jpskill.com
🛠️ 開発・MCP コミュニティ

xray

VLESS、VMess、Trojanなどのプロキシ設定や、Reality/TLS通信、XTLS適用、複数ユーザー管理、CDN連携など、Xrayの主要な機能を用いて、安全な通信環境を構築・運用し、ネットワーク制限を回避するSkill。

📜 元の英語説明(参考)

Deploy and configure Xray proxy servers. Use when a user asks to set up VLESS, VMess, Trojan, or Shadowsocks proxies, configure Reality or TLS transport, deploy Xray with XTLS, set up fallback routing, manage multi-user access, configure traffic routing rules, set up CDN-based tunneling, build subscription links for client apps, monitor Xray traffic, or bypass network restrictions. Covers all major Xray protocols, transports, and deployment patterns.

🇯🇵 日本人クリエイター向け解説

一言でいうと

VLESS、VMess、Trojanなどのプロキシ設定や、Reality/TLS通信、XTLS適用、複数ユーザー管理、CDN連携など、Xrayの主要な機能を用いて、安全な通信環境を構築・運用し、ネットワーク制限を回避するSkill。

※ jpskill.com 編集部が日本のビジネス現場向けに補足した解説です。Skill本体の挙動とは独立した参考情報です。

⚡ おすすめ: コマンド1行でインストール(60秒)

下記のコマンドをコピーしてターミナル(Mac/Linux)または PowerShell(Windows)に貼り付けてください。 ダウンロード → 解凍 → 配置まで全自動。

🍎 Mac / 🐧 Linux 
mkdir -p ~/.claude/skills && cd ~/.claude/skills && curl -L -o xray.zip https://jpskill.com/download/15579.zip && unzip -o xray.zip && rm xray.zip
🪟 Windows (PowerShell) 
$d = "$env:USERPROFILE\.claude\skills"; ni -Force -ItemType Directory $d | Out-Null; iwr https://jpskill.com/download/15579.zip -OutFile "$d\xray.zip"; Expand-Archive "$d\xray.zip" -DestinationPath $d -Force; ri "$d\xray.zip"

完了後、Claude Code を再起動 → 普通に「動画プロンプト作って」のように話しかけるだけで自動発動します。

💾 手動でダウンロードしたい(コマンドが難しい人向け)
  1. 1. 下の青いボタンを押して xray.zip をダウンロード
  2. 2. ZIPファイルをダブルクリックで解凍 → xray フォルダができる
  3. 3. そのフォルダを C:\Users\あなたの名前\.claude\skills\(Win)または ~/.claude/skills/(Mac)へ移動
  4. 4. Claude Code を再起動
⬇ .zip でダウンロード(推奨) ⬇ .skill 形式(上級者用) 元のソース ↗

⚠️ ダウンロード・利用は自己責任でお願いします。当サイトは内容・動作・安全性について責任を負いません。

🎯 このSkillでできること

下記の説明文を読むと、このSkillがあなたに何をしてくれるかが分かります。Claudeにこの分野の依頼をすると、自動で発動します。

📦 インストール方法 (3ステップ)

  1. 1. 上の「ダウンロード」ボタンを押して .skill ファイルを取得
  2. 2. ファイル名の拡張子を .skill から .zip に変えて展開(macは自動展開可)
  3. 3. 展開してできたフォルダを、ホームフォルダの .claude/skills/ に置く
    • · macOS / Linux: ~/.claude/skills/
    • · Windows: %USERPROFILE%\.claude\skills\

Claude Code を再起動すれば完了。「このSkillを使って…」と話しかけなくても、関連する依頼で自動的に呼び出されます。

詳しい使い方ガイドを見る →
最終更新
2026-05-18
取得日時
2026-05-18
同梱ファイル
1

📖 Skill本文(日本語訳)

※ 原文(英語/中国語)を Gemini で日本語化したものです。Claude 自身は原文を読みます。誤訳がある場合は原文をご確認ください。

Xray

概要

VLESS、VMess、Trojan、Shadowsocks プロトコルを、Reality、XTLS-Vision、WebSocket、gRPC、HTTP/2 などの最新のトランスポートでサポートする高度なプロキシプラットフォームである Xray-core をデプロイおよび構成します。このスキルでは、サーバーのデプロイ、プロトコル選択、TLS/Reality の構成、トラフィックルーティング、マルチユーザー管理、CDN 統合、クライアント構成、および監視について説明します。

手順

ステップ 1: インストール

bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install
xray version
# Binary: /usr/local/bin/xray
# Config: /usr/local/etc/xray/config.json

# UUID と X25519 キーを生成
xray uuid
xray x25519   # Reality 用の秘密鍵 + 公開鍵ペア

ステップ 2: VLESS + Reality (推奨)

最も安全な設定です。Reality は実際の HTTPS ウェブサイトの TLS ハンドシェイクを模倣し、ドメインや TLS 証明書を必要としません。

サーバー設定 (/usr/local/etc/xray/config.json):

{
  "log": { "loglevel": "warning" },
  "inbounds": [{
    "listen": "0.0.0.0",
    "port": 443,
    "protocol": "vless",
    "settings": {
      "clients": [
        { "id": "YOUR-UUID", "flow": "xtls-rprx-vision", "email": "user1@proxy" }
      ],
      "decryption": "none"
    },
    "streamSettings": {
      "network": "tcp",
      "security": "reality",
      "realitySettings": {
        "dest": "www.microsoft.com:443",
        "serverNames": ["www.microsoft.com", "microsoft.com"],
        "privateKey": "YOUR-PRIVATE-KEY",
        "shortIds": ["", "0123456789abcdef"]
      }
    },
    "sniffing": { "enabled": true, "destOverride": ["http", "tls", "quic"] }
  }],
  "outbounds": [
    { "protocol": "freedom", "tag": "direct" },
    { "protocol": "blackhole", "tag": "block" }
  ],
  "routing": {
    "rules": [{ "type": "field", "ip": ["geoip:private"], "outboundTag": "block" }]
  }
}

クライアント共有リンク:

vless://UUID@SERVER_IP:443?encryption=none&flow=xtls-rprx-vision&security=reality&sni=www.microsoft.com&fp=chrome&pbk=PUBLIC_KEY&sid=0123456789abcdef&type=tcp#MyProxy
systemctl enable --now xray

ステップ 3: VLESS + WebSocket + TLS (CDN 互換)

サーバーの IP を隠すために Cloudflare CDN を介してルーティングします。Cloudflare プロキシと TLS 証明書を持つドメインが必要です。

apt install -y certbot
certbot certonly --standalone -d proxy.yourdomain.com
{
  "inbounds": [
    {
      "port": 443, "protocol": "vless",
      "settings": {
        "clients": [{ "id": "YOUR-UUID" }],
        "decryption": "none",
        "fallbacks": [
          { "dest": 8080 },
          { "path": "/ws-path", "dest": 8443, "xver": 1 }
        ]
      },
      "streamSettings": {
        "network": "tcp", "security": "tls",
        "tlsSettings": {
          "certificates": [{
            "certificateFile": "/etc/letsencrypt/live/proxy.yourdomain.com/fullchain.pem",
            "keyFile": "/etc/letsencrypt/live/proxy.yourdomain.com/privkey.pem"
          }]
        }
      }
    },
    {
      "listen": "127.0.0.1", "port": 8443, "protocol": "vless",
      "settings": { "clients": [{ "id": "YOUR-UUID" }], "decryption": "none" },
      "streamSettings": { "network": "ws", "wsSettings": { "path": "/ws-path" } }
    }
  ],
  "outbounds": [{ "protocol": "freedom", "tag": "direct" }]
}

フォールバックとしてポート 8080 で nginx をセットアップし、Cloudflare で SSL/TLS を Full (Strict) に、WebSockets を ON に設定します。

ステップ 4: Trojan & Shadowsocks

Trojan (通常の HTTPS のように見えます):

{
  "inbounds": [{
    "port": 443, "protocol": "trojan",
    "settings": {
      "clients": [{ "password": "your-strong-password", "email": "user1@trojan" }],
      "fallbacks": [{ "dest": 8080 }]
    },
    "streamSettings": {
      "network": "tcp", "security": "tls",
      "tlsSettings": { "certificates": [{ "certificateFile": "...", "keyFile": "..." }] }
    }
  }]
}

Shadowsocks 2022 (最新の AEAD 暗号):

{
  "inbounds": [{
    "port": 8388, "protocol": "shadowsocks",
    "settings": { "method": "2022-blake3-aes-128-gcm", "password": "BASE64_KEY", "network": "tcp,udp" }
  }]
}

キーを生成: openssl rand -base64 16 (または aes-256 の場合は -base64 32)

ステップ 5: マルチユーザー管理

"clients": [
  { "id": "uuid-1", "email": "alice@proxy", "flow": "xtls-rprx-vision" },
  { "id": "uuid-2", "email": "bob@proxy", "flow": "xtls-rprx-vision" },
  { "id": "uuid-3", "email": "carol@proxy", "flow": "xtls-rprx-vision" }
]

ユーザーごとのトラフィック統計 — stats API を有効にします:

{
  "stats": {},
  "policy": {
    "levels": { "0": { "statsUserUplink": true, "statsUserDownlink": true } },
    "system": { "statsInboundUplink": true, "statsInboundDownlink": true }
  },
  "api": { "tag": "api", "services": ["StatsService", "HandlerService"] },
  "inbounds": [
    { "listen": "127.0.0.1", "port": 10085, "protocol": "dokodemo-door",
      "settings": { "address": "127.0.0.1" }, "tag": "api" }
  ],
  "routing": { "rules": [{ "type": "field", "inboundTag": ["api"], "outboundTag": "api" }] }
}

実行時にユーザーをクエリおよび管理:

xray api stats --server=127.0.0.1:10085 -name "user>>>alice@proxy>>>traffic>>>uplink"
xray api adi --server=127.0.0.1:10085 --inbound-tag proxy --id "new-uuid" --email "newuser@proxy"
xray api rmi --server=127.0.0.1:10085 --inbound-tag proxy --email "olduser@proxy"

ステップ 6: ルーティングルールと監視

ドメイン/IP/geo でルーティング:

{
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      { "type": "field", "domain": ["geosite:category-ads-all"], "outboundTag": "block" },
      { "type": "field", "ip": ["geoip:private"], "outboundTag": "block" },
      { "type": "field", "network": "tcp,udp", "outboundTag": "proxy" }
    ]
  }
}

監視:

systemctl status xray
journalctl -u xray -f
grep "accepted" /var/log/xray/access.log | awk '{print $3}' | sort | uniq -c | sort -rn

ファイアウォール:

ufw allow 443/tcp && ufw allow 443/udp && ufw enable
📜 原文 SKILL.md(Claudeが読む英語/中国語)を展開

Xray

Overview

Deploy and configure Xray-core — the advanced proxy platform supporting VLESS, VMess, Trojan, and Shadowsocks protocols with modern transports like Reality, XTLS-Vision, WebSocket, gRPC, and HTTP/2. This skill covers server deployment, protocol selection, TLS/Reality configuration, traffic routing, multi-user management, CDN integration, client configuration, and monitoring.

Instructions

Step 1: Installation

bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install
xray version
# Binary: /usr/local/bin/xray
# Config: /usr/local/etc/xray/config.json

# Generate UUID and X25519 keys
xray uuid
xray x25519   # Private + Public key pair for Reality

Step 2: VLESS + Reality (Recommended)

The most secure setup. Reality mimics a real HTTPS website's TLS handshake, eliminating the need for a domain or TLS certificate.

Server config (/usr/local/etc/xray/config.json):

{
  "log": { "loglevel": "warning" },
  "inbounds": [{
    "listen": "0.0.0.0",
    "port": 443,
    "protocol": "vless",
    "settings": {
      "clients": [
        { "id": "YOUR-UUID", "flow": "xtls-rprx-vision", "email": "user1@proxy" }
      ],
      "decryption": "none"
    },
    "streamSettings": {
      "network": "tcp",
      "security": "reality",
      "realitySettings": {
        "dest": "www.microsoft.com:443",
        "serverNames": ["www.microsoft.com", "microsoft.com"],
        "privateKey": "YOUR-PRIVATE-KEY",
        "shortIds": ["", "0123456789abcdef"]
      }
    },
    "sniffing": { "enabled": true, "destOverride": ["http", "tls", "quic"] }
  }],
  "outbounds": [
    { "protocol": "freedom", "tag": "direct" },
    { "protocol": "blackhole", "tag": "block" }
  ],
  "routing": {
    "rules": [{ "type": "field", "ip": ["geoip:private"], "outboundTag": "block" }]
  }
}

Client share link:

vless://UUID@SERVER_IP:443?encryption=none&flow=xtls-rprx-vision&security=reality&sni=www.microsoft.com&fp=chrome&pbk=PUBLIC_KEY&sid=0123456789abcdef&type=tcp#MyProxy
systemctl enable --now xray

Step 3: VLESS + WebSocket + TLS (CDN-Compatible)

For routing through Cloudflare CDN to hide the server IP. Requires a domain with Cloudflare proxying and a TLS certificate.

apt install -y certbot
certbot certonly --standalone -d proxy.yourdomain.com
{
  "inbounds": [
    {
      "port": 443, "protocol": "vless",
      "settings": {
        "clients": [{ "id": "YOUR-UUID" }],
        "decryption": "none",
        "fallbacks": [
          { "dest": 8080 },
          { "path": "/ws-path", "dest": 8443, "xver": 1 }
        ]
      },
      "streamSettings": {
        "network": "tcp", "security": "tls",
        "tlsSettings": {
          "certificates": [{
            "certificateFile": "/etc/letsencrypt/live/proxy.yourdomain.com/fullchain.pem",
            "keyFile": "/etc/letsencrypt/live/proxy.yourdomain.com/privkey.pem"
          }]
        }
      }
    },
    {
      "listen": "127.0.0.1", "port": 8443, "protocol": "vless",
      "settings": { "clients": [{ "id": "YOUR-UUID" }], "decryption": "none" },
      "streamSettings": { "network": "ws", "wsSettings": { "path": "/ws-path" } }
    }
  ],
  "outbounds": [{ "protocol": "freedom", "tag": "direct" }]
}

Set up nginx on port 8080 as fallback, and in Cloudflare: SSL/TLS Full (Strict), WebSockets ON.

Step 4: Trojan & Shadowsocks

Trojan (looks like normal HTTPS):

{
  "inbounds": [{
    "port": 443, "protocol": "trojan",
    "settings": {
      "clients": [{ "password": "your-strong-password", "email": "user1@trojan" }],
      "fallbacks": [{ "dest": 8080 }]
    },
    "streamSettings": {
      "network": "tcp", "security": "tls",
      "tlsSettings": { "certificates": [{ "certificateFile": "...", "keyFile": "..." }] }
    }
  }]
}

Shadowsocks 2022 (modern AEAD ciphers):

{
  "inbounds": [{
    "port": 8388, "protocol": "shadowsocks",
    "settings": { "method": "2022-blake3-aes-128-gcm", "password": "BASE64_KEY", "network": "tcp,udp" }
  }]
}

Generate key: openssl rand -base64 16 (or -base64 32 for aes-256)

Step 5: Multi-User Management

"clients": [
  { "id": "uuid-1", "email": "alice@proxy", "flow": "xtls-rprx-vision" },
  { "id": "uuid-2", "email": "bob@proxy", "flow": "xtls-rprx-vision" },
  { "id": "uuid-3", "email": "carol@proxy", "flow": "xtls-rprx-vision" }
]

Per-user traffic stats — enable the stats API:

{
  "stats": {},
  "policy": {
    "levels": { "0": { "statsUserUplink": true, "statsUserDownlink": true } },
    "system": { "statsInboundUplink": true, "statsInboundDownlink": true }
  },
  "api": { "tag": "api", "services": ["StatsService", "HandlerService"] },
  "inbounds": [
    { "listen": "127.0.0.1", "port": 10085, "protocol": "dokodemo-door",
      "settings": { "address": "127.0.0.1" }, "tag": "api" }
  ],
  "routing": { "rules": [{ "type": "field", "inboundTag": ["api"], "outboundTag": "api" }] }
}

Query and manage users at runtime:

xray api stats --server=127.0.0.1:10085 -name "user>>>alice@proxy>>>traffic>>>uplink"
xray api adi --server=127.0.0.1:10085 --inbound-tag proxy --id "new-uuid" --email "newuser@proxy"
xray api rmi --server=127.0.0.1:10085 --inbound-tag proxy --email "olduser@proxy"

Step 6: Routing Rules & Monitoring

Route by domain/IP/geo:

{
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      { "type": "field", "domain": ["geosite:category-ads-all"], "outboundTag": "block" },
      { "type": "field", "ip": ["geoip:private"], "outboundTag": "block" },
      { "type": "field", "network": "tcp,udp", "outboundTag": "proxy" }
    ]
  }
}

Monitoring:

systemctl status xray
journalctl -u xray -f
grep "accepted" /var/log/xray/access.log | awk '{print $3}' | sort | uniq -c | sort -rn

Firewall:

ufw allow 443/tcp && ufw allow 443/udp && ufw enable

Examples

Example 1: Deploy a VLESS + Reality proxy server for a small team

User prompt: "Set up Xray on our Debian 12 VPS at 198.51.100.30 using VLESS with Reality transport. Create accounts for alice, bob, and carol. Use microsoft.com as the Reality target and give me the share links for v2rayNG."

The agent will install Xray via the official script, generate a UUID for each user and an X25519 key pair, build a config.json with a VLESS inbound on port 443 using Reality settings targeting www.microsoft.com, add three client entries with xtls-rprx-vision flow, add routing rules to block private IPs, enable and start the xray service, open port 443 in the firewall, and output three vless:// share links with the server IP, public key, short ID, and SNI.

Example 2: Set up a CDN-fronted VLESS proxy with Cloudflare and a fallback website

User prompt: "I have proxy.mysite.com pointing to our server through Cloudflare. Configure Xray with VLESS over WebSocket on /secret-ws so traffic goes through Cloudflare's CDN. Non-proxy visitors should see a normal nginx website."

The agent will obtain a Let's Encrypt certificate with certbot, configure Xray with a main VLESS+TLS inbound on port 443 with a fallback to nginx on port 8080, add a second VLESS+WebSocket inbound on localhost:8443 with path /secret-ws, set up nginx to serve a static site on port 8080, verify Cloudflare SSL is set to Full (Strict) with WebSockets enabled, and provide the client connection string with the WebSocket path and Cloudflare SNI.

Guidelines

  • Always use VLESS + Reality for new deployments; it requires no domain or certificate and is the hardest protocol to detect and block
  • Set "alterId": 0 for all VMess users to enable mandatory AEAD encryption; non-zero alterId uses the deprecated, less secure legacy format
  • Block access to private IP ranges (geoip:private) in routing rules to prevent the proxy from being used for SSRF attacks against internal services
  • Use the xray api commands to add and remove users at runtime without restarting the service, which avoids disconnecting active users
  • Choose the Reality dest and serverNames from a popular website (microsoft.com, apple.com) hosted on a different IP than your server, and ensure that site supports TLS 1.3 and HTTP/2
  • Enable the stats API with per-user tracking (statsUserUplink/statsUserDownlink) to monitor bandwidth usage and detect abuse