xjkj8

XHTTP + HTTP/3 + CDN

XHTTP was previously known as splitHTTP. HTTP/3 uses udp/443 by default, but Cloudflare cannot support HTTP/3 between Cloudflare and the origin. Therefore the Xray client transmits HTTP/3 over udp/443, while the Xray server receives HTTP/2 or HTTP/1.1.

1. Install and configure Xray server

1.1. Domain name

For the configuration in this article, you will need to purchase a domain name.

Example:

yourdomain.yourtld

Add your domain name to Cloudflare.

1.2. Hostname

Choose a subdomain that will be the hostname for your server.

Example:

yourhost.yourdomain.yourtld

Go to the Cloudflare DNS page for your domain. Add a DNS A record (or AAAA for IPv6) pointing from your subdomain (i.e. hostname) to your virtual private server IP address.

Turn the DNS record's proxy status off for now. The Cloudflare icon for an unproxied record (DNS only) is a gray cloud. Click Save to save the new record you just added.

1.3. Open firewall

Open your server's firewall and/or security groups for input on:

1.4. Obtain SSL certificate

SSH into your server as root.

Update your server:

apt update && apt upgrade -y && apt autoremove -y

Make sure nothing is listening on port tcp/80, as it will be used to obtain a standalone SSL certificate.

ss -tulpn

Obtain an SSL certificate using the Automatic Certificate Management Environment (ACME) script. Remember to change the sample hostname (subdomain) in what follows to your actual hostname.

apt install -y curl cron socat

curl https://get.acme.sh | sh

source ~/.bashrc

acme.sh --upgrade --auto-upgrade

acme.sh --set-default-ca --server letsencrypt

acme.sh --issue -d yourhost.yourdomain.yourtld --standalone --keylength ec-256

acme.sh --install-cert -d yourhost.yourdomain.yourtld --ecc --fullchain-file /etc/ssl/private/fullchain.cer --key-file /etc/ssl/private/private.key

chown -R nobody:nogroup /etc/ssl/private

acme.sh --renew -d yourhost.yourdomain.yourtld --force --ecc

1.5. Turn on proxying, SSL, and HTTP/3 in Cloudflare

Now you can turn on the final configuration of Cloudflare.

After proxying is turned on, you will need to SSH into your server by IP address, not by hostname.

1.6. Install Xray

Install Xray:

bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install

1.7. Generate UUID

Generate a universally unique id:

xray uuid

Example:

19fd356b-5dc3-44ec-b166-c2b0ea111104

1.8. Generate path

Generate a secret path for xhttp:

< /dev/urandom tr -dc a-z0-9 | head -c${1:-8};echo;

Example:

1loryo44

1.9. Configure server

Since we are using Cloudflare, what the client sends up as HTTP/3 will be received as HTTP/2 or 1.1.

Edit the server configuration file:

vi /usr/local/etc/xray/config.json

Example:

{
    "log": {
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "port": 443,
            "listen": "0.0.0.0",
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "19fd356b-5dc3-44ec-b166-c2b0ea111104"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "xhttp",
                "security": "tls",
                "xhttpSettings": {
                    "path": "/1loryo44",
                    "host": "yourhost.yourdomain.yourtld"
                },
                "tlsSettings": {
                    "rejectUnknownSni": true,
                    "minVersion": "1.3",
                    "alpn": [
                        "h2",
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "ocspStapling": 3600,
                            "certificateFile": "/etc/ssl/private/fullchain.cer",
                            "keyFile": "/etc/ssl/private/private.key"
                        }
                    ]
                }
            },
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls",
                    "quic"
                ]
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom",
            "tag": "direct"
        },
        {
            "protocol": "blackhole",
            "tag": "block"
        }
    ]
}

Replace the sample values in the above with your own values.

Save the file.

1.10. Start service

Restart the Xray systemd service:

systemctl restart xray

Exit your SSH session with the server.

2. Install and configure Xray client

2.1. Install client

Download the client executable from https://github.com/XTLS/Xray-core/releases.

Example:

Xray-windows-64.zip

Extract the .zip file.

2.2. Configure client

Create a client configuration file config.json in the same folder as the Xray client executable.

Example:

{
    "log": {
        "loglevel": "warning"
    },
    "routing": {
        "rules": [
            {
                "ip": [
                    "geoip:private"
                ],
                "outboundTag": "direct"
            }
        ]
    },
    "inbounds": [
        {
            "port": 10808,
            "listen": "127.0.0.1",
            "protocol": "socks",
            "settings": {
                "udp": true
            },
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls",
                    "quic"
                ]
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "vless",
            "settings": {
                "vnext": [
                    {
                        "address": "yourhost.yourdomain.yourtld", 
                        "port": 443,
                        "users": [
                            {
                                "id": "19fd356b-5dc3-44ec-b166-c2b0ea111104",
                                "encryption": "none"
                            }
                        ]
                    }
                ]
            },
            "streamSettings": {
                "network": "xhttp",
                "security": "tls",
                "xhttpSettings": {
                    "path": "/1loryo44",
                    "host": "yourhost.yourdomain.yourtld" 
                },
                "tlsSettings": {
                    "serverName": "yourhost.yourdomain.yourtld", 
                    "alpn": [
                        "h3"
                    ]
                },
                "noGRPCHeader": true
            }
        },
        {
            "protocol": "freedom",
            "tag": "direct"
        }
    ]
}

Replace the sample values in the above with your own values.

Save the file.

2.3. Run client

Run the client in a command prompt window.

Example:

cd Downloads\Xray-windows-64

xray.exe -c config.json

Leave the command prompt window open, with xray running in it.

2.4. Install and configure Firefox

Download Firefox browser from https://www.mozilla.org.

Edit Settings > General > Network Settings > Settings.

Set Manual proxy configuration, SOCKS Host 127.0.0.1, Port 10808, SOCKS v5, Proxy DNS when using SOCKS v5.

Browse the web.