December 5, 2020

VLESS, a new V2Ray lightweight transmission protocol, VLESS+WS+TLS Configuration

VLESS, a new V2Ray lightweight transmission protocol, VLESS+WS+TLS Configuration

[Recommended] If you would like to try the latest VLESS+TCP+XTLS, please refer to the link below:

Coexistence of Web Applications and VLESS+TCP+XTLS
1. IntroXray-core is a superset of v2ray-core, with better overall performance and aseries of enhancements such as XTLS, and is fully compatible with the functionsand configurations of v2ray-core. * There is only one executable file, including ctl function, “run” is the default command. * T…

This article is based on V2Ray-Core v4.31.0+, V2RayU v3.0.0+(preview). VLESS is in BETA now. (202012)

1. Before Setup (Important)

VLESS is V2Ray's latest lightweight transmission protocol. Unlike Vmess, VLESS does not depend on the system time. The authentication method is also UUID, but no alterId is required.

VLESS supports diversion fallback based on the length of the first packet, which can forward the length <18, or authentication failure, or invalid protocol, to the specified address. Note that fallback is only applicable in TCP mode, other modes cannot have this configuration, and the value cannot be empty. (There will be an error)

VLESS is currently NOT encrypted, so the safest way to use VLESS is TLS encrypted channel. The minimum version of V2Ray-Core that supports VLESS is v4.27+. Server needs to keep updated, and the client also must go with the latest version.

2. VLESS + WS + TLS Configuration

Actually if you are familiar with Vmess + WS + TLS, the change of VLESS will only cost you no more than one minute, because all you have to do is modify the inbound json file, and others remain the same as Vmess configuration.

2.1 V2Ray Server Setting

{
  "log" : {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },
  "inbound": {
    "Port": 12345,  //This is the port used by V2Ray in WS mode, which needs proxy forwarding in Nginx.
    "listen":"127.0.0.1", //This is the address that needs to be forwarded by proxy in Nginx
    "protocol": "vless",  //Choose transmission protocol VLESS
    "settings": {
      "clients": [
         {
          "id": "b74c8251-7b4f-4f97-8ade-f4b6d19f1ba6",  //UUID. Please use UUID generator.
          "level": 0,
          "email": "[email protected]" //Distinguish statistical traffic.
         }
       ],
       "decryption": "none"  //Under the current VLESS protocol, decryption must be set to none.
    },
    "streamSettings": {
      "network": "ws",    //Use WS mode.
      "wsSettings": {
        "path": "/examplepath" //This path needs to be identical with the location path in Nginx.
       }
    }
  },
  "outbound": {
    "protocol": "freedom",
    "settings": {}
  }
}

2.2 Nginx Setting

server { 
    listen       80;
    server_name  $your_domain;  //Your domain
    rewrite ^(.*)$  https://\$host\$1 permanent;  //Redirect all port 80 traffic to port 443.
}
server {
    listen 443 ssl http2;
    server_name $your_domain;  //Your domain
    root /etc/nginx/html;
    index index.php index.html;
    ssl_certificate /etc/nginx/ssl/fullchain.cer;  //Your cert path
    ssl_certificate_key /etc/nginx/ssl/$your_domain.key; //Your cert path
    ssl_protocols   TLSv1.2 TLSv1.3;
    ssl_ciphers     'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
    ssl_prefer_server_ciphers   on;
    ssl_early_data  on;
    ssl_stapling on;
    ssl_stapling_verify on;
    location /examplepath { //This path needs to be identical with the path in V2Ray.
        proxy_redirect off;
        proxy_pass http://127.0.0.1:12345;  //Same port as setup in V2Ray server
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host \$http_host;
    }
}

3. Client Configuration

Same as Vmess + WS + TLS.