首先当然是先购买vps了,推荐:传送前去机场
# 基本安装
服务器端: V2ray-core
Windows客户端: v2rayN
Linux客户端:V2rayA
安卓客户端: V2rayNG
# 官方(不推荐小白,需要自行配置):
# 服务端
https://github.com/v2fly/fhs-install-v2ray
// 安裝和更新 V2Ray 安裝執行檔和 .dat 資料檔
# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
OUTPUT:
warning: The following are the actual parameters for the v2ray service startup.
warning: Please make sure the configuration file path is correctly set.
# /etc/systemd/system/v2ray.service
[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target
[Service]
User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/v2ray run -config /usr/local/etc/v2ray/config.json
Restart=on-failure
RestartPreventExitStatus=23
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/v2ray.service.d/10-donot_touch_single_conf.conf
# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=/usr/local/bin/v2ray run -config /usr/local/etc/v2ray/config.json
installed: /usr/local/bin/v2ray
installed: /usr/local/share/v2ray/geoip.dat
installed: /usr/local/share/v2ray/geosite.dat
installed: /usr/local/etc/v2ray/config.json
installed: /var/log/v2ray/
installed: /var/log/v2ray/access.log
installed: /var/log/v2ray/error.log
installed: /etc/systemd/system/v2ray.service
installed: /etc/systemd/system/[email protected]
removed: /tmp/tmp.lsnPmuFuXo
info: V2Ray v5.3.0 is installed.
You may need to execute a command to remove dependent software: apt purge curl unzip
Please execute the command: systemctl enable v2ray; systemctl start v2ray
//配置
sudo vim /usr/local/etc/v2ray/config.json
{
"log":{
"loglevel":"warning"
},
"routing":{
"domainStrategy":"AsIs",
"rules":[
{
"type":"field",
"ip":[
"geoip:private"
],
"outboundTag":"block"
}
]
},
"inbounds":[
{
"listen":"127.0.0.1",
"port":10000,
"protocol":"vmess",
"settings":{
"clients":[
{
"id":"<这里访问https://www.uuidgenerator.net/生成UUID替换>",
"alterId":0
}
]
}
}
],
"outbounds":[
{
"protocol":"freedom",
"tag":"direct"
},
{
"protocol":"blackhole",
"tag":"block"
}
]
}
port:V2Ray 的 WebSocket 所监听的内网端口,取值范围是 1 ~ 65535,但为了避免端口占用,所以不能填常用的端口号(如 22 是 ssh 的端口号,80 是 HTTP 的端口号,443 是 HTTPS 的端口号等),此处设我为 10000 id:用户的主 ID。可通过 UUID 生成器 - v2fly 或者 Online UUID Generator 生成(任选其中一个网站生成就行),此处我设为 9dfe7fee-d08f-44f8-ad2d-300d4c9c3a0e alterId:根据新 V2Ray 白话文指南 – VMess,推荐值为 0,代表启用 VMessAEAD
//启动
service v2ray start
//开防火墙
ufw allow
# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)
//移除 V2Ray
# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) --remove
---Discarded start:
https://www.v2ray.com/en/welcome/install.html
curl -Ls https://install.direct/go.sh | sudo bash
The script installs the following files.
/usr/bin/v2ray/v2ray: V2Ray executable
/usr/bin/v2ray/v2ctl: Utility
/etc/v2ray/config.json: Config file
/usr/bin/v2ray/geoip.dat: IP data file
/usr/bin/v2ray/geosite.dat: domain data file
This script also configures V2Ray to run as service, if systemd is available.
Configurations are at the following places.
/etc/systemd/system/v2ray.service: Systemd
/etc/init.d/v2ray: SysV
After installation, we will need to:
Update /etc/v2ray/config.json file for your own scenario.
Run service v2ray start command to start V2Ray.
Optionally run service v2ray start|stop|status|reload|restart|force-reload to control V2Ray service.
---Discarded END
# 客户端:
# Windows客户端
https://github.com/v2ray/V2RayN
# linux客户端:
https://v2raya.org/docs/prologue/introduction/
- 安装 V2Ray 内核#
可以直接安装V2RAY,不过还是推荐V2RayA的官方方法:
curl -Ls https://mirrors.v2raya.org/go.sh | sudo bash //安装后可以关掉服务,因为 v2rayA 不依赖于该 systemd 服务 sudo systemctl disable v2ray --now - 安装 v2rayA
wget -qO - https://apt.v2raya.org/key/public-key.asc | sudo tee /etc/apt/trusted.gpg.d/v2raya.asc echo "deb https://apt.v2raya.org/ v2raya main" | sudo tee /etc/apt/sources.list.d/v2raya.list sudo apt update sudo apt install v2raya - 启动 v2rayA / 设置 v2rayA 自动启动
sudo systemctl start v2raya.service sudo systemctl enable v2raya.service - http://localhost:2017/
# 手机客户端:
https://itlanyan.com/v2ray-clients-download/
# 民间脚本(推荐小白,保姆式一步步即可):
# 服务端
https://github.com/githubvpn007/V2Ray
bash <(curl -s -L https://git.io/v2ray.sh)
# v2ray bbr
ufw allow 端口号
ufw status
# 客户端:
https://github.com/githubvpn007/v2rayNvpn
选择服务器=》选择对应的协议(V2RAY默认VMESS); 添加后,在右下角托盘右键切换到pac模式;
https://www.xiaoglt.top/category/%e7%a7%91%e5%ad%a6%e4%b8%8a%e7%bd%91%e7%b3%bb%e5%88%97%e6%95%99%e7%a8%8b/v2ray%e6%95%99%e7%a8%8b/
# V2ray Config
v2ray "protocol": "socks", https://umaint.github.io/2019/01/04/v2ray-ubuntu/
理解 https://iitii.github.io/2020/02/04/1/
我们可以将 v2ray 看成一个带加密功能的 switch , 将 inbound 看成 LAN 口,将 outbound 看成 WAN 口。 如果我们想正常上网,那么我们就得添加路由规则。也就是 routing 下面的 rule 。 v2ray 接收来着 LAN口 的流量(也就是用户的流量),经过 rule 的匹配筛选后,转发给对应的 WAN口 ,从而实现正常上网。 配置: routing https://www.v2ray.com/en/configuration/routing.html https://www.v2ray.com/en/configuration/overview.html#inboundobject https://www.v2ray.com/en/configuration/protocols.html
案例学习: https://github.com/nondanee/UnblockNeteaseMusic/issues/148 https://github.com/v2ray/v2ray-core/issues/663
# 流量伪装
# V2ray web+websocket+tls
# v2ray 配置
{
"log":{
"loglevel":"warning"
},
"routing":{
"domainStrategy":"AsIs",
"rules":[
{
"type":"field",
"ip":[
"geoip:private"
],
"outboundTag":"block"
}
]
},
"inbounds":[
{
"listen":"127.0.0.1",
"port":10000,
"protocol":"vmess",
"settings":{
"clients":[
{
"id":"<这里访问https://www.uuidgenerator.net/生成UUID替换>",
"alterId":0
}
]
},
"streamSettings":{
"network":"ws",
"wsSettings":{
"path":"/lyhistory"
}
}
}
],
"outbounds":[
{
"protocol":"freedom",
"tag":"direct"
},
{
"protocol":"blackhole",
"tag":"block"
}
]
}
# nginx安装及http配置
sudo apt install nginx
sudo ufw allow 'Nginx Full'
sudo rm /etc/nginx/sites-enabled/default
sudo mkdir -p /var/www/html/mysite
sudo chown -R $USER:$USER /var/www/html
sudo chmod -R 755 /var/www/
vim /var/www/html/mysite/index.html
<html>
<head>
<title>Welcome</title>
</head>
<body>
<h1>Hello World!</h1>
<p>This is a sample page.</p>
</body>
</html>
sudo vim /etc/nginx/sites-available/mysite
server {
listen 80;
listen [::]:80;
root /var/www/html/mysite;
index index.html index.htm index.nginx-debian.html;
server_name lyhistory.com www.lyhistory.com;
location / {
try_files $uri $uri/ =404;
}
}
sudo ln -s /etc/nginx/sites-available/mysite /etc/nginx/sites-enabled/
为了防止可能出现的内存问题,
sudo vim /etc/nginx/nginx.conf
http {
...
server_names_hash_bucket_size 64;
...
}
nginx -s reload
ufw allow 'Nginx Full'
# cloudflare保护
Cloudflare’s Origin CA生成: cloudflare管理页面=>SSL/TLS=>Origin Server 点击生成证书; 保存证书至 /etc/ssl/cloudflare_cert.pem, 保存key至 /etc/ssl/cloudflare_key.pem
SSL/TLS 加密模式改为 Full (strict)
Edge Certificates=>Minimum TLS Version」改为「TLS 1.2」
Enable authenticated origin pulls 确保 Nginx 只接受来自 Cloudflare 服务器的请求,防止任何其他人直接连接到 Nginx 服务器, cloudflare管理页面=>SSL/TLS=>Origin Server,打开「Authenticated Origin Pulls」 。
然后访问该页面 (opens new window),可以找到下载client证书链接: download authenticated_origin_pull_ca.pem (opens new window) 将证书 authenticated_origin_pull_ca.pem 的内容写入到服务器的 /etc/ssl/cloudflare_client.crt 中
# nginx配置ssl
sudo vim /etc/nginx/sites-available/mysite
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name lyhistory.com www.lyhistory.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/cloudflare_cert.pem;
ssl_certificate_key /etc/ssl/cloudflare_key.pem;
ssl_client_certificate /etc/ssl/cloudflare_client.crt;
ssl_verify_client on;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
server_name lyhistory.com www.lyhistory.com;
root /var/www/html/mysite;
index index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
location /lyhistory {
if ($http_upgrade != "websocket") {
return 404;
}
proxy_redirect off;
proxy_pass http://127.0.0.1:10000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
nginx -s reload
# V2ray client配置
地址(address):可以填写您注册的域名(也可以是 Cloudflare 的 CDN IP)
端口(port):HTTPS 端口号,即填写 443
用户 ID(id):与 V2Ray 服务端的配置一致,也就是之前生成的 UUID
额外 ID(alterId):与 V2Ray 服务端的配置一致,即 0
加密方式(security):自动,即 auto
传输协议(network):WebSocket,即 ws
伪装类型(type):none
伪装域名(host):填写您注册的域名
路径(path):与 V2Ray 服务端的配置一致,即 /lyhistory
底层传输安全(tls):tls
跳过证书验证(allowInsecure):false 。
refer: V2Ray (WebSocket + TLS + Web + Cloudflare) 手动配置详细说明 (opens new window)
https://www.xiaoglt.top/v2ray%e9%ab%98%e7%ba%a7%e6%8a%80%e5%b7%a7%ef%bc%9a%e6%b5%81%e9%87%8f%e4%bc%aa%e8%a3%85/
https://blog.cascade.moe/posts/nginx-proxy-v2ray-ws/
# V2ray web+http2+tls
理论上http2省去了upgrade的请求,性能更好。但实际使用中两者没有明显区别,加之某些web服务器(例如Nginx)不支持后端服务器为http2,所以websocket的方式更流行。如果你要上http2,记得web服务器不能用Nginx,要用支持反代http2的Caddy等软件。
V2ray HTTP/2+TLS+WEB 一键部署 https://iitii.github.io/2022/03/02/1