Xray一键脚本

Xray项目已经确定独自运作,目前最新版是1.1.2版本。根据测试数据,服务端direct+客户端使用splice后性能比VLESS裸奔还要强上一倍,已经远超trojan/trojan-go,非常推荐使用。

本文的Xray一键脚本可以配置常规VMESS协议、VMESS+KCP、VMESS+websocket+TLS+Nginx、VLESS+TCP+XTLS、VLESS+TCP+TLS、trojan、trojan+XTLS等多种组合,支持CentOS 7/8、Ubuntu 16.04、Debian 8及新版系统。

注意:目前CentOS7系统已经到生命周期,不建议使用该系统,可能会导致脚本运行失败!建议使用Debian或者Ubuntu系统。

Xray一键脚本使用方法

Xray一键脚本使用步骤如下:

1. 准备一个境外服务器,想服务器速度快请参考 搬瓦工VPS购买教程 或从  CN2 GIA VPS商家推荐 选购,想ip被封后免费换请参考:购买vultr服务器超详细图文教程

如果用VMESS+WS+TLS或者VLESS系列协议,则还需一个域名。对域名没有要求,国内/国外注册的都可以,不需要备案,不会影响使用,也不会带来安全/隐私上的问题。购买域名可参考:Namesilo购买域名详细教程

值得一提的是本Xray一键脚本支持ipv6 only服务器,但是不建议用只有ipv6的VPS用来科学上网。

2. 如果vps运营商开启了防火墙(阿里云、Ucloud、腾讯云、AWS、GCP等商家默认有,搬瓦工/hostdare/vultr等商家默认关闭),请先登录vps管理后台放行80和443端口,否则可能会导致获取证书失败。此外,本脚本支持上传自定义证书,可跳过申请证书这一步,也可用在NAT VPS上。

3. ssh连接到服务器。Windows系统请参考 Bitvise连接Linux服务器教程,mac用户请参考 Mac电脑连接Linux教程

4. 复制(或手动输入)下面命令到终端:

bash <(curl -Ls https://raw.githubusercontent.com/daveleung/hijkpw-scripts-mod/main/xray_mod1.sh)

按回车键,将出现如下操作菜单。如果菜单没出现,CentOS系统请输入 yum install -y curl,Ubuntu/Debian系统请输入 apt install -y curl,然后再次运行上面的命令:

Xray一键安装脚本

Xray一键安装脚本

本Xray一键脚本目前支持以下组合方式:

  • VMESS,即最普通的V2ray服务器,没有伪装,也不是VLESS
  • VMESS+KCP,传输协议使用mKCP,VPS线路不好时可能有奇效
  • VMESS+TCP+TLS,带伪装的V2ray,不能过CDN中转
  • VMESS+WS+TLS,即最通用的V2ray伪装方式,能过CDN中转,推荐使用
  • VLESS+KCP,传输协议使用mKCP
  • VLESS+TCP+TLS,通用的VLESS版本,不能过CDN中转,但比VMESS+TCP+TLS方式性能更好
  • VLESS+WS+TLS,基于websocket的V2ray伪装VLESS版本,能过CDN中转,有过CDN情况下推荐使用
  • VLESS+TCP+XTLS,目前最强悍的VLESS+XTLS组合,强力推荐使用(但是支持的客户端少一些)
  • trojan,轻量级的伪装协议
  • trojan+XTLS,trojan加强版,使用XTLS技术提升性能

注意:目前一些客户端不支持VLESS协议,或者不支持XTLS,请按照自己的情况选择组合

5. 按照自己的需求选择一个方式。例如6,然后回车。接着脚本会让你输入一些信息,也可以直接按回车使用默认值。需要注意的是,对于要输入伪装域名的情况,如果服务器上有网站在运行,请联系运维再执行脚本,否则可能导致原来网站无法访问!

xray一键脚本输入

xray一键脚本输入

6. 脚本接下来会自动运行,一切顺利的话结束后会输出配置信息:

Xray一键脚本运行成功输出信息

Xray一键脚本运行成功输出信息

到此服务端配置完毕,服务器可能会自动重启(没提示重启则不需要),windows终端出现“disconnected”,mac出现“closed by remote host”说明服务器成功重启了。

对于VLESS协议、VMESS+WS+TLS的组合,网页上输入伪装域名,能正常打开伪装站,说明服务端已经正确配置好。如果运行过程中出现问题,请在本页面下方查找解决方法或留言。

Xray一键脚本其他事项

服务端配置好后,如果想使用CloudFlare等CDN中转(必须是WS版才可以),请参考:使用cloudflare中转流量,拯救被墙ip

本脚本默认使用的加速技术是BBR,换成魔改BBR/BBR Plus/锐速清参考:安装魔改BBR/BBR Plus/锐速(Lotserver)

如果伪装站类型没有你满意的,比如你想搭建WordPress博客,请参考:V2ray伪装建站教程

对于使用TLS的方式,脚本默认会申请域名证书,证书存放在和xray配置文件同一个文件夹内(即/usr/local/etc/xray目录下)。证书会自动更新,如果客户端突然无法使用,请打开伪装网站查看是否能正常打开。如果证书已过期,请再次运行上面的脚本重新配置。

最后,刚搭建好Xray后不要猛上流量,否则会导致被限速、端口被墙,严重可能导致ip被墙。

接下来是配置客户端,下载客户端和配置教程请参考:

祝大家使用愉快。如有问题请在页面下方留言。

参考

  1. V2ray一键脚本
  2. V2ray带伪装一键脚本
  3. V2ray的VLESS协议介绍和使用教程
  4. VLESS协议的fallback参数详解

《Xray一键脚本》上有526条评论

  1. 安装nginx…
    已加载插件:fastestmirror, post-transaction-actions
    Loading mirror speeds from cached hostfile
    Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was
    14: curl#6 – “Could not resolve host: mirrorlist.centos.org; 未知的错误”

    One of the configured repositories failed (未知),
    and yum doesn’t have enough cached data to continue. At this point the only
    safe thing yum can do is fail. There are a few ways to work “fix” this:

    1. Contact the upstream for the repository and get them to fix the problem.

    2. Reconfigure the baseurl/etc. for the repository, to point to a working
    upstream. This is most often useful if you are using a newer
    distribution release than is supported by the repository (and the
    packages for the previous distribution release still work).

    3. Run the command with the repository temporarily disabled
    yum –disablerepo= …

    4. Disable the repository permanently, so yum won’t use it by default. Yum
    will then just ignore the repository until you permanently enable it
    again or use –enablerepo for temporary usage:

    yum-config-manager –disable
    or
    subscription-manager repos –disable=

    5. Configure the failing repository to be skipped, if it is unavailable.
    Note that yum will try to contact the repo. when it runs most commands,
    so will have to try and fail each time (and thus. yum will be be much
    slower). If it is a very temporary problem though, this is often a nice
    compromise:

    yum-config-manager –save –setopt=.skip_if_unavailable=true

    Cannot find a valid baseurl for repo: base/7/x86_64
    已加载插件:fastestmirror, post-transaction-actions
    Loading mirror speeds from cached hostfile
    Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was
    14: curl#6 – “Could not resolve host: mirrorlist.centos.org; 未知的错误”

    One of the configured repositories failed (未知),
    and yum doesn’t have enough cached data to continue. At this point the only
    safe thing yum can do is fail. There are a few ways to work “fix” this:

    1. Contact the upstream for the repository and get them to fix the problem.

    2. Reconfigure the baseurl/etc. for the repository, to point to a working
    upstream. This is most often useful if you are using a newer
    distribution release than is supported by the repository (and the
    packages for the previous distribution release still work).

    3. Run the command with the repository temporarily disabled
    yum –disablerepo= …

    4. Disable the repository permanently, so yum won’t use it by default. Yum
    will then just ignore the repository until you permanently enable it
    again or use –enablerepo for temporary usage:

    yum-config-manager –disable
    or
    subscription-manager repos –disable=

    5. Configure the failing repository to be skipped, if it is unavailable.
    Note that yum will try to contact the repo. when it runs most commands,
    so will have to try and fail each time (and thus. yum will be be much
    slower). If it is a very temporary problem though, this is often a nice
    compromise:

    yum-config-manager –save –setopt=.skip_if_unavailable=true

    Cannot find a valid baseurl for repo: base/7/x86_64
    Nginx安装失败,请到 https://hijk.art 反馈

    请问这样要如何解决啊?

  2. 选的是VLESS+TCP+XTLS,安装之后提示Xray未运行,但如果选VMESS+WS+TLS,就没问题。不知这是什么原因。

  3. 你好,请问此脚本能否封装到docker里?记得以前安装时,和原VPS的nginx有冲突。

      1. 对了,如果已经安装有nginx,现在的脚本还会和之前安装的nginx起冲突吗?

  4. 大神看看,怎么是已安装未运行呢?
    — Logs begin at Sat 2025-01-11 22:28:52 CST, end at Mon 2025-01-13 20:10:51 CST. —
    Jan 13 20:07:03 176.122.182.244.16clouds.com systemd[1]: xray.service: main process exited, code=exited, status=23/n/a
    Jan 13 20:07:03 176.122.182.244.16clouds.com systemd[1]: Unit xray.service entered failed state.
    Jan 13 20:07:03 176.122.182.244.16clouds.com systemd[1]: xray.service failed.
    Jan 13 20:10:25 176.122.182.244.16clouds.com systemd[1]: Started Xray Service.
    — Subject: Unit xray.service has finished start-up
    — Defined-By: systemd
    — Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

    — Unit xray.service has finished starting up.

    — The start-up result is done.
    Jan 13 20:10:25 176.122.182.244.16clouds.com xray[26324]: Xray 24.12.31 (Xray, Penetrates Everything.) 4be32e9 (go1.23.4 linux/amd64)
    Jan 13 20:10:25 176.122.182.244.16clouds.com xray[26324]: A unified platform for anti-censorship.
    Jan 13 20:10:25 176.122.182.244.16clouds.com xray[26324]: Failed to start: main: failed to load config files: [/usr/local/etc/xray/config.json] > common/errors: The feature Legacy XTLS has been removed and migrated to xtls-rprx-vision with TLS or REALITY. Please update your config(s) according to release note and documentation.
    Jan 13 20:10:25 176.122.182.244.16clouds.com systemd[1]: xray.service: main process exited, code=exited, status=23/n/a
    Jan 13 20:10:25 176.122.182.244.16clouds.com systemd[1]: Unit xray.service entered failed state.
    Jan 13 20:10:25 176.122.182.244.16clouds.com systemd[1]: xray.service failed.

  5. 前期配置一切正常,连上PAC后显示无法连接到测试域名,服务器能ping通,防火墙也设置了443端口放行,请问可能是哪里出错呢?
    错误代码:2024/12/26 00:19:26 [Warning] [2199732584] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://45.77.243.11/5v4IiJzDzZ): > read tcp 192.168.0.102:50316->45.77.243.11:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://45.77.243.11/5v4IiJzDzZ): > read tcp 192.168.0.102:50319->45.77.243.11:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://45.77.243.11/5v4IiJzDzZ): > read tcp 192.168.0.102:50320->45.77.243.11:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://45.77.243.11/5v4IiJzDzZ): > read tcp 192.168.0.102:50322->45.77.243.11:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://45.77.243.11/5v4IiJzDzZ): > read tcp 192.168.0.102:50325->45.77.243.11:443: wsarecv: An existing connection was forcibly closed by the remote host.] > common/retry: all retry attempts failed

  6. v2.xyz 解析结果:
    403 Forbidden

    403 Forbidden
    nginx

    请问我这个是什么情况啊,之前从来没有遇到过。选的4 伪装域名这个地方。

  7. Invalid status, xxx.xxx.top:Verify error detail:DNS problem: server failure at resolver looking up A for xxx.xxx.top; DNS problem: server failure at resolver looking up AAAA for xxx.xxx.top

    大佬,请问这个是什么问题?要怎么解决?

  8. [2024年 06月 21日 星期五 08:47:58 CST] Invalid status, http://www.migogo.top:Verify error detail:91.195.240.123: Invalid response from http://www.migogo.top/.well-known/acme-challenge/N41B9vPXm3g6TQlaIKJrhCfliilu26tPmRZEa3fc5sM:
    [2024年 06月 21日 星期五 08:47:58 CST] Please add ‘–debug’ or ‘–log’ to check more details.
    [2024年 06月 21日 星期五 08:47:58 CST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
    [2024年 06月 21日 星期五 08:47:58 CST] Run post hook:’systemctl restart nginx’
    获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈

    大佬,请问这个要怎么解决呢?

          1. 怎么说呢,不清楚是不是你的获取证书代码出错了。我已经用其它脚本搭建起来了。可能是发证书的那个机构限制证书的获取了吧。

  9. [Mon Jun 3 14:16:49 UTC 2024] Invalid status, http://www.smia:Verify error detail:18.1.250: Fetching http://www.smobeiw.asia/.well-known/acme-challenge/JtIOUyynqnBeznNZgxi75e6WxKGh3OqHnA-Mg864fIU: Timeout during connect (likely firewall problem)
    [Mon Jun 3 14:16:49 UTC 2024] Please add ‘–debug’ or ‘–log’ to check more details.
    [Mon Jun 3 14:16:49 UTC 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
    [Mon Jun 3 14:16:49 UTC 2024] Run post hook:’systemctl restart nginx’
    获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈
    这个是什么问题呢哥?尝试了好多,换过新域名

  10. 破案了,目前Xray一键脚本选择了安装Xray-VLESS+TCP+XTLS使用V2RayXS需要旧版本v1.5.6。路径填/,header填{
    “Host” : “www.xxxx.xxx”
    }即你的伪装域名,TLS页security填XTLS。目前不支持V2RayXS v1.5.7,因为该版本及更高版本需要xray core update to 1.8.0 。

  11. 大佬您好,我安装好后显示未运行,尝试启动时显示: Xray启动失败,请检查日志或查看端口是否被占用!
    日志如下:
    — Logs begin at Mon 2023-10-02 19:40:08 MSK, end at Mon 2023-10-02 19:41:51 MSK. —
    Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 systemd[1]: Started Xray Service.
    — Subject: Unit xray.service has finished start-up
    — Defined-By: systemd
    — Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

    — Unit xray.service has finished starting up.

    — The start-up result is done.
    Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 xray[981]: Xray 1.8.4 (Xray, Penetrates Everything.) Custom (go1.21.0 linux/amd64)
    Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 xray[981]: A unified platform for anti-censorship.
    Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 xray[981]: 2023/10/02 19:40:20 [Info] infra/conf/serial: Reading config: /usr/local/etc/xray/config.json
    Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 xray[981]: Failed to start: main: failed to load config files: [/usr/local/etc/xray/config.json] > infra/conf: Please use VLESS flow “xtls-rprx-vision” with TLS or REALITY.
    Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 systemd[1]: xray.service: main process exited, code=exited, status=23/n/a
    Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 systemd[1]: Unit xray.service entered failed state.
    Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 systemd[1]: xray.service failed.

      1. 大哥,如果过时的文章,加一个标识,给个最新版的文章链接在原文章未尾,好让我们知道。感谢你的辛苦付出。

  12. /dev/fd/63: line 556: /root/.acme.sh/acme.sh: No such file or directory
    /dev/fd/63: line 557: /root/.acme.sh/acme.sh: No such file or directory
    /dev/fd/63: line 559: /root/.acme.sh/acme.sh: No such file or directory
    获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈

    大佬请问这个是什么原因

  13. 大佬:安装xray一键脚本后提示获取证书失败,不知道什么原因
    [Mon 31 Jul 2023 10:48:53 PM EDT] Create new order error. Le_OrderFinalize not found. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: go.wwwwvv.com, retry after 2023-08-01T23:01:15Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/“, “status”: 429 } [Mon 31 Jul 2023 10:48:53 PM EDT] Please add ‘–debug’ or ‘–log’ to check more details. [Mon 31 Jul 2023 10:48:53 PM EDT] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Mon 31 Jul 2023 10:48:53 PM EDT] Run post hook:’nginx -c /www/server/nginx/conf/nginx.conf || { echo -n ”; }’ 获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈

  14. [Fri Jun 9 12:44:02 CST 2023] Create new order error. Le_OrderFinalize not found. {
    “type”: “urn:ietf:params:acme:error:rateLimited”,
    “detail”: “Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: http://www.shencity.com, retry after 2023-06-10T11:37:37Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/“,
    “status”: 429
    }
    [Fri Jun 9 12:44:02 CST 2023] Please add ‘–debug’ or ‘–log’ to check more details.
    [Fri Jun 9 12:44:02 CST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
    [Fri Jun 9 12:44:02 CST 2023] Run post hook:’systemctl restart nginx’
    获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈
    ———————
    安装出现这个问题了 可能是acme太老?

  15. 大佬,我把bitvise的端口改为22,xray监听端口改为443后,没有再直接弹出上述错误,变成了一直accepted,但是还是打不开网站呜呜~,最后弹出了以下错误
    2023/05/26 11:10:35 127.0.0.1:54186 accepted //v2xtls.org:443 [http -> proxy]
    2023/05/26 11:10:37 [Warning] [1923518803] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > proxy/vmess/outbound: failed to read header > proxy/vmess/encoding: failed to read response header > EOF
    2023/05/26 11:10:37 [Warning] [1923518803] proxy/http: failed to read response from ipv6.msftconnecttest.com > io: read/write on closed pipe
    2023/05/26 11:10:37 [Warning] [1923518803] app/proxyman/inbound: connection ends > proxy/http: connection ends > proxy/http: failed to write response > write tcp 127.0.0.1:10081->127.0.0.1:54145: wsasend: An existing connection was forcibly closed by the remote host.

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注