README
¶
XMRay
XRay-core server for NuxtJs version of XMPlus management panel
Config directory
cd /etc/XMRay
Onclick XMRay backennd Install
bash <(curl -Ls https://raw.githubusercontent.com/XMPlusDev/XMRay/script/install.sh)
/etc/XMRay/config.yml
Log:
Level: none # Log level: none, error, warning, info, debug
AccessPath: # /etc/XMRay/access.Log
ErrorPath: # /etc/XMRay/error.log
DNSLog: false # / true or false Whether to enable DNS query log, for example: DOH//doh.server got answer: domain.com -> [ip1, ip2] 2.333ms
MaskAddress: half # half, full, quater
DnsConfigPath: /etc/XMRay/dns.json #https://xtls.github.io/config/dns.html
RouteConfigPath: # /etc/XMRay/route.json #https://xtls.github.io/config/routing.html
OutboundConfigPath: # /etc/XMRay/outbound.json #https://xtls.github.io/config/outbound.html
ConnectionConfig:
Handshake: 8
ConnIdle: 120
UplinkOnly: 0
DownlinkOnly: 0
BufferSize: 64
ReverbConfig:
- Enable: false
Host: "api.xyz.com:443" # Reverb REVERB_HOST:REVERB_PORT in .env for api /home/XMplusPanel/.env
AppKey: # REVERB_APP_KEY in .env for api /home/XMplusPanel/.env
AppSecret: # REVERB_APP_SECRET in .env for api /home/XMplusPanel/.env
Channel: xmplus # Do not change
UseTLS: true # Set to true if tls enabled for api
Nodes:
-
ApiConfig:
ApiHost: "https://api.xyz.com"
ApiKey: "123"
NodeID: 1
Timeout: 30
ControllerConfig:
EnableDNS: true # Use custom DNS config, Please ensure that you set the dns.json well
DNSStrategy: AsIs # AsIs, UseIP, UseIPv4, UseIPv6
CertConfig:
Email: author@cert.xyz # Required when Cert Mode is not none
CertFile: /etc/XMRay/node1.crt # Required when Cert Mode is file
KeyFile: /etc/XMRay/node1.key # Required when Cert Mode is file
Provider: cloudflare # Required when Cert Mode is dns
CertEnv: # Required when Cert Mode is dns
CLOUDFLARE_EMAIL: # Required when Cert Mode is dns
CLOUDFLARE_API_KEY: # Required when Cert Mode is dns
EnableFallback: false # Only support for Trojan and Vless
FallBackConfigs: # Support multiple fallbacks
- SNI: # TLS SNI(Server Name Indication), Empty for any
Alpn: # Alpn, Empty for any
Path: # HTTP PATH, Empty for any
Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/features/fallback.html for details.
ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for disable
RedisConfig:
Enable: false # Enable the global ip limit of a user
Network: tcp # Redis protocol, tcp or unix
Addr: 127.0.0.1:6379 # Redis server address, or unix socket path
Username: # Redis username
Password: # Redis password
DB: 0 # Redis DB
Timeout: 10 # Timeout for redis request
XMPlus Panel Server configuration
Network Settings
TCP
{
"encryption": "none",
"decryption": "none",
"flow": "xtls-rprx-vision",
"cipher": "aes-128-gcm",
"sniffing": true,
"listeningIP": "0.0.0.0",
"listeningPort": "443-443",
"sendThroughIP": "0.0.0.0",
"transportProtocol": {
"type": "raw",
"settings": {
"acceptProxyProtocol": false,
"header": {
"type": "none"
}
}
},
"socketSettings": {
"acceptProxyProtocol": false,
"domainStrategy": "asis",
"tcpKeepAliveInterval": 0,
"tcpUserTimeout": 0,
"tcpMaxSeg": 0,
"tcpWindowClamp": 0,
"tcpKeepAliveIdle": 0,
"tcpMptcp": false,
"tcpCongestion": "bbr"
}
}
TCP + HTTP
{
"encryption": "none",
"decryption": "none",
"cipher": "aes-128-gcm",
"sniffing": true,
"listeningIP": "0.0.0.0",
"listeningPort": "443-443",
"sendThroughIP": "0.0.0.0",
"transportProtocol": {
"type": "raw",
"settings": {
"acceptProxyProtocol": false,
"header": {
"type": "http",
"request": {
"path": ["/"],
"headers": {
"Host": ["www.baidu.com", "www.bing.com"]
}
}
}
}
},
"socketSettings": {
"acceptProxyProtocol": false,
"domainStrategy": "asis",
"tcpKeepAliveInterval": 0,
"tcpUserTimeout": 0,
"tcpMaxSeg": 0,
"tcpWindowClamp": 0,
"tcpKeepAliveIdle": 0,
"tcpMptcp": false,
"tcpCongestion": "bbr"
}
}
WS
{
"encryption": "none",
"decryption": "none",
"cipher": "aes-128-gcm",
"sniffing": true,
"listeningIP": "0.0.0.0",
"listeningPort": "443-443",
"sendThroughIP": "0.0.0.0",
"transportProtocol": {
"type": "ws",
"settings": {
"acceptProxyProtocol": false,
"host": "tld.dev",
"path": "/",
"heartbeat": 60,
"custom_host": "tld.dev"
}
},
"socketSettings": {
"acceptProxyProtocol": false,
"domainStrategy": "asis",
"tcpKeepAliveInterval": 0,
"tcpUserTimeout": 0,
"tcpMaxSeg": 0,
"tcpWindowClamp": 0,
"tcpKeepAliveIdle": 0,
"tcpMptcp": false,
"tcpCongestion": "bbr"
}
}
GRPC
{
"encryption": "none",
"decryption": "none",
"cipher": "aes-128-gcm",
"sniffing": true,
"listeningIP": "0.0.0.0",
"listeningPort": "443-443",
"sendThroughIP": "0.0.0.0",
"acceptProxyProtocol": false,
"transportProtocol": {
"type": "grpc",
"settings": {
"servicename": "tld",
"authority": "tld.dev",
"user_agent": "",
"initial_windows_size": 0,
"idle_timeout": 0,
"health_check_timeout": 0,
"permit_without_stream": false
}
},
"socketSettings": {
"acceptProxyProtocol": false,
"domainStrategy": "asis",
"tcpKeepAliveInterval": 0,
"tcpUserTimeout": 0,
"tcpMaxSeg": 0,
"tcpWindowClamp": 0,
"tcpKeepAliveIdle": 0,
"tcpMptcp": false,
"tcpCongestion": "bbr"
}
}
HTTPUPGRADE
{
"encryption": "none",
"decryption": "none",
"cipher": "aes-128-gcm",
"sniffing": true,
"listeningIP": "0.0.0.0",
"listeningPort": "443-443",
"sendThroughIP": "0.0.0.0",
"transportProtocol": {
"type": "httpupgrade",
"settings": {
"acceptProxyProtocol": false,
"host": "tld.dev",
"path": "/",
"custom_host": "tld.dev"
}
},
"socketSettings": {
"acceptProxyProtocol": false,
"domainStrategy": "asis",
"tcpKeepAliveInterval": 0,
"tcpUserTimeout": 0,
"tcpMaxSeg": 0,
"tcpWindowClamp": 0,
"tcpKeepAliveIdle": 0,
"tcpMptcp": false,
"tcpCongestion": "bbr"
}
}
XHTTP
{
"encryption": "none",
"decryption": "none",
"cipher": "aes-128-gcm",
"sniffing": true,
"listeningIP": "0.0.0.0",
"listeningPort": "443-443",
"sendThroughIP": "0.0.0.0",
"transportProtocol": {
"type": "xhttp",
"settings": {
"host": "tld.dev",
"mode": "packet-up",
"path": "/",
"noSSEHeader": false,
"scMaxBufferedPosts": 30,
"scMaxEachPostBytes": 1000000,
"scStreamUpServerSecs": "20-80",
"xPaddingBytes": "100-1000",
"custom_host": "tld.dev",
"extra": {}
}
},
"socketSettings": {
"acceptProxyProtocol": false,
"domainStrategy": "asis",
"tcpKeepAliveInterval": 0,
"tcpUserTimeout": 0,
"tcpMaxSeg": 0,
"tcpWindowClamp": 0,
"tcpKeepAliveIdle": 0,
"tcpMptcp": false,
"tcpCongestion": "bbr"
}
}
KCP
{
"encryption": "none",
"decryption": "none",
"cipher": "aes-128-gcm",
"sniffing": true,
"listeningIP": "0.0.0.0",
"listeningPort": "443-443",
"sendThroughIP": "0.0.0.0",
"transportProtocol": {
"type": "kcp",
"settings": {
"mtu": 1350
}
},
"socketSettings": {
"acceptProxyProtocol": false,
"domainStrategy": "asis",
"tcpKeepAliveInterval": 0,
"tcpUserTimeout": 0,
"tcpMaxSeg": 0,
"tcpWindowClamp": 0,
"tcpKeepAliveIdle": 0,
"tcpMptcp": false,
"tcpCongestion": "bbr"
}
}
HYSTERIA
{
"encryption": "none",
"decryption": "none",
"sniffing": true,
"listeningIP": "0.0.0.0",
"listeningPort": "443-443",
"sendThroughIP": "0.0.0.0",
"transportProtocol": {
"type": "hysteria",
"settings": {
"version": 2
}
},
"socketSettings": {
"acceptProxyProtocol": false,
"domainStrategy": "asis",
"tcpKeepAliveInterval": 0,
"tcpUserTimeout": 0,
"tcpMaxSeg": 0,
"tcpWindowClamp": 0,
"tcpKeepAliveIdle": 0,
"tcpMptcp": false,
"tcpCongestion": "bbr"
}
}
Mask Settings
maskSettings is optional and applies transport-level obfuscation. All three fields (tcp, udp, quicParams) are optional and can be used independently or together.
TCP mask types: header-custom, fragment, sudoku
UDP mask types: header-custom, header-dns, header-dtls, header-srtp, header-utp, header-wechat, header-wireguard, mkcp-original, mkcp-aes128gcm, noise, salamander, sudoku, xdns, xicmp
{
"maskSettings": {
"tcp": [
{
"type": "fragment",
"settings": {
"packets": "tlshello",
"length": { "from": 100, "to": 200 },
"delay": { "from": 10, "to": 20 },
"maxSplit": { "from": 0, "to": 0 }
}
}
],
"udp": [
{
"type": "noise",
"settings": {
"reset": { "from": 0, "to": 0 },
"noise": [
{
"type": "str",
"packet": "GET / HTTP/1.1\r\n",
"rand": { "from": 0, "to": 0 },
"delay": { "from": 10, "to": 50 }
}
]
}
}
],
"quicParams": {
"congestion": "bbr",
"debug": false,
"bbrProfile": "standard",
"brutalUp": "100mbps",
"brutalDown": "100mbps",
"udpHop": {
"ports": ["443,8443"],
"interval": { "from": 10, "to": 30 }
},
"initStreamReceiveWindow": 8388608,
"maxStreamReceiveWindow": 8388608,
"initConnectionReceiveWindow": 20971520,
"maxConnectionReceiveWindow": 20971520,
"maxIdleTimeout": 30,
"keepAlivePeriod": 10,
"disablePathMTUDiscovery": false,
"maxIncomingStreams": 100
}
}
}
quicParams fields:
| Field | Type | Description |
|---|---|---|
congestion |
string | Congestion control algorithm, e.g. "bbr", "cubic" |
debug |
bool | Enable debug mode |
bbrProfile |
string | Congestion control algorithm, e.g. "conservative", "standard", "aggressive" |
brutalUp |
string | Upload bandwidth for brutal congestion, e.g. "100mbps", "1gbps" |
brutalDown |
string | Download bandwidth for brutal congestion |
udpHop.ports |
string/arraay | Port list for UDP hopping |
udpHop.interval |
object | Hop interval range in seconds { "from": N, "to": N } |
initStreamReceiveWindow |
uint64 | Initial stream receive window size (bytes) |
maxStreamReceiveWindow |
uint64 | Max stream receive window size (bytes) |
initConnectionReceiveWindow |
uint64 | Initial connection receive window size (bytes) |
maxConnectionReceiveWindow |
uint64 | Max connection receive window size (bytes) |
maxIdleTimeout |
int64 | Max idle timeout in seconds |
keepAlivePeriod |
int64 | Keep-alive period in seconds |
disablePathMTUDiscovery |
bool | Disable path MTU discovery |
maxIncomingStreams |
int64 | Max number of incoming streams |
Security Settings
TLS
{
"tlsSettings": {
"allowInsecure": false,
"alpn": ["h2", "http/1.1"],
"certMode": "http",
"certDomainName": "tld.dev",
"fragment": "1,40-60,30-50",
"serverName": "google.com",
"fingerprint": "chrome",
"curvePreferences": ["X25519", "X25519MLKEM768"],
"rejectUnknownSni": false,
"verifyPeerCertByName": "google.com",
"pinnedPeerCertSha256": "",
"echServerKeys": "",
"echConfigList": ""
},
"maskSettings": {
"udp": [
{
"type": "salamander",
"settings": {
"password": "your-password-here"
}
}
]
}
}
REALITY
{
"realitySettings": {
"target": "www.microsoft.com:443",
"show": false,
"shortids": ["6ba85179e30d4fc2"],
"password": "u2Yirzjxx5R5miuJ-Od8CL4gAiCWj-65WOF2mSVyUz4",
"privateKey": "sBFSY3OzslfjR2VcSHaQG-6GASrH5YswYyqBR-1m3Vc",
"fingerprint": "chrome",
"serverNames": ["www.microsoft.com"],
"proxyprotocol": 0,
"mldsa65Seed": "",
"mldsa65Verify": "",
"spiderX": "",
"minClientVer": "",
"maxClientVer": "",
"maxTimeDiff": 0
},
"maskSettings": {
"udp": [
{
"type": "salamander",
"settings": {
"password": "your-password-here"
}
}
]
}
}
XMRay Commands Reference
Basic Operations
| Command | Description |
|---|---|
XMRay |
Show menu (more features) |
XMRay start |
Start XMRay |
XMRay stop |
Stop XMRay |
XMRay restart |
Restart XMRay |
XMRay status |
View XMRay status |
Service Management
| Command | Description |
|---|---|
XMRay enable |
Enable XMRay auto-start |
XMRay disable |
Disable XMRay auto-start |
Logging & Configuration
| Command | Description |
|---|---|
XMRay log |
View XMRay logs |
XMRay config |
Show configuration file content |
Installation & Updates
| Command | Description |
|---|---|
XMRay install |
Install XMRay |
XMRay uninstall |
Uninstall XMRay |
XMRay update |
Update XMRay |
XMRay update vx.x.x |
Update XMRay to specific version |
XMRay version |
View XMRay version |
Key Generation & Utilities
| Command | Description |
|---|---|
XMRay warp |
Generate Cloudflare WARP account |
XMRay x25519 |
Generate key pair for X25519 key exchange (REALITY, VLESS Encryption) |
XMRay mldsa65 |
Generate key pair for ML-DSA-65 post-quantum signature (REALITY) |
XMRay mlkem768 |
Generate key pair for ML-KEM-768 post-quantum key exchange (VLESS Encryption) |
XMRay vlessenc |
Generate decryption/encryption JSON pair (VLESS Encryption) |
XMRay obtain |
Generate SSL/TLS certificate for domain name |
XMRay renew |
Renew SSL/TLS certificate for domain name |
XMRay ping |
Ping a domain with TLS handshake |
XMRay ech |
Generate ECH keys with default or custom server name |
XMRay hash |
Calculate hash for specific certificate |
XMRay generate |
Generate self-signed TLS certificates for testing and production use |
Directories
¶
| Path | Synopsis |
|---|---|
|
To implement controller, one needs to implement the interface below.
|
To implement controller, one needs to implement the interface below. |
|
Package helper contains utilities that are shared among other packages.
|
Package helper contains utilities that are shared among other packages. |
|
limiter
Package limiter is to control the links that go into the dispatcher
|
Package limiter is to control the links that go into the dispatcher |
Click to show internal directories.
Click to hide internal directories.