Here are some recent recommendations for configuring XHTTP with Reality, collected from posts on discussion forums.
apt update && apt upgrade -y
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install
As is often repeated, the minimum requirements for the SNI are that it be an international website (i.e. not domestic), support TLS v1.3, X25519, and HTTP/2, and that the SNI not be redirected (except that the naked domain may possibly redirect to the www subdomain).
Recent reports say that, in addition to the minimum requirements, you should avoid Google or Yahoo as your SNI, as these are used in all the examples and therefore by vast numbers of lazy noobies. This makes these SNIs obvious targets for blocking.
This leaves three remaining options:
Generate a universally unique id:
xray uuid
Generate a public-private key pair:
xray x25519
(The "public key" was renamed to "password" because people were sharing it, while it would better be considered a confidential value.)
Generate a secret path:
< /dev/urandom tr -dc a-z0-9 | head -c${1:-8};echo;
The usual choice for Reality is 443 (the HTTPS port). Some reports say that using a non-443 port works better. Others report that a non-443 port will make your traffic stick out as odd. So choose 443 or random non-443 according to your experience.
Do not use xtls-rprx-vision for flow control. In the configuration file, set the value of flow to blank.
One post recommends settings for xmux of maxConcurrency 4 for TCP and maxConcurrency 8 for UDP.
The default padding is 100-1000, but this makes your traffic look odd.
Edit /usr/local/etc/xray/config.json based on the model below, but substituting in your own choices for values.
{
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "6cd3b55f-afb6-412a-8f1c-d0260c409aa0",
"flow": ""
}
],
"decryption": "none"
},
"streamSettings": {
"network": "xhttp",
"xhttpSettings": {
"path": "/otjs4zpi",
"extra": {
"xPaddingBytes": "100-200"
}
},
"security": "reality",
"realitySettings": {
"target": "www.amazon.com:443",
"serverNames": [
"www.amazon.com",
"amazon.com"
],
"privateKey": "EK8TpuV7XJ1DmRdKshL_rWrU5pdqbPOKLpIH8DB72mg",
"shortIds": [
"01"
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"quic"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}
Edit Downloads\Xray-windows-64\config.json based on the model below, but substituting in your own choices for values.
{
"routing": {
"rules": [
{
"ip": [
"geoip:private"
],
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10808,
"protocol": "socks"
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "YOUR.SERVER.IP.ADDRESS",
"port": 443,
"users": [
{
"id": "6cd3b55f-afb6-412a-8f1c-d0260c409aa0",
"encryption": "none",
"flow": ""
}
]
}
]
},
"streamSettings": {
"network": "xhttp",
"xhttpSettings": {
"path": "/otjs4zpi",
"extra": {
"xPaddingBytes": "100-200",
"xmux": {
"maxConcurrency": "4"
}
}
},
"security": "reality",
"realitySettings": {
"serverName": "www.amazon.com",
"publicKey": "MlweZhZDkF_fp5-2bcEZmSgPyBTKiyOz97pIrqTvSw0",
"shortId": "01",
"spiderX": "/",
"fingerprint": "chrome"
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}
cd Downloads\Xray-windows-64
.\xray.exe -c config.json
Go to Settings, General, Network Settings.