Best use case
Xray is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
## Overview
Teams using Xray should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
$curl -o ~/.claude/skills/xray/SKILL.md --create-dirs "https://raw.githubusercontent.com/ComeOnOliver/skillshub/main/skills/TerminalSkills/skills/xray/SKILL.md"
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/xray/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How Xray Compares
| Feature / Agent | Xray | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
## Overview
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Xray
## Overview
Deploy and configure Xray-core — the advanced proxy platform supporting VLESS, VMess, Trojan, and Shadowsocks protocols with modern transports like Reality, XTLS-Vision, WebSocket, gRPC, and HTTP/2. This skill covers server deployment, protocol selection, TLS/Reality configuration, traffic routing, multi-user management, CDN integration, client configuration, and monitoring.
## Instructions
### Step 1: Installation
```bash
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install
xray version
# Binary: /usr/local/bin/xray
# Config: /usr/local/etc/xray/config.json
# Generate UUID and X25519 keys
xray uuid
xray x25519 # Private + Public key pair for Reality
```
### Step 2: VLESS + Reality (Recommended)
The most secure setup. Reality mimics a real HTTPS website's TLS handshake, eliminating the need for a domain or TLS certificate.
**Server config (`/usr/local/etc/xray/config.json`):**
```json
{
"log": { "loglevel": "warning" },
"inbounds": [{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{ "id": "YOUR-UUID", "flow": "xtls-rprx-vision", "email": "user1@proxy" }
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"dest": "www.microsoft.com:443",
"serverNames": ["www.microsoft.com", "microsoft.com"],
"privateKey": "YOUR-PRIVATE-KEY",
"shortIds": ["", "0123456789abcdef"]
}
},
"sniffing": { "enabled": true, "destOverride": ["http", "tls", "quic"] }
}],
"outbounds": [
{ "protocol": "freedom", "tag": "direct" },
{ "protocol": "blackhole", "tag": "block" }
],
"routing": {
"rules": [{ "type": "field", "ip": ["geoip:private"], "outboundTag": "block" }]
}
}
```
**Client share link:**
```
vless://UUID@SERVER_IP:443?encryption=none&flow=xtls-rprx-vision&security=reality&sni=www.microsoft.com&fp=chrome&pbk=PUBLIC_KEY&sid=0123456789abcdef&type=tcp#MyProxy
```
```bash
systemctl enable --now xray
```
### Step 3: VLESS + WebSocket + TLS (CDN-Compatible)
For routing through Cloudflare CDN to hide the server IP. Requires a domain with Cloudflare proxying and a TLS certificate.
```bash
apt install -y certbot
certbot certonly --standalone -d proxy.yourdomain.com
```
```json
{
"inbounds": [
{
"port": 443, "protocol": "vless",
"settings": {
"clients": [{ "id": "YOUR-UUID" }],
"decryption": "none",
"fallbacks": [
{ "dest": 8080 },
{ "path": "/ws-path", "dest": 8443, "xver": 1 }
]
},
"streamSettings": {
"network": "tcp", "security": "tls",
"tlsSettings": {
"certificates": [{
"certificateFile": "/etc/letsencrypt/live/proxy.yourdomain.com/fullchain.pem",
"keyFile": "/etc/letsencrypt/live/proxy.yourdomain.com/privkey.pem"
}]
}
}
},
{
"listen": "127.0.0.1", "port": 8443, "protocol": "vless",
"settings": { "clients": [{ "id": "YOUR-UUID" }], "decryption": "none" },
"streamSettings": { "network": "ws", "wsSettings": { "path": "/ws-path" } }
}
],
"outbounds": [{ "protocol": "freedom", "tag": "direct" }]
}
```
Set up nginx on port 8080 as fallback, and in Cloudflare: SSL/TLS Full (Strict), WebSockets ON.
### Step 4: Trojan & Shadowsocks
**Trojan** (looks like normal HTTPS):
```json
{
"inbounds": [{
"port": 443, "protocol": "trojan",
"settings": {
"clients": [{ "password": "your-strong-password", "email": "user1@trojan" }],
"fallbacks": [{ "dest": 8080 }]
},
"streamSettings": {
"network": "tcp", "security": "tls",
"tlsSettings": { "certificates": [{ "certificateFile": "...", "keyFile": "..." }] }
}
}]
}
```
**Shadowsocks 2022** (modern AEAD ciphers):
```json
{
"inbounds": [{
"port": 8388, "protocol": "shadowsocks",
"settings": { "method": "2022-blake3-aes-128-gcm", "password": "BASE64_KEY", "network": "tcp,udp" }
}]
}
```
Generate key: `openssl rand -base64 16` (or `-base64 32` for aes-256)
### Step 5: Multi-User Management
```json
"clients": [
{ "id": "uuid-1", "email": "alice@proxy", "flow": "xtls-rprx-vision" },
{ "id": "uuid-2", "email": "bob@proxy", "flow": "xtls-rprx-vision" },
{ "id": "uuid-3", "email": "carol@proxy", "flow": "xtls-rprx-vision" }
]
```
**Per-user traffic stats** — enable the stats API:
```json
{
"stats": {},
"policy": {
"levels": { "0": { "statsUserUplink": true, "statsUserDownlink": true } },
"system": { "statsInboundUplink": true, "statsInboundDownlink": true }
},
"api": { "tag": "api", "services": ["StatsService", "HandlerService"] },
"inbounds": [
{ "listen": "127.0.0.1", "port": 10085, "protocol": "dokodemo-door",
"settings": { "address": "127.0.0.1" }, "tag": "api" }
],
"routing": { "rules": [{ "type": "field", "inboundTag": ["api"], "outboundTag": "api" }] }
}
```
**Query and manage users at runtime:**
```bash
xray api stats --server=127.0.0.1:10085 -name "user>>>alice@proxy>>>traffic>>>uplink"
xray api adi --server=127.0.0.1:10085 --inbound-tag proxy --id "new-uuid" --email "newuser@proxy"
xray api rmi --server=127.0.0.1:10085 --inbound-tag proxy --email "olduser@proxy"
```
### Step 6: Routing Rules & Monitoring
**Route by domain/IP/geo:**
```json
{
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{ "type": "field", "domain": ["geosite:category-ads-all"], "outboundTag": "block" },
{ "type": "field", "ip": ["geoip:private"], "outboundTag": "block" },
{ "type": "field", "network": "tcp,udp", "outboundTag": "proxy" }
]
}
}
```
**Monitoring:**
```bash
systemctl status xray
journalctl -u xray -f
grep "accepted" /var/log/xray/access.log | awk '{print $3}' | sort | uniq -c | sort -rn
```
**Firewall:**
```bash
ufw allow 443/tcp && ufw allow 443/udp && ufw enable
```
## Examples
### Example 1: Deploy a VLESS + Reality proxy server for a small team
**User prompt:** "Set up Xray on our Debian 12 VPS at 198.51.100.30 using VLESS with Reality transport. Create accounts for alice, bob, and carol. Use microsoft.com as the Reality target and give me the share links for v2rayNG."
The agent will install Xray via the official script, generate a UUID for each user and an X25519 key pair, build a `config.json` with a VLESS inbound on port 443 using Reality settings targeting `www.microsoft.com`, add three client entries with `xtls-rprx-vision` flow, add routing rules to block private IPs, enable and start the xray service, open port 443 in the firewall, and output three `vless://` share links with the server IP, public key, short ID, and SNI.
### Example 2: Set up a CDN-fronted VLESS proxy with Cloudflare and a fallback website
**User prompt:** "I have proxy.mysite.com pointing to our server through Cloudflare. Configure Xray with VLESS over WebSocket on /secret-ws so traffic goes through Cloudflare's CDN. Non-proxy visitors should see a normal nginx website."
The agent will obtain a Let's Encrypt certificate with certbot, configure Xray with a main VLESS+TLS inbound on port 443 with a fallback to nginx on port 8080, add a second VLESS+WebSocket inbound on localhost:8443 with path `/secret-ws`, set up nginx to serve a static site on port 8080, verify Cloudflare SSL is set to Full (Strict) with WebSockets enabled, and provide the client connection string with the WebSocket path and Cloudflare SNI.
## Guidelines
- Always use VLESS + Reality for new deployments; it requires no domain or certificate and is the hardest protocol to detect and block
- Set `"alterId": 0` for all VMess users to enable mandatory AEAD encryption; non-zero alterId uses the deprecated, less secure legacy format
- Block access to private IP ranges (geoip:private) in routing rules to prevent the proxy from being used for SSRF attacks against internal services
- Use the `xray api` commands to add and remove users at runtime without restarting the service, which avoids disconnecting active users
- Choose the Reality `dest` and `serverNames` from a popular website (microsoft.com, apple.com) hosted on a different IP than your server, and ensure that site supports TLS 1.3 and HTTP/2
- Enable the stats API with per-user tracking (`statsUserUplink`/`statsUserDownlink`) to monitor bandwidth usage and detect abuseRelated Skills
LJG-Xray-Paper: 论文解读
25
from ComeOnOliver/skillshub
你要做两件事,仅两件:
Daily Logs
25
from ComeOnOliver/skillshub
Record the user's daily activities, progress, decisions, and learnings in a structured, chronological format.
Socratic Method: The Dialectic Engine
25
from ComeOnOliver/skillshub
This skill transforms Claude into a Socratic agent — a cognitive partner who guides
Sokratische Methode: Die Dialektik-Maschine
25
from ComeOnOliver/skillshub
Dieser Skill verwandelt Claude in einen sokratischen Agenten — einen kognitiven Partner, der Nutzende durch systematisches Fragen zur Wissensentdeckung führt, anstatt direkt zu instruieren.
College Football Data (CFB)
25
from ComeOnOliver/skillshub
Before writing queries, consult `references/api-reference.md` for endpoints, conference IDs, team IDs, and data shapes.
College Basketball Data (CBB)
25
from ComeOnOliver/skillshub
Before writing queries, consult `references/api-reference.md` for endpoints, conference IDs, team IDs, and data shapes.
Betting Analysis
25
from ComeOnOliver/skillshub
Before writing queries, consult `references/api-reference.md` for odds formats, command parameters, and key concepts.
Research Proposal Generator
25
from ComeOnOliver/skillshub
Generate high-quality academic research proposals for PhD applications following Nature Reviews-style academic writing conventions.
Paper Slide Deck Generator
25
from ComeOnOliver/skillshub
Transform academic papers and content into professional slide deck images with automatic figure extraction.
Medical Imaging AI Literature Review Skill
25
from ComeOnOliver/skillshub
Write comprehensive literature reviews following a systematic 7-phase workflow.
Meeting Briefing Skill
25
from ComeOnOliver/skillshub
You are a meeting preparation assistant for an in-house legal team. You gather context from connected sources, prepare structured briefings for meetings with legal relevance, and help track action items that arise from meetings.
Canned Responses Skill
25
from ComeOnOliver/skillshub
You are a response template assistant for an in-house legal team. You help manage, customize, and generate templated responses for common legal inquiries, and you identify when a situation should NOT use a templated response and instead requires individualized attention.