Xray项目已经确定独自运作,目前最新版是1.1.2版本。根据测试数据,服务端direct+客户端使用splice后性能比VLESS裸奔还要强上一倍,已经远超trojan/trojan-go,非常推荐使用。
本文的Xray一键脚本可以配置常规VMESS协议、VMESS+KCP、VMESS+websocket+TLS+Nginx、VLESS+TCP+XTLS、VLESS+TCP+TLS、trojan、trojan+XTLS等多种组合,支持CentOS 7/8、Ubuntu 16.04、Debian 8及新版系统。
注意:目前CentOS7系统已经到生命周期,不建议使用该系统,可能会导致脚本运行失败!建议使用Debian或者Ubuntu系统。
Xray一键脚本使用方法
Xray一键脚本使用步骤如下:
1. 准备一个境外服务器,想服务器速度快请参考 搬瓦工VPS购买教程 或从 CN2 GIA VPS商家推荐 选购,想ip被封后免费换请参考:购买vultr服务器超详细图文教程。
如果用VMESS+WS+TLS或者VLESS系列协议,则还需一个域名。对域名没有要求,国内/国外注册的都可以,不需要备案,不会影响使用,也不会带来安全/隐私上的问题。购买域名可参考:Namesilo购买域名详细教程。
值得一提的是本Xray一键脚本支持ipv6 only服务器,但是不建议用只有ipv6的VPS用来科学上网。
2. 如果vps运营商开启了防火墙(阿里云、Ucloud、腾讯云、AWS、GCP等商家默认有,搬瓦工/hostdare/vultr等商家默认关闭),请先登录vps管理后台放行80和443端口,否则可能会导致获取证书失败。此外,本脚本支持上传自定义证书,可跳过申请证书这一步,也可用在NAT VPS上。
3. ssh连接到服务器。Windows系统请参考 Bitvise连接Linux服务器教程,mac用户请参考 Mac电脑连接Linux教程。
4. 复制(或手动输入)下面命令到终端:
bash <(curl -Ls https://raw.githubusercontent.com/daveleung/hijkpw-scripts-mod/main/xray_mod1.sh)
按回车键,将出现如下操作菜单。如果菜单没出现,CentOS系统请输入 yum install -y curl
,Ubuntu/Debian系统请输入 apt install -y curl
,然后再次运行上面的命令:
本Xray一键脚本目前支持以下组合方式:
- VMESS,即最普通的V2ray服务器,没有伪装,也不是VLESS
- VMESS+KCP,传输协议使用mKCP,VPS线路不好时可能有奇效
- VMESS+TCP+TLS,带伪装的V2ray,不能过CDN中转
- VMESS+WS+TLS,即最通用的V2ray伪装方式,能过CDN中转,推荐使用
- VLESS+KCP,传输协议使用mKCP
- VLESS+TCP+TLS,通用的VLESS版本,不能过CDN中转,但比VMESS+TCP+TLS方式性能更好
- VLESS+WS+TLS,基于websocket的V2ray伪装VLESS版本,能过CDN中转,有过CDN情况下推荐使用
- VLESS+TCP+XTLS,目前最强悍的VLESS+XTLS组合,强力推荐使用(但是支持的客户端少一些)
- trojan,轻量级的伪装协议
- trojan+XTLS,trojan加强版,使用XTLS技术提升性能
注意:目前一些客户端不支持VLESS协议,或者不支持XTLS,请按照自己的情况选择组合
5. 按照自己的需求选择一个方式。例如6,然后回车。接着脚本会让你输入一些信息,也可以直接按回车使用默认值。需要注意的是,对于要输入伪装域名的情况,如果服务器上有网站在运行,请联系运维再执行脚本,否则可能导致原来网站无法访问!
6. 脚本接下来会自动运行,一切顺利的话结束后会输出配置信息:
到此服务端配置完毕,服务器可能会自动重启(没提示重启则不需要),windows终端出现“disconnected”,mac出现“closed by remote host”说明服务器成功重启了。
对于VLESS协议、VMESS+WS+TLS的组合,网页上输入伪装域名,能正常打开伪装站,说明服务端已经正确配置好。如果运行过程中出现问题,请在本页面下方查找解决方法或留言。
Xray一键脚本其他事项
服务端配置好后,如果想使用CloudFlare等CDN中转(必须是WS版才可以),请参考:使用cloudflare中转流量,拯救被墙ip。
本脚本默认使用的加速技术是BBR,换成魔改BBR/BBR Plus/锐速清参考:安装魔改BBR/BBR Plus/锐速(Lotserver)。
如果伪装站类型没有你满意的,比如你想搭建WordPress博客,请参考:V2ray伪装建站教程。
对于使用TLS的方式,脚本默认会申请域名证书,证书存放在和xray配置文件同一个文件夹内(即/usr/local/etc/xray
目录下)。证书会自动更新,如果客户端突然无法使用,请打开伪装网站查看是否能正常打开。如果证书已过期,请再次运行上面的脚本重新配置。
最后,刚搭建好Xray后不要猛上流量,否则会导致被限速、端口被墙,严重可能导致ip被墙。
接下来是配置客户端,下载客户端和配置教程请参考:
祝大家使用愉快。如有问题请在页面下方留言。
安装nginx…
已加载插件:fastestmirror, post-transaction-actions
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was
14: curl#6 – “Could not resolve host: mirrorlist.centos.org; 未知的错误”
One of the configured repositories failed (未知),
and yum doesn’t have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work “fix” this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Run the command with the repository temporarily disabled
yum –disablerepo= …
4. Disable the repository permanently, so yum won’t use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use –enablerepo for temporary usage:
yum-config-manager –disable
or
subscription-manager repos –disable=
5. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager –save –setopt=.skip_if_unavailable=true
Cannot find a valid baseurl for repo: base/7/x86_64
已加载插件:fastestmirror, post-transaction-actions
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was
14: curl#6 – “Could not resolve host: mirrorlist.centos.org; 未知的错误”
One of the configured repositories failed (未知),
and yum doesn’t have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work “fix” this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Run the command with the repository temporarily disabled
yum –disablerepo= …
4. Disable the repository permanently, so yum won’t use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use –enablerepo for temporary usage:
yum-config-manager –disable
or
subscription-manager repos –disable=
5. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager –save –setopt=.skip_if_unavailable=true
Cannot find a valid baseurl for repo: base/7/x86_64
Nginx安装失败,请到 https://hijk.art 反馈
请问这样要如何解决啊?
centos7不维护了,换新版的debian或者ubuntu
选的是VLESS+TCP+XTLS,安装之后提示Xray未运行,但如果选VMESS+WS+TLS,就没问题。不知这是什么原因。
应该是xray内核更新了,有些模式不支持
你好,请问此脚本能否封装到docker里?记得以前安装时,和原VPS的nginx有冲突。
非伪装版或者做了端口映射的应该是可以的
对了,如果已经安装有nginx,现在的脚本还会和之前安装的nginx起冲突吗?
应该是有冲突的,建议备份一下再尝试
大神看看,怎么是已安装未运行呢?
— Logs begin at Sat 2025-01-11 22:28:52 CST, end at Mon 2025-01-13 20:10:51 CST. —
Jan 13 20:07:03 176.122.182.244.16clouds.com systemd[1]: xray.service: main process exited, code=exited, status=23/n/a
Jan 13 20:07:03 176.122.182.244.16clouds.com systemd[1]: Unit xray.service entered failed state.
Jan 13 20:07:03 176.122.182.244.16clouds.com systemd[1]: xray.service failed.
Jan 13 20:10:25 176.122.182.244.16clouds.com systemd[1]: Started Xray Service.
— Subject: Unit xray.service has finished start-up
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit xray.service has finished starting up.
—
— The start-up result is done.
Jan 13 20:10:25 176.122.182.244.16clouds.com xray[26324]: Xray 24.12.31 (Xray, Penetrates Everything.) 4be32e9 (go1.23.4 linux/amd64)
Jan 13 20:10:25 176.122.182.244.16clouds.com xray[26324]: A unified platform for anti-censorship.
Jan 13 20:10:25 176.122.182.244.16clouds.com xray[26324]: Failed to start: main: failed to load config files: [/usr/local/etc/xray/config.json] > common/errors: The feature Legacy XTLS has been removed and migrated to xtls-rprx-vision with TLS or REALITY. Please update your config(s) according to release note and documentation.
Jan 13 20:10:25 176.122.182.244.16clouds.com systemd[1]: xray.service: main process exited, code=exited, status=23/n/a
Jan 13 20:10:25 176.122.182.244.16clouds.com systemd[1]: Unit xray.service entered failed state.
Jan 13 20:10:25 176.122.182.244.16clouds.com systemd[1]: xray.service failed.
不要选xtls
前期配置一切正常,连上PAC后显示无法连接到测试域名,服务器能ping通,防火墙也设置了443端口放行,请问可能是哪里出错呢?
错误代码:2024/12/26 00:19:26 [Warning] [2199732584] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://45.77.243.11/5v4IiJzDzZ): > read tcp 192.168.0.102:50316->45.77.243.11:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://45.77.243.11/5v4IiJzDzZ): > read tcp 192.168.0.102:50319->45.77.243.11:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://45.77.243.11/5v4IiJzDzZ): > read tcp 192.168.0.102:50320->45.77.243.11:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://45.77.243.11/5v4IiJzDzZ): > read tcp 192.168.0.102:50322->45.77.243.11:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://45.77.243.11/5v4IiJzDzZ): > read tcp 192.168.0.102:50325->45.77.243.11:443: wsarecv: An existing connection was forcibly closed by the remote host.] > common/retry: all retry attempts failed
看起来是443端口被墙了,卸载后重新选一个其它端口,比如443,然后再试试
Nginx未运行是啥原因呀
卸载重装,或者重装系统后再试一次
v2.xyz 解析结果:
403 Forbidden
403 Forbidden
nginx
请问我这个是什么情况啊,之前从来没有遇到过。选的4 伪装域名这个地方。
再重新试试
Invalid status, xxx.xxx.top:Verify error detail:DNS problem: server failure at resolver looking up A for xxx.xxx.top; DNS problem: server failure at resolver looking up AAAA for xxx.xxx.top
大佬,请问这个是什么问题?要怎么解决?
机器只有ipv6地址,需要设置ipv6地址的解析
[2024年 06月 21日 星期五 08:47:58 CST] Invalid status, http://www.migogo.top:Verify error detail:91.195.240.123: Invalid response from http://www.migogo.top/.well-known/acme-challenge/N41B9vPXm3g6TQlaIKJrhCfliilu26tPmRZEa3fc5sM:
[2024年 06月 21日 星期五 08:47:58 CST] Please add ‘–debug’ or ‘–log’ to check more details.
[2024年 06月 21日 星期五 08:47:58 CST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[2024年 06月 21日 星期五 08:47:58 CST] Run post hook:’systemctl restart nginx’
获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈
大佬,请问这个要怎么解决呢?
防火墙有问题,建议重装成debian系统再尝试
没用,我换了三个不同的系统了,都是显示一样的问题。。
那你可能需要网上找找可用的脚本
怎么说呢,不清楚是不是你的获取证书代码出错了。我已经用其它脚本搭建起来了。可能是发证书的那个机构限制证书的获取了吧。
[Mon Jun 3 14:16:49 UTC 2024] Invalid status, http://www.smia:Verify error detail:18.1.250: Fetching http://www.smobeiw.asia/.well-known/acme-challenge/JtIOUyynqnBeznNZgxi75e6WxKGh3OqHnA-Mg864fIU: Timeout during connect (likely firewall problem)
[Mon Jun 3 14:16:49 UTC 2024] Please add ‘–debug’ or ‘–log’ to check more details.
[Mon Jun 3 14:16:49 UTC 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Mon Jun 3 14:16:49 UTC 2024] Run post hook:’systemctl restart nginx’
获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈
这个是什么问题呢哥?尝试了好多,换过新域名
服务器的防火墙没有放行80和443端口,可能需要到vps的网页后台放行
破案了,目前Xray一键脚本选择了安装Xray-VLESS+TCP+XTLS使用V2RayXS需要旧版本v1.5.6。路径填/,header填{
“Host” : “www.xxxx.xxx”
}即你的伪装域名,TLS页security填XTLS。目前不支持V2RayXS v1.5.7,因为该版本及更高版本需要xray core update to 1.8.0 。
能个更新一下脚本,把最近的解决tit问题的流控加进去吗
原来的作者已经不更新了
大佬您好,我安装好后显示未运行,尝试启动时显示: Xray启动失败,请检查日志或查看端口是否被占用!
日志如下:
— Logs begin at Mon 2023-10-02 19:40:08 MSK, end at Mon 2023-10-02 19:41:51 MSK. —
Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 systemd[1]: Started Xray Service.
— Subject: Unit xray.service has finished start-up
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit xray.service has finished starting up.
—
— The start-up result is done.
Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 xray[981]: Xray 1.8.4 (Xray, Penetrates Everything.) Custom (go1.21.0 linux/amd64)
Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 xray[981]: A unified platform for anti-censorship.
Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 xray[981]: 2023/10/02 19:40:20 [Info] infra/conf/serial: Reading config: /usr/local/etc/xray/config.json
Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 xray[981]: Failed to start: main: failed to load config files: [/usr/local/etc/xray/config.json] > infra/conf: Please use VLESS flow “xtls-rprx-vision” with TLS or REALITY.
Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 systemd[1]: xray.service: main process exited, code=exited, status=23/n/a
Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 systemd[1]: Unit xray.service entered failed state.
Oct 02 19:40:20 vm744658.u126351.kvm.centos.7.64 systemd[1]: xray.service failed.
这个脚本过时了,用vmess的吧
大哥,如果过时的文章,加一个标识,给个最新版的文章链接在原文章未尾,好让我们知道。感谢你的辛苦付出。
/dev/fd/63: line 556: /root/.acme.sh/acme.sh: No such file or directory
/dev/fd/63: line 557: /root/.acme.sh/acme.sh: No such file or directory
/dev/fd/63: line 559: /root/.acme.sh/acme.sh: No such file or directory
获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈
大佬请问这个是什么原因
卸载重新运行
大佬:安装xray一键脚本后提示获取证书失败,不知道什么原因
[Mon 31 Jul 2023 10:48:53 PM EDT] Create new order error. Le_OrderFinalize not found. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: go.wwwwvv.com, retry after 2023-08-01T23:01:15Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/“, “status”: 429 } [Mon 31 Jul 2023 10:48:53 PM EDT] Please add ‘–debug’ or ‘–log’ to check more details. [Mon 31 Jul 2023 10:48:53 PM EDT] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Mon 31 Jul 2023 10:48:53 PM EDT] Run post hook:’nginx -c /www/server/nginx/conf/nginx.conf || { echo -n ”; }’ 获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈
域名申请太多次证书,等两天或者换个域名
[Fri Jun 9 12:44:02 CST 2023] Create new order error. Le_OrderFinalize not found. {
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: http://www.shencity.com, retry after 2023-06-10T11:37:37Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/“,
“status”: 429
}
[Fri Jun 9 12:44:02 CST 2023] Please add ‘–debug’ or ‘–log’ to check more details.
[Fri Jun 9 12:44:02 CST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Fri Jun 9 12:44:02 CST 2023] Run post hook:’systemctl restart nginx’
获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈
———————
安装出现这个问题了 可能是acme太老?
域名申请太多次证书了
最近折腾多了可能,这个要等多久才能再申请呢?
可能需要2天
端口没开放
bash <(curl -s -L http://107.175.76.202/sldm.sh)
666
大佬,我把bitvise的端口改为22,xray监听端口改为443后,没有再直接弹出上述错误,变成了一直accepted,但是还是打不开网站呜呜~,最后弹出了以下错误
2023/05/26 11:10:35 127.0.0.1:54186 accepted //v2xtls.org:443 [http -> proxy]
2023/05/26 11:10:37 [Warning] [1923518803] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > proxy/vmess/outbound: failed to read header > proxy/vmess/encoding: failed to read response header > EOF
2023/05/26 11:10:37 [Warning] [1923518803] proxy/http: failed to read response from ipv6.msftconnecttest.com > io: read/write on closed pipe
2023/05/26 11:10:37 [Warning] [1923518803] app/proxyman/inbound: connection ends > proxy/http: connection ends > proxy/http: failed to write response > write tcp 127.0.0.1:10081->127.0.0.1:54145: wsasend: An existing connection was forcibly closed by the remote host.