# Xray VLESS + XHTTP + TLS Relay, WARP: 2-Server Setup > Source: > Published: 2026-05-03 11:52:41+00:00 gistfile1.txt This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters СЕРВЕР А Всё ставим sudo apt update sudo apt install -y curl nano jq bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root Всё генерируем с помощью xray uuid - ИД xray x25519 - ключи xray vlessenc - для шифрования openssl rand -hex 8 - short id В итоге потребуется: CLIENT_UUID A_REALITY_PRIVATE_KEY A_REALITY_PUBLIC_KEY A_REALITY_SHORT_ID CLIENT_TO_A_DECRYPTION CLIENT_TO_A_ENCRYPTION A_TO_B_UUID A_TO_B_DECRYPTION A_TO_B_ENCRYPTION Конфиг xray, сервер А vim /usr/local/etc/xray/config.json Пример { "log": { "access": "/var/log/xray/access.log", "error": "/var/log/xray/error.log", "loglevel": "warning" }, "dns": { "servers": [ "1.1.1.1", "8.8.8.8" ], "queryStrategy": "UseIPv4" }, "inbounds": [ { "tag": "client-xhttp-reality-in", "listen": "0.0.0.0", "port": 443, "protocol": "vless", "settings": { "clients": [ { "id": "CLIENT_UUID", "email": "main-client", "flow": "xtls-rprx-vision" } ], "decryption": "CLIENT_TO_A_DECRYPTION" }, "streamSettings": { "network": "xhttp", "security": "reality", "xhttpSettings": { "path": "/assets", "mode": "stream-one" }, "realitySettings": { "show": false, "dest": "www.microsoft.com:443", "xver": 0, "serverNames": [ "www.microsoft.com" ], "privateKey": "A_REALITY_PRIVATE_KEY", "shortIds": [ "A_REALITY_SHORT_ID" ] } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls", "quic" ] } }, { "tag": "local-test-socks", "listen": "127.0.0.1", "port": 10808, "protocol": "socks", "settings": { "udp": true } } ], "outbounds": [ { "tag": "relay-b", "protocol": "vless", "settings": { "vnext": [ { "address": "api.catandmouseteam.xyz", "port": 443, "users": [ { "id": "A_TO_B_UUID", "encryption": "A_TO_B_ENCRYPTION", "flow": "xtls-rprx-vision", "packetEncoding": "xudp" } ] } ] }, "streamSettings": { "network": "xhttp", "security": "tls", "tlsSettings": { "serverName": "api.catandmouseteam.xyz", "alpn": [ "h2", "http/1.1" ], "fingerprint": "chrome" }, "xhttpSettings": { "path": "/assets", "mode": "stream-one" }, "sockopt": { "domainStrategy": "UseIPv4" } } }, { "tag": "direct", "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4" } }, { "tag": "block", "protocol": "blackhole" } ], "routing": { "rules": [ { "type": "field", "inboundTag": [ "client-xhttp-reality-in", "local-test-socks" ], "outboundTag": "relay-b" } ] } } Запуск sudo /usr/local/bin/xray run -test -config /usr/local/etc/xray/config.json sudo systemctl enable --now xray sudo systemctl restart xray СЕРВЕР Б, ставим xray sudo apt update sudo apt install -y curl jq debian-keyring debian-archive-keyring apt-transport-https ca-certificates gnupg bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root Сервер Б, ставим caddy curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \ | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \ | sudo tee /etc/apt/sources.list.d/caddy-stable.list sudo chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg sudo chmod o+r /etc/apt/sources.list.d/caddy-stable.list sudo apt update sudo apt install -y caddy Получаем данные WARP bash -c "$(curl -L warp-reg.vercel.app)" Нужно: private_key -> WARP_SECRET_KEY public_key -> WARP_PUBLIC_KEY reserved_dec -> WARP_RESERVED endpoint.v4 -> WARP_ENDPOINT v4 -> WARP_ADDRESS vim /usr/local/etc/xray/config.json Пример конфига { "log": { "access": "/var/log/xray/access.log", "error": "/var/log/xray/error.log", "loglevel": "warning" }, "dns": { "servers": [ "1.1.1.1", "8.8.8.8" ], "queryStrategy": "UseIPv4" }, "inbounds": [ { "tag": "vless-xhttp-from-a", "listen": "127.0.0.1", "port": 10085, "protocol": "vless", "settings": { "clients": [ { "id": "A_TO_B_UUID", "email": "server-a", "flow": "xtls-rprx-vision" } ], "decryption": "A_TO_B_DECRYPTION" }, "streamSettings": { "network": "xhttp", "security": "none", "xhttpSettings": { "path": "/assets", "mode": "stream-one" } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls", "quic" ] } } ], "outbounds": [ { "tag": "warp", "protocol": "wireguard", "settings": { "secretKey": "WARP_SECRET_KEY", "address": [ "WARP_ADDRESS/32" ], "peers": [ { "publicKey": "WARP_PUBLIC_KEY", "allowedIPs": [ "0.0.0.0/0" ], "endpoint": "WARP_ENDPOINT:2408", "keepAlive": 25 } ], "reserved": [ 0, 0, 0 ], "mtu": 1280, "domainStrategy": "ForceIPv4", "noKernelTun": true } }, { "tag": "direct", "protocol": "freedom", "settings": { "domainStrategy": "UseIPv4" } }, { "tag": "block", "protocol": "blackhole" } ], "routing": { "rules": [ { "type": "field", "inboundTag": [ "vless-xhttp-from-a" ], "outboundTag": "warp" } ] } } Запускаем sudo /usr/local/bin/xray run -test -config /usr/local/etc/xray/config.json sudo systemctl enable --now xray sudo systemctl restart xray Конфиг caddy, сервер Б vim /etc/caddy/Caddyfile Пример api.catandmouseteam.xyz { encode gzip zstd handle /assets* { reverse_proxy 127.0.0.1:10085 { flush_interval -1 transport http { versions h2c 1.1 } } } handle /healthz { header Content-Type application/json respond `{"status":"ok","service":"api-gateway"}` 200 } handle { root * /usr/share/caddy/api file_server } } Можно сделать страницу-заглушку типа sudo mkdir -p /usr/share/caddy/api sudo tee /usr/share/caddy/api/index.html >/dev/null <<'HTML' System API Gateway
operational · private infrastructure

System API Gateway

This endpoint is reserved for internal services, automation tasks, and controlled API traffic. Public browsing and API discovery are not available from this host.

HTML Запускаем caddy: sudo caddy validate --config /etc/caddy/Caddyfile sudo systemctl enable --now caddy sudo systemctl restart caddy Проверка на сервере Б curl -I https://api.catandmouseteam.xyz/ curl https://api.catandmouseteam.xyz/healthz sudo ss -lntup | grep -E ':80|:443|:10085' Проверка на сервере А curl -vk --connect-timeout 8 https://api.catandmouseteam.xyz/ curl -v --max-time 30 -x socks5h://127.0.0.1:10808 https://cloudflare.com/cdn-cgi/trace ССЫЛКА ДЛЯ КЛИЕНТА vless://CLIENT_UUID@A_IP:443?encryption=CLIENT_TO_A_ENCRYPTION&flow=xtls-rprx-vision&security=reality&sni=www.microsoft.com&fp=chrome&pbk=A_REALITY_PUBLIC_KEY&sid=A_REALITY_SHORT_ID&type=xhttp&path=%2Fassets&mode=stream-one#A-B-WARP Всё. Видео тут: https://www.youtube.com/watch?v=YdV-09GmezA