Example for VLESS+gRPC+TLS with CDN.

[maxy1]

Hi, Do you have any example for VLESS+gRPC+TLS with CDN.

[chika0801]

https://github.com/chika0801/Xray-examples/tree/main/VLESS-gRPC-TLS

这个里面的配置，就是能使用CDN（cloudflare）的。

[maxy1]

Thank you. Your example client configuration says TLS SNI = chika.example.com But we want to use SNI youtube.com But when I put youtube.com its not working with CDN. How to get it work ? Our Internet works only if we put SNI to youtube.com

[maxy1]

If the SNI = youtube.com then it should pass to proxy. How to edit the code for this ?

[chika0801]

Analyzing the situation from what you said, the internet exit firewall in your area, uses a firewall that only allows specific SNIs (like youtube.com) to be accessed when eligible.

If this is the problem, it shouldn't be solved by using CDN as a technology. This is because the SNI that the client fills in has to correspond to the domain name (SNI) that is included in the actual SSL certificate on the server side. This is a requirement for SSL certificates (TLS encryption) to work.

You may need to use Xray's REALITY this form to solve the problem, REALITY in the server-side configuration of the Dest parameter to fill in the URL, the SSL certificate is required to TLS1.3.

Also if using QUIC type protocols works in your area, use them. For example, Hysteria2 TUIC these 2.

Translated with DeepL.com (free version)

[maxy1]

So you mean Cloudflare CDN rejecting the SNI domain coz its different name than the ? and that is why I am unable to connect with CDN on ?

If we not use Cloudflare CDN we connect to the internet. So how do I hide my server IP ? using REALITY not hide my IP. :(

[chika0801]

So you mean Cloudflare CDN rejecting the SNI domain coz its different name than the ? and that is why I am unable to connect with CDN on ?

Generally speaking, what domain name is in the SSL certificate used on your VPS (server).

For the client, if the client's address is filled with your domain name, this domain name points to the IP of your VPS, and your domain name is managed using CF's web page, which opens the CDN option in CF's web interface.

So that the client can be used normally.

When the client's address is filled in the real IP of VPS, the client's SNI should be filled in the domain name included in the SSL certificate of VPS.

This is the basic logic.

Translated with DeepL.com (free version)

[chika0801]

If we not use Cloudflare CDN we connect to the internet. So how do I hide my server IP ? using REALITY not hide my IP. :(

For example, if I'm in mainland China and the firewall is blocking the IP of my VPS, and I still want to use the IP of this VPS, I'll choose a combination of configuration protocols that support CDNs.

Otherwise, when CDN is not used, you access your VPS's IP from your country, and your VPS's IP has a chance of being blocked by the firewall in your country. Please don't love the VPS merchant's IP, your VPS IP is blocked, you buy another one, this is the money you should spend.

Translated with DeepL.com (free version)