Hello, my name is Arsham, I have been testing Reality Tls for a few weeks and I was satisfied with it, of course, I also did other things that I plan to teach you in this tutorial. If an explanation is needed, I will write for each part, otherwise you can find the result yourself with a simple search.
I don't give you any guarantee that your server will not be filtered!
If you think there is wrong information on this GitHub page, or if you have any comments, you can send a message to this address on Telegram.
tg://openmessage?user_id=2036196665 ( Copy this and open in your Telegram )
If you have high users enable this
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
I use this because it's good
I recommend changing the port, you can change it if you want
If you don't have the netstat tool, you can install it
For check SSH port
apt install net-tools
netstat -tulnp | grep ssh
If you get the result, you can change the PORT
Now you can use this to change the port if you can't
Go to Google or Youtube and see tutorials for this part
Block the old SSH port
ufw status numbered
ufw delete SSH-OLD-PORT
ufw delete
Note that some providers do not allow changing the port!
Usually, by changing the SSH port, many problems such as speed drop, etc. are solved
nano /etc/ssh/sshd_config
Now restart SSH service
systemctl restart sshd
If you are using UFW, open a new SSH port
ufw allow 45678/tcp
The 45678 is a example
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --version 1.8.0 -u root
Because I added -u root, there is no need to change the Xray configuration to change "user".
This section is for blocking Ads, Iran domians or IPs, Porn Websites and...
wget -O /usr/local/share/xray/iran.dat https://github.com/bootmortis/iran-hosted-domains/releases/latest/download/iran.dat
wget -O /usr/local/share/xray/dlc.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat
These files are constantly being updated, so delete the old version every few days and download the new version!
If you want files to be downloaded and updated every 24 hours or..., do this
We do this with Python, download the prerequisites
apt update -y && apt upgrade -y && apt install python3 && apt install screen -y
In root directory, create a geo.py
nano geo.py
Now add these codes and save
import time
import os
p1 = os.path.exists(r'/usr/local/share/xray/iran.dat')
p2 = os.path.exists(r'/usr/local/share/xray/dlc.dat')
while True:
if p1:
os.remove("/usr/local/share/xray/iran.dat")
os.system("wget -O /usr/local/share/xray/iran.dat https://github.com/bootmortis/iran-hosted-domains/releases/latest/download/iran.dat")
if p2:
os.remove("/usr/local/share/xray/dlc.dat")
os.system("wget -O /usr/local/share/xray/dlc.dat https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat")
time.sleep(172800)
These times are in seconds
86400 = 1 day
172800 = 2 day
259200 = 3 day
In order for the Python file to have access and be able to work 24 hours a day, use the following commands
chmod +x geo.py && screen -c geo.py
Thanks to @Keyvan_bgham for the this part
Save the Pub Key and Priv Key in a text file or save it on your server
xray x25519 > key
After that use 'ls' to check the directory
You can use cat for see key
cat key
If you want a find a domian for serverNames use this
xray tls ping YOUR-DOMAIN
xray tls ping
You can see the results like this
Pinging with SNI handshake succeeded Allowed domains: [debian.org, ftp.debian.org] Tls ping finished
We need Allowed domains domains
Note :
1- Allowed domains may also have Star ( Like this > *.debian.org ) which are not supported yet
2- Because Reality uses Tls v1.3 and need H2 protocol, be sure to check with your browser's Dev Option that the desired site uses Tls 1.3 and H2
For check Tls version protocol, Go to domian and open Dev Tools and go to Security Tab, and in Connection you can check the Protocol of Tls
For check H2 protocol, Go to domian and open Dev Tools and go to Network tab, you can see a Status click right and enable Protocol if you can see H2 it's true
nano /usr/local/etc/xray/config.json
First remove the {} in the config.json file, Now you can add the codes
Only Vless Reality TCP, gRPC, H2
{
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443, # Note : You can change port
"protocol": "vless",
"settings": {
"clients": [
{
"id": "EX", # Your UUID
"flow": "" # If you want use TCP, add ( xtls-rprx-vision ) else no need to change
}
],
"decryption": "none"
},
"streamSettings": {
"network": "EX", # You can change this to ( h2, grpc, tcp ) I Recommend grpc
"security": "reality",
"realitySettings": {
"show": true,
"dest": "EX", # Example : ( ftp.debian.org:443, www.debian.org:443 or etc...)
"xver": 0, # I suggest that you use the same site for dest from the site you use for serverNames
"serverNames": [
"EX" # Example : ( ftp.debian.org )
],
"privateKey": "EX", # Your Private Key
"shortIds": [
"" # I don't use Short ID
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
}, {
"protocol": "blackhole",
"tag": "blocked"
}
],
"api": {
"tag": "api",
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
"policy": {
"levels": {
"0": {
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true,
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
"log": {
"loglevel": "info",
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log"
},
"dns": {
"servers": [
"https+local://cloudflare-dns.com/dns-query",
"1.0.0.1",
"1.1.1.1",
"8.8.8.8",
"8.8.4.4",
"localhost"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
}, {
"domain": [
"instagram.com",
"www.instagram.com",
"mediafire.com",
"www.mediafire.com"
],
"outboundTag": "proxy",
"type": "field"
}, {
"domain": [
"regexp:.*\\.ir$",
"ext:iran.dat:ir",
"ext:iran.dat:ads",
"ext:iran.dat:other",
"geosite:category-ir",
"geosite:category-ir-gov",
"geosite:category-ir-news",
"geosite:category-ir-bank",
"geosite:category-ir-tech",
"geosite:category-ir-travel",
"geosite:category-ir-scholar",
"geosite:category-ir-shopping",
"geosite:category-ir-insurance"
],
"type": "field",
"outboundTag": "blocked"
}, {
"type": "field",
"ip": [
"geoip:ir"
],
"outboundTag": "blocked"
}, {
"protocol": [
"bittorrent"
],
"type": "field",
"outboundTag": "blocked"
}
]
}
}
If no need to Proxy block, you can remove
{
"domain": [
"instagram.com",
"www.instagram.com",
"mediafire.com",
"www.mediafire.com"
],
"outboundTag": "proxy",
"type": "field"
},
Only Trojan Reality gRPC, H2
{
"inbounds": [
{
"port": 443, # You can change port
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "EX" # Your UUID ( Pass )
}
]
},
"streamSettings": {
"network": "grpc", # You can change this to ( h2 or grpc )
"security": "reality",
"realitySettings": {
"show": true,
"dest": "EX", # Example : ( ftp.debian.org:443, www.debian.org:443 or etc...)
"xver": 0, # I suggest that you use the same site for dest from the site you use for serverNames
"serverNames": [
"EX" # Example : ( ftp.debian.org )
],
"privateKey": "EX", # Your Private Key
"shortIds": [
"" # I don't use Short ID
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
}, {
"protocol": "blackhole",
"tag": "blocked"
}
],
"api": {
"tag": "api",
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
"policy": {
"levels": {
"0": {
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true,
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
"log": {
"loglevel": "info",
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log"
},
"dns": {
"servers": [
"https+local://cloudflare-dns.com/dns-query",
"1.0.0.1",
"1.1.1.1",
"8.8.8.8",
"8.8.4.4",
"localhost"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
}, {
"domain": [
"instagram.com",
"www.instagram.com",
"mediafire.com",
"www.mediafire.com"
],
"outboundTag": "proxy",
"type": "field"
}, {
"domain": [
"regexp:.*\\.ir$",
"ext:iran.dat:ir",
"ext:iran.dat:ads",
"ext:iran.dat:other",
"geosite:category-ir",
"geosite:category-ir-gov",
"geosite:category-ir-news",
"geosite:category-ir-bank",
"geosite:category-ir-tech",
"geosite:category-ir-travel",
"geosite:category-ir-scholar",
"geosite:category-ir-shopping",
"geosite:category-ir-insurance"
],
"type": "field",
"outboundTag": "blocked"
}, {
"type": "field",
"ip": [
"geoip:ir"
],
"outboundTag": "blocked"
}, {
"protocol": [
"bittorrent"
],
"type": "field",
"outboundTag": "blocked"
}
]
}
}
Note Trojan Reality supported only Andtoid
Because other people have explained it, I will not explain it very completely ( You can refer to the end of the page for links )
You can also see more Configuration, click here
If you want to block Speed test websites or Whoer websites, you can add these codes to Rules
"speed.cloudflare.com",
"nordvpn.com",
"testmyspeed.com",
"speedcheck.org",
"gocompare.com",
"netspotapp.com",
"virginmedia.com",
"broadbandspeedtest.org.uk",
"thinkbroadband.com",
"broadbandspeedchecker.co.uk",
"measurementlab.net",
"mxtoolbox.com",
"tunnelbear.com",
"top10vpn.com",
"ip.me",
"which.co.uk",
"whatismyip.net",
"ipcost.com",
"myip.com",
"whatsmyip.com",
"dnsleak.com",
"whatsmyip.org",
"iplocation.net",
"whatismyip.com",
"whoer.net",
"whatismypublicip.com",
"ipaddress.my",
"showmyip.com",
"www.expressvpn.com",
"perfect-privacy.com",
"surfshark.com",
"browserleaks.com",
"dnsleaktest.org",
"www.dnsleaktest.com",
"whatismyipaddress.com",
"fast.com",
"speedtest.net",
I have written the most used ones, it is not very complete
If want block Porns and this
"geosite:category-porn",
If want block Ads and this
"geosite:category-ads-all",
"geosite:category-ads",
"geosite:google-ads"
It does not block all advertisements, it is possible that a series of programs may encounter problems, to solve this problem, define those programs in the Proxy section.
Now restart Xray and check status for this working normally or not
systemctl restart xray.service
systemctl status xray.service
We're done with xray, now you can add the configuration to your app, then we want it to automatically download a file if a request comes in on port 80.
If you want see a test go to this address
Note : Copy url and open a new tab for test
or
http://159.223.202.134/Ex/Ex/Ex ( Test Redirect )
Please allow HTTP port in ufw before install
ufw allow http
Now can install
apt install ca-certificates apt-transport-https software-properties-common -y
apt install php8.1 -y
If you want to get a certificate for your page, use these codes
Please allow HTTPS port in ufw before install
apt install certbot python3-certbot-apache -y
certbot --apache -d YOUR-DOMAIN
apt install ca-certificates apt-transport-https software-properties-common -y
apt install php8.1 -y
If you get this Erorr use this code ( Unable to correct problems, you have held broken packages. )
sudo apt-get remove apache* && sudo apt-get install apache2
Now go to this Directory
cd /var/www/html/
Remove the index.html file
rm index.html
Now create a Ex.txt file and add anything in file, you can change file name if want
nano Ex.txt
Create a index.php file
nano index.php
Now add these codes
<?php
$original_filename = 'Ex.txt'; # Change here is you charged Ex.txt in
$new_filename = 'Ex'; # Change here if want
header("Content-Type: application/jpeg");
header("Content-Length: " . filesize($original_filename));
header('Content-Disposition: attachment; filename="' . $new_filename . '"');
readfile($original_filename);
exit;
?>
Now create a htaccess file, for redirect all to index.php
nano .htaccess
Add these codes
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?path=$1 [NC,L,QSA]
</IfModule>
Now change 000-default.conf, because we want use htaccess file need to add these codes
nano /etc/apache2/sites-available/000-default.conf
And add these codes first
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Because we want use htaccess file need to enable rewrite
a2enmod rewrite
Restart Apache for apply changes
systemctl restart apache2
You can also bring an HTML page up next to PHP
If you want see a test go to this address
or
http://159.223.202.161/Ex/Ex/Ex ( Test Redirect )
Go to root of your web page directory
cd /var/www/html/
Change index.php to any name for example Ex.php and create a index.html
mv index.php Ex.php
nano index.html
Now add these codes
<html>
<head>
<link rel="icon" type="image/x-icon" href="https://s10.gifyu.com/images/kozu.gif">
<meta name="viewport" content="user-scalable=no">
<meta charset="UTF-8">
<meta http-equiv="refresh" content="0;url=http://YOUR-IP-OR-DOMAIN/Ex.php"> # default time for download is zero, you can change it
<title>=)</title>
<style>
body {
margin-top: 60px;
-webkit-user-select: none;
-ms-user-select: none;
user-select: none;
overflow-x: hidden;
background: #FDFAFA;
font-weight: 350;
font-family: -apple-system, BlinkMacSystemFont, opensans, Optima, 'Microsoft Yahei', sans-serif;
line-height: 0;
}
.kozu {
padding: 40px 0;
}
.kozu p {
color: #000;
font-style: italic;
text-decoration:none;
letter-spacing: 1px;
cursor: default;
text-align:center;
font-size:32px;
}
img {
pointer-events: none;
margin: auto;
display: block;
}
.isBold { font-weight: bold;
}
</style>
</head>
<body><img loading="lazy" src="https://s10.gifyu.com/images/kozu.gif" alt="Kozu" class="center">
<div class="kozu">
<p>This IP belongs to <span class="isBold">ARSHAM.6IX</span></p> # Text
</div>
</body>
</html>
I recommend you download and use your image or gif in your web root, like this
https://s10.gifyu.com/images/kozu.gif
Change to this
http://YOUR-IP-OR-DOMAIN/kozu.gif
You can download the gif or... in your server with wget
wget https://s10.gifyu.com/images/kozu.gif
Be sure to pay attention to the names to be correct!
Now need to redirect all to index.html
Need edit the htaccess file
nano .htaccess
You can see the index.php change .php to .html and save
Please allow HTTP port in ufw before install
ufw allow http
Now can install
apt install nginx -y
If you want to get a certificate for your page, use these codes
Please allow HTTPS port in ufw before install
apt install certbot python3-certbot-nginx -y
certbot --nginx -d YOUR-DOMAIN
Now go to this Directory
cd /var/www/html/
Remove the index.html file
rm index.html
Now create a Ex file and add anything in file, you can change file name if want
nano Ex
Create a index.html file
nano index.html
Now add these codes
<html>
<head>
<link rel="icon" type="image/x-icon" href="http://YOUR-IP-OR-DOMAIN/kozu.gif">
<meta name="viewport" content="user-scalable=no">
<meta charset="UTF-8">
<meta http-equiv="refresh" content="0;url=http://YOUR-IP-OR-DOMAIN/Ex"> # default time for download is zero, you can change it
<title>=)</title>
<style>
body {
margin-top: 60px;
-webkit-user-select: none;
-ms-user-select: none;
user-select: none;
overflow-x: hidden;
background: #FDFAFA;
font-weight: 350;
font-family: -apple-system, BlinkMacSystemFont, opensans, Optima, 'Microsoft Yahei', sans-serif;
line-height: 0;
}
.kozu {
padding: 40px 0;
}
.kozu p {
color: #000;
font-style: italic;
text-decoration:none;
letter-spacing: 1px;
cursor: default;
text-align:center;
font-size:32px;
}
img {
pointer-events: none;
margin: auto;
display: block;
}
.isBold { font-weight: bold;
}
</style>
</head>
<body><img loading="lazy" src="http://YOUR-IP-OR-DOMAIN/kozu.gif" alt="Kozu" class="center">
<div class="kozu">
<p>This IP belongs to <span class="isBold">ARSHAM.6IX</span></p> # Text
</div>
</body>
</html>
Be sure to pay attention to the names to be correct if want to change!
Now go to your Nginx configuration for Redirect all to index.html
nano /etc/nginx/sites-enabled/default
You can see try_files $uri $uri/ =404;, change =404; to /index.html; of HTTPS
/index.html;
If you use certificate you need to change =404; to /index.html; of HTTPS and HTTP
Now restart Nginx
systemctl restart nginx
If your users cannot access some sites ( if you use IPv6 ), enter this command.
sysctl -w net.ipv6.conf.all.disable_ipv6=1 sysctl -w net.ipv6.conf.default.disable_ipv6=1 sysctl -w net.ipv6.conf.lo.disable_ipv6=1
For Test Speed
https://speed.hetzner.de/1GB.bin
https://speed.hetzner.de/10GB.bin
http://speedtest-sgp1.digitalocean.com/5gb.test
Friends who want to see CPU and Ram status of Linux server in command line, To check the download and upload status of the network, with the htop command, and F10 to exit
apt install nload
Ctrl+C to exit
I recommend reading or viewing these pages
- How to find the site for REALITY ( Persian )
- Teaching the use of REALITY ( Persian )
- Project X Documents Of Configs
- Domain List Community
- Official Xray Core Page
- Iran Hosted Domains
- Integrated Examples
- REALITY In English
- Chika0801
- Project V
- Dev分享
- Mr.xiao
Thanks to the friends for helped me in the web field
Written by Arsham.6ix.