Back to blog
January 13, 2026Guides

Ultimate Guide: How to Install VLESS + XTLS-Reality on VPS

A comprehensive, deep-dive guide on setting up the most advanced censorship-resistant proxy protocol using 3x-ui panel.

Ultimate Guide: How to Install VLESS + XTLS-Reality on VPS

In regions with heavy internet censorship, standard VPNs like OpenVPN or even WireGuard are easily detected and blocked by DPI (Deep Packet Inspection). The solution is VLESS with XTLS-Reality. This technology camouflages your traffic to look like a normal connection to a popular website (like Microsoft or Apple), making it virtually impossible to distinguish from regular browsing. This detailed guide will walk you through every step of setting it up on a Hiddence VPS.

Why VLESS + Reality?

  • Stealth: Masquerades as legitimate HTTPS traffic.
  • No Domain Required: Unlike previous methods, you don't need to buy a domain name. Reality 'borrows' the TLS handshake of a real site.
  • High Performance: XTLS minimizes overhead, giving you raw speed.
  • Multi-Platform: Supported on Windows, macOS, Android, and iOS.

Prerequisites

  • A fresh VPS with Ubuntu 22.04 or 24.04 (Hiddence VPS recommended)
  • Root access to the server
  • An SSH client (PuTTY, Terminal, etc.)

Step 1: Prepare Your Server

First, update your system and enable BBR (Google's congestion control algorithm) for better network speeds.

bash
apt update && apt upgrade -y

# Enable BBR
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p

Step 2: Install 3x-ui Panel

We will use the 3x-ui panel (MHSanaei fork), which is the most robust tool for managing Xray protocols. Run this single command to install it:

bash
bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh)

Step 3: Configure VLESS-Reality Inbound

Log in to your panel (http://YOUR_IP:2053 by default). Go to 'Inbounds' > 'Add Inbound'. Use these exact settings for maximum security:

  • Remark: VLESS-Reality
  • Protocol: vless
  • Listen IP: 0.0.0.0
  • Port: 443 (Crucial! Do not use other ports for Reality)
  • Transmission: TCP
  • Security: reality
  • Dest: www.microsoft.com:443 (or www.apple.com:443, dl.google.com:443)
  • SNI: www.microsoft.com (Must match Dest)
  • Flow: xtls-rprx-vision (Best for performance)
  • uTLS: chrome
  • Click 'Get New Cert' to generate public/private keys.

Step 4: Connect Your Client

In the panel, click on the QR code icon next to your new inbound. You can scan this with your mobile app or copy the link.

  • Android: v2rayNG or Hiddify Next
  • iOS: V2Box or FoXray
  • Windows: v2rayN or Hiddify Next
  • macOS: V2Box or FoXray

Detailed Optimization Tips

1. Do not use the same SNI for everyone. If Microsoft is slow for you, try distinct domains like `www.samsung.com` or `www.amazon.com`. 2. Keep your client apps updated. Xray core updates frequently. 3. If your IP gets blocked, simply reinstall the OS from the Hiddence panel and deploy again in 5 minutes.