Ubuntu Server 配置 Project V:WebSocket+Nginx+TLS - 蔚觅

唯念初心,岁月静好。

Ubuntu Server 配置 Project V:WebSocket+Nginx+TLS

注意:如果你是新装好的 VPS 请先更新源和软件后再开始操作。

Ubuntu 更新源和软件
sudo apt-get update && sudo apt-get upgrade

以「Ubuntu Server 16.04」系统和「baidu.sb 」域名为例为例

一、V2Ray

安装 V2Ray
bash <(curl -L -s https://install.direct/go.sh)
配置 V2Ray
sudo vim /etc/v2ray/config.json

此处主要是修改「inbound」下的「port」修改为「10000」,记录下你的「id」值不要直接套用我的,以及新添加「streamSettings」相关内容,主要是「wsSettings」内的相关设置

修改 V2Ray 配置
{
  "log": {
    "access": "/var/log/v2ray/access.log", 
    "error": "/var/log/v2ray/error.log", 
    "loglevel": "warning"
  }, 
  "inbound": {
    "port": 10000, 
    "protocol": "vmess", 
    "settings": {
      "clients": [
        {
          "id": "a3482e88-686a-4a58-8126-99c9df64b7bf", 
          "level": 1, 
          "alterId": 64
        }
      ]
    }, 
    "streamSettings": {
      "network": "ws", 
      "wsSettings": {
        "path": "/fuckbaidu/"
      }
    }
  }, 
  "outbound": {
    "protocol": "freedom", 
    "settings": { }
  }, 
  "outboundDetour": [
    {
      "protocol": "blackhole", 
      "settings": { }, 
      "tag": "blocked"
    }
  ], 
  "routing": {
    "strategy": "rules", 
    "settings": {
      "rules": [
        {
          "type": "field", 
          "ip": [
            "geoip:private"
          ], 
          "outboundTag": "blocked"
        }
      ]
    }
  }
}

将以上内容替换到你服务器上的「config.json」

重启 V2Ray
sudo systemctl restart v2ray

二、域名与证书

首先你需要一个域名,可以买或者申请 tk 等免费域名

可以用 Let’s Encrypt 或 acme.sh 或者申请免费证书,将获得的证书文件放置在

/etc/v2ray/v2ray.crt(即 .pem 文件)
/etc/v2ray/v2ray.key

可使用命令 sudo vim /etc/v2ray/v2ray.crt 粘贴证书内容保存(如果你不会上传文件等操作)。

acme.sh 生成证书方法

安装 acme.sh
sudo apt-get install socat
curl  https://get.acme.sh | sh

以下的命令会临时监听 80 端口,请确保执行该命令前 80 端口没有使用

生成证书
sudo ~/.acme.sh/acme.sh --issue -d baidu.sb --standalone -k ec-256

将证书和密钥安装到 /etc/v2ray 中

移动证书到配置目录
sudo ~/.acme.sh/acme.sh --installcert -d baidu.sb --fullchainpath /etc/v2ray/v2ray.crt --keypath /etc/v2ray/v2ray.key --ecc

三、Nginx

安装 Nginx
sudo apt-get install nginx
配置 Nginx
sudo vim /etc/nginx/sites-available/default
修改 Nginx 配置
server {
  listen  443 ssl;
  ssl on;
  ssl_certificate       /etc/v2ray/v2ray.crt;
  ssl_certificate_key   /etc/v2ray/v2ray.key;
  ssl_protocols         TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers           HIGH:!aNULL:!MD5;
  server_name           baidu.sb;
  location /fuckbaidu/ {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:10000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        }
}

其中的「server_name」的值改成你证书对应的域名,另外「location /fuckbaidu/」在相关「location」后添加即可(这里主要是搭建自己的网站或者伪装站点),其中的「/fuckbaidu/」对应 V2Ray 中的路径。

重启 Nginx
service nginx restart

四、客户端

V2Ray 客户端 config.json
{
  "log": {
    "loglevel": "warning"
  }, 
  "inbound": {
    "port": 1080, 
    "listen": "0.0.0.0", 
    "protocol": "socks", 
    "settings": {
      "auth": "noauth", 
      "udp": true, 
      "ip": "127.0.0.1"
    }
  }, 
  "outbound": {
    "protocol": "vmess", 
    "settings": {
      "vnext": [
        {
          "address": "baidu.sb", 
          "port": 443, 
          "users": [
            {
              "id": "a3482e88-686a-4a58-8126-99c9df64b7bf", 
              "alterId": 64, 
              "security": "auto"
            }
          ]
        }
      ]
    }, 
    "mux": {
      "enabled": true
    }, 
    "streamSettings": {
      "network": "ws", 
      "security": "tls", 
      "tlsSettings": {
        "serverName": "baidu.sb", 
        "allowInsecure": true
      }, 
      "wsSettings": {
        "path": "/fuckbaidu/"
      }
    }
  }, 
  "outboundDetour": [
    {
      "protocol": "freedom", 
      "settings": { }, 
      "tag": "direct"
    }
  ], 
  "dns": {
    "servers": [
      "119.29.29.29", 
      "1.0.0.1", 
      "localhost"
    ]
  }, 
  "routing": {
    "strategy": "rules", 
    "settings": {
      "domainStrategy": "IPIfNonMatch", 
      "rules": [
        {
          "type": "field", 
          "port": "1-52", 
          "outboundTag": "direct"
        }, 
        {
          "type": "field", 
          "port": "54-79", 
          "outboundTag": "direct"
        }, 
        {
          "type": "field", 
          "port": "81-442", 
          "outboundTag": "direct"
        }, 
        {
          "type": "field", 
          "port": "444-65535", 
          "outboundTag": "direct"
        }, 
        {
          "type": "field", 
          "domain": [
            "geosite:cn"
          ], 
          "outboundTag": "direct"
        }, 
        {
          "type": "field", 
          "ip": [
            "geoip:private", 
            "geoip:cn"
          ], 
          "outboundTag": "direct"
        }
      ]
    }
  }
}

服务端上「config.json」下「inbound」下的「id」要和客户端的「config.json」下「outbound」下的「id」一致

客户端的「config.json」下「outbound」下的「address」和「serverName」的域名要和服务器上「Nginx 」的配置的域名一致。「wsSettings」下的路径「path」也要对应服务端设置

声明:

本文转自diveng(神机网)

原文链接:https://diveng.io/configuration-project-v-websocket-nginx-tls-on-ubuntu-server.html