一、Environment
| Operating System | CentOS 7 |
| Server Location | San Jose |
二、Let’s Start
Install & Upgrade Xray-core and geodata with User=root, which will overwrite User in existing service files
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
三、Configure
vim /usr/local/etc/xray/config.json
{
"inbounds": [{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "28b01209-da52-48e1-ba69-23b6b156046e",
"flow": "xtls-rprx-direct",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "xray.domain.com",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "/usr/local/etc/xray/xray.domain.com.pem",
"keyFile": "/usr/local/etc/xray/xray.domain.com.key"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
vim /etc/systemd/system/xray.service
[Unit] Description=Xray Service Documentation=https://github.com/xtls After=network.target nss-lookup.target [Service] User=root #User=nobody #CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE #AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE NoNewPrivileges=true ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json Restart=on-failure RestartPreventExitStatus=23 [Install] WantedBy=multi-user.target