Hello, my name is Arsham, I have been testing Reality Tls for a few weeks and I was satisfied with it, of course, I also did other things that I plan to teach you in this tutorial. If an explanation is needed, I will write for each part, otherwise you can find the result yourself with a simple search.
I don't give you any guarantee that your server will not be filtered!
If you have high users enable this
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -pI use this because it's good
I recommend changing the port, you can change it if you want
If you don't have the netstat tool, you can install it
For check SSH port
apt install net-toolsnetstat -tulnp | grep sshIf you get the result, you can change the PORT
Now you can use this to change the port if you can't
Go to Google or Youtube and see tutorials for this part
Block the old SSH port
ufw status numberedufw delete NuNote that some providers do not allow changing the port!
Usually, by changing the SSH port, many problems such as speed drop, etc. are solved
nano /etc/ssh/sshd_configNow restart SSH service
systemctl restart sshdIf you are using UFW, open a new SSH port
ufw allow 45678/tcpThe 45678 is a example
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --version 1.8.0 -u rootBecause I added -u root, there is no need to change the Xray configuration to change "user".
This section is for blocking Ads, Iran domians or IPs, Porn Websites and...
cd /usr/local/share/xray/
wget https://github.com/bootmortis/iran-hosted-domains/releases/latest/download/iran.dat
wget https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat
cdThese files are constantly being updated, so delete the old version every few days and download the new version!
Save the Pub Key and Priv Key in a text file or save it on your server
xray x25519 > keyAfter that use 'ls' to check the directory
You can use cat for see key
cat keyIf you want a find a domian for serverNames use this
xray tls ping YOUR-DOMAINYou can see the results like this
Pinging with SNI handshake succeeded Allowed domains: [debian.org, ftp.debian.org] Tls ping finished
We need Allowed domains domains
Note :
1- Allowed domains may also have Star ( Like this > *.debian.org ) which are not supported yet
2- Because Reality uses Tls v1.3 and need H2 protocol, be sure to check with your browser's Dev Option that the desired site uses Tls 1.3 and H2
For check Tls version protocol, Go to domian and open Dev Tools and go to Security Tab, and in Connection you can check the Protocol of Tls
For check H2 protocol, Go to domian and open Dev Tools and go to Network tab, you can see a Status click right and enable Protocol if you can see H2 it's true
nano /usr/local/etc/xray/config.jsonFirst remove the {} in the config.json file, Now you can add the codes
Vless Reality TCP, gRPC, H2
{
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443, # Note : You can change port
"protocol": "vless",
"settings": {
"clients": [
{
"id": "EX", # Your UUID
"flow": "" # If you want use TCP, add ( xtls-rprx-vision ) else no need to change
}
],
"decryption": "none"
},
"streamSettings": {
"network": "EX", # You can change this to ( h2, grpc, tcp ) I Recommend grpc
"security": "reality",
"realitySettings": {
"show": true,
"dest": "EX", # Example : ( ftp.debian.org:443, www.debian.org:443 or etc...)
"xver": 0, # I suggest that you use the same site for dest from the site you use for serverNames
"serverNames": [
"EX" # Example : ( ftp.debian.org )
],
"privateKey": "EX", # Your Private Key
"shortIds": [
"" # I don't use Short ID
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
}, {
"protocol": "blackhole",
"tag": "blocked"
}
],
"api": {
"tag": "api",
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
"policy": {
"levels": {
"0": {
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true,
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
"log": {
"loglevel": "info",
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log"
},
"dns": {
"servers": [
"https+local://cloudflare-dns.com/dns-query",
"1.0.0.1",
"1.1.1.1",
"8.8.8.8",
"8.8.4.4",
"localhost"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
}, {
"domain": [
"instagram.com",
"www.instagram.com",
"mediafire.com",
"www.mediafire.com"
],
"outboundTag": "proxy",
"type": "field"
}, {
"domain": [
"regexp:.*\\.ir$",
"ext:iran.dat:ir",
"ext:iran.dat:ads",
"ext:iran.dat:other",
"geosite:category-ir-gov",
"geosite:category-ir-news",
"geosite:category-ir-bank",
"geosite:category-ir-tech",
"geosite:category-ir-travel",
"geosite:category-ir-scholar",
"geosite:category-ir-shopping",
"geosite:category-ir-insurance"
],
"type": "field",
"outboundTag": "blocked"
}, {
"type": "field",
"ip": [
"geoip:ir"
],
"outboundTag": "blocked"
}, {
"protocol": [
"bittorrent"
],
"type": "field",
"outboundTag": "blocked"
}
]
}
}Trojan Reality gRPC, H2
{
"inbounds": [
{
"port": 443, # You can change port
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "EX" # Your UUID ( Pass )
}
]
},
"streamSettings": {
"network": "grpc", # You can change this to ( h2 or grpc )
"security": "reality",
"realitySettings": {
"show": true,
"dest": "EX", # Example : ( ftp.debian.org:443, www.debian.org:443 or etc...)
"xver": 0, # I suggest that you use the same site for dest from the site you use for serverNames
"serverNames": [
"EX" # Example : ( ftp.debian.org )
],
"privateKey": "EX", # Your Private Key
"shortIds": [
"" # I don't use Short ID
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
}, {
"protocol": "blackhole",
"tag": "blocked"
}
],
"api": {
"tag": "api",
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
"policy": {
"levels": {
"0": {
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true,
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
"log": {
"loglevel": "info",
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log"
},
"dns": {
"servers": [
"https+local://cloudflare-dns.com/dns-query",
"1.0.0.1",
"1.1.1.1",
"8.8.8.8",
"8.8.4.4",
"localhost"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
}, {
"domain": [
"instagram.com",
"www.instagram.com",
"mediafire.com",
"www.mediafire.com"
],
"outboundTag": "proxy",
"type": "field"
}, {
"domain": [
"regexp:.*\\.ir$",
"ext:iran.dat:ir",
"ext:iran.dat:ads",
"ext:iran.dat:other",
"geosite:category-ir-gov",
"geosite:category-ir-news",
"geosite:category-ir-bank",
"geosite:category-ir-tech",
"geosite:category-ir-travel",
"geosite:category-ir-scholar",
"geosite:category-ir-shopping",
"geosite:category-ir-insurance"
],
"type": "field",
"outboundTag": "blocked"
}, {
"type": "field",
"ip": [
"geoip:ir"
],
"outboundTag": "blocked"
}, {
"protocol": [
"bittorrent"
],
"type": "field",
"outboundTag": "blocked"
}
]
}
}Note Trojan Reality supported only Andtoid
Because other people have explained it, I will not explain it very completely ( You can refer to the end of the page for links )
You can also see more Configuration, click here
If you want to block Speed test websites or Whoer websites, you can add these codes to Rules
"speed.cloudflare.com",
"nordvpn.com",
"testmyspeed.com",
"speedcheck.org",
"gocompare.com",
"netspotapp.com",
"virginmedia.com",
"broadbandspeedtest.org.uk",
"thinkbroadband.com",
"broadbandspeedchecker.co.uk",
"measurementlab.net",
"mxtoolbox.com",
"tunnelbear.com",
"top10vpn.com",
"ip.me",
"which.co.uk",
"whatismyip.net",
"ipcost.com",
"myip.com",
"whatsmyip.com",
"dnsleak.com",
"whatsmyip.org",
"iplocation.net",
"whatismyip.com",
"whoer.net",
"whatismypublicip.com",
"ipaddress.my",
"showmyip.com",
"www.expressvpn.com",
"perfect-privacy.com",
"surfshark.com",
"browserleaks.com",
"dnsleaktest.org",
"www.dnsleaktest.com",
"whatismyipaddress.com",
"fast.com",
"speedtest.net",I have written the most used ones, it is not very complete
If want block Porns and this
"geosite:category-porn",If want block Ads and this
"geosite:category-ads-all",
"geosite:google-ads",It does not block all advertisements, it is possible that a series of programs may encounter problems, to solve this problem, define those programs in the Proxy section.
Now restart Xray and check status for this working normally or not
systemctl restart xray.service
systemctl status xray.serviceWe're done with xray, now you can add the configuration to your app, then we want it to automatically download a file if a request comes in on port 80.
If you want see a test go to this address
Note : Copy url and open a new tab for test
or
http://159.223.202.134/Ex/Ex/Ex ( Test Redirect )
Please allow HTTP port in ufw before install
ufw allow httpNow can install
apt install ca-certificates apt-transport-https software-properties-common -y
apt install php8.1 -yIf you want to get a certificate for your page, use these codes
Please allow HTTPS port in ufw before install
apt install certbot python3-certbot-apache -y
certbot --apache -d YOUR-DOMAIN
apt install ca-certificates apt-transport-https software-properties-common -y
apt install php8.1 -yIf you get this Erorr use this code ( Unable to correct problems, you have held broken packages. )
sudo apt-get remove apache* && sudo apt-get install apache2Now go to this Directory
cd /var/www/html/Remove the index.html file
rm index.htmlNow create a Ex.txt file and add anything in file, you can change file name if want
nano Ex.txtCreate a index.php file
nano index.phpNow add these codes
<?php
$original_filename = 'Ex.txt'; # Change here is you charged Ex.txt in
$new_filename = 'Ex'; # Change here if want
header("Content-Type: application/jpeg");
header("Content-Length: " . filesize($original_filename));
header('Content-Disposition: attachment; filename="' . $new_filename . '"');
readfile($original_filename);
exit;
?>Now create a htaccess file, for redirect all to index.php
nano .htaccessAdd these codes
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?path=$1 [NC,L,QSA]
</IfModule>Now change 000-default.conf, because we want use htaccess file need to add these codes
nano /etc/apache2/sites-available/000-default.confAnd add these codes first
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>Because we want use htaccess file need to enable rewrite
a2enmod rewriteRestart Apache for apply changes
systemctl restart apache2You can also bring an HTML page up next to PHP
If you want see a test go to this address
or
http://159.223.202.161/Ex/Ex/Ex ( Test Redirect )
Go to root of your web page directory
cd /var/www/html/Change index.php to any name for example Ex.php and create a index.html
mv index.php Ex.phpnano index.htmlNow add these codes
<html>
<head>
<link rel="icon" type="image/x-icon" href="https://s10.gifyu.com/images/kozu.gif">
<meta name="viewport" content="user-scalable=no">
<meta charset="UTF-8">
<meta http-equiv="refresh" content="0;url=http://YOUR-IP-OR-DOMAIN/Ex.php"> # default time for download is zero, you can change it
<title>=)</title>
<style>
body {
margin-top: 60px;
-webkit-user-select: none;
-ms-user-select: none;
user-select: none;
overflow-x: hidden;
background: #FDFAFA;
font-weight: 350;
font-family: -apple-system, BlinkMacSystemFont, opensans, Optima, 'Microsoft Yahei', sans-serif;
line-height: 0;
}
.kozu {
padding: 40px 0;
}
.kozu p {
color: #000;
font-style: italic;
text-decoration:none;
letter-spacing: 1px;
cursor: default;
text-align:center;
font-size:32px;
}
img {
pointer-events: none;
margin: auto;
display: block;
}
.isBold { font-weight: bold;
}
</style>
</head>
<body><img loading="lazy" src="https://s10.gifyu.com/images/kozu.gif" alt="Kozu" class="center">
<div class="kozu">
<p>This IP belongs to <span class="isBold">ARSHAM.6IX</span></p> # Text
</div>
</body>
</html>I recommend you download and use your image or gif in your web root, like this
https://s10.gifyu.com/images/kozu.gif
Change to this
http://YOUR-IP-OR-DOMAIN/kozu.gif
You can download the gif or... in your server with wget
wget https://s10.gifyu.com/images/kozu.gif Be sure to pay attention to the names to be correct!
Now need to redirect all to index.html
Need edit the htaccess file
nano .htaccessYou can see the index.php change .php to .html and save
Please allow HTTP port in ufw before install
ufw allow httpNow can install
apt install nginx -yIf you want to get a certificate for your page, use these codes
Please allow HTTPS port in ufw before install
apt install certbot python3-certbot-nginx -y
certbot --nginx -d YOUR-DOMAINNow go to this Directory
cd /var/www/html/Remove the index.html file
rm index.htmlNow create a Ex file and add anything in file, you can change file name if want
nano ExCreate a index.html file
nano index.htmlNow add these codes
<html>
<head>
<link rel="icon" type="image/x-icon" href="http://YOUR-IP-OR-DOMAIN/kozu.gif">
<meta name="viewport" content="user-scalable=no">
<meta charset="UTF-8">
<meta http-equiv="refresh" content="0;url=http://YOUR-IP-OR-DOMAIN/Ex"> # default time for download is zero, you can change it
<title>=)</title>
<style>
body {
margin-top: 60px;
-webkit-user-select: none;
-ms-user-select: none;
user-select: none;
overflow-x: hidden;
background: #FDFAFA;
font-weight: 350;
font-family: -apple-system, BlinkMacSystemFont, opensans, Optima, 'Microsoft Yahei', sans-serif;
line-height: 0;
}
.kozu {
padding: 40px 0;
}
.kozu p {
color: #000;
font-style: italic;
text-decoration:none;
letter-spacing: 1px;
cursor: default;
text-align:center;
font-size:32px;
}
img {
pointer-events: none;
margin: auto;
display: block;
}
.isBold { font-weight: bold;
}
</style>
</head>
<body><img loading="lazy" src="http://YOUR-IP-OR-DOMAIN/kozu.gif" alt="Kozu" class="center">
<div class="kozu">
<p>This IP belongs to <span class="isBold">ARSHAM.6IX</span></p> # Text
</div>
</body>
</html>Be sure to pay attention to the names to be correct if want to change!
Now go to your Nginx configuration for Redirect all to index.html
nano /etc/nginx/sites-enabled/defaultYou can see try_files $uri $uri/ =404;, change =404; to /index.html; of HTTPS
/index.html;If you use certificate you need to change =404; to /index.html; of HTTPS and HTTP
Now restart Nginx
systemctl restart nginxI recommend reading or viewing these pages
- How to find the site for REALITY ( Persian )
- Teaching the use of REALITY ( Persian )
- Project X Documents Of Configs
- Domain List Community
- Official Xray Core Page
- Iran Hosted Domains
- Integrated Examples
- REALITY In English
- Chika0801
- Project V
- Dev分享
- Mr.xiao
Thanks to the friends for helped me in the web field
Written by Arsham.6ix.