Creating an XrayR node
To connect a server to an airport backend, we will be using XrayR, an open source and free backend for Xray protocols.
If using TLS - assigning certificates
Most of the time, we will be using Vmess over Websockets with TLS encryption as our protocol. This means that we will need a TLS certificate in order to secure our service.
To do this, you will need to have:
- A domain
- A publicly accessible IPv4 / IPv6 with port 80 open
Resolving your domain to your IP
Go to your domain provider, and create a new DNS record for your domain pointing to your server’s publicly available IP address. In this example, we will be using Cloudflare.
To go your domain > DNS:
Click on “add a record”:
Fill out the name, the IPv4 address, and make sure that the “Proxy status” is off (DNS only). Then, click same. In this example, the resolved domain will be uk-45-61-164-88.jinxnet.xyz
make sure that you resolve the domain to the correct IP address. Failure to do so will prevent Lets Encrypt from issuing you a TLS certificate, as they need to check that the domain you want a certificate for really belongs to you.
ACME provides a comfortable cli for creating and managing TLS certificates. To use it, we need to install it first.
curl https://get.acme.sh | sh -s email@example.com
You need to change firstname.lastname@example.org to your actual email. This allows ACME to remind you when your TLS certificate is going to expire, and also prevents other people from taking control of your certificates (if you used their email in this step).
If this is successful, you should see something like this:
Change CA to Lets Encrypt
ACME currently defaults its CA to ZeroSSL. However, in my experience, ZeroSSL works like sh!t. Therefore, we will be using Lets Encrypt as our CA.
To change to lets encrypt, use this command:
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
This should give you a single line output:
Getting the certificate
/root/.acme.sh/acme.sh --issue --standalone -d uk-45-61-164-88.jinxnet.xyz
Replace uk-45-61-164-88.jinxnet.xyz with your own domain.
If the TLS certificate is successfully issued, you should see this at the end:
Note down the Full chain certs path and the cert key path. We’ll need these later.
To install XrayR, we can use this simple one-liner:
wget -N https://raw.githubusercontent.com/XrayR-project/XrayR-release/master/install.sh && bash install.sh
Then, delete the previous config
And write a new one:
Paste the following into the editor
Log: Level: debug AccessPath: ./access.Log ErrorPath: ./error.log DnsConfigPath: Nodes: - PanelType: "V2board" ApiConfig: ApiHost: "" # Your panel URL ApiKey: "" # Please get the ApiKey through tickets NodeID: # Your Node ID NodeType: V2ray Timeout: 30 EnableVless: false EnableXTLS: false ControllerConfig: ListenIP: 0.0.0.0 UpdatePeriodic: 60 EnableDNS: false CertConfig: CertMode: file CertDomain: "uk-45-61-164-88.jinxnet.xyz" # Replace with your domain CertFile: /root/.acme.sh/uk-45-61-164-88.jinxnet.xyz/fullchain.cer # Replace with your path to your certificate file KeyFile: /root/.acme.sh/uk-45-61-164-88.jinxnet.xyz/uk-45-61-164-88.jinxnet.xyz.key # Replace with your path to your key file
Make sure you replace ApiKey, NodeID, CertDomain, CertFile and KeyFile with your own.
Then, start the backend
And check for any errors:
This is what you should see if everything is working fine.
To automatically start XrayR after restarts, run this command