Argo Tunnel x Xray (VLESS+WS) x v2rayNG Setup GuideArgo Tunnel x Xray (VLESS+WS) x v2rayNG Setup GuideArgo Tunnel x Xray (VLESS+WS) x v2rayNG Setup Guide

#Cloudflare#Argo Tunnel#Xray#VLESS#WebSocket#v2rayNG#VPN#Proxy
2026::02::25
4 min
AUTHOR:Z.SHINCHVEN

Building a Secure Tunnel: Argo Tunnel, Xray, WebSocket, and v2rayNG Setup Guide

This guide outlines the manual configuration of a robust and secure proxy solution using Cloudflare's Argo Tunnel, Xray with VLESS-WebSocket protocol, and v2rayNG for client connectivity. This setup provides a fixed domain, hides your VPS IP, and leverages Cloudflare's global CDN for accelerated and encrypted traffic.

Estimated Time: 30-60 minutes. Basic Linux command-line experience is recommended.

Why This Setup?

  • Fixed Domain: Your subdomain (e.g., argo.yourdomain.com) remains constant, unaffected by restarts.
  • WebSocket Protocol: Standard WebSocket ensures seamless compatibility with Cloudflare CDN and Tunnel.
  • Argo Tunnel: Conceals your VPS's true IP address, utilizes Cloudflare's global CDN for speed, and eliminates the need to open ports on your VPS.
  • TLS Encryption: Cloudflare Edge provides end-to-end TLS encryption for enhanced security.

Prerequisites

Before you begin, ensure you have the following:

  • VPS (Virtual Private Server):
    • Recommended OS: Ubuntu 22.04 / 24.04 LTS.
    • A "clean" IP address (not blocked or censored).
    • Minimum specifications: 1 core CPU, 1GB RAM.
  • Cloudflare Account and Domain:
    • A free Cloudflare account is sufficient.
    • Your domain must be added to Cloudflare, and its Name Servers (NS records) must be switched to Cloudflare's.
  • Client Device:
    • An Android phone with the latest v2rayNG app installed.
  • Tools:
    • An SSH client to connect to your VPS.
    • A text editor (e.g., nano) for configuration files.

Technical Steps

Step 1: Cloudflare Dashboard - Create a Fixed Tunnel and Obtain Token

  1. Log in to your Cloudflare Dashboard.
  2. Navigate to Zero TrustNetworksTunnels.
  3. Click Create a tunnel.
  4. Select Cloudflared, provide a tunnel name (e.g., fixed-argo-ws), and click Save tunnel.
  5. On the installation page, copy the Tunnel token (a long string starting with eyJ...) and save it securely.
  6. Click Next to configure the Public Hostname:
    • Subdomain: Enter your desired subdomain (e.g., argo).
    • Domain: Select your domain from the dropdown.
    • Type: Choose HTTP.
    • URL: Enter localhost:443.
  7. Click Save tunnel.

Step 2: VPS Setup - Install and Run Cloudflared

  1. Connect to your VPS via SSH. Update your system:
    sudo apt update && sudo apt upgrade -y
sudo apt install curl wget sudo -y
  2. Install Cloudflared:
    curl -L --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared.deb
  3. Install and start the Cloudflared service using your saved Tunnel token:
    sudo cloudflared service install YOUR_FULL_TOKEN_STRING
sudo systemctl start cloudflared
sudo systemctl enable cloudflared

Step 3: VPS Setup - Install and Configure Xray (VLESS + WebSocket)

  1. Install Xray:
    bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install
  2. Generate a UUID:
    xray uuid
  3. Edit the Xray configuration file:
    sudo nano /usr/local/etc/xray/config.json
    Paste the following JSON configuration, replacing YOUR_UUID with the one you generated:
    {
  "log": {
    "loglevel": "info"
  },
  "inbounds": [
    {
      "tag": "vless-ws",
      "listen": "127.0.0.1",
      "port": 443,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "YOUR_UUID",
            "flow": ""
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
          "path": "/YOUR_UUID-vw"
        }
      },
      "sniffing": {
        "enabled": true,
        "destOverride": [ "http", "tls", "quic" ],
        "metadataOnly": false
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "UseIPv4"
      }
    }
  ]
}
  4. Restart Xray:
    sudo systemctl restart xray
sudo systemctl enable xray
  5. Enable BBR:
    echo "net.core.default_qdisc=fq" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Step 4: Configure v2rayNG Client

  1. Open v2rayNG and add a VLESS node manually.
  2. Fill in the following:
    • Address: Your Cloudflare subdomain (e.g., argo.yourdomain.com).
    • Port: 443.
    • User ID: Your UUID.
    • Transport Protocol: ws.
    • Path: /YOUR_UUID-vw.
    • Underlying Transport Security: tls.
    • SNI: Your Cloudflare subdomain.
  3. Save and connect.

Troubleshooting

  • 502 Bad Gateway: Ensure Xray is running and listening on 127.0.0.1:443.
  • Tunnel Offline: Check journalctl -u cloudflared for token or connection issues.
  • Slow Speed: Enable Argo Smart Routing in the Cloudflare dashboard.

Conclusion

This setup provides a highly secure and discreet method for establishing a proxy connection. The combination of a fixed domain, Argo Tunnel, and Xray with VLESS-WebSocket protocol offers excellent resilience against detection.

Stay safe and browse responsibly!

RackNerd Billboard Banner
Share Node:

RELATED_DATA_STREAMS

SCANNING_DATABASE_FOR_CORRELATIONS...
PREVIOUS_DATABuilding an MCP Server with Authentication
NEXT_DATA Understanding 'Preferred IP': Why It's Essential for Network Circumvention