v2ray搭建
前言
VLESS 是无状态的轻量传输协议, 是 v2ray 的新协议, 扩展性更强. 而 Nginx的安装, 可以参考Debian安装配置, 在本文不再重复.
使用 Nginx + VLESS + WS + TLS 技术, 最后部署在 aws 的 Debian 10, 搭建稳定的魔法上网环境.
安装 V2Ray
# 安装 v2ray
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
# 安装完成后
# installed: /usr/local/bin/v2ray
# installed: /usr/local/bin/v2ctl
# installed: /usr/local/share/v2ray/geoip.dat
# installed: /usr/local/share/v2ray/geosite.dat
# installed: /usr/local/etc/v2ray/config.json
# installed: /var/log/v2ray/
# installed: /var/log/v2ray/access.log
# installed: /var/log/v2ray/error.log
# installed: /etc/systemd/system/v2ray.service
# installed: /etc/systemd/system/[email protected]
# removed: /tmp/tmp.oMqJHYruEC
# info: V2Ray v4.34.0 is installed.
# You may need to execute a command to remove dependent software: apt purge curl unzip
# Please execute the command: systemctl enable v2ray; systemctl start v2ray
# 卸载
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) --remove
开启 BBR
谷歌的阻塞控制算法.
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
sysctl net.ipv4.tcp_available_congestion_control
lsmod | grep bbr
TLS证书安装
如果不使用https访问nginx的话, 可以不走这一步.
# # https://www.digicert.com/easy-csr/openssl.htm 使用网站快速创建
# 使用指令创建CSR
openssl req -new -newkey rsa:2048 -nodes -out lgq51233_xyz.csr -keyout lgq51233_xyz.key -subj "/C=CN/ST=广州市/L=Guangdong/O=devlgq/OU=devlgq/CN=lgq51233.xyz"
# .csr 文件用来生成 crt 文件的
# .key 文件是密钥
去 cloudflare 后台生成签名的证书. 把上面生成的 lgq51233_xyz.csr 文件里的文本粘贴进去.
点击创建.
创建完成之后, 选择pem格式, 复制出来, 然后创建一个文本放进去, 文件命名这随意, 建议命名为xxxx.crt, 实际怎么命名都行, 之后配置要正确就行. 这个就是证书, 之后服务器就拿这个和 cloudflare 进行验证的.
配置文件
v2ray 服务端配置文件. 启动时-c指定, 默认位置在 /usr/local/etc/v2ray/config.json.
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning" // 日志级别, 可以设置为 error 的, 否则日志文件会越来越大
},
"inbounds": [ // 入站部分
{
"port":33440, // 监听的端口
"listen": "127.0.0.1",
"tag": "VLESS-in",
"protocol": "VLESS", // 指定协议
"settings": {
"clients": [
{
"id":"13e07182-a7cc-472b-ab21-c1f0ade85ed2", // 32位id, 随意生成. 可以使用 powershell 的 new-guid 指令生成一个
"alterId": 0
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws", // WebSocket 类型
"wsSettings": {
"path":"/c1f0ade85ed2/" // 随意生成即可
}
}
}
],
"outbounds": [ // 出站部分
{
"protocol": "freedom",
"settings": { },
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": { },
"tag": "blocked"
}
],
"dns": {
"servers": [
"https+local://1.1.1.1/dns-query",
"1.1.1.1",
"1.0.0.1",
"8.8.8.8",
"8.8.4.4",
"localhost"
]
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"inboundTag": [
"VLESS-in"
],
"outboundTag": "direct"
}
]
}
}
nginx 配置, 代理转发到v2ray服务端. 也可以不用, 看自己需求.
user root;
worker_processes 3;
events {
worker_connections 4096;
}
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65;
gzip on;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
}
server {
listen 443 ssl http2;
listen [::]:443 http2;
# ssl 配置, 这个需要自己申请
ssl_certificate /data/v2ray.crt;
ssl_certificate_key /data/v2ray.key;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
server_name xxx.lgq51233.xyz;
index index.html index.htm;
# 这里可以配置自己的网站
root html;
error_page 400 = /400.html;
# Config for 0-RTT in TLSv1.3
ssl_early_data on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000";
# 填写v2ray入站配置的path
location /c1f0ade85ed2/ {
proxy_redirect off;
# 这个填写 v2ray 的地址和端口, 我是搭建在同一台服务器的.
proxy_pass http://127.0.0.1:33440;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
# Config for 0-RTT in TLSv1.3
proxy_set_header Early-Data $ssl_early_data;
}
}
# http 的重定向到 https
server {
listen 80;
listen [::]:80;
server_name xxx.lgq51233.xyz;
return 301 https://xxx.lgq51233.xyz$request_uri;
}
}
DNS 配置
DNS服务, 使用 cloudflare 的, 去后台把域名绑定.
启动测试
# 注意配置文件不要搞错了
systemctl start v2ray
systemctl start nginx
客户端 Windows 下使用 v2rayN, Android 使用 v2rayNG, 都是开源的项目, GitHub 可以搜索到.
Android 的配置同理即可, 推荐使用v2rayN的分享功能, 然后手机直接扫二维码即可.
