首先当然是先购买vps了,推荐:传送前去机场
服务器端: V2ray-core
Windows客户端: v2rayN
Linux客户端:V2rayA
安卓客户端: V2rayNG
注意:如果多次安装不同版本的v2ray要注意最好移除之前安装的v2ray,如果不确定安装了哪个,通过which v2ray或者systemctl确定v2ray的位置,每个不同的安装版本提供的v2ray的功能有所区别,需要注意
https://wiki.linuxchina.net/index.php/V2ray
https://github.com/v2fly/fhs-install-v2ray
// 安裝和更新 V2Ray 安裝執行檔和 .dat 資料檔
# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
OUTPUT:
warning: The following are the actual parameters for the v2ray service startup.
warning: Please make sure the configuration file path is correctly set.
# /etc/systemd/system/v2ray.service
[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target
[Service]
User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/v2ray run -config /usr/local/etc/v2ray/config.json
Restart=on-failure
RestartPreventExitStatus=23
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/v2ray.service.d/10-donot_touch_single_conf.conf
# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=/usr/local/bin/v2ray run -config /usr/local/etc/v2ray/config.json
installed: /usr/local/bin/v2ray
installed: /usr/local/share/v2ray/geoip.dat
installed: /usr/local/share/v2ray/geosite.dat
installed: /usr/local/etc/v2ray/config.json
installed: /var/log/v2ray/
installed: /var/log/v2ray/access.log
installed: /var/log/v2ray/error.log
installed: /etc/systemd/system/v2ray.service
installed: /etc/systemd/system/[email protected]
removed: /tmp/tmp.lsnPmuFuXo
info: V2Ray v5.3.0 is installed.
You may need to execute a command to remove dependent software: apt purge curl unzip
Please execute the command: systemctl enable v2ray; systemctl start v2ray
//配置
sudo vim /usr/local/etc/v2ray/config.json
{
"log":{
"loglevel":"warning"
},
"routing":{
"domainStrategy":"AsIs",
"rules":[
{
"type":"field",
"ip":[
"geoip:private"
],
"outboundTag":"block"
}
]
},
"inbounds":[
{
"listen":"127.0.0.1",
"port":10000,
"protocol":"vmess",
"settings":{
"clients":[
{
"id":"<这里访问https://www.uuidgenerator.net/生成UUID替换>",
"alterId":0
}
]
}
}
],
"outbounds":[
{
"protocol":"freedom",
"tag":"direct"
},
{
"protocol":"blackhole",
"tag":"block"
}
]
}
port:V2Ray 的 WebSocket 所监听的内网端口,取值范围是 1 ~ 65535,但为了避免端口占用,所以不能填常用的端口号(如 22 是 ssh 的端口号,80 是 HTTP 的端口号,443 是 HTTPS 的端口号等),此处设我为 10000 id:用户的主 ID。可通过 UUID 生成器 - v2fly 或者 Online UUID Generator 生成(任选其中一个网站生成就行),此处我设为 9dfe7fee-d08f-44f8-ad2d-300d4c9c3a0e alterId:根据新 V2Ray 白话文指南 – VMess,推荐值为 0,代表启用 VMessAEAD
//启动
service v2ray start
//开防火墙
ufw allow
# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)
//移除 V2Ray
# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) --remove
—Discarded start:
https://www.v2ray.com/en/welcome/install.html
curl -Ls https://install.direct/go.sh | sudo bash
The script installs the following files.
/usr/bin/v2ray/v2ray: V2Ray executable
/usr/bin/v2ray/v2ctl: Utility
/etc/v2ray/config.json: Config file
/usr/bin/v2ray/geoip.dat: IP data file
/usr/bin/v2ray/geosite.dat: domain data file
This script also configures V2Ray to run as service, if systemd is available.
Configurations are at the following places.
/etc/systemd/system/v2ray.service: Systemd
/etc/init.d/v2ray: SysV
After installation, we will need to:
Update /etc/v2ray/config.json file for your own scenario.
Run service v2ray start command to start V2Ray.
Optionally run service v2ray start|stop|status|reload|restart|force-reload to control V2Ray service.
—Discarded END
// 只更新 .dat 資料檔
# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)
https://www.linuxv2ray.com/speedup/google-tcp-bbr-one-click-script-for-v2ray/
下载安装V2RayN下载地址后运行V2rayN.exe,根据提示下载 dotnet framework 并安装后重启,添加vmess服务器:
别名:任意
地址:域名
端口:443
用户id:对应v2ray config inbounds->clients->id
alertId:默认0
加密方式:auto
传输协议:ws
伪装域名:域名
路径:对应v2ray config streamSettings->wsSettings->path
传输层安全:tls
sni:域名
跳过证书验证 allowInsecure: false
添加后观察下方窗口输出结果,注意到: 在文件夹 (…\V2RAY\v2rayN\bin\Xray) 下未找到Core文件 (文件名:xray, wxray),请下载后放入文件夹,下载地址
https://v2raya.org/docs/prologue/introduction/
curl -Ls https://mirrors.v2raya.org/go.sh | sudo bash
//安装后可以关掉服务,因为 v2rayA 不依赖于该 systemd 服务
sudo systemctl disable v2ray --now
wget -qO - https://apt.v2raya.org/key/public-key.asc | sudo tee /etc/apt/trusted.gpg.d/v2raya.asc
echo "deb https://apt.v2raya.org/ v2raya main" | sudo tee /etc/apt/sources.list.d/v2raya.list
sudo apt update
sudo apt install v2raya
sudo systemctl start v2raya.service
sudo systemctl enable v2raya.service
https://itlanyan.com/v2ray-clients-download/
#安装
bash <(curl -s -L https://git.io/v2ray.sh)
# 一键加速v2ray bbr
v2ray bbr
#卸载
v2ray uninstall
貌似执行安装脚本也是可以卸载
https://github.com/githubvpn007/v2rayNvpn
选择服务器=》选择对应的协议(V2RAY默认VMESS); 添加后,在右下角托盘右键切换到pac模式;
https://www.xiaoglt.top/category/%e7%a7%91%e5%ad%a6%e4%b8%8a%e7%bd%91%e7%b3%bb%e5%88%97%e6%95%99%e7%a8%8b/v2ray%e6%95%99%e7%a8%8b/
v2ray “protocol”: “socks”, https://umaint.github.io/2019/01/04/v2ray-ubuntu/
理解 https://iitii.github.io/2020/02/04/1/
我们可以将 v2ray 看成一个带加密功能的 switch , 将 inbound 看成 LAN 口,将 outbound 看成 WAN 口。 如果我们想正常上网,那么我们就得添加路由规则。也就是 routing 下面的 rule 。 v2ray 接收来着 LAN口 的流量(也就是用户的流量),经过 rule 的匹配筛选后,转发给对应的 WAN口 ,从而实现正常上网。 配置: routing https://www.v2ray.com/en/configuration/routing.html https://www.v2ray.com/en/configuration/overview.html#inboundobject https://www.v2ray.com/en/configuration/protocols.html
案例学习: https://github.com/nondanee/UnblockNeteaseMusic/issues/148 https://github.com/v2ray/v2ray-core/issues/663
{
"log":{
"loglevel":"warning"
},
"routing":{
"domainStrategy":"AsIs",
"rules":[
{
"type":"field",
"ip":[
"geoip:private"
],
"outboundTag":"block"
}
]
},
"inbounds":[
{
"listen":"127.0.0.1",
"port":10000,
"protocol":"vmess",
"settings":{
"clients":[
{
"id":"<这里访问https://www.uuidgenerator.net/生成UUID替换>",
"alterId":0
}
]
},
"streamSettings":{
"network":"ws",
"wsSettings":{
"path":"/lyhistory"
}
}
}
],
"outbounds":[
{
"protocol":"freedom",
"tag":"direct"
},
{
"protocol":"blackhole",
"tag":"block"
}
]
}
sudo apt install nginx
sudo ufw allow 'Nginx Full'
sudo rm /etc/nginx/sites-enabled/default
sudo mkdir -p /var/www/html/mysite
sudo chown -R $USER:$USER /var/www/html
sudo chmod -R 755 /var/www/
vim /var/www/html/mysite/index.html
<html>
<head>
<title>Welcome</title>
</head>
<body>
<h1>Hello World!</h1>
<p>This is a sample page.</p>
</body>
</html>
sudo vim /etc/nginx/sites-available/mysite
server {
listen 80;
listen [::]:80;
root /var/www/html/mysite;
index index.html index.htm index.nginx-debian.html;
server_name lyhistory.com www.lyhistory.com;
location / {
try_files $uri $uri/ =404;
}
}
sudo ln -s /etc/nginx/sites-available/mysite /etc/nginx/sites-enabled/
为了防止可能出现的内存问题,
sudo vim /etc/nginx/nginx.conf
http {
...
server_names_hash_bucket_size 64;
...
}
nginx -s reload
ufw allow 'Nginx Full'
Cloudflare’s Origin CA生成: cloudflare管理页面=>SSL/TLS=>Origin Server 点击生成证书; 保存证书至 /etc/ssl/cloudflare_cert.pem, 保存key至 /etc/ssl/cloudflare_key.pem
SSL/TLS 加密模式改为 Full (strict)
Edge Certificates=>Minimum TLS Version」改为「TLS 1.2」
Enable authenticated origin pulls 确保 Nginx 只接受来自 Cloudflare 服务器的请求,防止任何其他人直接连接到 Nginx 服务器, cloudflare管理页面=>SSL/TLS=>Origin Server,打开「Authenticated Origin Pulls」 。
然后访问该页面,可以找到下载client证书链接: download authenticated_origin_pull_ca.pem 将证书 authenticated_origin_pull_ca.pem 的内容写入到服务器的 /etc/ssl/cloudflare_client.crt 中
sudo vim /etc/nginx/sites-available/mysite
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name lyhistory.com www.lyhistory.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/cloudflare_cert.pem;
ssl_certificate_key /etc/ssl/cloudflare_key.pem;
ssl_client_certificate /etc/ssl/cloudflare_client.crt;
ssl_verify_client on;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
server_name lyhistory.com www.lyhistory.com;
root /var/www/html/mysite;
index index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
location /lyhistory {
if ($http_upgrade != "websocket") {
return 404;
}
proxy_redirect off;
proxy_pass http://127.0.0.1:10000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
nginx -s reload
地址(address):可以填写您注册的域名(也可以是 Cloudflare 的 CDN IP)
端口(port):HTTPS 端口号,即填写 443
用户 ID(id):与 V2Ray 服务端的配置一致,也就是之前生成的 UUID
额外 ID(alterId):与 V2Ray 服务端的配置一致,即 0
加密方式(security):自动,即 auto
传输协议(network):WebSocket,即 ws
伪装类型(type):none
伪装域名(host):填写您注册的域名
路径(path):与 V2Ray 服务端的配置一致,即 /lyhistory
底层传输安全(tls):tls
跳过证书验证(allowInsecure):false 。
refer: V2Ray (WebSocket + TLS + Web + Cloudflare) 手动配置详细说明
https://www.xiaoglt.top/v2ray%e9%ab%98%e7%ba%a7%e6%8a%80%e5%b7%a7%ef%bc%9a%e6%b5%81%e9%87%8f%e4%bc%aa%e8%a3%85/
https://blog.cascade.moe/posts/nginx-proxy-v2ray-ws/
理论上http2省去了upgrade的请求,性能更好。但实际使用中两者没有明显区别,加之某些web服务器(例如Nginx)不支持后端服务器为http2,所以websocket的方式更流行。如果你要上http2,记得web服务器不能用Nginx,要用支持反代http2的Caddy等软件。
V2ray HTTP/2+TLS+WEB 一键部署 https://iitii.github.io/2022/03/02/1
For general discussion over Project V development and usage.
有时候观察到不稳定或者手机可以,windows不可以,完全可以通过升级客户端解决!
TUN mode creates a virtual network interface (like a mini-VPN adapter) on your system. It captures all your device’s network traffic at the IP level (not just browser/app proxy settings), routes it through sing-box → your proxy server, and sends it out. This is great for games, apps that ignore system proxy, or sites that block partial proxies. Without TUN, you usually only proxy apps that respect HTTP/SOCKS settings (e.g., browsers).
直接启动 tun模式
如果不启动tun模式,也可以用 proxifier(收费)或 推荐Netch,有进程模式 或 ProxyBridge(免费) (InterceptSuite version, as of late 2025/early 2026) is protocol-agnostic at the application level. It redirects TCP and UDP traffic from selected processes to your configured HTTP or (preferably) SOCKS5 proxy.It doesn’t care what higher-level protocol the app uses (e.g., custom game protocol, RDP, SSH, databases, HTTP/3, DTLS, DNS-over-anything, proprietary thick-client stuff).
如果是 powershell/cmd/bash 可以采用:
windows->settings->proxy, 找到代理服务器, 然后到cmd设置:
$env:HTTP_PROXY="http://127.0.0.1:10809"
$env:HTTPS_PROXY="http://127.0.0.1:10809"
一看就是出去的流量有问题,做了基本检查,防火墙也全关了,
Open Command Prompt and ping the loopback address: ping 127.0.0.1 If this works (you get replies), it indicates that your TCP/IP stack is operational.
并且重置了network netsh int ip reset netsh winsock reset
ping本地没问题,但是ping局域网其他机器都有问题,报错 General failure
最后发现卸载其他vpn尤其是cloudflare的warp之后问题解决!
解决方案: 第一步:判断当前VPS主机时间是否有问题。判断方法参考“v2ray 主机时间同步问题”,如果确定没问题,则进行下一步,如果有问题则按照文章中的步骤同步一下时间即可。然后再次尝试v2ray客户端连接,看看还会不会报错,如果还是会报错,则进行第二步判断。
第二步:判断当前VPS主机端口是否有问题。首先安装一个nc
yum install -y nc 安装完后,随意开启监听一个端口,例如直接执行下面的命令。监听8181
nc -lv -p 8181 然后在本机打开cmd,尝试连接一下VPS的8181端口
telnet xxx.你VPS的IP.xx.xx 8181 如果没连进去,这里就要分析多种可能了。 例如:1、可能是你VPS没有关闭防火墙 2、可能是你电脑网络没办法访问互联网其他主机的端口,可能公司限制 3、你的VPS被墙了,只能考虑使用CloudFlare来做中转帮你自己恢复被墙的限制(CloudFlare恢复被墙方法)
如果没问题,那么你要注意以下你的V2RAY的配置,是否使用的WebSocket+TLS模式,或者你v2ray对外开放的是什么端口。是什么端口,你连接一下什么端口。WebSocket+TLS这个默认是443 你继续在你的电脑中telnet连接一下,我这边尝试连接我自己的VPS结果就是443端口是不通的,其他任何端口都没问题。
那就只能证明一个结果,我VPS的IP的443端口被墙了,所以只能更换其他端口。v2ray WebSocket+TLS 模式更换其他端口的方法如下:
vi /etc/caddy/Caddyfile ##注意,里面的内容第一行,绝对是你自己配置的域名,这里更改为如下,英文冒号,端口随意设置 www.你自己配置的域名.com:8080 { gzip timeouts none proxy / https://www.baidu.com { except /ddd } proxy /ddd 127.0.0.1:40507 { without /ddd websocket } } http://www.你自己配置的域名.com { gzip timeouts none proxy / https://woj.app { } } import sites/*
然后你使用v2ray 客户端连接的时候,把443端口更改成你设定的端口即可。例如我这里面设定的是8080,我更改为8080就搞定了。 后续就可以正常使用v2ray啦。
最新caddy的设置如下:
ltang.suning.com { reverse_proxy https://fanyi.baidu.com { header_up Host {upstream_hostport} header_up X-Forwarded-Host {host} } handle_path /search { reverse_proxy 127.0.0.1:20363 } } http://ltang.suning.com { reverse_proxy / https://woj.app { } } import sites/*