Categories
Guides

V2Ray Through Nginx VMess/VLess + IPv4/IPv6 on KVM VPS

The following post will quickly guide you on how to build your own proxy server through V2Ray and Nginx. For this post I’ll be using a KVM VPS instance with an up-to-date Debian 11 (Bullseye) fresh installation. Also, I’ll be using v2ray.alexgoldcheidt.com as a domain name and Cloudflare as a DNS records manager but this is not required, you can use your favorite DNS records manager. Also, I’ll be using a bash script maintained on Github, I’m not related with this bash script developer nor development, it may (not) work on your end, therefore, it is recommended to use this script in a clean environment, not on production environments.

What is V2Ray / VMess / VLess?

You may wonder what all these words mean, well, V2Ray is the sub-section of Project V that’s responsible for network protocols and communication. It draws some parallels to proxy software Shadowsocks, but is intended more of a platform, with any developers able to use the provided modules to develop new proxy software. Now, VMess is a protocol for encrypted communications. It includes both inbound and outbound proxy. VMess depends on system time. Lastly, VLess is V2Ray’s latest lightweight transmission protocol. Unlike VMess, VLess does not depend on the system time. The authentication method is also UUID, but no alterID is required.

About the KVM VPS Instance

For this post I’ll be using a quite powerful VPS instance located at Poland, which include:

  • 1 Core (AMD Ryzen 5 3600 at 3593.248 Mhz)
  • 2GB RAM
  • 25GB Disk SSD/NVMe
  • 4TB Monthly Bandwidth
  • 1 IPv4/IPv6

Get yours here.

Step 1: Adding DNS records for IPv4/IPv6

First, you need to know what IPv4/IPv6 addresses are assigned to your VPS instance, you can do that by login on your Virtualizor account, the login information should be on the “Service Activated” email. Once that’s completed, go to your favorite DNS records manager and add an “A” record according to your IPv4 address, do the same with the “AAA” record according to your IPv6. If you’re using Cloudflare, make sure to add those records as “DNS only“.

Step 2: Installing the Bash Script

Access to your VPS instance via SSH, update/upgrade your OS and reboot. Once that’s completed, install the bash script by executing:

wget -N --no-check-certificate -q -O install.sh "https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/master/install.sh" && chmod +x install.sh && bash install.sh

Note: the menu in the bash script is in chinese language but it’s quite easy to follow, in case you needed, this is a translation of it:

-------------- Installation Guide --------------
0. Upgrade script
1. Install V2Ray (Nginx+ws+tls)
2. Install V2Ray (http/2)
3. Upgrade V2Ray core
-------------- Configuration Changes --------------
4. Change UUID
6. Change port
7. Change TLS version (only valid for ws+tls)
18. Change masquerade path
-------------- View Information --------------
8. View real-time access logs
9. View the real-time error log
10. View V2Ray configuration information
-------------- Other Options --------------
11. Install the 4-in-1 bbr speed installation script
12. Install MTproxy (support TLS obfuscation)
13. Certificate Validity Renewal
14. Uninstall V2Ray
15. Update certificate crontab scheduled task
16. Empty certificate legacy files
17. Exit

Start the installation by selecting: #1, then confirm the time/date by pressing “Y“, enter your domain name (v2ray.alexgoldcheidt.com on my end). Select option #1 (V2RayNG/V2RayN). Lastly, select the TLS version, I’ve chosen option #1 (TLS1.1/TLS1.2/TLS1.3). The installation is now completed, you should see a QR code and a “vmess://” URL, copy this URL to import the server in the next step.

Step 3: V2Ray Client

For this post I’ll be using ShadowRocket on Windown 10/11. ShadowRocket is also available for Android OS. If you need a V2Ray client for Linux, you can use this one. However, the tests on my end are under Windows 10/11, I did not conducted these tests under any other OS. On Windows, download the V2Ray client from here, unzip the file and execute: “ShadowRocket.exe“. Once that’s completed, double-click its icon in the taskbar, you will see the application with chinese language, change it to english by pressing the “Help” icon and select: “Language-[English]“. Close the application via taskbar by clicking the last option in its menu. Execute it again, and now you should see the application with english language. Click the “Servers” icon and select: “Import bulk URL from clipboard (Ctrl+V)“. Click “Ok” and now you should see your server, select it a press enter.

Note: ShadowRocket is a portable application, it doesn’t require an installation.

Step 4: Running the Proxy

As a last step, click ShadowRocket’s icon in the taskbar, go to “System proxy” and select: “Set system proxy“.

Results:

Conclusion:

This is a great solution to encrypt your internet access and also it can be a good alternative to OpenVPN and Wireguard. I’ve tested this for a couple of weeks and it works great, however, with time all its components will have to be upgraded, fortunately, the bash script have additional options, you can now upgrade the script itself, the V2Ray releases, change the UUID, port, TLS version and the masquerade path. In the meantime, this is the most bash-automated solution to build encrypted proxies through V2Ray’s VMess/VLess protocols.

Don’t forget to check Web Horizon amazing deals here.

Sources: