VLESS, a new V2Ray lightweight transmission protocol, VLESS+WS+TLS Configuration
[Recommended] If you would like to try the latest VLESS+TCP+XTLS, please refer to the link below:
Henry
This article is based on V2Ray-Core v4.31.0+, V2RayU v3.0.0+(preview). VLESS is in BETA now. (202012)
1. Before Setup (Important)
VLESS is V2Ray's latest lightweight transmission protocol. Unlike Vmess, VLESS does not depend on the system time. The authentication method is also UUID, but no alterId is required.
VLESS supports diversion fallback based on the length of the first packet, which can forward the length <18, or authentication failure, or invalid protocol, to the specified address. Note that fallback is only applicable in TCP mode, other modes cannot have this configuration, and the value cannot be empty. (There will be an error)
VLESS is currently NOT encrypted, so the safest way to use VLESS is TLS encrypted channel. The minimum version of V2Ray-Core that supports VLESS is v4.27+. Server needs to keep updated, and the client also must go with the latest version.
2. VLESS + WS + TLS Configuration
Actually if you are familiar with Vmess + WS + TLS, the change of VLESS will only cost you no more than one minute, because all you have to do is modify the inbound json file, and others remain the same as Vmess configuration.
2.1 V2Ray Server Setting
{
"log" : {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbound": {
"Port": 12345, //This is the port used by V2Ray in WS mode, which needs proxy forwarding in Nginx.
"listen":"127.0.0.1", //This is the address that needs to be forwarded by proxy in Nginx
"protocol": "vless", //Choose transmission protocol VLESS
"settings": {
"clients": [
{
"id": "b74c8251-7b4f-4f97-8ade-f4b6d19f1ba6", //UUID. Please use UUID generator.
"level": 0,
"email": "[email protected]" //Distinguish statistical traffic.
}
],
"decryption": "none" //Under the current VLESS protocol, decryption must be set to none.
},
"streamSettings": {
"network": "ws", //Use WS mode.
"wsSettings": {
"path": "/examplepath" //This path needs to be identical with the location path in Nginx.
}
}
},
"outbound": {
"protocol": "freedom",
"settings": {}
}
}
2.2 Nginx Setting
server {
listen 80;
server_name $your_domain; //Your domain
rewrite ^(.*)$ https://\$host\$1 permanent; //Redirect all port 80 traffic to port 443.
}
server {
listen 443 ssl http2;
server_name $your_domain; //Your domain
root /etc/nginx/html;
index index.php index.html;
ssl_certificate /etc/nginx/ssl/fullchain.cer; //Your cert path
ssl_certificate_key /etc/nginx/ssl/$your_domain.key; //Your cert path
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
ssl_prefer_server_ciphers on;
ssl_early_data on;
ssl_stapling on;
ssl_stapling_verify on;
location /examplepath { //This path needs to be identical with the path in V2Ray.
proxy_redirect off;
proxy_pass http://127.0.0.1:12345; //Same port as setup in V2Ray server
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host \$http_host;
}
}
3. Client Configuration
Same as Vmess + WS + TLS.
Copyright statement: Unless otherwise stated, all articles on this blog adopt the CC BY-NC-SA 4.0 license agreement. For non-commercial reprints and citations, please indicate the author: Henry, and original article URL. For commercial reprints, please contact the author for authorization.