{"slug": "xray-vless-xhttp-tls-relay-warp-2-server-setup", "title": "Xray VLESS + XHTTP + TLS Relay, WARP: 2-Server Setup", "summary": "This article provides a technical guide for setting up a two-server Xray proxy configuration using VLESS, XHTTP, and TLS Reality protocols. Server A acts as an inbound relay that accepts client connections via XHTTP with Reality encryption, then forwards traffic to Server B using another VLESS+XHTTP+TLS connection. The guide includes step-by-step installation commands, configuration file examples with placeholder values, and instructions for generating the necessary cryptographic keys and UUIDs.", "body_md": "gistfile1.txt\n\n This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.\n \nLearn more about bidirectional Unicode characters\n\n \n Show hidden characters\n\nСЕРВЕР А\n\nВсё ставим\n\nsudo apt update\n\nsudo apt install -y curl nano jq\n\nbash -c \"$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)\" @ install -u root\n\nВсё генерируем с помощью\n\nxray uuid - ИД\n\nxray x25519 - ключи\n\nxray vlessenc - для шифрования\n\nopenssl rand -hex 8 - short id\n\nВ итоге потребуется:\n\nCLIENT_UUID\n\nA_REALITY_PRIVATE_KEY\n\nA_REALITY_PUBLIC_KEY\n\nA_REALITY_SHORT_ID\n\nCLIENT_TO_A_DECRYPTION\n\nCLIENT_TO_A_ENCRYPTION\n\nA_TO_B_UUID\n\nA_TO_B_DECRYPTION\n\nA_TO_B_ENCRYPTION\n\nКонфиг xray, сервер А\n\nvim /usr/local/etc/xray/config.json\n\nПример\n\n{\n\n \"log\": {\n\n \"access\": \"/var/log/xray/access.log\",\n\n \"error\": \"/var/log/xray/error.log\",\n\n \"loglevel\": \"warning\"\n\n },\n\n \"dns\": {\n\n \"servers\": [\n\n \"1.1.1.1\",\n\n \"8.8.8.8\"\n\n ],\n\n \"queryStrategy\": \"UseIPv4\"\n\n },\n\n \"inbounds\": [\n\n {\n\n \"tag\": \"client-xhttp-reality-in\",\n\n \"listen\": \"0.0.0.0\",\n\n \"port\": 443,\n\n \"protocol\": \"vless\",\n\n \"settings\": {\n\n \"clients\": [\n\n {\n\n \"id\": \"CLIENT_UUID\",\n\n \"email\": \"main-client\",\n\n \"flow\": \"xtls-rprx-vision\"\n\n }\n\n ],\n\n \"decryption\": \"CLIENT_TO_A_DECRYPTION\"\n\n },\n\n \"streamSettings\": {\n\n \"network\": \"xhttp\",\n\n \"security\": \"reality\",\n\n \"xhttpSettings\": {\n\n \"path\": \"/assets\",\n\n \"mode\": \"stream-one\"\n\n },\n\n \"realitySettings\": {\n\n \"show\": false,\n\n \"dest\": \"www.microsoft.com:443\",\n\n \"xver\": 0,\n\n \"serverNames\": [\n\n \"www.microsoft.com\"\n\n ],\n\n \"privateKey\": \"A_REALITY_PRIVATE_KEY\",\n\n \"shortIds\": [\n\n \"A_REALITY_SHORT_ID\"\n\n ]\n\n }\n\n },\n\n \"sniffing\": {\n\n \"enabled\": true,\n\n \"destOverride\": [\n\n \"http\",\n\n \"tls\",\n\n \"quic\"\n\n ]\n\n }\n\n },\n\n {\n\n \"tag\": \"local-test-socks\",\n\n \"listen\": \"127.0.0.1\",\n\n \"port\": 10808,\n\n \"protocol\": \"socks\",\n\n \"settings\": {\n\n \"udp\": true\n\n }\n\n }\n\n ],\n\n \"outbounds\": [\n\n {\n\n \"tag\": \"relay-b\",\n\n \"protocol\": \"vless\",\n\n \"settings\": {\n\n \"vnext\": [\n\n {\n\n \"address\": \"api.catandmouseteam.xyz\",\n\n \"port\": 443,\n\n \"users\": [\n\n {\n\n \"id\": \"A_TO_B_UUID\",\n\n \"encryption\": \"A_TO_B_ENCRYPTION\",\n\n \"flow\": \"xtls-rprx-vision\",\n\n \"packetEncoding\": \"xudp\"\n\n }\n\n ]\n\n }\n\n ]\n\n },\n\n \"streamSettings\": {\n\n \"network\": \"xhttp\",\n\n \"security\": \"tls\",\n\n \"tlsSettings\": {\n\n \"serverName\": \"api.catandmouseteam.xyz\",\n\n \"alpn\": [\n\n \"h2\",\n\n \"http/1.1\"\n\n ],\n\n \"fingerprint\": \"chrome\"\n\n },\n\n \"xhttpSettings\": {\n\n \"path\": \"/assets\",\n\n \"mode\": \"stream-one\"\n\n },\n\n \"sockopt\": {\n\n \"domainStrategy\": \"UseIPv4\"\n\n }\n\n }\n\n },\n\n {\n\n \"tag\": \"direct\",\n\n \"protocol\": \"freedom\",\n\n \"settings\": {\n\n \"domainStrategy\": \"UseIPv4\"\n\n }\n\n },\n\n {\n\n \"tag\": \"block\",\n\n \"protocol\": \"blackhole\"\n\n }\n\n ],\n\n \"routing\": {\n\n \"rules\": [\n\n {\n\n \"type\": \"field\",\n\n \"inboundTag\": [\n\n \"client-xhttp-reality-in\",\n\n \"local-test-socks\"\n\n ],\n\n \"outboundTag\": \"relay-b\"\n\n }\n\n ]\n\n }\n\n}\n\nЗапуск\n\nsudo /usr/local/bin/xray run -test -config /usr/local/etc/xray/config.json\n\nsudo systemctl enable --now xray\n\nsudo systemctl restart xray\n\nСЕРВЕР Б, ставим xray\n\nsudo apt update\n\nsudo apt install -y curl jq debian-keyring debian-archive-keyring apt-transport-https ca-certificates gnupg\n\nbash -c \"$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)\" @ install -u root\n\nСервер Б, ставим caddy\n\ncurl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \\\n\n | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg\n\ncurl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \\\n\n | sudo tee /etc/apt/sources.list.d/caddy-stable.list\n\nsudo chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg\n\nsudo chmod o+r /etc/apt/sources.list.d/caddy-stable.list\n\nsudo apt update\n\nsudo apt install -y caddy\n\nПолучаем данные WARP\n\nbash -c \"$(curl -L warp-reg.vercel.app)\"\n\nНужно:\n\nprivate_key -> WARP_SECRET_KEY\n\npublic_key -> WARP_PUBLIC_KEY\n\nreserved_dec -> WARP_RESERVED\n\nendpoint.v4 -> WARP_ENDPOINT\n\nv4 -> WARP_ADDRESS\n\nvim /usr/local/etc/xray/config.json\n\nПример конфига\n\n{\n\n \"log\": {\n\n \"access\": \"/var/log/xray/access.log\",\n\n \"error\": \"/var/log/xray/error.log\",\n\n \"loglevel\": \"warning\"\n\n },\n\n \"dns\": {\n\n \"servers\": [\n\n \"1.1.1.1\",\n\n \"8.8.8.8\"\n\n ],\n\n \"queryStrategy\": \"UseIPv4\"\n\n },\n\n \"inbounds\": [\n\n {\n\n \"tag\": \"vless-xhttp-from-a\",\n\n \"listen\": \"127.0.0.1\",\n\n \"port\": 10085,\n\n \"protocol\": \"vless\",\n\n \"settings\": {\n\n \"clients\": [\n\n {\n\n \"id\": \"A_TO_B_UUID\",\n\n \"email\": \"server-a\",\n\n \"flow\": \"xtls-rprx-vision\"\n\n }\n\n ],\n\n \"decryption\": \"A_TO_B_DECRYPTION\"\n\n },\n\n \"streamSettings\": {\n\n \"network\": \"xhttp\",\n\n \"security\": \"none\",\n\n \"xhttpSettings\": {\n\n \"path\": \"/assets\",\n\n \"mode\": \"stream-one\"\n\n }\n\n },\n\n \"sniffing\": {\n\n \"enabled\": true,\n\n \"destOverride\": [\n\n \"http\",\n\n \"tls\",\n\n \"quic\"\n\n ]\n\n }\n\n }\n\n ],\n\n \"outbounds\": [\n\n {\n\n \"tag\": \"warp\",\n\n \"protocol\": \"wireguard\",\n\n \"settings\": {\n\n \"secretKey\": \"WARP_SECRET_KEY\",\n\n \"address\": [\n\n \"WARP_ADDRESS/32\"\n\n ],\n\n \"peers\": [\n\n {\n\n \"publicKey\": \"WARP_PUBLIC_KEY\",\n\n \"allowedIPs\": [\n\n \"0.0.0.0/0\"\n\n ],\n\n \"endpoint\": \"WARP_ENDPOINT:2408\",\n\n \"keepAlive\": 25\n\n }\n\n ],\n\n \"reserved\": [\n\n 0,\n\n 0,\n\n 0\n\n ],\n\n \"mtu\": 1280,\n\n \"domainStrategy\": \"ForceIPv4\",\n\n \"noKernelTun\": true\n\n }\n\n },\n\n {\n\n \"tag\": \"direct\",\n\n \"protocol\": \"freedom\",\n\n \"settings\": {\n\n \"domainStrategy\": \"UseIPv4\"\n\n }\n\n },\n\n {\n\n \"tag\": \"block\",\n\n \"protocol\": \"blackhole\"\n\n }\n\n ],\n\n \"routing\": {\n\n \"rules\": [\n\n {\n\n \"type\": \"field\",\n\n \"inboundTag\": [\n\n \"vless-xhttp-from-a\"\n\n ],\n\n \"outboundTag\": \"warp\"\n\n }\n\n ]\n\n }\n\n}\n\nЗапускаем\n\nsudo /usr/local/bin/xray run -test -config /usr/local/etc/xray/config.json\n\nsudo systemctl enable --now xray\n\nsudo systemctl restart xray\n\nКонфиг caddy, сервер Б\n\nvim /etc/caddy/Caddyfile\n\nПример\n\napi.catandmouseteam.xyz {\n\n encode gzip zstd\n\n handle /assets* {\n\n reverse_proxy 127.0.0.1:10085 {\n\n flush_interval -1\n\n transport http {\n\n versions h2c 1.1\n\n }\n\n }\n\n }\n\n handle /healthz {\n\n header Content-Type application/json\n\n respond `{\"status\":\"ok\",\"service\":\"api-gateway\"}` 200\n\n }\n\n handle {\n\n root * /usr/share/caddy/api\n\n file_server\n\n }\n\n}\n\nМожно сделать страницу-заглушку типа\n\nsudo mkdir -p /usr/share/caddy/api\n\nsudo tee /usr/share/caddy/api/index.html >/dev/null <<'HTML'\n\n\n\n\n\n\n\n \n\n \n\n \n\n System API Gateway\n\n \n\n\n\n\n\n
\n\n
operational · private infrastructure
\n\n

System API Gateway

\n\n

\n\n This endpoint is reserved for internal services, automation tasks, and controlled API traffic.\n\n Public browsing and API discovery are not available from this host.\n\n

\n\n
\n\n\n\n\n\nHTML\n\nЗапускаем caddy:\n\nsudo caddy validate --config /etc/caddy/Caddyfile\n\nsudo systemctl enable --now caddy\n\nsudo systemctl restart caddy\n\nПроверка на сервере Б\n\ncurl -I https://api.catandmouseteam.xyz/\n\ncurl https://api.catandmouseteam.xyz/healthz\n\nsudo ss -lntup | grep -E ':80|:443|:10085'\n\nПроверка на сервере А\n\ncurl -vk --connect-timeout 8 https://api.catandmouseteam.xyz/\n\ncurl -v --max-time 30 -x socks5h://127.0.0.1:10808 https://cloudflare.com/cdn-cgi/trace\n\nССЫЛКА ДЛЯ КЛИЕНТА\n\nvless://CLIENT_UUID@A_IP:443?encryption=CLIENT_TO_A_ENCRYPTION&flow=xtls-rprx-vision&security=reality&sni=www.microsoft.com&fp=chrome&pbk=A_REALITY_PUBLIC_KEY&sid=A_REALITY_SHORT_ID&type=xhttp&path=%2Fassets&mode=stream-one#A-B-WARP\n\nВсё. Видео тут: https://www.youtube.com/watch?v=YdV-09GmezA", "url": "https://wpnews.pro/news/xray-vless-xhttp-tls-relay-warp-2-server-setup", "canonical_source": "https://gist.github.com/bodrovis/4c65951e81e9139585aa2b351eb8203c", "published_at": "2026-05-03 11:52:41+00:00", "updated_at": "2026-05-22 17:12:38.886605+00:00", "lang": "en", "topics": ["cybersecurity", "cloud-computing", "open-source", "developer-tools"], "entities": ["Xray", "VLESS", "XHTTP", "TLS", "WARP", "XTLS"], "alternates": {"html": "https://wpnews.pro/news/xray-vless-xhttp-tls-relay-warp-2-server-setup", "markdown": "https://wpnews.pro/news/xray-vless-xhttp-tls-relay-warp-2-server-setup.md", "text": "https://wpnews.pro/news/xray-vless-xhttp-tls-relay-warp-2-server-setup.txt", "jsonld": "https://wpnews.pro/news/xray-vless-xhttp-tls-relay-warp-2-server-setup.jsonld"}}