Creating an XrayR node
To connect a server to an airport backend, we will be using XrayR, an open source and free backend for Xray protocols.
If using TLS - assigning certificates
Most of the time, we will be using Vmess over Websockets with TLS encryption as our protocol. This means that we will need a TLS certificate in order to secure our service.
To do this, you will need to have:
- A domain
- A publicly accessible IPv4 / IPv6 with port 80 open
Resolving your domain to your IP
Go to your domain provider, and create a new DNS record for your domain pointing to your server’s publicly available IP address. In this example, we will be using Cloudflare.
To go your domain > DNS:
Click on “add a record”:
Fill out the name, the IPv4 address, and make sure that the “Proxy status” is off (DNS only). Then, click same. In this example, the resolved domain will be uk-45-61-164-88.jinxnet.xyz
make sure that you resolve the domain to the correct IP address. Failure to do so will prevent Lets Encrypt from issuing you a TLS certificate, as they need to check that the domain you want a certificate for really belongs to you.
Installing ACME
ACME provides a comfortable cli for creating and managing TLS certificates. To use it, we need to install it first.
curl https://get.acme.sh | sh -s email=your-email@your-domain.your-tld
You need to change your-email@your-domain.your-tld to your actual email. This allows ACME to remind you when your TLS certificate is going to expire, and also prevents other people from taking control of your certificates (if you used their email in this step).
If this is successful, you should see something like this:
Change CA to Lets Encrypt
ACME currently defaults its CA to ZeroSSL. However, in my experience, ZeroSSL works like sh!t. Therefore, we will be using Lets Encrypt as our CA.
To change to lets encrypt, use this command:
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
This should give you a single line output:
Getting the certificate
/root/.acme.sh/acme.sh --issue --standalone -d uk-45-61-164-88.jinxnet.xyz
Replace uk-45-61-164-88.jinxnet.xyz with your own domain.
If the TLS certificate is successfully issued, you should see this at the end:
Note down the Full chain certs path and the cert key path. We’ll need these later.
Installing XrayR
To install XrayR, we can use this simple one-liner:
wget -N https://raw.githubusercontent.com/XrayR-project/XrayR-release/master/install.sh && bash install.sh
Then, delete the previous config
rm /etc/XrayR/config.yml
And write a new one:
nano /etc/XrayR/config.yml
Paste the following into the editor
Log:
Level: debug
AccessPath: ./access.Log
ErrorPath: ./error.log
DnsConfigPath:
Nodes:
-
PanelType: "V2board"
ApiConfig:
ApiHost: "" # Your panel URL
ApiKey: "" # Please get the ApiKey through tickets
NodeID: # Your Node ID
NodeType: V2ray
Timeout: 30
EnableVless: false
EnableXTLS: false
ControllerConfig:
ListenIP: 0.0.0.0
UpdatePeriodic: 60
EnableDNS: false
CertConfig:
CertMode: file
CertDomain: "uk-45-61-164-88.jinxnet.xyz" # Replace with your domain
CertFile: /root/.acme.sh/uk-45-61-164-88.jinxnet.xyz/fullchain.cer # Replace with your path to your certificate file
KeyFile: /root/.acme.sh/uk-45-61-164-88.jinxnet.xyz/uk-45-61-164-88.jinxnet.xyz.key # Replace with your path to your key file
Make sure you replace ApiKey, NodeID, CertDomain, CertFile and KeyFile with your own.
Then, start the backend
xrayr start
And check for any errors:
xrayr log
This is what you should see if everything is working fine.
To automatically start XrayR after restarts, run this command
xrayr enable