msdn

v2ray+websocket+tls+cdn+shadowsocks相关配置
**本人亲自按照官方文档进行相关配置并且可以使用发出相关配置**1.sudo -i //切换...
扫描右侧二维码阅读全文
17
2019/11

v2ray+websocket+tls+cdn+shadowsocks相关配置

           **本人亲自按照官方文档进行相关配置并且可以使用发出相关配置**

1.sudo -i //切换root用户
2.date -R //查看vps时间
3.cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime //本机时间替换vps时间输入y
4.wget https://install.direct/go.sh //下载v2ray脚本
5.bash go.sh //执行脚本安装v2ray.
6.centos关闭防火墙 systemctl stop firewalld systemctl disable firewalld systemctl status firewalld 查看开放端口 firewall-cmd —zone=public —list-ports
7.vi /etc/v2ray/config.json //修改vps配置文件基本模式tcp
{
"inbounds": [

{
  "port": 23333, // 服务器监听端口
  "protocol": "vmess",    // 主传入协议
  "settings": {
    "clients": [
      {
        "id": "你的uuid",  // 用户 ID,客户端与服务器必须相同
        "alterId": 66
      }
    ]
  }
}

],
"outbounds": [

{
  "protocol": "freedom",  // 主传出协议
  "settings": {}
}

]
}
8.systemctl start v2ray systemctl enable v2ray //启动v2ray 开机自动启动 systemctl status v2ray
9.自己客户端v2ray修改添加vmess 服务器自己添加配置
9.chrome自动设置为系统代理 火狐浏览器去设置修改为系统代理
10.已经可以google

                                   
                                 **开始配置tls**

11.配置tls
12.yum install -y wget && wget -O install.sh http://download.bt.cn/install/install_6.0.sh && sh install.sh //下载宝塔
13.安装nginx
14.curl https://get.acme.sh | sh //下载申请证书脚本
15.source ~/.bashrc //确保脚本所设置的命令别名生效。

  1. yum install -y socat //申请证书依赖
  2. netstat -ntlp //端口查看 修改vps 中nginx配置注释掉 #include /www/server/panel/vhost/nginx/*.conf;重启nginx
  3. sudo ~/.acme.sh/acme.sh --issue -d 你的域名 --standalone -k ec-256 //生成证书前提保证80端口未被使用
    19.$ sudo ~/.acme.sh/acme.sh --installcert -d 你的域名 --fullchainpath /etc/v2ray/v2ray.crt --keypath /etc/v2ray/v2ray.key --ecc //将证书和密钥安装到 /etc/v2ray 中
  4. 修改vps中 /etc/v2ray/config.json文件 tls模式
    {

"inbounds": [

{
  "port": 23333, // 建议使用 443 端口
  "protocol": "vmess",    
  "settings": {
    "clients": [
      {
        "id": "你的uuid",  
        "alterId": 66
      }
    ]
  },
  "streamSettings": {
    "network": "tcp",
    "security": "tls", // 客户端security 要设置为 tls 才会启用 TLS
    "tlsSettings": {
      "certificates": [
        {
          "certificateFile": "/etc/v2ray/v2ray.crt", // 证书文件
          "keyFile": "/etc/v2ray/v2ray.key" // 密钥文件
        }
      ]
    }
  }
}

],
"outbounds": [

{
  "protocol": "freedom",
  "settings": {}
}

]
}

//客户端
{
"inbounds": [

{
  "port": 1080,
  "protocol": "socks",
  "sniffing": {
    "enabled": true,
    "destOverride": ["http", "tls"]
  },
  "settings": {
    "auth": "noauth"
  }
}

],
"outbounds": [

{
  "protocol": "vmess",
  "settings": {
    "vnext": [
      {
        "address": "mydomain.me", // tls 需要域名,所以这里应该填自己的域名
        "port": 443,
        "users": [
          {
            "id": "你的uuid",
            "alterId": 64
          }
        ]
      }
    ]
  },
  "streamSettings": {
    "network": "tcp",
    "security": "tls" // 客户端的 security 也要设置为 tls
  }
}

]
}

                                **websocket+tls+cdn+shadowsocks**

21 websocket+tls+cdn+shadowsocks
/etc/v2ray/config.json配置
{
"inbounds": [

{
  "port": 10000,
  "listen":"127.0.0.1",//只监听 127.0.0.1,避免除本机外的机器探测到开放了 10000 端口
  "protocol": "vmess",
  "settings": {
    "clients": [
      {
        "id": "你的uuid",
        "alterId": 64
      }
    ]
  },
  "streamSettings": {
    "network": "ws",
    "wsSettings": {
    "path": "/ray"
    }
  }
},
{
  "protocol": "shadowsocks",
  "settings": {
    "servers": [
      {
        "address": "你的域名", // Shadowsocks 的服务器地址
        "method": "chacha20-ietf", // Shadowsocks 的加密方式
        "ota": false, // 是否开启 OTA,true 为开启
        "password": "你的密码", // Shadowsocks 的密码
        "port": 8990  
      }
    ]
  }
}

],
"outbounds": [

{
  "protocol": "freedom",
  "settings": {}
}

]
}
nginx.config配置
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/v2ray/v2ray.crt;
ssl_certificate_key /etc/v2ray/v2ray.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name mydomain.me;

location /ray { # 与 V2Ray 配置中的 path 保持一致
  proxy_redirect off;
  proxy_pass http://127.0.0.1:10000; # 假设WebSocket监听在环回地址的10000端口上
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
  proxy_set_header Host $host;
  # Show real IP in v2ray access.log
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

客户端配置
{
"inbounds": [

{
  "port": 1080,
  "listen": "127.0.0.1",
  "protocol": "socks",
  "sniffing": {
    "enabled": true,
    "destOverride": ["http", "tls"]
  },
  "settings": {
    "auth": "noauth",
    "udp": false
  }
}

],
"outbounds": [

{
  "protocol": "vmess",
  "settings": {
    "vnext": [
      {
        "address": "mydomain.me",
        "port": 443,
        "users": [
          {
            "id": "你的uuid",
            "alterId": 64
          }
        ]
      }
    ]
  },
  "streamSettings": {
    "network": "ws",
    "security": "tls",
    "wsSettings": {
      "path": "/ray"
    }
  }
},
{
  "protocol": "shadowsocks",
  "settings": {
    "servers": [
      {
        "address": "你的域名", // Shadowsocks 的服务器地址
        "method": "chacha20-ietf", // Shadowsocks 的加密方式
        "ota": false, // 是否开启 OTA,true 为开启
        "password": "你的密码", // Shadowsocks 的密码
        "port": 8990  
      }
    ]
  }
}

]
}
22.重启vps

                                    **以下为检验和cdn配置**
  1. wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && ./bbr.sh //安装bbr加速
  2. uname -r //查看内核
  3. grub2-editenv list //查看内核启动顺序0为第一个
  4. cdn缓存服务器用www.cloudflare.com进行dns解析
Last modification:December 19th, 2019 at 09:05 pm
If you think my article is useful to you, please feel free to appreciate

Leave a Comment