Skip to content

Instantly share code, notes, and snippets.

@loskiq

loskiq/3x-ui.md

Last active July 19, 2025 20:42
Show Gist options
  • Save loskiq/f6d9348c8cfd8573a90cafda88a57392 to your computer and use it in GitHub Desktop.
Save loskiq/f6d9348c8cfd8573a90cafda88a57392 to your computer and use it in GitHub Desktop.
Download ZIP
xray
Raw
3x-ui.md

Generate self-signed certificate

openssl req -x509 -keyout /etc/ssl/certs/3x-ui.key -out /etc/ssl/certs/3x-ui.pem -newkey rsa:4096 -sha256 -days 3650 -nodes -new

Generate self-signed certificate with Subject Alternative Name

openssl req -x509 -keyout /etc/ssl/certs/3x-ui.key -out /etc/ssl/certs/3x-ui.pem -newkey rsa:4096 -sha256 -days 3650 -nodes -new -addext "subjectAltName=DNS:*.domain.com"

Show fingerprint of certificate

openssl x509 -noout -sha256 -fingerprint -in /etc/ssl/certs/3x-ui.pem
Raw
readme.md

Check TLS 1.3 for host

openssl s_client -brief -state -connect 188.165.1.3:443 -servername www.checkyourorders24-7.com

Generate uuid, private/public keys and shortid

xray uuid
xray x25519
openssl rand -hex 8

String for mobile clients (v2rayng, foxray, hiddify)

vless://[email protected]:443?flow=xtls-rprx-vision&type=tcp&security=reality&sni=www.checkyourorders24-7.com&fp=chrome&pbk=seBxvk7WKB1qw4YGQTWtqwfgvLPCGD-CB0zjY7lbF3o&sid=032e0ae968dca962#xtls
Raw
sysctl.conf
# tunning network stack
#net.ipv6.conf.all.disable_ipv6 = 1
fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.dev_weight = 16
net.core.netdev_max_backlog = 16000
net.core.somaxconn = 4096
net.core.default_qdisc = fq
net.netfilter.nf_conntrack_max = 1048576
net.netfilter.nf_conntrack_buckets = 131072
net.netfilter.nf_conntrack_generic_timeout = 60
net.netfilter.nf_conntrack_icmp_timeout = 10
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 20
net.netfilter.nf_conntrack_tcp_timeout_established = 600
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 30
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 60
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60
net.netfilter.nf_conntrack_udp_timeout_stream = 60
net.netfilter.nf_conntrack_checksum = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = bbr
Raw
xray-client.yaml
inbounds:
- listen: 127.0.0.1
port: 1082
protocol: socks
settings:
udp: true
outbounds:
- protocol: vless
settings:
vnext:
- address: domain.com
port: 443
users:
- id: 71f84a4b-6b0c-4b84-b003-10f6ed1b6714
flow: xtls-rprx-vision
encryption: none
streamSettings:
network: tcp
security: reality
realitySettings:
fingerprint: chrome
serverName: www.checkyourorders24-7.com
publicKey: seBxvk7WKB1qw4YGQTWtqwfgvLPCGD-CB0zjY7lbF3o
shortId: 032e0ae968dca962
Raw
xray-server.yaml
inbounds:
- listen: 0.0.0.0
port: 443
protocol: vless
settings:
clients:
- id: 71f84a4b-6b0c-4b84-b003-10f6ed1b6714 # loskiq
flow: xtls-rprx-vision
decryption: none
streamSettings:
network: tcp
security: reality
realitySettings:
dest: 188.165.1.3:443
serverNames:
- www.checkyourorders24-7.com
privateKey: 2G1jQB0yxEczmCIbfDkwND_07e4kskjZjlYFaAu5pEU
shortIds:
- 032e0ae968dca962
outbounds:
- protocol: freedom
Raw
xray.service
[Unit]
Description=xray
After=network.target
[Service]
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ExecStart=/usr/local/bin/xray -c /etc/xray.yaml
User=xray
Group=xray
Restart=on-failure
SyslogIdentifier=xray
[Install]
WantedBy=multi-user.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment