What Gets Installed on Your Servers
We value your trust and want you to know exactly what happens on your servers.
Summary
- —Xray is installed — an open-source proxy server GitHub →
- —BBR is enabled — Google's TCP speed optimization algorithm
- —A dedicated system user `xray` is created (no SSH access)
- —All Xray files are placed in `/opt/xray/`
- —Your existing data, files, and other software are not affected
Input Node
The server in your country that receives connections from your device.
Installed Packages
| unzip | To extract Xray during installation |
| logrotate | Automatic log rotation |
Files on the Server
| /opt/xray/xray | Xray binary |
| /opt/xray/config.json | Configuration (accessible only by xray user) |
| /opt/xray/log/ | Log directory |
| /etc/systemd/system/xray.service | Systemd service for auto-start |
| /etc/logrotate.d/xray | Log rotation rules |
Ports Used
| 443 | VLESS TCP (Reality) | Primary connection channel |
| 1443 | VLESS gRPC (Reality) | Alternative channel |
| 1023 | Shadowsocks | Backup protocol |
System Settings
| tcp_congestion_control | bbr | Faster TCP connections |
| default_qdisc | fq | Packet queue optimization for BBR |
A system user xray is created (no home directory, no shell). Xray runs under this user instead of root.
Output Node
The server abroad that sends your traffic to the internet.
Configuration is identical to the input node, except:
- —Single port: only 443 (VLESS TCP Reality)
- —No gRPC or Shadowsocks — only needed at the input
- —Traffic goes directly to the internet
What Is NOT Affected
- ✓Your files and data on the server
- ✓Other installed programs and services
- ✓SSH settings (passwords, keys, ports)
- ✓Firewall rules (iptables/ufw/firewalld)
- ✓User accounts
- ✓Cron jobs
Security
- ●Xray does not run as root — it uses a dedicated system user
- ●Config is accessible only to Xray — config.json has 0600 permissions
- ●Minimal privileges — only the ability to bind to privileged ports
- ●No traffic logging — only errors and warnings
- ●Open-source — all code is public and auditable
Removal
To remove Xray from your server:
sudo systemctl stop xray sudo systemctl disable xray sudo rm -rf /opt/xray sudo rm /etc/systemd/system/xray.service sudo rm /etc/logrotate.d/xray sudo systemctl daemon-reload sudo userdel xray sudo groupdel xray
BBR settings can be left in place — they only improve network performance.
Questions
If you have questions about the setup — contact us at @doubletunnelbot
Also see: What Gets Installed on NanoPi