DEV Community

Cover image for V2Ray & WebSockets
Lag Lagendary
Lag Lagendary

Posted on

V2Ray & WebSockets

πŸš€ V2Ray/VLESS + WSS/TLS Basics

  1. Protocols (V2Ray / VLESS)

V2Ray (Project V): A powerful and flexible toolset primarily used for network proxying. It supports many protocols, including VMess.

VLESS (V2Ray freedom): A more modern and simple protocol that is the successor to VMess. It has less overhead and does not require time synchronization, making it more performant and easier to configure. VLESS is recommended.

  1. Transport (WSS - WebSocket Secure)

WebSocket (WS/WSS): A protocol that provides full-duplex communication between a client and a server over a single TCP connection.

WSS: WebSocket over TLS/SSL.

Why WebSocket? It allows proxy traffic (VLESS) to pass through a standard web port (e.g., 443) and appear as a normal web connection. This helps bypass blocking based on traffic signature analysis.

  1. Encryption (TLS - Transport Layer Security)

TLS (SSL): A protocol for providing secure and encrypted communications.

Why is TLS needed?

Security: Encrypts all VLESS traffic, preventing interception.

Obfuscation: Makes traffic indistinguishable from traffic generated when visiting a regular HTTPS site (e.g., yours), which is key to bypassing DPI (Deep Packet Inspection).

πŸ› οΈ How to set it up on your website

Setup consists of three main steps: obtaining a domain and certificate, installing V2Ray/Xray, and setting up a reverse proxy using Nginx. Step 1: Domain and TLS Certificate

Register a domain name (e.g., myvps.com).

Obtain a TLS certificate (required!) for this domain. The easiest way is to use Let's Encrypt via Certbot or the automatic plugin in your hosting/control panel.

Important: For VLESS/WSS/TLS, port 443 must be free for the initial Nginx setup.

Step 2: Install V2Ray/Xray on the Server

For the VLESS protocol, Xray is commonly used (a fork of V2Ray with more active development of VLESS/XTLS).

Install Xray on your server (VPS).

Example command (scripts are often used for automation):
Bash

bash <(curl -L https://raw.githubusercontent.com/XTLS/Xray-install/main/install-release.sh)

Configure Xray on the Server:

In the Xray configuration file (config.json), configure the inbound connection.

It should listen on a local port (e.g., 10000) and accept traffic via the VLESS protocol with WebSocket transport.

Example config.json fragment:
JSON

{
"inbounds": [
{
"port": 10000,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{"id": "YOUR_UUID", "level": 0}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/mysecretpath"
}
}
}
]
// ... the rest of the configuration ...
}

Remember: YOUR_UUID (unique identifier) ​​and mysecretpath (WebSocket path) are your secret keys.

Step 3: Configuring Nginx (Reverse Proxy)

Nginx will act as a "facade" and traffic router.

Nginx listens on port 443 (HTTPS) for your domain (myvps.com).

It receives encrypted TLS traffic.

Based on the request path (location), Nginx redirects the traffic:

If the path matches your secret WebSocket path (/mysecretpath), Nginx redirects it locally to Xray (port 10000).

If the path doesn't match (any other request to your site), Nginx redirects it to your regular site (e.g., port 8080 or static files).

Example Nginx configuration fragment (server block):
Nginx

server {
listen 443 ssl;
server_name myvps.com;

TLS settings (link to your certificate and key)

ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.key;

... additional TLS security settings ...

1. SECRET PROXY FOR VLESS/WSS

location /mysecretpath {

Proxying to a local Xray port

proxy_redirect off;
proxy_pass http://127.0.0.1:10000;

Required settings for WebSocket

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}

2. NORMAL TRAFFIC FOR YOUR SITE

location / {

If you actually have a website here:

root /var/www/html/myvps.com;

index index.html;

Or proxy it to a different port where it's running

proxy_pass http://127.0.0.1:8080;

}
}

Step 4: Client Setup

On the device you want to connect from, install the V2Ray/Xray client (e.g., V2RayNG, Shadowrocket, etc.).

Enter the following parameters:

Address: myvps.com

Port: 443

Protocol: VLESS

UUID: YOUR_UUID

Transport: WebSocket

Path: /mysecretpath

TLS (SSL): Enabled

πŸ’‘ Benefits and Conclusions

VLESS + WSS + TLS
Masking: Excellent. Traffic appears as regular HTTPS.
Port: Uses the standard port 443 (HTTPS), which is usually open.
Website: Coexists with your regular website. A user visiting myvps.com will see your website, but VLESS traffic will run in parallel.
Performance: High, especially with VLESS.

Important: Make sure your TLS certificate is valid and not expired, otherwise traffic masking will not work effectively.

Top comments (0)