Creating an XrayR node

To connect a server to an airport backend, we will be using XrayR, an open source and free backend for Xray protocols.

If using TLS - assigning certificates

Most of the time, we will be using Vmess over Websockets with TLS encryption as our protocol. This means that we will need a TLS certificate in order to secure our service.

To do this, you will need to have:

  • A domain
  • A publicly accessible IPv4 / IPv6 with port 80 open

Resolving your domain to your IP

Go to your domain provider, and create a new DNS record for your domain pointing to your server’s publicly available IP address. In this example, we will be using Cloudflare.

To go your domain > DNS:


Click on “add a record”:


Fill out the name, the IPv4 address, and make sure that the “Proxy status” is off (DNS only). Then, click same. In this example, the resolved domain will be


make sure that you resolve the domain to the correct IP address. Failure to do so will prevent Lets Encrypt from issuing you a TLS certificate, as they need to check that the domain you want a certificate for really belongs to you.

Installing ACME

ACME provides a comfortable cli for creating and managing TLS certificates. To use it, we need to install it first.

curl | sh -s email=your-email@your-domain.your-tld

You need to change your-email@your-domain.your-tld to your actual email. This allows ACME to remind you when your TLS certificate is going to expire, and also prevents other people from taking control of your certificates (if you used their email in this step).

If this is successful, you should see something like this:

Screenshot 2022-10-07 at 2.32.35 PM

Change CA to Lets Encrypt

ACME currently defaults its CA to ZeroSSL. However, in my experience, ZeroSSL works like sh!t. Therefore, we will be using Lets Encrypt as our CA.

To change to lets encrypt, use this command:

/root/ --set-default-ca  --server  letsencrypt

This should give you a single line output:

Screenshot 2022-10-07 at 2.33.01 PM

Getting the certificate

/root/ --issue --standalone -d 

Replace with your own domain.

If the TLS certificate is successfully issued, you should see this at the end:Screenshot 2022-10-07 at 2.39.05 PM

Note down the Full chain certs path and the cert key path. We’ll need these later.

Installing XrayR

To install XrayR, we can use this simple one-liner:

wget -N && bash

Then, delete the previous config

rm /etc/XrayR/config.yml

And write a new one:

nano /etc/XrayR/config.yml

Paste the following into the editor

  Level: debug 
  AccessPath: ./access.Log
  ErrorPath: ./error.log
    PanelType: "V2board" 
      ApiHost: "" # Your panel URL
      ApiKey: "" # Please get the ApiKey through tickets
      NodeID:  # Your Node ID
      NodeType: V2ray 
      Timeout: 30 
      EnableVless: false 
      EnableXTLS: false 
      UpdatePeriodic: 60 
      EnableDNS: false 
        CertMode: file 
        CertDomain: "" # Replace with your domain
        CertFile: /root/ # Replace with your path to your certificate file
        KeyFile: /root/ # Replace with your path to your key file

Make sure you replace ApiKey, NodeID, CertDomain, CertFile and KeyFile with your own.

Then, start the backend

xrayr start

And check for any errors:

xrayr log

Screenshot 2022-10-07 at 2.55.15 PM

This is what you should see if everything is working fine.

To automatically start XrayR after restarts, run this command

xrayr enable