一、Environment
Operating System | CentOS 7 |
Server Location | San Jose |
二、Let’s Start
Install & Upgrade Xray-core and geodata with User=root
, which will overwrite User
in existing service files
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
三、Configure
vim /usr/local/etc/xray/config.json
{ "inbounds": [{ "port": 443, "protocol": "vless", "settings": { "clients": [ { "id": "28b01209-da52-48e1-ba69-23b6b156046e", "flow": "xtls-rprx-direct", "level": 0 } ], "decryption": "none", "fallbacks": [ { "alpn": "http/1.1", "dest": 80 }, { "alpn": "h2", "dest": 81 } ] }, "streamSettings": { "network": "tcp", "security": "xtls", "xtlsSettings": { "serverName": "xray.domain.com", "alpn": ["http/1.1", "h2"], "certificates": [ { "certificateFile": "/usr/local/etc/xray/xray.domain.com.pem", "keyFile": "/usr/local/etc/xray/xray.domain.com.key" } ] } } }], "outbounds": [{ "protocol": "freedom", "settings": {} },{ "protocol": "blackhole", "settings": {}, "tag": "blocked" }] }
vim /etc/systemd/system/xray.service
[Unit] Description=Xray Service Documentation=https://github.com/xtls After=network.target nss-lookup.target [Service] User=root #User=nobody #CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE #AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE NoNewPrivileges=true ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json Restart=on-failure RestartPreventExitStatus=23 [Install] WantedBy=multi-user.target