A Brief Introduction to Scientific Internet Access with Xray
In mainland China, the need for scientific internet access has always existed for technical personnel and certain groups. From the earliest VPNs to Shadowsocks, to V2Ray, and the latest XRay, the goal is to freely access the internet and obtain necessary information. This article describes how to configure scientific internet access in command-line mode on a Linux PC. This non-GUI-based system has few external dependencies and provides access to the latest features without waiting for other software updates. Similar operations should be possible on Macs, but Macs have a better software ecosystem, so generally, you can download and install the corresponding app without manual configuration.
1. Purchase an overseas server
We recommend hosting in Japan, Singapore, the US West Coast, or Hong Kong. Check your cloud service provider and test the speed yourself, choosing one with fast speeds and no lag during peak hours.
2. Server Configuration
- Download the latest platform package from the xray GitHub repository.
- Unzip the package to a custom directory. I chose /opt/xray. As shown below, config.json is the configuration file you'll create later. The other four files are provided by default in the compressed package and do not need to be modified.
1root@tokyo:~# ls -al /opt/xray/
2total 40188
3drwxr-xr-x 2 root root 4096 Jun 3 17:07 .
4drwxr-xr-x 4 root root 4096 Jun 3 13:36 ..
5-rw-r--r-- 1 root root 1141 Jun 3 17:07 config.json
6-rw-r--r-- 1 root root 9243256 Jan 1 08:00 geoip.dat
7-rw-r--r-- 1 root root 1161963 Jan 1 08:00 geosite.dat
8-rw-r--r-- 1 root root 16725 Jan 1 08:00 LICENSE
9-rw-r--r-- 1 root root 3613 Jan 1 08:00 README.md
10-rwxr-xr-x 1 root root 20606976 Jan 1 08:00 xray
- Use an editor such as vim or vscode to configure the config.json file.
1root@tokyo:~# cat /opt/xray/config.json
2{
3"log": {
4"access": "/var/log/xray/access.log",
5"error": "/var/log/xray/error.log",
6"loglevel": "warning",
7"dnsLog": false
8},
9"inbounds": [
10{
11"port": 444, # Listening port, can be set as desired
12"protocol": "vless",
13"settings": {
14"clients": [
15{
16"id": "your_uuid", # Your UUID, generated by the xray uuid command
17"flow": "xtls-rprx-direct",
18"level": 0,
19"email": "love@example.com"
20}
21],
22"decryption": "none",
23"fallbacks": [
24{
25"dest": 80
26}
27]
28},
29"streamSettings": {
30"network": "tcp",
31"security": "xtls",
32"xtlsSettings": {
33"alpn": [
34"http/1.1"
35],
36"certificates": [
37{
38"certificateFile": "/root/.acme.sh/mephisto.cc/fullchain.cer", # Change to your certificate
39"keyFile": "/root/.acme.sh/mephisto.cc/mephisto.cc.key" # Change to your key
40}
41]
42}
43}
44}
45],
46"outbounds": [
47{
48"protocol": "freedom"
49}
50]
51}
mephisto.cc is the domain name I purchased. The certificate was automatically generated by caddy2. Find the certificate address and fill it in the corresponding line above. For configuration without a domain name, please refer to the relevant documentation of xray.
-
Systemd configuration. If you don't know how to operate it, search and learn. The result is as follows
-
The file path is here/lib/systemd/system/xray.service
1root@tokyo:~# systemctl status xray.service
2xray.service – XRay Service
3Loaded: loaded (/lib/systemd/system/xray.service; enabled; vendor preset: enabled)
4Active: active (running) since Fri 2022-06-03 17:07:22 CST; 3h 18min ago
5Docs: https://xtls.github.io/
6Main PID: 2403220 (xray)
7Tasks: 7 (limit: 1036)
8Memory: 10.5M
9CGroup: /system.slice/xray.service
10└─2403220 /opt/xray/xray -config /opt/xray/config.json
11Jun 03 17:07:22 tokyo systemd[1]: Started XRay Service.
12Jun 03 17:07:22 tokyo xray[2403220]: Xray 1.5.6 (Xray, Penetrates Everything.) Custom (go1.18.2 linux/amd64)
13Jun 03 17:07:22 tokyo xray[2403220]: A unified platform for anti-censorship.
14Jun 03 17:07:22 tokyo xray[2403220]: 2022/06/03 17:07:22 [Info] infra/conf/serial: Reading config: /opt/xray/config.json
-Configuration content
1root@tokyo:~# cat /lib/systemd/system/xray.service
2[Unit]
3Description=XRay Service
4Documentation=https://xtls.github.io/ After=network.target nss-lookup.target
5
6[Service]
7User=root
8CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
9AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
10NoNewPrivileges=true
11ExecStart=/opt/xray/xray -config /opt/xray/config.json
12Restart=on-failure
13RestartPreventExitStatus=23
14
15[Install]
16WantedBy=multi-user.target
- Boot Check
1root@tokyo:~# systemctl is-enabled xray.service
2enabled
- Process Listening Status Confirmation: xray is listening on port 444, which is configured above.
1root@tokyo:~# ss -lntp |grep xray
2LISTEN 0 4096 *:444 *:* users:(("xray",pid=2403220,fd=3))
At this point, the server-side configuration is complete.
3. Client Configuration. The Linux command-line client configuration is similar to the server configuration, except for the contents of the config.json configuration file.
- Client Configuration Results
1➜ ~ ls -al /opt/xray
2total 15381
3drwxr-xr-x 2 root root 9 Jun 3 20:42 .
4drwxr-xr-x 11 root root 11 Jun 3 13:12 ..
5-rw-r--r-- 1 root root 3324 Jun 3 17:07 config.json
6-rw-r--r-- 1 mephisto mephisto 9243256 Jan 1 08:00 geoip.dat
7-rw-r--r-- 1 mephisto mephisto 1161963 Jan 1 08:00 geosite.dat
8-rw-r--r-- 1 mephisto mephisto 16725 Jan 1 08:00 LICENSE
9-rw-r--r-- 1 mephisto mephisto 3613 Jan 1 08:00 README.md
10-rwxr-xr-x 1 mephisto mephisto 20606976 Jan 1 08:00 xray
11➜ ~ cat /opt/xray/config.json
12{
13"log": {
14"access": "/var/log//xray/access.log",
15"error": "/var/log/xray/error.log",
16"loglevel": "warning"
17},
18"dns": {
19"servers": [
20{
21"address": "1.1.1.1",
22"domains": [ "geosite:geolocation-!cn"
23]
24},
25{
26"address": "223.5.5.5",
27"domains": [
28"geosite:cn"
29],
30"expectIPs": [
31"geoip:cn"
32]
33},
34{
35"address": "114.114.114.114",
36"domains": [
37"geosite:cn"
38]
39},
40"localhost"
41]
42},
43"routing": {
44"domainStrategy": "IPIfNonMatch",
45"rules": [
46{
47"type": "field",
48"domain": [
49"geosite:category-ads-all"
50],
51"outboundTag": "block"
52},
53{
54"type": "field",
55"domain": [
56"geosite:cn"
57],
58"outboundTag": "direct" },
59{
60"type": "field",
61"ip": [
62"geoip:cn",
63"geoip:private"
64],
65"outboundTag": "direct"
66},
67{
68"type": "field",
69"domain": [
70"geosite:geolocation-!cn"
71],
72"outboundTag": "proxy"
73},
74{
75"type": "field",
76"ip": [
77"223.5.5.5"
78],
79"outboundTag": "direct"
80}
81]
82},
83"inbounds": [
84{
85"tag": "socks-in",
86"protocol": "socks", #socks proxy
87"listen": "127.0.0.1",
88"port": 1080,
89"settings": {
90"udp": true
91}
92},
93{
94"tag": "http-in",
95"protocol": "http", #http proxy
96"listen": "127.0.0.1",
97"port": 1081
98}
99],
100"outbounds": [
101{
102"tag": "proxy",
103"protocol": "vless",
104"settings": {
105"vnext": [
106{
107"address": "mephisto.cc", # Change to your domain name
108"port": 444, # Server port
109"users": [
110{
111"id": "your_uuid", # Your uuid
112"flow": "xtls-rprx-direct",
113"encryption": "none",
114"level": 0
115}
116]
117}
118]
119},
120"streamSettings": {
121"network": "tcp",
122"security": "xtls",
123"xtlsSettings": {
124"serverName": "mephisto.cc", # Your domain name
125"allowInsecure": true
126}
127}
128},
129{
130"tag": "direct",
131"protocol": "freedom"
132},
133{
134"tag": "block",
135"protocol": "blackhole"
136}
137]
138}
The routing and DNS sections may seem complex, so please refer to the xray documentation. Ordinary users shouldn't need to make any changes; they're sufficient for circumventing the Great Firewall.
Verifying that everything works as expected
- Command-line HTTP proxy test: it works!
1➜ ~ curl -I -x http://127.0.0.1:1081 https://google.com
2HTTP/1.1 200 Connection established
3
4HTTP/2 301
5location: https://www.google.com/
6content-type: text/html; charset=UTF-8
7date: Fri, 03 Jun 2022 12:55:40 GMT
8expires: Sun, 03 Jul 2022 12:55:40 GMT
9cache-control: public, max-age=2592000
10server: gws
11content-length: 220
12x-xss-protection: 0
13x-frame-options: SAMEORIGIN
14alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
- socks5 Proxy test also works.
1➜ ~ curl -I -x socks5h://127.0.0.1:1080 https://www.google.com/
2HTTP/2 200
3content-type: text/html; charset=ISO-8859-1
4p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
5date: Fri, 03 Jun 2022 13:00:58 GMT
6server: gws
7x-xss-protection: 0
8x-frame-options: SAMEORIGIN
9expires: Fri, 03 Jun 2022 13:00:58 GMT
10cache-control: private
11set-cookie: 1P_JAR=2022-06-03-13; expires=Sun, 03-Jul-2022 13:00:58 GMT; path=/; domain=.google.com; Secure
12set-cookie: AEC=AakniGOSbutZGFxTDab9J5w5YK8ZVJWqiR-zynVkDi-b8Rof7f_LvLyFVJo; expires=Wed, 30-Nov-2022 13:00:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
13set-cookie: NID=511=idF0g6ZS2sbWz6Du7vKmvJj7pje-MC8xe0Fd8z3bCbGYAGKGiFVWBUflmIStvdfWPAKgsGd0q0jPD_pDb
14expires=Sat, 03-Dec-2022 13:00:58 GMT; path=/; domain=.google.com; HttpOnly
15alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Some may ask, how do I use it? It's very simple. I usually use two browsers, Chrome as my main browser, and Firefox. Simply configure the two proxies mentioned above in Settings/General/Network Settings/Settings/Manual proxy configuration, as shown below.
In addition, desktops like Gnome also have global network proxy settings. Chrome and Firefox have proxy plugins available, and you can also configure environment variables in the terminal. I won't list them all here.
Finally, a special note: For iOS mobile apps, you can also configure Shadowrocket by downloading it from the US region.
Copyright statement:
- All content that is not sourced is original., please do not reprint without authorization (because the typesetting is often disordered after reprinting, the content is uncontrollable, and cannot be continuously updated, etc.);
- For non-profit purposes, to deduce any content of this blog, please give the relevant webpage address of this site in the form of 'source of original text' or 'reference link' (for the convenience of readers).