Ubuntu Server 配置 V2Ray(WebSocket+TLS)

以 Ubuntu Server 16.04 为例

一、V2Ray

安装 V2Ray
bash <(curl -L -s https://install.direct/go.sh)
配置 V2Ray
sudo vim /etc/v2ray/config.json

记录下「inbound」下的「id」以替换我下面给出的模板

修改 V2Ray 配置
{
  "log" : {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },
  "inbound": {
    "port": 10000,
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "0x000x00-x0xx-00xx-x00x-x0xxxxxx00xx",
          "level": 1,
          "alterId": 64
        }
      ]
    },
    "streamSettings":{
      "network":"ws"
    }
  },
  "outbound": {
    "protocol": "freedom",
    "settings": {}
  },
  "outboundDetour": [
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "blocked"
    }
  ],
  "routing": {
    "strategy": "rules",
    "settings": {
      "rules": [
        {
          "type": "field",
          "ip": [
            "0.0.0.0/8",
            "10.0.0.0/8",
            "100.64.0.0/10",
            "127.0.0.0/8",
            "169.254.0.0/16",
            "172.16.0.0/12",
            "192.0.0.0/24",
            "192.0.2.0/24",
            "192.168.0.0/16",
            "198.18.0.0/15",
            "198.51.100.0/24",
            "203.0.113.0/24",
            "::1/128",
            "fc00::/7",
            "fe80::/10"
          ],
          "outboundTag": "blocked"
        }
      ]
    }
  }
}

将以上内容替换到你服务器上的「config.json」

重启 V2Ray
sudo systemctl restart v2ray

二、域名与证书

首先你需要一个域名,可以买或者申请 tk 等免费域名

可以用 Let’s Encrypt 或 acme.sh 或者申请免费证书,这里略过。

将获得的证书文件放置在

/etc/v2ray/v2ray.crt(即 .pem 文件)
/etc/v2ray/v2ray.key

可使用命令 sudo vim /etc/v2ray/v2ray.crt 粘贴证书内容保存即可。

acme.sh 生成方法

假设我打算使用 baidu.sb 这个域名

安装 acme.sh
sudo apt-get install socat
curl  https://get.acme.sh | sh

以下的命令会临时监听 80 端口,请确保执行该命令前 80 端口没有使用

生成证书
sudo ~/.acme.sh/acme.sh --issue -d baidu.sb --standalone -k ec-256

将证书和密钥安装到 /etc/v2ray 中

sudo ~/.acme.sh/acme.sh --installcert -d baidu.sb --fullchainpath /etc/v2ray/v2ray.crt --keypath /etc/v2ray/v2ray.key --ecc

三、Nginx

安装 Nginx
sudo apt-get install nginx
配置 Nginx
sudo vim /etc/nginx/sites-available/default
修改 Nginx 配置
server {
  listen  443 ssl;
  ssl on;
  ssl_certificate       /etc/v2ray/v2ray.crt;
  ssl_certificate_key   /etc/v2ray/v2ray.key;
  ssl_protocols         TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers           HIGH:!aNULL:!MD5;
  server_name           baidu.sb;
        location / {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:10000;#假设WebSocket监听在环回地址的10000端口上
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        }
}

其中的「server_name」的值改成你证书对应的域名

重启 Nginx
service nginx restart

四、客户端

V2Ray 客户端 config.json
{
  "log": {
    "loglevel": "warning"
  },
  "inbound": {
    "port": 1080,
    "listen": "127.0.0.1",
    "protocol": "socks",
    "settings": {
      "auth": "noauth",
      "udp": false,
      "ip": "127.0.0.1"
    }
  },
  "outbound": {
    "protocol": "vmess",
    "settings": {
      "vnext": [
        {
          "address": "baidu.sb",
          "port": 443,
          "users": [
            {
              "id": "0x000x00-x0xx-00xx-x00x-x0xxxxxx00xx",
              "alterId": 64,
              "security": "auto"
            }
          ]
        }
      ]
    },
    "mux": {
      "enabled": true
    },
    "streamSettings": {
      "network": "ws",
      "security": "tls",
      "tlsSettings": {
        "serverName": "baidu.sb",
        "allowInsecure": true
      },
      "wsSettings": {
        "path": ""
      }
    }
  },
  "outboundDetour": [
    {
      "protocol": "freedom",
      "settings": {},
      "tag": "direct"
    }
  ],
  "dns": {
    "servers": [
      "8.8.8.8",
      "8.8.4.4",
      "localhost"
    ]
  },
  "routing": {
    "strategy": "rules",
    "settings": {
      "domainStrategy": "IPIfNonMatch",
      "rules": [
        {
          "type": "field",
          "port": "1-52",
          "outboundTag": "direct"
        },
        {
          "type": "field",
          "port": "54-79",
          "outboundTag": "direct"
        },
        {
          "type": "field",
          "port": "81-442",
          "outboundTag": "direct"
        },
        {
          "type": "field",
          "port": "444-65535",
          "outboundTag": "direct"
        },
        {
          "type": "field",
          "domain": ["geosite:cn"],
          "outboundTag": "direct"
        },
        {
          "type": "field",
          "ip": [
            "0.0.0.0/8",
            "10.0.0.0/8",
            "100.64.0.0/10",
            "127.0.0.0/8",
            "169.254.0.0/16",
            "172.16.0.0/12",
            "192.0.0.0/24",
            "192.0.2.0/24",
            "192.168.0.0/16",
            "198.18.0.0/15",
            "198.51.100.0/24",
            "203.0.113.0/24",
            "::1/128",
            "fc00::/7",
            "fe80::/10",
            "geoip:cn"
          ],
          "outboundTag": "direct"
        }
      ]
    }
  }
}

服务端上「config.json」下「inbound」下的「id」要和客户端的「config.json」下「outbound」下的「id」一致

客户端的「config.json」下「outbound」下的「address」和「serverName」的域名要和服务器上「Nginx 」的配置的域名一致

其他更详细的配置请查看:欢迎使用 V2Ray >

Conners Hua

欢迎入群讨论:Telegram >QQ群 42302626 >(不交流不和谐话题)

您可能还喜欢…

2 回应

  1. ygfly说道:
    Google Chrome 62 Google Chrome 62 Windows 10 Windows 10

    服务端配置文件30,31行重复了。

发表评论

电子邮件地址不会被公开。