How to Set Up V2Ray Proxy on Ubuntu 22.04/20.04 Server
This tutorial is going to show you how to set up V2Ray proxy server on Ubuntu 22.04/20.04. V2Ray is a lightweight, fast, and secure Socks5 proxy to bypass Internet censorship. We will learn how to set up the server side and how to configure the desktop client on Ubuntu/Windows.
V2Ray Features
- Lightweight and fast. In my test, I can watch YouTube 4K videos with V2Ray. YouTube is blocked in my country (China).
- Runs on Linux and most BSD servers.
- There is official V2Ray client software for Linux, macOS, Windows, and BSD. For Android and iOS, there are third-party apps available.
- Easy to set up for system administrators
- V2Ray can be configured to operate on TCP port 443 and uses standard TLS protocol to encrypt network traffic. It looks like a standard HTTPS protocol, which makes it hard to be blocked.
- Supports KCP transport protocol, which is useful in network environments with high packet loss.
- Routing support. You can configure it to only route traffic for websites/domains that are blocked in your country or area.
- You can run it behind Cloudflare CDN.
- V2Ray is more than a simple proxy tool. It’s designed as a platform that developers can use to build new protocols and tools.
Requirements
To follow this tutorial, you will need a VPS (Virtual Private Server) that can access blocked websites freely (Outside of your country or Internet filtering system). I recommend Kamatera VPS, which features:
- 30 days free trial.
- Starts at $4/month (1GB RAM)
- High-performance KVM-based VPS
- 9 data centers around the world, including the United States, Canada, UK, Germany, The Netherlands, Hong Kong, and Isreal.
Follow the tutorial linked below to create your Linux VPS server at Kamatera.
Once you have a VPS running Ubuntu 22.04/20.04, follow the instructions below.
Step 1: Install V2Ray on Ubuntu 22.04/20.04 Server
SSH into your remote Ubuntu server. If you are running Ubuntu 22.04/20.04, then I recommend manually installing V2Ray, because the v2ray package in the repository has a problem when starting it up. Run the following command to install dependency packages.
sudo apt install curl unzip
Download the official V2Ray install script. (I don’t usually recommend installing software with third-party scripts, but this is the install script provided by official V2Ray developers, so I use it.)
curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
Run the install script.
sudo bash install-release.sh
Sample output:
Check status:
sudo systemctl status v2ray
If it’s not running, then restart it.
sudo systemctl restart v2ray
Enable auto-start at system boot time.
sudo systemctl enable v2ray
Step 2: Set Up NTP Time Sync
It’s very important that your server has accurate time, or V2Ray can fail. This is to ensure the best security for users. Check the time on your server.
timedatectl
Sample output:
As you can see, my server system clock is synchronized. If this is not the case on your server, please follow the tutorial linked below to set up NTP time synchronization.
Step 3: Configure V2Ray on the Server
Edit V2Ray configuration file with a command-line text editor such as Nano.
sudo nano /usr/local/etc/v2ray/config.json
Delete everything in this file, then add the following lines. Replace the id with some random characters in UUID format. You can use an online UUID generator.
{
"log": {
"loglevel": "warning",
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log"
},
"inbounds": [
{
"port": 10000,
"listen":"127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ray"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}
Save and close the file. V2Ray server will listen on port 10000. Then restart V2Ray for the changes to take effect.
sudo systemctl restart v2ray
Check listening ports.
sudo ss -lnpt | grep v2ray
Sample output:
LISTEN 0 4096 127.0.0.1:10000 *:* users:(("v2ray",pid=701205,fd=3))
Step 4: Configure Reverse Proxy
Install Nginx web server.
sudo apt install nginx
Create a virtual host file for V2Ray.
sudo nano /etc/nginx/conf.d/v2ray.conf
Add the following lines in this file. Replace example.com with your own domain name. You can also use a sub-domain.
server {
listen 80;
server_name example.com;
index index.html;
root /usr/share/nginx/html/;
access_log /var/log/nginx/v2ray.access;
error_log /var/log/nginx/v2ray.error;
location /ray { # Consistent with the path of V2Ray configuration
if ($http_upgrade != "websocket") { # Return 404 error when WebSocket upgrading negotiate failed
return 404;
}
proxy_redirect off;
proxy_pass http://127.0.0.1:10000; # Assume WebSocket is listening at localhost on port of 10000
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# Show real IP in v2ray access.log
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Save and close the file. Then test Nginx configuration.
sudo nginx -t
If the test is successful, reload Nginx.
sudo systemctl reload nginx
Step 5: Enable HTTPS
We enable HTTPS so that your national firewall doesn’t know you are using a proxy.
Install the latest version of Let’s Encrypt client certbot from the Snap store.
sudo apt install snapd sudo snap install certbot --classic
Then run the following command to obtain a free Let’s Encrypt certificate.
sudo /snap/bin/certbot --webroot -i nginx --agree-tos --hsts --staple-ocsp -d example.com -e [email protected] -w /usr/share/nginx/html/
Once it’s obtained, it will be automatically installed for your Nginx web server.
Step 6: Configure Firewall
If you are using iptables firewall on your server, then you need to allow traffic to the TCP port 443 by running the following command.
sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT
If you are using UFW firewall, then run the following commands:
sudo ufw allow 443/tcp
Step 7: Install and Configure V2Ray on Client Computer
Linux Desktop
Please follow the same procedure in step 1 to install V2Ray on Linux desktop. Once it’s done, edit the configuration file.
sudo nano /usr/local/etc/v2ray/config.json
Delete everything in this file, then add the following lines.
{
"inbounds": [
{
"port": 1090,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth",
"udp": false
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "example.com",
"port": 443,
"users": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"alterId": 0
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/ray"
}
}
}
]
}
The id parameter on V2Ray client must match the id parameter on V2Ray server. It’s like a pre-shared password. The alterId must be set to 0, so the V2Ray client will enable AEAD encryption algorightm.
Save and close the file. Then restart V2Ray for the changes to take effect.
sudo systemctl restart v2ray
Check listening ports.
sudo ss -lnpt | grep v2ray
Sample output:
LISTEN 0 4096 127.0.0.1:1090 0.0.0.0:* users:(("v2ray",pid=495211,fd=3))
V2Ray client listens on port 1090 (for web browsers) and will redirect requests to the V2Ray server, which is listening on port 10086.
Windows
Windows users can download V2Ray client from its Github release page. Click the Show all assets link, then you can find the V2Ray Windows ZIP file.
Unzip the file. You will find a config.json file. Use NotePad or your favorite text editor to open this file. Delete everything in this file, then add the following lines.
{
"inbounds": [
{
"port": 1090,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth",
"udp": false
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "example.com",
"port": 443,
"users": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"alterId": 0
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/ray"
}
}
}
]
}
Replace server_ip_address with your actual server IP address. The id parameter on V2Ray client must match the id parameter on V2Ray server. It’s like a pre-shared password.
Save and close the file. Then open Window Powershell and run the following command to start v2ray, assuming the v2ray-windows-64 folder is extracted in your Desktop folder.
. \\Desktop\v2ray-windows-64\v2ray run
Step 8: Configure Web Browser to Use V2Ray Proxy
To make your program use V2Ray proxy, the program must support SOCKS proxy. Programs like Firefox, Google Chrome and Dropbox allow users to use proxy. I will show you how to configure Firefox and Google Chrome.
Firefox
In Firefox, go to Edit > Preferences > General (or Tools -> Options -> General). Then scroll down to the bottom and click Settings in Network Setting.
In the Connection Settings window, select manual proxy configuration. Then select SOCKS v5 because V2Ray is a Socks5 proxy. Enter 127.0.0.1 in the SOCKS Host field and 1090 in the port field. Make sure Proxy DNS when using SOCKS v5 is enabled. Click OK to apply these modifications.
Google Chrome
I recommend installing the Proxy SwitchyOmega extension to manage proxies for Google Chrome.
Once the extension is installed in Google Chrome, configure a proxy server as follows:
- Choose the
SOCKS5protocol. - Set
127.0.0.1as the server address. - Set
1090as the port number.
Apply the changes. Then click the extensions icon on the upper-right corner and click Proxy SwithyOmega.
By default, SwithyOmega uses the operating system’s proxy settings. We need to change it from system proxy to proxy.
Now your proxy should be working.
Step 9: DNS Leak Test
Go to dnsleaktest.com. You will see your V2Ray server’s IP address, which indicates that your V2Ray proxy is working.
Click the Standard test. Make sure your local ISP isn’t in the test results.
Step 10: Enable TCP BBR
TCP BBR is a TCP congestion control algorithm that can drastically improve connection speed. Run the following two commands to enable TCP BBR algorithm.
echo "net.core.default_qdisc=fq" | sudo tee -a /etc/sysctl.d/60-custom.conf echo "net.ipv4.tcp_congestion_control=bbr" | sudo tee -a /etc/sysctl.d/60-custom.conf
Then apply the changes with the below command. The -p option will load sysctl settings from /etc/sysctl.d/60-custom.conf file. This command will preserve our changes across system reboots.
sudo sysctl -p /etc/sysctl.d/60-custom.conf
Troubleshooting
If V2Ray doesn’t work, please check the logs under /var/log/v2ray/ (access.log and error.log).
If you see the following error, it’s likely because the client’s time is wrong. Please configure time sync.
rejected proxy/vmess/encoding: failed to read request header > websocket: close 1000 (normal)
If you encounter the following error, please set alterId to 0 in the V2Ray client configuation file to enable AEAD.
invalid user: VMessAEAD is enforced and a non VMessAEAD connection is received.
iOS Client
OneClick is a free V2Ray client for iOS users.
Once you install OneClick, open the app, select add configuration -> VMESS, then use the following parameters.
- Remarks: Enter whatever you want in this text field.
- Address/IP: Enter your domain as is in the Nginx configuration file. (example.com)
- Port: 443
- ID/UUID: Enter the UUID as is in the V2Ray server config file.
- Alert ID: 0
- Toggle on Enable TLS.
- Select ws as the stream setting
- Host: Enter your domain as is in the Nginx configuration file. (example.com)
- Path:
/ray - Leave other fields empty.
Note: OneClick doesn’t seem to support VMESS-AEAD. You need to disable it on the V2Ray server.
sudo systemctl edit v2ray.service
Enter the following lines.
[Service] Environment=V2RAY_VMESS_AEAD_FORCED=false
Save and close the file. Then restart V2Ray.
sudo systemctl restart v2ray
Global Mode on Linux Desktop
If you use Desktop Linux, you can actually use the V2Ray proxy for all of your Internet traffic (not only web browser traffic). Go to your System settings -> Network -> Network Proxy.
Then select Manual -> Sock Host (127.0.0.1: 1090). It will automatically detect the SOCK protocol (SOCKS4 or SOCK5).
How to Upgrade V2Ray
Simply run the install script again.
sudo bash install-release.sh
Wrapping Up
That’s it! I hope this tutorial helped you install V2Ray proxy on Ubuntu. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks 🙂
Thank you very much for this tutorial, I’m from Iran and at least 25% of people who access to Internet is via v2ray.
You can also try OpenConnect VPN and SoftEther SSTP VPN
It’s better to have alternative ways to bypass Internet censorship 🙂
Thanks for your great tutorial ,openconnect is now struggling to work , softether is awsome but lacks ios or android support , l2tp does not work in iran.
Hi, I had sent you a query to your email – from thalazywebmaster [aht] gmail – whats your tot on email replies 🙂
hi, thanks for sharing. could you tell us the name of the 3rd party apps for Android/iOS? free or paid?
and how secure is V2Ray compare to others like OpenVPN and Softether?
Thanks for Sharing, would you please advise how can we connect from iPhone and Android. I try to use the shadowrocket app on iOS but its not connecting. Appreciate your assistance to provide the steps.
Hello, Would you please upgrade the guide to run behind Cloudflare.
hi
thats great you save my career
so do you have any course that we can lear networking in Linux?
I’m trying to set up a V2ray server on my home server (using DDNS behind the router at home) by following your tutorial. What extra steps do I need to make it work?
good explanation
is it works nowadays?
Heads up, on Debian stretch, you need to also “sudo snap install core” before you can install certbot. (Step 5)
@Xiao Guoan thank you so much for this tutorial! Literally saved me tons of time to check and test everything on my own. Works like a charm sir! Highly appreciated!
I’m wondering if there’s any possibility to use the client configuration directly on the router so all devices which are connected to the router can use v2ray without the necessity of installing the software on each device?
Thank you so much good sir!
Hi, nice tutorial… can I simply change the V2Ray server port to 443 instead of 10000?
Thanks!
Its really great guide, if no domain available, can I use IP instead on VPS server?
Hi, recently I followed this guide to setup a server. The only change I made was to the command to obtain a Let’s Encrypt certificate: “-e [email protected]” was changed to “-m [email protected]” as perhaps the switch for email address has changed.
I am having trouble setting up a client on Windows (I normally use Nekoray, but tried the V2Ray client linked above too). Any tips for troubleshooting, or guides?
I live in Turkmenistan, do you know how to configure ubuntu server that it can work in here. Here all the servers from other countries are blocked
Thank you very much for this tutorial, It’s working in my country.
Thank you. A question: how many and how client IDs can be added in config.json on server side?
in step 5, run
sudo /snap/bin/certbot –webroot -i nginx –agree-tos –hsts –staple-ocsp -d example.com –email [email protected] -w /usr/share/nginx/html/
works for me.