diff --git a/README.md b/README.md
index 617bf52..4e4db7e 100644
--- a/README.md
+++ b/README.md
@@ -61,32 +61,37 @@ $ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com
 ```shell
 $ docker run --rm samuelhbne/server-xray
 server-xray <server-options>
-    --lx  <VLESS-XTLS option>         [p=443,]d=domain.com,u=id[:level[:email]]
-    --ls  <VLESS-TLS option>          [p=443,]d=domain.com,u=id[:level[:email]]
-    --ms  <VMESS-TLS option>          [p=443,]d=domain.com,u=id[:level[:email]]
-    --ts  <TROJAN-TLS option>         [p=443,]d=domain.com,u=psw[:level[:email]]
-    --lsg <VLESS-TLS-GRPC option>     [p=443,]d=domain.com,u=id[:level[:email]],s=svcname
-    --lss <VLESS-TLS-SPLT option>     [p=443,]d=domain.com,u=id[:level[:email]],w=/webpath
-    --lsw <VLESS-TLS-WS option>       [p=443,]d=domain.com,u=id[:level[:email]],w=/wspath
-    --msw <VMESS-TLS-WS option>       [p=443,]d=domain.com,u=id[:level[:email]],w=/wspath
-    --tsw <TROJAN-TLS-WS option>      [p=443,]d=domain.com,u=psw[:level[:email]],w=/wspath
-    --lpg <VLESS-PLN-GRPC option>     [p=443,]u=id[:level[:email]],s=svcname
-    --lps <VLESS-PLN-SPLT option>     [p=443,]u=id[:level[:email]],w=/webpath
-    --lpw <VLESS-PLN-WS option>       [p=443,]u=id[:level[:email]],w=/wspath
-    --mpw <VMESS-PLN-WS option>       [p=443,]u=id[:level[:email]],w=/wspath
-    --tpw <TROJAN-PLN-WS option>      [p=443,]u=psw[:level[:email]],w=/wspath
-    --ng-opt <nginx-options>          [p=443,]d=domain0.com[,d=domain1.com][...]
-    --ng-proxy <nginx-proxy-options>  [d=domain0.com,][d=domain1.com,]p=port-backend,l=location,n=ws|grpc|splt
-    --domain-block <domain-rule>      Add a domain rule for routing block, like geosite:category-ads-all
-    --ip-block <ip-rule>              Add a ip-addr rule for routing block, like geoip:private
-    --cn-block                        Add routing rules to avoid domains and IPs located in China being proxied
-    -u|--user  <global-user-options>  u=id0[:level[:email]][,u=id1][...]
-    -k|--hook  <hook-url>             DDNS update or notifing URL to be hit
-    -r|--request-domain <domain-name> Domain name to request for letsencrypt cert
-    -c|--cert-home <cert-home-dir>    Reading TLS certs from folder <cert-home-dir>/<domain-name>/
-    -i|--stdin                        Read config from STDIN instead of auto generation
-    -j|--json                         '{"log":{"loglevel":"info"}' Json snippet to merge into the config
-    -d|--debug                        Start in debug mode with verbose output
+    --lgp  <VLESS-GRPC-PLN option>        p=11443,u=id1,u=id2...,s=svcname
+    --lgr  <VLESS-GRPC-RLTY option>       p=12443,u=id1,u=id2...,s=svcname,d=dest.com,pub=xx,prv=yy[,shortId=ab]
+    --lgt  <VLESS-GRPC-TLS option>        p=13443,u=id1,u=id2...,s=svcname,d=domain.com
+    --lsp  <VLESS-SPLT-PLN option>        p=14443,u=id1,u=id2...,w=/webpath
+    --lst  <VLESS-SPLT-TLS option>        p=16443,u=id1,u=id2...,w=/webpath,d=domain.com
+    --ltr  <VLESS-TCP-RLTY option>        p=17443,u=id1,u=id2...,d=dest.com,pub=xx,prv=yy[,shortId=ab],[xtls]
+    --ltrx <VLESS-TCP-RLTY-XTLS option>   p=17443,u=id1,u=id2...,d=dest.com,pub=xx,prv=yy[,shortId=ab]
+    --ltt  <VLESS-TCP-TLS option>         p=18443,u=id1,u=id2...,d=domain.com,[xtls]
+    --lttx <VLESS-TCP-TLS-XTLS option>    p=18443,u=id1,u=id2...,d=domain.com
+    --lwp  <VLESS-WS-PLN option>          p=19443,u=id1,u=id2...,w=/wskpath
+    --lwt  <VLESS-WS-TLS option>          p=22443,u=id1,u=id2...,w=/wskpath,d=domain.com
+    --mtt  <VMESS-TCP-TLS option>         p=23443,u=id1,u=id2...,d=domain.com
+    --mwp  <VMESS-WS-PLN option>          p=24443,u=id1,u=id2...,w=/wskpath
+    --mwt  <VMESS-WS-TLS option>          p=25443,u=id1,u=id2...,w=/wskpath,d=domain.com
+    --ttt  <TROJAN-TCP-TLS option>        p=26443,u=pw1,u=pw2...,d=domain.com
+    --twp  <TROJAN-WS-PLN option>         p=27443,u=pw1,u=pw2...,w=/wskpath
+    --twt  <TROJAN-WS-TLS option>         p=28443,u=pw1,u=pw2...,w=/wskpath,d=domain.com
+    --ng-server <nginx-server-options>    p=8443,d=domain0.com,d=domain1.com...
+    --ng-proxy  <nginx-proxy-options>     d=domain0.com,d=domain1.com,p=port-backend,l=location,n=ws|grpc|splt
+    --st-port   <stream-port-number>      443
+    --st-map    <stream-map-options>      sni=domain.com,ups=127.0.0.1:8443
+    --domain-block <domain-rule>          Add a domain rule for routing-server block, like geosite:category-ads-all
+    --ip-block  <ip-rule>                 Add a ip-addr rule for routing block, like geoip:private
+    --cn-block                            Add routing rules to avoid domains and IPs located in China being proxied
+    -u|--user   <global-user-options>     u=id0,u=id1...
+    -k|--hook   <hook-url>                DDNS update or notifing URL to be hit
+    -r|--request-domain <domain-name>     Domain name to request for letsencrypt cert
+    -c|--cert-home <cert-home-dir>        Reading TLS certs from folder <cert-home-dir>/<domain-name>/
+    -i|--stdin                            Read config from STDIN instead of auto generation
+    -j|--json                             Json snippet to merge into the config. Say '{log:{loglevel:info}'
+    -d|--debug                            Start in debug mode with verbose output
 ```
 
 ## How to stop and remove the running container
@@ -106,8 +111,8 @@ The following command will:
 
 1. Update domain1 and domain2 with the current IP address server-xray running
 2. Request TLS certs from Letsencrypt for domain1 and domain2
-3. Create Vless+TLS+Websocket server on port 443 with the cert of domain1
-4. Create Trojan server on port 8443 with the cert of domain2 as fallback
+3. Create Vless-TCP-TLS-XTLS server on port 443 with the cert of domain1
+4. Create Trojan-TCP-TLS server on port 8443 with the cert of domain2 as fallback
 
 ### NOTE 3
 
@@ -115,8 +120,8 @@ Port 80 must be exported for TLS domain ownership verification
 
 ```shell
 $ docker run --name server-xray -p 80:80 -p 443:443 -p 8443:8443 -d samuelhbne/server-xray \
---lx p=443,d=domain1.duckdns.org,u=myid,f=:8443 \
---ts p=8443,d=domain2.duckdns.org,u=trojan_pass \
+--ltrx p=443,d=domain1.duckdns.org,u=myid,f=:8443 \
+--ttt p=8443,d=domain2.duckdns.org,u=trojan_pass \
 -k https://duckdns.org/update/domain1/c9711c65-db21-4f8c-a790-2c32c93bde8c \
 -k https://duckdns.org/update/domain2/c9711c65-db21-4f8c-a790-2c32c93bde8c \
 -r domain1.duckdns.org \
@@ -124,10 +129,10 @@ $ docker run --name server-xray -p 80:80 -p 443:443 -p 8443:8443 -d samuelhbne/s
 ...
 ```
 
-#### XTLS connection verifying instructions
+#### Vless-TCP-TLS-XTLS connection verifying instructions
 
 ```shell
-$ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --ltx \
+$ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --ltrx \
 myid@mydomain.duckdns.org:443
 
 $ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com
@@ -140,10 +145,10 @@ Xray-URL: vless://myid@domain1.duckdns.org:443?security=xtls&type=tcp&flow=xtls-
 ...
 ```
 
-#### Trojan connection verifying instructions
+#### Trojan-TCP-TLS connection verifying instructions
 
 ```shell
-$ docker run --name proxy-xray -p 2080:1080 -d samuelhbne/proxy-xray --ts \
+$ docker run --name proxy-xray -p 2080:1080 -d samuelhbne/proxy-xray --ttt \
 trojan_pass@domain2.duckdns.org:8443
 
 $ curl -sSx socks5h://127.0.0.1:2080 https://checkip.amazonaws.com
@@ -156,7 +161,7 @@ Xray-URL: trojan://trojan_pass@domain2.duckdns.org:8443#domain2.duckdns.org:8443
 ...
 ```
 
-### 2. Running a Vless+TLS+Websocket server with existing TLS cert
+### 2. Running a Vless-Websocket-TLS server with existing TLS cert
 
 The following command will:
 
@@ -168,15 +173,14 @@ The following command will:
 
 ```shell
 $ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d samuelhbne/server-xray \
---lsw d=mydomain.duckdns.org,u=myid,w=/websocket,f=microsoft.com:80 \
--c /opt/cert
+--lwt d=mydomain.duckdns.org,u=myid,w=/websocket,f=microsoft.com:80 -c /opt/cert
 ...
 ```
 
-#### Websocket connection verifying instructions
+#### Vless-Websocket-TLS connection verifying instructions
 
 ```shell
-$ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --lsw \
+$ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --lwt \
 myid@mydomain.duckdns.org:443:/websocket
 
 $ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com
@@ -189,30 +193,30 @@ Xray-URL: vless://myid@mydomain.duckdns.org:443?security=tls&type=ws&path=%2Fweb
 ...
 ```
 
-### 3. Running a Vless+TCP+PLAN+gRPC server + Nginx TLS front, with existing TLS cert
+### 3. Running a Vless-gRPC-PLAIN server and Nginx TLS front, with existing TLS cert
 
 The following command will:
 
 1. Assume to read TLS cert from /home/ubuntu/cert/mydomain.duckdns.org/fullchain.cer
 2. Assume to read private key from  /home/ubuntu/cert/mydomain.duckdns.org/mydomain.duckdns.org.key
 3. Assume mydomain.duckdns.org has been resolved to the current server
-4. Run Xray in Vless+TCP+PLAN+gRPC mode on port 65443
+4. Run Xray in Vless+TCP+PLAIN+gRPC mode on port 65443
 5. Run nginx on port 443 as a TLS front to protect gRPC backend from detection, with the given cert
 6. Only port 443 will be available for access from internet
 
 ```shell
 $ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d samuelhbne/server-xray \
--c /opt/cert --ng-opt port=443,domain=mydomain.duckdns.org \
---lpg port=65443,user=myid,service=gsvc \
+-c /opt/cert --ng-server port=443,domain=mydomain.duckdns.org \
+--lgp port=65443,user=myid,service=gsvc \
 --ng-proxy port=65443,location=/gsvc,network=grpc
 
 ...
 ```
 
-#### gRPC connection verifying instructions
+#### Vless-gRPC-TLS connection verifying instructions
 
 ```shell
-$ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --lsg \
+$ docker run --name proxy-xray -p 1080:1080 -d samuelhbne/proxy-xray --lgt \
 myid@mydomain.duckdns.org:443:gsvc
 
 $ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com
@@ -232,19 +236,19 @@ The following command will:
 1. Assume to read TLS cert from /home/ubuntu/cert/domain*.duckdns.org/fullchain.cer
 2. Assume to read private key from  /home/ubuntu/cert/domain*.duckdns.org/domain*.duckdns.org.key
 3. Assume domain0.duckdns.org and domain1.duckdns.org has been resolved to the current server
-4. Run Vless+TCP+PLAN+gRPC service on port 55443, location /svc0, serve all domains
-5. Run Vless+TCP+PLAN+WebSocket service on port 53443, location /ws1, serve all domains
-6. Run Trojan+TCP+PLAN+WebSocket service on port 51443, location /ws2, serve only domain1.duckdns.org
+4. Run Vless-gRPC-PLAIN service on port 55443, location /svc0, serve all domains
+5. Run Vless-WebSocket-PLAIN service on port 53443, location /ws1, serve all domains
+6. Run Trojan-WebSocket-PLAIN service on port 51443, location /ws2, serve only domain1.duckdns.org
 7. Run nginx on port 443 as a TLS front with the given certs for 2 domains, proxy 3 services with 3 locations
 8. Only port 443 will be available for access from internet
 
 ```shell
 $ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d samuelhbne/server-xray \
 -c /opt/cert \
---ng-opt p=443,d=domain0.duckdns.org,d=domain1.duckdns.org \
---lpg p=55443,u=myid0,s=svc0 \
---lpw p=53443,u=myid1,w=/ws1 \
---tpw p=51443,u=myid2,w=/ws2 \
+--lgp p=55443,u=myid0,s=svc0 \
+--lwp p=53443,u=myid1,w=/ws1 \
+--twp p=51443,u=myid2,w=/ws2 \
+--ng-server p=443,d=domain0.duckdns.org,d=domain1.duckdns.org \
 --ng-proxy p=55443,l=/svc0,n=grpc \
 --ng-proxy p=53443,l=/ws1,n=ws \
 --ng-proxy d=domain1.duckdns.org,p=51443,l=/ws2,n=ws
@@ -253,14 +257,17 @@ $ docker run --name server-xray -p 443:443 -v /home/ubuntu/cert:/opt/cert -d sam
 
 ### NOTE 4
 
-Only PLAN (NON-TLS) services (--lpg, --lpw, --mpw, -tpw) can be proxied by Nginx.
+Only PLAIN (NON-TLS) services (--lgp, --lwp, --mwp, -twp) can be proxied by Nginx.
+
+NEVER EVER expose any plain services on internet directly. They are designed to be proxied by Nginx TLS front
+hence all different transport portocols can be accessed with diffent web-path while only port 443 exposed via Nginx.
 
 #### Multiple service connection verifying instructions
 
 ```shell
-$ docker run --name proxy-gsvc -p 1080:1080 -d samuelhbne/proxy-xray --lsg myid0@domain0.duckdns.org:443:/gsvc
-$ docker run --name proxy-vless -p 2080:1080 -d samuelhbne/proxy-xray --lsw myid1@domain1.duckdns.org:443:/ws1
-$ docker run --name proxy-trojan -p 3080:1080 -d samuelhbne/proxy-xray --tsw myid2@domain0.duckdns.org:443:/ws2
+$ docker run --name proxy-gsvc -p 1080:1080 -d samuelhbne/proxy-xray --lgt myid0@domain0.duckdns.org:443:/gsvc
+$ docker run --name proxy-vless -p 2080:1080 -d samuelhbne/proxy-xray --lwt myid1@domain1.duckdns.org:443:/ws1
+$ docker run --name proxy-trojan -p 3080:1080 -d samuelhbne/proxy-xray --twt myid2@domain0.duckdns.org:443:/ws2
 
 $ curl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com
 12.34.56.78
@@ -280,7 +287,7 @@ The following instruction start server-trojan in debug mode. Output Xray config
 ```shell
 $ docker run --rm -p 80:80 -p 443:443 samuelhbne/server-xray \
 -k https://duckdns.org/update/mydomain/c9711c65-db21-4f8c-a790-2c32c93bde8c \
---msw d=mydomain.duckdns.org,u=myid,w=/websocket,f=microsoft.com:80 \
+--mwt d=mydomain.duckdns.org,u=myid,w=/websocket,f=microsoft.com:80 \
 -r mydomain.duckdns.org --debug
 ...
 ```
diff --git a/run.sh b/run.sh
index a082d78..4709448 100755
--- a/run.sh
+++ b/run.sh
@@ -7,32 +7,32 @@ XCONF=/tmp/server-xray.json
 
 usage() {
     echo "server-xray <server-options>"
-    echo "    --lgp     <VLESS-GRPC-PLN option>     p=11443,u=id1,u=id2...,s=svcname"
-    echo "    --lgr     <VLESS-GRPC-RLTY option>    p=12443,u=id1,u=id2...,s=svcname,d=dest.com,pub=xx,prv=yy[,shortId=ab]"
-    echo "    --lgt     <VLESS-GRPC-TLS option>     p=13443,u=id1,u=id2...,s=svcname,d=domain.com"
-    echo "    --lsp     <VLESS-SPLT-PLN option>     p=14443,u=id1,u=id2...,w=/webpath"
-    echo "    --lst     <VLESS-SPLT-TLS option>     p=16443,u=id1,u=id2...,w=/webpath,d=domain.com"
-    echo "    --ltr     <VLESS-TCP-RLTY option>     p=17443,u=id1,u=id2...,d=dest.com,pub=xx,prv=yy[,shortId=ab],[xtls]"
-    echo "    --ltrx    <VLESS-TCP-RLTY option>     p=17443,u=id1,u=id2...,d=dest.com,pub=xx,prv=yy[,shortId=ab]"
-    echo "    --ltt     <VLESS-TCP-TLS option>      p=18443,u=id1,u=id2...,d=domain.com,[xtls]"
-    echo "    --lttx    <VLESS-TCP-TLS option>      p=18443,u=id1,u=id2...,d=domain.com"
-    echo "    --lwp     <VLESS-WS-PLN option>       p=19443,u=id1,u=id2...,w=/wskpath"
-    echo "    --lwt     <VLESS-WS-TLS option>       p=22443,u=id1,u=id2...,w=/wskpath,d=domain.com"
-    echo "    --mtt     <VMESS-TCP-TLS option>      p=23443,u=id1,u=id2...,d=domain.com"
-    echo "    --mwp     <VMESS-WS-PLN option>       p=24443,u=id1,u=id2...,w=/wskpath"
-    echo "    --mwt     <VMESS-WS-TLS option>       p=25443,u=id1,u=id2...,w=/wskpath,d=domain.com"
-    echo "    --ttt     <TROJAN-TCP-TLS option>     p=26443,u=pw1,u=pw2...,d=domain.com"
-    echo "    --twp     <TROJAN-WS-PLN option>      p=27443,u=pw1,u=pw2...,w=/wskpath"
-    echo "    --twt     <TROJAN-WS-TLS option>      p=28443,u=pw1,u=pw2...,w=/wskpath,d=domain.com"
-    echo "    --ng-server   <nginx-server-options>  p=8443,d=domain0.com,d=domain1.com..."
-    echo "    --ng-proxy    <nginx-proxy-options>   d=domain0.com,d=domain1.com,p=port-backend,l=location,n=ws|grpc|splt"
-    echo "    --st-port     <stream-port-number>    443"
-    echo "    --st-map      <stream-map-options>    sni=domain.com,ups=127.0.0.1:8443"
+    echo "    --lgp  <VLESS-GRPC-PLN option>        p=11443,u=id1,u=id2...,s=svcname"
+    echo "    --lgr  <VLESS-GRPC-RLTY option>       p=12443,u=id1,u=id2...,s=svcname,d=dest.com,pub=xx,prv=yy[,shortId=ab]"
+    echo "    --lgt  <VLESS-GRPC-TLS option>        p=13443,u=id1,u=id2...,s=svcname,d=domain.com"
+    echo "    --lsp  <VLESS-SPLT-PLN option>        p=14443,u=id1,u=id2...,w=/webpath"
+    echo "    --lst  <VLESS-SPLT-TLS option>        p=16443,u=id1,u=id2...,w=/webpath,d=domain.com"
+    echo "    --ltr  <VLESS-TCP-RLTY option>        p=17443,u=id1,u=id2...,d=dest.com,pub=xx,prv=yy[,shortId=ab],[xtls]"
+    echo "    --ltrx <VLESS-TCP-RLTY-XTLS option>   p=17443,u=id1,u=id2...,d=dest.com,pub=xx,prv=yy[,shortId=ab]"
+    echo "    --ltt  <VLESS-TCP-TLS option>         p=18443,u=id1,u=id2...,d=domain.com,[xtls]"
+    echo "    --lttx <VLESS-TCP-TLS-XTLS option>    p=18443,u=id1,u=id2...,d=domain.com"
+    echo "    --lwp  <VLESS-WS-PLN option>          p=19443,u=id1,u=id2...,w=/wskpath"
+    echo "    --lwt  <VLESS-WS-TLS option>          p=22443,u=id1,u=id2...,w=/wskpath,d=domain.com"
+    echo "    --mtt  <VMESS-TCP-TLS option>         p=23443,u=id1,u=id2...,d=domain.com"
+    echo "    --mwp  <VMESS-WS-PLN option>          p=24443,u=id1,u=id2...,w=/wskpath"
+    echo "    --mwt  <VMESS-WS-TLS option>          p=25443,u=id1,u=id2...,w=/wskpath,d=domain.com"
+    echo "    --ttt  <TROJAN-TCP-TLS option>        p=26443,u=pw1,u=pw2...,d=domain.com"
+    echo "    --twp  <TROJAN-WS-PLN option>         p=27443,u=pw1,u=pw2...,w=/wskpath"
+    echo "    --twt  <TROJAN-WS-TLS option>         p=28443,u=pw1,u=pw2...,w=/wskpath,d=domain.com"
+    echo "    --ng-server <nginx-server-options>    p=8443,d=domain0.com,d=domain1.com..."
+    echo "    --ng-proxy  <nginx-proxy-options>     d=domain0.com,d=domain1.com,p=port-backend,l=location,n=ws|grpc|splt"
+    echo "    --st-port   <stream-port-number>      443"
+    echo "    --st-map    <stream-map-options>      sni=domain.com,ups=127.0.0.1:8443"
     echo "    --domain-block <domain-rule>          Add a domain rule for routing-server block, like geosite:category-ads-all"
-    echo "    --ip-block    <ip-rule>               Add a ip-addr rule for routing block, like geoip:private"
+    echo "    --ip-block  <ip-rule>                 Add a ip-addr rule for routing block, like geoip:private"
     echo "    --cn-block                            Add routing rules to avoid domains and IPs located in China being proxied"
-    echo "    -u|--user     <global-user-options>   u=id0,u=id1..."
-    echo "    -k|--hook     <hook-url>              DDNS update or notifing URL to be hit"
+    echo "    -u|--user   <global-user-options>     u=id0,u=id1..."
+    echo "    -k|--hook   <hook-url>                DDNS update or notifing URL to be hit"
     echo "    -r|--request-domain <domain-name>     Domain name to request for letsencrypt cert"
     echo "    -c|--cert-home <cert-home-dir>        Reading TLS certs from folder <cert-home-dir>/<domain-name>/"
     echo "    -i|--stdin                            Read config from STDIN instead of auto generation"
@@ -186,6 +186,7 @@ fi
 
 if [ -z "${SVCMD}" ]; then
     echo "No Xray service creation found. Quit."
+    usage;
     exit 1
 fi
 
diff --git a/server-lgr.sh b/server-lgr.sh
index 2cdaac6..453fac9 100755
--- a/server-lgr.sh
+++ b/server-lgr.sh
@@ -85,8 +85,8 @@ if [ -z "${xconf}" ]; then
     exit 1
 fi
 
-if [ -z "${prvkey}" ] || [ -z "${pubkey}" ] ; then
-    echo "Warning: PublicKey / PrivateKey undefined, Generated new..."
+if [ -z "${prvkey}" ]; then
+    echo "Warning: PrivateKey undefined, Generated new..."
     kv=(`/usr/local/bin/xray x25519|cut -d ' ' -f3|tr ' '`)
     prvkey="${kv[0]}"
     pubkey="${kv[1]}"
diff --git a/server-ltr.sh b/server-ltr.sh
index 0fcda16..4cee23f 100755
--- a/server-ltr.sh
+++ b/server-ltr.sh
@@ -76,8 +76,8 @@ if [ -z "${xconf}" ]; then
     exit 1
 fi
 
-if [ -z "${prvkey}" ] || [ -z "${pubkey}" ] ; then
-    echo "Warning: PublicKey / PrivateKey undefined, Generated new..."
+if [ -z "${prvkey}" ]; then
+    echo "Warning: PrivateKey undefined, Generated new..."
     kv=(`/usr/local/bin/xray x25519|cut -d ' ' -f3|tr ' '`)
     prvkey="${kv[0]}"
     pubkey="${kv[1]}"