 1.7; | |
| max-width: 58ch; | |
| } | |
| </style> | |
| </head> | |
| <body> | |
| <main> | |
| <div class="badge">operational · private infrastructure</div> | |
| <h1>System API Gateway</h1> | |
| <p> | |
| This endpoint is reserved for internal services, automation tasks, and controlled API traffic. | |
| Public browsing and API discovery are not available from this host. | |
| </p> | |
| </main> | |
| </body> | |
| </html> | |
| HTML | |
| Запускаем caddy: | |
| sudo caddy validate --config /etc/caddy/Caddyfile | |
| sudo systemctl enable --now caddy | |
| sudo systemctl restart caddy | |
| Проверка на сервере Б | |
| curl -I https://api.catandmouseteam.xyz/ | |
| curl https://api.catandmouseteam.xyz/healthz | |
| sudo ss -lntup | grep -E ':80|:443|:10085' | |
| Проверка на сервере А | |
| curl -vk --connect-timeout 8 https://api.catandmouseteam.xyz/ | |
| curl -v --max-time 30 -x socks5h://127.0.0.1:10808 https://cloudflare.com/cdn-cgi/trace | |
| ССЫЛКА ДЛЯ КЛИЕНТА | |
| vless://CLIENT_UUID@A_IP:443?encryption=CLIENT_TO_A_ENCRYPTION&flow=xtls-rprx-vision&security=reality&sni=www.microsoft.com&fp=chrome&pbk=A_REALITY_PUBLIC_KEY&sid=A_REALITY_SHORT_ID&type=xhttp&path=%2Fassets&mode=stream-one#A-B-WARP | |
| Всё. Видео тут: https://www.youtube.com/watch?v=YdV-09GmezA |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment