Installing v2ray vmess + websocket + TLS using Cloudflare CDN setup


Tutorial on how to:
* Setup v2ray VMESS + WebSocket + TLS using CloudFlare CDN services on VPS (Debian/RHEL based OS only)


Aim of this setup is to hide your server identity (IP Address) on public.
Note: This will not obfuscate your server outgoing connection into CloudFlare CDN.
Actual setup is just normal v2ray installation running as VMess listening on localhost and a Nginx web server frontend for Websocket + TLS client request forwarder.


  • A own VPS Server with a Public IP Address (must be configured to allow inbound/outbound connections to the following ports: 80,443,10035)(For AWS/Azure/Alibabacloud/GoogleCloud users, make sure provided ports are open on your firewall)
  • [For newbies] to avoid some errors, i suggest to run this tutorial to a fresh/newly deployed instance/vps
  • A little knowledge about linux commands (knew how to navigate using cd,ls,rm,cp and mv , and also knew how to use nano(text editor)
  • Own CloudFlare Account with a domain ready for setup, must be enabled Full SSL/TLS Encryption (no cloudflare or domain account? get them free here:
  • A scratch notepad for taking notes or file-editing

!! Prepare a stable internet connectivity, avoid running same commands twice or more. Avoid too much typographical errors. Follow instructions carefully


1. We need to get the Origin certificates first.
Login to your CloudFlare account ( On your dashboard, goto SSL/TLS >> Origin Server >> then click “Create Certificate”

On Private key type, select ECDSA

and just click “Next”

2. Im using Services as a online clipboard to excess using SFTP or any interactive file transfer on our tutorial.
Go to your browser, add a new tab. we will going to create link, just think some unique lone urlname, then access it as a url.

im using the following URL for my 2 files(you can change it too, save them in a notepad, later i will explain how to use them inside of your vps terminal/shell):
Certificate file:
Certificate key file:

Copy first the origin certificate, then paste it to your Certificate file cl1p URL (mine is

then click “Paste and Create”.
Same in the private key, paste it to your Certificate key file URL (mine is

then click “Paste and Create”.
– I set all may clips as “Destroy cl1p when viewed” so if i accidentally visit my clip it will be automatically deleted, also the secure way of sharing some sensitive data in public like certs and priv keys. You can decide on how your cl1ps are going to be deleted (by expiry or by viewing them once)
Just keep all 2 links, dont visit them.
After all of these, go back to our last session on Cloudflare tab, finish it by clicking “OK”
3. Set a hostname for our server, mine is (you can choose any subdomain you want to your server hostname).To access DNS Management, just find “DNS” on upper navigation of your CloudFlare dashboard and click it.
click “Add record” for new dns record
OR if www is already existed on your record list, click the “Pencil” button to modify it.

Type: A
Name: www
IPv4 Address: <your VPS IP address>
TTL: Auto
Proxy status: Proxied

then click “Save”
4. now we’re leaving CloudFlare dns management dashboard. We’re looking forward now to our VPS, prepare your ssh client and access your VPS root terminal (for sudo users: run su - to access root of your VPS) after logging in to root, run some update/upgrade commands on your package manager to ensure no installation errors appear during v2ray & nginx installation.

Debian/Ubuntu: apt update && apt upgrade -y -f
CentOS/Fedora/RHEL: yum update -y || dnf update -y

5. run v2ray server installer script from fhs-install-v2ray project.
but before that, double check if curl,unzip and nginx package is installed.

Debian/Ubuntu: apt install curl unzip nginx net-tools lsof -y
CentOS/Fedora/RHEL: yum install curl unzip nginx net-tools lsof -y || dnf install curl unzip nginx net-tools lsof -y

If error occured while Installing NGiNX on Debian/Ubuntu, because your package manager attempts to install also nginx-full and nginx-light. try to uninstall nginx-full, nginx-light, nginx-extras.
apt remove --purge nginx-* -y -f
then autoremove nginx install remains:
apt autoremove -y -f
and update your package manager
apt update
lastly, install nginx:
apt install nginx -y

after curl & unzip install, run:


bash <(curl -L

wait until it finish

6. Remember our 2 links we created earlier? we’ll going to download them via cURL command then put them inside /usr/local/etc/v2ray directory.
First alternate or change some values here (copy these commands & paste them on your notepad, edit them, change “” into “”, then run on your terminal):


export CertURL='' && export KeyURL=''

then run:


v2raydir='/usr/local/etc/v2ray' && curl -kL "$CertURL" -o $v2raydir/cert.pem && curl -kL "$KeyURL" -o $v2raydir/key.pem && curl -kL "" -o $v2raydir/root_ecc.pem

7. After downloading three files, create a fullchain certificate by running this commannd:


v2raydir='/usr/local/etc/v2ray' && printf "%b\n" "$(cat $v2raydir/cert.pem)\n$(cat $v2raydir/cert.pem)\n$(cat $v2raydir/root_ecc.pem)" > $v2raydir/fullchain.pem

8. Now generate UUID using this command:


v2ctl uuid

copy the output and paste it to your notepad
9. now download my v2ray server config template and modify: change SERVER_DOMAIN to your domain (mine is and GENERATE_UUID_CODE to your recent generated UUID (mine is 73bafbda-a33b-4b24-9cd2-60ad898cfec7)
Im using a shortcut here (download from my gist, then modify configs using sed command)
– My v2ray config setup = websocket set (Header/Host: ; Path “/”) and security type : “auto” , alter id is 64, server port: 443
(copy these commands & paste them on your notepad, edit them, then run on your terminal):


export MyDomain='' && export MyUUID='73bafbda-a33b-4b24-9cd2-60ad898cfec7'

then run:


v2rayconf='/usr/local/etc/v2ray/config.json' && nginxv2conf='/etc/nginx/conf.d/v2ray.conf' && gistlink='' && curl -kL "$gistlink/config.json" -o $v2rayconf && curl -kL "$gistlink/v2ray.conf" -o $nginxv2conf && sed -i "s|SERVER_DOMAIN|$MyDomain|g;s|GENERATED_UUID_CODE|$MyUUID|g" $v2rayconf && sed -i "s|DOMAIN_HERE|$MyDomain|g" $nginxv2conf

10. remove all nginx default configs if we want to just use nginx server as v2ray frontend, run:


rm -rf /etc/nginx/{default.d,conf.d/default.conf,sites-*}

Be noted that some default nginx configs have some “server {}” object listening on port 80 inside nginx.conf, just remove by editing using nano /etc/nginx/nginx.conf
Remember to make sure Port 80 and 443 is open and no other services using it (find using netstat -tulnp all services running on 80 and 443 and kill it)
run these command to kill existing 80 and 443 port:


for PORT in "80" "443"; do { [ ! -z "$(lsof -ti:${PORT} -s tcp:listen)" ] && kill $(lsof -ti:${PORT}); }; done

then lastly, run these to start v2ray and nginx server


systemctl start v2ray &>/dev/null && systemctl restart nginx

double check if our v2ray and nginx server are running


netstat -tlnp | grep -E '(:10035|:443|:80)'

11. If you already knew how to setup on client, skip this step, Go to your v2ray client, your app must support “Import from clipboard” feature, use this template client .json config, copy all then goto your v2ray client app, find “Import from clipboard”
modify “SERVER_DOMAIN_HERE.ML” as your server domain and “YOUR_UUID_CODE_HERE” to your generated UUID code earlier


{   "dns": {     "servers": [       ""     ]   },   "inbounds": [     {       "port": 10808,       "protocol": "socks",       "settings": {         "auth": "noauth",         "udp": true,         "userLevel": 8       },       "sniffing": {         "destOverride": [           "http",           "tls"         ],         "enabled": false       },       "tag": "socks"     },     {       "port": 10809,       "protocol": "http",       "settings": {         "userLevel": 8       },       "tag": "http"     }   ],   "log": {     "loglevel": "warning"   },   "outbounds": [     {       "mux": {         "enabled": false       },       "protocol": "vmess",       "settings": {         "vnext": [           {             "address": "SERVER_DOMAIN_HERE.ML",             "port": 443,             "users": [               {                 "alterId": 64,                 "id": "YOUR_UUID_CODE_HERE",                 "level": 8,                 "security": "none"               }             ]           }         ]       },       "streamSettings": {         "network": "ws",         "security": "tls",         "tlsSettings": {           "allowInsecure": true,           "serverName": "SERVER_DOMAIN_HERE.ML"         },         "wsSettings": {           "headers": {             "Host": "SERVER_DOMAIN_HERE.ML"           },           "path": "/"         }       },       "tag": "proxy"     },     {       "protocol": "freedom",       "settings": {},       "tag": "direct"     },     {       "protocol": "blackhole",       "settings": {         "response": {           "type": "http"         }       },       "tag": "block"     }   ],   "policy": {     "levels": {       "8": {         "connIdle": 300,         "downlinkOnly": 1,         "handshake": 4,         "uplinkOnly": 1       }     },     "system": {       "statsOutboundUplink": true,       "statsOutboundDownlink": true     }   },   "routing": {     "domainStrategy": "IPIfNonMatch",     "rules": []   },   "stats": {} }


133 thoughts on “Installing v2ray vmess + websocket + TLS using Cloudflare CDN setup

  1. Incredible lots of wonderful knowledge!
    [url=]buy my dissertation[/url] doctoral dissertation help [url=]dissertation writing services review[/url] need help writing a dissertation

  2. Cheers. I like it.
    [url=]complete dissertation[/url] dissertations writing [url=]custom dissertation writing services[/url] dissertation support services

  3. Amazing content. Cheers.
    [url=]research proposal essay[/url] how to buy a research paper online [url=]buying research papers[/url] proposal write

  4. Incredible all kinds of superb knowledge!
    [url=]essay writing service reviews reddit[/url] essay 24 writing services [url=]best essay service[/url] mba essay writing service uk

  5. You actually expressed that adequately.
    [url=]pay for papers[/url] where can i pay someone to write my essay [url=]buy customized essays[/url] order essay paper

  6. Superb material, With thanks.
    [url=]best resume writing service[/url] cheap essay writing service online [url=]saga will writing service[/url] islamic will writing service

  7. You actually mentioned it wonderfully.
    [url=]essays online to buy[/url] pay someone to write an essay for you [url=]custom research papers for sale[/url] pay for someone to write your essay

  8. Many thanks, Numerous information!
    [url=]thesis statement[/url] thesis statments [url=]biography thesis statement[/url] parallel thesis

  9. You actually expressed it wonderfully.
    [url=]trusted essay writing service[/url] customer service email writing test [url=]custom paper writing service[/url] executive resume writing service boston

  10. Oh my goodness! Awesome article dude! Thank you,
    However I am encountering difficulties with your RSS.
    I don’t know why I cannot subscribe to it. Is there anyone else getting
    identical RSS issues? Anyone who knows the solution can you
    kindly respond? Thanx!!

  11. I was curious if you ever thought of changing the layout of your website?

    Its very well written; I love what youve got to say. But maybe you could a little more in the way of content
    so people could connect with it better. Youve got
    an awful lot of text for only having 1 or two images. Maybe you could space it
    out better?

Leave a Reply

Your email address will not be published. Required fields are marked *