README.md

git clone https://gist.github.com/c78595bb816eda70a4c3950a23c76015.git /data/xray-server
cd /data/xray-server
bash -x xray-server-deploy.sh init
bash -x xray-server-deploy.sh configure
bash -x xray-server-deploy.sh cert
bash -x xray-server-deploy.sh docker_start

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
iptables -L

config.example.json

{
    "log": {
        "loglevel": "{{ log_level }}"
    },
    "inbounds": [
        {
            "port": "{{ port }}",
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "{{ uuid }}",
                        "flow": "xtls-rprx-direct",
                        "level": 0,
                        "email": "{{ email }}"
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": "{{ trojan_port }}",
                        "xver": 1
                    },
                    {
                        "path": "{{ vless_ws_path }}",
                        "dest": "{{ vless_ws_port }}",
                        "xver": 1
                    },
                    {
                        "path": "{{ vmess_tcp_path }}",
                        "dest": "{{ vmess_tcp_port }}",
                        "xver": 1
                    },
                    {
                        "path": "{{ vmess_ws_path }}",
                        "dest": "{{ vmess_ws_port }}",
                        "xver": 1
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "xtls",
                "xtlsSettings": {
                    "alpn": [
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "{{ cert_path }}",
                            "keyFile": "{{ cert_key_path }}"
                        }
                    ]
                }
            }
        },
        {
            "port": "{{ trojan_port }}",
            "listen": "127.0.0.1",
            "protocol": "trojan",
            "settings": {
                "clients": [
                    {
                        "password": "{{ trojan_password }}",
                        "level": 0,
                        "email": "{{ email }}"
                    }
                ],
                "fallbacks": [
                    {
                        "dest": 80
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
                    "acceptProxyProtocol": true
                }
            }
        },
        {
            "port": "{{ vless_ws_port }}",
            "listen": "127.0.0.1",
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "{{ uuid }}",
                        "level": 0,
                        "email": "{{ email }}"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptProxyProtocol": true,
                    "path": "{{ vless_ws_path }}"
                }
            }
        },
        {
            "port": "{{ vmess_tcp_port }}",
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "{{ uuid }}",
                        "level": 0,
                        "email": "{{ email }}"
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
                    "acceptProxyProtocol": true,
                    "header": {
                        "type": "http",
                        "request": {
                            "path": [
                                "{{ vmess_tcp_path }}"
                            ]
                        }
                    }
                }
            }
        },
        {
            "port": "{{ vmess_ws_port }}",
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "{{ uuid }}",
                        "level": 0,
                        "email": "{{ email }}"
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptProxyProtocol": true,
                    "path": "{{ vmess_ws_path }}"
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom"
        }
    ]
}

xray-server-deploy.sh

#!/bin/bash

service=xray-server

# path
data_path=/data/${service}
cache_path=.cache
mkdir -p ${data_path} ${cache_path}

# ===== init ===================================================================

configure_domain() {
    domain_file=${cache_path}/domain
    if [ ! -f ${domain_file} ]; then
        read -p "Enter your domain [www.example.com]: " DOMAIN
        echo ${DOMAIN} > ${domain_file}
    fi
    domain=${domain:-$(<${domain_file})}
    email=${email:-admin@${domain}}
}

configure_domain

# ===== function ===============================================================

install_basic() {
    if [ ! -x "$(command -v uuidgen)" ]; then
        apt install -y uuid-runtime
    fi
    if [ ! -x "$(command -v docker)" ]; then
        apt install -y docker.io
    fi
}

configure() {
    port=${port:-2333}
    uuid=${uuid:-$(uuidgen)}
    log_level=${log_level:-info}
    cert_path=${cert_path:-\\/etc\\/xray\\/certs\\/${domain}\\/${domain}.crt}
    cert_key_path=${cert_key_path:-\\/etc\\/xray\\/certs\\/${domain}\\/${domain}.key}
    trojan_port=${trojan_port:-10800}
    trojan_password=${trojan_password:-$(uuidgen)}
    vless_ws_path=${vless_ws_path:-\\/xray\\/vless\\/ws}
    vless_ws_port=${vless_ws_port:-10801}
    vmess_tcp_path=${vmess_tcp_path:-\\/xray\\/vmess\\/tcp}
    vmess_tcp_port=${vmess_tcp_port:-10802}
    vmess_ws_path=${vmess_ws_path:-\\/xray\\/vmess\\/ws}
    vmess_ws_port=${vmess_ws_port:-10803}

    cp config.example.json config.json
    sed -i 's/{{ uuid }}/'${uuid}'/g'                         config.json
    sed -i 's/"{{ port }}"/'${port}'/g'                       config.json
    sed -i 's/{{ email }}/'${email}'/g'                       config.json
    sed -i 's/{{ log_level }}/'${log_level}'/g'               config.json
    sed -i 's/{{ cert_path }}/'${cert_path}'/g'               config.json
    sed -i 's/{{ cert_key_path }}/'${cert_key_path}'/g'       config.json
    sed -i 's/"{{ trojan_port }}"/'${trojan_port}'/g'         config.json
    sed -i 's/{{ trojan_password }}/'${trojan_password}'/g'   config.json
    sed -i 's/"{{ vless_ws_port }}"/'${vless_ws_port}'/g'     config.json
    sed -i 's/{{ vless_ws_path }}/'${vless_ws_path}'/g'       config.json
    sed -i 's/"{{ vmess_tcp_port }}"/'${vmess_tcp_port}'/g'   config.json
    sed -i 's/{{ vmess_tcp_path }}/'${vmess_tcp_path}'/g'     config.json
    sed -i 's/"{{ vmess_ws_port }}"/'${vmess_ws_port}'/g'     config.json
    sed -i 's/{{ vmess_ws_path }}/'${vmess_ws_path}'/g'       config.json
    cp config.json ${data_path}/config.json
}

cert() {
    if [ ! -x "$(command -v certbot)" ]; then
        apt install -y certbot
    fi
    certbot certonly --standalone -d ${domain} --email ${email}
}

mattermost() {
    docker run -d --name mattermost-preview --publish 127.0.0.1:80:8065 mattermost/mattermost-preview
}

install_script() {
    cp ./* ${data_path}
}

docker_start() {
    docker rm -f ${service}
    docker run -d \
        --name ${service} \
        --restart=always \
        --network host \
        -v ${data_path}:/etc/xray \
        -v /etc/letsencrypt/live/${domain}/fullchain.pem:/etc/xray/certs/${domain}/${domain}.crt \
        -v /etc/letsencrypt/live/${domain}/privkey.pem:/etc/xray/certs/${domain}/${domain}.key \
        teddysun/xray
}

# ===== help ===================================================================

show_help() {
    # domain
    echo "DOMAIN: ${domain}"

    # usage
    echo ""
    echo "Usage: ${0} Option"

    # options
    echo ""
    echo "Option:"
    grep -E '\s+[a-zA-Z_-]+\).*##' $0 | \
        sed -r 's/\s+([a-zA-Z_-]+)\).*## (.*)/\1|\2/g' | \
        awk -F '|' '{printf "\t\033[36m%-20s\033[0m %s\n", $1, $2}'
}

# ===== option =================================================================

case $1 in
    configure_domain) ## configure domain
        configure_domain
        ;;
    init) ## install basic
        install_basic
        ;;
    install_script) ## install script
        install_script
        ;;
    cert) ## cert sign
        cert
        ;;
    configure) ## configure
        configure
        ;;
    docker_start) ## deploy xray
        docker_start
        ;;
    *)
        show_help
        ;;
esac