Как создать собственный VPN сервер Vless XHTTP с графической панелью 3x-ui и доменом.

How to Set Up Your Own VPN Server Using XHTP

Introduction to VPN and XHTP

• The video introduces the concept of setting up a personal VPN server using the Vлес protocol with XHTP transport, utilizing the 3X UI panel.

• It highlights the advantages of XHTP over standard TLS transport used in previous tutorials, emphasizing control and reliability without intermediaries.

Understanding HTTP and HTTPS

• Communication between browsers and websites is based on requests and responses, primarily through the HTTP protocol.

• HTTPS is an extension of HTTP that encrypts traffic, ensuring secure communication between users and websites.

What is XHTP?

• XHTP (or xтp) is described as a transport method for proxy protocols, specifically masking VPN traffic as regular HTTP requests.

• This method allows data to appear as normal web traffic, making it less detectable while maintaining speed and simplicity.

Standard vs. Complex Methods of Using XHTP

• The standard method involves straightforward encryption from client to VPN server before reaching the desired resource, resembling typical internet traffic.

• A more complex method utilizes Content Delivery Networks (CDNs), which cache popular files closer to users for faster access while hiding the actual server's IP address.

CDN Explained

• CDNs improve content delivery by storing copies of files on servers located near users, reducing latency when accessing resources like videos.

• In relation to XHTP, CDNs help obscure the user's connection by routing traffic through CDN servers before reaching the main server.

Setting Up Your Own VPN Server

• The setup process requires a reliable VPS provider; recommendations include companies like из hostстинг due to their extensive server locations and support options.

• Users are guided on how to navigate their personal account for balance replenishment and selecting appropriate payment methods for ordering a virtual server.

Choosing the Right Server Location

Importance of Server Location

• The closer the server location is to you, the better the speed and lower the latency. This is crucial for optimal performance.

• For personal use with a few friends, 2 TB of monthly traffic is generally sufficient. This amount resets each month.

Server Specifications

• A basic plan with 1 GB RAM and one virtual CPU is adequate for a personal server setup.

• Internet speed at the data center is indicated as 10 Gbps; however, your actual speed will depend on your ISP and distance from CDN servers.

Setting Up Your Server

Payment Options

• You can choose payment duration; longer periods typically offer greater discounts. Monthly payments are an option.

• Autopayment from balance ensures continuous service without interruption due to missed payments.

Accessing Your Server

• Virtual servers may take up to 30 minutes to become active after order confirmation. You'll receive access details via email during business hours only.

Connecting to Your Server

Recommended Software

• Use SSH software like Terminus, which supports multiple operating systems including MacOS, Windows, and Linux.

Connection Steps

• After installation, create a new host entry using IP address, username (root), and password received via email or control panel.

Initial Configuration

Password Management

• It's recommended to change the initial server password provided in the email for security reasons.

• Use terminal commands to generate a strong random password instead of relying on simple passwords.

This structured approach provides clarity on selecting and setting up a server while emphasizing critical steps in connecting and securing it effectively.

How to Set Up a Password and Update Your Server

Generating and Setting a Password

• A random set of characters is generated to be used as a password. It's crucial to copy this set since it will be needed for server access.

• The command PasswD is used to set the password. After entering the command, paste the copied character set using Ctrl Shift V. No visual feedback (dots or dashes) appears, which is normal.

• The system prompts for confirmation by asking to repeat the password. Again, use Ctrl Shift V followed by Enter.

• To verify that the password change was successful, open a new terminal window and attempt to reconnect using the newly set password.

• If there are issues with connecting due to incorrect passwords, re-enter the PasswD command to reset it.

Updating Repositories and Packages

• Use commands Sudo Update and Sudo Upgrade to refresh repository lists and installed packages. This ensures all software is up-to-date.

• When prompted about partition selection for installing GRUB bootloader, select both partitions by highlighting them with spacebar and confirming with Enter.

• Once package updates are complete, reboot the server using an appropriate command; expect disconnection during this process.

Installing Trix Panel

• After reconnecting post-reboot, initiate installation of Trix Panel via an official script by pasting it into the terminal and pressing Enter.

• Users can choose custom settings for their panel or accept defaults by simply pressing Enter when prompted.

Navigating XUI Menu

• The XUI menu provides various options such as updating panels, changing usernames/passwords, modifying web prefixes, and checking current settings (option 10).

• BBR technology can enhance TCP connection speeds; it's recommended to enable it through option 23 in the menu.

Connecting Securely with SSL Certificates

• After configuring BBR settings, exit back to main menu options before attempting to connect securely via browser using copied address from XUI.

• Upon logging in with username and password, users receive a security warning regarding unencrypted connections prompting SSL certificate installation guidance.

• Two methods exist for obtaining SSL certificates: self-signed or domain-based; further instructions on domain setup are available in related content.

Creating a Self-Signed SSL Certificate

Generating the Certificate

• A self-signed SSL certificate is created without a domain, using just an IP address. The command provided creates a folder named "cert" to store the certificate files.

• After executing the command, certificate files are generated. The script outputs paths for both the public and private key files, which need to be copied for further use.

Configuring the Panel

• In the panel settings under certificates, paste the path of the public key file and then do the same for the private key file. Remember to use Ctrl + Shift + C to copy paths correctly.

• Upon saving and restarting the panel, a security warning appears due to using a self-signed certificate that browsers do not inherently trust. Users can accept this risk to proceed.

Verifying Connection Security

• Although there may be warnings about an unsecured connection, technical details indicate that it is encrypted. The panel now operates over HTTPS with the self-signed certificate.

• To eliminate browser warnings, users can add their self-signed certificate as trusted in their browser settings.

Establishing Connections

Creating Inbound Connections

• When copying an HTTP address into a browser's address bar results in an error, it's essential to switch from HTTP to HTTPS for successful access.

• Two methods exist for creating connections: simple and complex. The simple method resembles previous VPN creation processes but uses XHTTP transport instead of TLS.

Setting Up Connection Parameters

• For inbound connections, select VS protocol on port 443 while changing transport from TCP to XHTTP. Default security settings should remain unchanged.

• Input any non-blocked foreign website (e.g., Google.com) in designated fields for SNI and other parameters before generating new seeds if necessary.

Client Configuration

Adding Clients

• To add another client after creating one on port 443 with XHTTP transport, click on three dots and select 'create client.' Assign any name (e.g., Client One).

Recommended Clients by OS

• Various operating systems have recommended clients compatible with XHTTP: Vitay N for Windows/Linux; Vitay ng for Android; Uitus Trisent for Mac/iOS. Download links are available through release assets.

Installing and Using Client Software

Installation Process

• After downloading appropriate software (e.g., vray Windows6desktop.zip), extract its contents and run it despite potential security warnings from Windows.

Language Settings Adjustment

• Change application language by accessing settings within the app interface; restart after switching language preferences.

Connecting Through QR Code

Scanning or Copying Connection Details

• Use QR code functionality within client software for mobile connections or copy link directly if connecting via desktop.

Verifying IP Address Change

• After setting up system proxy through selected server connection, check any website to confirm that your IP address has changed successfully—indicating proper configuration.

How to Set Up a VPN and Register a Domain

Setting Up System Proxy and VPN

• The speaker explains how to configure the system proxy in Chrome, emphasizing that enabling VPN mode will reroute all traffic through the VPN server.

• Users can copy a connection link for the VPN setup, allowing them to transfer it to other devices for easy access.

• A simple method for creating a connection without complex steps is demonstrated, setting the stage for more advanced configurations.

Advanced Connection Setup with CDN

• The second method involves using a CDN service (Cloudflyer), which requires domain registration linked to the CDN.

• To register a domain with foreign registrars, an international payment method is necessary; options include using a foreign card or virtual PayPal card obtained via Telegram bot.

Obtaining and Using Virtual Cards

• Instructions are provided on how to issue a virtual card through the PayPal bot in Telegram, including tips on applying discount promo codes during registration.

• Users must specify details like email and purpose of the card when issuing it; minimum funding requirements are also discussed.

Payment Methods and Risks

• The speaker shares personal experiences with PayPal cards, cautioning users about potential risks associated with holding large sums on these cards due to sanctions.

• Recommendations are made regarding checking payment compatibility with services before making transactions using this card.

Two-Factor Authentication and Card Management

• Two-factor authentication is highlighted as essential for managing card details securely via Google Authenticator app.

• Users learn how to retrieve their card information safely while ensuring they fill out payment data correctly when registering domains.

Cloudflyer Overview and Alternatives

• Cloudflyer is introduced as a free service suitable for domain registration; however, users should be aware of potential future restrictions or blocks on its use.

• Alternative CDN services are mentioned as viable options if Cloudflyer becomes unavailable.

How to Register a Domain and Set Up Payment Methods

Setting Up Payment Method

• To set up your payment method, click on the person icon in the top right corner and select "Billing" or "Payment."

• Enter your card details including card number, expiration date, and CVC code. This process is straightforward for anyone familiar with online purchases.

• Use the address associated with your Pipel account when entering billing information.

Domain Registration Process

• Navigate to "Domain Registration" in the left menu to register a new domain by entering any desired name.

• The cost for domain registration is typically $10 for one year; confirm this option before proceeding.

• Registration information will auto-fill from your payment method. You can use random numbers for phone details if preferred.

Managing Domain Renewal

• After registration, check under "Manage Domains" where you can find an automatic renewal toggle.

• It’s advisable to disable auto-renewal as it may be more expensive than registering a new domain during promotional periods.

• If you prefer not to renew automatically, consider registering another domain after a year instead of relying on potentially higher renewal fees.

Alternative Domain Registrars

• Services like Namecheap or GoDaddy may offer cheaper domains (as low as $2-$5), but they might not accept virtual cards.

• Once registered elsewhere, link your domain to Cloudflare by following provided instructions; this process is relatively simple.

DNS Configuration Steps

• After adding your domain in Cloudflare, create DNS records by selecting the appropriate type and entering your server's IP address.

• Ensure that proxy status is enabled for certain configurations; alternatively, you can create subdomains without proxying if using Let's Encrypt certificates.

SSL/TLS Settings Adjustment

• For SSL settings in Cloudflare, choose "Flexible" encryption and save changes accordingly.

• Disable TLS 1.3 under Edge Certificates if necessary; ensure JPC is enabled under Network settings.

Inbound Connection Setup

• Create an inbound connection using VES protocol; port 80 is recommended unless occupied by other services.

• Add clients automatically created during setup; additional users can be added easily through the interface.

How to Set Up a VPN Server Using Cloudflare

Creating Rules in Cloudflare

• Begin by copying the connection details and navigating to the "Rules" tab in Cloudflare. Create a new rule, selecting "Origin Rules" and naming it appropriately for easy identification.

• Proceed to set the host name to match your domain and specify the port from inbound settings before deploying the rule. This configuration allows traffic on port 443 from Cloudflare servers.

• While it's possible to use port 80 instead of 443, this setup is preferred for avoiding conflicts when using existing servers for VPN services.

Adding Connection Details

• After creating the rules, copy the connection link via QR code, close it, and open Vitay N. Remove any old connections before importing the new one.

• Edit the imported connection by replacing server details with your domain name and setting port 443. Ensure SNI also reflects your domain before confirming changes.

Testing Domain Configuration

• Test your domain by pinging it; note that it returns an IP address associated with Cloudflare rather than your server's actual IP.

• Verify that this IP belongs to Cloudflare using an IP location service, confirming that your server's real IP is hidden behind their infrastructure.

Activating VPN on Desktop

• Set up Global settings and enable system proxy before checking your public IP address through an external site; successful verification indicates proper functionality of the VPN setup.

Mobile Client Setup Recommendations

Recommended Clients for Mobile Devices

• For mobile devices, two recommended clients are Vitrang (Android) and Strayan (iOS). Both have similar interfaces which simplifies instructions.

Installation Process for Android

• Download the appropriate APK file from GitHub under releases if you prefer not using Play Store options. Installation from PC files is straightforward but ensure trustworthiness of sources.

Importing Connection Keys

• In mobile clients like Viturg, add keys either by scanning QR codes or pasting links directly into the app. Once added, simply press start to activate VPN services.

Editing Connection Settings

• If you used a complex method for connection creation, edit settings similarly as on desktop: change IP address to domain name, set port to 443, select TLS in security options, then save changes before starting VPN again.