首页 > Linux > V2RAY+ws+TLS 打造专属基础通信网络

V2RAY+ws+TLS 打造专属基础通信网络

董事长 2020-12-09 463 0

linux安装方式:

 

#安装unzip(因为centos不支持apt-get,我们需要安装unzip)
yum install zip unzip

 

#安裝和更新 V2Ray

#安裝執行檔和 .dat 資料檔

bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)

#安裝最新發行的 geoip.dat 和 geosite.dat

// 只更新 .dat 資料檔

bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)

 

#移除 V2Ray

bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) --remove

 

 

 

#证书生成

将域名生成ssl证书(可以用阿里云的免费证书 或者 打开Zendes 免费注册一个SSL证书),将证书和密钥安保存到 /etc/v2ray/ (或者其他目录) 文件夹

 

 

#获取用户ID (运用指令 创建一个用户 id ,并记住这个id号)

cat /proc/sys/kernel/random/uuid

 

 

#配置 V2Ray

配置文件路径为 /usr/local/etc/v2ray/config.json

{
  "inbounds": [
    {
      "port": 10000,
      "listen":"127.0.0.1",//只监听 127.0.0.1,避免除本机外的机器探测到开放了 10000 端口
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "b831381d-6324-4d53-ad4f-8cda48b30811",
            "alterId": 64
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
        "path": "/ray"
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    }
  ]
}

#Nginx 配置

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  
  ssl_certificate       /etc/v2ray/v2ray.crt;  #证书的绝对路径
  ssl_certificate_key   /etc/v2ray/v2ray.key; 
  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m;
  ssl_session_tickets off;
  
  ssl_protocols         TLSv1.2 TLSv1.3;
  ssl_ciphers           ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;
  
  server_name           mydomain.me; # 改成你的域名
  location /ray { # 与 V2Ray 配置中的 path 保持一致
    if ($http_upgrade != "websocket") { # WebSocket协商失败时返回404
        return 404;
    }
    proxy_redirect off;
    proxy_pass http://127.0.0.1:10000; # 这里的端口需要和V2Ray 配置文件里的一致
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    # Show real IP in v2ray access.log
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

 

配置好nginx查看一下语法有没有问题,运行命令:

nginx -t

OK,语法没问题。

 

#最后配置客户端

{
  "inbounds": [
    {
      "port": 1080,
      "listen": "127.0.0.1",
      "protocol": "socks",
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"]
      },
      "settings": {
        "auth": "noauth",
        "udp": false
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "mydomain.me",
            "port": 443,
            "users": [
              {
                "id": "b831381d-6324-4d53-ad4f-8cda48b30811",
                "alterId": 64
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "wsSettings": {
          "path": "/ray" #需要和服务端nginx一致
        }
      }
    }
  ]
}

 

#证书权限设置

chmod 644 /etc/v2ray/v2ray.key

 

#WebSocket

WebSocket 的配置其实很简单,就是把配置文件config.json里  

"network": "tcp",

 改成

"network": "ws",

 

 

#启动v2ray

systemctl start v2ray    启动
systemctl stop v2ray     停止
systemctl restart v2ray  重启
systemctl status v2ray   状态检查
systemctl enable v2ray   开机自启

#Nginx命令

sudo systemctl start nginx              //开启 Nginx
sudo systemctl stop nginx              //停止 Nginx
sudo systemctl restart nginx          //重新启动 Nginx
sudo systemctl status -l nginx        //查看 Nginx运行状态
sudo systemctl reload nginx          //重载Nginx (如更改Nginx配置需要重新载入数据)
sudo systemctl disable nginx         //取消开机启动 Nginx
sudo systemctl enable nginx          //开机启动
标签:V2RAY 翻墙

发表评论

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。