V2ray 代理
原生的 V2ray 服务直接客户端安装完后就可以直连,比较简单,但是因为 VMess 协议的头部没有加密,很容易被识别。所以这里主要是非直连方案,借助的有:
- Cloudflare 的 DNS CDN Proxy 提供 SSL/TLS 的流量中转
- Nginx 的 SSL/TLS Websocket
- V2ray 的 VMess
依赖的服务
获取免费域名参考 免费域名。证书和 CDN 配置可以参考 免费 CDN。
V2ray + Nginx 可以采取非直连方式,就是即使 IP 是无法直连访问,也是可以借助 Cloudflare 的 DNS CDN Proxy 访问到目标 IP,就是再 Cloudflare 的 DNS Record 配置为 Proxy 而已。
服务端配置
V2ray
安装
curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
bash install-release.sh配置
V2ray 的配置信息在 /usr/local/etc/v2ray/config.json:
{
"inbounds": [
{
"port": 12345,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "ccc",
"alterId": 0
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ray"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}相比直连的 V2ray,主要的配置是:
streamSettings配置 Websocket 信息
其他的都是和直连 V2ray 一样的配置,主要包括:
inbounds的port配置对外端口clients的id配置匹配信息
Nginx
安装
apt install -y nginx配置
先将 Cloudflare 的 SSL/TLS pem 格式的公钥 xxx.crt 和私钥 xxx.key 保存到服务器。然后生成一个 Nginx 的配置文件:
cat << EOF > /etc/nginx/conf.d/ray.conf
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /path/xxx.crt;
ssl_certificate_key /path/xxx.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
server_name xxxname.domain;
location /ray {
if ($http_upgrade != "websocket") {
return 404;
}
proxy_redirect off;
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
EOF
systemctl restart nginx主要的配置是 ssl_certificate 和 ssl_certificate_key 分别配置公钥和私钥的位置,server_name 为域名,location 的路径要保持和 V2ray 配置的 ws 一直。
客户端配置
客户端只要 V2ray,安装和配置跟服务端差不多,就是 outbounds 对应服务端提供的服务,users 对应服务端的 clients,至于客户端的 inbounds 就是自己本地的 socks5 和 http 代理:
{
"inbounds": [{
"port": 4445,
"listen": "0.0.0.0",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth",
"udp": false
}
}, {
"port": 4446,
"listen": "0.0.0.0",
"protocol": "http",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth",
"udp": false
}
}],
"outbounds": [{
"protocol": "vmess",
"settings": {
"vnext": [{
"address": "xxxname.domain",
"port": 443,
"users": [{ "id": "abc" }]
}]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/ray"
}
}
},{
"protocol": "freedom",
"tag": "direct",
"settings": {}
}],
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "direct"
}]
}
}