注意:如果你是新装好的 VPS 请先更新源和软件后再开始操作。
Ubuntu 更新源和软件
sudo apt-get update && sudo apt-get upgrade
以「Ubuntu Server 16.04」系统和「baidu.sb 」域名为例为例
一、V2Ray
安装 V2Ray
bash <(curl -L -s https://install.direct/go.sh)
配置 V2Ray
sudo vim /etc/v2ray/config.json
此处主要是修改「inbound」下的「port」修改为「10000」,记录下你的「id」值不要直接套用我的,以及新添加「streamSettings」相关内容,主要是「wsSettings」内的相关设置
修改 V2Ray 配置
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbound": {
"port": 10000,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "a3482e88-686a-4a58-8126-99c9df64b7bf",
"level": 1,
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/fuckbaidu/"
}
}
},
"outbound": {
"protocol": "freedom",
"settings": { }
},
"outboundDetour": [
{
"protocol": "blackhole",
"settings": { },
"tag": "blocked"
}
],
"routing": {
"strategy": "rules",
"settings": {
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
}
]
}
}
}
将以上内容替换到你服务器上的「config.json」
重启 V2Ray
sudo systemctl restart v2ray
二、域名与证书
首先你需要一个域名,可以买或者申请 tk 等免费域名
可以用 Let’s Encrypt 或 acme.sh 或者申请免费证书,将获得的证书文件放置在
/etc/v2ray/v2ray.crt(即 .pem 文件)
/etc/v2ray/v2ray.key
可使用命令 sudo vim /etc/v2ray/v2ray.crt 粘贴证书内容保存(如果你不会上传文件等操作)。
acme.sh 生成证书方法
安装 acme.sh
sudo apt-get install socat
curl https://get.acme.sh | sh
以下的命令会临时监听 80 端口,请确保执行该命令前 80 端口没有使用
生成证书
sudo ~/.acme.sh/acme.sh --issue -d baidu.sb --standalone -k ec-256
将证书和密钥安装到 /etc/v2ray 中
移动证书到配置目录
sudo ~/.acme.sh/acme.sh --installcert -d baidu.sb --fullchainpath /etc/v2ray/v2ray.crt --keypath /etc/v2ray/v2ray.key --ecc
安装 Nginx
sudo apt-get install nginx
配置 Nginx
sudo vim /etc/nginx/sites-available/default
修改 Nginx 配置
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/v2ray/v2ray.crt;
ssl_certificate_key /etc/v2ray/v2ray.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name baidu.sb;
location /fuckbaidu/ {
proxy_redirect off;
proxy_pass http://127.0.0.1:10000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
其中的「server_name」的值改成你证书对应的域名,另外「location /fuckbaidu/」在相关「location」后添加即可(这里主要是搭建自己的网站或者伪装站点),其中的「/fuckbaidu/」对应 V2Ray 中的路径。
重启 Nginx
service nginx restart
四、客户端
V2Ray 客户端 config.json
{
"log": {
"loglevel": "warning"
},
"inbound": {
"port": 1080,
"listen": "0.0.0.0",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
}
},
"outbound": {
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "baidu.sb",
"port": 443,
"users": [
{
"id": "a3482e88-686a-4a58-8126-99c9df64b7bf",
"alterId": 64,
"security": "auto"
}
]
}
]
},
"mux": {
"enabled": true
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"serverName": "baidu.sb",
"allowInsecure": true
},
"wsSettings": {
"path": "/fuckbaidu/"
}
}
},
"outboundDetour": [
{
"protocol": "freedom",
"settings": { },
"tag": "direct"
}
],
"dns": {
"servers": [
"119.29.29.29",
"1.0.0.1",
"localhost"
]
},
"routing": {
"strategy": "rules",
"settings": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"port": "1-52",
"outboundTag": "direct"
},
{
"type": "field",
"port": "54-79",
"outboundTag": "direct"
},
{
"type": "field",
"port": "81-442",
"outboundTag": "direct"
},
{
"type": "field",
"port": "444-65535",
"outboundTag": "direct"
},
{
"type": "field",
"domain": [
"geosite:cn"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"geoip:private",
"geoip:cn"
],
"outboundTag": "direct"
}
]
}
}
}
服务端上「config.json」下「inbound」下的「id」要和客户端的「config.json」下「outbound」下的「id」一致
客户端的「config.json」下「outbound」下的「address」和「serverName」的域名要和服务器上「Nginx 」的配置的域名一致。「wsSettings」下的路径「path」也要对应服务端设置
声明:
本文转自diveng(神机网)
原文链接:https://diveng.io/configuration-project-v-websocket-nginx-tls-on-ubuntu-server.html