Install Xray + VLESS + WS + TLS + Apache + CDN on Ubuntu

Install required Ubuntu packages

apt install -y chrony
timedatectl set-ntp true
systemctl enable chrony && systemctl restart chrony
timedatectl set-timezone Asia/Tehran
chronyc sourcestats -v
chronyc tracking -v
date

Install Certbot

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot certonly --standalone

result

# Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
# Key is saved at:         /etc/letsencrypt/live/example.com/privkey.pem

Xray

bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root

# xray remove
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove --purge

# /etc/systemd/system/xray.service
# /usr/local/bin/xray run -config /usr/local/etc/xray/config.json

nano /usr/local/etc/xray/config.json

{
    "log": {
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "port": 10002,
            "listen": "127.0.0.1",
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "559f6df4-0a3c-4f5f-bb95-d17888b16361",
                        "level": 0,
                        "email": "[email protected]"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "path": "/xray"
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom", 
            "settings": { }, 
            "tag": "direct"
        }, 
        {
            "protocol": "blackhole", 
            "settings": { }, 
            "tag": "blocked"
        }
    ],
    "dns": {
    "servers": [
      "https+local://1.1.1.1/dns-query",
      "1.1.1.1",
      "1.0.0.1",
      "8.8.8.8",
      "8.8.4.4",
      "localhost"
    ]
  }
}

Xray Dat Path

/usr/local/share/xray

Apache

nano /etc/apache2/apache2.conf

<VirtualHost *:80>
    Servername example.com
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =example.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URL} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
    # change your domain
    ServerName example.com
    # you may have a different root
    DocumentRoot /var/www/
    # the SSL configuration enable https for your site and it’s also required by shadowsocks + v2ray
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/example.com/privkey.pem
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 +TLSv1.3
    SSLCipherSuite HIGH:!aNULL
    <Location "/xray">
    ProxyPass ws://127.0.0.1:10002/xray
    ProxyAddHeaders Off
    ProxyPreserveHost On
    RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
    </Location>
</VirtualHost>

References
https://github.com/XTLS/Xray-core
https://github.com/XTLS/Xray-examples
https://github.com/v2fly/v2ray-examples
https://github.com/XTLS/Xray-install