Skip to content

OpenKikCoc/deployment-xray-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
config
config
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
env.example
env.example
 
 
install.sh
install.sh
 
 
uninstall.sh
uninstall.sh
 
 

Repository files navigation

deployment-xray-server

Docker deployment for Xray server

Intro

Server: VLESS + TLS + Let's Encrypt (Cloudflare API) + Cloudflare DNS + Xray Docker

Quick Start

Option A: One-Click Install (Recommended)

Run this command on your server to install interactively:

bash <(curl -sSL https://raw.githubusercontent.com/openkikcoc/deployment-xray-server/main/install.sh)

It will download files, guide you to configure .env, and start services automatically.

Option B: Manual Install

1. Configure

  1. Clone or download this repo.

  2. Copy the example environment file:

    cp env.example .env

  3. Edit .env and fill in your details:

    • DOMAIN: Your domain name (e.g., vpn.example.com)
    • CF_Token: Your Cloudflare API Token (with DNS:Edit permission)
    • CF_Email: Your Cloudflare account email
    • UUID: A valid UUID (see below for generation methods)

    Domain's DNS A Record should be configured in Cloudflare

    How to generate UUID:

2. Deploy

docker compose up -d

That's it!

  • The acme service will automatically issue a certificate and install it to certs/server.crt and certs/server.key.
  • The xray service will wait for the certificates and then start automatically using the UUID provided in .env.

Certificate Auto-Renewal

  • Certificate Validity: Let's Encrypt certificates are valid for 90 days (3 months).
  • Auto-Renewal: The acme container automatically checks and renews certificates every 12 hours. Certificates are typically renewed about 30 days before expiration.
  • No Manual Action Required: As long as the containers are running, certificates will be renewed automatically.

3. Client Config

Run the helper script to generate client configurations (Shadowrocket link & Stash/Clash config):

./scripts/generate_client_config.sh

Copy the output to your client app.

Project Structure

  • install.sh: One-click installer
  • docker-compose.yml: Main deployment file
  • config/config.json: Xray config template
  • scripts/generate_client_config.sh: Client config generator
  • scripts/debug_server.py: Diagnosis tool (Server self-check & Client connection test)

Troubleshooting

If clients fail to connect despite a healthy server (verified by ./scripts/debug_server.py --mode server), firewalls might be blocking specific TLS fingerprints.

Verification (Local Terminal)

1. Simulate Chrome (Browser-like Handshake)

If this works but your client fails, enable uTLS (fingerprint: chrome) in your client.

openssl s_client -connect ${DOMAIN}:443 -servername ${DOMAIN} -alpn h2,http/1.1

2. Simulate Legacy Client

Tests basic connectivity without modern TLS features.

openssl s_client -connect ${DOMAIN}:443 -servername ${DOMAIN} -no_tls1_3

Success = Verify return code: 0 (ok) / Failure = Connection reset

About

Docker deployment for Xray server

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages