Is your feature request related to a problem?
Environment
OS: Ubuntu
Panel: 3X-UI
Protocol: VLESS
Transport: WebSocket
Cloudflare Tunnel enabled
Issue
If I create an inbound without TLS, the connection works.
When I manually add TLS parameters in the client link, it works and internet access is available.
Example working client link:
vless://UUID@connect.mydomain.com:443?type=ws&security=tls&encryption=none&path=%2Fvpn&host=connect.kyawkhwa.vip&sni=connect.kyawkhwa.vip
However, when I enable TLS directly in the inbound settings and use the same certificate, the client can connect but cannot access the internet.
Summary
VLESS + WS (no TLS in inbound) → works
VLESS + WS + TLS in inbound → client connects but no internet
Could you update the 3X-UI to generate client key that can solve this issue.
Thank you.
Describe the solution you'd like
I would like 3X-UI to properly support VLESS + WebSocket + TLS when the server is behind Cloudflare (orange cloud proxy).
Currently, when TLS is disabled in the inbound, the connection works if the client manually adds:
However, when TLS is enabled directly in the inbound and a valid certificate is configured, the client can connect but no internet traffic passes through.
It appears that TLS termination by Cloudflare proxy may conflict with TLS enabled in the Xray inbound.
The expected behavior would be either:
- The panel detects when the server is behind Cloudflare and recommends the correct configuration (WS without TLS in inbound), or
- TLS-enabled inbound works correctly behind Cloudflare proxy without breaking internet access.
Clear guidance or automatic configuration for Cloudflare proxy environments would help prevent this confusion.
Describe alternatives you've considered
No response
Checklist
Is your feature request related to a problem?
Environment
OS: Ubuntu
Panel: 3X-UI
Protocol: VLESS
Transport: WebSocket
Cloudflare Tunnel enabled
Issue
If I create an inbound without TLS, the connection works.
When I manually add TLS parameters in the client link, it works and internet access is available.
Example working client link:
vless://UUID@connect.mydomain.com:443?type=ws&security=tls&encryption=none&path=%2Fvpn&host=connect.kyawkhwa.vip&sni=connect.kyawkhwa.vip
However, when I enable TLS directly in the inbound settings and use the same certificate, the client can connect but cannot access the internet.
Summary
VLESS + WS (no TLS in inbound) → works
VLESS + WS + TLS in inbound → client connects but no internet
Could you update the 3X-UI to generate client key that can solve this issue.
Thank you.
Describe the solution you'd like
I would like 3X-UI to properly support VLESS + WebSocket + TLS when the server is behind Cloudflare (orange cloud proxy).
Currently, when TLS is disabled in the inbound, the connection works if the client manually adds:
security=tlssni=domainHowever, when TLS is enabled directly in the inbound and a valid certificate is configured, the client can connect but no internet traffic passes through.
It appears that TLS termination by Cloudflare proxy may conflict with TLS enabled in the Xray inbound.
The expected behavior would be either:
Clear guidance or automatic configuration for Cloudflare proxy environments would help prevent this confusion.
Describe alternatives you've considered
No response
Checklist