I'm a developer unfortunately living in a country where the government blocks access to most of the internet — Twitter, YouTube, GitHub (sometimes), messaging apps, news sites... all filtered. Millions of people deal with this every single day.
The obvious solution? A VPN server somewhere abroad. Spin up an instance on AWS or Hetzner, install a VPN, connect from home. Simple, right?
Except it doesn't work. ❌
Local ISPs actively detect and block VPN protocols. Even if you get a connection working, the foreign IP gets blacklisted within days. You set it up, it works for a week, then it's dead. Start over.
🔍 The Real Problem
You can't connect directly to a foreign server running a proxy. The connection gets detected and killed — not always, but almost mostly. But here's the thing — not all networks are filtered equally. Each ISP behaves differently, and filtering varies from city to city. One ISP might block everything, while another provider in a different city lets certain traffic through.
This means your middle server doesn't have to be in a datacenter. It can be:
- 🏠 A home server on a different ISP
- 🏙️ A friend's machine in another city with a static IP
- 💰 A cheap VPS at a local hosting provider
As long as it can reach both your device and the foreign server, it works as an EDGE.
The filtering mostly targets end-user residential connections to foreign IPs. Internal traffic — between ISPs, cities, datacenters — is far less restricted.
So the solution is a chain:
📱 Your phone/laptop ➜ 🔗 Middle server (EDGE) ➜ 🌍 Exit server (GATEWAY) ➜ 🌐 Free internet
Your device connects to the middle server (fast, low latency, not blocked). That server forwards everything to your exit server abroad. The exit server fetches the content and sends it back through the chain.
This is exactly what I've been working on.
⚡ Xray Chain Proxy
This tool is built on top of Xray-core — one of the most powerful and battle-tested proxy platforms out there. Xray supports advanced protocols, encryption, and routing that make it extremely hard to detect and block. But configuring it manually is painful — JSON config files, multiple protocols, user management, all by hand, and repeating the whole process every time a server gets blocked.
So I wrote a single bash script that wraps all of Xray's power into simple commands.
Two servers, two commands:
# On your foreign server (e.g., AWS in Frankfurt)
./xcp.sh setup gateway
# On your local server (inside your country)
./xcp.sh setup edge
That's the entire setup. ✅
The gateway setup configures your exit node — the server with free internet. It gives you the IP, ports, and a password.
Then you enter those details on the edge server (the local one). The encrypted chain between the two is established automatically.
🏗️ How the Architecture Works
┌────────┐ ┌────────┐ ┌─────────┐ ┌──────────┐
│ Client │ ──── │ EDGE │ ──── │ GATEWAY │ ──── │ Internet │
│ (You) │ │(Local) │ │ (AWS) │ │ │
└────────┘ └────────┘ └─────────┘ └──────────┘
| Server | Location | Role |
|---|---|---|
| EDGE | Local datacenter / home server | 🚪 Entry point — your devices connect here |
| GATEWAY | Foreign server (AWS, Hetzner, etc.) | 🌍 Exit point — fetches content from the internet |
Why this works:
- 🟢 EDGE is local — your ISP sees a connection to a local IP, nothing suspicious
- 🔒 GATEWAY is hidden — censors never see it directly, only the EDGE talks to it
- 🔐 Traffic is AES-256-GCM encrypted between EDGE and GATEWAY
- 🔄 If EDGE gets blocked — spin up a new server, run one command, done in 2 minutes
- 🛡️ GATEWAY stays safe — it never changes, no one knows about it except your EDGE
📡 3 Protocols at Once
Each server runs three protocols simultaneously:
| Protocol | Port | Best For |
|---|---|---|
| Shadowsocks | 443 |
📱 Mobile apps (v2rayNG, Shadowrocket), looks like HTTPS |
| HTTP | 80 |
🌐 Browser proxy, curl |
| SOCKS5 | 1080 |
💻 System-wide proxy on desktop |
All share the same username and password. Connect with whatever works best for your device.
👥 Adding Users
I share my proxy with family and friends. Adding a new user takes seconds:
./xcp.sh user add
It generates the credentials, a QR code (scan with your phone), and a Shadowsocks URI you can share directly.
📊 Monitoring
When you share with others, you want to know what's happening.
Check if everything is running
./xcp.sh status
See who's using how much bandwidth
./xcp.sh stats
Test the full chain
./xcp.sh test
This verifies the chain is working and shows the exit IP (should be your GATEWAY's IP) plus speed measurements.
🧭 Smart Routing
Not everything needs to go through the foreign server. Local websites work fine directly — routing them through AWS just adds latency for no reason.
./xcp.sh rule add
Real examples I use:
- 🏠 Local sites direct (no proxy needed):
geosite:irasdirect - 🚫 Block ads:
geosite:category-ads-allasblocked - 🌐 Social media through proxy:
twitter.com, instagram.com, youtube.comasproxy
This way, local sites stay fast and only filtered content goes through the chain.
📖 Documentation
Full documentation is available in English and Persian:
- 🇬🇧 English Docs
- 🇮🇷 Persian Docs
Covers all commands, configuration options, routing rules, and more.
🔄 When the EDGE Gets Blocked
It happens. The local server's IP gets flagged and your connection drops. Here's my workflow:
- Spin up a new VPS at a local datacenter (takes 1 minute)
- Download the script:
curl -sL ... -o xcp.sh && chmod +x xcp.sh - Run:
./xcp.sh setup edge - Enter the same GATEWAY details
- Done. New EDGE, same chain, 2 minutes total ⏱️
The GATEWAY never changes. Only the EDGE rotates. Your users just update the server IP and they're back online.
📦 Requirements
- Debian/Ubuntu with root access
- 512 MB RAM, 1 CPU (cheapest VPS works)
- Dependencies (
curl,jq,unzip) are auto-checked - Works on x86_64, ARM64, and ARM32
🚀 Get Started
curl -sL https://raw.githubusercontent.com/dalirnet/xray-chain-proxy/main/script.sh -o xcp.sh
chmod +x xcp.sh
./xcp.sh setup gateway # on foreign server
./xcp.sh setup edge # on local server
./xcp.sh user add # create your account
GitHub: github.com/dalirnet/xray-chain-proxy
Docs: dalirnet.github.io/xray-chain-proxy
This tool exists because I needed it. If you're in a similar situation — Iran, China, Russia, or anywhere else with internet restrictions — I hope it helps. ⭐ A star on GitHub helps others find it.
Top comments (0)