This tutorial will guide you to set your own Vmess+WebSocket+TLS proxy through vps + Cloudflare worker


Go to NOIP or other websites that provide free DDNS, get a sub-domain name and resolve this sub-domain to your VPS ip
Or go to freenom to get a free domain name and resolve this domain name to your VPS ip


Use one-click installation script to install a VMESS+WebSocket server end in your VPS

bash -c "$(curl -L" @ install

Use the following content to replace the original configuration file, the file is located in /usr/local/etc/xray, you can modify uuid and path, but the port must be 80

"log": {
    "loglevel": "warning"
"routing": {
    "domainStrategy": "AsIs",
    "rules": [
            "type": "field",
            "ip": [
            "outboundTag": "block"
"inbounds": [
        "listen": "",
        "port": 80,
        "protocol": "vmess",
        "settings": {
            "clients": [
                    "id": "285A4C28-3F94-2438-5253-7D3D285A4C28"
        "streamSettings": {
            "network": "ws",
            "security": "none",
            "wsSettings": {
                "path": "/vmessws"
"outbounds": [
        "protocol": "freedom",
        "tag": "direct"
        "protocol": "blackhole",
        "tag": "block"

Cloudflare Worker

Go to Cloudflare, use the following code to create a new Worker

  "fetch", event => {
      let url = new URL(event.request.url);
      let realhostname = url.pathname.split('/')[1];
      let realpathname = url.pathname.split('/')[2];
      url.hostname = realhostname;
      url.pathname = '/'+ realpathname;
      url.port = 80;
      url.protocol = 'http';
      let request = new Request(url, event.request);


Add nodes to v2rayN as shown



Q: Why can only port 80 be used?
A: Because the Fetch API of Cloudflare's Worker can only use standard ports in principle, namely 80 and 443, if you choose 443, you need a publicly trusted certificate

Q: Why is a free domain(sub-domain) name necessary?
A: Because the Fetch API of Cloudflare's Worker prohibits modifying or adding the host field in the header, so can not use ip directly

Q: Is the traffic from the server to the Cloudflare network secure?
A: Safe as most modern websites are already encrypted with tls

Q: What are the additional advantages of this configuration?
A: The tls encryption is actually done by Cloudflare, which reduces the pressure on the server, so it can load more users

tags: v2ray, vmess, websocket, tls


  1. Payman Payman


  2. mehran mehran

    hi, i installed one-click installation script on my server but i don't know how replace the original configuration file

    1. joseph joseph

      you need to use fair or shadowrocket

  3. sd sd
  4. sd sd

Add a new comment.